I have just configured Octopus Deploy container in ECS in a private subnet. The database and ECS cluster both are in private subnets. I am using a bastion host to connect to the sql server and I am able to access the containerized octopus deploy web page from the bastion but not from my local computer. Would an ALB solve this or would I need both NAT gateway and elb? Or just a NAT instance? Both? I know I need them in a public subnet but do not want to over or under provision resources for this use case.
Thanks!
CodePudding user response:
You have three options:
- Move the Octopus Deploy ECS task into a public subnet, and assign it a public IP address.
- Create an ALB in a public subnet, that forwards traffic to the ECS container.
- Port forwarding through the bastion host
A NAT Gateway is for outbound traffic originating inside the VPC. It provides your private resources with the ability to connect to the Internet. You are trying to initiate a connection from the Internet, so a NAT gateway won't help with that.