search

terraform-google-modules / terraform-google-bastion-host

Generates a bastion host VM compatible with OS Login and IAP Tunneling that can be used to access internal VMs
https://registry.terraform.io/modules/terraform-google-modules/bastion-host/google
Apache License 2.0
124 stars 90 forks source link

Add resource_policies variable (optional) to bastion-host #200

Closed intotecho closed 1 week ago

intotecho commented 2 months ago

TL;DR

Allow resource_policies to be passed to the compute_instance. For example, a policy could cause the bastion-host to be started and/or stopped on a schedule. e.g shutdown every day at midnight, or startup 15 minutes before the patch schedule.

Terraform Resources

Bastion Host:
https://registry.terraform.io/search/modules?q=bastion_host

Compute Resource Policy:
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_resource_policy

Compute Instance, resource_policies variable:
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance#resource_policies

google_os_config_patch_deployment

Detailed design

module "gis-bastion-vm" {
  source                = "terraform-google-modules/bastion-host/google"
  ...
  resource_policies       = [google_compute_resource_policy.startup_for_patching_schedule.id]
}

Ability to pass the parameter from bastion-host to compute_instance, which supports resource_policies

Additional information

An alternative approach could be for the google_compute_resource_policy to support an instance_template variable, as in resource google_os_config_patch_deployment.

No response

github-actions[bot] commented 3 weeks ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days