A Bastion Native Client often operates with a "Zero Trust" mindset. Unlike a standard SSH client which might connect directly to an IP, the native client often acts as a broker:
The Bastion Native Client is a solid choice for users who need to securely access and manage their AWS resources from their local machine. While it has some limitations, its ease of use, security features, and flexibility make it a valuable tool for AWS administrators and developers. bastion native client
Integrates with Microsoft Entra ID (formerly Azure AD) for multi-factor authentication (MFA) and conditional access rules. How to Configure Bastion for Native Client Connections A Bastion Native Client often operates with a
az network bastion rdp --name --resource-group --target-resource-id . Integrates with Microsoft Entra ID (formerly Azure AD)
For scenarios where you need to use a custom tool or a port other than 3389 (RDP) or 22 (SSH), the native client supports . By running az network bastion tunnel , you create a local loopback address (e.g., 127.0.0.1:5000 ) that forwards traffic directly to a specific port on the target VM. This is essential for: