Securely Accessing Private Subnets in AWS: A Step-by-Step Guide
Teqani Blogs
Writer at Teqani
This article provides a step-by-step guide on how to securely access private subnets in AWS using a bastion host. This method ensures that internal APIs and resources remain protected from public access while allowing authorized users to connect and perform necessary tasks. We'll cover the entire process, from setting up the bastion host to establishing a secure connection.
Setting Up a Bastion Host in AWS
To access a private subnet in AWS, a bastion host acts as a secure gateway. It resides in a public subnet and allows you to connect to resources in the private subnet without exposing them to the internet.
- Create an EC2 instance in a public subnet.
- Configure the security group to allow SSH access from your IP address.
- Ensure the private subnet's security group allows traffic from the bastion host.
Connecting to the Bastion Host
Once the bastion host is set up, you can connect to it via SSH. From there, you can access resources in the private subnet.
- Use SSH to connect to the bastion host's public IP address:
ssh -i your-key.pem ec2-user@<bastion-public-ip>
- From the bastion host, SSH into the private instance or use
curl
to test internal APIs.
Security Considerations
Security groups are crucial for controlling traffic to and from your instances. Always configure them carefully to minimize potential security risks.
- Restrict SSH access to the bastion host to your IP address.
- Regularly review and update security group rules.
- Tear down the bastion host when it's no longer needed to avoid unnecessary charges and potential vulnerabilities.
Example Use Case
Imagine you have an internal API (internal-api.mycompany.net
) deployed within a private subnet. You need to test this API but cannot access it directly from your local machine. By setting up a bastion host, you can securely access and test the API.
curl http://internal-api.mycompany.net:8080/health
Conclusion
Using a bastion host is a secure and effective way to access private subnets in AWS. By following these steps and keeping security best practices in mind, you can ensure that your internal resources remain protected while still being accessible for development and testing.
All blogs are certified by our company and reviewed by our specialists
Issue Number: #cf164f7f-6412-4574-bcd5-42a7c356b285