Reputation:
NAT Gateways-how do you go about SSH'ing into the private EC2?
When you set up an EC2 instance in a private subnet to access the internet through a NAT gateway (with all the necessary routing and association through route table), how do you go about SSH'ing into the private EC2?
For example, EC2 in the NAT Gateway public subnet and making a connection through the public EC2 to the private EC2.
Upvotes: 3
Views: 1762
Answers (3)
Reputation: 35188
As the instance is in a private subnet you will need to use a method to connect to this privately. There are many options to choose from, they will vary in cost and complexity so ensure you read each one first.
- Site-to-site VPN - Using this method a managed VPN is added to your VPC and connected to your on-premise via hardware configuration. Your security groups will need to allow your on-premise CIDR range(s) to allow connection.
- Client VPN - Using either AWS solution, or a third party from the marketplace (such as OpenVPN) you can establish a connection using either a local program or HTTPS in your browser.
- SSM Sessions Manager - Access your EC2 instance via the AWS console or using the CLI, portrayed as a bash interface without using SSH to authenticate. Instead IAM is used to control permissions and access.
- Bastion host - A public instance that you can connect to as an intermediary either using SSH to connect to before accessing your hsot, or as a proxy for your commands.
Upvotes: 0
Reputation: 238209
There are three options that are commonly used:
Use a bastion host in a public subnet. First you ssh to the bastion, and then ssh from the bastion to the private ec2. This usually requires copying private ssh key to the bastion so that you can use it there to ssh to the private subnet.
Use a SSM session manager. This probably would be the easiest option to setup as you already are using NAT and it requires special instance role.
Use a VPN. Probably the most complex solution but also used nevertheless.
Upvotes: 1
Reputation: 429
NAT Gateway is for outgoing traffic only.if you have to access the private EC2 instance then you need bastion on public subnet in same VPC. OR VPN to connect or AWS system manager.
Upvotes: 3
Related Questions
- AWS : SSH to private subnet EC2 instance from public subnet EC2 instance via NAT GATEWAY is not happening
- Providing internet access to private Ec2 instance using NAT instance
- How to create a NAT Gateway in AWS?
- Connecting AWS NAT GW to the web
- Port forwarding on AWS from the internet to private subnet instance
- Internet access for EC2 private instance
- AWS NAT gateway vs public IP for outgoing internet connections
- Set up for SSH connection from a public server to private server- EC2?
- Using a NAT for Public Facing AWS Web Server
- Accessing a computer by the public IP