Question 1

How does this SSH bastion compare to AWS Systems Manager Session Manager?

Accepted Answer

This module offers ephemeral containerized SSH access with IAM authentication, ideal for custom environments, while Session Manager provides managed, agent-based access without bastion hosts. Choose this for full control over infrastructure and container isolation, but expect more setup overhead compared to Session Manager's simplicity.

Question 2

How to configure cross-account SSH access with this Terraform module?

Accepted Answer

Set the 'assume_role_arn' variable to the ARN of a role in another account, and apply the sample IAM policy output in that account. The module will create necessary roles and policies to assume the role, enabling IAM user lookups from the central identity account.

Question 3

What happens if an SSH session is left open for over 12 hours?

Accepted Answer

The container is automatically terminated by the host's systemd using RunTimeMaxSec after 12 hours, as noted in the README, to prevent long-lived sessions and enhance security by destroying any state.

Question 4

Can I use a custom Amazon Machine Image (AMI) with this bastion service?

Accepted Answer

Yes, specify 'custom_ami_id' in the variables, but ensure it meets systemd version 229+ requirements and includes necessary dependencies like Docker, or use custom userdata sections to fill gaps.

Question 5

How are IAM user names with special characters handled for Linux logins?

Accepted Answer

Special characters like @, +, =, and comma are mapped to words (e.g., @ becomes 'at'), as described in the README, to create valid Linux usernames up to 32 characters, though this can lead to less intuitive login names.

Question 6

Is there a way to avoid IAM rate limiting in large deployments?

Accepted Answer

Use the default health check on port 2222 instead of port 22, as recommended in the README, to reduce IAM queries from load balancer checks, and strictly whitelist incoming CIDR blocks to limit traffic.

terraform-aws-ssh-bastion-service

What is terraform-aws-ssh-bastion-service?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions