Allowing external access to bastion hosts on aws

by ZHD   Last Updated July 12, 2019 14:26 PM - source

I am trying to create a few bastion hosts in my VPC on aws to connect to my databases that are located in a private subnet. I am using this aws Quick start.

I understand the basics of CIDR blocks and what they mean. However, I don't understand what aws means by the "Allowed Bastion External Access CIDR" parameter. To quote the documentation, this parameter means the following:

"CIDR block that’s allowed SSH external access to the bastion hosts. We recommend that you set this value to a trusted CIDR block. For example, you might want to restrict access to your corporate network."

I don't understand what I should enter in this parameter. Do they want the IP range of my private subnet that will connect to the bastion hosts? Or do they mean by this the range of my private network at home? And does this mean that I can't ssh into my bastion hosts from anywhere else? Obviously I want to restrict access to my bastion hosts, but I don't think I want to only be able to access them from home, since I work from different places and we don't have a private network at the office.


Related Questions