Public Network to AWS (VPC or anything else) to Home Lab Network

I want to achieve the following use case for my homelab: Access apps (Plex, Apache Superset, etc.) inside my home network from a public network. I can not use a DDNS service like DynDNS or DuckDNS since my fiber provider uses a form of CGNAT that doesn't allow port forwarding, so reaching out to a specific port from outside my network is not possible.

I want to have a scenario where I connect my home network Router (TP Link VPN Router) to AWS. When outside I want to be able to connect to the AWS service (which might be VPC VPN or Wireguard like service running on EC2) and then access my apps on home network.

What is the most effective way of doing this? I need it for a very limited time (1/2 hrs in a week) so if I can have a solution where the services can be started on demand from AWS and then shut down to achieve my purpose would be most ideal. Please help.

I have a wireguard docker instance running on EC2 instance. If I can leverage that to achieve the use case, that would be also useful.

Image


There are different ways to do it. The simpler and cheaper way is to set up a VPN from AWS to your home router.

Here is the Official AWS documentation on how to up a VPN on AWS: https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html