- Newest
- Most votes
- Most comments
Hello,
If you want to limit Lightsail instance to be accessible by EC2 instance in your account, you can follow this document to set up VPC peering between your Lightsail VPC with an Amazon VPC: https://lightsail.aws.amazon.com/ls/docs/en_us/articles/lightsail-how-to-set-up-vpc-peering-with-aws-resources
then you can modify Lightsail instance firewall rule to only allow traffic within VPC. This is the doc for reference: https://lightsail.aws.amazon.com/ls/docs/en_us/articles/understanding-firewall-and-port-mappings-in-amazon-lightsail
By doing this, you can keep your Lightsail instance private and only accessible within VPC.
Thank you
Hello,
It looks like you have a VPC with private hosted zone(with A record pointing to lightsail IP address). You would like to access lightsail instance from EC2.
For access between ec2 and lightsail instance, you don’t need a NAT or IGW. You can simply set up VPC peering between your VPC and lightsail VPC. https://lightsail.aws.amazon.com/ls/docs/en_us/articles/lightsail-how-to-set-up-vpc-peering-with-aws-resources
Ensure lightsail firewall rule allow traffic from the EC2’s private IP, also ec2’s security groups and Network ACL allow outbound traffic to Lightsail’s IP. Since, Network ACL are stateful, it should allow inbound access from lightsail instance's IP.
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html#nacl-rules
Relevant content
- Accepted Answerasked a month ago
- asked 2 years ago
- asked a year ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 months ago