Security: Autoscaled EC2 instances currently need to be accessible through the internet

[mrnicegyu11]

Moved from gitlab, original message from @sanderegg:

In the current implementation, it is not possible to start an EC2 instance for autoscaling without making it available through the internet.
This is security wise a problem, as anyone with the IP and ssh may be able to connect on the machine.
Currently it is necessary for the machine to be Internet accessible due to the following facts:
- need to ssh on the machine for debugging purposes
- the machine needs to access Dockerhub to pull images

Please devise what should be done there. [@kaiser](https://github.com/kaiser) talked about having some kind of router.
Take your time to find out, but I do think it would be desirable before we unleash sim4life full

Tasks

Preview Give feedback

1. 🎨Autoscaling/Clusters-keeper: disable public IP address osparc-simcore#5882
   a:autoscaling a:clusters-keeper +2
   
2. Prometheus: use private dns to scrape external clusters #682
   FAST +1
   
3. ops: change master infra
4. ops: change staging infra [STAG Release]
5. ops: change prod infra [PROD Release]
6. 🐛♻️Clusters-keeper: use private dns name instead of public IP osparc-simcore#5883
   a:clusters-keeper +1
   
7. [AWS]: use EC2 private IP instead of private DNS name as it does not resolve inside the containers #683
   FAST +1
   
8. 🔨Clusters maintenance script: refactoring and add SSH tunneling osparc-simcore#5886
   a:infra+ops +1
   

[mrnicegyu11]

Possible mitigations:

• For SSHing a jump-host or bastion-host pattern could be used.
• Egress internet access to e.g. dockerhub can be given via a aws internet gateway

[YuryHrytsuk]

Waiting for PROD release