AWS: EC2 + VPC + Openvpn


(Paul) #1

My question: Does it make sense to not give the openemr webserver a public ip?
Does this make the webserver more secure, since you must access it via openvpn?
Does the offering for express plus, allow for the instance to be on a private lan and use openvpn technology on a public facing instance to access express plus or does express plus need internet access?

It seems several options in openemr need internet access to fully work, such as eprescribe, eligibility checks, etc… Knowing this, it would be impossible without a public ip for the instance to communicate with the internet? How should one in the US go about configuring the network, to utilize these options in openemr?

Thanks


(Asher Densmore-Lynn) #2

Hello, Paul.

You can arrange a network that has no public incoming access (and thus requires a VPN for access) but still has free access to the outside world (for using vendor services as you describe). You’re looking for https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html .


(Nilesh Hake) #3

Hi Paul,

I have done same setup for one of our client please let me know if you want that setup for you.


(Dan Ehrlich) #4

Paul:

GCP has many ways to do this while having no public IP.

Look into something called “Identity Aware Proxy”