How to spin up bastion

Introduction

Bastion is a jump server (or gateway server) that gives access to Instances within a private network using the SSH protocol.

Bastion is a secure intermediary server where Monitor Space Hazards system administrators login first via SSH before getting to access the different components. The purpose of having the SSH bastion host is to improve security and consolidate SSH user activities to a single point hence better security and accountability.

Spinning up bastion

Please note AWS access will be provided to UKSA and/or suppliers offline as required on a principle of least privilege basis.

1. Login to UKSA main AWS account:

2. Select EC2 in services

3. Go to Instances, make sure the bastion-host-for-prod is checked and select Start instance under Instance state

4. You will be notified at the top to let you know the bastion host has started successfully and the Public IP address will be displayed.

5. You can then connect via SSH using ec2-user@ to connect to the production database. An example command might be:

   psql -U msh -h aurora-cluster-for-prod.cluster-czgkvdogsvmn.eu-west-2.rds.amazonaws.com -p 5432 -d msh

   The password can be found in Secrets Manager. For the manual intervention on Database there is also a username postgres. The password for this is also in Secrets Manager.

6. Once you have finished, shutdown the host by selecting Stop instance so unnecessary costs are not incurred.

Please note Your SSH public key has to be first added into `.ssh/authorized_keys` by an Admin who can access the Bastion host. Once your public key is there you are ready to use the Bastion host.

This page was last reviewed on 8 November 2023. It needs to be reviewed again on 8 November 2024 .

This page was set to be reviewed before 8 November 2024. This might mean the content is out of date.