Home | Contact Us

C-Sharp | Java | Python | Swift | GO | WPF | Ruby | Scala | F# | JavaScript | SQL | PHP | Angular | HTML

AWS Bastion Host

AWS Bastion Host with aws, tutorial, introduction, amazon web services, aws history, features of aws, aws free tier, storage, database, network services, redshift, web services etc.

<< Back to AWS

What is a Bastion Host?

  • A Bastion Host is a special purpose computer on a host designed and configured to withstand attacks.
  • The computer hosts a single application, for example, a proxy server and all the other services are removed to reduce the threat to the computer.
  • A Bastion host is hardened due to its location and purpose, which is either on the outside of a firewall or demilitarized zone, i.e., public subnet and it usually accesses from untrusted networks or computers.

Architecture of Bastion Host

 Bastion Host

In the above architecture, we have public and private subnet. NAT instance exists behind the security group, and NAT Gateway exists after the security group as NAT instance is configured with the security group while NAT Gateway does not require any security group and it is also redundant. When an instance in a private subnet wants to access the internet, they do so either by NAT instance or NAT Gateway. Now, if we want to administer an environment, what typically happens?. We have got SSH or RDP where SSH is for Linux and RDP is for windows. It is going through internet gateway, router, route table, network ACL, security group, and finally to the Bastion server. Bastion server creates a connection to a private EC2 instance through SSH or RDP. We need to harden the Basten host and harden the Basten host as strong as possible, then we do not have to worry about hardening our instances as long as Bastion host is hardened. Hardening a Bastion host reduces the surface area that we want to harden.

Some Key Points related to Bastion Host

  • Bastion Host is launched in Public subnets and acts as a proxy to the instances in a private subnet.
  • It provides security by reducing the attacks on your infrastructure.
  • A Bastion host is used to to administer EC2 instances using SSH or RDP securely. Bastion hosts are also known as jump boxes in Australia.
  • You cannot use NAT Gateway as a Bastion host. If you SSH or RDP to an instance in a private subnet, you need to configure a Bastion host. You cannot use NAT Gateway.

Next TopicVPC Endpoint

Related Links:

Related Links

Adjectives Ado Ai Android Angular Antonyms Apache Articles Asp Autocad Automata Aws Azure Basic Binary Bitcoin Blockchain C Cassandra Change Coa Computer Control Cpp Create Creating C-Sharp Cyber Daa Data Dbms Deletion Devops Difference Discrete Es6 Ethical Examples Features Firebase Flutter Fs Git Go Hbase History Hive Hiveql How Html Idioms Insertion Installing Ios Java Joomla Js Kafka Kali Laravel Logical Machine Matlab Matrix Mongodb Mysql One Opencv Oracle Ordering Os Pandas Php Pig Pl Postgresql Powershell Prepositions Program Python React Ruby Scala Selecting Selenium Sentence Seo Sharepoint Software Spellings Spotting Spring Sql Sqlite Sqoop Svn Swift Synonyms Talend Testng Types Uml Unity Vbnet Verbal Webdriver What Wpf