如何负载均衡AWS私有子网EC2实例 [英] How to load balance AWS private subnet EC2 instances
问题描述
如果创建ELB并尝试附加私有子网实例,则运行状况检查将失败:OutOfService.
If I create an ELB and try to attach the private subnet instances, my health check fails: OutOfService.
问题1:我可以获取用于负载平衡的内部/专用IP(不是IP,而是dns名称).即无法访问互联网?
Question 1 : Can I get a internal / private IP(not IP but dns name) for Load Balancing. i.e not accessible to the internet?
问题2:如果我的应用程序负载平衡器具有公用的dnsname.如何附加没有弹性IP(无法访问Internet)的私有子网中的EC2实例.我正在寻找最好的方法.我们应该有吗?
Question 2 : If I have a public dnsname for my Application Load Balancer. How do I attach EC2 instances that are in my private subnet without an Elastic IP(aren't internet accessible). I am looking for the best approach. Should we have-
ELB->公共子网EC2实例(代理配置-*/* [private_ip]:[port]/*)->私有Subnet/EC2实例中的服务,此处具有运行状况检查.
ELB --> public subnet EC2 instances (proxy configuration- */* [private_ip]:[port]/* ) ---> Service from Private Subnet/EC2 instance with health checks here.
推荐答案
传统体系结构是:
- 公共子网中的
- 弹性负载均衡器 私有子网 中的
- Amazon EC2实例
- 负载均衡器上的安全组,允许端口80&来自
0.0.0.0/0
的443 - 实例上的安全组允许 Load Balancer安全组 的端口80
- 具有
CNAME
记录集的Amazon Route 53托管区域,该记录集指向负载均衡器的DNS名称
- Elastic Load Balancer in public subnet
- Amazon EC2 instances in private subnet
- Security group on Load Balancer permitting port 80 & 443 from
0.0.0.0/0
- Security group on instances permitting port 80 from the Load Balancer security group
- An Amazon Route 53 Hosted Zone with a
CNAME
record set pointing to the DNS Name of the Load Balancer
如果您的实例未通过负载均衡器运行状况检查,请检查以下各项:
If your instances are failing the Load Balancer health check, check the following:
- 实例应具有一个安全组,以允许从负载均衡器进行入站访问
- 应该为Load Balancer运行状况检查配置一个用于运行状况检查的网页路径
- 实例应具有可正常运行的Web服务器,以响应运行状况检查
这篇关于如何负载均衡AWS私有子网EC2实例的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!