Is it okay to use an Elastic Load Balancer for ssh/sftp traffic?

amazon-ec2 amazon-web-services amazon-vpc amazon-elb
10,458

An ELB is the wrong way to do this. Your question isn't as clear as it could be, but I'll answer as best I can. I think you need a private subnet with a DMZ.

I suspect you may be best off with a t2.nano instance (or larger) as your SFTP server, with scripts to move the data to where it needs to go onto your internal server. You could use that instance as a bastion host, so you can ssh to it, and then on to your server in a private subnet. This basically makes a DMZ. If you need outgoing internet access then use a NAT Instance.

If you can replace sftp with S3 then you could eliminate the need for an incoming proxy server, which could be cheaper. You could keep all your data on S3, which is cheaper than EBS.

If you can clarify and expand on your use case you may get better responses.

Share:
10,458

Related videos on Youtube

lonewarrior556
Author by

lonewarrior556

Updated on September 18, 2022

Comments

  • lonewarrior556
    lonewarrior556 over 1 year

    I have an instance that acts as both and SFTP server and a NFS shared drive to our internal network.

    The instance has a public IP to receive data over SFTP. That data is saved to a volume that is shared inside my internal network.

    I use a security group that allows white listed port 22 traffic, and white lists all ports to my internal network.

    The data is sensitive, and since this instance has a Public IP, it's one security group slip up from being opened to everyone.

    I would like to remove the public IP from the instance, but it requires SFTP access from the Internet.

    The solution I came up with is to create a public load balancer that forwards traffic on port 22 to my instance, add the security group it and remove the public ip from my instance, therefore even if I screw up, the instance is not publicly reachable.

    I know ELBs were not meant for this, but in theory it should work. Are there problems with this solution? Is there a better/more preferred way for implementing something like this?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Assigning Static IP Address to AWS Load Balancer
Amazon ELB for EC2 instances in private subnet in VPC
Amazon ELB in VPC
How to use IPSec / Openswan with Amazon's Virtual Private Cloud (VPC) and EC2?
Does AWS Application load balancer actually support compression?
How to assign EIP to Autoscaling Group of VPC in Cloudformation template
How to solve AWS ELB/EC2 HTTP 503 with timeout settings?
can't connect aws VPC private instance to internet through NAT
Using ELB Across Multiple Regions
AWS elastic load balancer basic issues