如何从AWS胶访问VPC中的AWS资源? [英] How can I access aws resources in VPC from AWS glue?

问题描述

我有一个粘合工作，它正在通过EC2实例托管的API.

I have a glue job which is hitting an API hosted over an EC2 instance.

问题是EC2实例驻留在VPC内，阻止所有公共访问.

The problem is EC2 instance resides within a VPC blocking all public access.

我尝试在VPC中创建终结点接口，但仍然无法访问REST API.

I tried creating an endpoint interface in my VPC but still can't access the REST API.

主机始终无法访问，但是当我尝试从VPC访问API时，一切正常.

The host is always unreachable but when I try to access the API from VPC it is working fine.

在创建VPC端点时使用与EC2实例关联的安全组.

The security group associated with the EC2 instance is used while creating the VPC Endpoint.

感谢您的帮助

推荐答案

如果您转到AWS Glue控制台，则在连接下，创建一个连接.虚拟连接意味着什么，它仅仅是一个不存在的数据库或资源，例如: jdbc:mysql://some-fake-endpoint-here:3306/mydb .之后，您选择正确的VPC，子网和安全组.这意味着测试连接在这种情况下将不起作用，但它带来的是一种将VPC，子网和安全组信息引入作业的方法.可以使用python-shell作业或在同一vpc或同一子网中启动ec2实例并运行类似 nc -vz endport port 之类的东西来测试这种连接.

If you go to AWS Glue console, under connections, create a connection. What is meant by a dummy connection, is just be a non-existent database or resource for example: jdbc:mysql://some-fake-endpoint-here:3306/mydb. After this you choose the correct VPC, subnet and security group. Which means a test connection will not work in this context but what it brings is a way to introduce your VPC, Subnet and Security group information to the job. Testing such a connection can be done using a python-shell job or launch an ec2 instance in the same vpc or same subnet and run something like nc -vz endport port.

此连接元数据信息将有助于在您的帐户中启动弹性网络接口，该接口允许粘合DPU在运行时与您的资源进行通信.此处，详细讨论了胶合中的连接方式.

This connection metadata information will facilitate the launching of elastic network interfaces in your account that allow glue DPUs to communicate with your resource at runtime. More on how connections in glue is discussed here.

这篇关于如何从AWS胶访问VPC中的AWS资源?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！