1 Answer
- Newest
- Most votes
- Most comments
2
Your thoughts are correct and the steps you're describing are how you'd go about setting up a Site-to-Site VPN for your VPC.
What's the reason for using a VPN? Is it for private access to the rest of the VPC? I'm not saying "don't use a VPN" but the reasons for choosing this solution are not clear in the question and it is extra cost that you will have to pay.
Relevant content
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 months ago
Our company has a production web app and a pre-production web app that run on separate EC2 instances. The prod app is exposed to the internet, while the pre-prod app is only accessible when on the VPN service we use. I am creating a third environment as a proof of concept to see if we can use an Application Load Balancer for our application, specifically to allow for easier blue-green deployment. I was asked to put this proof of concept behind the VPN service, just like our pre-prod service is. So I guess my larger question is what is the best way to go about doing this? Because ALB public and internal IP addresses can change frequently, I've been told it's recommended to use the DNS name instead. So I'm wondering how I get this ALB-managed application to not be accessible anywhere but from my VPN. I would love to find a solution that doesn't incur all the cost of a site-to-site VPN, but just unsure to go about it. Hope that makes my use case more clear.
What you're doing for the private ALB/application is the right thing - accessing it over a VPN is the best way to keep it private. If it were me, I'd be hosting it in a separate VPC as well - that way it would be much harder to accidentally expose it publicly.