I recently faced the challenge of creating a separate locked-down environment on AWS to share the progress of a project with my designer. This environment needed to be accessible only via a VPN, as I don't have a static IP to associate with it.
I tried using Twingate VPN to connect to a private VPN on AWS, but it didn't work because the Twingate connector couldn't connect to the server from the private VPN.
After several days of struggle, I realized that I could achieve this even with a public VPN by setting up security groups to allow traffic only from that VPC, not from outside. Moreover, since I am using EC2 to host my web server, I can install a Twingate connector on the same instance. By allowing outbound connections in that security group, I enabled the connector to connect to the Twingate servers. This setup allows the VPN to function, and any users authorized on the VPN can access the site.
Another challenge was connecting a private hosting zone to the EC2 instance so I could have a domain name pointing to the dev site. This was easily solved by simply entering the EC2 internal IP address into the A record of that domain, and everything worked beautifully.
To summarize:
- Public VPC
- EC2 instance
- Change the SSH port for better security; this port will need to be opened to the world so you can remotely SSH into the instance.
- Security group that allows traffic only within that VPC (e.g., 172.0.0.0/16); I think it is the top choice in the source field when creating an incoming connection filter in the SG.
- Add that security group to the EC2 instance.
- Set up a private DNS zone with the domain name.
- Create an A record and use the EC2 internal address as the destination.
Knowledge/experience sharing just in case somebody else is in the same situation
Top comments (0)