ec2.BastionHostLinux: No easy way to pass in keyName to ssh in from this class
See original GitHub issueWhat is the problem?
const host = new ec2.BastionHostLinux(this, 'cdk-bastion', {
vpc,
instanceName: 'cdk-bastion',
instanceType: ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.MICRO),
machineImage: machineImage,
securityGroup: public_sg,
subnetSelection: {subnets:[vpc.publicSubnets[0]]}
});
I expected keyName to be a top level property at construction. If i want to create a Bastion with ssh Key, then I have to use regular Image class since it is a construct prop.
I am using Typecript.
Reproduction Steps
import { Stack, StackProps } from 'aws-cdk-lib';
import { Construct } from 'constructs';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import { Peer, Port } from 'aws-cdk-lib/aws-ec2';
export class CdkVpcStack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
const vpc = new ec2.Vpc(this, 'cdk-vpc', {
cidr: "10.0.0.0/16",
enableDnsHostnames: true,
enableDnsSupport: true,
subnetConfiguration: [
{
cidrMask: 24,
name: 'cdk-sb-public',
subnetType: ec2.SubnetType.PUBLIC,
},
{
cidrMask: 20,
name: 'cdk-sb-private',
subnetType: ec2.SubnetType.PRIVATE_ISOLATED,
}
]
});
const public_sg = new ec2.SecurityGroup(this, 'cdk-public-sg', {
vpc: vpc,
});
public_sg.addIngressRule(Peer.anyIpv4(),Port.tcp(22),"SSH Bastion",false);
public_sg.addEgressRule(Peer.anyIpv4(),Port.allTraffic(),"SSH Bastion",false);
const machineImage = ec2.MachineImage.latestAmazonLinux();
const host = new ec2.BastionHostLinux(this, 'cdk-bastion', {
vpc,
instanceName: 'cdk-bastion',
instanceType: ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.MICRO),
machineImage: machineImage,
securityGroup: public_sg,
subnetSelection: {subnets:[vpc.publicSubnets[0]]}
});
}
}
What did you expect to happen?
Simple property to add keyName.
What actually happened?
keyName cannot be set cause Image is private
CDK CLI Version
2.8.0
Framework Version
2.8.0
Node.js Version
v16.13.1
OS
Mac OS
Language
Typescript
Language Version
3.9.7
Other information
No response
Issue Analytics
- State:
- Created 2 years ago
- Reactions:1
- Comments:5 (5 by maintainers)
Top Results From Across the Web
class BastionHostLinux (construct) · AWS CDK
The recommended way to connect to the bastion host is by using AWS Systems Manager Session Manager. The operating system is Amazon Linux...
Read more >awslabs/aws-cdk - Gitter
I've read all the github issue threads on this, to no avail. ... because I don't see a way with the BastionHostLinux pattern...
Read more >Create/associate ssh keypair to an ec2 instance with the CDK
If you do not have a specific reason for using BastionHostLinux you could create an instance using Instance class and just give name...
Read more >AWS EC2 SSH key management | How to launch ... - YouTube
The first way is a little easy but you do not have very good control over ... And then use the private key...
Read more >How to set up an SSH tunnel to private AWS RDS and EC2 ...
In this post, I will explain how to create SSH tunnels to private EC2 ... Stack, Tags, aws_ec2 as ec2, } from "aws-cdk-lib";...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Not adding the keyName was a decision when writing this construct.
As the BastionHost is a level 2.5 construct it is opinionated as does not solve all use cases somebody might have
@hoegertn @njlynch,
If this was an intentional design consideration, should we suspend further conversation about adjusting the construct?