By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Manage user access - Bastion Host

0

Hi, I am just looking to start using Bastion Host, in our infrastructure. So, I am trying to find a way to limit user access when using SSH by Bastion Host. For example, Can I use the Federate access (SSO with AAD) to let users access the Bastion Host, then assign them permissions/roles at the AWS?

Anyone can advise?

Topics
ComputeSecurity, Identity, & ComplianceManagement & Governance
Tags
Linux ProvisioningSecurity, Identity, & ComplianceAWS Identity and Access ManagementAWS Account ManagementIAM Policies
Language
English
rePost-User-2140084
asked a year ago665 views
2 Answers
1

I advise to use Systems Manager's Sessions Manager instead of a bastion host, if possible. Read more about it here: Replacing a Bastion Host with Amazon EC2 Systems Manager.

profile pictureAWS
EXPERT
kentrad
answered a year ago
1

Use Systems Manager Sessions Manager. Then use AAD and AWS IAM Identity Centre Permission sets (thats how I assume you are using SSO) to grant the right set of users the right set of permissions to use Sessions Manager. This will have a markedly better security posture.

https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html

AWS
SiddheshJ
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content