After deploying application servers, synchronize bastion host users to the servers and create matching accounts. After successful synchronization, operations staff can use these accounts to log in to application servers and perform maintenance tasks.
Synchronize Accounts to Application Servers
Do not modify or delete synchronized accounts on the application server. Doing so may prevent login and disrupt maintenance operations.
The application server security group must allow inbound traffic on port 50051 from the bastion host for account synchronization.
Log on to the Bastionhost console. In the top navigation bar, select the region where your Bastionhost instance is located.
In the list of Bastionhost instances, find the target instance and click Manage.
In the navigation pane on the left, choose .
On the Application Servers tab, find the target application server. In the Actions column, click Synchronize Account.
In the Synchronize Account panel, configure the following parameters:
Auto/One-Click Sync Scope: Select All Users to sync all users, or select Specify User Group to sync a specific user group.
Auto Account Synchronization: Enable to automatically synchronize accounts to the application server on a schedule.
If you modified any configuration, click Update to apply the changes.
Click Sync Now to start synchronizing accounts.
Related Operations
Delete an application server: On the Application Servers tab, find the target application server. In the Actions column, click Delete.
Deleting an application server also removes its associated remote clients and applications. Proceed with caution.
When you delete an application server host on the Host Management page, the associated remote clients and applications are also deleted.