Bastion Hosts in Private VPC Subnets

Bastion hosts allow you to securely connect to EC2 instances running in VPC private subnets without exposing them to the Internet. A bastion host is set up in the public subnet and acts as a proxy/jump server and it should be configured with a high level of security. Consult your security administrator for configuring a bastion host.


To securely connect to EC2 instances in VPC private subnets, you can use SSH agent forwarding. Using SSH agent forwarding improves security by not exposing the management ports of your EC2 instances to the Internet or to other subnets in your VPC. For information on how to configure SSH agent forwarding, see https://blogs.aws.amazon.com/security, and type Securely connect to Linux instances running in a private Amazon VPC in the search box.

results matching ""

    No results matching ""