So here is our scenario, we currently have a production environment on AWS, we utilize an VPC, and use multiple EC2 servers that are all on this VPC. In order to create a development environment that duplicates our production environment we would like to setup everything on AWS also. However, we do not want our development servers to be able to touch our production servers, in case someone forgets to change a db connection string or something and is accidentally modify data on the production environment.
I'm not real familiar with Amazon's VPC options, it looks like right now the servers are all connected to the subnet then there is a NAT EC2 instance that has a public IP that they all go through. So all of the servers share an external IP address.
My main question is can we add another subnet to our VPC and attach it to a separate NAT server then put all the dev servers on that subnet so that they will have a different external IP and be on a different subnet?
Best Answer
The answer to your main question would be, yes, you can do that. I would advise against it though. As suggested in the comments, you should put your environments in separate VPCs. Doing so, you can be sure that your environments won't interfere with eachother. This should also be simple since you would just spin up an exact copy of your current environment but just in a new VPC.
However, I would like to take it even further. My advise would be to setup your staging and production environment in separate VPCs on one AWS account, and create a new account for your development environment. This will make you more comfortable with going crazy on your dev environment (which you should) and you can be sure that nothing important is affected. It's also a benefit from a security perspective, why should all developers have AWS credentials to the production environment? A lot of bad stuff will happen, the question is just when? The consolidated billing makes the financial stuff a breeze as well! :)