我如何为EC2添加入站安全规则使用DNS？ [英] How do I add inbound security rules for EC2 using DNS?

问题描述

我使用appery.io，我需要白名单是应用服务器，如本<一个href="https://devcenter.appery.io/documentation/backendservices/api-ex$p$pss/#Making_your_database_available_for_API_Ex$p$pss"相对=nofollow>教程使用我的数据库托管在亚马逊RDS。

I am using appery.io, and I need to whitelist it's app server as shown in this tutorial using my database hosted on Amazon RDS.

我怎样做，使用它的DNS？即。

How do I do that using it's DNS? i.e.

aex1.appery.io
  aex2.appery.io

aex1.appery.io
aex2.appery.io

我知道我能做到这一点使用它的IP地址。不过，我想使用它的DNS，以防止IP地址更改。

I know I can do that using it's IP address. However, I would like to use it's DNS to protect against IP address changes.

推荐答案

据我所知，并从尝试在AWS控制台和VPC文件：的 http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html

From what I know and from trying out on aws console and the VPC documentation: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html

您只能指定IP。

唯一的其他方法可以让我想到的是：将在同一个VPC服务为您的数据库。让它定期检查在IP网址你粘贴任何更改。如果它的变化，那么就应该相应地更新规则。要允许它访问AWS API，你需要给它与所需的权限运行的实例。 阅读实例配置文件。您需要使用IAM创建所需的角色，然后启动实例时分配相应的实例配置文件到您的实例。您的code应该运行在该实例，这将有所需的权限的基础上创建的角色。

Only other way I can think of is: Place a service in the same VPC as your DB. Make it to periodically check for any changes in the IP of the url you pasted. If it changes, then it should update the rules accordingly. To allow it to access AWS API, you need to give the instance it is running on with required permissions. Read about instance profiles. You need to create the required role using IAM and then assign the corresponding instance profile to your instance when launching the instance. Your code should run on that instance and it will have required permission based on the role you created.

您可以运行此程序AWS之外也是如此。但给它获得access_key和SecretKey的，区域并设置合适的角色为该用户。

You can run this program outside aws as well. But give it access to access_key and secretkey, region and set right role for that user.

这篇关于我如何为EC2添加入站安全规则使用DNS？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！