To ensure that every NC2 on AWS cluster deployed allows full access from the on-premises CVM subnet efficiently, the administrator should create a custom AWS Network Security Group.

Use a key value oftag:nutanix:clusters:externalfor the security group, and set the inbound allow address to the on-premises subnet.

This approach leverages AWS tags to manage security group rules dynamically and ensures that the necessary access permissions are applied automatically to all clusters with the specified tag.

This method reduces the need for manual configuration of each cluster's security group, streamlining the process for a test/dev environment where clusters are frequently created and destroyed.

References:Refer to the AWS documentation on Network Security Groups and Nutanix documentation on best practices for securing NC2 clusters.