AWS Elastic Beanstalk无法访问AWS MSK [英] AWS Elastic Beanstalk unable to access AWS MSK

问题描述

我有一个在3个子网的VPC内运行的AWS MSK集群.

I have an AWS MSK cluster running inside a VPC with 3 subnets.

当我创建我的Elastic Beanstalk(Java)环境时，它要求提供VPC，并且我在运行MSK集群的地方​​配置了相同的VPC.我还选择了我的Elastic Beanstalk网络配置中列出的所有三个子集.我没有分配公共IP，因为我不需要从Internet访问Elastic Beanstalk实例.

When I created my Elastic Beanstalk (Java) environment it asked for VPC and I configured the same VPC where my MSK cluster is running. I also selected all the three listed subsets in my Elastic Beanstalk Network configuration. I did not assigned a public IP as I don't require access from internet to Elastic Beanstalk instances.

我还向我在安全性"配置下为我的Elastic Beanstalk环境选择的IAM实例配置文件分配了AWS MSK完全访问权限.仅出于信息完整性的考虑，我选择了AWSServiceRoleForElasticBeanstalk作为服务角色.

I also assigned AWS MSK Full Access permissions to the IAM Instance Profile that I selected for my Elastic Beanstalk environment under Security configuration. Just for information completeness, I selected the AWSServiceRoleForElasticBeanstalk as a service role.

另一方面，当我将Lambda配置为访问MSK群集时，它向我询问VPC以及明确的安全组.但是在使用Elastic Beanstalk的情况下，我看不到安全组的任何此类配置选项.我在这里俯瞰什么吗?我的Lambda能够成功访问MSK群集.

On a side note, when I configured my Lambda to access the MSK cluster, it asked me for VPC as well as Security Groups explicitly. But I don't see any such configuration options for Security Groups in case of Elastic Beanstalk. Am I overlooking something here? my Lambda is able to successfully access MSK cluster.

我不明白为什么我的Elastic Beanstalk实例无法访问我的AWS MSK集群.我想念什么吗?

I don't understand why my Elastic Beanstalk instance is unable to access my AWS MSK cluster. Am I missing something?

推荐答案

借助AWS Support，我能够解决此问题.

With the help of AWS Support, I was able to resolve this issue.

首先，您可以在实例"配置卡下配置安全组.

First, you can configure Security Groups under 'Instances' configuration card.

但是，这让我有些困惑，因为VPC和子网位于网络"配置卡下，该卡堆叠在实例"配置卡之后.实例"下列出的安全组直接取决于网络"下选择的VPC和子网.如果您在网络"中更改选择，则还应该更新/查看实例"下的安全组"选择.

But, it was a bit confusing for me because, the VPC and Subnets are under 'Networking' configuration card, which is stacked way after the 'Instances' configuration card. And the Security Groups listed under 'Instances' directly depends on the VPC and Subnets selected under 'Networking'. If you change your selection in 'Networking' then you should update/review your Security Groups selection under 'Instances' as well.

因此，在我的情况下，首先在网络"下选择我的目标VPC和相关子网，然后才可以在实例"下看到我的目标安全组.

So, in my case, first I select my target VPC and related Subnets under 'Networking' and only then I was able to see my target Security Groups under 'Instances'.

这篇关于AWS Elastic Beanstalk无法访问AWS MSK的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！