Bastion Host

Bastion Host

-      https://docs.aws.amazon.com/quickstart/latest/linux-bastion/welcome.html

-       https://docs.aws.amazon.com/quickstart/latest/linux-bastion/architecture.html

-      Bastion host for Linux OR Remote Desktop Gateway for Windows - a server whose purpose is to provide access to a private network from an external network, such as the Internet. Because of its exposure to potential attack, a bastion host must minimize the chances of penetration (jump box/stone). Allows SSH/RSHin. 

Hight Availability on AWS – 2 of everything. To configure a bastion host in high availability:
-         BEST PRACTICE: Create Auto Scaling Group w desired capacity of 2; choose multiple AZs using an Elastic IP on each (allow access to these EIPs from on-premise firewalls)
If a bastion host #1 becomes busy – launch #2
-         If an instance is terminated and the Auto Scaling Group launches a new instance in its place, the existing Elastic IP is re-associated with the new instance.

-        If  High Availability is not required –  choose Auto Scaling Group with Desired Capacity of 1. If bastion #1 fails/gets terminated, another one will be launched. This implies downtime while a new bastion host is launching – but overall a cheaper solution

- Source:https://docs.aws.amazon.com/quickstart/latest/linux-bastion/architecture.html