>Avoid exposing your Kubernetes nodes directly to public networks.
What's the best course of action if you need to connect to a specific pod? (You might want to do this if you're connecting users or to the same server instance, for example). Managing reverse proxies can be pretty cumbersome if you want to autoscale. Exposing an external node IP is easiest solution but if its a security risk, what are the alternatives?
One way to do it is using Session Manager and the document AWS-StartPortForwardingSessionToRemoteHost. This way you can forward a port on one of the EKS node to the control plane and access it on localhost:yourport.
A good article about it is https://aws.amazon.com/blogs/aws/new-port-forwarding-using-a.... Since that article they introduced the capability for forwarding to the remote host by using the document written above and by adding the host key and value in the parameters.
What's the best course of action if you need to connect to a specific pod? (You might want to do this if you're connecting users or to the same server instance, for example). Managing reverse proxies can be pretty cumbersome if you want to autoscale. Exposing an external node IP is easiest solution but if its a security risk, what are the alternatives?