Toward a bastion-less world

Toward a bastion-less world

  • August 3, 2019
Table of Contents

Toward a bastion-less world

Using a bastion or jump server has been a common way to allow access to secure infrastructure in your virtual private cloud (VPC) and is integrated into several Quick Starts. Amazon Web Services (AWS) has recently released two new features that allow us to connect securely to private infrastructure without the need for a bastion host. This greatly improves your security and audit posture by centralizing access control and reducing inbound access.

With Session Manager, you don’t have to open inbound access to secure shell (SSH) ports and remote Microsoft Windows PowerShell ports. To learn more about the benefits, see the AWS Systems Manager Session Manager documentation. In this first part of this two-part blog series, I present an overview of the automation required to enable SSH access by using AWS Session Manager.

Instructions for access using Amazon Elastic Compute Cloud (Amazon EC2) Instance Connect will follow in the second blog post. For details on Session Manager, see the Getting Started with Session Manager documentation.

To work through this blog post, if you are testing the connection by using SSH, you need the name of an existing public/private key pair, which allows you to connect securely to your instance after it launches. If you don’t have a key pair, create one before following the rest of the steps below. A key pair is not required if you are testing the connection using only the AWS CLI or the AWS Systems Manager console.

Source: amazon.com

Tags :
Share :
comments powered by Disqus

Related Posts

AWS Security Hub Now Generally Available

AWS Security Hub Now Generally Available

I’m a developer, or at least that’s what I tell myself while coming to terms with being a manager. I’m definitely not an infosec expert. I’ve been paged more than once in my career because something I wrote or configured caused a security concern.

Read More
AWS and the CLOUD Act

AWS and the CLOUD Act

While news of Brexit dominates headlines in the United Kingdom, another important event took place recently in London. U.S. Deputy Assistant Attorney General Richard W. Downing addressed the myths and realities of the Clarifying Lawful Overseas Use of Data Act (“CLOUD Act”), in a speech at the Academy of European Law Conference. Following the speech, the U.S. Department of Justice (DOJ) published a whitepaper and FAQ clarifying the purpose and scope of the CLOUD Act and addressing many of the misunderstandings of this law.

Read More
A Technical Analysis of the Capital One Hack

A Technical Analysis of the Capital One Hack

The recent disclosure of yet another cloud security misconfiguration leading to the loss of sensitive personal information made the headlines this past week. This particular incident came with a bit more information from the indictment of the accused party, allowing us to piece together the revealed data and take an educated guess as to what may have transpired leading up to the loss of over 100 million credit card applications and 100 thousand social security numbers. At the root of the hack lies a common refrain: the misconfiguration of cloud infrastructure resources allowed an unauthorized user to elevate her privileges and compromise sensitive documents.

Read More