reconcile bastion host template with aws-samples/startup-kit-templates

[wjordan]

It seems that a separate team at AWS has published a separate CloudFormation template to create a bastion host at aws-samples/startup-kit-templates.

The Quick Start template in this project and this newer Startup Kit template offer different implementations of the same type of solution, leading to some confusion as to which of the two solutions is the approach recommended by AWS, or if both are still current, what are the strengths/drawbacks or recommended use-cases for each.

Would it be possible to reconcile the two bastion-host templates, whether this involves deprecating one in favor of the other, or merging the features of both into a single unified and well-maintained solution?

I'm wondering if a direct comparison can be made between them, and which approach is more secure, maintainable and/or battle-tested than the other.

(Note that this is a repeat of issue #1 - this is the third time AWS has published a bastion host CloudFormation template I'm aware of.)

[andrew-glenn]

Hi Will,

We're engaging internally to determine the best path forward here. At this time, I'm hesitant to comment further on what the end-result will look like, but I'll update this issue as we know more.

Best
Andrew

[wjordan]

thanks for the update, great to hear- I mostly just wanted to make sure these two projects were both aware of and coordinating with each other moving forward 👍

[andrew-glenn]

Closing the loop: We've determined a documentation update is the best course of action, as both groups have embedded our iteration into our respective portfolios. Ryan (and team) will be updating the aws-samples content shortly to elaborate on their use-cases.

In terms of this solution, we use it as a modular inclusion within our quickstarts, so the feature-set is slightly different on the onset from the aws-samples content. With that said, there is a bit of a feature gap between the two solutions - and I've added those features (specifically MFA) to the backlog.

Let me know if you have any questions. I'm happy to continue the conversation further.

[tonynv]

@andrew-glenn has this been completed if so please update!