Am I wrong to think that a webserver's webpage is accessible through a corporate networks public IP?

0

I have two EC2 machines in a VPC. I have the vpc connected to my corporate network over a site-to-site VPN. The web page that is hosted in EC2 is working as expected and is accessible as long as I am on campus in the office. I was told they want the webpage available. I have it in my head to route it all through the corporate firewall and use the public IP addresses available from the corporate network. Do I have an incomplete thinking in doing it this way, and instead have the webpage accessible through AWS to the public? If I have the correct thinking, then I am having some trouble trying to get it to route through. I feel like I am missing some steps along the way. The webserver is in a private subnet, and in between the internet gateway there is a NAT gateway.

4 Answers
1

Hello.

In order to publish a website via the corporate network, I think it is necessary to set up a proxy etc. within the corporate network so that it can access EC2.
I think the easiest way is to deploy ALB on AWS and target EC2 without going through the corporate network.
However, in this case, EC2 will publish the website through communication that does not go through the corporate network firewall.

profile picture
EXPERT
answered a month ago
1

To expose your website to the public, you need to place a load balancer in a public subnet.
We will specify EC2 as the ALB target.

profile picture
EXPERT
answered a month ago
0

So direct loadbalancer to the private subnet where webserver lives, or load balance to nat-gateway that is in public subnet?

answered a month ago
0

Hello, I'd recommend that you take some considerations on the architecture and possible points of failure that you might create using the solution you mentioned. Correct me if I understood it wrong, but the architecture that you are proposing is something like this: Website accessible through Internet <> On-Premises <> S2S VPN <> AWS EC2 (private IP - Website hosting) In this architecture, if the VPN fails or your campus internet goes down, your website will be unaccessible too. You have to consider some limitations too, like S2S VPN throughput of 1.25GB and the link consumption of your on-premises internet. On the cost-optimization side, the mentioned architecture will incur costs of Data Transfer Out (DTO) from the EC2 VPC to your on-premise site. If your network provider also charge you on DTO, you will be paying this twice. If you publish the website using a architecture like this: IGW <> ALB (Public subnet) <> EC2 (Private subnet) You will have resources that can scale and handle traffic surges, without the bandwidth limitation of the S2S VPN.

Another detail, if it is a simple, static website, you can consider using S3 to host and publish it.

AWS
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions