Hi, I am trying to follow the provisioner connection guide : Provisioner Connection Settings | Terraform | HashiCorp Developer
to set up provisioner connection with bastion host to connect to my VMs via SSH.
provisioner “remote-exec” {
connection {
type = “ssh”
host = self.private_ip_address
bastion_host = var.bastion_public_ip – here I used the public IP address of bastion host (see defined resource below)
bastion_user = var.username
bastion_private_key = var.ssh_private_key
bastion_port = 22
user = var.username
private_key = var.ssh_private_key
}
inline = [
templatefile(“${path.module}/setupscript.sh.tmpl”, {
…envs
})
]
}
I am experiencing a connection timeout error and am trying to identify the potential causes. Are bastion_host, bastion_user, bastion_private_key, and bastion_port the only required parameters for setting up the Bastion host as an intermediary for Terraform to connect to the VM using the VM’s private IP? I am hoping to access the Bastion host through its public IP address. Is my setup correct?
Error message from gitlab pipeline:
28: provisioner “remote-exec” {
error: Error connecting to bastion: dial tcp
:22: connect: connection timed out
Other related setup:
resource “azurerm_public_ip” “bastion_public_ip” {
name = “${var.virtual_network_name}-Bastion-PIP”
location = var.location
resource_group_name = var.resource_group_name
allocation_method = “Static”
sku = “Standard”
}
resource “azurerm_bastion_host” “bastion” {
name = “v2-Bastion-Testing-Host”
location = var.location
resource_group_name = var.resource_group_name
sku = “Standard”
ip_configuration {
name = “configuration”
subnet_id = azurerm_subnet.bastion_subnet.id
public_ip_address_id = azurerm_public_ip.bastion_public_ip.id
}
tunneling_enabled = true
ip_connect_enabled = true
}
I believe the error is related to NSG. I have allowed inbound port 20 and port 3389 on my VMs. I dont have any NSG set up for AzureBastionSubnet.
Thank you in advance.