This AWS Solution adds Linux bastion hosts to your new or existing Amazon Web Services (AWS) infrastructure for your Linux-based deployments. The bastion hosts provide secure access to Linux instances located in the private and public subnets of your virtual private cloud (VPC).

The solution sets up a Multi-AZ environment and deploys Linux bastion host instances into the public subnets. You can specify the instance type for the bastion hosts and the number of instances you want to deploy (1–4).

An Amazon Elastic Compute Cloud (Amazon EC2) Auto Scaling group ensures that the number of bastion host instances always matches the capacity you specify. For added security, the solution also sets up Amazon CloudWatch Logs for remote storage of shell history logs. After you deploy this solution, you can add more AWS services, infrastructure components, and applications to complete your Linux environment in the AWS Cloud.

This solution was developed by AWS.


AWS Service Catalog administrators can add this architecture to their own catalog.  

  •  What you'll build
  • This solution sets up the following:

    • A highly available architecture that spans two Availability Zones.*
    • A virtual private cloud (VPC) configured with public and private subnets, according to AWS best practices, to provide you with your own virtual network on AWS.*
    • In the public subnets:
      • Managed network address translation (NAT) gateways to allow outbound internet access for resources in the private subnets.*
      • 1–4 Linux bastion hosts in an Amazon Elastic Compute Cloud (Amazon EC2) Auto Scaling group for connecting to Amazon EC2 instances and other resources deployed in public and private subnets.**
    • An Amazon CloudWatch log group to hold the Linux bastion host shell history logs.
    • AWS Systems Manager for access to the bastion host.

    * The template that deploys the solution into an existing VPC skips the components marked by asterisks and prompts you for your existing VPC configuration.

    ** On‑demandspot, and combinations thereof are supported.

  •  How to deploy
  • To deploy this AWS Solution, follow the instructions in the deployment guide, which includes these steps.

    1. Sign in to your AWS account. If you don’t have an AWS account, sign up at https://aws.amazon.com.
    2. Launch the AWS Solution by choosing from the following options. Before you create the stack, choose the Region from the top toolbar.
    3. Add other AWS services or your Linux applications.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

  •  Costs and licenses
  • You are responsible for the cost of the AWS services and any third-party licenses used while running this solution reference deployment. There is no additional cost for using the solution.

    The AWS CloudFormation templates for this solution include configuration parameters that you can customize. Some of these settings, such as instance type, affect the cost of deployment. For cost estimates, see the pricing pages for each AWS service you use. Prices are subject to change.

    Tip: After you deploy the solution, create AWS Cost and Usage Reports to track costs associated with the solution. These reports deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. They provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information about the report, see What are AWS Cost and Usage Reports?