Following on to this article:<p>http://programming.oreilly.com/2014/01/is-the-jump-box-obsolete.html?cmp=tw-prog-na-article-pr_is_the_jump_box_obsolete<p>The article proposes that the Jump Box / Bastion Host pattern is obsolete for many cloud deployments. I've been using a 'bastion host' pattern to access Amazon VPCs - and while the security / IP infrastructure is somewhat simpler to maintain, there really is no way to audit user access; the AWS EC2 private key infrastructure and bastion host pattern pretty much ensure every user runs as 'root'.<p>Are there better alternative for AWS (or other IaaS services in general) than the bastion host pattern?
Well, that article was written by the head of this company <a href="https://www.jumpcloud.com/about/" rel="nofollow">https://www.jumpcloud.com/about/</a> that sells an SaaS solution that builds on Chef and Puppet. More generally speaking, each DevOps framework has its own integrated solution for user account provisioning / security.
Also see: 13 Practical and Tactical Cloud Security Controls in EC2
<a href="http://www.tuicool.com/articles/NbIz6z" rel="nofollow">http://www.tuicool.com/articles/NbIz6z</a>