Jump Server (Bastion Host)

What is AWS EC2?

• Amazon Elastic Compute Cloud (Amazon EC2) provides on-demand, scalable computing capacity in the Amazon Web Services (AWS) Cloud. Using Amazon EC2 reduces hardware costs so you can develop and deploy applications faster.

• You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage.

• You can add capacity (scale up) to handle compute-heavy tasks, such as monthly or yearly processes, or spikes in website traffic. When usage decreases, you can reduce capacity (scale down) again.

• An EC2 instance is a virtual server in the AWS Cloud. When you launch an EC2 instance, the instance type that you specify determines the hardware available to your instance. Each instance type offers a different balance of compute, memory, network, and storage resources.

Micro EC2 Instance (t2.micro / t3.micro)-

“Micro” is the smallest general-purpose EC2 instance size (e.g., t2.micro, t3.micro). These are burstable performance instances:

• Provide a small baseline CPU (e.g., 10–20% of a vCPU), but can burst to full capability using CPU credits.

• Ideal for lightweight workloads like small databases, dev/test environments, blogs, proxies.

What is AWS EKS?

• Amazon Elastic Kubernetes Service (EKS) is a fully managed service that runs the Kubernetes control plane on your behalf. It automates provisioning, scaling, patching, and availability of the cluster masters. You deploy your containerized workloads (pods) via Kubernetes tooling, while EKS handles the control plane.

Jump Server/Bastion Host

• A Jump Server (or Jump Host or Jump box) is a special-purpose server on a secure network used to connect to devices in a separate security zone (e.g., internal network).

  You "jump" from this server to others inside the private network.

• It acts as a gateway or stepping stone to access other systems that are in a different zone (typically more secure/internal).

• Example Use Case:

  • You are an administrator and want to access an internal database server that is not publicly accessible.

    The flow might look like:

    

• A Bastion Host is a jump server placed in a public subnet (DMZ- Demilitarized Zone) and is hardened (i.e., highly secured) to withstand attacks. It allows access to a private network from the outside world.

  You can think of a Bastion Host as a type of Jump Server, but with additional focus on security hardening and public exposure.

NOTE: 👉 All Bastion Hosts are Jump Servers, but not all Jump Servers are Bastion Hosts.

Source

• If you want to check the video, refer below links:

  1. https://youtu.be/9FN31QDLyFs?si=sajlmKdLByrJrOET

  2. https://youtu.be/L3ZMjTNr3x0?si=uecNJ-cKZf7lM1W6

---

IP CIDR

What is IP CIDR?

• CIDR stands for Classless Inter-Domain Routing.

• It is a method used to allocate IP addresses and route IP packets more efficiently than the older class-based system.

• CIDR (Classless Inter-Domain Routing) consists of two key components:

  1. Base IP Address (or Network Address)

     • This is the starting address of the IP block.

     • It defines the network identity.

     • Example:
       In 192.168.1.0/24, the base IP is 192.168.1.0.

  2. Subnet Mask (or Prefix Length)

     • Expressed as a slash ("/") followed by a number (e.g., /24), this indicates how many bits are reserved for the network portion of the address.

     • The remaining bits are for host addresses.

     • Example:

       • /24 means the first 24 bits are network bits.

       • This corresponds to the subnet mask: 255.255.255.0.

Fixed IP CIDR

• Refers to a CIDR block reserved for fixed/static IPs.

• These IPs do not change — often used for servers, VPNs, or services requiring a constant IP address.

• Example: You might reserve 203.0.113.0/28 as a fixed IP CIDR block for backend infrastructure.

• Useful when configuring firewall rules, whitelisting, or DNS, where IPs must be stable.

Key Differences between IP CIDR (General) and Fixed IP CIDR

Background: IP Addressing Basics

• An IP address is a unique identifier assigned to each device on a network. It comes in two versions:

  • IPv4 (e.g., 192.168.1.1)

  • IPv6 (e.g., 2001:0db8:85a3::8a2e:0370:7334)

• IPv4 addresses are 32-bit numbers, typically written as four decimal octets separated by dots (e.g., 192.168.0.1).

The Problem with Classful Addressing

• Originally, IP addresses were divided into classes:

• This led to wasted IP addresses — for example, a company might need 1,000 IPs but would get a Class B (65,000+ addresses), wasting most of them.

CIDR Notation: The Fix

• CIDR removes the concept of fixed classes and instead uses a prefix to indicate how many bits of the IP address are used for the network.

• CIDR Format: <IP Address>/<Prefix Length> OR Base IP/Subnet Mask (in bits)

  • Examples:

    • 192.168.1.0/24 means the first 24 bits are the network portion.

    • 10.0.0.0/8 means the first 8 bits are the network.

    • 172.16.5.32/27 → 27 bits are network bits; remaining 5 bits (32-27) are for hosts.

    • 0.0.0.0/0 → It means all IPs are allowed

CIDR vs Subnet Mask

• CIDR /24 is the same as subnet mask 255.255.255.0.

Note: Usable hosts = 2^(32 - CIDR) - 2 (one for network ID, one for broadcast)

CIDR Example in Practice

• CIDR Block: 192.168.1.0/26

  • Binary: 11000000.10101000.00000001.00xxxxxx

  • Network bits: 26

  • Host bits: 6 → 2⁶ = 64 addresses → 62 usable hosts

  • Range: 192.168.1.0 to 192.168.1.63

    • Network address: 192.168.1.0

    • Broadcast address: 192.168.1.63

    • Usable range: 192.168.1.1 to 192.168.1.62

• Using CIDR.XYZ, we can “Visualize and Calculate Network Ranges with IPv4 CIDR Blocks”.

CIDR Aggregation (Supernetting)

• CIDR can group multiple IP subnets into a supernet:

  • Example:

    • Combine 192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24, and 192.168.3.0/24

    • Aggregated as 192.168.0.0/22

Source

If you want to check the video, refer below links:

1. https://youtu.be/OqsXzkXfwRw?si=yQ-9SAjv8Jh4p2aB

2. https://youtu.be/I_LXaIg6mkM?si=Tpe3u95pC8drfTax