After you purchase a bastion host, you must enable the bastion host to use its features.
This topic describes how to enable a bastion host.
Background information
The newly purchased bastion host is uninitialized. You must enable the bastion host
to use its features.
Procedure
- Log on to the Bastionhost console.
- In the bastion host list, find the bastion host that you want to enable and click
Run.

- In the Run panel, configure the parameters.

The following table describes the parameters.
Parameter |
Description |
Network |
Select a virtual private cloud (VPC) and vSwitch for the bastion host.
Notice
- After the bastion host is enabled, you cannot change the VPC and vSwitch.
- To ensure that the bastion host can communicate with the Elastic Compute Service (ECS)
instance that you want to maintain over an internal network, we recommend that you
select the VPC in which the ECS instance resides.
- If the selected vSwitch does not have available resources, the bastion host fails
to be enabled. If the bastion host fails to be enabled because the selected vSwitch
cannot provide the required resources, select another vSwitch and enable the bastion
host again. You can create a vSwitch to use before you enable the bastion host. For
more information, see Create a vSwitch.
|
Security Group |
Select the security group of the required ECS instances.
Note
- A bastion host must be added to at least one basic security group before the bastion
host can be enabled. After the bastion host is enabled, you can modify security groups
to which the bastion host belongs. After a bastion host is added to a basic security
group, a security group rule is automatically generated to allow the bastion host
to access all ECS instances in the security group.
- You can also manually configure a security group rule for a bastion host. After you
configure a security group rule for the bastion host, you do not need to add the bastion
host to a security group. For more information, see Add security group rules.
- You cannot add a bastion host to an advanced security group. You must manually configure
a rule for an advanced security group to implement network communication. For more
information, see Add security group rules.
|
- Click OK.
The status of the bastion host changes to
Initializing.
Note It requires about 20 minutes for the bastion host to be initialized. Wait until the
initialization is complete. After the initialization is complete, the status of the
bastion host changes to Running. The bastion host is enabled.

Result
After the bastion host is enabled, you can click
Manage to go to the console of the bastion host.
