

Ask HN: Is the Bastion Host Security Pattern Outdated? - cothomps

Following on to this article:<p>http:&#x2F;&#x2F;programming.oreilly.com&#x2F;2014&#x2F;01&#x2F;is-the-jump-box-obsolete.html?cmp=tw-prog-na-article-pr_is_the_jump_box_obsolete<p>The article proposes that the Jump Box &#x2F; Bastion Host pattern is obsolete for many cloud deployments.  I&#x27;ve been using a &#x27;bastion host&#x27; pattern to access Amazon VPCs - and while the security &#x2F; IP infrastructure is somewhat simpler to maintain, there really is no way to audit user access; the AWS EC2 private key infrastructure and bastion host pattern pretty much ensure every user runs as &#x27;root&#x27;.<p>Are there better alternative for AWS (or other IaaS services in general) than the bastion host pattern?
======
ahazred8ta
Well, that article was written by the head of this company
[https://www.jumpcloud.com/about/](https://www.jumpcloud.com/about/) that
sells an SaaS solution that builds on Chef and Puppet. More generally
speaking, each DevOps framework has its own integrated solution for user
account provisioning / security. Also see: 13 Practical and Tactical Cloud
Security Controls in EC2
[http://www.tuicool.com/articles/NbIz6z](http://www.tuicool.com/articles/NbIz6z)

