One to read: “Stop exposing port 22 to the world. It’s time to rework your remote access methods – toolr.io”
As found on Cloud burst… causing a flood of snippets by my colleague, this post details how to set up AWS SSM to replace your bastion host in AWS with authentication tied to your AWS account. Looks impressive, and means you can have an entirely SSH-ingress-free environment! Win!