add bastion host project

dansholds/bastion-host-project
daniel holdsworth 2 months ago
parent b509c31652
commit 446daa1045
  1. 47
      src/data/projects/bastion-host.md

@ -0,0 +1,47 @@
---
title: 'Setup a Bastion Host on AWS'
description: 'Create a Bastion Host to securely connect to private EC2 instances.'
isNew: true
sort: 1002
difficulty: 'beginner'
nature: 'AWS'
skills:
- 'aws'
- 'networking'
- 'ec2'
- 'devops'
seo:
title: 'Setup a Bastion Host on AWS'
description: 'Create a secure Bastion Host on AWS to manage private resources.'
keywords:
- 'bastion host'
- 'aws bastion'
- 'secure access aws'
- 'private ec2 access'
roadmapIds:
- 'devops'
---
In this project, you will create a Bastion Host on AWS and use it to securely connect to a private EC2 instance.
## Requirements
- Create a VPC with both public and private subnets.
- Create a Bastion Host EC2 instance in the public subnet.
- Create a private EC2 instance in the private subnet.
- The Bastion Host should:
- Have a security group that allows SSH access **only from your IP address**.
- Have a public IP address.
- The private EC2 instance should:
- Only allow SSH access **from the Bastion Host's security group**.
- Have no public IP address.
- SSH into the private EC2 instance via the Bastion Host.
- Implement at least one security best practice, such as logging or IP restriction.
## Optional Enhancements
- Use IAM Roles to restrict access to the Bastion Host.
- Enable CloudWatch for SSH logging.
- Automate shutdown/startup of the Bastion Host using AWS Lambda.
Learn more about Bastion Hosts [here](https://goteleport.com/blog/ssh-bastion-host/).
Loading…
Cancel
Save