I have created a windows server ec2 instance in a private subnet and also configured the NAT gateway in public subnet with route table configured for NAT gateway. Also security groups are allowing RDP port 3389 and Internet gateway is also at place.'
When i am trying to launch the RDP client. i am ending with the error as mentioned in the screenshot.
Can someone please advice the potential issue behind this? Thanks
NAT gateways allows outgoing connection from a subnet in a stateful way, it can not handle incoming connections initiated from the outside. In order to allow inbound connections from the outside, you would need an Internet Gateway, essentially transforming the subnet from private to public.
The reason why we have private subnets is to disallow connections initiated from the outside. If we would want to connect to an instance in a private subnet, we need something like a Bastion Host, which sits in a public subnets and forwards traffic to instances from a private subnets.
