I'm seeking help with setting up AWS infrastructure for a project, and I'm a bit lost. I've been tasked by my engineering team to create several resources, including an EC2 instance (for building code and pushing to ECR), ECR, EKS, RDS, S3, and other elements such as Secrets and logs. Our IT team has already set up a VPC with two Availability Zones and three subnets in each: a fwep_subnet, a public subnet, and a private subnet. The fwep_subnet is connected to an Internet Gateway, while the public and private subnets do not have any external connections yet.
The IT staff suggested that if I want my EC2 instance to have internet access, they can set that up. They recommended creating EC2 and related resources in the private subnet, while public-facing components like an Application Load Balancer should be in the public subnet. Since the users accessing these resources will be internal, I think going with the private subnet makes sense. However, I'm uncertain about how to establish connectivity between EC2 and other AWS services like ECR, EKS, and S3. I could really use some advice on how to proceed!
1 Answer
It looks like you're mixing up some concepts a bit. EKS requires access to ECR, as both are part of managing container services. EC2 is more like a virtual server. If you're not using a CI/CD pipeline, your use case for EC2 makes sense for building images and pushing them to ECR. Consider using AWS Systems Manager (SSM) for access rather than conventional SSH—it’s generally more secure and suitable for these environments.
Got it! I appreciate the clarification on EC2's role—I'll definitely look into SSM!