How to connect to a webserver on ec2 'privately'

Question

I have a little web application deployed on an ec2 instance and I'd like to test it without making it publicly available.

Using an elastic IP does not solve my issue because the IP would then expose it to the outside world and we are not ready for this yet.

I'm aware of Amazon VPC but it seems a bit overkill since I don't need all those functionalities and I don't want to deal with the set up. All I need is to be able to hit the webserver by using a private IP or something like that.

Is there a quick and dirty solution for this?

Answer 1

If you want an EC2 instance that is truly private, you need to look at launching it inside of a VPC. You'll want a Bastion Host in your public subnet and your instance in the private subnet.

Answer 2

Create a security group that only allows traffic from your IP (the IP of the machine running the browser where you will do the testing) to the web server port (80, probably) and assign this security group to your ec2 instance.

This way only you can access the web app.

If you need to work from different locations, write a simple script to update the security group and add your current IP. These changes are applied immediately and do not require a restart. You can grab your current IP from whatismyip and use the Amazon SDK to update the security group.

Answer 3

You could setup your web server to listen only on 127.0.0.1 (rather than 0.0.0.0) and then use SSH to tunnel a connection from your local machine to the instance.

From your desktop, setup the SSH connection:

$ ssh -L 3000:localhost:80 ec2-user@ec2-instance.amazonaws.com

Then visit http://localhost:3000 in your browser and it will forward port 3000 on your desktop to port 80 on the instance, via the SSH connection.

Answer 4

You don't need an EIP to access your instance - it has a public DNS name associated with it automatically.