This topic describes how to purchase a bastion host of the Basic Edition and log on to the console of the bastion host.
Step 1: Purchase a bastion host
Visit the Bastionhost buy page.
On the Bastionhost buy page, choose bastion host specifications based on the following table. Then, click Buy Now and complete the payment.
Parameter
Example
Description
Region
Singapore
The region in which you want to purchase a bastion host. We recommend that you select the region in which your asset resides.
If your bastion host and the asset are not in the same region, the bastion host and the asset cannot access each other over an internal network. In this case, you must use Cloud Enterprise Network (CEN) or the network domain feature of Bastionhost to implement cross-region access over an internal network.
For more information about CEN, see What is CEN?
For more information about the network domain feature, see Use the network domain feature.
WarningYou cannot change the region after the bastion host is created.
Version
Basic Edition
The edition of the bastion host. For more information, see Instructions on Bastionhost edition selection.
Plan
50
The number of server assets that the bastion host can manage.
Extra Bandwidth
0
By default, the plan that you purchase comes with a certain amount of public bandwidth. If the default public bandwidth cannot meet your requirements, select an extra bandwidth plan when you purchase a bastion host.
Valid values: 0 to 200. Unit: Mbit/s. The value must be a multiple of 10.
Extended Storage Plans
0
When you purchase a bastion host, a specific amount of storage space is automatically configured. If the storage space cannot meet your business requirements, configure the Extended Storage Plans parameter when you purchase a bastion host.
Resource Group
Default Resource Group
The resource group to which the bastion host belongs.
Quantity
1
The number of bastion hosts that you want to purchase.
Duration
1 Month
The validity period of the bastion host.
NoteWe recommend selecting Auto-renewal. This prevents your service from being affected when bastion hosts are stopped or released due to expiration. If you select Auto-renewal, fees are automatically deducted from your account balance based on the actual prices before the instance expires. The auto-renewal cycle is one month. You can disable auto-renewal at any time.
NoteFor more information about the billing of Bastionhost, see Billing.
Step 2: Enable the bastion host and log on to the console of the bastion host
Log on to the Bastionhost console.
When logging on to the Bastionhost console for the first time, you must create a service-linked role that is used to enable the bastion host features. You can create the role as prompted.
In the top navigation bar, select the region where your bastion host resides. In the bastion host list, find the target bastion host and click Enable.
In the Enable panel, configure the parameters.
NoteThe configuration of Bastionhost Basic Edition differs from that of other Bastionhost editions. If you purchase a non-basic edition of Bastionhost, see Enable a bastion host.
Parameter
Description
Select Network
Select a virtual private cloud (VPC) and vSwitch for the bastion host.
Select a VPC: After the bastion host is enabled, you cannot change the VPC. To ensure that the bastion host can communicate with the Elastic Compute Service (ECS) instance or ApsaraDB RDS instance that you want to maintain over an internal network, select the VPC in which the ECS instance or ApsaraDB RDS instance resides.
Select a vSwitch: A bastion host of the Basic Edition uses three available IP addresses of a vSwitch. When you select a vSwitch, ensure that the vSwitch has sufficient available IP addresses. If the selected vSwitch does not have available resources, the bastion host fails to be enabled. If the bastion host fails to be enabled because the selected vSwitch cannot provide the required resources, select another vSwitch and enable the bastion host again. You can also create a vSwitch to use before you enable the bastion host. For more information, see Create a vSwitch.
NoteAfter selecting a vSwitch for a bastion host of the Basic Edition, you can manually switch the zone of the vSwitch. For more information, see Configure a bastion host.
ECS Security Group
Before enabling a bastion host, you must add it to at least one basic security group. If no basic security group is available, create one. For more information, see Create a security group. After you add a bastion host to a basic security group, a security group rule is automatically generated to allow the bastion host to access all ECS instances in the security group.
You cannot add a bastion host to an advanced security group or a managed security group. If your ECS instance belongs to either of them, you cannot select the security group. In this case, manually create a basic security group to enable the bastion host.
NoteAfter you enable the bastion host, manually configure its egress IP addresses in the advanced security group if you want your ECS instance in the advanced security group to communicate with it. To obtain the egress IP addresses of the bastion host, see Configure a bastion host. To add rules to a security group, see Add a security group rule.
After enabling the bastion host, you can change the security group to which the bastion host belongs. For more information, see Configure a security group.
After you enable the bastion host, manually configure its egress IP addresses in the security group to implement network communication if access by the bastion host to the assets in a security group is blocked. For more information, see Add a security group rule.
Click Next. After the parameters pass the check, click Enable.
The status of the bastion host changes to Initializing. It takes 10 to 15 minutes for the bastion host to be initialized. After the initialization is complete, the status of the bastion host changes to Running. The bastion host is enabled.
After the bastion host is enabled, you can click Manage to go to the console of the bastion host.