Configure a bastion host - User Guide (V3.2)| Alibaba Cloud Documentation Center

After you enable a bastion host, you can configure the security group, whitelist, and port number of the bastion host in the bastion host list. This topic describes how to configure a bastion host.

Configure a security group

You can configure a security group to allow a bastion host to access Elastic Compute Service (ECS) instances within the security group.

Log on to the Bastionhost console.
In the bastion host list, find a bastion host and click Configuration.
Select Security Group.
In the Network Settings panel, select the required security group.

Note You can select more than one security group.
After the configuration is complete, click OK.
After you select a security group, the bastion host can access ECS instances within the security group.

Configure a whitelist

By default, all public IP addresses can be used to log on to a bastion host for O&M. If you want to deny the logon requests from specific public IP addresses, you can add trusted IP addresses to the whitelist of the bastion host.

Log on to the Bastionhost console.
In the bastion host list, find a bastion host and click Configuration.
Select Whitelist.
In the Network Settings panel, specify Public IP Address Whitelist.
After the configuration is complete, click OK.
The public IP addresses that can be used to log on to the bastion host are added to the whitelist.

Configure a port number

If you want to change the O&M port of a bastion host, you can configure a port number for the bastion host.

Log on to the Bastionhost console.
In the bastion host list, find a bastion host and click Configuration.
Select Ports.
In the Port Settings panel, specify Ports.

Note The port numbers that range from 1 to 1024 are reserved for Bastionhost. We recommend that you do not specify a port number in this range.
After the configuration is complete, click OK.
The O&M port of the bastion host is configured.