All Products
Search
Document Center

Bastionhost:Overview

Last Updated:Jan 15, 2024

This topic describes how to perform O&M operations in an efficient and secure manner and audit O&M sessions after you create a bastion host in Bastionhost V3.2.

The following table describes the steps.

Step

Description

Step 1: Synchronize ECS instances

The administrator adds the asset to be managed to the bastion host. In this step, the administrator can synchronize the Elastic Compute Service (ECS) instances that belong to the current Alibaba Cloud account to the bastion host and create host accounts.

Step 2: Import Alibaba Cloud RAM users

The administrator adds local users or imports RAM users to the bastion host. In this step, the administrator can import RAM users to the bastion host.

Step 3: Grant permissions on assets and asset accounts

The administrator authorizes specific users to perform O&M operations on specific assets and asset accounts. In this step, the administrator authorizes specific users to perform O&M operations on specific hosts and host accounts.

Step 4: Perform O&M operations on hosts

Users (O&M engineers) access authorized assets and perform client-based or web-based O&M.

Step 5: Audit O&M sessions

When users log on to the bastion host in SSH, Remote Desktop Protocol (RDP), or Secure File Transfer Protocol (SFTP) mode to perform O&M operations on authorized hosts, the administrator can view the O&M session details in the console of the bastion host. In this step, the administrator can query and audit O&M operations and block high-risk sessions in the bastion host.

For more information about operations in Bastionhost, such as how to configure user groups or host groups at a time, see User Guide (V3.2). For more information about how to call API operations to perform related operations, see List of operations by function.