string, props: cdk.StackProps = {}) { super(scope, id, props); const hcEnv = this.node.tryGetContext("HC_ENV"); const vpcId = this.node.tryGetContext("VPC_ID"); const vpc = ec2.Vpc.fromLookup(this, "Vpc", { vpcId }); const bastion = new ec2.BastionHostLinux(this, "Bastion", { vpc, instanceName: `${hcEnv}-hc-vpc-bastion`, subnetSelection: { subnetType: ec2.SubnetType.PRIVATE }, }); bastion.instance.role.addManagedPolicy({ managedPolicyArn: "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM" }) cdk.Tag.add(bastion.instance, 'Patch Group', `${hcEnv}-hc-vpc-bastion`, { includeResourceTypes: [ 'AWS::EC2::Instance' ], }); Page 27 / 32