AWS - Internet Access for an EC2 Proxy to Serverless Aurora in a Private Subnet with NAT Gateway (Accessed by Lambda)

Question

I have an EC2 instance I use as an SSH proxy to my Aurora SERVERLESS instance. I also have lambdas that access this Aurora DB. Finally I have setup the Lambdas (and subsequently pulled in the Aurora DB) into a private subnet and setup NAT Gateway to a public subnet with an Internet Gateway setup for internet access. This was required so that my lambdas can talk to AWS's Pinpoint.

Before I setup all the private subnets for the Pinpoint access from the lambdas I could access my EC2 publicly (from my computer) and connect to my Aurora DB through an SSH connection as a proxy. That was all good. But now it's not accessible.

I believe the public IP of the EC2 is no longer accessible (it doesn't ping) or perhaps it's something else. But what do I need to setup in order that I can access the EC2 publicly again? I thought about setting up port forwarding through the internet gateway/nat gateway but after looking into that it seemed quite complicated. Is there some sort of subnet, setup I should be putting my EC2 in to make things work?

Answer 1

But what do I need to setup in order that I can access the EC2 publicly again?

Put it back in a public subnet. That's the entire point of a public subnet - to be able to access your resources from the internet.

You could also increase its security by using SSH tunnel through AWS Systems Manager.