Last active
February 12, 2016 05:13
-
-
Save matschaffer/417f9417579b5da62592 to your computer and use it in GitHub Desktop.
ebextensions config to make an app into a viable bastion host - handy if you have an "admin" app aside from your main app
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
option_settings: | |
aws:elb:loadbalancer: | |
SecurityGroups: | |
- (ID of externally created security group with controlled SSH inbound access) | |
ManagedSecurityGroup: (same SG as above) | |
aws:elb:listener:22: | |
ListenerProtocol: TCP | |
InstanceProtocol: TCP | |
InstancePort: 22 | |
aws:elb:policies: | |
ConnectionSettingIdleTimeout: 3600 | |
files: | |
"/usr/local/bin/create_user_accounts": | |
mode: "000755" | |
content: | | |
#!/usr/bin/env bash | |
set -e | |
# ensures any new account has a ready-to-go ssh config | |
mkdir -p /etc/skel/.ssh | |
chmod 700 /etc/skel/.ssh | |
touch /etc/skel/.ssh/authorized_keys | |
chmod 600 /etc/skel/.ssh/authorized_keys | |
id USER >/dev/null 2>&1 || useradd USER | |
curl -s USER_KEY_LOCATION > ~USER/.ssh/authorized_keys | |
commands: | |
create_user_accounts: | |
command: /usr/local/bin/create_user_accounts |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bonus points for someone who forks this to use AWS Directory Service instead ;)