Question
How to access cloud resources without exposing them directly to the internet?
Context
Managing a secure virtual cloud network requires privileged access to that network. Without proper isolation, such privileged access introduces vulnerabilities.
Solution
Using a special purpose computer or software module on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application and all other services are removed or limited to reduce the threat to the computer. It is hardened in this manner primarily due to its location and purpose, which is either on the outside of a firewall or in a demilitarised zone (DMZ) and usually involves access from untrusted networks or computers.
References
Bastion host - aws.amazon.com
What is bastion host? - en.wikipedia.org
