kusw3/main.tf

## main.tf
# Load teamplate for provision script of bastion host
data "template_file" "user_data" {
  template = file("${path.module}/helpers/provision.sh")

  vars = {
    TF_tf_zip_url  = "https://releases.hashicorp.com/terraform/0.12.23/terraform_0.12.23_linux_amd64.zip"
    TF_kc_url      = "https://amazon-eks.s3-us-west-2.amazonaws.com/1.15.10/2020-02-22/bin/linux/amd64/kubectl"
    TF_iamauth_url = "https://amazon-eks.s3-us-west-2.amazonaws.com/1.15.10/2020-02-22/bin/linux/amd64/aws-iam-authenticator"
    TF_eksctl_url  = "https://github.com/weaveworks/eksctl/releases/download/latest_release/eksctl_$(uname -s)_amd64.tar.gz"
    TF_tz          = "Europe/Andorra"
    TF_host_fqdn   = "bastion.${var.domain_name}"
  }
}

resource "aws_launch_configuration" "bastion" {
  image_id = data.aws_ami.al2.id
  instance_type = "t3.small"

  security_groups = [aws_security_group.bastion-host-sg.id]

  user_data = data.template_file.user_data.rendered

  associate_public_ip_address = true

  key_name = aws_key_pair.mgmt.key_name

  lifecycle {
    create_before_destroy = true
  }
}

resource "aws_autoscaling_group" "bastion" {
  launch_configuration = aws_launch_configuration.bastion.name
  vpc_zone_identifier = [element(module.vpc.public_subnets, 0)]

  min_size = 1
  max_size = 1

  tag {
    key = "Name"
    value = "BastionHost"
    propagate_at_launch = true
  }
}

## provision.sh
#!/bin/bash

# Helper script to provision a kubernetes ready bastion host
# Tested on amzlinux2 OS
# marc@kusw3.com

setup() {
    # Setting up timezone
    timedatectl set-timezone ${TF_tz}

    hostnamectl set-hostname ${TF_host_fqdn}
    hostn=$(echo ${TF_host_fqdn} | cut -d. -f1)
    sed -i "s/127.0.0.1/127.0.0.1 ${TF_host_fqdn} $hostn/" /etc/hosts

    echo 'preserve_hostname: true' > /etc/cloud/cloud.cfg.d/99_preserve_name.cfg
}

install_git() {
    yum install git -y
}

install_terraform() {
    mkdir /tmp/tf_install
    cd /tmp/tf_install
    curl ${TF_tf_zip_url} -o tf.zip
    unzip tf.zip
    chmod +x terraform
    mv terraform /usr/local/bin/
    rm -rf /tmp/tf_install
}

install_docker() {
    yum install docker -y
    usermod -a -G docker ec2-user
    systemctl enable --now docker
}

install_aws() {
    pip3 install --upgrade awscli
}

install_kubectl() {
    mkdir /tmp/kubectl_install
    cd /tmp/kubectl_install
    curl -o kubectl ${TF_kc_url}
    chmod +x kubectl
    mv kubectl /usr/local/bin/
    curl -o aws-iam-authenticator ${TF_iamauth_url}
    chmod +x aws-iam-authenticator
    mv aws-iam-authenticator /usr/local/bin/
    rm -rf /tmp/kubectl_install
}

install_eksctl() {
    curl --silent --location ${TF_eksctl_url} | tar xz -C /tmp
    chmod +x /tmp/eksctl
    mv /tmp/eksctl /usr/local/bin
}

install_mysql() {
    yum install mariadb.x86_64 -y
}

install_update() {
    yum update -y
}

setup

for cmd in git terraform docker aws kubectl eksctl mysql update;
do
    if [[ -z "$(which $cmd)" ]]; then
        echo -n "Installing $cmd ... "
        if $(install_$cmd); then
            echo " DONE."
        else
            echo "Error installing $cmd. See above."
        fi
    fi
done

echo '## Finishing setup. REBOOTING in 5min'
shutdown -r +5
	# Load teamplate for provision script of bastion host
	data "template_file" "user_data" {
	template = file("${path.module}/helpers/provision.sh")

	vars = {
	TF_tf_zip_url = "https://releases.hashicorp.com/terraform/0.12.23/terraform_0.12.23_linux_amd64.zip"
	TF_kc_url = "https://amazon-eks.s3-us-west-2.amazonaws.com/1.15.10/2020-02-22/bin/linux/amd64/kubectl"
	TF_iamauth_url = "https://amazon-eks.s3-us-west-2.amazonaws.com/1.15.10/2020-02-22/bin/linux/amd64/aws-iam-authenticator"
	TF_eksctl_url = "https://github.com/weaveworks/eksctl/releases/download/latest_release/eksctl_$(uname -s)_amd64.tar.gz"
	TF_tz = "Europe/Andorra"
	TF_host_fqdn = "bastion.${var.domain_name}"
	}
	}

	resource "aws_launch_configuration" "bastion" {
	image_id = data.aws_ami.al2.id
	instance_type = "t3.small"

	security_groups = [aws_security_group.bastion-host-sg.id]

	user_data = data.template_file.user_data.rendered

	associate_public_ip_address = true

	key_name = aws_key_pair.mgmt.key_name

	lifecycle {
	create_before_destroy = true
	}
	}

	resource "aws_autoscaling_group" "bastion" {
	launch_configuration = aws_launch_configuration.bastion.name
	vpc_zone_identifier = [element(module.vpc.public_subnets, 0)]

	min_size = 1
	max_size = 1

	tag {
	key = "Name"
	value = "BastionHost"
	propagate_at_launch = true
	}
	}
	#!/bin/bash

	# Helper script to provision a kubernetes ready bastion host
	# Tested on amzlinux2 OS
	# marc@kusw3.com

	setup() {
	# Setting up timezone
	timedatectl set-timezone ${TF_tz}

	hostnamectl set-hostname ${TF_host_fqdn}
	hostn=$(echo ${TF_host_fqdn} \| cut -d. -f1)
	sed -i "s/127.0.0.1/127.0.0.1 ${TF_host_fqdn} $hostn/" /etc/hosts

	echo 'preserve_hostname: true' > /etc/cloud/cloud.cfg.d/99_preserve_name.cfg
	}

	install_git() {
	yum install git -y
	}

	install_terraform() {
	mkdir /tmp/tf_install
	cd /tmp/tf_install
	curl ${TF_tf_zip_url} -o tf.zip
	unzip tf.zip
	chmod +x terraform
	mv terraform /usr/local/bin/
	rm -rf /tmp/tf_install
	}

	install_docker() {
	yum install docker -y
	usermod -a -G docker ec2-user
	systemctl enable --now docker
	}

	install_aws() {
	pip3 install --upgrade awscli
	}

	install_kubectl() {
	mkdir /tmp/kubectl_install
	cd /tmp/kubectl_install
	curl -o kubectl ${TF_kc_url}
	chmod +x kubectl
	mv kubectl /usr/local/bin/
	curl -o aws-iam-authenticator ${TF_iamauth_url}
	chmod +x aws-iam-authenticator
	mv aws-iam-authenticator /usr/local/bin/
	rm -rf /tmp/kubectl_install
	}

	install_eksctl() {
	curl --silent --location ${TF_eksctl_url} \| tar xz -C /tmp
	chmod +x /tmp/eksctl
	mv /tmp/eksctl /usr/local/bin
	}

	install_mysql() {
	yum install mariadb.x86_64 -y
	}

	install_update() {
	yum update -y
	}

	setup

	for cmd in git terraform docker aws kubectl eksctl mysql update;
	do
	if [[ -z "$(which $cmd)" ]]; then
	echo -n "Installing $cmd ... "
	if $(install_$cmd); then
	echo " DONE."
	else
	echo "Error installing $cmd. See above."
	fi
	fi
	done

	echo '## Finishing setup. REBOOTING in 5min'
	shutdown -r +5