WHAT IS A BASTION HOST? HOW TO USE BASTION HOSTS? Simplified and Visualized

Рет қаралды 71,029

Күн бұрын

A bastion host is a server whose purpose is to provide access to a private network from an external network, such as the Internet.
VPC Sessions :
▶ PART 1: What is a VIRTUAL PRIVATE CLOUD? Amazon VPC | Visual Explanations :
• What is a VIRTUAL PRIV...
▶ PART 2: WHAT IS A CIDR IN AWS? | VPC PART 2 | Visual Explanations
• WHAT IS A CIDR IN AWS?...
▶ PART 3: WHAT IS A VPC SUBNET AND HOW TO ASSIGN SUBNETS IN VPC? VPC PART 3 | Visual Explanations
• WHAT IS A VPC SUBNET A...
▶ PART4: AWS SAVINGS PLAN | COMPUTE AND EC2 INSTANCE SAVINGS PLANS | Visual Explanations
• AWS SAVINGS PLAN | COM...
▶ PART5: HOW TO CREATE VPC and SUBNET | HANDS-ON DEMO
• HOW TO CREATE VPC and ...
▶ PART6: WHAT IS INTERNET GATEWAY? WHAT ARE ROUTE TABLES? WHAT IS PUBLIC SUBNET? | Visual Explanations
• WHAT IS INTERNET GATEW...
▶ PART7: HOW TO PROVIDE INTERNET ACCESS TO INSTANCES AT VPC PRIVATE SUBNET? | NAT GATEWAY | NAT INSTANCE
• HOW TO PROVIDE INTERNE...
▶ PART8: HOW TO CREATE NAT GATEWAY? | HAND ON DEMO
• AWS NAT GATEWAY SETUP ...
▶ PART9: HOW TO CREATE NAT INSTANCE? | HAND ON DEMO
• AWS NAT INSTANCE SETUP...
▶ PART10: VPC DHCP Options Set | AWS Private Hosted Zones | Visual Explanations
• AWS DHCP Options Set |...
▶ PART11: AWS NACL and Security Groups | Ephemeral Ports | Visual Explanations
• AWS NACL and Security ...
▶ PART12: AWS VPC PEERING | Visual Explanation
• AWS VPC PEERING with D...
▶ PART13: AWS VPC ENDPOINT | INTERFACE ENDPOINT | GATEWAY ENDPOINT | Simplified Visually
• AWS VPC ENDPOINT | INT...
▶ PART14: VPC FLOW LOGS | WHAT IS AGGREGATE INTERVAL | Visual Explanations
• VPC FLOW LOGS | WHAT I...
▶ PART15: WHAT IS A BASTION HOST? HOW TO USE BASTION HOSTS? Simplified and Visualized
• WHAT IS A BASTION HOST...
⏲ Timelines for your convenience:
00:00 // Intro
01:02 // What are bastion hosts and how do they work?
03:00 // Hands-on Demo for BASTION HOSTS.
10:12 // Outro
⭐ Kite is a free AI-powered coding assistant that will help you code faster and smarter. The Kite plugin integrates with all the top editors and IDEs to give you smart completions and documentation while you’re typing. I've been using Kite for 6 months and I love it!
www.kite.com/get-kite/?...
🍀 If you wish to support me please choose the links below:
INSTAMOJO : instamojo.com/@pythoholic
PAYPAL : paypal.me/pythoholic
BECOME A MEMBER (PATREON) : / pythoholic
GADGETS I USE : www.amazon.in/shop/pythoholic
AWS Solutions Architect Associate Certification 2020 Playlist:
tinyurl.com/y4lr8zu4
Please follow we in the links below to stay updated: 🙌
🍀Click on the link below to subscribe: tinyurl.com/qqebnwz
🍀Instagram: / pythoholic
🍀Facebook: / bepythoholic
🍀Twitter: / bepythoholic
🍀Discord: / discord
Disclaimer: The content provided in the channel are not affiliated in any way to the organization. We provide information here on the channel based on the knowledge we have on the topic. We advise our viewers to please do their own research and read more about them from the source provided by the organization to get a better outlook on the topic that has been covered.
These videos are just to provide you a platform to learn, and there can be mistakes and we are always trying to improve based on your feedback. we recommend viewers to have an open mind. Please support the channel to get more content like these in the future.
#RoadToAWS #AWSSolutionsArchitectAssociate2020 #Pythoholic

Пікірлер: 80

@pritomdasradheshyam2154 3 жыл бұрын

This is by far so much intuitive explanation for Bastion Hosts, thankyou so much for working on this, this kind of stuff takes so much energy and time, I am so happy that you chose to open source these kind of great content in KZbin!

@cassandraz3035 3 жыл бұрын

You are so good at what you do ! Thank you for your time

@aniketfadia7328 3 жыл бұрын

This explanation is so easy to understand! :) Thanks for the video and for putting so much effort into the visuals! :) Great work mate, keep going! :)

@Pythoholic 3 жыл бұрын

Thanks 👍

@chintalapativenkataramarahul 2 жыл бұрын

Thanks for the visual demonstration of a bastion. That made it easier to grasp the concept.

@ishaanme91 3 жыл бұрын

Clear and concise. Awesome!

@prerakmer455 2 жыл бұрын

Perfect video to understand bastion host. Simple and easy to understand explanation. Thank you!!!!!

@GuitarreroDaniel 3 жыл бұрын

This was extremely useful. Thank you very much!

@PracticalLearningDataHub-ql5wg 10 ай бұрын

Great Video. Visualizations are the best way to understand the basics and Hands-on Demonstrations makes great sense to a learner. The best way to teach rather than following the traditional conceptual teaching. I appreciate your work. Keep them coming. All the best.

@ceaconcept3663 Жыл бұрын

you just earned my subscription! great job!!

@somesh6090 2 жыл бұрын

A very deep learning video about bastion host with much less time.

@pvenugopal2809 3 жыл бұрын

wow... wonderful session and your way of presentation is simply super, pls keep it forward

@Isingbadbutiamaswiftie 3 жыл бұрын

Thank you so much for this explanation 🙏

@JohnKabler 2 жыл бұрын

Excellent production quality and content. Really loved the use of the battle visual. Well done, sir.

@Pythoholic 2 жыл бұрын

Thanks a lot :)

@harshchitroda 3 жыл бұрын

One of the most informative and clear video on Bastion Hosts, keep uploading.

@ajmirshowraf5556 3 жыл бұрын

তকতলতি

@thelazychewresearch Ай бұрын

Great video!

@rakesh.g9999 2 жыл бұрын

Thanks ....it was really easy....u made it

@satyaswarupswain 2 жыл бұрын

Your teaching skill is superb bro .

@MARK01986 3 жыл бұрын

Could you please show the config of your vpc-demo?

@ramkowsu5295 3 жыл бұрын

Wonderful explanation

@andriys5772 3 жыл бұрын

Thank you!

@619trading9 3 жыл бұрын

According to Aws - best practice is not to copy the file to the bastion host but to use ssh agent forwarding...do you have a tutorial for that?

@Pythoholic 3 жыл бұрын

I haven't created that yet.

@kishanpatro45 Жыл бұрын

I can connect my private host server from bastion host but am unable to push the file, what could be the reason?

@nerdy-zeig7774 Ай бұрын

So... its just a cloud version of a jump server?

@PaulEllisBIGDATA 2 жыл бұрын

Outstanding video

@hebronspiritualmessages9382 3 жыл бұрын

Thanks for the well explanation. i have one doubt here as im new to AWS... when we are able to connect Private instances which are in private subnets via bastion host then what is the need of NAT gateway and NAT instance.. ? simple we are allowing bastion IP in Private instance SG and connecting from bastion host to private instance. which is easier than deploying NAT gate and NAT instance... could pls explain .. Thanks in advance.

@Pythoholic 3 жыл бұрын

NAT gateways are special cases where if you need to allow public internet access to your private instances. But that doesn't mean others have access to the machine or even SSH access to that machine. Let suppose you just want to install Centos updates and you need public internet access then it can work without allowing SSH access to that machine. And later it can be removed from the rule set to make it secure again.

@Pythoholic 3 жыл бұрын

Bastion is a totally separate concept. The instances behind bastion may or may not need public internet access. It's just a additional security to have a bypass to the instances that you want to securely access

@AsheeshKum 3 жыл бұрын

Any way we can access from my desktop thru internet to private subnet linux machine VNC server GUI via bastion windows machine... ANY HELP is APPRECIATED.

@Pythoholic 3 жыл бұрын

Yeah if you are able to create a tunnel and pass the proxy information while connecting to the UI. Check for server connection settings

@tsukinosukee 3 жыл бұрын

copying the "pem" file into bastion host good practice? should we use ssh agent instead? ssh-add -K myPrivateKey.pem

@Pythoholic 3 жыл бұрын

Yeah that's the way we should do it in prod. This was just a simple way. Most are not aware of how SSH works. So need to.keep it simple

@bbstriker 2 жыл бұрын

Thank you firvtge video. Very clear. Why would we need a bastion host if we can instead use AWS Sessions Manager (SSM)?

@Pythoholic 2 жыл бұрын

Yes its coming up . Thanks for the feedback

@smiley2827 Жыл бұрын

It will be interesting if you will discuss about real use case.

@LucasBhata 3 жыл бұрын

top explanation, ta

@fftu4741 3 жыл бұрын

If I want to build a website, should the website be placed in an instance of a private subnet? How to configure the private subnet ‎Apache? My problem now is that the instance of the private subnet can't connect to the network and configure the Apache environment. Please help me answer, thank you

@Pythoholic 3 жыл бұрын

If u wish to build a website make it public but ensure you have a DNS name SSL certificate and only access through URL and not with ip

@fftu4741 3 жыл бұрын

@@Pythoholic Okay, I understand this. However, after creating a bastion host and a private instance in the video, how to install Apache in the private instance?now, the private instance Unable to install Apache online

@Pythoholic 3 жыл бұрын

You can have ur NAT connected to your private instance else you need to have ports opened specific for that purpose else you need to create application specific Ami

@YoursAkki81 2 жыл бұрын

Are bastion hosts used only for linux instances or other OS instances as well ?

@Pythoholic 2 жыл бұрын

Its for both, depends on what port you allow. SSH or RDP

@akshigoel348 3 жыл бұрын

Can anyone please help me to understand the difference in accessing private instance at 9:36 from the previous one. Why access is not possible, i.e. what is the different from previous accessing. Thank you.

@Pythoholic 3 жыл бұрын

The basic difference is you allow access from a single point of host ie your bastion. Cause ur security group allows from only that. Direct access to host b is not possible . If you have to access it you need to go though the bastion

@akshigoel348 3 жыл бұрын

@@Pythoholic thanks for quick help!! 👍

@AliTwaij Жыл бұрын

thankyou

@diptybates765 Жыл бұрын

I am getting this error : Permission denied (publickey,gssapi-keyex,gssapi-with-mic). is there any way to resolve this issue ? When I tried to connect Private Instance via the Public instance. Thank you .

@Pythoholic Жыл бұрын

please change the key permissions

@Pythoholic Жыл бұрын

chmod 400 keyname

@diptybates765 Жыл бұрын

@@Pythoholic Thank you so much, it is working now. 😊

@charlottenkwah8642 3 жыл бұрын

wooow this is really good but i think you were too fast with the explanation and the demo. But nice work

@winfle Жыл бұрын

instead of copyring you ssh keys to bastion, you can use SSH key agent forewarding

@vm5304 3 жыл бұрын

thank you. I tried to read the letters on your screen, but they are blurred. Can you make the font clearer?

@Pythoholic 3 жыл бұрын

Hi thanks for the feedback, if you could please point out the timestamp or share a screenshot at the discord..it will be really helpful

@vm5304 3 жыл бұрын

@@Pythoholic all the white screens such as the AWS console and Windows are not clear. For example from 3.22 to 7.4 Thank you so much I found your videos very helpful for Sol. Arch. Ass. certificate. Can you sort or tag the videos by 1. Design Resilient Architecture 2. Define Performant Solution 3. Specify Secure Applications & Architectures 4. Design Cost-Optimized Architectures

@Pythoholic 3 жыл бұрын

Please login to www.pythoholic.com and there u can see the list of all videos with proper tags in place

@vm5304 3 жыл бұрын

@@Pythoholic Thank you!

@kaustuvprajapati4174 11 ай бұрын

which tool is used to create slides?

@Pythoholic 11 ай бұрын

Just ppt 👍

@amulyamb7331 2 жыл бұрын

Sir we need a project on this will you do our final year project??

@Pythoholic 2 жыл бұрын

That's impressive, sorry i cant be a part but if you need some suggestions you can let me know.

@cpetester1698 3 жыл бұрын

Bhai can you make something for Transit VPC ?

@Pythoholic 3 жыл бұрын

Sure i will make a note of it. Thanks

@berndeckenfels Жыл бұрын

Don’t copy keys to the bastion host, it’s a bit more secure to use ssh agent forwarding (but in permission ask mode). And also it need more hardening like session locks, retry, egress filtering and so on

@Pythoholic Жыл бұрын

Yes it's just a example . In real time we shouldn't do that

@dianeconrardy829 3 жыл бұрын

Great information, but pace of delivery was a little to fast to me...

@Pythoholic 3 жыл бұрын

Sure Diane will keep that in mind

@i-am-administrator 5 ай бұрын

you didnt mention in which VPC you deployed this baston host and priviate host. as far i know if both share the same VPC they can communicate with what SG rules given to them. i such case you showed us it is not possibale from another pubilc host but i doubt this from different VPC so it wont communicate . if public host is part of same VPC then it will also gets commuicated with the help of baston host.

@Pythoholic 4 ай бұрын

Great observation and I echo this but this was a simple explanation on bastion but if we want to actually create a bastion host it would need steps that beginners might have a issue understanding. I am currently working on a video that is more aligned with new steps. I hope that would solve this.

@i-am-administrator 4 ай бұрын

waiting for that video. cheer to your efforts@@Pythoholic

@SJ-fj6oe 3 жыл бұрын

You SHOULD NOT have Enabled Auto Assign Public IP for Bastion Host (3:56 sec of the video). It's recommended to disable it. Also why did you allow outside world (0.0.0.0/0) in your Bastion Host Security Group. The bastion host that you just created SHOULD NOT be reached from the internet. Rather choose ELASTIC IP that are allowed from ON PREM Firewalls. Allocate an Elastic IP address, and make it reachable from the internet over IPv4 by associating it with your bastion host

@Pythoholic 3 жыл бұрын

I understand that completely. It is just an experiment to show the concept not the actual implementation. but I will do one video with they way u have pointed out as well. Thanks for the feedback. If you dint like the video, please make sure you put a dislike. Hoping you might have already done that.