company has now forbidden us to give EC2 instances a public IP. So now they are in a private subnet and hooked up to an Application Loadbalancer in the public subnet, same VPC. Loadbalancer checks subdomain and routes to the according EC2 instance.
But how do we now ssh log in to our EC2 instances for development?
CodePudding user response:
You can try with AWS Session Manager for no management.
- With Session manager you can SSH via browser from the EC2 console itself.
As you mentioned your EC2s are in a private subnet, to connect with AWS Session Manager, you need to create VPC endpoints for SSM services. Check here to check how to do this.
then you can SSH to your servers without any bastion host or opening any SSH port in SG. Session manager provides you security by not opening the SSH port and allows us to manage SSH access by IAM policies.
CodePudding user response:
you can create a new bastion instance open 22 port only and Associated Security Group to private instances Security Group