I'm working on a setup where I have an EC2 instance in a private subnet, a NAT gateway, and an Application Load Balancer (ALB) in a public subnet. While user traffic comes through the ALB to reach the EC2 instance, I'm looking for a solution that allows me to ping or curl my EC2 instance directly without going through the ALB. I've read that it might be possible using security groups and network ACLs. I'm trying to understand the pros and cons of this approach. Any insights would be greatly appreciated!
2 Answers
For the best access to your EC2 instance, check out the SSM Session Manager. This is a much safer option than assigning a public IP to your instance. At my work, we're moving away from SSH and are relying solely on SSM for secure, centralized management.
NAT Gateways are designed for stateful connections and only allow outbound traffic to the internet, not inbound. If you need to access your EC2 instance from the internet, you should consider using an Internet Gateway instead for that public access.
Absolutely! SSM provides a great layer of security and ease of management.