项目作者: we-work-in-the-cloud
项目描述 :
Bastion for VPC Terraform Module
高级语言: HCL
项目地址: git://github.com/we-work-in-the-cloud/terraform-ibm-vpc-bastion.git
This module deploys a bastion instance into an existing VPC. A bastion is an instance that is provisioned with a public IP address and can be accessed via SSH. Once set up, the bastion host acts as a jump server allowing secure connection to instances provisioned without a public IP address.
Requirements
| Name |
Version |
| terraform |
>= 0.13 |
| ibm |
>= 1.18.0 |
Providers
| Name |
Version |
| ibm |
>= 1.18.0 |
| Name |
Description |
Type |
Default |
Required |
| resource_group_id |
ID of the resource group where to create the bastion instance and security groups |
string |
n/a |
yes |
| vpc_id |
ID of the VPC where to create the bastion |
string |
n/a |
yes |
| subnet_id |
ID of the subnet where to create the bastion instance |
string |
n/a |
yes |
| name |
Name of the bastion instance |
string |
n/a |
yes |
| image_name |
Name of the image to use for the bastion instance |
string |
"ibm-ubuntu-18-04-1-minimal-amd64-2" |
no |
| init_script |
Script to run during the instance initialization. Defaults to an Ubuntu specific script when set to empty |
string |
"" |
no |
| profile_name |
Instance profile to use for the bastion instance |
string |
"cx2-2x4" |
no |
| ssh_key_ids |
List of SSH key IDs to inject into the bastion instance |
list(string) |
n/a |
yes |
| allow_ssh_from |
An IP address, a CIDR block, or a single security group identifier to allow incoming SSH connection to the bastion |
string |
"0.0.0.0/0" |
no |
| create_public_ip |
Set whether to allocate a public IP address for the bastion instance |
bool |
true |
no |
| security_group_rules |
List of security group rules to set on the bastion security group in addition to the SSH rules |
list |
- [
{
“direction”: “outbound”,
“name”: “http_outbound”,
“remote”: “0.0.0.0/0”,
“tcp”: {
“port_max”: 80,
“port_min”: 80
}
},
{
“direction”: “outbound”,
“name”: “https_outbound”,
“remote”: “0.0.0.0/0”,
“tcp”: {
“port_max”: 443,
“port_min”: 443
}
},
{
“direction”: “outbound”,
“name”: “dns_outbound”,
“remote”: “0.0.0.0/0”,
“udp”: {
“port_max”: 53,
“port_min”: 53
}
},
{
“direction”: “outbound”,
“icmp”: {
“type”: 8
},
“name”: “icmp_outbound”,
“remote”: “0.0.0.0/0”
}
]
|
no |
| tags |
List of tags to add on all created resources |
list(string) |
[] |
no |
Outputs
| Name |
Description |
| bastion_id |
ID of the bastion virtual server instance |
| bastion_private_ip |
Private IP address of the bastion virtual server instance |
| bastion_public_ip |
Public IP address of the bastion virtual server instance, null if none was allocated. |
| bastion_security_group_id |
ID of the security group assigned to the bastion interface |
| bastion_maintenance_group_id |
ID of the security group used to allow connection from the bastion to your instances |
| bastion_network_interface_ids |
ID(s) of the primary_network_interface for the bastion instance |
License
Apache 2 Licensed. See LICENSE for full details.
