This is a Terraform project that deploys a web-server(EC2) and a database(RDS) on AWS. The web-server is deployed with Auto-Scaling Group (For HIgh Availabilty) on private subnets which has a Load Balancer. The databases are also deployed on private subnets.
Install Terraform according to your system.
To deploy this project run:
Firstly,
terraform initSecondly,
terraform planAnd Finally,
terraform applyI have used Bastion host because it often sits on the Internet, they typically run a minimum amount of services in order to reduce their attack surface. They are used to connect to private subnets.
a) Never place your SSH private keys on the bastion instance. Instead, use SSH agent forwarding to connect first to the bastion and from there to other instances in private subnets. This lets you keep your SSH private key just on your computer.
b) Configure the security group on the bastion to allow SSH connections (TCP/22) only from known and trusted IP addresses.
c) Configure Linux instances in your VPC to accept SSH connections only from bastion instances.
Do the following to connect:
First generate keys if you dont have it:
ssh-keygen -t rsaThis will save the keys to ~/.ssh folder in home directory
- Run the ssh-agent
ssh-agent <path to your shell>- Run ssh-add along with private key
ssh-add <path to your private key>- To verify the keys available to ssh-agent use:
ssh-add -L- Finally ssh into Bastion host.
ssh -A user@<Bastion IP or DNS>Once u get into the Bastion host, you can ssh into private subnets liek this:
ssh user@<Instance IP>