Maintaining evergreen EC2 bastions with Pulumi
· 8 min read
Bastion hosts are disposable infrastructure, yet they are often set up with the same weight as long-lived servers. Hardcoded AMI IDs, SSH key pairs, x86 instances. A bastion should be cheaper, more secure, and self-updating. Three practices get you there: Graviton for cost, Session Manager for access, and SSM parameters for always launching the latest AMI. Like evergreen browsers that update silently in the background, an evergreen bastion always runs the current latest image without anyone touching the config.