Configuring Private Bastion

Configuring Private Bastion

Configuring Private Bastion

Private Bastion configures a tunnel to connect resources to a private or secure subnet in the environment.

Enabling Private Bastion at Citadel

Sign in to Citadel, navigate to the environment to setup Private Bastion and select “Network Access”.

image

Click the toggle next to AWS Client VPN to enable it.

As the form is shown, upload the XML files generated from the previous sections by clicking on the “Upload XML” button for each.

image

Then click “Save” to enable the VPN.

Connecting to a RDS through a Private Bastion

After enabling the Private Bastion on the Citadel Run, you need to foloow this step to connect to the RDS database through Private Bastion.

⚠️
Before proceeding, make sure you have a RDS instance up and running. Also, make sure the Security Group of this instance is configured to use the Private Bastion Security Group.

Start a session by getting the credentials from the SSO for the environment to which you want to connect.

  1. Go to your SSO page.
  2. Select the environment you want to connect
  3. Select the option Command line or programmatic access
  4. Copy the keys in the option 1 - Set AWS environment variables (Short-term credentials)

Example for connecting to RDS Postgres by Private Bastion using client AWS.

For Mac, open a Terminal.

For Windows, open a Command Prompt window.

aws ssm start-session --target <private-bastion-id> \
--document-name AWS-StartPortForwardingSessionToRemoteHost \
--parameters '{"portNumber":["5432"],"localPortNumber":["5433"],"host":["<rds-endpoint>"]}'

  • Private-bastion-id
    • Go to the AWS console, select the service EC2
    • Select the instance `citadel-PrivateBastion`
    • Find the Instance ID. Copy and paste it to the command.
    • image

  • Rds-endpoint
    • Go to the AWS console, select the service RDS
    • Select the RDS you want to connect through Private Bastion
    • Find the parameter Endpoint. Copy and paste it to the command.
    • image

On this page