带有适用于Elastic Beanstalk ELB的AWS Certificate Manager的AWS APi Gatway客户端证书 [英] AWS APi Gatway client side certificate with AWS Certificate manager for Elastic Beanstalk ELB

问题描述

我的前端托管在称为后端服务器的服务器上，即Elastic Load Balancer(ELB)，并使用Elastic Beanstalk进行部署，因此它负责自动扩展.

I have front-end hosted on a server which calls the Back-end server i.e. an Elastic Load Balancer(ELB), and using Elastic Beanstalk for deployments hence it takes care of autoscaling.

Ember/前端-> ELB->使用Nginx服务器自动缩放的EC2实例

Ember/Front-end -> ELB -> Autoscaled EC2 instances with Nginx servers

现在，我想在两者之间添加API网关，并确保ELB仅接受来自API网关的请求.我发现-> 这里<- 但是，我正在使用AWS Certificate Manager推送我的SSL证书，不确定如何使用API​​ Gateway提供的PEM文件/证书.

Now I want to add API Gateway in between and ensure that ELB takes requests from API Gateway only. I found that-> here <- But, I am using AWS Certificate manager to push my SSL certififcates, not sure how to use the PEM file/cert provided by API Gateway.

1. 是否可以通过证书管理器(控制台/cli/任何位置)将API网关提供的客户端证书文件与我购买的SSL证书一起推送?

1. Is it possible to push the API Gateway provided Client Side Cert file through Certificate manager(console/cli/anywhere) along with the SSL certs that I bought ?

是否可以在ELB处终止SSL并使用API​​网关密钥.

Is it possible to terminate SSL at ELB and use the API Gateway key.

让我感到恐惧的是，我是否需要在.ebextensions文件中的nginx config上手动配置证书?如果是，是否有更好的方法不将文件推送到代码存储库中并单独使用?

To my horror, do I need to manually configure the certs on nginx config in the .ebextensions file ? if yes, the is there a better way to not push the file son the code repo and use them separately ?

推荐答案

做到这一点的最佳方法是:-

The best way to do this is:-

如果您在VPC中使用Elastic Beanstalk，并且没有视图来重建配置.然后创建一个Elastic Load Balancer，将其附加到目标组，该目标组以Autoscaling组的实例为目标(确保也将Target组附加到Autoscaling组配置中，以便即使实例放大/缩小也能保持连接状态)

If you are using Elastic Beanstalk in a VPC and are not of a view to rebuild the configuration. Then create an Elastic Load Balancer, attach it to a Target group, which targets an Autoscaling group's instances(make sure to attach the Target group in the Autoscaling group configuration as well, so that it keeps connected even when the instances are up/downscaled).

或建立一个新的会议.使用网络负载平衡器.确保网络负载平衡器是scheme专用的，即不暴露于公共/互联网中.

Or build a new conf. using the Network Load Balancer. Make sure that the Network load balancer is of scheme private i.e. not exposed to public/internet.

下一步是在API网关中创建VPC链接(您会在API网关控制台的左侧菜单栏中看到一个选项).

Next step is to create a VPC Link in API Gateway(you see an option in the API Gateway Console left menu-bar).

更多信息: https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-private-integration.html

这篇关于带有适用于Elastic Beanstalk ELB的AWS Certificate Manager的AWS APi Gatway客户端证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！