https://www.ericsimmerman.com/tags/aws/Recent content in AWS on technocracyHugoenThu, 18 May 2017 00:00:00 +0000https://www.ericsimmerman.com/blog/2017/05/18/setting-up-a-bastion-host-on-aws/Thu, 18 May 2017 00:00:00 +0000https://www.ericsimmerman.com/blog/2017/05/18/setting-up-a-bastion-host-on-aws/<p>When setting up my latest development environment at AWS, I wanted to deploy all EC2 services on a private VPC and simply route all traffic to them through a Bastion host (aka jump host). AWS maintains a an <a href="http://docs.aws.amazon.com/quickstart/latest/linux-bastion/welcome.html" target="_blank" rel="noopener noreffer ">excellent CloudFormation quickstart guide &amp; template here</a> and it&rsquo;s what I used to get started. After completing that guide I put a new entry for the Bastion host in my ssh config like so:</p>https://www.ericsimmerman.com/blog/2017/05/16/knock-first-firewall-for-aws-security-groups/Tue, 16 May 2017 00:00:00 +0000https://www.ericsimmerman.com/blog/2017/05/16/knock-first-firewall-for-aws-security-groups/<p>I recently <a href="./2017-05-01-setting-up-bastion-host-aws.html" rel="">setup a Bastion host</a> to secure a development environment on AWS. The Bastion only exposes port 22 for SSH and I wanted to restrict access to a whitelist of authorized IP addresses rather than leave port 22 open to the internet. Further - I wanted to restrict 443 and 80 inbound to the development environment so that only authorized users/developers could access the pre-release builds deployed there.</p>