environment – 3-tier architecture intro – alternative methods of resource connection: – Bastion host – SSM – EC2 Instance Connect – demo Why we should care? – brute force attacks – exploitation of security of failure solution two - ssm – to be precise AWS System Manager Session Manager – sessions based on secure bi-directional channel – traffic is encrypted with TLS 1.2ssm - props and cons – connection needs to be installed – configuration of Ansible is possible, however annoying(aka use Saltstack) ssm - costssolution three - EC2 Instance Connect – full name: EC2 Instance Connect Endpoint – SSH/RDP