Skip to content
This repository is currently being migrated. It's locked while the migration is in progress.

Terraform module for Azure creating a Linux bastion server

Notifications You must be signed in to change notification settings

evry/tf-module-azure-bastion-linux

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Module for creating Linux Bastion host

This modules creates a Linux bastion host inside a customers already provisioned infrastructure.

Resources created when using this module

  • Resource group
  • Subnet
  • Network Interface
  • Public IP
  • Load Balancer
  • Backend address pool
  • NAT Rule with random generated frontend port
  • Network Security Group with random generated destination port
  • Virtual Machine, Ubuntu 16.04, with A0 size

Using this module

Inputs

Name Description Type Default Required
bastion_username Username for the Bastion VM string remoteoperator no
existing_rg_for_vnet The name of the resource group containing the virtual network string - yes
existing_rt_id Route table id to be assotiated with bastion subnet. For firewall integration. string `` no
existing_vnet_name The name of existing VNet used for the customer you want to create bastion host for string - yes
location Location of the resources string West Europe no
name_prefix string - yes
resource_group Name of the resource group containing the resources string rg-bastion no
subnet_address_prefix Subnet address prefix for the bastion subnet string 10.0.10.0/24 no
vm_size The size of the VM string Standard_A1 no

Outputs

Name Description
bastion_nsg_name The name of the NSG created by the bastion module
bastion_password The randomly generated password for logging in to the bastion host
bastion_private_ip The private IP to the bastion host
bastion_public_ip The Public IP assigned to the Load Balancer
bastion_rg_name The name of the resource group created by bastion module
bastion_subnet_id Gets the id of the subnet used by the bastion
bastion_username The username used to login to the bastion host
bastion_vm_name The name of the bastion host
random_SSH_port Random generated SSH port

Subnet address prefix is optional. It defaults to 10.0.10.0/24, but can we overridden using

  • subnet_address_prefix = "$address_prefix"

Example for creating bastion host

module "bastion-linux" {
    source = "git::https://github.com/evry/tf-module-azure-bastion-linux"
    existing_vnet_name = "vnet"
    existing_rg_for_vnet = "rg-customer-network"
    #optional (defaults to 10.0.10.0/24)
    (subnet_address_prefix = "")
}

Example on how to attach NSG rule to the network security group generated by this module

resource "azurerm_network_security_rule" "nsg_rule" {
  name                        = "AllowSSH"
  resource_group_name         = "${module.bastion-linux.bastion_rg_name}"
  network_security_group_name = "${module.bastion-linux.bastion_nsg_name}"
  priority                    = 100
  direction                   = "Inbound"
  access                      = "Allow"
  protocol                    = "Tcp"
  source_port_range           = "*"
  destination_port_range      = "22"
  source_address_prefix       = "10.0.0.0/16"
  destination_address_prefix  = "*"
}

Example for destroying the bastion host

terraform destroy -target=module.bastion-linux

About

Terraform module for Azure creating a Linux bastion server

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages