Hey folks! I have a few virtual machines (VMs) located in a remote data center that are connected to AWS via a site-to-site VPN. These VMs host some web services that are currently being exposed through an Application Load Balancer (ALB). I'm considering setting up a similar configuration for SSH access to these VMs using a Network Load Balancer. Is this a good strategy? I would really appreciate any feedback or ideas on how to establish this SSH connection effectively.
3 Answers
If you go with a bastion host, setting up an SSH tunnel can be as easy as a single command to copy and paste for users. It simplifies things while keeping security intact. Just provide them with clear instructions on how to execute it!
Using an SSH bastion host is often simpler and more secure for accessing remote instances. It acts as a middleman for SSH connections and can manage access better than a load balancer. Just set up the bastion in the same VPC and route your SSH traffic through it. This way, it'll be easier for users.
If your VMs have the SSM agent installed, you might not even need a load balancer. You could use AWS Systems Manager Session Manager for SSH access without needing to open inbound ports, which could streamline access for your clients. Just a thought!
That makes sense! But I’m worried about customers using it if they’re not tech-savvy. Is the bastion method too complicated?