[embedding-shape]

> airgapped except for a bastion host that acts as a gateway

First time I've heard of an airgapped system you could access remotely. Doesn't that kind of defeat the label "airgapped"? I think I'd just call that "isolated" at that point instead.

[debarshri]

This concept is related to PAM. You often have to do ops on infra and need some DMZ to do the ops. In regulated industry you have to record every operations done by the person and have to follow principle of least privilege. This what should happen in an ideal world.

[embedding-shape]

> You often have to do ops on infra and need some DMZ to do the ops.

This makes sense, "bastion" hosts and similar things is fairly common too. What's not common is calling those "airgapped", because they're clearly not.

[hnlmorg]

I agree. They’re network enclaves. Which isn’t the same thing as an air gapped network.

[zcw100]

You can have a network enclave in an air gapped network.

[hnlmorg]

Of course you can. But you cannot connect to an air gapped network from outside of it via a bastion.

Which is what we are specifically discussing.

[zcw100]

What your discussing is a tautology so it is not clear.

[debarshri]

Airgapped is a different concept altogether.

[embedding-shape]

I'm glad we agree :)

[SigmundA]

Logically air gapped :)

https://docs.aws.amazon.com/aws-backup/latest/devguide/logic...

[dijit]

AWS likes to redefine things.

Air gapped means... there is nothing except air in the gap between systems.

A physical tether would defeat it.

Now, I pedant could start talking about wifi, but air-gapping is a concept older than the internet. (It stems from plumbing where there's air that prevents back leakage of contamination).

https://en.wikipedia.org/wiki/Air_gap_(networking)

[rzzzt]

The moat!