How to secure backend resources of an AWS EC2 hosted MEAN stack app from being publicly accessible

I am deploying a MEAN stack application on an AWS EC2 instance using three separate Docker containers for each component (Frontend (NGINX), Server (Express), Database (MongoDB). Everything works, but I need to open each component’s port to the certain user’s IP address. Since I don’t know each user’s IP and IPs might change, I need to set everything to public access within the instance’s Security Group, which is obviously bad practise especially for the database. My approach was to set the frontend to public and the other components to be accessible only by the frontend, but that didn’t work out so far.
Is there a way how to host a MEAN stack application with only the frontend’s port being publicly accessible? Or do you know any other practises how to secure your backend resources from being publicly accessible?

Thanks in advance!

Source: StackOverflow