I have been using Beanstalk to deploy code to my Amazon EC2 servers via SFTP for some time.
Recently, however, it has become necessary to create a virtual private cloud and separate the servers into two groups. One group has access to the outside internet via assigned IP addresses, the other group runs important backend functions like our database and our Gearman jobs.
Now the problem I'm facing is that the entire point of the inner subnet is so that the only servers that can access the inner subnet are the first group of computers. Currently I can access the servers manually in the inner subnet by SSHing into one of the computers on the outer subnet and then from that computer SSHing into one of the computers in the inner subnet using its local subnet IP address. Yet this technique does not seem as if it will work for Beanstalk.
What is the best way to give Beanstalk SFTP access to computers in the inner subnet? Is there a standard way to use one of the outer perimeter computers as a proxy to allow Beanstalk to SFTP into the computers in the inner subnet?
Edit:
I am now investigating to see if there is a good way to set up port forwarding on one of the border computers so that I can SSH into different ports on the border bastion computer, and depending on which port I SSH into the SSH request is forwarded on to the appropriate computer behind the subnet.
