Ugly Green Logo

Container Registry

Download Website

GitHub Organization

Slack Workspace

October 16, 2022

Using AWS Cloud9 as a Bastion Host

by John Lukach


I originally wrote a blog post about getting rid of my local development environment that used AWS Cloud Development Kit (CDK) in October 2020. I figured it was time to provide an updated configuration on using AWS CLoud9 as a Bastion Host.


Create a no-ingress EC2 instance for simplified environment access via System Manager using a t3.small running Amazon Linux 2 with a thirty-minute timeout.


Another benefit of using Cloud9 is it takes care of the Identity Access Management (IAM) and Network connectivity to my cloud environment.


All set to create the bastion host!


Cloud Development Kit (CDK) typically has regular weekly updates.

$ npm install -g aws-cdk
npm ERR! code EEXIST
npm ERR! path /home/ec2-user/.nvm/versions/node/v16.17.1/bin/cdk
npm ERR! EEXIST: file already exists
npm ERR! File exists: /home/ec2-user/.nvm/versions/node/v16.17.1/bin/cdk
npm ERR! Remove the existing file and try again, or run npm
npm ERR! with --force to overwrite files recklessly.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/ec2-user/.npm/_logs/2022-10-15T12_22_05_246Z-debug-0.log

Occasionally the NPM update needs to be forced on a fresh install.

$ npm install -g aws-cdk --force
npm WARN using --force Recommended protections disabled.

added 1 package, and audited 2 packages in 1s

found 0 vulnerabilities

SSH Keys will be used for access to GitHub for source code management.

$ ssh-keygen -t rsa
$ cat ~/.ssh/
$ eval $(ssh-agent -s)
$ ssh-add ~/.ssh/id_rsa


Author setup is required, so pull requests show up as the GitHub user, not the EC2 device.

$ git config --global "John Lukach"
$ git config --global <GitHub Email>
$ git commit --amend --reset-author


Lastly, Cloud9 leaves temporary files .~c9 if it has issues that we do not want merged.

$ echo .~c9* > ~/.gitignore
$ echo cdk.context.json >> ~/.gitignore
$ git config --global core.excludesfile ~/.gitignore
tags: Amazon - AWS - Bastion - CDK - Cloud9 - Linux