I am currently using IGW in AWS is order to connect flask ec2s to outer api requests. I want to secure those servers from now on,
meaning - moving them into private ip ec2s and still getting api requests from outside.
I have tried using nat gw in order to communicate a private ip, but I see it is working only from inside to the internet and not the other way around.
How can I use nat gw for both directions (or any other solution for that matter), keeping the security of a private ip and a two way internet communication?
NAT Gateways do not allow inbound traffic into them (they're designed for allowing a private instance to connect to the internet).
If you want to allow inbound communication to an instance that is in a private IP the following should be performed:
80
and443
) to allow public inbound access you would access these by putting a public load balancer in front of your application.22
and3389
) you would connect either via a VPN Connection/Direct Connect connection or you would use a Bastion/Jump server in a public subnet to hop into your hosts (avoid this option if possible).