undefined | Better HN

0 pointsscrollaway7y ago0 comments

Do you know a good guide with standard practices for setting up and securing bastion hosts (preferably on aws)?

0 comments

If you don’t require interactive sessions, consider using AWS SSM run command [1] instead. You install the agent on the instances, with commands sent from the client through the AWS control plane (with IAM and SSM documents for access control and CloudTrail logs of all commands issued).

I’m currently deploying it in an enterprise for ~5k users, and it works surprisingly well for providing the ability to run arbitrary commands on instances without ssh access.

[1] https://docs.aws.amazon.com/systems-manager/latest/userguide...

j / k navigate · click thread line to collapse

0 comments

toomuchtodo7y ago

I’m currently deploying it in an enterprise for ~5k users, and it works surprisingly well for providing the ability to run arbitrary commands on instances without ssh access.

[1] https://docs.aws.amazon.com/systems-manager/latest/userguide...

j / k navigate · click thread line to collapse