Limiting External Access to AWS SQL Server Instance

AFAIK, there is no direct way to achieve this without knowing the static IP or the IP range from where you need to access your EC2 instance (Where you host your SQL Server).

But...

You can include your instance behind an API Gateway and then enable IAM authentication for the API method in the API Gateway. Then use IAM policies (along with resource policies) to designate permissions for your API's users.

More: https://aws.amazon.com/premiumsupport/knowledge-center/iam-authentication-api-gateway/


There is no direct way to restrict.

AWS Cloud - solution (all services / instance in AWS)

If your NodeJS application is running on AWS or you are using AWS Lambda service you can allow access across security groups alone within same VPC. (If multiple accounts used - VPC peering can be done)


For your scenario where you would like to restrict access to a publicly accessible database, like everyone else said, I couldn't think of a way other than the plain old VPN solution. You client connects to the database through the VPN and move the database instance to private subnets. But i am not sure how feasible it is for you to implement it.