-
Notifications
You must be signed in to change notification settings - Fork 0
/
04_outputs.tf
68 lines (56 loc) · 2.34 KB
/
04_outputs.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
data "external" "get_signin_token" {
count = var.deploy_bastion ? 1 : 0
program = ["sh", "${path.module}/scripts/get_signin_token.sh"]
query = {
region = var.region
username = local.cognito_user_name
password = random_password.bastet[0].result
user_pool_id = aws_cognito_user_pool.cognito_user_pool[0].id
client_id = aws_cognito_user_pool_client.cognito_user_pool_client[0].id
identity_pool_id = aws_cognito_identity_pool.main[0].id
session_duration = var.session_duration
}
depends_on = [
null_resource.create_cognito_user[0]
]
}
output "bastion_session_manager_url" {
value = try("https://signin.aws.amazon.com/federation?Action=login&Destination=https://${var.region}.console.aws.amazon.com/systems-manager/session-manager/${aws_instance.bastion[0].id}?region=${var.region}&SigninToken=${data.external.get_signin_token[0].result.signin_token}", null)
}
output "iam_role_temporary_credentials" {
value = {
aws_access_key_id = try(data.external.get_signin_token[0].result.aws_access_key_id, null)
aws_secret_access_key = try(data.external.get_signin_token[0].result.aws_secret_access_key, null)
aws_session_token = try(data.external.get_signin_token[0].result.aws_session_token, null)
}
}
output "bastion_instance_id" {
value = var.deploy_bastion ? try(aws_instance.bastion[0].id, null) : null
}
output "bastion_private_ip" {
value = var.deploy_bastion ? try(aws_instance.bastion[0].private_ip, null) : null
}
output "bastion_security_group_id" {
value = aws_security_group.bastion.id
}
output "ssm_session_duration" {
value = "${var.session_duration} seconds"
}
output "kamikaze_bastion_enabled" {
value = var.kamikaze_bastion
}
output "bastion_lifetime" {
value = var.kamikaze_bastion ? "${var.bastion_lifetime} seconds" : "infinite"
}
output "bastion_deployed" {
value = var.deploy_bastion
}
output "classic_bastion_public_ip" {
value = var.classic_bastion && var.deploy_bastion ? try(aws_instance.bastion[0].public_ip, null) : null
}
output "classic_bastion_private_key" {
value = var.classic_bastion && var.deploy_bastion ? try(local_file.bastion[0].filename, null) : null
}
output "classic_bastion_ssh_port" {
value = var.classic_bastion && var.deploy_bastion ? local.ssh_port : null
}