Is it necessary to contract a floating IP for each virtual instance?

Q. Is it necessary to contract a floating IP for each virtual instance?

If you want to connect directly to a virtual instance, you need to contract a floating IP for each instance.

On the other hand, it is also possible to assign a floating IP to only one instance and use it as a “bastion host,” connecting to other instances via this bastion host.

Configuration Example:

1. Create a bastion host instance
Create a security group named “bastion-sg” and assign it to the bastion host instance

　【Direction: Inbound】
　　・Rule: SSH
　　・Source: CIDR
　　・CIDR: 0.0.0.0/0
　　* Please configure the source CIDR to match your environment. Add other inbound rules as needed, depending on your requirements.

　【Direction: Outbound】
　　・any
　　* While “Outbound: any” is convenient, it also comes with security risks.
　　　If the instance is used solely as a bastion host and external communication is unnecessary, follow the principle of least privilege and allow only the minimum necessary traffic.

Create a security group named “target-instance-sg” and assign it to the target instances

　【Direction: Inbound】
　　・Rule: SSH
　　・Source: Security Group
　　・Security Group: “bastion-sg”

　【Direction: Outbound】
　　・any

※The bastion host and the target instances must be on the same network.