AWS: EC2 + VPC + Openvpn

oldsoul · September 6, 2019, 4:51pm

My question: Does it make sense to not give the openemr webserver a public ip?
Does this make the webserver more secure, since you must access it via openvpn?
Does the offering for express plus, allow for the instance to be on a private lan and use openvpn technology on a public facing instance to access express plus or does express plus need internet access?

It seems several options in openemr need internet access to fully work, such as eprescribe, eligibility checks, etc… Knowing this, it would be impossible without a public ip for the instance to communicate with the internet? How should one in the US go about configuring the network, to utilize these options in openemr?

Thanks

jesdynf · September 8, 2019, 3:35am

Hello, Paul.

You can arrange a network that has no public incoming access (and thus requires a VPN for access) but still has free access to the outside world (for using vendor services as you describe). You’re looking for https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html .

Nilesh_Hake · September 8, 2019, 3:04pm

Hi Paul,

I have done same setup for one of our client please let me know if you want that setup for you.

dan_openemr · September 20, 2019, 12:06am

Paul:

GCP has many ways to do this while having no public IP.

Look into something called “Identity Aware Proxy”