#bastion (2019-08)

https://github.com/cloudposse/bastion

Discuss cloudposse/bastion

2019-08-09

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I think it is probably something with the latest Pr that added support for compose

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I don’t have time to look into it, but will promptly review any PR associated with it

:--1:1
Blaise Pabon avatar
Blaise Pabon

Do we have any description of bastion running on AWS? I would like to set up bastion as a jumphost to several services planned for EC2 and EKS. I’m not clear on how to set up the networking for the bastion… Do I put it in a security group with inbound / outbound TCP 22 * and then approve its IP address on the inbound rules for the app servers? Also, do I standup a generic t2.micro to run the Docker image, or is there a recommended AMI? BTW, I’m willing to contribute my findings to make it easier for the next guy.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

no examples of that. we’ve moved on to using gravitational for SSH, so we’re not using this in any engagements.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Modern Privileged Access Management | Teleport | Gravitational

Make it easy for users to securely access infrastructure, while meeting the toughest compliance requirements.

Blaise Pabon avatar
Blaise Pabon

Oh, I didn’t know about gravitational, thanks!

2019-08-08

Thomas Sandberg avatar
Thomas Sandberg

Hi! I’m trying to get the bastion up running on my ubuntu docker server. Followed the example on git. Edited the bastion.env and gak.env and copied them to the folder on the server containing the dockercomposer.yml Edited the composer-file to enable bastion. But when I start it everything starts OK accept the bastion-container. I get some error messages on the server like this:

Thomas Sandberg avatar
Thomas Sandberg
Thomas Sandberg avatar
Thomas Sandberg

It seems like the problem is those ssh-scripts.

Thomas Sandberg avatar
Thomas Sandberg
Thomas Sandberg avatar
Thomas Sandberg

I guess I have forgot to do something else…. any tips?

    keyboard_arrow_up