Note: Scroll down this article to download the terrafom files in zip format.


Terraform AWS Bastion Host

This Terraform module deploys a secure EC2 instance configured to act as a bastion host (or jump box) within an existing AWS VPC.

A bastion host is a server whose purpose is to provide access to a private network from an external network, such as the internet. It's a common security practice to harden this server and limit its exposure.

Features

  • EC2 Instance: Deploys a t2.micro EC2 instance, which is eligible for the AWS Free Tier.
  • Latest Ubuntu AMI: Automatically finds and uses the latest Amazon Machine Image (AMI) for Ubuntu 24.04 (Noble Numbat).
  • Secure Access: Creates a security group that allows SSH access (port 22) only from a specified public IP address and from private IP ranges.
  • Public Accessibility: Assigns a public IP address to the instance for direct access from the internet.
  • Network Routing: Adds a route in your specified route table to direct traffic for your source IP through the Internet Gateway.
  • Easy Output: Outputs the public IP address of the created bastion host upon completion.

Prerequisites

Before you begin, ensure you have the following:

  • Terraform: Installed on your local machine.
  • AWS Account: An active AWS account.
  • AWS CLI: Configured with credentials that have permissions to create the resources defined in main.tf.
  • Existing AWS Infrastructure:
    • A VPC.
    • A Subnet within the VPC.
    • An Internet Gateway attached to the VPC.
    • A Route Table associated with the Subnet.
    • An EC2 Key Pair for SSH access.

Usage

1. Configure Your Variables

Clone the repository and update the terraform.auto.tfvars file with your specific AWS infrastructure details.

# terraform.tfvars.auto.tfvars

region              = "us-east-1"                 # Your desired AWS region
instance_name       = "aws-bastion-host"          # A name for your EC2 instance
vpc_id              = "vpc-xxxxxxxxxxxxxxxxx"     # Your VPC ID
subnet_id           = "subnet-xxxxxxxxxxxxxxxxx"  # Your public Subnet ID
source_ip_for_ssh   = "YOUR_IP_ADDRESS/32"      # Your public IP for SSH access
ssh_key_name        = "your-key-name"             # The name of your EC2 Key Pair
route_table_id      = "rtb-xxxxxxxxxxxxxxxxx"     # Your Route Table ID
internet_gateway_id = "igw-xxxxxxxxxxxxxxxxx"     # Your Internet Gateway ID

Deployment

  1. Initialize Terraform:
    terraform init
  2. (Optional) Plan the deployment:
    terraform plan
  3. Apply the configuration:
    terraform apply

Terraform Outputs

The following outputs are defined in main.tf.

NameDescription
bastion_public_ipThe public IP address of the bastion host.