问题描述
我们正在尝试通过 Amazon AWS Elastic Beanstalk (AEB) 组件创建多个 API 的设置.我们选择 AEB 的原因是因为它为我们部署的应用程序提供了无缝部署和扩展,而无需手动创建负载均衡器 (LB) 和扩展规则.我们非常希望保持这种状态,因为我们计划推出(大量)应用程序和 API.
We’re trying to create a setup of multiple APIs via the Amazon AWS Elastic Beanstalk (AEB) component. The reason we have chosen AEB is because it provides seamless deployment and scaling for the applications we deploy, without the need to manually create Load Balancers (LB) and scaling rules. We would very much like to keep it this way as we are planning on launching a (large) number of applications and APIs.
但是,我们在 AEB 方面面临着许多挑战.
However, we’re facing a number of challenges with AEB.
首先,一些 API 需要内部通信,低延迟是我们的核心要求.为了在 AEB 中利用内部网络通信,我们被迫":
First and foremost, some of the API’s need to communicate internally, and low latency is a core requirement for us. In order to utilize internal network communication in AEB we have been "forced" to:
- 在 Amazon 中分配 VPC
- 将每个应用程序部署到此 VPC - 每个应用程序都在自己的内部负载均衡器后面
现在,当使用 Elastic beanstalk URL 时,API 能够解析另一个 API 的 LB 的内部 IP,因此消除了延迟,一切都很好 - API 可以相互通信.
Now, when using the Elastic beanstalk URLs the APIs are able to resolve the internal IP of the LB of another API and thus the latency is eliminated and all is good - the APIs can communicate with one another.
然而,这给我们带来了另一个问题:其中一些内部"分配的 API(请记住,它们位于 VPC 中的内部 LB 后面)也必须可以从互联网访问.
However, this spawns another issue for us:Some of these "internally" allocated APIs (remember, they’re behind an internal LB in a VPC) must also be accessible from the internet.
我们仍然没有找到一种方法来使内部 LB 可以访问互联网(同时保持它们也可以作为内部 LB 的能力),因此非常感谢您对此事的任何帮助.
We still haven’t found a way to make the internal LBs internet accessible (while keeping their ability to also act as internal LB), so any help on this matter is greatly appreciated.
推荐答案
- 每个应用程序都应该位于 VPC 内的一个子网上
- 更新 ACL 和 ELB 安全组以允许外部访问
虚拟私有云内部的 AWS Elastic Load Balancing
此外,SO 上的这个问题包含相关信息:VPC 中的 Amazon ELB
Also, this question on SO contains relevant information: Amazon ELB in VPC
这篇关于Amazon Elastic Beanstalk 内部和互联网访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!