问题描述

目前转移到亚马逊EC2从其他VPS提供商。我们有典型的Web服务器/数据库服务器的需求。 Web服务器在我们的数据库服务器的前面。数据库服务器不直接从Internet访问。

我想知道是否有任何理由把刚刚创建的实例，并使用安全组防火墙赶走这些服务器到AWS虚拟私有云（VPC）来代替。

我们没有做任何幻想只是一个典型的Web应用程序。

任何理由使用VPC或不使用VPC？

感谢。

注意：在AWS推出了默认VPC新帐户，立即启用，使EC2-经典不可用。因此，这个问题和答案，使少，现在比他们在2012年8月做了，我离开了答案，是因为它可以帮助EC2-经典和VPC产品线之间的帧的差异感。请参阅亚马逊的常见问题解答更多细节。

是的。如果你是安全意识，沉重的CloudFormation用户，或想通过自动缩放完全控制（与魔豆，其中提取它的某些方面，但仍可以完全访问缩放参数），使用VPC。这博客帖子做了伟大的工作，总结了双方的优点和缺点。从博客文章一些亮点（作者： kiip.me ）：

什么是错的EC2？

什么是伟大的关于VPC

该帖子还列出了一些困难与VPC，所有这些都或多或少的涉及到的路由：获得一个Internet网关或NAT实例出来的VPC中，室性早搏之间的通信，在VPN设置你的数据中心。这些可以是相当令人沮丧，有时，和学习曲线是不平凡的。尽管如此，在安全性优势单独很可能得不偿失之举，和亚马逊的支持（如果你愿意为它付出）是非常有帮助的，当涉及到VPC配置。

Currently moving to Amazon EC2 from another VPS provider. We have your typical web server / database server needs. Web servers in front of our database servers. Database servers are not directly accessible from the Internet.

I am wondering if there is any reason to put these servers into an AWS Virtual Private Cloud (VPC) instead of just creating the instances and using security groups to firewall them off.

We are not doing anything fancy just a typical web app.

Any reason to use a VPC or not using a VPC?

Thanks.

NOTE: New accounts in AWS launch with a "default VPC" enabled immediately, and make "EC2-Classic" unavailable. As such, this question and answer makes less sense now than they did in August 2012. I'm leaving the answer as-is because it helps frame differences between "EC2-Classic" and the VPC product line. Please see Amazon's FAQ for more details.

Yes. If you're security conscious, a heavy CloudFormation user, or want complete control over autoscaling (as opposed to Beanstalk, which abstracts certain facets of it but still gives you complete access to the scaling parameters), use a VPC. This blog post does a great job summarizing both the pros and cons. Some highlights from the blog post (written by kiip.me):

What’s Wrong with EC2?

What's Great About the VPC

The post also lists some difficulties with the VPC, all of which more or less relate to routing: Getting an internet gateway or NAT instance out of the VPC, communicating between VPCs, setting up a VPN to your datacenter. These can be quite frustrating at times, and the learning curve isn't trivial. All the same, the security advantages alone are probably worth the move, and Amazon support (if you're willing to pay for it) is extremely helpful when it comes to VPC configuration.

这篇关于我应该使用Amazon的AWS虚拟私有云（VPC）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！