What is a Bastion Host ?
- A bastion host is a server whose purpose is to provide access to a private network from an external network, such as the Internet. Because of its exposure to potential attack, a bastion host must minimize the chances of penetration.
Why to use ?
- If we want to SSH into EC2 instance on the private subnet from our home/office (or using a development machine), currently we can’t. Our instance has no public IP, it is in a Private Subnet (no direct route from the internet). This is where we can use a Bastion Server or Jump server.
The purpose of a bastion host
- To restrict access to a private network from an external network.
Now lets us deploy a window server [disable public ip]
- Search for Ec2
- Launch instance
- choose T2micro[free tier]
Disable public ip. [as we never provide a public ip to our database]
add storage
- add tags
Name the instance as Database or anything you want.
next configure security group
- select all traffic and anywhere [generally this is not a best industry practice , we only allow custom ips]
- now download the key pair and launch
- decrypt the password
- download remote desktop and paste private ip ..
- As we see , its not allowing because to ssh into a instance need a public ip.
Now lets us deploy a window server/Jump server with in same vpc [enable public ip]
launch instance
select T2micro
enable public ip
name it as jump server
- select all traffic anywhere and launch .
- launch instance
- view instance
- Check box it [jump server] and try to connect .
- here we successfully connect to our server.
now we can access to our database within this server only,here this server acts as a bastion host.
click Window+r
type mstsc
- put private ip of database server and connect
here we successfully connected to our database.
Top comments (1)
alert("sss")