Be the first to like this
The standard approach to setting up a bastion server (or jump box) has enough weaknesses already. Managing secure access to your VPC's for hundreds of users and hundreds of servers increases these exponentially.
I found the available solutions lacking.
Here I briefly cover the issues and present a working production solution immutably deploying ssh bastion access as a stateless service on AWS, managed entirely with Terraform - no build chain, no registries, no secrets management and instantaneous access.
The result is a bastion server that isn't there, until the moment a user calls for it and then it can be their special snowflake, just for them, briefly, until it's gone.