问题描述
我们正尝试通过Amazon AWS Elastic Beanstalk(AEB)组件创建多个API的设置。我们选择AEB的原因是因为它可以为我们部署的应用程序提供无缝部署和扩展,而无需手动创建负载均衡器(LB)和扩展规则。我们非常希望保持这种方式,因为我们计划启动(大量)应用程序和API。
We’re trying to create a setup of multiple APIs via the Amazon AWS Elastic Beanstalk (AEB) component. The reason we have chosen AEB is because it provides seamless deployment and scaling for the applications we deploy, without the need to manually create Load Balancers (LB) and scaling rules. We would very much like to keep it this way as we are planning on launching a (large) number of applications and APIs.
但是,我们面临着许多AEB面临的挑战。
However, we’re facing a number of challenges with AEB.
首先,一些API需要内部通信,而低延迟是我们的核心要求。为了在AEB中利用内部网络通信,我们被强制为:
First and foremost, some of the API’s need to communicate internally, and low latency is a core requirement for us. In order to utilize internal network communication in AEB we have been "forced" to:
- 在Amazon中分配VPC
- 将每个应用程序部署到此VPC-每个应用程序都位于其内部LB后面
现在,在使用Elastic beantalk URL时, API能够解析另一个API的LB的内部IP,因此消除了延迟,并且一切都很好-这些API可以相互通信。
Now, when using the Elastic beanstalk URLs the APIs are able to resolve the internal IP of the LB of another API and thus the latency is eliminated and all is good - the APIs can communicate with one another.
但是,这为我们带来了另一个问题:
其中一些内部分配的API(请记住,它们位于VPC中的内部LB后面),也必须可以从互联网上访问。
However, this spawns another issue for us:Some of these "internally" allocated APIs (remember, they’re behind an internal LB in a VPC) must also be accessible from the internet.
我们仍然没有找到一种使内部LB可以访问互联网的方法(同时保持它们也可以充当内部LB的功能),因此,在此问题上的任何帮助都将不胜感激。
We still haven’t found a way to make the internal LBs internet accessible (while keeping their ability to also act as internal LB), so any help on this matter is greatly appreciated.
推荐答案
- 每个应用程序应位于VPC内的子网上
- 更新ACL并ELB安全组允许外部访问
此外,SO上的此问题包含相关信息:
Also, this question on SO contains relevant information: Amazon ELB in VPC
这篇关于Amazon Elastic Beanstalk内部和互联网访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!