Instance (AWS)
May 6, 2026 · View on GitHub
AWS Instance with multiple SSH Key support.
Usage
ssh-keygen -t rsa
module "bastion" {
source = "github.com/opszero/terraform-aws-bastion"
ssh_keys = [ "ssh-rsa ..." ]
users = {
"username" = {
ssh-keys = [
"ssh-rs ..."
]
}
}
}
Connect
- Use MrMgr to setup IAM access to the Bastion
pip3 install pip3 install ec2instanceconnectclimssh --profile awsprofile ubuntu@i-1234566
Deployment
terraform init
terraform plan
terraform apply -auto-approve
Teardown
terraform destroy -auto-approve
Providers
| Name | Version |
|---|---|
| aws | n/a |
| cloudinit | n/a |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| ami_id | The AMI ID of the bastion host | string | null | no |
| efs_mounts | EFS multiple mounts | map | {} | no |
| ingress_cidrs | Configuration block for ingress rules | any | n/a | yes |
| instance_profile | n/a | object({ | null | no |
| instance_type | EC2 Instance Type of the bastion host | string | "t3.micro" | no |
| name | The name of the bastion host | string | n/a | yes |
| security_group_ids | A list of security group names to associate with. | list(any) | [] | no |
| ssh_keys | SSH public keys to add to the image | list(any) | [] | no |
| subnet_id | The VPC subnet ID to launch in EC2 bastion host | string | n/a | yes |
| tags | A map of tags to assign to the resource | map(any) | {} | no |
| ubuntu_version | Ubuntu Server Version | string | "24.04" | no |
| user_data | User data to provide when launching the instance | string | "" | no |
| user_data_replace_on_change | To recreate the instance when user_data is changed | bool | false | no |
| userdata | User data to provide when launching the instance | string | "" | no |
| users | Custom user accounts of the instance | map | { | no |
| volume_size | Size of the volume in gibibytes (GiB) | number | 20 | no |
| vpc_id | The VPC ID to create security group for bastion host | string | n/a | yes |
Resources
| Name | Type |
|---|---|
| aws_cloudwatch_metric_alarm.aws_bastion_cpu_threshold | resource |
| aws_eip.this | resource |
| aws_iam_instance_profile.this | resource |
| aws_iam_role.this | resource |
| aws_iam_role_policy_attachment.this | resource |
| aws_instance.this | resource |
| aws_security_group.this | resource |
| aws_security_group_rule.this | resource |
| aws_ssm_parameter.ubuntu | data source |
| cloudinit_config.config | data source |
Outputs
| Name | Description |
|---|---|
| instance_id | n/a |
| public_ip | n/a |
🚀 Built by opsZero!
opsZero provides software and consulting for DevOps. With our decade plus of experience scaling some of the world’s most innovative companies we have developed deep expertise in Kubernetes, DevOps, FinOps, and Compliance.
Our software and consulting solutions enable organizations to:
- migrate workloads to the Cloud
- setup compliance frameworks including SOC2, HIPAA, PCI-DSS, ITAR, FedRamp, CMMC, and more.
- FinOps solutions to reduce the cost of running Cloud workloads
- Kubernetes optimized for web scale and AI workloads
- finding underutilized Cloud resources
- setting up custom AI training and delivery
- building data integrations and scrapers
- modernizing onto modern ARM based processors
We do this with a high-touch support model where you:
- Get access to us on Slack, Microsoft Teams or Email
- Get 24/7 coverage of your infrastructure
- Get an accelerated migration to Kubernetes
Please schedule a call if you need support.
