While it's not proper to access a private subnet directly over the internet - assume I'm just running a development stack and need some quick and dirty access to a private instance over SSH. Can this be accomplished with the Route Tables and Nat GW or is my only option to spin up an 2nd instance in the public subnet to access the private one?
If you are talking about the relatively new service offering, NAT Gateway for VPC, the answer is no, you can't. NAT Gateway is only for internally-originated, Internet-bound, TCP/UDP/ICMP traffic. (There are many other protocols in IP, such as GRE, AH, and ESP, but NAT Gateway only supports the big three.)
You'll need an instance in a public subnet with a public IP and security group rules appropriate for what you're trying to do, in order to access private machines from the outside, the way you intend to.
See also https://aws.amazon.com/blogs/aws/new-managed-nat-network-address-translation-gateway-for-aws/.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With