Understanding Bastion based on the related guide

[timworx]

The related tutorial mentions setting up a bastion host:

eks-cluster.tf provisions all the resources (AutoScaling Groups, etc...) required to set up an EKS cluster in the private subnets and bastion servers to access the cluster using the AWS EKS Module.

Looking through the guide + codebase, I don't understand this. My understanding is that a bastion host would be something like an EC2 that I would ssh into in order to access the rest of the cluster.

Does it mean something else here?

Also, the security groups have ingress entries for port 22 from 192.168.0.0/16 and 172.16.0.0/12, what is the significance of these IPs? (they are not the CIDR blocks of my VPC, for example)

[Huang-W]

I don't understand the bastion host part either.

But the significance of those IP ranges is found here: https://docs.amazonaws.cn/en_us/eks/latest/userguide/create-cluster.html

(Optional) Choose Configure Kubernetes Service IP address range and specify a Service IPv4 range if you want to specify which CIDR block Kubernetes assigns service IP addresses from. The CIDR block must meet the following requirements:

Within one of the following ranges: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16.

Between /24 and /12.

Doesn't overlap with any CIDR block specified in your VPC.

[Blobonat]

Any more details regarding the Bastion host? The config files do not provide any information regarding the provisioning of a Bastion host.