AWS安全组 - EC2到RDS [英] AWS Security Groups - EC2 to RDS
问题描述
我想问问关于AWS EC2连接到RDP。
I wanted to ask about connecting EC2 to RDP in AWS.
我已经加入我的EC2安全组(包含EC2实例)到默认RDP集团和数据流动 - 连接工程
I have added my EC2 Security Group (that contains the EC2 instances) into the Default RDP Group and Data is flowing - the connection works.
在EC2安全组有80端口0.0.0.0/0和SSH到我的IP功能。
The EC2 Security group has Port 80 to 0.0.0.0/0 and SSH to my IP enabled.
我很担心,加入该EC2组到RDS数据库,将允许来自任何地方的80端口的流量来访问数据库的联系。这是正确的还是错误的?
I'm a touch concerned that by adding this EC2 group to the RDS Database it will allow Port 80 traffic from anywhere to access the Databases. Is this correct or wrong?
遵守规则的EC2应用到RDS实例,如果连接这个样子?
Do the rules in the EC2 apply to the RDS instances if you connect them like this?
我看过对AWS网站数据库安全组只允许访问数据库服务器端口。任何人都可以证实这一点是正确的?
I did read on the AWS websites that 'Database Security Groups only allow access to the database server port'. Can anyone confirm this is correct?
三江源
推荐答案
您不必担心额外的端口被打开,RDS服务器上。
You do not need to worry about additional ports being opened up on RDS server.
在EC2安全组只是当作一个访问控制列表中的RDS数据库安全策略时使用。
The EC2 security groups are just treated like an access control list when used in RDS DB security policies.
基本上你说的话是,你想让它属于特定的EC2安全组可以访问使用DB安全组策略中的RDS实例的任何实例。
Basically what you are saying is that you want to let any instances which belong to specific EC2 security group have access to the RDS instances using that DB security groups policy.
在EC2安全组中定义的具体规则并不重要。
The specific rules defined in the EC2 security groups do not matter.
此行为基本上是给你一个便捷的方式,很容易让从服务器集群与一些常见的关联(他们的安全组)的访问。
This behavior basically just gives you a convenient way to easily allow access from a cluster of servers with some common association (their security group).
这篇关于AWS安全组 - EC2到RDS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
