The Bastion Server That Isn't There ...

Agenda
1800 - Doors Open served with Pizza and Drinks
1830 - "The Talk"
1930 - Networking + Demolish the remainder of the food
2100 - Finish

The Bastion Server That Isn't There - Providing scalable secure access as a stateless service with Terraform on AWS.

Presented by Joshua Kite, Site Reliability Engineer at DAZN

The standard approach to setting up a bastion server (or jump box) has enough weaknesses already. Managing secure access to your VPC's for hundreds of users and hundreds of servers increases these exponentially.
I found the available solutions lacking.

Here I briefly cover the issues and present a working production solution immutably deploying ssh bastion access as a stateless service on AWS, managed entirely with Terraform - no build chain, no registries, no secrets management and instantaneous access.

The result is a bastion server that isn't there, until the moment a user calls for it and then it can be their special snowflake, just for them, briefly, until it's gone. If we're lucky we will even be able to do a live demo :-)