AWS Public/Private relationships between 2 instances

Use case: 2 servers , one as Web front-end, the other one as a back-end (eg: Database). For obvious reason, the back-end should not be accessible from internet.

1 VPC
2 subnet associated with the created VPC, with one being public, the other one private 2 EC2 Instances
1 IGW (internet Gateway) 1 Nat Gateway
2 Routes

CIDR: 10.0.0.0/16 . Name: VPC_PUBLIC_PRIVATE

Public subnet (part of the VPC VPC_PUBLIC_PRIVATE):
CIDR 10.0.0.0/24
Name: Public_subnet

Private subnet (part of VPC_PUBLIC_PRIVATE:
CIDR 10.0.1.0/24
Name: Private_subnet

Name: Public_EC2
Member of the Public_subnet

Name: Private_EC2
Member of the Private_subnet

Name: IGW_public_private
Member of the VPC VPC_Public_Private

Name: Nat_Gateway_in_public
Member of Public_Subnet
Warning: you need an Elastic IP

Name: Route_Public (must be flagged as main table)
Everything going to 10.0.x.x will be routed to the local adresses, towards internet through the internet gateway otherwise.

Name: Route_Private

Everything going to 10.0.x.x will be routed to the local adresses, towards internet through the NAT gateway otherwise.

The EC2 Public_EC2 should be accessible from the internet
The EC2 Private_EC2 should NOT be accessible from the internet

To access the EC2 Private_EC2 after having logged in the Public\EC2, we need to put the public-private key file to be transferred to the Public_EC2 within the EC2 user home.

ssh -i "LinuxAccess.pem" [email protected]
sftp "LinuxAccess.pem" [email protected]
put LinuxAccess.pem

Then from the public EC2 we can get access to the private and chacking we can send-receive from internet thru the NAT Gateway

ssh -i "LinuxAccess.pem" [email protected]
uname -a
Linux ip-10-0-1-10 4.9.62-21.56.amzn1.x86_64 #1 SMP Thu Nov 16 05:37:08 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
ping www.google.com
PING www.google.com (74.125.197.106) 56(84) bytes of data.
64 bytes from 74.125.197.106: icmp_seq=1 ttl=28 time=143 ms
...