- Overview
- Architecture
- Prerequisites
- Setup Instructions
- Access Instructions
- Security
- Cleanup
- Troubleshooting
This Terraform configuration establishes a secure AWS infrastructure that creates an EC2 instance accessible only through AWS Systems Manager (SSM), eliminating the need for SSH access or bastion hosts.
The infrastructure includes:
- VPC with private subnets
- EC2 instance with SSM access
- Security Groups
- VPC Endpoints for SSM connectivity:
- SSM endpoint
- SSM messages endpoint
- EC2 messages endpoint
- AWS CLI installed and configured
- Terraform
- AWS Systems Manager Session Manager plugin
- Appropriate AWS permissions
- Clone this repository to your local machine.
- Create a
locals.tf
file in the root directory.
- Initialize Terraform:
terraform init
- Review the execution plan:
terraform plan
- Apply the configuration:
terraform apply
To connect to the EC2 instance:
-
Install the Session Manager plugin
-
Start a session using AWS CLI:
aws ssm start-session --target i-xxxxxxxxxxxxxxxxx
The infrastructure implements several security best practices:
- ✅ No public IP addresses
- ✅ No inbound SSH access
- ✅ Private subnets only
- ✅ Minimal security group rules
- ✅ SSM access only
- ✅ No direct internet access
To remove all created resources:
terraform destroy