Simulation Controls
Visualize how admins securely reach instances in a private subnet.
Mode
Legend
🟧 Bastion SSH • 🟩 EIC IAM SSH • 🟪 SSM (no inbound ports)
Pedagogy (for tutors)
- Use the animation first for an intuitive feel of traffic flow.
- Ask: “Which method needs a public IP? Which needs IAM only?”
- Switch to MCQ tab for retrieval practice and exam-style questions.
- Use Drag & Drop games to check placement of instances, NAT, endpoints, and security groups.
VPC Diagram – Access Paths
Status: Idle – choose a mode and press Start.
MCQ Practice – Secure EC2 Access
Check your understanding of Bastion vs SSM vs EC2 Instance Connect. Click “Check answers” when ready.
Tip: Try to explain aloud why each wrong option is wrong – that’s higher-order understanding.
CloudWatch-style Log Window
Simulation, MCQ checks, and all 3 drag & drop games log to this window for tutor debriefing.
Idea: Ask students to “read the logs” and tell you which access path and which security groups were used.
CloudWolf – Bastion Hosts & Modern Alternatives
Use this alongside the simulator: pause, switch to Simulation or Games, and let students experiment.
🕹 Drag & Drop Games (with Security Groups)
Game 1: Access Paths + Security Groups ·
Game 2: VPC Layout ·
Game 3: Security Groups Focus
Score: 0
Level: 1
Time: 60s
Game 1: Access Paths + SG
🟥 Bastion Host
🟩 EC2 Instance Connect
🟪 SSM Session Manager
🟦 Private EC2
🟧 NAT Gateway
🟩 VPC Endpoint
🛡️ SG-Bastion (SSH from Admin IP)
🛡️ SG-PrivateInstance (SSH from Bastion only)
Public Subnet
Private Subnet
AWS Services Zone
VPC Endpoint Zone
Game 1: Place Bastion, EIC, SSM, Private EC2 and both Security Groups into the correct zones.
CloudWatch Logs (Games)