Bastion Setup

It is common to secure your network setup by restricting access to your servers by placing them in internal subnets. In this case you will have a bastion host server that you must use to jump through to get to your instance. Sonic provides built-in support for a bastion host.

You can configure the settings.yml file to use a bastion host. Here’s an example:

bastion:
  host: ec2-user@34.211.223.3
  host_key_check: false
  user: ec2-user # user for 2nd level servers

The settting directs the sonic ssh to jump through the bastion host. This works transparently. The sonic commands are exactly the same as if there is no bastion host. Examples:

sonic ssh i-0f7f833131a51ce35

You should notice that the built up command now includes the bastion jump host.

$ sonic ssh i-0f7f833131a51ce35 uptime
=> ssh -At ec2-user@34.211.223.3 ssh ec2-user@10.10.110.135 uptime
 18:35:18 up  1:14,  0 users,  load average: 0.24, 0.07, 0.02
Connection to 34.211.223.3 closed.
$

You can also specify the bastion host as a CLI option with --bastion, though it is recommended that you configure it in a settings.yml file so you do not have to repeatedly type it.

Back Next Step

Pro tip: Use the <- and -> arrow keys to move back and forward.

Edit this page

See a typo or an error? You can improve this page. This website is available on GitHub and contributions are encouraged and welcomed. We love pull requests from you!

Suggest an edit to this page (here's the contributing guide).
Open an issue about this page to report a problem.

Quick Start
Docs
- Installation
- Bastion Setup
Tutorial
- SSH
- ECS Exec
- ECS Run
- Execute
- List
Settings
Help
Why
- EC2 Run Command
How It Works
Next Steps
CLI Reference