1

We are implementing a typical Amazon VPC with Public and Private Address - with all servers running the Windows platform. The MS SQL instances will be on the private subnet with all IIS/web servers on the public subnet.

We have followed the detailed instructions at Scenario 2: VPC with Public and Private Subnets and everything works properly - until the point where you want to set up a Remote Desktop Connection into the SQL server(s) on the private subnet. At this point, the instructions assume you are accessing a server on the public subnet and it is not clear what is required to RDC to a server on a private subnet.

It would make sense that some sort of port redirection is necessary - perhaps accessing the EIP of the Nat instance to hit a particular SQL server? Or perhaps use an Elastic Load Balancer (even though this is really for http protocols)?

But it is not obvious what additional setup is required for such a Remote Desktop Connection?

dalej
  • 23
  • 1
  • 1
  • 4

1 Answers1

1

You'll need a bastion host - essentially, you RDP into an instance on a public subnet, then use that to RDP into the private ones.

The AWS Security Blog has a tutorial for setting one up: http://blogs.aws.amazon.com/security/post/Tx2ZWDW1QA6D62Y/Controlling-network-access-to-EC2-instances-using-a-bastion-server

ceejayoz
  • 32,910
  • 7
  • 82
  • 106
  • Whew! Got to generate another Instance, throw on an SSL cert and a bunch of hand-crafted FQDN Host entries, then duplicate with some other ports (depending if you need to FTP backups or utilize S3) - this is not exactly intuitive, is it? Many Thanks. – dalej Jun 03 '14 at 21:51
  • @dalej - agreed - I can see many exposing the ec2 instance in a public subnet just to avoid all that extra labour :P – BenKoshy May 21 '21 at 04:55