I would like to ask for some architectural:
Client asked for some ec2 terminals, that will run the Ubuntu linux with GUI, he will do remote desktop on them - but he asked us to place these ec2 on a already existing private subnet, with nat gateways. I don’t thing that its going to work, right? Even if we spin a bastion host, we are talking about remote desktop and not just ssh. How to proceed with this use case ?
1. NAT Gateways allows instances in the private subnet to access internet (inside to outside), we can't initiate session to private instances via NAT Gateway
2. NAT Instance(Router) can be used, we can configure port forwarding(accessing to the public IP/elastic IP of NAT instance will forward traffic to private IP of private instance)
3. VPN - allows to access private subnet instances directly