During the lesson (Setting up Our VPC Part 2), Ryan shows how to copy your private key to the public EC2 instance while stating that isn’t a secure way to access your private EC2 and I was wondering how I would do it securely. I found this great link that shows the right way to do it, and it’s very easy, at least on a Mac computer. https://aws.amazon.com/blogs/security/securely-connect-to-linux-instances-running-in-a-private-amazon-vpc/
I was able to connect through the public EC2 to the private EC2 without saving my private key on the public computer. Just wanted to share this in case someone else was wondering how to do it.
You’d probably want to avoid bastions all together. Check out AWS Systems Manager Session Manager.
Thanks TJ, good info.
You just need to know bastions for the exam though. I’d know how to use them and secure them.
Also keep in mind that having even one machine with SSH (or even worse RDP) exposed to the whole Internet is a bad idea. So an even better solution would be to use a client-to-site VPN solution to gain access to the VPC environment and then doing SSH using the instance’s private IP addresses. AWS Client VPN (https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html) seems like a good option but it doesn’t support 2FA at this point. So something like https://asieira.github.io/using-openvpn-access-server-to-access-aws-vpcs.html might be in order.