Drop the bastion in the clouds (AWS, Azure (kinda), and GCP)

Amazon Web Services (AWS)

sorry for the bad graphic :(
# session manager plugin install
curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/mac/sessionmanager-bundle.zip" -o "sessionmanager-bundle.zip"
unzip sessionmanager-bundle.zip
sudo ./sessionmanager-bundle/install -i /usr/local/sessionmanagerplugin -b /usr/local/bin/session-manager-plugin
aws ssm start-session — target <instance_id>
Starting session with SessionId: <instance_id>
sh-4.2$ echo "success!"
Totally didn’t steal this from their docs…
Didn’t steal this from their docs either…
  • Enable the service under Security > Identity-Aware Proxy
  • This will load an OAuth consent screen for users which you need fill out (just needs an App name, then save). You can set OAuth grant token limits, API Scopes, authorized domains, and even a logo here. Up until recently, this process was completely manual. GCP now offers a way to programming complete this step.
  • Depending on your setup, you need to an ingress firewall rule for on ssh (22) and/or rdp (3389) which used by IAP for TCP Forwarding. You can use network tags here or all instances in the VPC for VMs in scope.
  • Ensure your user has the role IAP-secured Tunnel User and can at least see the compute resources (computer viewer)
  • You’ll need to add the flag tunnel-through-iap when you use gcloud to SSH into the host.
gcloud compute ssh <instance_id> --zone <instance_zone> --tunnel-through-iap

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

What “not” to expect from Google Summer Of Code

Deploy Rails Applications using Docker

Setup a Kubernetes Cluster on AWS EC2 Instance with Ubuntu using kubeadm and Contiv-VPP as a CNI…

#1 Read fundamental data from a CSV in Python (Python Financial Analysis)

(VulnHub) [DMV: 1] WriteUp — Walkthrough

5 Reasons Your Next BigCommerce Site Should Be a Progressive Web App

Ruangguru Engineering Academy: Unlocking the Potential of Indonesia’s Future Tech Leaders

How I met Postwoman (now Hoppscotch)?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


More from Medium

IAC with Google Cloud Monitoring

Security Implications of Cloud Computing

Automate F5 BIG-IP On-Prem using Terraform Cloud with GitHub

Setup TKG 1.5.1 Management cluster on AWS cloud