Configuring A Secure Remote Server Access with Multi-Factor Authentication Using AWS System Session Manager

Securing and maintaining IT infrastructure has never been a greater challenge as security threats are compromising organizations’ information assets. From large scale hacks to ransomware attacks, organizations across all industries are compelled to strategize and implement robust security measures to protect their data. And Bastion Hosts are often regarded by many customers and cloud infrastructure enthusiasts as secure servers in a public-facing subnet to access and manage servers located within the private subnets of a Virtual Private Cloud (VPC). And although this observation is factually accurate, it is equally important to recognize that the Bastion host approach presents numerous challenges due to the following reasons:

• No multi-factor authentication (MFA) protection exists for the bastion host in the public subnet
• You are responsible to constantly manage the bastion host server yourself
• You are required to manage ports access to the internet (such as port 22 for SSH or 3389 for RDP)
• You’re equally obligated to manage access and permissions to the bastion host for your users.

For these reasons, we’ll demonstrate how we can address these challenges by leveraging AWS Systems Manager Session Manager & AWS Single Sign-On (AWS SSO) to provide our users with a more secure way to remotely access and manage their servers. The…