This project includes a basic Terraform configuration. The configuration deploys an EC2 bastion instance into an existing VPC with public subnets.
Before you can successfully run the Terraform configuration in this project, make sure you have the following in place:
-
AWS Account
You need an active AWS account with permissions to create and manage EC2 instances, security groups, and related resources. -
AWS CLI Configuration
Having the AWS CLI configured ensures your credentials and region settings are properly set. You can do this with:aws configure
Provide AWS access key, secret key and default region when prompted.
-
Terraform Installation
Make sure terraform is installed by running the following commandterraform --version
If the command is not found then please consult terraform installation guide.
-
AWS Key Pair
We will need a key pair to use for accessing the bastion host. One can be created using the aws cli as follows:aws ec2 create-key-pair --key-name $KEY_NAME --query 'KeyMaterial' --output text > $KEY_NAME.pem
This will create a key pair and add create a file locally with the content needed to connect using this key. The
$KEY_NAMEis also provided to the terraform configuration so that it can be setup in the bastion host. -
Existing VPC,Subnet and Security Group
We will need to provide the information of an existing VPC by providing itssubnet idso note that down and provide it to the terraform configuration. We will also need a security group that atleast allows ssh (port 22) from the desired IP address to be able to access the bastion host once it is created. Note down thesecurity group idas that will also be required by terraform.
| Variable | Description | Example |
|---|---|---|
aws_region |
The AWS region where you want to create resources. | "us-east-1" |
ami_id |
The Amazon Machine Image (AMI) to use for your EC2 instance. | "ami-0123456789abcdef0" |
instance_type |
The EC2 instance type to create (e.g., t2.micro, t3.medium). | "t2.micro" |
subnet_id |
The ID of the public subnet where this instance will reside. | "subnet-01234567" |
security_group_id |
The ID of the security group to attach to the instance. You must allow SSH traffic (port 22) at minimum. | "sg-01234567" |
key_name |
The name of an existing AWS key pair, allowing you to SSH into the instance. | "my-ssh-keypair" |
aws_regionensures Terraform and the AWS provider know where to provision infrastructure.ami_iddetermines the base operating system for your instance (e.g., Amazon Linux, Ubuntu).instance_typeaffects performance and pricing.subnet_idspecifies where the bastion instance will live (in a public subnet).security_group_idcontrols inbound/outbound traffic (ensure port 22 is open to your IP for SSH).key_nameis required for SSH access unless another authentication method is used.
- Navigate to the Terraform directory:
cd terraform/ - Initialize Terraform
terraform init
- Provide Variables
Variables may be supplied using the command line as shown below:
They can also be supplied by creating a
terraform plan \ -var="aws_region=us-east-1" \ -var="ami_id=ami-0123456789abcdef0" \ -var="instance_type=t2.micro" \ -var="subnet_id=subnet-01234567" \ -var="security_group_id=sg-01234567" \ -var="key_name=my-ssh-keypair"terraform.tfvarsfile in the root of the project before running theterrraform planorapplycommands.# terraform.tfvars file content aws_region = "us-east-1" ami_id = "ami-0123456789abcdef0" instance_type = "t2.micro" subnet_id = "subnet-01234567" security_group_id = "sg-01234567" key_name = "my-ssh-keypair"terraform plan # or terraform apply - Getting Bastion IP
Terraform is configured to output the public ip of the created bastion host. The ip will be output at the end of theterraform apply. It can also be fetched by using the following command (after the successful execution of the apply command)terraform output bastion_public_ip