Optimizing and Manage Your AWS Cloud Spend
Billing is one of the most complex and cumbersome tasks when utilizing #AWS. Join our upcoming webinar to learn how to view, understand, and optimize your AWS Cloud Bill.
Register TodayAdministrative access to EC2 instances is an essential part of managing your AWS environment. Critical and production environments should have strong network-based access controls, and the best practice consists of using a bastion host. A bastion host is a virtual machine that sits outside your network security zone; it works as a primary access point from the internet and a proxy to the instances on your network security zone. By being configured as the single point of access, it is specially configured to withstand attacks and protect the instances in which it provides access.
In AWS, your applications usually sit in a VPC with backend EC2 instances located on a private subnet with its own security group. A public subnet with its own security group will host the bastion host that will connect to the private subnet. This diagram shows the architecture:
The steps for creating and configuring the bastion hosts are:
Linux EC2 instances use SSH as the connection protocol for the network connection; however, Windows instances use the Remote Desktop Protocol (RDP) to provide a graphical interface network connection. When using a Linux instance as a bastion host with Windows EC2 instances, there is a difference in the type of protocols both instances use for connection. The following question then comes to mind: "How do you connect via RDP to the Windows instances if I'm connecting via SSH to the bastion?". The solution is to use port forwarding to create a secure connection to relay the SSH connection to RDP.
The first step involves creating a new port that will forward the connection to our Windows EC2 instance from the public bastion address.
ssh -L 3389:< Windows server private ip address >:3389 < bastion public facing ip address> -l ec2-user -N
Then we can easily connect using our RDP client via a local >host.
The port forwarding can achieve connection by using PuTTY with the following steps:
Security is one of the most important components of any AWS environment. Using bastion hosts, we can protect our EC2 instances from attacks and minimize the threats by just containing the minimum amount of services in the bastion host. At SoftwareONE, we follow the best security practices that will empower your organization's journey through the cloud.
Billing is one of the most complex and cumbersome tasks when utilizing #AWS. Join our upcoming webinar to learn how to view, understand, and optimize your AWS Cloud Bill.
Register TodayLeave a comment to let us know what you think about this topic!
Leave a comment