2 Answers
Not agree.
I can bring you few scenarios where you need Bastion:
1. Prod VPC with ALB, app on EC2 instances in private subnets and RDS in private subnet. How you will manage RDS (run SQL queries outside of VPC, add table, drop table, merge etc) ?
2. Prod VPC, with ALB and app running Windows EC2 instances in private subnets. I don’t think you can deploy every single app with power shell.
Automation and Systems Manager can solve a lot of problems but not all.
Hi lecube,
I tend to agree with you. I still think that it is a good control point, but defence in depth relegated the Bastion to being just one of multiple control points rather that the control point.
I will say that from many small time installations, it is an easy and robust way to start out rather than developing the robust security design and implementation that they should have (but won’t).
Thank you for contributing a different perspective.
Rusty
Moderator & Coach