Access EC2 Instances Deployed in Private Subnets Leveraging Bastion Hosts. A Step-by-Step Guide.

adedamola_ajao

Ajao Adedamola

Posted on March 22, 2024

Access EC2 Instances Deployed in Private Subnets Leveraging Bastion Hosts. A Step-by-Step Guide.

NOTE THAT IN THIS SCENARIO, I AM ASSUMING YOU ALREADY HAVE AN INSTANCE DEPLOYED IN THE PRIVATE SUBNET THAT YOU NEED TO ACCESS.
PLEASE MAKE SURE YOU ALSO HAVE ACCESS TO THE KEY PAIR OF YOUR PRIVATE RESOURCE.

To connect to an EC2 instance in a private subnet on AWS using a bastion host, kindly follow these steps:

Step 1: Launch Bastion Host

Launch an EC2 instance in a public subnet. This instance will act as the bastion host. Ensure that it has a public IP address and is accessible from the internet.

As you can see below I have both of my instances launched in the same vpc, different availability zones and just one instance with a publicly accessible IP address.

Image description

Step 2: Configure Security Groups

Copy the private IP of the bastion host and private resource instance to your notepad or any text editor and name accordingly.

Image description

Configure the security group of the private resource instance to allow SSH (port 22) access from your instance in the public subnet for restricted purposes by editing the inbound rules.

Image description

Image description

Click Save rules to save changes.

Step 3: Editing your pem key

Locate the pem key of your private instance and click on open with notepad, vscode or any editor of your choice.

Below is an image of what the pem key should look like once open, That's half of mine to prevent security issues

Image description

Step 4: Connect to the Bastion Host

Use AWS SSM to connect to the bastion host.

Image description

Image description

You should see a new tab pop up and a terminal opened up for you on the AWS console.

Image description

Step 5: Saving your pem key to your Bastion host instance

Run the following commands as follows:

1. sudo su (gives super user priviledges)

2. cd /home (locates and opens the home directory)

3. cd ec2-user (locates and opens the ec2-user directory)

4. touch private.pem (This will create a file called private.pem)

Image description

5. nano private.pem (this will open a text editor to edit the file created by the touch private.pem command)

Image description

Go back to the notepad or vscode opened on your computer earlier and copy all the content of your pem key(Every single word).

Paste into the nano editor of your Bastion host.

Image description

Again I've blocked out some part of my key for security reasons, after pasting the pem key details click on CtrlX followed by y and finally the Enter key

Step 6: Logging into your private Instance

While still on your bastion host terminal, run the command

1. chmod 0400 private.pem.

2. ssh -i private.pem ec2-user@172.16.87.100(The private IP of your Private resource)

which according to the IP I copied earlier should be 172.31.66.236 and translates to :

ssh -i private.pem ec2-user@172.31.66.236.

You'll be greeted with a prompt asking you to verify the key authenticity, just type yes and Enter key.

Image description

If you get the same result as the Image above then congratulations you just logged into your instance using the Bastion host or Jumper method.

You might be wondering where this would be useful in a realife scenario and I'll be explaining why in next weeks blog post.

Please remember to disable and delete all resources after use so as to not incure cost on your AWS account.

💖 💪 🙅 🚩
adedamola_ajao
Ajao Adedamola

Posted on March 22, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related