Connect to a web application in private through bastion host for my local machine in aws

Question

I have an EC2 instance running in AWS and here's the scenario I'm trying to achieve. I have a VPC setup with 3 subnets. 2 of them are private with no access to the internet (even using a NAT gateway/NAT instance), and another is a public subnet.

• Bastion Host configured with Public IP (55.55.55.55 for example) in the public subnet.
• I have ec2 instance launched in a private subnet that hosts my application, and I want my users to be able to access the application from their workstation browsers.

If I set up the SSH connection as discussed here, it works perfectly fine for the web browser page set up on my bastion host. However, for my use case, I need to achieve another level of SSH forward like above as my application is in the private subnet for that application to be accessible from my local machine. Is that possible somehow? I also need to make sure there are no issues with the DNS.

Answer 1

ssh -N <Bastion_IP/HostName> -L<LocalPort>:<Internal_IP_of_Web_Server>:<WebServer_Port>

Then you can access the webserver http://localhost:<LocalPort>/

Answer 2

Assuming you have a web application on ec2 in a private subnet and you want to make it available for access outside AWS.

You can setup port forwarding on your bastion host following this tutorial, but I suggest you use a load balancer (ELB) as described in this guide. To use an ELB you will need another public subnet in a different AZ. If you're application is serving HTTP traffic, then it's even better to use a Application ELB (ALB). Here is more info about ALB.