Secure AWS EC2 Instances With MFA and SSH Key Rotation
Idea The primary idea behind this architecture is to securely access EC2 instances over SSH. There are two parts to this: Secure SSH access to Bastion host using MFA. This process is explained in this AWS blog. Public and Private SSH keys to access EC2 instances from the Bastion host are rotated periodically. An AWS Blog (https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-manager-securely-store-rotate-ssh-key-pairs/) was a great help to understand this setup. It has Cloudformation scripts to setup the Bastion Host and other EC2 instances. We made few…