This solution sets up the following:
A highly available architecture that spans two Availability Zones.*
A virtual private cloud (VPC) configured with public and private subnets, according to AWS best practices, to provide you with your own virtual network on AWS.*
In the public subnets:
Managed network address translation (NAT) gateways to allow outbound internet access for resources in the private subnets.*
1–4 Linux bastion hosts in an Amazon Elastic Compute Cloud (Amazon EC2) Auto Scaling group for connecting to Amazon EC2 instances and other resources deployed in public and private subnets.**
An Amazon CloudWatch log group to hold the Linux bastion host shell history logs.
AWS Systems Manager for access to the bastion host.
Launch an EC2 instance as you normally would for any other instance.
Apply OS hardening as required.
Set up the appropriate security groups (SG).
Implement either SSH-agent forwarding (Linux connectivity) or Remote Desktop Gateway (Windows connectivity).
Deploy an AWS bastion host in each of the Availability Zones you’re using.
The NAT instances in the public subnet is used to route the traffic to the instance sitting in the private subnet.