Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The Bastion Server That Isn't There ... Joshua Kite


Published on

The standard approach to setting up a bastion server (or jump box) has enough weaknesses already. Managing secure access to your VPC's for hundreds of users and hundreds of servers increases these exponentially.
I found the available solutions lacking.

Here I briefly cover the issues and present a working production solution immutably deploying ssh bastion access as a stateless service on AWS, managed entirely with Terraform - no build chain, no registries, no secrets management and instantaneous access.

The result is a bastion server that isn't there, until the moment a user calls for it and then it can be their special snowflake, just for them, briefly, until it's gone.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

The Bastion Server That Isn't There ... Joshua Kite

  1. 1. The Bastion Server That Isn’t There - Providing scalable secure access as a stateless service with Terraform on AWS Joshua Kite
  2. 2. About me: Joshua Kite - See my website for links, contact, etc: Site Reliability Engineer @ DAZN ‘The Netflix of sport’
  3. 3. A Word of thanks I would like to thank the people who have helped to make this idea a reality and supported this presentation: Mike Bristow, Senior Engineer at NeuLion Piotr Jaromin, Software Engineer; Marco Crivellaro System Architect; Rick Burgess SRE Manager; Simon Coutts Head of Development at DAZN
  4. 4. What is the problem that we are solving?
  5. 5. New Bastion server New Bastion server is like:
  6. 6. <PIcture> ‘no face’ before and after Old Bastion server is like:
  7. 7. So what solutions are already out there?
  8. 8. Bastions on steroids
  9. 9. Gravitational Teleport
  10. 10. Aker
  11. 11. Pritunl Zero
  12. 12. Third party IAM solutions Some install as a standalone binary, e.g. (Python) Some are intended as a script to install a dedicate server on EC2, e.g. ssh (Python; Bash)
  13. 13. What are our limitations?
  14. 14. “Take CVS as an example of what not to do; if in doubt, make the exact opposite decision.” - Linus on the Git design philosophy
  15. 15. Ikebana (生け花, "living flowers")
  16. 16. So what do we aim for (apart from the above)?
  17. 17. So what is our solution?
  18. 18. But how do we control our instances?
  19. 19. But what are users logging in with?
  20. 20. Deployment
  21. 21. That’s great for RDS But my services are on ECS, not EC2!
  22. 22. But I use AWS organisations!
  23. 23. So what does this look like to my user? To reach bastion: ssh-add ~/.ssh/billybob.rsa ssh To reach ecs host: ssh -J billybob@yourecshost
  24. 24. Version history
  25. 25. What does the code look like? You can use the community module directly or review on Github ● ●
  26. 26. Code Features ● What it doesn’t do is almost as important as what it does do.
  27. 27. Demo
  28. 28. reflections Since the bastion service host is not running anything interesting besides the dockerised service it doesn’t really matter if our users can see metadata and we aren’t overly worried about a guest escape Unlike a traditional bastion server our users are protected from ssh socket stealing identity impersonation Ssh host key is a conscious choice Pull requests are welcome!
  29. 29. Yes DAZN is hiring!
  30. 30. Thanks! Questions? Joshua Kite