You know this but I'm just throwing it in for people who don't and aren't working on large company things:

You can give yourself a WireGuard-powered, Single Sign-on, secure overlay network between, say, your phone, your laptop, a DO droplet and an AWS instance near-instantly and for (currently) free with tailscale.

By 'near-instantly' I mean it takes almost no effort to set up. It takes me longer to get my dotfiles right on a new host.

It is disgusting how good Tailscale is. I mean that I am literally welling up with disgust thinking about it.