Bastion

Bastion nodes create a small server to provide secure SSH access to resources inside a Virtual Network.

A Bastion node is a single AWS EC2 Server Instance (T2.nano) that uses the latest Amazon Linux AMI HVM. The server allows SSH access to the users defined in the settings. Once connected, a user can then access private resources inside a Virtual Network.

The current IP address of a Bastion node can be found by selecting the current deployment in the sidebar on the left, then selecting the Bastion node from the canvas. The IP address is shown in the node properties sidebar on the right.

Settings

Name

A label used for the node in the canvas.

SSH Public Keys

The usernames and their associated public keys that will have access to the Bastion server.

  • From List - the usernames and keys listed will be used.
    • SSH keys can either be entered directly or via configuration values from the Configuration Store, such as in example 1 below
  • From Config Object - the usernames and keys defined in Config Key in the Configuration Store will be used.
    • Config Key should be a reference to a Configuration Store value, such as ${config.authorizedUsers} in example 2 below
    • The Config Object must be a map of usernames to SSH keys


Examples

Example 1: Providing a list of Users and SSH keys

SSH Public Keys: From List

  • username: ethan
    sshKey: <Ethan's SSH Public Key>

  • username: sophia
    sshKey: ${config.authorizedUsers.sophia}

With the following in the Configuration Store:

{
  "authorizedUsers": {
    "sophia": "sshPublicKey1"
  }
}

Example 2: Using a Config Object of Users and SSH keys

SSH Public Keys: From Config Object

Config Key: ${config.authorizedUsers}

With the following in the Configuration Store:

{
  "authorizedUsers": {
    "ethan": "sshPublicKey1",
    "sophia": "sshPublicKey2",
    "hana": "sshPublicKey3"
  }
}

Try Stackery For Free

Gain control and visibility of your serverless operations from architecture design to application deployment and infrastructure monitoring.