How do I set up y VPC's NAT & IGW so that when a login to my site is successful it routes to a private hosted website on EC2?
I want my lightsail instance to be private and only accessed when my login site auths a user.
How do I configure an IGW or NAT so that I can configure my lightsail to be accessible only by a website (A record pointing to an elastic ip hooked to an EC2 Instance running nginx)?
- Newest
- Most votes
- Most comments
Hello,
If you want to limit Lightsail instance to be accessible by EC2 instance in your account, you can follow this document to set up VPC peering between your Lightsail VPC with an Amazon VPC: https://lightsail.aws.amazon.com/ls/docs/en_us/articles/lightsail-how-to-set-up-vpc-peering-with-aws-resources
then you can modify Lightsail instance firewall rule to only allow traffic within VPC. This is the doc for reference: https://lightsail.aws.amazon.com/ls/docs/en_us/articles/understanding-firewall-and-port-mappings-in-amazon-lightsail
By doing this, you can keep your Lightsail instance private and only accessible within VPC.
Thank you
Hello,
It looks like you have a VPC with private hosted zone(with A record pointing to lightsail IP address). You would like to access lightsail instance from EC2.
For access between ec2 and lightsail instance, you don’t need a NAT or IGW. You can simply set up VPC peering between your VPC and lightsail VPC. https://lightsail.aws.amazon.com/ls/docs/en_us/articles/lightsail-how-to-set-up-vpc-peering-with-aws-resources
Ensure lightsail firewall rule allow traffic from the EC2’s private IP, also ec2’s security groups and Network ACL allow outbound traffic to Lightsail’s IP. Since, Network ACL are stateful, it should allow inbound access from lightsail instance's IP.
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html#nacl-rules
Relevant content
- asked a year ago
- asked 7 months ago
- Accepted Answerasked a year ago
AWS OFFICIALUpdated 7 months ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago
