AWS安全组包括另一个安全组 [英] AWS Security group include another Security Group

问题描述

从文档中: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#security-group-rules

源或目标:源(入站规则)或目标 (出站规则).指定以下选项之一:

Source or destination: The source (inbound rules) or destination (outbound rules) for the traffic. Specify one of these options:

(...)

另一个安全组.这允许实例 与指定的安全组关联以访问实例 与该安全组关联.这不会从 源安全组到此安全组.您可以指定以下之一 以下安全组:

Another security group. This allows instances associated with the specified security group to access instances associated with this security group. This does not add rules from the source security group to this security group. You can specify one of the following security groups:

当前的安全组.

有人尝试过吗?

我创建了2个盒子BoxA，BoxB.我创建了一个安全组GroupA，其中来自源GroupA的入站端口为所有端口".如果我尝试从BoxA到端口9000上的telnet BoxB，而BoxB在端口9000上有一个simpleHttpServer，我将一事无成.

I created 2 boxes BoxA, BoxB. I created a Security group GroupA with inbound from Source GroupA on port "All port". If I try from BoxA to telnet BoxB on port 9000 with BoxB having a simpleHttpServer on port 9000 I get nothing.

我该怎么办?

推荐答案

我对在添加新规则时在源(入站规则)和目标(出站规则)中添加另一个安全组的确切含义感到困惑.我找到了下面给出的说明(来源: https://docs. aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#SecurityGroupRule )非常有用.

I was confused about what it exactly means to add another security group in Source (Inbound Rules) and Destination (Outbound Rules) when adding a new rule. I found the explanation given below (source: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#SecurityGroupRule) very useful.

将安全组指定为规则的源时，将允许来自弹性网络接口(ENI)的流量与与指定协议和端口的源安全组关联的实例.组作为源不会添加源安全组中的规则."

这篇关于AWS安全组包括另一个安全组的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！