A bastion host is a secure host that accepts SSH connections only from trusted sources. A trusted source is the static IP address of your internet connection. This ensures that the access to your AWS resource is from a machine from within your network. A bastion is used to administer your AWS network and instances. All instances accept SSH connections only from the bastion security group.