A new tutorial on deploying a bastion host to securely access remote instances within a virtual private cloud
When designing a solution on the cloud, no application architecture is complete without a clear understanding of potential security risks and how to protect against such threats. As you design the network architecture, you want to limit the entry points into your system—only open the minimum required set of ports on your servers, hide the servers from the public Internet, implement firewall, intrusion detection system, etc.
The first in a series of tutorials on virtual private cloud
This tutorial is the first in a series of tutorials on virtual private cloud. It walks you through the deployment of a bastion host to securely access remote instances within a virtual private cloud. A bastion host is an instance that is provisioned in a public subnet and can be accessed via SSH. Once set up, the bastion host acts as a jump server, allowing secure connection to instances provisioned in a private subnet.
Administrative tasks on the individual servers are going to be performed using SSH, proxied through the bastion. Access to the servers and regular internet access from the servers (e.g., for software installation) will only be allowed with a special maintenance security group attached to those servers.
Comments, suggestions, and ideas for future tutorials
The tutorials section has a feedback form on the side where you can comment on the content. If you have suggestions on the existing tutorials or ideas for future additions, please submit your feedback.