Search⌘ K
AI Features
Home
Courses
Master AWS Certified Solutions Architect Associate SAA-C03 Exam

Bastion Hosts and EC2 Instance Connect Endpoint

Explore how to securely connect to private EC2 instances using bastion hosts and EC2 Instance Connect Endpoint. Understand the risks of bastion hosts and how EC2 Instance Connect Endpoint improves security by removing the need for public access and simplifying network configurations.

We'll cover the following...

Bastion hosts

A bastion host allows an SSHSecure Shell for Linux instance to connect through the terminal. connection between the internet and EC2 instances provisioned in a private subnet. Internet traffic routes through the bastion host to access the private EC2 instances. It mainly filters incoming traffic and prevents suspicious traffic from entering the network.

EC2 instance is used as a bastion host and must be provisioned in a public subnet. The security group of the bastion host must allow SSH connections to the EC2 instances in the private subnets.

Bastion host in a public subnet
Bastion host in a public subnet

Note: The security group of the bastion host must be restricted as much as possible to prevent incoming traffic from unwanted sources to avoid hacking attacks.

Drawbacks of bastion hosts

Despite the usage of a bastion host, using it as a main component for exposing private resources to the internet is not recommended. Below are a few reasons that make the bastion host less secure and more prone to attacks.

  • A bastion host is ...