Skip to content
This repository has been archived by the owner on Mar 29, 2024. It is now read-only.

A project demonstrates how you can use the Pulumi Automation SDK to provision cloud resources that require connectivity through a bastion host, establish a connection through the bastion host, and then provision resources through the connection.

License

Notifications You must be signed in to change notification settings

clstokes/pulumi-automation-sdk-ssh-tunnel

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

pulumi-automation-sdk-ssh-tunnel

This project demonstrates how you can use the Pulumi Automation SDK to provision resources that require connectivity through a bastion host, establish a connection through the bastion host, and then provision resources through the connection.

Prerequisites

  • You will need the Pulumi CLI installed.
  • This particular project uses TypeScript so you will need Node.js installed. This same automation application could be implemented in any of other languages that Pulumi supports.
  • For execution, and the SSH tunnel to work correctly, the current implementation requires that the ssh key is already established with ssh-agent. The code could be modified to take the ssh private key as an input.

Usage

The automation application requires the following three arguments:

  • the operation to perform - up, refresh, or destroy
  • the stack name
  • the path to the ssh public key for connecting to the bastion host

e.g.

npm run pulumi \
    up \
    dev \
    ~/.ssh/key.pub

Example Output

%  npm run pulumi up dev ~/.ssh/key.pub 

> [email protected] pulumi
> ./node_modules/ts-node/dist/bin.js pulumi.ts "up" "dev" "/Users/clstokes/.ssh/key.pub"

Running [up] on stack [dev]
################################################################################
#
# Installing dependencies for [./vpc,./database]... 
#
################################################################################
Updating (dev)


View Live: https://app.pulumi.com/clstokes/vpc/dev/updates/83




 +  pulumi:pulumi:Stack vpc-dev creating 

 +  aws:ec2:KeyPair bastion creating 

 +  random:index:RandomPassword db creating 

 +  random:index:RandomPassword db created 

 +  aws:ec2:KeyPair bastion created 

 +  aws:ec2:SecurityGroup bastion creating 

 +  aws:ec2:SecurityGroup db creating 

 +  aws:rds:SubnetGroup db creating 

 +  aws:rds:SubnetGroup db created 

 +  aws:ec2:SecurityGroup db created 

 +  aws:ec2:SecurityGroup bastion created 

 +  aws:rds:Instance db creating 

 +  aws:ec2:Instance bastion creating 

 +  aws:ec2:Instance bastion created 

 +  aws:rds:Instance db created 

 +  pulumi:pulumi:Stack vpc-dev created 
 

Outputs:
    bastionHost: "3.239.113.92"
    dbHost     : "db7c71462.c3vf5g3d8zs9.us-east-1.rds.amazonaws.com"
    dbPassword : "[secret]"
    dbUsername : "admin2021"


Resources:
    + 8 created

Duration: 3m28s


################################################################################
#
# Establishing tunnel through [3.239.113.92] to [db7c71462.c3vf5g3d8zs9.us-east-1.rds.amazonaws.com] on port [5432]...
#
################################################################################
Updating (dev)


View Live: https://app.pulumi.com/clstokes/database/dev/updates/80




 +  pulumi:pulumi:Stack database-dev creating 

 +  postgresql:index:Database main3 creating 

 +  postgresql:index:Database main2 creating 

 +  postgresql:index:Database main1 creating 

 +  postgresql:index:Database main3 created 

 +  postgresql:index:Database main2 created 

 +  postgresql:index:Database main1 created 

 +  pulumi:pulumi:Stack database-dev created 
 

Resources:
    + 4 created

Duration: 12s


################################################################################
#
# Stopping tunnel...
#
################################################################################
% 

About

A project demonstrates how you can use the Pulumi Automation SDK to provision cloud resources that require connectivity through a bastion host, establish a connection through the bastion host, and then provision resources through the connection.

Topics

Resources

License

Stars

Watchers

Forks