Step 1 – Create Bastion Host
a) Navigate to EC2 Dashboard, click on Launch instance
b) Select Amazon Linux 2, click Next
c) Choose t2.micro as Instance Type, click Next
d) Select default VPC, select subnet if you have a preference
e) Leave everything else as is, click Next
f) Leave Storage as is, click Next
g) Leave Tags as is, click Next
h) Select default VPC security group, ensure you are allowing port 22 from your laptop/desktop
i) Click Review and Launch
j) Click Launch and select or create new Key Pair, ensure you have access to the pem file
k) Click Launch Instances
l) Click View Instances
m) Wait for Instance State to change to Running
n) Name your instance Bastion
Step 2 – Create Private Subnet in default VPC
a) Navigate to VPC Dashboard, click on Subnets
b) Click on Create Subnet
c) Select default VPC, name your subnet pvt-subnet
d) Use 172.31.48.0/20 as your CIDR block
e) Click on Create Subnet
f) Navigate to EC2 Dashboard, click on Launch instance
g) Select Amazon Linux 2, click Next
h) Choose t2.micro as Instance Type, click Next
i) Select default VPC, select pvt-subnet
j) Leave everything else as is, click Next
k) Leave Storage as is, click Next
l) Leave Tags as is, click Next
m) Select default VPC security group, ensure you are allowing all from default
n) Click Review and Launch
o) Click Launch and select or create new Key Pair, ensure you have access to the pem file
p) Click Launch Instances
q) Click View Instances
r) Wait for Instance State to change to Running
s) Name your instance Private
Step 3 – Connect to Bastion from your laptop/desktop
a) Navigate to EC2 Dashboard, click on Instances
b) Grab Public IP of Bastion
c) Open Putty or any other SSH client you prefer (for Putty you will have to convert pem to ppk)
d) Source the ppk file for Putty (Connection>SSH>Auth>Browse)
e) Username is ec2-user (Connection>Data>Auto-login username)
f) Paste the Public IP under Host Name
g) Click on Open
h) Optional step but good practice
sudo yum update -y
Step 4 – Copy Private EC2 instance’s PEM file to Bastion
a) Open WinSCP or any other file transfer utility
b) Connect to Bastion using the utility, transfer pem file
c) Switch back to Bastion ssh session, following should show the .pem file
ls -ltrh chmod 600 <pemfile>
Step 5 – Connect to Private EC2 instance from Bastion
a) Navigate to EC2 Dashboard, click on Instances
b) Grab Private IP of the private EC2 instance
c) Stay on Bastion SSH session
ssh -i <pemfile> ec2-user@<private IP>
d) Type “yes”
e) And voila, you are in!