A bastion host, or jump box, is often utilised to provide remote access to resources within a private network, and as a result they need hardened security measures to reduce the risk of compromise.

When using AWS there is no need for bastion hosts!

You can access your instances through Session Manager, which is a feature of AWS Systems Manager. If you are using specific AWS provided Amazon Machine Images (AMIs) they might come with the Session Manager configured out of the box, and you can manually add the AWS Systems Manager (SSM) agent for use with those that aren't and your own custom AMIs. The standard Amazon Linux images are preconfigured.

With Session Manager configured you can access your instances within the browser, using PowerShell or Bash. You can also use the AWS CLI or AWS SDK.

You no longer have to manage key pairs, and you can close off those ports you have exposed for SSH or RDP. The overall experience is the same whether you use Linux, Windows, or a combination of both.

Access can be controlled centrally with AWS Identity & Access Management (IAM), which means you can restrict access in the same ways that you would for other AWS resources.

With Session Manager you also get connection events tracked via AWS CloudTrail, and you can enable key stroke logging to be sent to Amazon S3 or the Amazon CloudWatch service.

Session Manager is an AWS managed service, which removes the need for managing your own servers to connect to your private instances, and reduces your overall attack surface. I can't see any reason to use a bastion host in AWS.