How do I set up y VPC's NAT & IGW so that when a login to my site is successful it routes to a private hosted website on EC2?

Hello,

If you want to limit Lightsail instance to be accessible by EC2 instance in your account, you can follow this document to set up VPC peering between your Lightsail VPC with an Amazon VPC: https://lightsail.aws.amazon.com/ls/docs/en_us/articles/lightsail-how-to-set-up-vpc-peering-with-aws-resources

then you can modify Lightsail instance firewall rule to only allow traffic within VPC. This is the doc for reference: https://lightsail.aws.amazon.com/ls/docs/en_us/articles/understanding-firewall-and-port-mappings-in-amazon-lightsail

By doing this, you can keep your Lightsail instance private and only accessible within VPC.

Thank you

Hello,

It looks like you have a VPC with private hosted zone(with A record pointing to lightsail IP address). You would like to access lightsail instance from EC2.

For access between ec2 and lightsail instance, you don’t need a NAT or IGW. You can simply set up VPC peering between your VPC and lightsail VPC. https://lightsail.aws.amazon.com/ls/docs/en_us/articles/lightsail-how-to-set-up-vpc-peering-with-aws-resources

Ensure lightsail firewall rule allow traffic from the EC2’s private IP, also ec2’s security groups and Network ACL allow outbound traffic to Lightsail’s IP. Since, Network ACL are stateful, it should allow inbound access from lightsail instance's IP.

https://lightsail.aws.amazon.com/ls/docs/en_us/articles/understanding-firewall-and-port-mappings-in-amazon-lightsail#creating-firewall-rules

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html#nacl-rules

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html#adding-security-group-rule