本文介绍了交通是否跳过我的AWS ELB,如果我没有在我的EB环境的入站规则指定安全组?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个与弹性负载均衡创建的AWS弹性魔豆环境,并指定默认ELB安全组(ELB创建安全组使用时,ELB创建过程中没有指定安全组)作为源入站HTTP。

I have an AWS Elastic Beanstalk environment that is created with an Elastic Load Balancer, and which specifies the default ELB security group ("ELB created security group used when no security group is specified during ELB creation") as the source for inbound HTTP.

如果我更换此默认ELB安全组,作为我的环境中的安全组的入站规则的源端口范围确实流量

If I replace this default ELB security group as the source for my environment's security group's inbound rules with a port range does traffic

  • 仍然会通过ELB,是它
  • 由ELB的安全组的规则仍然过滤

还是流量再跳的ELB(或至少是安全组),并直接来到我的情况?

or does traffic then "skip" the ELB (or at least it's security group) and come directly to my instances?

推荐答案

这听起来像你混淆网络与防火墙规则路由的概念。安全组不会影响这里交通指向。

It sounds like you're confusing the concept of network routing with firewall rules. The security groups will not effect where traffic is directed.

组网布线:

  • DNS设置转发流量到您的ELB。
  • 在ELB配置将漏斗的流量接收与它注册的EC2实例。

安全组:

  • 您ELB和放大器; EC2实例都分配有安全组。不管是什么执导的流量有网络的路由规则,防火墙会问这个问题:我是否允许从ABCD / R经由口X流量?

因此​​,要回答你的问题:

So to answer your question:

是的,你可以更新您的EB环境的安全组允许来自一个ELB。这样做不会影响如该ELB将指挥交通。

Yes, you can update the security group of your EB environment to allow traffic from an ELB. Doing so will not impact where that ELB will direct traffic.

是的,如果网络的路由你在的地方发送流量第一到ELB,然后到一个EC2实例,交通必须满足ELB的安全组和放大器的要求; EC2实例的安全组。如果你的情况是在一个私人子网时,ELB不能从外部终端启动时跳过。如果EC2实例在一个公共子网,用户可以访问您的实例直接,如果你的防火墙规则允许的。

Yes, if the network routing you have in place sends traffic first to an ELB and then to an EC2 instance, the traffic must meet the requirements of the ELB's security group & the EC2 instance's security group. If your instances are in a private subnet, the ELB cannot be skipped when starting from an external endpoint. If the EC2 instances are in a public subnet, a user could access your instance directly if your firewall rules allow it.

不过,我强烈怀疑你在想有些事情是会发生在这里不会。我强烈建议你阅读了网络。一个很好的出发点是对VPC文档( HTTP://docs.aws .amazon.com / AmazonVPC /最新/ UserGuide / VPC_Scenarios.html )。通过方案工作,了解每个组件的作用是什么。

However, I highly suspect that you're thinking something is going to happen here that won't. I urge you to read up networking. A good starting spot would be the VPC documentation (http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenarios.html). Work through the scenarios to understand what the role of each component is.

这篇关于交通是否跳过我的AWS ELB,如果我没有在我的EB环境的入站规则指定安全组?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-23 18:36