• A structure for fortification for network security and protect things behind it
  • It is launched in Public subnets
  • Benefits of a Bastion
    • Protecting against port scanning.
    • Hardening one place only. Zero day exploits.
    • Prevent rogue SSH access by an additional layer.
    • Slow down attackers.
  • Acts as primary access point from the Internet
  • Acts as a proxy or gateway between you and instances
  • It is deployed in Public subnet
  • Enables login to instances in Private subnet securely without storing private keys on Bastion host
  • Allow SSH/RDP access from trusted IPs or IP ranges
  • High availability configurations, need that Bastion host be deployed in every AZ
Menu