i am here

As an AWS consultant/trainer I travel a lot for my work. When at customers locations, I occasionally want to log in into our sandbox environment. In previous postings, I have shown how we increase security by switching on and off the bastion host with a single (or double) key-press of the AWS IoT button. In another post you can find how I setup my ssh configuration to use the bastion host without ever logging in to it and yet get access to our ec2 instances. In this post, let me share iamhere with you. It is a little script that I use to modify the security group that protects inbound… Read More

Continue Reading

SSH config for AWS bastion

As a roaming AWS trainer, I work on my AWS infrastructure from many different locations to give demos to the course attendees and prepare stuff in EC2 instances when necessary. When I launch instances, I usually do so in private subnets, not opening the instances to the Internet when not absolutely necessary. To access the instances I use what is called a stepping stone, jump server or bastion host. The idea of a bastion host is that it is the single point of entrance into your (cloud) infrastructure. Therefor, you should harden and secure that host to the best extent possible. Read my blog about switching on and off the bastion host… Read More

Continue Reading