cover-img

AWS Security Essentials - Securing Connections with a Bastion Host

Hands-on lab on Bastion Host/Jump server

26 November, 2022

2

2

0

Description

This lab allows the student to gain experience designing and implementing a secure bastion host solution otherwise known as a jump server. A bastion host is a server whose purpose is to provide a private connection to your private infrastructure (for example production servers, backend servers, etc) in AWS from an external or public network (for example test servers). The bastion host provides an extra layer of security for your private infrastructure at all times.

Objectives

In this lab, we will set up a bastion host and learn how to establish a secure connection.

Steps

Step 1 - Create two instances (One public named Bastion-Host and the other private)

Public Instance setup parameters

Name - Bastion-Host

Machine - Amazon Linux

Instance type - t2.micro

Key pair - create a new one with the name BastionHostKey

Network settings - default

Storage - Default

Launch
Private Instance Setup Parameters

Name - Private Production Server

Machine - Amazon Linux

Instance type - t2.micro

Key Pair - create a new one with the name PrivateProdKey

Network Settings - Edit and under Auto-assign public IP > Disable

Storage - Default

Launch
img

Make sure your private server looks like this with NO PUBLIC IP ADDRESS

Step 2 - Take remote of the Bastion-Host instance via the cloud shell

Open the Amazon Cloud Shell environment and perform the following actions

Click on Action by the top right-hand corner and upload file > Select the BastionHostKey.pem file and upload

Run the code below to make sure the file was uploaded successfully.

Change the file permission

Run code below again to make sure the file permission has been changed

Run take remote command below and type yes > Enter

Step 3 - Take remote of the Private Production Server from the Bastion Host Server

Great Job! Now you have taken remote of the Bastion Host Server!

Next is to now access our Private Production Server from the Bastion host but before we do that... we need the key. If we run the # ll command on the Bastion Host instance we will see that there is no key. So we need to add a key with the steps below

We will use the Vim editor - run the command below

Press > i from your keyboard to switch to insert mode and copy/paste the PrivateProdKey.pem contents into the editor.

Press > ESC from your keyboard to switch to command line mode and then run the code below to save (write) and exit (quit).

Change the file permission

Run take remote command and type yes > Enter

Hurray! We did it! We have securely accessed our Private Production Server via our Bastion Host.
img

Securely accessed our Private Production Server

Please like, share, and comment for more premium tech content. Thanks.
Platforms
AWS

AWS

Cloud Hosting
Amazon EC2

Amazon EC2

Virtual Private Cloud
Amazon VPC

Amazon VPC

#cloud #howto #develevate #devops

aws

devops

cloud

develevate

howto

2

2

0

aws

devops

cloud

develevate

howto

LouisDTechGuy

LouisDTechGuy

@louisdtechguy

United States

Success = Incremental + Consistent

More Articles

Showwcase is a professional tech network with over 0 users from over 150 countries. We assist tech professionals in showcasing their unique skills through dedicated profiles and connect them with top global companies for career opportunities.

© Copyright 2025. Showcase Creators Inc. All rights reserved.