发表新帖
发表新帖

How to setup bastion host or Jumpbox in AWS?

后端 未结
关注
3 688
太阳男子
太阳男子 2021-01-30 14:43

I am exploring how to setup bastion host like security and networking configuration on AWS.

lets say I have multiple EC2 instances. But I do not want to enable SSH on ev

相关标签:
3条回答
  • 旧巷少年郎
    2021-01-30 15:01

    If a web-based solution is adequate, you should try Bastillion

    https://aws.amazon.com/marketplace/pp/B076D7XMK6

    You can even use tags to restrict user access to instances.

    http://www.bastillion.io/docs/bastillion-ec2/profiles

    0 讨论(0)
  • 野性不改
    2021-01-30 15:07

    As of Sep 21, 2016, AWS has published a Quick Start reference deployment (a CloudFormation template and associated assets) that sets up a bastion host for securely accessing instances in a private VPC:

    • Linux Bastion Hosts on AWS - welcome page
    • Linux Bastion Hosts on the AWS Cloud: Quick Start Reference Deployment - Deployment Guide
    • aws-quickstart/quickstart-linux-bastion - source code on GitHub
    0 讨论(0)
  • 陌清茗
    2021-01-30 15:08

    As AWS Security Groups will allow you to Allow a particular IP, or particular range of IPs for SSH Inbound, it's kind of pointless having a Bastion Host for this use case. The Docs teach you how to do this.

    The only time you would need a Bastion Host on AWS is if you need to SSH into instances that are in a private subnet. To get at instances in a private subnet from the Internet, you need to SSH into an instance in a public subnet, and from that bastion instance you would need to SSH to your instance in the private subnet using it's private IP.

    It's pretty simple to set up. You don't need any fancy AMIs or anything like that and it only really needs to be something small like a t2.micro. Just Launch any instance eg.Amazon Linux in a public subnet. Make sure it's security group allows your IP on port 22, and SSH into it. Then you'll need to allow the bastion host access to your desired instances with security groups.

    Once you have this set up, you can SSH into your bastion, and from there you can simply SSH into your desired instance.

    These links might help you:

    Securely connect to Linux Instance in Private Subnet in VPC

    Controlling Network Access to EC2 instance using Bastion Server

    However, another way around accessing instances in a Private Subnet is to set up a VPN.

    But the best way to lock down your instances is to use security groups and only allow your desired IPs to your instances.

    0 讨论(0)
 看不清?
提交回复
热议问题