How do I set up y VPC's NAT & IGW so that when a login to my site is successful it routes to a private hosted website on EC2?


I want my lightsail instance to be private and only accessed when my login site auths a user.

How do I configure an IGW or NAT so that I can configure my lightsail to be accessible only by a website (A record pointing to an elastic ip hooked to an EC2 Instance running nginx)?

2 Answers


If you want to limit Lightsail instance to be accessible by EC2 instance in your account, you can follow this document to set up VPC peering between your Lightsail VPC with an Amazon VPC:

then you can modify Lightsail instance firewall rule to only allow traffic within VPC. This is the doc for reference:

By doing this, you can keep your Lightsail instance private and only accessible within VPC.

Thank you

answered 20 days ago


It looks like you have a VPC with private hosted zone(with A record pointing to lightsail IP address). You would like to access lightsail instance from EC2.

For access between ec2 and lightsail instance, you don’t need a NAT or IGW. You can simply set up VPC peering between your VPC and lightsail VPC.

Ensure lightsail firewall rule allow traffic from the EC2’s private IP, also ec2’s security groups and Network ACL allow outbound traffic to Lightsail’s IP. Since, Network ACL are stateful, it should allow inbound access from lightsail instance's IP.

answered 11 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions