An ECS based SSH reverse proxy used as a secure tunnel to the Entrinsik Datahub.
It is possible to enter the ECS container running the tunnel with the following command:
aws ecs execute-command \
--region <REGION> \
--cluster <CLUSTER> \
--task <TASK_ID> \
--container ssh-reverse-tunnel \
--command "/bin/bash" \
--interactive
module "informer-tunnel" {
source = "git::https://github.com/LF-Certification/terraform-aws-informer-tunnel.git"
identifier = "informer-secure-tunnel"
# Typically obtained from the output of another resource
vpc_id = "vpc-12345"
ecs_service_subnets = ["subnet-4321", "subnet-8765"]
datahub_port = 15432
datasource_address = "database.hostname.org"
datasource_port = 5432
}| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| datahub_cidrs | List of CIDR's that the tunnel container will be allowed to connect to. | list(string) |
[ |
no |
| datahub_port | The port on our Datahub that you want for the remote end of the tunnel | number |
n/a | yes |
| datasource_address | The address of the datasource to proxy to. | string |
n/a | yes |
| datasource_port | The port of the datasource to proxy to. | number |
n/a | yes |
| ecs_security_groups | Security groups which will be added to the ECS task | list(string) |
[] |
no |
| ecs_service_subnets | List of subnets to associate with the ECS service | list(string) |
n/a | yes |
| identifier | Identifer used to name resources created by the module. | string |
n/a | yes |
| image_name | Name of the container image to use | string |
"public.ecr.aws/entrinsik-inc/data-gateway" |
no |
| image_tag | Tag of the container image to use | string |
"latest" |
no |
| tunnel_parameter_store_prefix | Prefix for parameters stored in AWS Parameter Store | string |
"informer" |
no |
| vpc_id | The id of the VPC in which the reverse tunnel will be deployed. | string |
n/a | yes |
No outputs.