From abbdc47e16e8c522afae706acfb10458bb133af0 Mon Sep 17 00:00:00 2001
From: Chris Preston <cpreston@vividsolutions.com>
Date: Thu, 10 Oct 2024 14:32:01 -0700
Subject: [PATCH] Create and access jumphost with SSM

---
 terraform/ec2.tf      | 26 ++++++++++++++++++++++++++
 terraform/security.tf | 19 +++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 terraform/ec2.tf

diff --git a/terraform/ec2.tf b/terraform/ec2.tf
new file mode 100644
index 00000000..0395bd6b
--- /dev/null
+++ b/terraform/ec2.tf
@@ -0,0 +1,26 @@
+data "aws_ami" "amzn-linux-2023-ami" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["al2023-ami-2023.*-x86_64"]
+  }
+}
+
+resource "aws_instance" "jumphost" {
+  ami           = data.aws_ami.amzn-linux-2023-ami.id
+  instance_type = "t2.micro"
+  subnet_id = module.network.aws_subnet_ids.app.ids[0]
+  vpc_security_group_ids = [data.aws_security_group.app.id, aws_security_group.jumphost.id]
+  ebs_optimized = false
+  ebs_block_device {
+    device_name = "/dev/xvda"
+    encrypted = true
+    volume_size = 8
+  }
+
+  tags = {
+    Name = "jumphost-${var.TARGET_ENV}"
+  }
+}
\ No newline at end of file
diff --git a/terraform/security.tf b/terraform/security.tf
index 28b25cf0..74eef8e6 100644
--- a/terraform/security.tf
+++ b/terraform/security.tf
@@ -19,4 +19,23 @@ resource "aws_security_group" "wfprev_tomcat_access" {
     to_port = var.WFPREV_API_PORT
     cidr_blocks = ["0.0.0.0/0"]
   }
+}
+
+resource "aws_security_group" "jumphost" {
+  name        = "wfprev-jumphost-access"
+  description = "Allow access to jumphost via ssm"
+  vpc_id      = module.network.aws_vpc.id
+  ingress {
+    protocol = "tcp"
+    from_port = 3389
+    to_port = 3389
+    security_groups = [data.aws_security_group.web.id]
+  }
+
+  ingress {
+    protocol = "tcp"
+    from_port = 3389
+    to_port = 3389
+    security_groups = [data.aws_security_group.app.id]
+  }
 }
\ No newline at end of file