Unable to connect to get response from NLB from outside the private subnet

[ianleon]

I am unclear about how I (or one of my apps) is supposed to connect to the database.

[qiaow02]

Hi, For security reasons, by default, ClickHouse can only be deployed in private subnets, and is not accessible to the public network.
Your client needs to also be deployed in the same private subnets, or open the access restrictions of the private subnets security group according to your needs.
According to the solution design, NLB provides the HTTP protocol for port 8123. If you want to use Clickhouse-client, you need to use port 9000 to directly connect to each server in ClickHouse cluster.

[ianleon]

Hello,

My application needs to be publicly accessible.

Would it be unadvisable to put my application in the same public subnet as the bastion host? Alternatively, I am considering updating my application’s container to create an ssh tunnel (ssh -L) to port 8123 via the bastion.

I want it to preserve the security properties of this solution as much as possible.

[ezotrickser]

did you find a solution?