We have octopus deploy running on an on-premise VM deploying an ASP.Net MVC website to an AWS window’s EC2 instance via a listening tentacle. The EC2 instance was originally in a public subnet and, providing we added the EC2 IP address to the octopus server firewall, and the opened up port 10933 in AWS, this all worked fine.
However, for security reasons, we have moved the EC2 to a private subnet behind an ALB. This has meant the Octopus deployments have stopped working because they cannot access the EC2 server. We have tried switching to a polling tentacle via NAT gateway, but it is unable to connect to the Octopus Server. This is because the on-premise VM is not exposed to the internet (intranet only) and so the polling tentacle is unable to access the HTTP Octopus Web Portal. We would be unable to change this (i.e. make octopus web portal internet accessible).We have full control of the AWS environment, but not the on-premise VM.
Is there some way to get this working either as a listening or polling tentacle with this setup?