[Feature] Launch jumphost with Pulumi

[aaronkao]

Is this your first time submitting a feature request?

• I have searched the existing issues, and I could not find an existing issue for this feature
• I am requesting a straightforward extension of existing functionality

Describe the feature

Instead of creating the jumphost via clickops, use another Pulumi stack to launch the jumphost. The jumphost stack should reference the original stack to pull in all the configuration details (security group, subnet, etc)

Describe alternatives you've considered

No response

Who will this benefit?

Anyone using the reference architecture

Are you interested in contributing this feature?

No response

Anything else?

No response

[zackproser]

I dig it - especially if there was a flag where you could optionally launch or not launch it? What do you think?

[aaronkao]

Ah you are thinking of putting it into all one Pulumi stack and flag whether it will be created. That is definitely one way. My original thinking was separate stack so it shows stack references and that functionality. But your approach is simpler and better.

[scottslowe]

I took a look at this today. There are two approaches:

1. A separate stack, as was originally suggested, that uses a stack reference to get subnet IDs, security groups, etc., in order to launch a jump host.
2. Adding conditional code that uses a feature flag to determine whether or not to create a jump host as part of the same stack.

Option 1 is a bit less intrusive than option 2, but option 2 is probably easier for the user.

In both cases, the original reference architecture code will need to be adjusted to use separate security group rule resources (instead of in-line rule definitions) for the RDS security group. This will allow for the addition of a new rule that allows DB traffic from the jump host (you should not mix in-line rule definitions with separate rule definitions).

Which approach would folks prefer?