I'm not sure if that's better. You're just introducing more complexity in to your network..
If you don't have the budget for a nat/load balancer or want to just keep it simple, a simple iptables rule would do! Then test with nmap regularly to see if it's correct.
> If you don't have the budget for a nat/load balancer
It's not such a big budget in any of the big cloud providers.
And my point is: if you don't need access, you won't even have such load balancer. Unless someone goes out of their way to provide access to your server, no external access will exist.
If you don't have the budget for a nat/load balancer or want to just keep it simple, a simple iptables rule would do! Then test with nmap regularly to see if it's correct.