AWS Elastic Beanstalk 无法访问 AWS MSK [英] AWS Elastic Beanstalk unable to access AWS MSK

问题描述

我在具有 3 个子网的 VPC 内运行了一个 AWS MSK 集群.

I have an AWS MSK cluster running inside a VPC with 3 subnets.

当我创建 Elastic Beanstalk (Java) 环境时，它要求 VPC，我配置了运行 MSK 集群的相同 VPC.我还在 Elastic Beanstalk 网络配置中选择了所有三个列出的子集.我没有分配公共 IP，因为我不需要从 Internet 访问 Elastic Beanstalk 实例.

When I created my Elastic Beanstalk (Java) environment it asked for VPC and I configured the same VPC where my MSK cluster is running. I also selected all the three listed subsets in my Elastic Beanstalk Network configuration. I did not assigned a public IP as I don't require access from internet to Elastic Beanstalk instances.

我还在安全配置下为我为 Elastic Beanstalk 环境选择的 IAM 实例配置文件分配了 AWS MSK 完全访问权限.只是为了信息完整性，我选择了 AWSServiceRoleForElasticBeanstalk 作为服务角色.

I also assigned AWS MSK Full Access permissions to the IAM Instance Profile that I selected for my Elastic Beanstalk environment under Security configuration. Just for information completeness, I selected the AWSServiceRoleForElasticBeanstalk as a service role.

顺便提一下，当我配置 Lambda 以访问 MSK 集群时，它明确要求我提供 VPC 和安全组.但是在 Elastic Beanstalk 的情况下，我没有看到安全组的任何此类配置选项.我在这里忽略了什么吗?我的 Lambda 能够成功访问 MSK 集群.

On a side note, when I configured my Lambda to access the MSK cluster, it asked me for VPC as well as Security Groups explicitly. But I don't see any such configuration options for Security Groups in case of Elastic Beanstalk. Am I overlooking something here? my Lambda is able to successfully access MSK cluster.

我不明白为什么我的 Elastic Beanstalk 实例无法访问我的 AWS MSK 集群.我错过了什么吗?

I don't understand why my Elastic Beanstalk instance is unable to access my AWS MSK cluster. Am I missing something?

推荐答案

在 AWS Support 的帮助下，我能够解决这个问题.

With the help of AWS Support, I was able to resolve this issue.

首先，您可以在实例"配置卡下配置安全组.

First, you can configure Security Groups under 'Instances' configuration card.

但是，这让我有点困惑，因为 VPC 和子网位于网络"配置卡下，该卡位于实例"配置卡之后.实例"下列出的安全组直接取决于网络"下选择的 VPC 和子网.如果您更改了网络"中的选择，那么您还应该更新/检查实例"下的安全组选择.

But, it was a bit confusing for me because, the VPC and Subnets are under 'Networking' configuration card, which is stacked way after the 'Instances' configuration card. And the Security Groups listed under 'Instances' directly depends on the VPC and Subnets selected under 'Networking'. If you change your selection in 'Networking' then you should update/review your Security Groups selection under 'Instances' as well.

因此，就我而言，首先我在网络"下选择我的目标 VPC 和相关子网，然后我才能在实例"下看到我的目标安全组.

So, in my case, first I select my target VPC and related Subnets under 'Networking' and only then I was able to see my target Security Groups under 'Instances'.

这篇关于AWS Elastic Beanstalk 无法访问 AWS MSK的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！