EC2

data "aws_ssm_parameter" "latest_ami" { name = "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-x86_64" } resource "aws_instance" "bastion" { ami = data.aws_ssm_parameter.latest_ami.value subnet_id = aws_default_subnet.default_az1.id instance_type = "t3.small" key_name = aws_key_pair.keypair.key_name vpc_security_group_ids = [aws_security_group.bastion.id] associate_public_ip_address = true iam_instance_profile = aws_iam_instance_profile.bastion.name user_data = <<-EOF #!/bin/bash yum update -y EOF tags = { Name = "wsc2024-bastion-ec2" } } resource "aws_security_group" "bastion" { name = "wsc2024-bastion-sg" vpc_id = aws_default_vpc.default.id ingress { protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] from_port = "22" to_port = "22" } egress { protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] from_port = "80" to_port = "80" } egress { protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] from_port = "443" to_port = "443" } tags = { Name = "wsc2024-bastion-sg" } } resource "aws_iam_role" "bastion" { name = "wsc2024-bastion-role" assume_role_policy = jsonencode({ Version = "2012-10-17" Statement = [ { Action = "sts:AssumeRole" Effect = "Allow" Sid = "" Principal = { Service = "ec2.amazonaws.com" } } ] }) managed_policy_arns = ["arn:aws:iam::aws:policy/AdministratorAccess"] } resource "aws_iam_instance_profile" "bastion" { name = "wsc2024-profile-bastion" role = aws_iam_role.bastion.name }