I have seen How to SSH to ec2 instance in VPC private subnet via NAT server and was able to SSH in an EC2 in a private subnet through a NAT instance with a public IP.
Assuming I want to install an application with a web interface like Zeppelin or Jupyter in the EC2 instance in the private subnet how would I configure secure access and connect to the web service through my browser in my laptop? I am fairly new to this area, so what would be the correct approach to enable this?
You can use ssh with port forwarding.
let's say your EC2 instance's prvate IP is 10.1.1.1 and the web interface listens in port 80, your NAT host has a public IP 198.51.100.13, you can chain two successive forwards:
from your laptop:
ssh -L 8080:127.0.0.1:8080 YOUR_USERNAME@198.51.100.13
from the newly opened shell in your NAT host:
ssh -L 8080:10.1.1.1:80 YOUR_USERNAME@10.1.1.1
Now you can open a browser in your laptop and point it to:
http://127.0.0.1:8080
Actually you can configure your ssh client such as to automatically use a middle box. On your laptop, open ~/.ssh/config and tell ssh to pass through the NAT box when going to 10.1.1.1:
Host 10.1.1.1
ProxyCommand ssh -W %h:%p YOUR_NAT_HOSTS_IP
Now you can ssh directly from your laptop, and ssh will transparently open first a connection to the NAT box and then pass you to the EC2 instance.
