Created
April 9, 2023 14:14
-
-
Save crisboarna/33d4d012ad55123d75d341246be4835a to your computer and use it in GitHub Desktop.
Accessing isolated network estate on AWS: Part 1 - Bastion Host: Bastion Stack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import * as cdk from 'aws-cdk-lib'; | |
import * as ec2 from 'aws-cdk-lib/aws-ec2'; | |
import {Construct} from "constructs"; | |
export class BastionStack extends cdk.Stack { | |
constructor(scope: Construct, id: string, props: { vpc: ec2.Vpc }, stackProps?: cdk.StackProps) { | |
super(scope, id, stackProps); | |
const { vpc } = props; | |
const securityGroup = new ec2.SecurityGroup(this, 'SG-Bastion', { | |
vpc: vpc, | |
allowAllOutbound: true, | |
description: 'SG for Bastion Port 22 SSH access', | |
securityGroupName: 'SG-Bastion' | |
}); | |
securityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(22), 'SSH access'); | |
const bastionHost = new ec2.BastionHostLinux(this, 'BastionHost', { | |
vpc, | |
securityGroup, | |
subnetSelection: { subnetType: ec2.SubnetType.PUBLIC }, | |
}); | |
const profile = this.node.tryGetContext('profile'); | |
// Run following commands on stack creation completion to land with terminal inside of bastion host | |
const createSshKeyCommand = 'ssh-keygen -t rsa -f bastion_rsa_key'; | |
const pushSshKeyCommand = `aws ec2-instance-connect send-ssh-public-key --availability-zone ${bastionHost.instanceAvailabilityZone} --instance-id ${bastionHost.instanceId} --instance-os-user ec2-user --region ${cdk.Aws.REGION} --ssh-public-key file://bastion_rsa_key.pub ${profile ? `--profile ${profile}` : ''}`; | |
const sshCommand = `ssh -o "IdentitiesOnly=yes" -i bastion_rsa_key ec2-user@${bastionHost.instancePublicDnsName}`; | |
new cdk.CfnOutput(this, 'CreateSshKeyCommand', { value: createSshKeyCommand }); | |
new cdk.CfnOutput(this, 'PushSshKeyCommand', { value: pushSshKeyCommand }); | |
new cdk.CfnOutput(this, 'SshCommand', { value: sshCommand}); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment