What is Bastion Host and why it is so important? - Step by Step tutorial (Part-6)
ฝัง
- เผยแพร่เมื่อ 5 มิ.ย. 2024
- ▬▬▬▬▬▬ 🚀 Courses ▬▬▬▬▬▬
1. Terraform - • HashiCorp Terraform As...
2. Ansible - • Ansible for Beginners:...
3. Prometheus & Grafana - • Getting started with P...
4. Helm Chart - • Complete Helm Chart Tu...
5. Hashi Corp vault - • HashiCorp Vault Instal...
6. AWS Course - • AWS Course
▬▬▬▬▬▬ 🚀 What is Bation Host? ▬▬▬▬▬▬
Bastion Host Lab Session: Secure Access for Private Networks
Welcome to this comprehensive lab session where we demystify the process of setting up a bastion host, an integral component for secure remote access to servers in private networks. While this session primarily uses AWS as a reference, the core principles and methodologies apply universally across all major cloud providers.
🕒 Timestamps:
0:00 - Introduction
0:07 - What is a Bastion Host & High-Level Architecture?
3:16 - Setting Up the Cloud Environment
4:10 - Creating a VPC/Network
5:50 - Setup internet gateway
4:10 - Create public & private Subnets
10:23 - Create Public Route table
14:39 - Create Private Route table
16:09 - Launching the Bastion Host Server
22:26 - Initializing a Server in the Private Network
25:24 - SSH into the Bastion Host
28:27 - Key Management and Secure Access Protocols
30:22 - From the Bastion, SSH into the Private Server
32:02 - Conclusion & Key Takeaways
📚 Resources and Links:
Universal Bastion Host Documentation
Secure Cloud Networking Best Practices
More on Multi-Cloud Strategies
We hope this lab session brings clarity to the importance and implementation of bastion hosts. The techniques shown here can be replicated and tailored to fit the specifics of any cloud environment. Don’t forget to like, share, and subscribe for more insightful tech tutorials! - วิทยาศาสตร์และเทคโนโลยี
![ตัวอย่างภาพยนตร์ Venom: The Last Dance [Official - Sub Thai]](http://i.ytimg.com/vi/DHPjvAwmnRE/mqdefault.jpg)
![[Full Episode] MasterChef Junior Thailand มาสเตอร์เชฟ จูเนียร์ ประเทศไทย Season 3 Episode 1](http://i.ytimg.com/vi/Qs5zdBqLn_8/mqdefault.jpg)
Your are one of the best DevOps trainers Who provides in deapth info for DevOps aspirants
Thank you Rahul
Glad to help
You are the one who is teaching the topics from Scratch and explaining in easy way to understand the topics very easily. Thank you so much sir.
You are most welcome
O my God !! The unique way Rahul explains is the superb in my IT tenure. Is there any Azure DevOps series of terraform automation created by Rahul ?? Hats off for your rare quality, Rahul !!!
Thanks for liking it. As off now there is no terraform azure series
What a great series with clear explanation. Please continue this series, I’m looking forward to the next chapter :)
There are more to come but if you are interested in more in depth content consider being TH-cam member for more premium content
Thank you for such a clear explanation and demo. The pace of this was perfect for me and I was able to grasp the concepts well. Created my own VPC with bastion/jump host and all was working as intended. Many thanks and keep the great content coming!
Glad to hear that it works for you
Wonderful session. Thanks a lot for your honest effort.
Glad to know the feedback back
Good job sir, I cleared my doubts. Thanks once again.
on point demo , thanks for such content
Glad you like it!
This is cool, what looks like a mirage, you made it so simple. Thanks Bro
Hi sir,Thankyou for your elaborated explanation.. please explain the purpose of Natgateway.
What an insightful share... thank you 🙏🙏
Cheers
Thank you, you made me think deeper.
You're very welcome
Thank you very much for such a wonderful session sir
Keep watching
Thank you very much for this series.. This series really helpful for beginner's like me❤️
You're welcome 😊
Thank you Rahul.. wonderfully explained
Thanks and welcome
Now it's working thank you.
Thaks for sharing.
Thank you for detailed explanation.
You are most welcome
Thank you Rahul bhai. you really doing great job for us.
Thanks and welcome
Hi Rahul, Thank for the detailed session and I have one question here during NAT gateway session you connected from pubilc ec2 to private ec2 without enabling public IP subnet in private ec2 SG, how you did that? or its connected via NAT gateway?
both the ec2 instances are in the same VPC which means both are in same network. The public ec2 instance present in public is only accesible via internet but the ec2 instance present in private subnet can be accessed via public ec2 instance internally without the need of NAT gateway because both of them are in internal network
Great explaination. I clear understanding
Great to hear!
Hi sir ,
You are doing great jobs pls make a series continuesly, i hope you have to be done with the best way 🙏❤
Cheers
Liked , commented and subscribed with this one video ❤... looking forward to learn more
Glad to have you
Awesome 👌
Thank you! Cheers!
Great content man
You are welcome
well explained thank you
You're welcome!
Well explained ❤
Glad it was helpful!
Does having an EC2 instance in a public subnet automatically make that a Bastian host? Because in the video I did not see any specific configurations to the instance in the public subnet. What make an EC2 instance a Bastian host?
Great info. Can we have similar setup in azure?
Yes the bastion host concept is common and can be used in any cloud provider
Can you make an video related to how to build SSH connection from bastion Host to EC2 user in Windows PC
Thank you Sir. 💞
Always welcome
Amazing content bro.. keep going on please do aws solution architect entire course..
Thanks and sure
Awsome Example Bro can you please cover examples for Elastic Network Interfaces,Elastic Fabric and Elatic adapter network and placement groups
Noted
@RahulWagh please help to get the copy of my private key. I can't read or copy the key from my .pem file
Very well explained
Keep watching
Hello sir...if possible then please try to make a detail video on IP, Subnetting or other networking concepts ,it will be very helpful...Thank you🙂
Here is a video which is already there on my channel- AWS how to setup VPC, Public, Private Subnet, NAT, Internet Gateway, Route Table? - (Part-5)
th-cam.com/video/43tIX7901Gs/w-d-xo.html
Very nicely explained , do you cover google cloud topics as well Rahul?
Not yet on GCP yet but soon I am planning to do it. What would you like to see on GCP?
can we set the rule at S3 , after number of days the particular url link(downlodable) will not work if i shared it publically? Please guide me.
Hello Rahul, Correct me if I am wrong, both the ec2 instances are in the same VPC which means both are in same network, so it will connect right?. I still could not understand the concept of bastion. I already watched "Mastering AWS: NAT Gateway Setup in Your VPC" video, comparing these to, the differences are, in this video you explicitly adding Security group and in NAT gateway video all the configurations are same except the private subnet want to access internet(outbound only) using NAT. So adding the security group(enabling access from Private IPs of Public EC2 to all port in the Private ec2) is how a bastion host differs from normal private-public environment.
yup ,whole setup is same as explained in VPC video
I can't copy the private key. Can anyone help me please?
Hello Sir, please create a video on sqs with real time understanding
Surely I will try my best
Good Evening Rahul.
I hope you are doing well
hi parshant good evening i am good thanks for asking
Hi Rahul do you also do one on one consulting for entrepreneurs
There is paid consulting which I do, if interested you can reach out to me at - rahul.wagh@jhooq.com
I am not able to connect to private ec2 while connecting to private ec2 from bastion host. Doing ssh as shown in video, i did all steps correctly and tried but while doing ssh to private ec2 nothing is coming, its just blank
could be many reasons but check the security groups
why we are using ipv4 cidr 0f 12 range why not 10 ?
When it comes to choosing a CIDR range for a network, there are several factors to consider, including the size of the network, the number of hosts that need to be accommodated, and the availability of IP addresses.
The "/12" in IPv4 CIDR notation corresponds to a subnet mask of 255.240.0.0, which means that the first 12 bits of the IP address are used for the network portion, leaving 20 bits for host addresses. This allows for a total of 2^20, or 1,048,576, IP addresses in the subnet (though the first and last addresses are reserved for the network and broadcast addresses, respectively).
On the other hand, a "/10" CIDR range corresponds to a subnet mask of 255.192.0.0, which provides for 2^22, or 4,194,304, IP addresses in the subnet.
The decision to use a "/12" CIDR range instead of a "/10" range would typically be based on the need for fewer IP addresses than a "/10" range provides. Using a "/12" range when a "/10" range is not necessary can help conserve IP addresses, which is particularly important given the limited availability of IPv4 addresses. However, it's also worth noting that the decision could be influenced by other factors, such as the design of the larger network, routing considerations, and the allocation policies of the organization or service provider managing the IP addresses.
@@RahulWagh.thank you for your explanation but i mean we use 10.x.x.x but you use 12. i liked your teaching and explanation.🙂
@@subash000000 there is no rule on using 10.x.x.. or 12.x.x…. It is your own vpc just pick the range which you like. The vpcs are not in public domain so you have liberty to choose any range
@@RahulWagh thank you for such quick response.
How do we establish an internet connection on private ec2?
Use NAT gateway
Hello sir what if we created our bastion host in private network so is there anyway ? How we can access that
The whole purpose of bastion host is to enable access to server present into private subnets. Bastion host in private subnet doesn’t make a sense
@@RahulWagh thanks for replying !!!
To make this process more secure what can we do any suggestions ?? Like can we attach a VPN
Can we expect ks8 series from you..?
Hopefully soon I will prepare in k8s
why didnt you use scp to cpoy the pem file
Yes you can use SCP instead of manually copying the ssh keys
@@RahulWagh 😆
i did the exact same but i didn't make a private route table and it still worked. why
May be you might have made the private subnet as public subnet
@@RahulWagh I'm pretty sure i did not.
upon further inspection, i found that there's a default route table assigned to the private subnet (you see it at 10:44) and that allows connectivity inside the same VPC.
so that implies if you allow ssh to pvt ec2 in the security group, you'll be able to connect to it from the public ec2 thus no route table needed.