Create a new module that provides an easy and reliable workflow for the bastion use case.

Requirements

• It's safe to assume we would limit to 1 bastion host / public subnet.
• Use an ASG so we can easily terminate and recreate, or scale down, the instance.
• Can use the single-node-asg module (no data persistence is necessary, but EIP is).
• Default to t2.nano for instance type but define as a variable to allow a user of the module to override.
• Include a security group.
• Add an ingress rule that only allows SSH, and parametizes the CIDR block.
• Add an egress rule that that defaults to allowing 0.0.0.0/0, but is parametized using a list variable (allowing the operator to override).