如何使用Amazon Elastic Beanstalk加密web.config节并部署到多台服务器 [英] How to encrypt web.config section AND deploy to multiple servers with Amazon Elastic Beanstalk
问题描述
我正在使用AWS Elastic Beanstalk部署网站,并且非常容易部署到负载平衡的Web场中.
I am deploying a website using AWS Elastic Beanstalk and it is very easy to deploy into a load balanced web farm.
现在,无论是在部署之前还是之后,我都希望对web.config中已部署站点的某些部分进行加密.
Now, I want to encrypt some of the sections in the web.config for the sites that I have deployed, whether it is before deploying, or after.
关于如何使用RSA使用Aspnet_regiis.exe工具加密部分的文章很多,但是,问题是在处理Web场时,因为您需要将私钥导出到其他服务器.
There are many articles on how to use the Aspnet_regiis.exe tool using RSA to encrypt a section, however, the issue is when you are dealing with a web farm because you need to export the private key to other servers.
从本文 http://msdn.microsoft.com/zh-CN/library/ff647398.aspx 参见:
Web服务器场方案如果要在Web服务器场中的多个服务器上部署相同的加密配置文件,则应使用 RSAProtectedConfigurationProvider.该提供程序可以轻松实现 您在一台服务器计算机上加密数据,然后导出RSA 解密数据所需的私钥.然后,您可以部署 配置文件和导出到目标服务器的密钥,以及 然后重新导入密钥.
Web Farm Scenarios If you want to deploy the same encrypted configuration file on multiple servers in a Web farm, you should use the RSAProtectedConfigurationProvider. This provider makes it easy for you encrypt the data on one server computer and then export the RSA private key needed to decrypt the data. You can then deploy the configuration file and the exported key to the target servers, and then re-import the keys.
但是,我的问题是,在负载平衡的环境中,服务器会由于自动缩放规则而上下波动,因此我需要一个过程来自动管理密钥,即在新部署的服务器上导入用于加密Web.config的私钥.
However, my problem is that in a load balanced environment, servers are going to go up and down due to Autoscale rules, and I need a process to automate the management of the keys, that is, importing on a newly deployed server the private keys used to encrypt the Web.config.
有人这样做或可以提供一些见识吗?
Has anyone done this or can provide some insight?
推荐答案
您可以利用容器命令导入私钥吗?该命令将在每次实例初始化时执行.例如,一旦开始将密钥保存在永久性存储(例如S3)中,那么自动缩放就不会成为问题.
Can you leverage container commands to import private keys? The command will be executed each time the instance is initialized. Once you begin keeping your keys in a persistent store, S3, for example, then autoscaling should not be an issue.
在运行Windows的EC2实例上自定义软件有关容器命令的更多详细信息.
Customizing the Software on EC2 Instances Running Windows has more details on container commands.
这篇关于如何使用Amazon Elastic Beanstalk加密web.config节并部署到多台服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
