National Pizza Magistrate

    @cfn-modules/ssh-bastion

    1.4.4 • Public • Published

    cfn-modules: SSH bastion

    SSH bastion (jump server, bastion host) based on Amazon Linux with a fixed public IP address (Elastic IP), running in a 1:1:1 auto scaling group, alerting, and IAM user SSH access.

    Install

    Install Node.js and npm first!

    npm i @cfn-modules/ssh-bastion
    

    Usage

    ---
    AWSTemplateFormatVersion: '2010-09-09'
    Description: 'cfn-modules example'
    Resources:
      Bastion:
        Type: 'AWS::CloudFormation::Stack'
        Properties:
          Parameters:
            VpcModule: !GetAtt 'Vpc.Outputs.StackName' # required
            AlertingModule: !GetAtt 'Alerting.Outputs.StackName' # optional
            HostedZoneModule: !GetAtt 'HostedZone.Outputs.StackName' # optional
            KeyName: '' # optional
            IAMUserSSHAccess: false # optional
            InstanceType: 't2.nano' # optional
            LogGroupRetentionInDays: 14 # optional
            SubDomainNameWithDot: 'ssh.' # optional
          TemplateURL: './node_modules/@cfn-modules/ssh-bastion/module.yml'
    

    Examples

    Related modules

    none

    SSH

    Single user: ec2-user

    Specify the same KeyName parameter for the SSH bastion and all other stacks you want to connect to.

    Use ssh -J ec2-user@$BastionPublicIpAddress $TargetPrivateIpAddress and replace $BastionPublicIpAddress with the PublicIpAddress output of the SSH bastion module stack; $TargetPrivateIpAddress with the private IP address of the EC2 instance you want to connect to.

    Personalized users (IAMUserSSHAccess := true)

    Enable the IAMUserSSHAccess parameter for the SSH bastion and all other stacks you want to connect to.

    Use ssh -J $UserName@$BastionPublicIpAddress $TargetPrivateIpAddress and replace $UserName with your IAM user name; $BastionPublicIpAddress with the PublicIpAddress output of the SSH bastion module stack; $TargetPrivateIpAddress with the private IP address of the EC2 instance you want to connect to.

    Parameters

    Name Description Default Required? Allowed values
    VpcModule Stack name of vpc module yes
    AlertingModule Stack name of alerting module no
    HostedZoneModule Stack name of module implementing HostedZone no
    KeyName Key name of the Linux user ec2-user to establish a SSH connection to the EC2 instance no
    IAMUserSSHAccess Synchronize public keys of IAM users to enable personalized SSH access (https://github.com/widdix/aws-ec2-ssh)? false no [true, false]
    InstanceType The instance type for the EC2 instance t2.nano no
    LogGroupRetentionInDays Specifies the number of days you want to retain log events 14 no [1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653]
    SubDomainNameWithDot Name that is used to create the DNS entry with trailing dot, e.g. §{SubDomainNameWithDot}§{HostedZoneName}. Leave blank for naked (or apex and bare) domain. Requires HostedZoneModule parameter! test. no

    Limitations

    • Highly available: A single EC2 instance is running at a time (will be automatically replaced in case of failure)
    • Scalable: EC2 instances capacity (CPU, RAM, network, ...) is limited by design
    • Secure: Root volume is not encrypted at-rest (not possible unless the AMI is encrypted)
    • Secure: Root volume it not backed up
    • Monitoring: Network In+Out is not monitored according to capacity of instance type

    Install

    npm i @cfn-modules/ssh-bastion

    DownloadsWeekly Downloads

    9

    Version

    1.4.4

    License

    Apache-2.0

    Unpacked Size

    153 kB

    Total Files

    14

    Last publish

    Collaborators

    • hellomichibye
    • andreaswittig