Enable session manager and ssh by adding ssh public keys

[drselump14]

what

• Enable session manager for the created nat instance. Need a proper IAM policy for users to connect
• Enable ssh to nat instance by adding ssh public keys

why

• Enabling session manager/ssh to nat instance make it more useful because we can use it as bastion server

references

• https://github.com/cloudposse/terraform-aws-dynamic-subnets/issues/73

[Nuru]

For better NAT instance support, you can use an alternate module such as https://github.com/int128/terraform-aws-nat-instance (we have not vetted it, just noticed it) to create NAT instances and easily connect them to the private subnets.

module "dynamic_subnets" {
  source  = "cloudposse/dynamic-subnets/aws"
  version = "2.0.0"

  nat_gateway_enabled  = false
  nat_instance_enabled = false
  # etc . . .
}

resource "aws_route" "private" {
  count = length(module.dynamic_subnets.private_route_table_ids)

  route_table_id         = module.dynamic_subnets.private_route_table_ids[count.index]
  destination_cidr_block = "0.0.0.0/0"
  network_interface_id   = element(local.nat_instances.*.primary_network_interface_id, count.index)
}

We are not going to invest additional resources on NAT Instance support in this module at this time. We recommend using NAT Gatways instead, and if you want to save money, use a single NAT Gateway rather than one per region.