AWS Bastion Host & VPN Configuration

Objective:

Deploy a secure access mechanism using a Bastion Host to enable controlled SSH access to EC2 instances and RDS in private subnets within AWS.

Summary:

• Configured a Bastion Host in a public subnet to provide SSH access to resources within private subnets.
• Enabled developers to access RDS instances securely without exposing the database to the internet.
• Restricted inbound access to the Bastion Host using security groups and IP whitelisting.
• Configured SSH Agent Forwarding and Identity files to allow secure hop-through connections.
• Monitored and logged session activity using AWS CloudTrail and system logs.

Key Highlights:

• Reduced attack surface by avoiding direct exposure of RDS or EC2 to the internet
• Implemented least-privilege access for developers
• Ensured secure troubleshooting and database-level access via bastion tunnel

Lab Status: Completed

Objective:

Provide continuous, secure terminal access for trainers by setting up a VPN server on an AWS EC2 instance, enabling remote Ubuntu-based training environments.

Summary:

• Configured an OpenVPN server on a dedicated EC2 instance running Ubuntu in a public subnet.
• Allowed authorized trainers to securely connect to internal lab environments for hands-on terminal sessions.
• Enabled persistent VPN tunnels to maintain session continuity during training.
• Used static IP assignment and routing rules to grant access to specific training resources.
• Secured the VPN server with UFW rules, SSL certificates, and user authentication.

Key Highlights:

• Deployed self-managed VPN on EC2 without third-party services
• Maintained consistent remote access for multiple training sessions
• Isolated trainer sessions from production infrastructure using routing rules

Lab Status: Completed