限制对 Elastic Beanstalk 的 HTTP 访问 [英] Restrict HTTP Access to Elastic Beanstalk
问题描述
是否可以将对 Elastic Beanstalk 应用程序的 HTTP 访问限制为仅某些 IP 地址?我已经尝试向我的环境的安全组添加规则,但这些似乎没有任何效果.这是因为所有 HTTP 流量都通过弹性负载均衡器路由,而弹性负载均衡器不在安全组?
Is it possible to restrict HTTP access to an Elastic Beanstalk application to only certain IP addresses? I"ve tried adding rules to my environment's Security Group but these don't appear to be having any effect. Is this because all HTTP traffic is routed through the Elastic Load Balancer, which isn't within the security group?
推荐答案
我已将 Elastic Beanstalk 应用程序的 HTTP 访问限制为仅某些 IP 地址.
以下是我的程序.
I have restricted HTTP access to an Elastic Beanstalk application to only certain IP addresses.
Following is my procedure.
在 VPC(亚马逊虚拟私有云)中创建新的 beanstalk 环境.
请阅读以下文件.
将 AWS Elastic Beanstalk 与 Amazon VPC 结合使用
示例:在 VPC 中启动 AWS Elastic Beanstalk 应用程序
注意:上个月我尝试使用 AWS Tookit for Eclipse 在 VPC 中创建一个新的 beanstalk 环境 (Tomcat).但是由于 AWS Toolkit for Eclipse 的错误,我无法创建新的 beanstalk 环境.最后,我可以使用 elastic-beanstalk-create-environment 命令创建一个新的 beanstalk 环境.因此我建议使用 elastic-beanstalk-create-environment 命令.
Create new beanstalk environment in the VPC(Amazon Virtual Private Cloud).
Please read following documents.
Using AWS Elastic Beanstalk with Amazon VPC
Example: Launching an AWS Elastic Beanstalk Application in a VPC
note: I tried to create a new beanstalk environment(Tomcat) in the VPC using AWS Tookit for Eclipse last month. But I could not create a new beanstalk environment due to the bug of AWS Toolkit for Eclipse. Finally, I could create a new beanstalk environment using a elastic-beanstalk-create-environment command. Therefore I recommend to use elastic-beanstalk-create-environment command.
创建一个新的网络ACL(VPC的功能)并打开入站选项卡并配置以限制源IP地址.将此网络 ACL 设置为具有 beanstalk 的 ELB 的 VPC 子网.
Create a new Network ACL(VPC's function) and open the inbound tab and configure to restrict source IP addresses. Set this Network ACL to the subnet of VPC which have a beanstalk's ELB.
这篇关于限制对 Elastic Beanstalk 的 HTTP 访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
