Bastion host to get access to private subnet instance shells.

Bastation Hosts:

Bastion hosts (also called “jump servers”) are often used as a best practice for accessing privately accessible hosts within a system environment. For example, our system might include an application host that is not intended to be publicly accessible. To access it for product updates or managing system patches, we typically log in to a bastion host and then access (or “jump to”) the application host from there.

resource "aws_security_group" "sg3" {depends_on = [ aws_vpc.myvpc ]name        = "sg1-public-bastion"description = "Allow inbound ssh traffic bastion host"vpc_id      = aws_vpc.myvpc.idingress {description = "allow ssh"from_port   = 22to_port     = 22protocol    = "tcp"cidr_blocks = ["0.0.0.0/0"]}egress {from_port   = 0to_port     = 0protocol    = "-1"cidr_blocks = ["0.0.0.0/0"]}tags = {Name = "sg1-public-bastion"}}
resource "aws_security_group" "sg4" {depends_on = [ aws_vpc.myvpc ]name        = "sg2-private-bastion"description = "Allow inbound ssh to mysql from bastion host sg"vpc_id      = aws_vpc.myvpc.idingress {description = "allow ssh"from_port   = 22to_port     = 22protocol    = "tcp"security_groups = ["${aws_security_group.sg3.id}"]}egress {from_port   = 0to_port     = 0protocol    = "-1"cidr_blocks = ["0.0.0.0/0"]}tags = {Name = "sg2-private-bastion"}}
resource "aws_instance" "bastion" {depends_on = [ aws_security_group.sg3,aws_subnet.subnet1a ]ami = "ami-08706cb5f68222d09"instance_type = "t2.micro"vpc_security_group_ids = [ aws_security_group.sg3.id ]subnet_id = aws_subnet.subnet1a.idassociate_public_ip_address = "true"key_name = "key4"tags = {Name = "bastion host"}}
resource "aws_eip" "bar" {vpc = truedepends_on = [ aws_internet_gateway.myigw ]}resource "aws_nat_gateway" "natgw" {allocation_id = aws_eip.bar.idsubnet_id = aws_subnet.subnet1a.idtags = {Name = "NAT GW"}}
resource "aws_route_table" "private-route-table" {depends_on = [ aws_internet_gateway.myigw, aws_nat_gateway.natgw ]vpc_id = aws_vpc.myvpc.idroute {cidr_block = "0.0.0.0/0"gateway_id = aws_nat_gateway.natgw.id}tags = {Name = "private-route-table"}}resource "aws_route_table_association" "private-route-table-association" {depends_on = [ aws_route_table.private-route-table ]subnet_id      = aws_subnet.subnet1b.idroute_table_id = aws_route_table.private-route-table.id}
  • Use WinSCP to store the key in the bastion host.
  • Use Putty to SSH into the bastion host.

I am a DevOps Enthusiast and recently taken to Cloud Computing. Learning Flutter App Development currently. In my free time I engage in competitive coding.