Toward a bastion-less world

Toward a bastion-less world

  • August 3, 2019
Table of Contents

Toward a bastion-less world

Using a bastion or jump server has been a common way to allow access to secure infrastructure in your virtual private cloud (VPC) and is integrated into several Quick Starts. Amazon Web Services (AWS) has recently released two new features that allow us to connect securely to private infrastructure without the need for a bastion host. This greatly improves your security and audit posture by centralizing access control and reducing inbound access.

With Session Manager, you don’t have to open inbound access to secure shell (SSH) ports and remote Microsoft Windows PowerShell ports. To learn more about the benefits, see the AWS Systems Manager Session Manager documentation. In this first part of this two-part blog series, I present an overview of the automation required to enable SSH access by using AWS Session Manager.

Instructions for access using Amazon Elastic Compute Cloud (Amazon EC2) Instance Connect will follow in the second blog post. For details on Session Manager, see the Getting Started with Session Manager documentation.

To work through this blog post, if you are testing the connection by using SSH, you need the name of an existing public/private key pair, which allows you to connect securely to your instance after it launches. If you don’t have a key pair, create one before following the rest of the steps below. A key pair is not required if you are testing the connection using only the AWS CLI or the AWS Systems Manager console.

Source: amazon.com

Tags :
Share :
comments powered by Disqus

Related Posts

Architecting for PCI DSS Segmentation and Scoping on AWS

Architecting for PCI DSS Segmentation and Scoping on AWS

AWS has published a whitepaper, Architecting for PCI DSS Scoping and Segmentation on AWS, to provide guidance on how to properly define the scope of your Payment Card Industry (PCI) Data Security Standard (DSS) workloads running on the AWS Cloud. The whitepaper looks at how to define segmentation boundaries between your in-scope and out-of-scope resources using cloud native AWS services. The whitepaper is intended for engineers and solution builders, but it also serves as a guide for Qualified Security Assessors (QSAs) and internal security assessors (ISAs) to better understand the different segmentation controls available within AWS products and services, along with associated scoping considerations.

Read More
A Detailed Overview of AWS API Gateway

A Detailed Overview of AWS API Gateway

Look inside the black box of AWS API Gateway to understand authorization, method requests and responses, integration requests and responses, VTL templates, and more. AWS API Gateway is an awesome service to use as an HTTP frontend. You can use it for building serverless applications, for integrating with legacy applications, or for proxying HTTP requests directly to other AWS services.

Read More
The Technical Side of the Capital One AWS Security Breach

The Technical Side of the Capital One AWS Security Breach

Read More