BohdanPetryshyn
commented
4 months ago Hi @maartenvanderhoef and thank you for pointing this out! The reason I enabled public IPs by default is that setting up Basti instance in a public subnet is expected to be the most common use case for the tool. The public IP is indeed not needed in the situations you described. The easiest solution would be to make it configurable (and enabled by default) but I'd also try to come up with a more automated solution that would determine if the option needs to be enabled 🤔
I'm currently having a long summer vacation, so I will only be able to focus on the problem in a couple of weeks. Meanwhile, any ideas are very much appreciated!
https://github.com/basti-app/basti/blob/fcc1dd09ed54489303bcb7caf1bb3552914f61f7/packages/basti/src/bastion/create-bastion.ts#L204
assignPublicIp: trueI think this is wrong by design and should at least be configurable. A public ip is really not required with ssm. The only thing the instance needs to do is to connect to the amazonaws.com domains via VPC Endpoints, or a through a connection with the internet and this can also work well via a NAT GW or a Transit GW.