Overview - Linux Bastion Hosts on the AWS Cloud


This Quick Start provides a Linux bastion functionality for AWS Cloud infrastructures. It deploys a virtual private cloud (VPC) using the Amazon VPC Quick Start reference deployment, sets up private and public subnets, and deploys Linux bastion instances into that VPC. You can also choose to deploy Linux bastion hosts into your existing AWS infrastructure. Bastion hosts are a special-purpose instance that hosts a minimal number of administrative applications, such as Remote Desktop Protocol (RDP) for Windows or PuTTY for Linux-based distributions. All other unnecessary services are removed. Hosts are typically placed in a segregated network. They're often protected with multi-factor authentication (MFA) and monitored with auditing tools.

The bastion hosts provide secure access to Linux instances located in the private and public subnets. The Quick Start architecture deploys Linux bastion host instances into every public subnet to provide readily available administrative access to the environment. The Quick Start sets up a Multi-AZ environment consisting of two Availability Zones. If highly available bastion access is not necessary, you can stop the instance in the second Availability Zone and start it up when needed.

You can use this Quick Start as a building block for your own Linux-based deployments. You can add other infrastructure components and software layers to complete your Linux environment in the AWS Cloud. To build an AWS Cloud infrastructure for accessing Microsoft Windows-based instances, see the Quick Start for Remote Desktop (RD) Gateway.


You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using the Quick Start.

The AWS CloudFormation template for this Quick Start includes configuration parameters that you can customize. Some of the settings, such as the instance type, will determine the cost of deployment. For pricing details, see the Amazon EC2 pricing page.