SSH access is absolutely a last resort, but can be necessary in certain cases (like when Filebeat breaks...). Turning SSH off completely (i.e. "No SSH") is certainly better for security and something we may pursue.
I mentioned in another comment here that SSH is just one example, we can also easily hit endpoints with curl via hostname.
Also mentioned in the post are other tools (like Grafana dashboards) have an expectation of unique hostnames.
I brought up that point since I think most developers prefer the user experience of Lambda/Kubernetes where they don't have to manage individual instances in Auto Scaling Groups. They certainly are not 'outdated' for our use cases, and especially not for those responsible for running the underlying infrastructure (when running Kubernetes nodes).
SSH access is a last resort, but it can be necessary in certain cases. For example, if our log forwarding breaks. SSH is also just one example, it can also be helpful to curl endpoints on the host directly without hitting the ELB/ALB.
The post actually provides the user_data script we use.
We absolutely put an ELB/ALB in front of these ASGs as well. The post mentions a few use cases where unique hostnames with internal Route53 records are helpful for us.
Currently working for a distributed software startup, recently put out the second alpha release of our p2p file transfer software. I have over nine years of build/release and Linux sysadmin experience. I am looking to join a new project, ideally for another distributed startup.
