Is there a tutorial to setup zero trust as a OpenVPN replacement, so I can grant access for developers to EC2 and RDS that lives in private subnets? I don’t want to expose applications, just the infrastructure.
I followed the Cloudflare - Replace your VPN Guide for my organization. Should apply to you as well. You can apply firewall rules to limit what type of traffic can pass and who has access to what network resources. https://developers.cloudflare.com/learning-paths/replace-vpn/
Warp with either cloudflared or a Warp connector as the offramp for your private network should accomplish that.
How about using an alternative solution, such as open source OpenZiti - https://openziti.io/.
This would be a pretty good doc to start on for the private network set up since it has sub links to your different options.