Bastion Hosts

bastion hosts is in a public subnet

it has it’s own security group called bastionhost security group

connect users to ssh to ec2 instance (bastion host) and to ssh to security group in private subnet

1. make ec2 instance that could ssh to public subnet

2. make new instance — demokeypair

• DemoVPC — PrivateSubnetA — create security group — PrivateSG — SG rule

• ssh through the bastion host
• ssh ec2-user@privateinstance’s privateip

• nano DemoKeyPair.pem /ctrl+s

• chmod 0400 DemoKeyPair.pem
• ssh ec2-user@privateinstance’s privateip -i DemoKeyPair.pem

we ssh to amazon linux 2 ami in my private subnet

we went from the Bastion host into the private instance and this worked