This topic describes how to perform O&M operations in an efficient and secure manner and audit O&M sessions after you create a bastion host in Bastionhost V3.2.
The following table describes the steps.
|Step 1: Synchronize ECS instances||The administrator adds the asset to be managed to the bastion host. In this step, the administrator can synchronize the Elastic Compute Service (ECS) instances that belong to the current Alibaba Cloud account to the bastion host and create host accounts.|
|Step 2: Import Alibaba Cloud RAM users||The administrator adds local users or import RAM users to the bastion host. In this step, the administrator can import RAM users to the bastion host.|
|Step 3: Grant permissions on assets and asset accounts||The administrator authorizes specific users to perform O&M operations on specific assets and asset accounts. In this step, the administrator authorizes specific users to perform O&M operations on specific hosts and host accounts.|
|Step 4: Perform O&M operations on hosts||Users (O&M engineers) access authorized assets and perform client-based or web-based O&M.|
|Step 5: Audit O&M sessions||When users log on to the bastion host in SSH, Remote Desktop Protocol (RDP), or Secure File Transfer Protocol (SFTP) mode to perform O&M operations on authorized hosts, the administrator can view the O&M session details in the console of the bastion host. In this step, the administrator can query and audit O&M operations and block high-risk sessions in the bastion host.|
For more information about operations in Bastionhost, such as how to configure user groups or host groups at a time, see User Guide (V3.2). For more information about how to call API operations to perform related operations, see List of operations by function.