Tuesday, April 6, 2021

Bastion Host - An Instance Which Allows Authenticated users to login to Private EC2 instances via Internet, AWS

https://www.youtube.com/watch?v=pNE9J81aYLc


When we configure Bastion Host, We need to allow INCOMING Acess of SSH from Bastion Host only , In That Case we will mention Security Group Associated with Bastion Host

"SG-BASTION-HOST" - Source for Private EC2 Instances

Security Group :
It is stateful 
It has Incoming and Outgoing Rules
But Incoming is related to Outgoing 
It has no DENY/ALLOW rule flag
All Rules are ALLOW by default

Rule says 
->  Allow PROTOCOL on PORT from SOURCE  - Incoming
->  Allow PROTOCOL on PORT from DESTINATION - Outgoing

SSH is TCP Protocol on 22
HTTP is TCP protocol on 80
PING in NCMP Protocol

If Incoming Rule allowed SSH on Port 80 and I did not mention Allow SSH on Port 22 for Outgoing, Even Then SSH will be allowed in Outgoing because its stateful, it remembers.

If Outgoing Rule is allowed, on PORT 80 and We did  not Configure HTTP on Incoming Side
Even then SSH will be allowed on that Machine




at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Azure - Pipeline - Add Approver for Stage

https://learn.microsoft.com/en-us/azure/devops/pipelines/process/approvals?view=azure-devops&tabs=check-pass