Are you still SSHing through a Bastion EC2 instance like a cave man?

You should check out AWS Systems Manager Session Manager.

You will need to install the Session Manager Plugin for this to work.

It has all the bells and whistles:

• Control access with the same IAM Policies you use to manage basically everything else on AWS.
• Access nodes without public IPs via AWS PrivateLink.
• It supports port forwarding so you can tunnel through to RDS, ElastiCache or any other service you wish to send and receive network traffic with.

It’s a nifty little tool that will save you the headaches of passing pem keys around like a neanderthal.