This project provides a Terraform configuration for creating a secure development environment on AWS EC2, accessible via AWS Systems Manager (SSM) Session Manager. It's designed for developers who need a remote development environment that's both secure and easy to access via VS Code.
- 🔒 Secure Access: No inbound ports open, all access via AWS SSM
- 🔗 VS Code Integration: Easy connection via VS Code Remote-SSH
- 📊 Monitoring: CloudWatch metrics and logs enabled
- 🏗️ Infrastructure as Code: Complete Terraform configuration
- 🔄 Cross-Platform: Support for both PowerShell and Bash
- AWS CLI configured with appropriate credentials
- Terraform >= 1.0
- VS Code with Remote-SSH extension installed
- PowerShell or Bash shell
-
Initialize Terraform
terraform init
-
Apply the configuration
terraform apply
-
Run the setup script
For PowerShell:
.\scripts\setup-vscode.ps1For Bash:
./scripts/setup-vscode.sh
-
Start the SSM tunnel
For PowerShell:
.\scripts\start-tunnel.ps1 -
Connect via VS Code
- Open Command Palette (Ctrl/Cmd + Shift + P)
- Type "Remote-SSH: Connect to Host"
- Select "devbox"
.
├── main.tf # Root Terraform configuration
├── versions.tf # Provider and version constraints
├── outputs.tf # Root outputs
├── modules/
│ └── ec2-devbox/ # EC2 instance module
│ ├── main.tf # Main module configuration
│ ├── iam.tf # IAM roles and policies
│ ├── variables.tf # Module variables
│ ├── outputs.tf # Module outputs
│ └── README.md # Module documentation
└── scripts/
├── setup-vscode.ps1 # PowerShell setup script
├── setup-vscode.sh # Bash setup script
└── start-tunnel.ps1 # PowerShell tunnel script
- No inbound security group rules
- SSM access only (no SSH keys needed)
- Minimal IAM permissions
- CloudWatch logging and monitoring
- IMDSv2 required
The module supports various customization options through variables:
module "devbox" {
source = "./modules/ec2-devbox"
name_prefix = "custom-name"
instance_type = "t3.large" # For more resources
root_volume_size = 100 # Larger storage
tags = {
Environment = "Development"
Project = "MyProject"
}
}The instance comes with CloudWatch monitoring enabled for:
- CPU usage
- Memory usage
- Disk usage
- System logs (/var/log/messages, /var/log/secure)
View these metrics in the AWS CloudWatch console under:
- Metrics: EC2 instance metrics
- Logs:
/ec2/devbox/
-
VS Code can't connect
- Ensure the SSM tunnel is running
- Check AWS CLI credentials
- Verify instance is running
-
No metrics in CloudWatch
- Wait a few minutes for metrics to appear
- Check instance has internet access
- Verify IAM roles are correct
- Fork the repository
- Create a feature branch
- Commit your changes
- Push to the branch
- Create a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- AWS Systems Manager team for the excellent SSM Session Manager
- Visual Studio Code team for Remote-SSH capabilities
- Terraform and HashiCorp for the excellent IaC tools