Hostname for bastion

[aarcro]

As a lazy admin
I want a predicable DNS name for my bastion box(s)
So that I have a reliable endpoint to connect to.

I'm not sure how to accomplish this, especially for users that choose to run more than one bastion. You'd likely have to add an ELB forwarding port 22, and deal with host keys.

[russellballestrini]

There is no need for an ELB. We solve this using the route53 blueprint in this stacker_blueprints repo.

Here is an example where I take the Output from the Bastion blueprint and use it to create DNS A records:

  - name: route53-main-zone
    class_path: stacker_blueprints.route53.DNSRecords
    variables:
      HostedZoneName: ${basedomain}.
      Comment: ${basedomain} managed by stacker
      RecordSets:

        - Name: bastion.${basedomain}.
          Type: A
          TTL: 60
          ResourceRecords:
            - ${output bastion::PublicIp0}
        - Name: bastion0.${basedomain}.
          Type: A
          TTL: 60
          ResourceRecords:
            - ${output bastion::PublicIp0}
        - Name: bastion1.${basedomain}.
          Type: A
          TTL: 60
          ResourceRecords:
            - ${output bastion::PublicIp1}

[phobologic]

That works internally @ Remind only because we changed our bastions to be instances, rather than using an autoscaling group. With an autoscaling group, you can't really get the IPs of the hosts to bind the records to unfortunately.

That's honestly the only way to give you a consistent name that works every time - might be worth seeing about open sourcing our internal bastion blueprint, it probably hasn't changed much other than using instances instead of the ASG.

[aarcro]

It did sound so easy. Yeah I'm launching bastions through the ASG now to be sure they stay running. I'm doing a user_data boot up thing to grab an EIP now, or I was before I ran out of EIPs.