This modules creates a Linux bastion host inside a customers already provisioned infrastructure.
- Resource group
- Subnet
- Network Interface
- Public IP
- Load Balancer
- Backend address pool
- NAT Rule with random generated frontend port
- Network Security Group with random generated destination port
- Virtual Machine, Ubuntu 16.04, with A0 size
Name | Description | Type | Default | Required |
---|---|---|---|---|
bastion_username | Username for the Bastion VM | string | remoteoperator |
no |
existing_rg_for_vnet | The name of the resource group containing the virtual network | string | - | yes |
existing_rt_id | Route table id to be assotiated with bastion subnet. For firewall integration. | string | `` | no |
existing_vnet_name | The name of existing VNet used for the customer you want to create bastion host for | string | - | yes |
location | Location of the resources | string | West Europe |
no |
name_prefix | string | - | yes | |
resource_group | Name of the resource group containing the resources | string | rg-bastion |
no |
subnet_address_prefix | Subnet address prefix for the bastion subnet | string | 10.0.10.0/24 |
no |
vm_size | The size of the VM | string | Standard_A1 |
no |
Name | Description |
---|---|
bastion_nsg_name | The name of the NSG created by the bastion module |
bastion_password | The randomly generated password for logging in to the bastion host |
bastion_private_ip | The private IP to the bastion host |
bastion_public_ip | The Public IP assigned to the Load Balancer |
bastion_rg_name | The name of the resource group created by bastion module |
bastion_subnet_id | Gets the id of the subnet used by the bastion |
bastion_username | The username used to login to the bastion host |
bastion_vm_name | The name of the bastion host |
random_SSH_port | Random generated SSH port |
Subnet address prefix is optional. It defaults to 10.0.10.0/24, but can we overridden using
- subnet_address_prefix = "$address_prefix"
module "bastion-linux" {
source = "git::https://github.com/evry/tf-module-azure-bastion-linux"
existing_vnet_name = "vnet"
existing_rg_for_vnet = "rg-customer-network"
#optional (defaults to 10.0.10.0/24)
(subnet_address_prefix = "")
}
resource "azurerm_network_security_rule" "nsg_rule" {
name = "AllowSSH"
resource_group_name = "${module.bastion-linux.bastion_rg_name}"
network_security_group_name = "${module.bastion-linux.bastion_nsg_name}"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "10.0.0.0/16"
destination_address_prefix = "*"
}
terraform destroy -target=module.bastion-linux