如何仅从NLB限制对EC2的访问 [英] How to limit the access to EC2 from NLB only
问题描述
是否有办法确保仅来自特定NLB的访问?在目前的NLB限制下,我不确定是否有办法.
Is there a way to make sure accesses are coming only from a specific NLB? Under the current NLB limitations, I am not sure if there is a way.
-
AWS网络负载平衡器(NLB)没有安全组(SG),因此无法使用SG来验证源是NLB.
AWS Network Load Balancer (NLB) does not have Security Group (SG), hence cannot use SG to verify the source is NLB.
NLB(实例ID目标)保留了外部客户端的源IP地址,因此无法使用源IP来验证源是NLB.
NLB (instance ID target) preserves the source IP address of the external client, hence cannot use source IP to verify the source is NLB.
如果您使用实例ID指定目标,则会保留客户端的源IP地址并将其提供给您的应用程序.
If you specify targets using an instance ID, the source IP addresses of the clients are preserved and provided to your applications.
推荐答案
您可以将EC2放在NAT子网中,然后通过NLB指向此EC2.这样,尽管您的EC2安全组设置为0.0.0.0/0,但只有NLB可以访问它.
You can put EC2 on the NAT subnet, and then point to this EC2 through NLB. This way, although your EC2 security group is set to 0.0.0.0/0, only NLB can access it.
这篇关于如何仅从NLB限制对EC2的访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
