From 446daa1045801a30dfb7e147d44f545cb678f695 Mon Sep 17 00:00:00 2001 From: daniel holdsworth Date: Fri, 11 Oct 2024 14:31:19 +0100 Subject: [PATCH] add bastion host project --- src/data/projects/bastion-host.md | 47 +++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 src/data/projects/bastion-host.md diff --git a/src/data/projects/bastion-host.md b/src/data/projects/bastion-host.md new file mode 100644 index 000000000..b6b64bc30 --- /dev/null +++ b/src/data/projects/bastion-host.md @@ -0,0 +1,47 @@ +--- +title: 'Setup a Bastion Host on AWS' +description: 'Create a Bastion Host to securely connect to private EC2 instances.' +isNew: true +sort: 1002 +difficulty: 'beginner' +nature: 'AWS' +skills: + - 'aws' + - 'networking' + - 'ec2' + - 'devops' +seo: + title: 'Setup a Bastion Host on AWS' + description: 'Create a secure Bastion Host on AWS to manage private resources.' + keywords: + - 'bastion host' + - 'aws bastion' + - 'secure access aws' + - 'private ec2 access' +roadmapIds: + - 'devops' +--- + +In this project, you will create a Bastion Host on AWS and use it to securely connect to a private EC2 instance. + +## Requirements + +- Create a VPC with both public and private subnets. +- Create a Bastion Host EC2 instance in the public subnet. +- Create a private EC2 instance in the private subnet. +- The Bastion Host should: + - Have a security group that allows SSH access **only from your IP address**. + - Have a public IP address. +- The private EC2 instance should: + - Only allow SSH access **from the Bastion Host's security group**. + - Have no public IP address. +- SSH into the private EC2 instance via the Bastion Host. +- Implement at least one security best practice, such as logging or IP restriction. + +## Optional Enhancements + +- Use IAM Roles to restrict access to the Bastion Host. +- Enable CloudWatch for SSH logging. +- Automate shutdown/startup of the Bastion Host using AWS Lambda. + +Learn more about Bastion Hosts [here](https://goteleport.com/blog/ssh-bastion-host/).