Recommended path for operators to access HCP Consul from a laptop

We have just wired up our first couple services with HCP Consul and I just realized that tools like envconsul and consul-template won’t work on my laptop as developer tools because HCP only responds to agent requests over the private subnet.

Is setting up Boundary the only option here? Are there other (perhaps less savory) options for reaching the server cluster? We do not yet have all our services in the private subnet space, so --at least in the short term-- using an AWS IGW and NLB is available to us, though I’m not sure the HCP issued certificates will support that.

We definitely want to go in the Boundary direction, but with it not yet available as an HCP managed product, we are trying to figure out if it makes sense to go through the effort to self-host if there’s a short cut that we can take while we wait for the managed solution.