Followed below steps while setting up qliksense (application to connect from client) in private subnet:
Created 2 subnets in same availability zone a) Public - to communicate outside using ALB b) Private - qliksense instance
Updated private subnet route table with NAT gateway a) NAT gateway in public subnet of Engineering VPC
Updated public subnet route with Internet gateway a) Internet gateway in public subnet of Engineering VPC
Deployed Application load balancer with Internet facing(to access from internet) option a) Added same availability zone as public subnet b) Created listener for HTTP 80 and HTTPS 4747 to attach private subnet EC2 instance
Created A record Alias using CNAME for ALB DNS name
Deployed EC2 in private subnet a) Overridden the private IP of EC2 with the A record name b) Overridden record name given as host name while installing qliksense c) Certificate gets generate by qliksense at time of installation have SAN value same as A record name d) Attached to both the ALB listeners for forwarding the requests e) Disable the windows firewall for qliksense instance
Updated the HTTPS 4747 listener with the qliksense certificates for communication.
Created security group for 80,443,4747,3389,ICMP for inbound communication and all traffic for outbound communication.