I am trying to deploy a simple internal plotly-dash webapp with very low traffic, (5-10 user, approx 2 hours usage/day), but it needs to be highly secure. How do I secure the app to white list certain IPs only. I am connecting to GIT AppRunner to update the code and MSSQL for data connectivity, hence I couldn't just whitelist certain IPs. I tried deploying it in private subnet with NAT connection and Internet Gateway connected on public IP but it doesn't work without a bastion host, on which I would have to host the frontend which defeats the purpose of privacy expected. I am open to any suggestions besides EC2 provided I can control the security. I have also read about creating a Public facing load balancer, but given the low traffic, it seems a bit much to add a load balancer. I have incorporated the new Instance connect Endpoint, but that only helps with SSH.
Just to clarify exact configurations, I have tried to to create a VPC with public and private subnet and connecting a NAT gateway to private subnet and EIC and internet gateway to public subnet.
- I hoped that I can connect to my nginx website, using the Elastic IP but that isn't working. Maybe there is a very simple solution to this, that I am not aware of, or have not understood properly.
PS. The app works fine in public subnet instance, but there are obvious security concerns.
You can create a security group and only allow inbound traffic from whitelisted IPs for the port your application is listening on.