| bastion_aws_keypair_name |
SSH Keypair name for the bastion VM. |
string |
n/a |
yes |
| bastion_subnet_id |
The ID of the subnet where the bastion VM will run. |
string |
n/a |
yes |
| vpc_id |
VPC ID for where the bastion VM will run. |
string |
n/a |
yes |
| bastion_aws_ami |
The AWS AMI to use for the bastion VM. |
string |
null |
no |
| bastion_aws_instance_type |
The EC2 instance type to use for the bastion VM. |
string |
"t3.medium" |
no |
| bastion_az |
The availability zone where the bastion instance will be created. |
string |
null |
no |
| bastion_cpu_options |
The CPU options for the bastion instance (e.g., number of cores and threads per core) |
object({
core_count = number
threads_per_core = number
}) |
null |
no |
| bastion_host_name |
Name of bastion host. |
string |
null |
no |
| bastion_inst_profile |
The IAM instance profile for the bastion instance. |
string |
null |
no |
| bastion_monitoring |
Whether to enable detailed monitoring for the bastion instance |
bool |
null |
no |
| bastion_placement_grp |
The placement group to associate with the bastion instance |
string |
null |
no |
| bastion_private_ip |
The private IP address for the bastion instance |
string |
null |
no |
| bastion_security_group_id |
ID for existing Security Group to be used for the bastion VM. Required when create_bastion_sg is false. |
string |
null |
no |
| bastion_security_group_name |
Name of bastion Security Group for CDP environment. Used only if create_bastion_sg is true. |
string |
null |
no |
| bastion_shutdown_behaviour |
The instance initiated shutdown behavior (e.g., stop or terminate) |
string |
null |
no |
| bastion_src_dest_check |
Whether to disable source/destination checks for the bastion instance |
bool |
null |
no |
| bastion_tenancy |
The tenancy option for the bastion instance (e.g., default or dedicated) |
string |
null |
no |
| bastion_user_data |
Base64-encoded user data for the bastion instance. |
string |
null |
no |
| create_bastion_sg |
Flag to specify if the Security Group for the bastion should be created. |
bool |
true |
no |
| create_eip |
Flag to specify if an Elastic IP for the bastion should be created and assigned. |
bool |
false |
no |
| disable_api_termination |
Whether to disable API termination for the bastion instance |
bool |
null |
no |
| egress_rules |
List of egress rules to create. Used only if create_bastion_sg is true. |
list(object({
cidrs = list(string)
from_port = number
to_port = optional(number)
protocol = string
})) |
[
{
"cidrs": [
"0.0.0.0/0"
],
"from_port": 0,
"protocol": "all",
"to_port": 0
}
] |
no |
| eip_name |
Name of Elastic IP. |
string |
null |
no |
| enable_bastion_public_ip |
Whether to create and assign an public IP to the bastion host. |
bool |
null |
no |
| env_tags |
Tags applied to provisioned resources. |
map(any) |
{} |
no |
| ingress_rules |
List of ingress rules to create. Used only if create_bastion_sg is true. |
list(object({
cidrs = list(string)
from_port = number
to_port = optional(number)
protocol = string
})) |
[] |
no |
| replace_on_user_data_change |
Trigger a destroy and recreate of the EC2 instance when user_data changes. Defaults to false if not set. |
bool |
null |
no |