@white-balloon-205 Is there any guide of setting up a bastion(s)/jump host(s) for accessing EKS with workers in private subnets over several that’s accessible by iAM users in a certain group but also for accessing kubectl? Right now we’re doing public control plane but want to get away from that.
the ssh key?
01/13/2020, 5:24 PM
Not sure there’s a guide on this specifically - but I have talked to at least one user who did set this up.
Note that if you do this - you will have to do the Pulumi deployment from an environment that can reach the endpoint - so either run the Pulumi deployment from the bastion host, or vpn into the private network from the deployment environment.