Instance Access and Bastions
Accessing Instances
For most EC2 running modern Linux operating systems, SSH access will be via AWS Systems Manager Session Manager (SSM).
This provides secure and auditable access to EC2s without the need to expose ports or use a bastion. This can also be used for port forwarding to access private web consoles, RDS databases or Windows Remote Desktop (RDP).
Bastions
For instances running older versions of Linux where the SSM Agent can’t be installed, we can provide a bastion host.
The bastion will be preconfigured with the relevant security and network connectivity required. You can then securely connect to this bastion host via Systems Manager, and then on to your instance.
If you find the bastion is down (between 20:00 and 05:00) then you may need to restart it. The best way to do this is to amend the Auto Scaling Group called bastion_linux_daily to set the values to 1 where they are 0. This will build a bastion EC2 server.
There will only be 1 listed in most cases (bastion_linux_daily) so select that, click on edit in the top box and set all 3 values (desired capacity, minimum capacity and maximum capacity) to 1 and select Update. This will cause AWS to build a new instance and one will be available in around 5 minutes.
How to connect
For information on how to connect to instances or Bastions see Accessing EC2s.