Skip to content

[#33] Update missing Bastion's resources #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
sanG-github wants to merge 4 commits into
base: develop
Choose a base branch
from
Draft

[#33] Update missing Bastion's resources #37

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
1a8c956
[#33] Update missing Bastion's resources
sanG-github Jan 21, 2024
aa3314a
Skip checkov
sanG-github Jan 21, 2024
2c91786
Add IP
sanG-github Jan 21, 2024
0b6151a
Update bucket name
sanG-github Mar 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion core/locals.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ locals {
health_check_path = "/health"

# The IP addresses allowed to connect to the bastion host
bastion_allowed_ip_connections = []
bastion_allowed_ip_connections = ["115.74.38.114"]

# The ECS configuration for the current environment
current_ecs_config = local.ecs_config[var.environment]
Expand Down
1 change: 1 addition & 0 deletions core/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,5 +118,6 @@ module "bastion" {
source = "../modules/bastion"

environment = var.environment
subnet_ids = module.vpc.public_subnet_ids
instance_security_group_ids = module.security_group.bastion_security_group_ids
}
9 changes: 9 additions & 0 deletions modules/bastion/locals.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,13 @@ locals {

# The instance type
instance_type = "t3.nano"

# The minimum number of instances
min_instance_count = 1

# The maximum number of instances
max_instance_count = 1

# The desired number of instances
instance_desired_count = 1
}
16 changes: 16 additions & 0 deletions modules/bastion/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,19 @@ resource "aws_launch_configuration" "bastion_instance" {
encrypted = true
}
}

resource "aws_autoscaling_group" "bastion_instance" {
#checkov:skip=CKV_AWS_315: Use EC2 launch template
name = "${local.namespace}-instance"
min_size = local.min_instance_count
max_size = local.max_instance_count
desired_capacity = local.instance_desired_count
launch_configuration = aws_launch_configuration.bastion_instance.name
vpc_zone_identifier = var.subnet_ids

tag {
key = "Name"
value = "${local.namespace}-instance"
propagate_at_launch = true
}
}
5 changes: 5 additions & 0 deletions modules/bastion/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,8 @@ variable "instance_security_group_ids" {
description = "The security group IDs for the instance"
type = list(string)
}

variable "subnet_ids" {
description = "The subnet IDs for the instance"
type = list(string)
}
4 changes: 2 additions & 2 deletions modules/s3/locals.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
locals {
# The name of the bucket
asset_bucket_name = "${var.environment}-devops-ic-assets-bucket"
asset_bucket_name = "${var.environment}-devops-ic-asset-1-bucket"

# The name of ALB log bucket
alb_log_bucket_name = "${var.environment}-devops-ic-alb-log-bucket"
alb_log_bucket_name = "${var.environment}-devops-ic-alb-log-1-bucket"

# All objects should be deleted from the bucket when the bucket is destroyed
force_destroy = true
Expand Down