Skip to content


Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Fargate Bastion

This is an example project that demonstrates the usage of AWS Fargate as a bastion host.

Basically it is a CloudFormation Stack with an ECS Task Definition that is intended to be started from your shell, whenever you need to SSH into your instances which reside in private subnets. Once the container is provisioned, it pulls host-keys and public user-keys from an S3 Bucket, configures the authorized_keys file of the ops user and finally starts the SSH daemon. The container is assigned a public IP for easy connection from everywhere with your correspending private key.

The example consists of:

  • an ECS Cluster
  • a VPC for the cluster
  • a Task Definition and a Docker Image hosted on ECR
  • an S3 Bucket to store host and user keys
  • a CloudWatch LogGroup to collect container logs
  • all neccessary IAM policies/roles

Asciinema: asciicast


You'll need installed and configured:

  • an AWS account
  • a recent aws-cli
  • AWS_DEFAULT_REGION and AWS_DEFAULT_PROFILE set in your environment correctly (Fargate is currently only available in eu-west-1, us-east-1, us-east-2, us-west-2)
  • a recent Docker installation


You can install the whole stack by running:

./ [stack-name]

Naming the stack is optional, but is required if you intend to deploy multiple stacks or want to redeploy directly after deletion (S3 resource names may not be available directly after deletion). If you choose a custom stackname during creation you must provide it again in the following executions.

After stack creation you need to upload your public key:

./upload-key.s ~/.ssh/ [stack-name]

Finally run your container, whenever you wish to connect:

./ [stack-name]

The script will output the bastion's IP by providing an SSH command:

ssh ops@ -p 42

About me

Hi! I'm Alex, a Cloud Developer passionate about DevOps, cloud-native microservices and the reactive programming paradigm. Say hi to me on Twitter: @alex0ptr.


A complete setup to run a bastion container in AWS Fargate






No releases published


No packages published