Bastion Hosts in VPC Private Subnets | Teradata VantageCloud Enterprise on AWS (DIY) - Bastion Hosts in VPC Private Subnets

Bastion Hosts in VPC Private Subnets | Teradata VantageCloud Enterprise on AWS (DIY) - Bastion Hosts in VPC Private Subnets - Teradata® VantageCloud Enterprise on AWS

VantageCloud Enterprise on AWS (DIY) Installation and Administration Guide - 3.2.0.0

Deployment

VantageCloud

Edition

Enterprise

Product

Teradata® VantageCloud Enterprise on AWS

Release Number

3.2.0.0

Published

March 2026

ft:locale

en-US

ft:lastEdition

2026-04-06

dita:mapPath

cnb1751049708013.ditamap

dita:ditavalPath

eps1751058592388.ditaval

dita:id

jnv1467245119674

Product Category

Cloud

Bastion hosts allow you to securely connect to EC2 instances running in VPC private subnets without exposing them to the Internet. A bastion host is set up in the public subnet and acts as a proxy/jump server and it should be configured with a high level of security. Consult your security administrator to configure a bastion host.

VPC subnets connected through a bastion host.

To connect to EC2 instances in VPC private subnets securely, use SSH agent forwarding. SSH agent forwarding improves security by not exposing the management ports of your EC2 instances to the Internet or to other subnets in your VPC. For information on how to configure SSH agent forwarding, see https://aws.amazon.com/blogs/security/.