Thanks for help in advance.

I am actually getting startet with AWS and i am working out some testcases to provide further information to my company, how usable AWS is. After intensively working on getting the basic knowledge in AWS in the last 3 weeks (EC2, S3, IAM, SSO ...), i have reached a point where I lack the advanced background knowledge to further configure the instances.

Short description:

Naturally i want to make a secure design of the whole environment and this led me to think about, how i can use EC2-instances in a safe way. I thought it will not be the best solution to launch the instance directly in a public subnet.

Actually i tried to figure out a way for a more safe design and came to this draft / conclusion:

I build up a VPC with 2x private and 2x public subnets. Each pair of subnets is located in one availability zone in the region eu-central-1 (Frankfurt) for redundancy.

The instance is located in the private subnet testcase-subnet-private1-eu-central-1a. Therefore i provide access to the public subnet testcase-subnet-public1-eu-central-1a in the routing-table of the private subnet by providing the IPv4-CIDR of testcase-subnet-public1-eu-central-1a.

Question (updated): How can somebody access an AWS EC2 instance over the internet, if it´s located in a private subnet?