I found some information at the official page below, but it was not enough for me to complete an installation any application to EC2 on private subnet via bastion server.
So, I described how to install middleware to Instance B(Target) via Instance A(Bastion).
In the chart below, installing nginx to Instance B(Target).
The key point is controlling the start of creation of target instance, this creation should not be started before the completion of elastic IP for bastion EC2.
resource "aws_instance" "bastion" {
ami = "ami-0318ecd6d05daa212"
instance_type = "t2.micro"
vpc_security_group_ids = [aws_security_group.ec2pub.id]
subnet_id = aws_subnet.public1.id
associate_public_ip_address = true
key_name = aws_key_pair.bastion.id
tags = {
Name = "Bastion"
}
}
resource "aws_eip" "bastion" {
instance = aws_instance.bastion.id
vpc = true
depends_on = [aws_internet_gateway.main]
}
resource "aws_instance" "target" {
ami = "ami-0318ecd6d05daa212"
instance_type = "t2.micro"
vpc_security_group_ids = [aws_security_group.ec2pri.id]
subnet_id = aws_subnet.private1.id
key_name = aws_key_pair.target.id
depends_on = [aws_eip.bastion]
tags = {
Name = "Target"
}
connection {
type = "ssh"
user = "ec2-user"
private_key = file("~/.ssh/hoge.pem")
host = self.private_ip
bastion_host = aws_eip.bastion.public_ip
bastion_host_key = aws_key_pair.bastion.id
bastion_port = 22
bastion_user = "ec2-user"
bastion_private_key = file("~/.ssh/hoge.pem")
}
provisioner "remote-exec" {
inline = [
"sudo yum update -y",
"sudo yum install nginx -y",
"sudo service nginx start",
]
}
}
If you have any comments, please let me know.
And also, if you feel this info is helpful,
Please share this page:
