Skip to main content

Instance Access and Bastions

Accessing Instances

For most EC2 running modern Linux operating systems, SSH access will be via AWS Systems Manager Session Manager (SSM).

This provides secure and auditable access to EC2s without the need to expose ports or use a bastion. This can also be used for port forwarding to access private web consoles, RDS databases or Windows RDP.


For instances running older versions of Linux where the SSM Agent can’t be installed, we can provide a bastion host.

The bastion will be preconfigured with the relevant security and network connectivity required. You can then securely connect to this bastion host via Systems Manager, and then on to your instance.

If you find the bastion is down (between 20:00 and 05:00) then you may need to restart it. The best way to do this is to amend the Auto Scaling Group called bastion_linux_daily to set the values to 1 where they are 0. This will build a bastion EC2 server.

There will only be 1 listed in most cases (bastion_linux_daily) so select that, click on edit in the top box and set all 3 values (desired capacity, minimum capacity and maximum capacity) to 1 and select Update. This will cause AWS to build a new instance and one will be available in around 5 minutes.

How to connect

For information on how to connect to instances or Bastions see Accessing EC2s.

This page was last reviewed on 31 May 2023. It needs to be reviewed again on 30 November 2023 by the page owner #modernisation-platform .
This page was set to be reviewed before 30 November 2023 by the page owner #modernisation-platform. This might mean the content is out of date.