Recently I have run security assessment of my AWS resources using AWS Security Hub. As a result, under the AWS Foundational Security Best Practices v1.0.0 category, there is a failure that saying
EC2 instances should not have a public IPv4 address
If this instance without public IP, how to access this instance through internet?
I would like to great explanation about this security best practice that EC2 instances should not have a public IP address
Typically, only a Load Balancer is exposed to the Internet. It then forwards traffic to Amazon EC2 instances spread across multiple Availability Zones.
The Load Balancer can filter traffic and can route traffic to an appropriate destination based upon the requested path in the URL.
This way, nobody can access the EC2 instance (eg via RDP or SSH).
Administrators should be capable of accessing the VPC via an VPN or Direct Connect connection rather than going via the Internet.