Later, we launched an Ubuntu EC2 instance in a private subnet and configured its security group to allow incoming traffic on port SSH from the public subnet and that is all that was needed on the connection level. Let me explain this, in the previous post, we launched an EC2 instance in a public subnet and we already have configured an Internet Gateway for VPC and configured route in route table to allow incoming traffic. In this post, we will set up a bastion server in our public subnet (so internet traffic is possible).įirst, we will connect to this bastion server, from there, we can then connect to a private EC2 instance (remember the rule in the security group we configured in the previous post we allowed traffic from within our VPC to port 22 on the private EC2 instance). Once remote connectivity has been established with the bastion host, it then acts as a ‘ jump– server,’ allowing you to use SSH or RDP to login to other instances (within private subnets) deeper within your network. The purpose of a bastion host is to restrict access to a private network from an external network. Bastion Hostīastion servers are instances that sit within your public subnet and are typically accessed using SSH or RDP. This is where we can use a Bastion Server. Our instance has no public IP, it is in a Private Subnet (no direct route from the internet). Now, if we want to SSH into EC2 instance on the private subnet from our home/office (or using a development machine), currently we can’t. Here is how our architecture is currently set up, for the reference: We will learn why we need those and some of the options available to us.
In this post, we will continue and set up Bastion Host and NAT instances in our VPC. With security groups configured, we were able to SSH to EC2 in a public subnet. One is a public subnet and one is a private subnet.
In my previous post on AWS Elastic Compute Cloud (EC2) Basics, we launched two EC2 instances.
0 kommentar(er)
