hosting internal application on AWS
I have a customer who wants to host their internal application on AWS. This application will be used by internal users over a private network.
->I am considering using a site-to-site VPN for a secure connection between the customer's data center and AWS. ->I will deploy an EC2 instance (single instance requirement) and a database in a private subnet. ->I suggest using a NAT Gateway for the EC2 instance to facilitate patch updates.
Since we are competing with Azure, I aim to optimize our approach as much as possible. Your insights and suggestions would be greatly appreciated. Any inputs?
- 최신
- 최다 투표
- 가장 많은 댓글
Your plan will work - it's pretty standard. VPN provides a private connection from the customer's network to the VPC where the EC2 instance is hosted. In the long term, Direct Connect may be a better option (it provides for dedicated bandwidth and more predictable latency) but it takes a bit more time to set up. You can switch from VPN to Direct Connect at a later stage with very little interruption.
관련 콘텐츠
AWS 공식업데이트됨 일 년 전
Thank you so much for your quick response. Is it possible to remove NAT gateway and use any other way to facilitate patch updates to reduce cost?
If we eliminate the NAT Gateway, we would need to route from on-premises to the public network via Site to Site VPN. Running the patch manager itself should be no problem once the VPC endpoints are set up. When you run the patch manager, package updates, etc. will probably fail unless you have access to the public.
You haven't mentioned which operating system you're using; but in many cases you could have a single instance in a public subnet which downloads patches and then the instances on the private subnets retrieve patches from there. It may be simpler and easier to use NAT Gateway.