Reputation: 733
How to setup bastion hosts for accessing EC2 instances that are in different VPCs
Currently, we have setup which uses different bastion hosts for EC2 in different VPCs. Is it possible to use only one bastion host to access all EC2 hosts which are in different VPCs by using VPC peering? Is it recommended? Did any one try it?
Upvotes: 2
Views: 1463
Answers (1)
Reputation: 52423
Yes, but there are few things to consider.
VPC peering is available only within the same region. If all your VPCs are in the same region, then you can use VPC peering and one bastion to access all hosts in all your VPCs, provided:
- the subnets' routing table is setup to route the traffic correctly
- the security groups are setup to accept traffic from the bastion
If the VPCs are in different regions, then you can use VPN to connect the VPCs and use one bastion to access all hosts in all your VPCs. Make sure the tunnels are setup correctly.
We use both solutions:
- Inter region using peering
- Intra region using VPNs
Works flawlessly. But it takes time to setup VPNs. But with VPC peering, it is pretty straightforward.
Upvotes: 4
Related Questions
- DB in the EC2 on the private subnet. How connect without bastion host?
- AWS VPC - Access webapp running in private subnet through bastion host
- ssh port forwarding through bastion host to Elasticsearch cluster in VPC not working
- ssh ec2 instance in Private subnet of another vpc without using bastion
- SSH to private instances from bastion
- AWS VPC - Cannot SSH from Bastion Host in private subnet to EC2 instance in the same VPC in a different subnet
- SSH Tunnel through Ubuntu bastion to EC2 instance in private subnet
- Allowing external access to bastion hosts on aws
- vpc peering issues between bastion and app server ec2
- How to SSH to target AWS machine using a bastion host