可能将IP入站通信白名单到aws负载均衡器后面的ec2实例? [英] possible to whitelist ip for inbound communication to an ec2 instance behind an aws load balancer?
问题描述
我有一个EC2实例,在AWS中的一个弹性负载均衡器后面运行一个网站。
I have a single ec2 instance running a website behind an elastic load balancer in aws. Mainly because I want to use Amazon's new and free ssl for https.
我的挑战是,我需要在安全组中将我的IP地址列入白名单,以便我是唯一的可以看到此网站的人(我可以根据需要有选择地添加人)。
my challenge is, I need to whitelist my IP address in the security groups so that I am the only person that can see this website (and I can selectively add people as needed).
我已成功将IP地址列入白名单,而没有负载均衡器。我的挑战是在IP地址和ec2实例之间的负载平衡器代理中列出我的IP地址。
I've successfully whitelisted my IP address without a load balancer. my challenge is white listing my IP address with the load balancer proxy between my IP address and my ec2 instance.
它看起来好像我的ec2实例不会向负载注册平衡器,因为ec2的安全组不允许我的IP地址以外的任何IP地址传入流量。
it appears as if my ec2 instance will not register with the load balancer because the security group for my ec2 does not allow incoming traffic from any IP address except for my own.
我正在寻找一种使负载平衡器能够运行的方法对我的ec2进行健康检查,但只允许特定列入白名单的ip实际访问该网站。
I am looking for a way for my load balancer to be able to health check my ec2, yet only allow specific whitelisted ips actually see the website.
推荐答案
如果您使用的是VPC(您确实应该),那么您将在负载均衡器上附加了一个安全组。您将在此处将IP地址列入白名单。 EC2服务器只需要将负载均衡器的安全组列入白名单。
If you are using a VPC (which you really should be) then you will have a Security Group attached to the load balancer. That's where you will whitelist IP addresses. The EC2 server just needs to whitelist the Load Balancer's security group.
您可以将其可视化如下:
You can visualize it like this:
您的IP->安全组1->负载均衡器->安全组2-> EC2实例
Your IP -> Security Group 1 -> Load Balancer -> Security Group 2 -> EC2 Instance(s)
安全组1验证IP地址在白名单中,并允许流量通过负载均衡器。负载平衡器将流量发送到池中的一个实例。安全组2验证流量是否来自属于安全组1(负载平衡器)的东西(已列入白名单),并允许其传递到EC2实例。
Security Group 1 verifies the IP address is on the whitelist, and allows the traffic through to the load balancer. The Load Balancer sends the traffic along to one of the instances in the pool. Security Group 2 verifies that the traffic is coming from something that belongs to Security Group 1 (the load balancer), which has been whitelisted, and allows it to pass through to the EC2 instance.
这篇关于可能将IP入站通信白名单到aws负载均衡器后面的ec2实例?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
