Virtual private cloud.
You can use a network address translation (NAT) gateway to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances.
NAT are ideal for instances which need one interntet connection for example patching but no incoming connection from internet.
Bastion hosts (Which are in a public subnet) should be used to connect to the instances in your private subnet.
Other way to connect to server in private subnet is to have a direct VPN connection.
You dont have to
sapbasispro 