1.4.4 • Published 3 years ago

@cfn-modules/ssh-bastion v1.4.4

Weekly downloads
5
License
Apache-2.0
Repository
github
Last release
3 years ago

cfn-modules: SSH bastion

SSH bastion (jump server, bastion host) based on Amazon Linux with a fixed public IP address (Elastic IP), running in a 1:1:1 auto scaling group, alerting, and IAM user SSH access.

Install

Install Node.js and npm first!

npm i @cfn-modules/ssh-bastion

Usage

---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules example'
Resources:
  Bastion:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        VpcModule: !GetAtt 'Vpc.Outputs.StackName' # required
        AlertingModule: !GetAtt 'Alerting.Outputs.StackName' # optional
        HostedZoneModule: !GetAtt 'HostedZone.Outputs.StackName' # optional
        KeyName: '' # optional
        IAMUserSSHAccess: false # optional
        InstanceType: 't2.nano' # optional
        LogGroupRetentionInDays: 14 # optional
        SubDomainNameWithDot: 'ssh.' # optional
      TemplateURL: './node_modules/@cfn-modules/ssh-bastion/module.yml'

Examples

Related modules

none

SSH

Single user: ec2-user

Specify the same KeyName parameter for the SSH bastion and all other stacks you want to connect to.

Use ssh -J ec2-user@$BastionPublicIpAddress $TargetPrivateIpAddress and replace $BastionPublicIpAddress with the PublicIpAddress output of the SSH bastion module stack; $TargetPrivateIpAddress with the private IP address of the EC2 instance you want to connect to.

Personalized users (IAMUserSSHAccess := true)

Enable the IAMUserSSHAccess parameter for the SSH bastion and all other stacks you want to connect to.

Use ssh -J $UserName@$BastionPublicIpAddress $TargetPrivateIpAddress and replace $UserName with your IAM user name; $BastionPublicIpAddress with the PublicIpAddress output of the SSH bastion module stack; $TargetPrivateIpAddress with the private IP address of the EC2 instance you want to connect to.

Parameters

Limitations

  • Highly available: A single EC2 instance is running at a time (will be automatically replaced in case of failure)
  • Scalable: EC2 instances capacity (CPU, RAM, network, ...) is limited by design
  • Secure: Root volume is not encrypted at-rest (not possible unless the AMI is encrypted)
  • Secure: Root volume it not backed up
  • Monitoring: Network In+Out is not monitored according to capacity of instance type
cfn-modulescfn-modules:Bastion
@infinitebrahmanuniverse/nolb-_cf@everything-registry/sub-chunk-163
1.4.4

3 years ago

1.4.3

5 years ago

1.4.2

5 years ago

1.4.1

5 years ago

1.4.0

5 years ago

1.3.0

5 years ago

1.2.0

5 years ago

1.1.0

6 years ago

1.0.0

6 years ago

0.0.5

6 years ago

0.0.4

6 years ago

0.0.3

6 years ago

0.0.2

6 years ago

0.0.1

6 years ago