You nailed this topic, generally, we get the information on where to put your bastion host but no one tells us how to secure it.

@@devendrajaisi1789 thank you. I wanted to help clarify this to help others

Its the certification providers who spend so much time on bastion hosts. Working cloud architects and cloud security architects now not to make this mistake. Thats one of the many differences in whats taught in certification vs what customers actually use.

@@GoCloudArchitects I passed 2 AWS certifications. Some of the answers in the test are either wrong or at least are not the best solution. But, you have to follow their rules or you will fail the exam.

Thank you, Mike! I'm glad it was helpful! #cloudhired

A bastion host is an exposed system on the internet that provides a sback door to enable remote access. It is a serious security flaw and is an invitation to hackers to come and hack me. A demilitarized zone is a semi protected subnet, that offers access to one service like web services. The DMZ is a protected zone that protects the internal network from the web services.

@@GoCloudArchitects Thanks Mike for the clarification. I guess what's been glorified in boot camp and certification courses ain't the reality.

Thank you so much for your comment, Precious! #cloudhired

Pawan - honestly I have not seen a company use a bastion host in years. The companies that I worked with removed them about 20 years ago do to security risks. I have only seen this in certification courses. But then again there is a massive difference between certification and reality

@@GoCloudArchitects Thanks much Mike!!

@@GoCloudArchitects used in my company

@@Jkudjo there are lots of cybersecurity breeches every day.