I have one web application that i want to open to the world. shall i simply create public subnet and add this instance to it OR shall i create private subnet, NAT, Load balancer and add this instance to it?
I want this application only accessible to certain IPs.
which way do you recommend and why? which is safest way and cost effective too?
I will recommend instance in private subnet and as this is the safe approach is to launch an instance in private subnet and place LB on the top of your instance.
A high-level look or general example with private instance can be
To access your private instance, you should have a one instance in public subnet from which you can access the instance, normally AWS called it bastion.
securing-your-vpc-using-public-and-private-subnets-with-network-acl
If you only have one instance:
If you have multiple instances, it would then require a Load Balancer. In this situation:
However, you could actually keep everything in a public subnet and merely use Security Groups to control access. The normal goal with security is that multiple layers of security make things safer . However, the design choice is up to you.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.