Disable public internet connection for EC2 instances

amazon-web-services amazon-ec2 amazon-vpc

Your question is unclear. Do you want the servers to not have access to the internet at all, or only when the VPN is connected? I'm going to assume all the time.

The typical way to do this is to use subnets. Your public subnet has a single server which terminates the VPN connection, passing packets to wherever they need to go. There's an internet gateway in this subnet. All other services are in your private subnet, and they have no route to the internet gateway. This is a very standard setup, so standard the VPC wizard can set it up for you.

You could potentially make one server a VPN based bastion and an outgoing NAT, if required.

Related

NGINX Reverse Proxy Multiple NodeJS Apps On Same Domain
Domain-Based DFS Working Intermittently
What should I do about my print server with an OS that is no longer supported?
How to only allow internal access between two AppEngine projects
Can I safely run a server with redundant power supplies off of a standard 15 amp outlet?
Bind not forwarding query after upgrade from 9.11 to 9.16
How do I create a ec2 launch template that automatically assigns an ipv6 address?
How do I replicate a Cinnamon window manager configuration?
ZFS data lost after a rollback happening on reboot
Connecting to VPC internal services from Google Cloud Shell
How to fix this error (querySelector is used): Cannot read properties of undefined (reading 'style') at showSlides
Convert list to list of lists