使用多种环境创建和保护AWS EB应用程序 [英] Create and Secure AWS EB Application with multiple Environments
问题描述
我已经开发了一个应用程序,该应用程序可以在一组服务上运行,这些服务正在收集和详细说明从Internet收集的数据(app_one,app_two,app_three),然后我有一个核心应用程序,用于合并和可视化该信息(app_core) . 该项目基于AWS Elastic Beanstalk的顶部,每个应用程序都有自己的git. 为了处理Apps之间的连接,我(不安全地)将每个服务都映射到一个子域.
I've developed an application that works on top a set of services that are collecting and elaborating data collected from the Internet (app_one, app_two, app_three) and then I have a core App that merges and visualizes that information (app_core). This project is based on top of AWS Elastic Beanstalk, having for each App its own git. To handle the connection between Apps I've (insecurely) mapped each service with a subdomain.
我将喜欢在VPC内移动该项目的开发,并保护REST Flask应用程序(一个,两个,三个)与核心应用程序之间的接口安全.
I will love to move development of this project inside a VPC and secure the interfaces between the REST Flask Apps (one,two,three) and the Core App.
1)我如何避免对我的eb环境进行公开IP?每次跑步:
1) How I can avoid to give a public ip to my eb-enviroment? Every time I run:
eb create myenvname --instance_type t2.XXX
它会自动设置一个公共IP.我可以在VPS后面和Internet Gateway内移动它吗?
it automatically set up a public IP. Can I move it inside the VPS behind and Internet Gateway?
2)如果有办法将这些服务安全地移到网关后面, 如何解决这些应用之间的HTTP请求? 我内部没有子域,是否需要使用私有IP(我不这么认为)?有没有一种方法可以私下处理这些服务?像在Docker中一样,将单个Docker称为"app_one/".
2) If there is a way to securely move those services behind the gateway, how can I address HTTP requests between those Apps? I don't have subdomains here internally, Should I need to use the private IP's(I don't think so)? There is a way to privately address those services? like in Docker refer to the single docker as " app_one/ ".
对于这些问题听起来很幼稚,我感到抱歉,但是我在另一个完全感兴趣的领域拥有背景知识
I'm sorry if those questions could sound naive, but I have got a background in a completely other area of interest
非常感谢
我添加了项目文件夹结构:
I add project folder structure:
--+/MyAPP
|
|---+/app_one # single env folder
| ...
|
|---+/app_two . # single env folder
| ...
|
|---+/app_three # single env folder
| ...
|
|---+/app_core # single env folder
|--/env # virtual env
|--+/app_core # flask application
|--/lib
|--+/.elasticbeanstalk # eb folder
| |--config.yml
|--application.py
|--requirements.txt
推荐答案
您必须将应用程序启动到专用子网中或设置配置标志AssociatePublicIpAddress = false
.
You have to launch your apps either into a private subnet or set the configration flag AssociatePublicIpAddress = false
.
配置文件
使用.ebextensions配置使应用程序正常工作所需的选项,并为其他选项提供默认值,这些默认值可以在更高的优先级被覆盖. .ebextensions中指定的选项具有最低的优先级,并且被其他任何级别的设置所覆盖.
Configuration Files
Use .ebextensions to configure options that are required to make your application work, and provide default values for other options that can be overridden at a higher level of precedence. Options specified in .ebextensions have the lowest level of precedence and are overridden by settings at any other level.
要使用配置文件,请在项目源代码的顶层创建一个名为.ebextensions的文件夹.添加扩展名为.config的文件,并通过以下方式指定选项:
To use configuration files, create a folder named .ebextensions at the top level of your project's source code. Add a file with the extension .config and specify options in the following manner:
option_settings:
- namespace: namespace
option_name: option name
value: option value
- namespace: namespace
option_name: option name
value: option value
设置标志AssociatePublicIpAddress = false
.ebextensions/app.config
option_settings:
- namespace: aws:ec2:vpc
option_name: AssociatePublicIpAddress
value: false
如何设置Subnet
.ebextensions/app.config
option_settings:
- namespace: aws:ec2:vpc
option_name: VPCId
value: vpc-4545121
- namespace: aws:ec2:vpc
option_name: Subnets
value: sub-45455565
+资源
- 配置选项
- 所有环境的常规选项
- 使用配置文件
.ebextensions
进行高级环境自定义 - 获得知道和喜欢AWS Elastic Beanstalk配置文件
.ebextensions
- Configuration Options
- General Options for All Environments
- Advanced Environment Customization with Configuration Files
.ebextensions
- Getting to Know and Love AWS Elastic Beanstalk Configuration Files
.ebextensions
+ Resources
希望有帮助!
这篇关于使用多种环境创建和保护AWS EB应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!