A Bastion is a single AWS Elastic Cloud Compute (T2.nano) instance that uses the latest Amazon Linux AMI HVM. It acts as a "jump-box" server to provide secure SSH access to private resources inside a Virtual Network.
In a VPC, you indicate which resources have access to the internet by separating them into public and private subnets. This EC2 instance sits in a public subnet and allows authorized SSH-access into resources in your private subnet. The Bastion offers security groups that can be configured to allow specific IP addresses access, and achieve fine-grained security control.
Benefits of using a Bastion:
- Securely connect to private resources without exposing them to the internet
- Assign SSH keys to authorized users
- Can be configured to be highly available with auto scaling groups, multiple availability zones, and elastic IPs
Configure a resilient bastion host using these best practices provided by AWS.
Human readable name for this resource that is displayed on the Stackery Dashboard and Stackery CLI output.
SSH Public Keys
The usernames and their associated public keys that will have access to the Bastion server.
When connected by a reference wire (dashed wire), a Function or Docker Task will add the following IAM policy to its role and gain permission to access this resource.
No Permissions Added
When connected by a reference wire (dashed wire), a Function or Docker Task will automatically populate and reference the following environment variables in order to interact with this resource.
No Environment Variables Added.
Related AWS Documentation
AWS Documentation: AWS::EC2::Instance