VPC专用子网中的EC2实例的Amazon ELB [英] Amazon ELB for EC2 instances in private subnet in VPC

问题描述

我正在使用Amazon EC2，我想将面向互联网的ELB（负载均衡器）放置到私有子网中的2个实例上。我正在将VPC与公共和私有子网一起使用。

I'm using Amazon EC2, and I want to put an internet-facing ELB (load balancer) to 2 instances on a private subnet. I am using VPC with public and private subnets.

• 如果仅将私有子网添加到ELB，它将无法获得任何连接。


• 如果我将两个子网都连接到ELB，则它可以访问实例，但是它经常会超时。 （请参阅屏幕快照1）


• 如果我仅连接到公共子网，则连接到ELB的实例将获得OutOfService，因为我在公共子网中没有任何实例，实例计数显示为0。（请参阅屏幕快照2）

• If I just add the private subnet to the ELB, it will not get any connections.
• If I attach both subnets to the ELB then it can access the instances, but it often will get time-outs. (Refer Screenshot 1)
• If I attach to only public subnet then my instance attached to ELB gets OutOfService because I do not have any instance in the Public Subnet, instance count shows 0. (Refer Screenshot 2)

截屏1：两个子网都连接了

Screenshot 1: Both subnets attached

截屏2：仅连接了公共子网

Screenshot 2: Only public subnet attached

我的问题实际上是对此问题的扩展。遵循接受的答案中提到的所有6个步骤之后，我仍然感到震惊，我附加到ELB的实例获得OutOfService。我什至尝试允许在EC2实例和ELB的安全组中允许端口，但这并没有帮助。

My question is actually an extension to this question. After following all 6 steps mentioned in the accepted answer, I am still getting struck, my instance attached to ELB gets OutOfService. I have even tried with allowing ports in the Security Groups for EC2 instances and ELB, but it did not help.

请帮助，我为此感到震惊。

Please help, I am breaking my head with this.

推荐答案

您引用的另一个SO问题就在现场。重复/三次检查以下内容

The other SO question you referenced is spot on. Double/Triple check the following

• 您只需在ELB上附加公共子网，并确保这些子网的可用区与之对齐实例所在的专用子网的可用性区域。


• 确保实例的安全组允许从负载均衡器的安全组进行访问


• 负载平衡器安全组应具有一个允许健康检查到达实例的出口规则


• 请确保您的健康检查在实例上本地进行。例如，如果您在ELB中进行的健康检查是 HTTP：8080 / health_check ，则在实例上，您可以 curl xxxx：8080 / health_check （其中 xxxx 是实例的私有IP）并获得200响应代码。


• 公共子网路由表应将 0.0.0.0/0 路由到连接到VPC的Internet网关。


• 专用子网路由表应将 0.0.0.0/0 路由到公共子网中的NAT实例或网关

• You need to attach only public subnets to your ELB, making sure that the availability zones those subnets are aligned with the availability zones of the private subnets that your instances are in.
• Make sure that the security group of your instances allows access from the security group of your load balancer
• The load balancer security group should have an egress rule allowing the health check to reach the instance
• Make sure that your health check is working locally on the instance. For example, if your health check in the ELB is HTTP:8080/health_check, on the instance you can curl x.x.x.x:8080/health_check (where x.x.x.x is the private IP of the instance) and get a 200 response code.
• The public subnet routing table should route 0.0.0.0/0 to the internet gateway attached to your VPC.
• The private subnet routing table should route 0.0.0.0/0 to a NAT instance or gateway in a public subnet

这篇关于VPC专用子网中的EC2实例的Amazon ELB的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！