kill_ssh

#! /usr/bin/env bash

CONTROL_FILE="./bastion_control"

if [ -n "$1" ]; then CONTROL_FILE=$1; fi

ssh -S $CONTROL_FILE -O exit bastion

setup_ssh

#! /usr/bin/env bash

PROXY_ADDR=$1
BASTION_IP=$2
CONTROL_FILE=$3

if echo $(ssh-add -l) | grep -q "SSH_SIGNATURE"
then
  echo Setting up SSH tunnel towards ubuntu@$BASTION_IP for postgres connection
  ssh -D $PROXY_ADDR "ubuntu@$BASTION_IP" -S $CONTROL_FILE -M -fN bastion
else
  for i in {1..15}
  do
    echo You do not have \"platform key\" loaded in your ssh-agent
  done
  exit 1
fi

terragrunt.hcl

locals {
  proxy_addr = "127.0.0.1:5382"
  proxy_socks_addr = "socks5://${local.proxy_addr}"
  tunnel_control_file = "${get_terragrunt_dir()}/bastion_control"
}

terraform {
  source = "modulepath"

  extra_arguments "socks_proxy" {
    commands = ["plan", "apply", "destroy"]

    env_vars = {
      "ALL_PROXY" = local.proxy_socks_addr
    }
  }

  # This creates a background SSH tunnel to the bastion host that we use to connect to the postgres database
  before_hook "ssh_tunnel_up" {
    commands = ["plan", "apply", "destroy"]

    execute = ["bash", "${get_terragrunt_dir()}/setup_ssh", local.proxy_addr, dependency.bastion.outputs.instance.public_ip, local.tunnel_control_file]
  }

  after_hook "ssh_tunnel_down" {
    commands = ["plan", "apply", "destroy"]

    execute = ["bash", "${get_terragrunt_dir()}/kill_ssh", local.tunnel_control_file]
  }
}