architecture – Assigning an EC2 per User

Tldr; How can I assign an EC2 per user and have our UI Client securely communicate with that User’s EC2 as well as have this EC2 push out notifications to our UI Client.

As of right now we have two services running in Fargate containers, a UI client and a backend API. Users interact through our UI client which makes calls to our BE API. We’re in the process of adding a third service which needs to be run on a separate resource (EC2) for each user. All of these services are contained in the same VPC. Initially we thought we could create an EC2 instance for a user, assign it to them (keep a mapping in our database which just maps a User ID to an EC2 private IP address) and then query from our UI client to the EC2 via it’s private IP. This however is not possible as our UI client is served over HTTPS and requests via HTTP get blocked by the browser. In order to get around this we placed a Lambda between our UI and new service, which takes all the relevant information, makes the request to the EC2 and returns the result to the UI. An added layer to this was we had planed to have our third service send out notifications via server-side-events and consume them on our UI using an EventSource which now because of the Lambda in the middle becomes a little more cumbersome. An alternative solution could be to enable SSL/HTTPS on each EC2 instance but I don’t know how viable this is. How else could I go about architecting this?

Any help is greatly appreciated.