Bation Host ¶
An AWS Bastion Host is a specially configured EC2 instance that acts as an intermediary between your local machine (client) and the private instances residing within your VPC.
It enables secure and controlled access to private instances, which are typically not directly accessible from the public internet.
It has its own security group we call it as a bastion host security group, then we also have a security group for our EC2 instance in the private subnet.
<center
Bastion hosts are also sometimes called jump servers because they allow a connection to “jump” to the bastion and then into a private subnet.
Bastion host example
This solution sets up the following:
-
A highly available architecture that spans two Availability Zones.
-
A virtual private cloud (VPC) configured with public and private subnets, according to AWS best practices, to provide you with your own virtual network on AWS.*
-
In the public subnets:
-
Managed network address translation (NAT) gateways to allow outbound internet access for resources in the private subnets.*
-
1–4 Linux bastion hostsin an Amazon Elastic Compute Cloud (Amazon EC2) Auto Scaling group for connecting to Amazon EC2 instances and other resources deployed in public and private subnets.
-
-
An Amazon CloudWatch log group to hold the Linux bastion host shell history logs.
-
AWS Systems Manager for access to the bastion host.
<center
Benefits 😀¶
-
Enhanced Security: Bastion hosts serve as a single entry point into your VPC, reducing the exposure of private instances to potential security threats. -
Controlled Access: By setting up proper security groups and IAM roles, you can tightly control who can access your private instances via the bastion host. -
Simplified NetworkManagement: Bastion hosts streamline network management, providing a central point of access for your private instances. -
Auditing and Logging: Bastion hosts can be equipped with monitoring and logging tools to track access activities and improve auditing capabilities.