After you purchase a bastion host, you must enable the bastion host to use its features. This topic describes how to enable a bastion host.

Background information

The newly purchased bastion host is uninitialized. You must enable the bastion host to use its features. For more information about how to purchase a bastion host, see Purchase a bastion host.

Procedure

  1. Log on to the Bastionhost console.
    When you log on to the Bastionhost console for the first time, you must create a service-linked role that is used to enable the bastion host features. You can create the role as prompted.
  2. In the top navigation bar, select the region where your bastion host resides.
  3. In the bastion host list, find the bastion host that you want to enable and click Run.
  4. In the Enable Bastion Host panel, configure the parameters. Configure parameters
    The following table describes the parameters.
    Parameter Description
    Select Network Select a virtual private cloud (VPC) and vSwitch for the bastion host. Take note of the following items:
    • After the bastion host is enabled, you cannot change the VPC and vSwitch.
    • To ensure that the bastion host can communicate with the Elastic Compute Service (ECS) instance that you want to maintain over an internal network, we recommend that you select the VPC in which the ECS instance resides.
    • If the selected vSwitch does not have available resources, the bastion host fails to be enabled. If the bastion host fails to be enabled because the selected vSwitch cannot provide the required resources, select another vSwitch and enable the bastion host again. You can create a vSwitch to use before you enable the bastion host. For more information, see Create a vSwitch.
    Select Security Group Select the security group of the required ECS instances. Take note of the following items:
    • A bastion host must be added to at least one basic security group before the bastion host can be enabled. After the bastion host is enabled, you can modify security groups to which the bastion host belongs. After a bastion host is added to a basic security group, a security group rule is automatically generated to allow the bastion host to access all ECS instances in the security group.
    • You can also manually configure a security group rule for a bastion host. After you configure a security group rule for the bastion host, you do not need to add the bastion host to a security group.
    • You cannot add a bastion host to an advanced security group. You must manually configure a rule for an advanced security group to implement network communication.
    • You cannot add a bastion host to the security groups managed by cloud services. If you have only security groups managed by cloud services, you must create a basic security group.
    Note For more information, see Add a security group rule.
  5. Click Next. After the parameters pass the check, click Enable.
    The bastion host is enabled and is being initialized. The initialization requires 10 to 15 minutes. After the initialization is complete, the status of the bastion host changes to Running. The bastion host is enabled.

What to do next

After the bastion host is enabled, you can click Manage to go to the Bastionhost console. For more information, see Log on to the console of a bastion host.