Sha256: 8f5a0de30ee5722e79ebba96009f8cc1419ba2cc20707c176f8a936654b91a53
Contents?: true
Size: 1.47 KB
Versions: 11
Compression:
Stored size: 1.47 KB
Contents
---
title: Bastion Setup
---
It is common to secure your network setup by restricting access to your servers by placing them in internal subnets. In this case you will have a bastion host server that you must use to jump through to get to your instance. Sonic provides built-in support for a bastion host.
You can configure the [settings.yml]({% link _docs/settings.md %}) file to use a bastion host. Here's an example:
```yaml
bastion:
host: ec2-user@34.211.223.3
host_key_check: false
user: ec2-user # user for 2nd level servers
```
The settting directs the `sonic ssh` to jump through the bastion host. This works transparently. The sonic commands are exactly the same as if there is no bastion host. Examples:
```
sonic ssh i-0f7f833131a51ce35
```
You should notice that the built up command now includes the bastion jump host.
```
$ sonic ssh i-0f7f833131a51ce35 uptime
=> ssh -At ec2-user@34.211.223.3 ssh ec2-user@10.10.110.135 uptime
18:35:18 up 1:14, 0 users, load average: 0.24, 0.07, 0.02
Connection to 34.211.223.3 closed.
$
```
You can also specify the bastion host as a CLI option with `--bastion`, though it is recommended that you configure it in a `settings.yml` file so you do not have to repeatedly type it.
<a id="prev" class="btn btn-basic" href="{% link _docs/install.md %}">Back</a>
<a id="next" class="btn btn-primary" href="{% link _docs/tutorial.md %}">Next Step</a>
<p class="keyboard-tip">Pro tip: Use the <- and -> arrow keys to move back and forward.</p>
Version data entries
11 entries across 11 versions & 1 rubygems