search

ComplyCo / terraform-provider-aws-ssm-tunnels

Terraform Provider for using remote SSM tunnels in plans and applies
Mozilla Public License 2.0
4 stars 0 forks source link

Multiple tunnels supported? #85

Closed ruanbekker closed 1 day ago

ruanbekker commented 2 weeks ago

Hi,

Great project.

I would like to know if its possible to run multiple tunnels at the same time?

Currently I have an active tunnel for RDS:

resource "awsssmtunnels_remote_tunnel" "rds" {
  refresh_id  = "one"
  remote_host = module.platform.rds_endpoint_host
  remote_port = module.platform.rds_endpoint_port
  local_port     = module.platform.rds_endpoint_port
}

And that works fine.

As soon as I add an additional tunnel, eg. elasticache:

resource "awsssmtunnels_remote_tunnel" "redis" {
  refresh_id  = "two"
  remote_host = module.platform.redis_endpoint_host
  remote_port = module.platform.redis_endpoint_port
  local_port     = module.platform.redis_endpoint_port
}

The connection breaks for the rds tunnel:

╷
│ Error: Error connecting to PostgreSQL server 127.0.0.1 (scheme: postgres): read tcp 127.0.0.1:44866->127.0.0.1:5432: read: connection reset by peer
│ 
│   with module.platform.postgresql_role.roles["role_name_1"],
│   on ../../modules/aws/rds.tf line 172, in resource "postgresql_role" "roles":
│  172: resource "postgresql_role" "roles" {
sdemjanenko commented 4 days ago

@ruanbekker sorry for the delayed response. Yes, it is possible to run multiple tunnels. The way to do so is to use multiple instances of the provider.

provider "awsssmtunnels" {
  region              = "us-east-2"
  shared_config_files = [var.tfc_aws_dynamic_credentials.default.shared_config_file]
  target              = "i-...."
}

provider "awsssmtunnels" {
  alias               = "rds"
  region              = "us-east-2"
  shared_config_files = [var.tfc_aws_dynamic_credentials.default.shared_config_file]
  target              = "i-...."
}

resource "awsssmtunnels_remote_tunnel" "eks" {
  refresh_id  = "one"
  remote_host = ...
  remote_port = ...
  local_port  = ...
}

resource "awsssmtunnels_remote_tunnel" "rds" {
  provider    = awsssmtunnels.rds
  refresh_id  = "two"
  remote_host = ...
  remote_port = ...
  local_port  = ...
}

Note, you can use the same target for both instances of the provider (if it happens to be a common bastion for the multiple tunnels).

sdemjanenko commented 1 day ago

Closing issue as using multiple instances of the provider achieves the goal.