Unless you have a bastion, by default, it is impossible to connect from the outside to an AWS EC2 instance located in a private network. There are several solutions to achieve this, but I will detail the most economical mom data one with the use of SSMwith VPC endpoints.
NAT Gateway / VPC Endpoints Cost Comparison
I decided to use VPC Endpoints ↗ by comparing the price with and that of Nat Gateways ↗ :
NAT Gateway Cost : $0.05/hour + $0.05 per GB of data transferred
VPC Endpoints Cost : 0.011 USD / hour + 0.01 per PO of data transferred
To enable SSM I need 3 VPC endpoints. So the cost is much lower than NAT Gateway.
What is AWS SSM
AWS SSM , Session Manager , is part of a set of features that facilitate the management of AWS infrastructure resources . Among its features, we find session management which allows you to open an interactive shell in the browser or via the AWS CLI without going through SSH . We quickly understand that this reduces the attack surface , thus strengthening our level of security for these instances.
AWS SSM Schema
More info ↗
Setting up a private network
I will use the AWS console to create my VPC consisting of two subnets, one private and one public. It is in the private network that I will add an EC2 instance later.
To do this in the AWS console, go to VPC management ↗ , then click on [Create a VPC]. I advise you to use the [VPC and More] mode. You will not have to change anything except the name of the VPC and the address blocks.
- Board index
- All times are UTC
- Delete cookies
- Contact us