如何在VPC内将STATIC地址分配给EBS(beanstalk)? [英] How do you allocate STATIC addresses to an EBS (beanstalk) within a VPC?
问题描述
我们当前的网站使用弹性beantalk来创建实例,但是我们需要将IP列入白名单,以便它们可以与私有资源进行对话.
Our current website uses elastic beanstalk to create instances, but we need to whitelist the IPs so they can talk to a private resource.
您如何做到这一点? EBS使用带有公共子网的VPC.
How do you do this? The EBS uses a VPC with a public subnet.
谢谢!
推荐答案
有2种可能的选项来实现您想要的.
There are 2 possible options to achieve what you want.
选项1:
如果后端EC2实例位于公共子网中,则可以预先分配一个弹性IP地址池,并将其与您的私有资源列入白名单.
If your backend EC2 intances are in a public subnet, you could pre-allocate a pool of Elastic IP addresses and whitelist them with your private resource.
由于您的EC2实例是由Auto Scaling组(我假设)创建的,因此您将拥有一个在EC2实例上运行的脚本,该脚本将从您的池中选择一个弹性IP地址并将其与该实例相关联.
Since your EC2 instances are created by an Auto Scaling group (I assume), you would then have a script that runs on your EC2 instance that would select an Elastic IP address from your pool and associate it with the instance.
如果您的弹性IP地址池用完了,则会出现问题.
A problem occurs if your pool of Elastic IP addresses runs out.
选项2:
如果您的EC2实例位于私有子网中,则来自EC2实例的所有出站流量都将通过NAT.
If your EC2 instances are in a private subnet, then you would have all outbound traffic from your EC2 instances go through a NAT.
您将使用您的私有资源分配一个弹性IP地址和该弹性IP地址的白名单.
You would allocate a single Elastic IP address and whitelist that Elastic IP address with your private resource.
如果您将弹性IP地址与NAT相关联,则您的私有资源将看到来自所有EC2实例的流量都源自列入白名单的IP地址.
If you associate the Elastic IP address with your NAT, then your private resource will see the traffic from all your EC2 instances as originating from the whitelisted IP address.
其他评论
由于您拥有面向公众的ELB,因此出于安全目的,后端EC2实例应位于专用子网中.
Since you have the public facing ELB, your backend EC2 instances should be in private subnets for security purposes.
这以及选项1所需的额外脚本,使选项2成为首选.
This, along with the extra scripting required for option 1, makes option 2 the preferred choices.
这篇关于如何在VPC内将STATIC地址分配给EBS(beanstalk)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
