Bastion Server

What is Bastion and why do we even need that?

As we all know about the public ips and private ips. If not, then we know what does public and private means right? Something that is private is not accessible in the public. And something in the public is seen and can be used by everyone. As in the server we have similar concept while hosting our application. We host our application on the server that is private and since no one can use it we can mark it as secure. But if no one can use it, how are we supposed to access it? That's a great question. So, a private server means that it is not publicly available for anyone to use but it can be set to use by specific server also known as Bastion server. Those servers are publicly available and the main objective of those servers are to give access to the public with some security measures. As the data goes from Bastion server to the private server it is more secure and limits attackers from attacking. Bastion servers are widely used in servers for security. While setting up your own VPC (Virtual Private Cloud), we create two or more instances. Those two instances are used for two different purposes. One is for serving to the internet and has connection setup with IGW, and the other one is the private having no direct connection with IGW, though it maintains outbound rules with NACLs which filters the needed connection.