What is Bastion host?
Bharat Kalluri / 2020-11-14
The function of a bastion host is to provide a safe and secure entry point into servers/instances in the private cluster/subnet.
It is not advised for servers to have a public IP. Usually in set ups involving AWS, the server runs on an auto scaling group. And there will be a load balancer sitting in front of the auto scaling group serving the website/API's. The servers are placed in a private subnet, none of them will get a public IP, which also implies direct SSH is also not possible. This is a good thing. But there is sometimes a need to login into the server to check on processes. In that case, there will be a dummy instance in the public subnet which also has a public IP. Since they are in the same VPC, SSH can be done from the this dummy instance. This dummy instance is called as a bastion host.
Bastion host infra illustration