We are implementing a typical Amazon VPC with Public and Private Address – with all servers running the Windows platform. The MS SQL instances will be on the private subnet with all IIS/web servers on the public subnet.
We have followed the detailed instructions at Scenario 2: VPC with Public and Private Subnets and everything works properly – until the point where you want to set up a Remote Desktop Connection into the SQL server(s) on the private subnet. At this point, the instructions assume you are accessing a server on the public subnet and it is not clear what is required to RDC to a server on a private subnet.
It would make sense that some sort of port redirection is necessary – perhaps accessing the EIP of the Nat instance to hit a particular SQL server? Or perhaps use an Elastic Load Balancer (even though this is really for http protocols)?
But it is not obvious what additional setup is required for such a Remote Desktop Connection?
Best Answer
You'll need a bastion host - essentially, you RDP into an instance on a public subnet, then use that to RDP into the private ones.
The AWS Security Blog has a tutorial for setting one up: http://blogs.aws.amazon.com/security/post/Tx2ZWDW1QA6D62Y/Controlling-network-access-to-EC2-instances-using-a-bastion-server