Terraform: Terraform provisioner does not yet support bstion connection for winrm
Hi,
I would like to see a feature enhancement where terraform supports winrm connection to windows machines through a bastion host/
frezbo
All 5 comments
Has there been any development on this? This would be incredibly useful for a number of our use cases and I was wondering if this is even being considered at this point in time.
sirajrauff
on 15 Jan 2019
While waiting for this feature, what is the best practice to configure a Windows VM using Terraform provisioners other than attaching a public IP and opening ports? The Windows VM would be in a private subnet behind a NAT if it wasn't for the need to open up access for WinRM.
shermanyin
on 11 Feb 2020
@shermanyin the way I do it is creating local-exec with ssh tunnel and then connecting winrm to tunnel on localhost
sanyer
on 14 Feb 2020
@sanyer Thanks for the suggestion, I'll give that a try!
shermanyin
on 18 Feb 2020
Here is code example:
resource "aws_instance" "instance" {
...
provisioner "local-exec" {
command = "screen -X -S winrm_tunnel quit >/dev/null 2>&1 || true; screen -S winrm_tunnel -d -m -- ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -NL4000:${self.private_ip}:5985 ${var.bastion_user}@${var.bastion_public_ip}"
}
connection {
type = "winrm"
host = "localhost"
port = "4000"
user = "${var.bastion_user}"
password = "${var.bastion_password}"
insecure = true
https = false
timeout = "20m"
}
provisioner "remote-exec" {
inline = [
"powershell.exe -Command Get-NetIPAddress"
]
}
provisioner "local-exec" {
command = "screen -X -S winrm_tunnel quit || true"
}
...
}
Related issues
cpoole
路
3Comments
rjinski
路
3Comments
jrnt30
路
3Comments
Seraf
路
3Comments
rjinski
路
3Comments
Most helpful comment
Has there been any development on this? This would be incredibly useful for a number of our use cases and I was wondering if this is even being considered at this point in time.