AWS ECS 私有和公共服务 [英] AWS ECS Private and Public Services

问题描述

我有一个场景，我必须在 AWS ECS 上部署多个微服务.我想让服务能够通过每个微服务中开发的 API 相互通信.我想在 AWS ECS 上部署前端，以及可以公开访问并且还可以与部署在 AWS ECS 上的其他微服务通信的前端.我怎样才能做到这一点?我是否可以通过将所有服务放在私有子网中来启用它们之间的通信来使用 AWS ECS 服务发现?我是否可以使用 Elastic Load Balancer 使前端微服务仅通过 Internet 上的 HTTP/HTTPS 协议可供最终用户访问，同时将其保留在私有子网中?

I have a scenario where I have to deploy multiple micro-services on AWS ECS. I want to make services able to communicate with each other via APIs developed in each micro-service. I want to deploy the front-end on AWS ECS as well that can be accessed publicly and can also communicate with other micro-services deployed on AWS ECS. How can I achieve this? Can I use AWS ECS service discovery by having all services in a private subnet to enable communication between each of them? Can I use Elastic Load Balancer to make front-end micro-service accessible to end-users over the internet only via HTTP/HTTPS protocols while keeping it in a private subnet?

推荐答案

AWS 负载均衡器(用于公共访问)和 Amazon ECS 服务发现(用于内部通信)的组合是 Web 应用程序的完美选择.

The combination of both AWS load balancer ( for public access) and Amazon ECS Service Discovery ( for internal communication) is the perfect choice for the web application.

><块引用>

ECS 中的内置服务发现是另一个特性，它使轻松开发动态容器环境，无需管理应用程序之外的尽可能多的资源.ECS 和 53 号公路结合起来提供高可用、完全托管和安全的服务发现

Built-in service discovery in ECS is another feature that makes it easy to develop a dynamic container environment without needing to manage as many resources outside of your application. ECS and Route 53 combine to provide highly available, fully managed, and secure service discovery

服务发现是一种使用容器直接 IP 地址而不是负载均衡器等中介将流量从一个容器获取到另一个容器的技术.它适用于各种用例:

Service discovery is a technique for getting traffic from one container to another using the containers direct IP address, instead of an intermediary like a load balancer. It is suitable for a variety of use cases:

• 私有的内部服务发现
• 服务之间的低延迟通信
• 长期存在的双向连接，例如 gRPC.

是的，您可以使用 AWS ECS 服务发现将所有服务置于私有子网中以启用它们之间的通信.

Yes, you can use AWS ECS service discovery having all services in a private subnet to enable communication between them.

这使得ECS服务可以自动注册在 Amazon Route 53 中使用可预测且友好的 DNS 名称.您的服务根据负载或容器进行扩展或缩减健康，Route 53 托管区域保持最新，允许其他服务来查找他们需要根据每个服务的状态.

This makes it possible for an ECS service to automatically register itself with a predictable and friendly DNS name in Amazon Route 53. As your services scale up or down in response to load or container health, the Route 53 hosted zone is kept up to date, allowing other services to lookup where they need to make connections based on the state of each service.

是的，您可以使用负载均衡器让终端用户通过互联网访问前端微服务.您可以查看此图表，其中显示了 ECS 中 Web 应用程序的 AWS LB 和服务发现.

Yes, you can use Load Balancer to make front-end micro-service accessible to end-users over the internet. You can look into this diagram that shows AWS LB and service discovery for a Web application in ECS.

您可以看到位于私有子网中的后端容器，通过 ALB 提供公共请求，而容器的其余部分使用 AWS 服务发现.

You can see the backend container which is in private subnet, serve public request through ALB while rest of the container use AWS service discovery.

Amazon ECS 服务发现

让我们启动一个具有服务发现的应用程序！首先，我将创建两个任务定义:flask-backend"和flask-worker".两者都是使用单一容器提供 HTTP 服务的简单 AWS Fargate 任务要求.我会让flask-backend 要求worker.corp 做一些工作，然后我将返回响应以及 Route 53 返回的地址工人.类似于下面的代码:

Let’s launch an application with service discovery! First, I’ll create two task definitions: "flask-backend" and "flask-worker". Both are simple AWS Fargate tasks with a single container serving HTTP requests. I’ll have flask-backend ask worker.corp to do some work and I’ll return the response as well as the address Route 53 returned for worker. Something like the code below:

@app.route("/")
namespace = os.getenv("namespace")
worker_host = "worker" + namespace
def backend():
    r = requests.get("http://"+worker_host)
    worker = socket.gethostbyname(worker_host)
    return "Worker Message: {]
From: {}".format(r.content, worker)

请注意，在此私有架构中没有公有子网，只有私有子网.子网内的容器可以使用其内部 IP 地址相互通信.但是他们需要某种方式来发现彼此的 IP 地址.

Note that in this private architecture there is no public subnet, just a private subnet. Containers inside the subnet can communicate to each other using their internal IP addresses. But they need some way to discover each other’s IP address.

AWS 服务发现提供了两种方法:

AWS service discovery offers two approaches:

• 基于 DNS(Route 53 创建并维护一个自定义 DNS 名称，该名称用于解析为其他容器的一个或多个 IP 地址，用于例如， http://nginx.service.production 那么其他容器可以只需使用以下方法打开连接即可将流量发送到目的地此 DNS 名称)
• 基于API(容器可以通过查询API来获取IP地址列表目标可用，然后直接打开一个连接到其他容器.)

• DNS based (Route 53 create and maintains a custom DNS name which resolves to one or more IP addresses of other containers, for example, http://nginx.service.production Then other containers can send traffic to the destination by just opening a connection using this DNS name)
• API based (Containers can query an API to get the list of IP address targets available, and then open a connection directly to one of the other container.)

您可以阅读有关 AWS 服务发现和使用案例的更多信息 amazon-ecs-service-discovery 和 这里

You can read more about AWS service discovery and use cases amazon-ecs-service-discovery and here

这篇关于AWS ECS 私有和公共服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！