亚马逊 ElastiCache Redis 公共访问
[英]Amazon ElastiCache Redis Public Access
问题描述
I have an Amazon AWS account.I want to use ElastiCache Redis. I've installed ElastiCache Redis. How i connect ElastiCache Redis from public address?
我有一个 Amazon AWS 帐户。我想使用 ElastiCache Redis。我已经安装了 ElastiCache Redis。我如何从公共地址连接 ElastiCache Redis?
I've installed Amazon Linux AMI.我已经安装了 Amazon Linux AMI。 I'am accessing ElastiCache Redis from it.But i want to access from public address.我正在从它访问 ElastiCache Redis。但我想从公共地址访问。
4 个解决方案
解决方案1
3 2014-09-18 13:07:30
[Update] As mentioned by Luke below, this is now possible. [更新] 正如下面卢克所提到的,这现在是可能的。 Below is the reference.下面是参考。 https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/accessing-elasticache.html#access-from-outside-aws https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/accessing-elasticache.html#access-from-outside-aws
Sadly no.
Can you connect to Amazon ElastiСache Redis outside of Amazon? 您可以连接到 Amazon 以外的 Amazon ElastiСache Redis 吗?
which provides a reference to它提供了一个参考
http://aws.amazon.com/elasticache/faqs/#Can_I_access_Amazon_ElastiCache_from_outside_AWS http://aws.amazon.com/elasticache/faqs/#Can_I_access_Amazon_ElastiCache_from_outside_AWS
that states那说明
Amazon ElastiCache Cluster, inside or outside a VPC, is never allowed to be accessed from the Internet.
解决方案2
1 2017-09-21 22:30:05
If you want to access Amazon ElastiCache Nodes, deployed within a VPC, from the Internet or from EC2 Instances outside the VPC, please see guidelines here.如果您想要访问部署在 VPC 内、从 Internet 或从 VPC 外部的 EC2 实例的 Amazon ElastiCache 节点,请参阅此处的指南。 http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/Access.Outside.html http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/Access.Outside.html
解决方案3
0 2021-10-06 13:54:34
My current approach for development purposes is to我目前用于开发目的的方法是
- Create a Cloud9 instance in the same VPC as my Elasticache instance.在与我的 Elasticache 实例相同的 VPC 中创建一个 Cloud9 实例。
- Add a security group rule to the Elasticache instance to allow traffic from the Cloud9 instance security group.向 Elasticache 实例添加安全组规则以允许来自 Cloud9 实例安全组的流量。
- Run a tiny TCP proxy (written in Go) in the Cloud9 instance that proxies traffic to and from the Elasticache instance.在 Cloud9 实例中运行一个微型 TCP 代理(用 Go 编写),代理进出 Elasticache 实例的流量。
# main.go
package main
import (
"flag"
"fmt"
"io"
"net"
"sync"
)
var localAddr *string = flag.String("l", "localhost:9999", "local address")
var remoteAddr *string = flag.String("r", "localhost:80", "remote address")
func proxyConn(conn *net.TCPConn) {
rAddr, err := net.ResolveTCPAddr("tcp", *remoteAddr)
if err != nil {
panic(err)
}
rConn, err := net.DialTCP("tcp", nil, rAddr)
if err != nil {
panic(err)
}
defer rConn.Close()
var wg sync.WaitGroup
wg.Add(1)
go func() {
io.Copy(conn, rConn)
// conn2 has returned EOF or an error, so we need to shut down the
// other half of the duplex copy.
conn.Close()
wg.Done()
}()
wg.Add(1)
go func() {
io.Copy(rConn, conn)
rConn.Close()
wg.Done()
}()
wg.Wait()
}
func main() {
flag.Parse()
fmt.Printf("Listening: %v\nProxying: %v\n\n", *localAddr, *remoteAddr)
addr, err := net.ResolveTCPAddr("tcp", *localAddr)
if err != nil {
panic(err)
}
listener, err := net.ListenTCP("tcp", addr)
if err != nil {
panic(err)
}
for {
conn, err := listener.AcceptTCP()
if err != nil {
panic(err)
}
fmt.Println("handling connection")
go func() {
proxyConn(conn)
fmt.Println("connection closed")
}()
}
}
# run commands
go run main.go -l 0.0.0.0:9999 -r <redacted>.use1.cache.amazonaws.com:6379
- Ensure the security group of the Cloud9 instance allows public access to the port where the proxy is running (eg 9999).确保 Cloud9 实例的安全组允许公共访问代理运行的端口(例如 9999)。 And grab the Cloud9 instance public IP from the share dialog (eg XXXX)并从共享对话框中获取 Cloud9 实例 public IP(例如 XXXX)
- Consume your Elasticache instance from the public proxy endpoint (eg XXXX:9999)从公共代理端点(例如 XXXX:9999)使用您的 Elasticache 实例
The Cloud9 instance could be substituted with any other EC2 instance. Cloud9 实例可以替换为任何其他 EC2 实例。 Obviously there are performance costs to adding all those hops.显然,添加所有这些跃点会产生性能成本。 But it works.但它有效。
解决方案4
-1 2021-02-01 21:25:06
This is kind of ambiguous, but the short answer is that this is not normally possible.这有点模棱两可,但简短的回答是这通常是不可能的。 ECS is private, by definition, because it is in memory store and needs blazing fast speed.根据定义,ECS 是私有的,因为它位于内存存储中并且需要极快的速度。 Allowing access from the internet is not conducive to blazing fast speed.允许从互联网访问不利于超快的速度。 About the only workaround you could hope for would be to access the cluster via VPN, as per the AWS Documentation[1].根据 AWS 文档 [1],您可能希望的唯一解决方法是通过 VPN 访问集群。
Important Opening up the ElastiCache cluster to 0.0.0.0/0 does not expose the cluster to the Internet because it has no public IP address and therefore cannot be accessed from outside the VPC.重要 将 ElastiCache 集群开放到 0.0.0.0/0 不会将集群暴露给 Internet,因为它没有公共 IP 地址,因此无法从 VPC 外部访问。 However, the default security group may be applied to other Amazon EC2 instances in the customer's account, and those instances may have a public IP address.但是,默认安全组可能会应用于客户账户中的其他 Amazon EC2 实例,并且这些实例可能具有公共 IP 地址。 If they happen to be running something on the default port, then that service could be exposed unintentionally.如果他们碰巧在默认端口上运行某些东西,那么该服务可能会无意中暴露出来。 Therefore, we recommend creating a VPC Security Group that will be used exclusively by ElastiCache[2].因此,我们建议创建一个由 ElastiCache[2] 独占使用的 VPC 安全组。
-----References----- [1] https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/accessing-elasticache.html#access-from-outside-aws [2] https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/accessing-elasticache.html#access-from-outside-aws -----参考文献----- [1] https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/accessing-elasticache.html#access-from-outside-aws [2] https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/accessing-elasticache.html#access-from-outside-aws
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.