是否可以使用带有Elasticbeanstalk的内部负载均衡器来创建私有服务? [英] Is it possible to have an internal load balancer with elasticbeanstalk to create a private service?
问题描述
我有一个使用Elasticbeanstalk部署的api,并且希望将其完全内部化,以便无法从公共Internet进行访问.之所以这样做,是因为我只希望可以通过其他服务访问该服务(每个服务都在自己的VPC中运行,并且都通过elasticbeanstalk进行部署.)
I have an api that I deploy using elasticbeanstalk, and I wish to make it completely internal so that it cannot be accessed from the public Internet. I am doing this because I only want the service to be accessible via our other services (that each run in their own VPCs and are all deployed via elasticbeanstalk).
是否可以在Elasticbeanstalk中使用内部ELB?这就是我需要做的吗? VPC对等可以在这里帮助我吗?
Is it possible to use an internal ELB with elasticbeanstalk? Is this even what I need to do? Can VPC peering help me here?
最终目的是api需要具有一些公共的http资源和一些私有的http资源.我的方法是将服务设为私有并通过API Gateway公开任何公共资源,但这也许不是正确的解决方案.通过API网关公开所有内容,在私有资源上要求IAM身份验证并在来自API网关的请求的api中强制实施,可能会更好吗?
The ultimate aim is that the api needs to have some http resources public and some private. My approach was going to be to make the service private and expose any public resources via API Gateway, but perhaps this is not the right solution. Would it perhaps be better to expose everything through API Gateway, require IAM auth on the private resources and enforce in the api that requests come from API Gateway?
推荐答案
是的,您可以将ELB添加到任何VPC,包括Internet上无法访问的私有地址范围内的ELB.
Yes, you can add an ELB to any VPC, including those on private address ranges that are not accessible to the internet.
在配置Beanstalk实例时,选择一个适当的VPC,取消选择关联公共IP地址",将ELB放置在至少一个专用子网中,然后选择内部"以显示ELB.
When configuring your Beanstalk instance, choose an appropriate VPC, unselect "Associate Public IP Address", place an ELB in at least one private subnet and select "Internal" for the ELB visibility.
VPC配置页面如下:
The VPC configuration page looks like:
这篇关于是否可以使用带有Elasticbeanstalk的内部负载均衡器来创建私有服务?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
