The Jumphost project is designed to be deployed into a standard Nubis Account. It takes advantage of the standard deployment found here.
The jumphost can be optionally deployed and provides a way for users to access EC2 instances over SSH. Once deployed the Jumphost instance has has the permissions necessary to allow users to SSH into instances deployed into either the Public or Private subnets. These permissions are provided by, and enforced by, Security Groups. There is only one Jumphost deployed per VPC which allows access to instances deployed into any subnet within that VPC. The Jumphost is deployed into an Auto Scaling group to provide resiliency, however it is not designed for HA (only a single host is deployed).
NOTE: The line colors are representative and are for readability only. They are not intended to indicate any underlying protocol or specific communication details.
The Nubis Jumphost deployment consists of:
- EC2 Instance in the Public Subnet in an Autoscaling Group
- Elastic IP providing a stable IP for whitelisting and firewalling
- Attachment to account SSH Security group for access control
- IAM Role and Policy for accessing boot secrets
Details for the deployment including; naming conventions, relationships, permissions, etcetera, can be found in the Terraform template used for deployment. Links to specific resources can be found in the following table.
Resource Type | Resource Title | Code Location |
---|---|---|
atlas_artifact | nubis-jumphost | nubis/terraform/main.tf#L6 |
aws_eip | jumphost | nubis/terraform/main.tf#L19 |
aws_route53_record | ui | nubis/terraform/main.tf#L25 |
aws_security_group | jumphost | nubis/terraform/main.tf#L34 |
aws_iam_instance_profile | jumphost | nubis/terraform/main.tf#L73 |
aws_iam_role | jumphost | nubis/terraform/main.tf#L87 |
aws_iam_role_policy | jumphost | nubis/terraform/main.tf#L110 |
aws_launch_configuration | jumphost | nubis/terraform/main.tf#L132 |
aws_autoscaling_group | jumphost | nubis/terraform/main.tf#L168 |
-
Build the AMI
$ vi ./nubis/builder/project.json $ nubis-builder build
-
Edit the terraform.tfvars file
$ cp ./nubis/terraform/terraform.tfvars-dist ./nubis/terraform/terraform.tfvars $ vi nubis/terraform.tfvars
-
Deploy using Terraform
$ terraform plan $ terraform apply
You need to init git submodules
git clone git://github.com/limed/nubis-jumphost.git
git submodule update --init --recursive