Aren’t you missing one of the key bastion benefits? that you can configure it using whatever authentication system you want, and use that as a edge delegation point almost. The AWS provided filtering tools (NACL/SG) only filter at the IP level — they don’t provide authentication. Most scenarios where I’ve recommended them, they are used for this dual benefit.

Technical Trainer, Cloud Architect, Tech, Productivity & Efficiency Obsessed wannabe minimalist.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store