AWS: Subnets vs Security groups for setting up a VPC

amazon-web-services openvpn

First Question - Security

Security groups are a firewall that runs on the instance hypervisor. Network ACLs are a firewall that runs on the network. You can use either, or both. In theory a NACL reduces host load, but it's likely negligable.

Security groups are stateful, so return traffic is automatically allowed. NACLs require firewall rules for each direction to be specified, including ephemeral ports. Security groups are therefore easier to use.

In your case I suggest you add a security group rule that allows access from your /32 IP for every protocol you require. The IP goes into the rightmost column.

Second Question - VPN

OpenVPN doesn't change the IP address of anything, it can be thought of as a gateway. Your computer connects to the EC2 instance, when then has any access that the EC2 instance has. If we know what you were trying to achieve with a VPN we may be able to give better advice.

Given your updated requirements, I would probably use an EC2 server in a public subnet as a VPN terminator and NAT instance, and a private instance EC2 in a private subnet. Your NACLs and security groups would be set up to allow outgoing internet access via the NAT but deny incoming connections other than from the VPN instance.

I'm not sure if a single instance can be VPN terminator and NAT. I suspect it can.

Related

In Docker 17, how is disk space allocated for containers?
Sum of product of binomial coefficients: $\sum_{k=0}^{n}(-1)^k\binom{n}{k}\binom{n + k}{k} = (-1)^n$
Integral $\int_0^1 \frac{\ln(1-x)\ln(1+x^2)}{x}dx$
Find the properties of an ellipse from 5 points in 3D space
Distinct roots of $ax^2-bx+c=0$ in $(0,1)$, where $a,b,c\in \mathbb{Z}^+$
Prove by Combinatorial Argument that $\binom{n}{k}= \frac{n}{k} \binom{n-1}{k-1}$
How did people calculate numerical values of transcendental and trigonometric functions?
Parseval's Identity (Integral)
Prove that Baire space $\omega^\omega$ is completely metrizable?
Proof that Quaternion Algebras are simple
Generating function for the solutions of equation $ 2x_1 + 4x_2 = n$
Is $\large \frac {\pi}{e}$ rational, irrational, or trandescendal?