来自安全组的EC2入站不起作用-我做错了什么？ [英] EC2 inbound from security group not working - what have I done wrong?

问题描述

我有两个实例。

IOne在us-east-1b中，在安全组 bamboo中

IOne is in us-east-1b and is in security group 'bamboo'

ITwo在us-east-1c中，位于安全组'sambo的ssh'中。

ITwo is in us-east-1c and is in security group 'ssh from bamboo'

在ssh的ssh中，我允许来自组的22端口的入站流量'bamboo'

In ssh from bamboo I allow inbound traffic on port 22 from group 'bamboo'

如果我更改安全性，这将导致IOne在尝试通过SSH进入ITwo时超时。

This results in IOne getting timeouts when trying to SSH into ITwo

如果将规则设置为IOne的IP地址而不是组名，则SSH连接将成功。

If I change the security rule to the IP address of IOne instead of the group name, the SSH connection succeeds.

我读到两台计算机必须位于同一区域（尽管没有提及区域）。我上面的设置应该可以工作吗？如果不是，我需要更改什么？

I read that the two machines have to be in the same region (though it doesn't mention zones). Should my above setup work? If not what would I need to change?

推荐答案

您不能使用公共IP，但是可以使用公共主机名（ec2-IPADDRESS-.us-east-1.compute.amazonaws.com），因为当从EC2内部调用时，它将解析为内部IP地址，并且将从亚马逊网络外部解析为外部IP。

You can't use the public IP, but you can use the public hostname (ec2-IPADDRESS-.us-east-1.compute.amazonaws.com) because this will resolve to the internal IP address when called from inside EC2, and will resolve to the external IP from outside Amazon's network.

这篇关于来自安全组的EC2入站不起作用-我做错了什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！