From 5d7828bd0952507a8411ea9eaa7db8c381657727 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 22 Jul 2024 17:10:44 -0400
Subject: [PATCH 1/2] add folder in location

---
 .../iebcloud-jump-host/iebcloud-jump-hosts.md | 57 +++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 aws/proposals/iebcloud-jump-host/iebcloud-jump-hosts.md

diff --git a/aws/proposals/iebcloud-jump-host/iebcloud-jump-hosts.md b/aws/proposals/iebcloud-jump-host/iebcloud-jump-hosts.md
new file mode 100644
index 00000000..f628dc8f
--- /dev/null
+++ b/aws/proposals/iebcloud-jump-host/iebcloud-jump-hosts.md
@@ -0,0 +1,57 @@
+# AWS Cloud Jump Host - Bastion Server
+
+This document is to cover the use case and purpose of CSVD's use of Jump Hosts.
+
+<!-- add additional information here -->
+
+# Links
+
+<!-- list product documentation links which apply to this setup -->
+<!-- list any internal links to other portions of documentaiton, such as sharepoint -->
+
+# Why
+
+<!-- describe the reasoning behind this setup, what the applijcaiton will do with these things, etc -->
+
+# What
+
+<!-- describe what this will be doing. For example, we need an IAM policy and an IAM role with that policy,
+distributed to each account. A central AWS account (list details) will use an instance role
+and is able to assume the created role in every account. etc.  -->
+
+# Where
+
+<!-- describe where this setup needs to be executed.  We have multiple AWS organizations: ent-ew (commercial),
+ent-gov (primary one), and lab-gov (not addressed here, nor visable from the ent-gov).  We will need to 
+accomodate all of them.  Also separate stuff that runs in the morpheus account(s) and stuff in target accounts -->
+
+# When
+
+<!-- list notional dates for when this sort of thing is needed -->
+
+# Who
+
+<!-- describe the user base, where they access from, how frequently it is used, how the users access it, etc. -->
+
+# How
+
+<!-- describe technical detail, as needed, how one implements in TF or whatever.  Some of this will be split out
+into stacksets in another account.  Provide a diagram if you have one, clean with simple boxes and arrows.  -->
+
+<!-- add other sections which seem to make sense -->
+
+# Links
+
+AWS provides some resources for problems of this shape to consider:
+
+1. https://aws.amazon.com/solutions/implementations/linux-bastion/
+1. https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/access-a-bastion-host-by-using-session-manager-and-amazon-ec2-instance-connect.html
+1. https://aws.amazon.com/blogs/containers/scale-to-15000-tasks-in-a-single-amazon-elastic-container-service-ecs-cluster/
+1. https://elasticscale.com/get-a-cheap-vpn-into-your-aws-vpc-and-worldwide-performance-improvement-through-cloudflare-tunnels/
+1. https://aws.amazon.com/blogs/desktop-and-application-streaming/use-elastic-fleets-and-linux-for-inexpensive-secure-bastion-hosts-in-amazon-appstream-2-0/
+
+
+# CHANGELOG
+
+* 0.0.1 -- 2024.07.22
+  - wip

From 401e3db523283d180d16c36778df6fc65db80762 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 22 Jul 2024 22:27:03 -0400
Subject: [PATCH 2/2] updates

---
 .../iebcloud-jump-host/iebcloud-jump-hosts.md        | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/aws/proposals/iebcloud-jump-host/iebcloud-jump-hosts.md b/aws/proposals/iebcloud-jump-host/iebcloud-jump-hosts.md
index f628dc8f..a9fabb24 100644
--- a/aws/proposals/iebcloud-jump-host/iebcloud-jump-hosts.md
+++ b/aws/proposals/iebcloud-jump-host/iebcloud-jump-hosts.md
@@ -4,10 +4,16 @@ This document is to cover the use case and purpose of CSVD's use of Jump Hosts.
 
 <!-- add additional information here -->
 
-# Links
+Things to consider:
+- multi-user access
+- runs terraform/support repo tools
+- should be used for application container development? (currently blocked by sudoers/and something else asking for UID/GID)
+- runs aws cli for interaction with all environemnts
+- if we had linux we could use AWS Workspaces?
+- eks cluster with pod per user?, shared efs mount for data?
+- ???
+
 
-<!-- list product documentation links which apply to this setup -->
-<!-- list any internal links to other portions of documentaiton, such as sharepoint -->
 
 # Why