We still need a way to access our RDS instances residing in a private subnet. However, we won’t go into the details of setting up Session Manager for your EC2 instances since the official documentation is detailed enough and you can also check it out here.įurthermore, the Session Manager capability seems to be an improvement to our cloud security, but now we are facing a new challenge. AWS Session Manager provides us with secure instance management without the need to open inbound ports or maintain bastion hosts. Session Manager is a capability of AWS Systems Manager which allows us to manage the EC2 instances through an interactive one-click-browser-based shell or through the AWS CLI. Even though we make sure to harden the bastion host so it won’t represent a security issue, the issue with this approach is that the bastion host resides in a public subnet and ingress rules do allow connections from the outside world.
This resulted in creating an extensive list of requirements that should be implemented for all existing and future projects.Īs of right now, almost all of the projects make use of an EC2 instance which acts as a bastion host (jump box) and provides us a way of accessing resources in our private subnets. For the past several months, the DevOps team in our organization has worked on finding ways to increase the security of our AWS cloud infrastructure projects.
0 kommentar(er)
