堆栈内存溢出
  简体   繁体   English

在AWS ec2实例之间连接到mongodb时如何配置安全组?

[英]How to configure security groups when connecting to mongodb between AWS ec2 instances?

 原文  2016-02-19 18:42:29       mongodb/ security/ amazon-web-services/ amazon-ec2

问题描述

I have one ec2 instance with mongodb (called ec2-mongo) with the security group, sg-mongodb-server. 我在mongodb中有一个ec2实例(称为ec2-mongo),其安全组为sg-mongodb-server。 And I am trying to connect to mongodb via another ec2 instance (called ec2-connect) with the security group, sg-connect. 我试图通过另一个带有安全组sg-connect的ec2实例(称为ec2-connect)连接到mongodb。 I want to set the rules to allow for traffic between the two security groups without referring to specific IP Addresses. 我想设置规则以允许两个安全组之间的通信,而无需引用特定的IP地址。 How can I do this? 我怎样才能做到这一点?

I can connect to mongo when my security groups are set up as follows (so there is nothing wrong with the servers as far as I know). 当我的安全组设置如下时,我可以连接到mongo(据我所知,服务器没有任何问题)。 Outbound is set to all: 出站设置为全部:

sg-mongodb-server : sg-mongodb-server 

Inbound:
Port    Source
22      my_ip
27017   ip_of_ec2-connect

sg-connect : sg-connect 

Inbound:
Port    Source
22      my_ip
27017   ip_of_ec2-mongo

but when I try to use security groups instead of IP Addresses I can't connect to mongodb. 但是,当我尝试使用安全组而不是IP地址时,无法连接到mongodb。

sg-mongodb-server : sg-mongodb-server 

Inbound:
Port    Source
22      my_ip
27017   sg-connect

sg-connect : sg-connect 

Inbound:
Port    Source
22      my_ip
27017   sg-mongodb-server

Error message when trying to connect: 尝试连接时出现错误消息: 

MongoDB shell version: 3.2.3
connecting to: XXX.XXX.XXX.XXX/test
2016-02-19T18:24:09.245+0000 W NETWORK  [thread1] Failed to connect to XXX.XXX.XXX.XXX:27017 after 5000 milliseconds, giving up.
2016-02-19T18:24:09.245+0000 E QUERY    [thread1] Error: couldn't connect to server XXX.XXX.XXX.XXX:27017, connection attempt failed :
connect@src/mongo/shell/mongo.js:226:14
@(connect):1:6

exception: connect failed

1 个解决方案

解决方案1
 4 已采纳  2016-02-19 18:53:44

In order for security group references to work, you need to connect to your MongoDB from the EC2 instance by the MongoDB server's private IP address, not it's public IP address. 为了使安全组引用起作用,您需要通过MongoDB服务器的私有 IP地址(而不是公共IP地址)从EC2实例连接到MongoDB。

If you are using the public IP address (or the DNS name is resolving to the public IP address), then the connection will leave your VPC and re-enter, thus appearing to originate from the outside world. 如果您使用的是公共IP地址(或DNS名称已解析为公共IP地址),则该连接将离开您的VPC并重新输入,因此似乎来自外部世界。

By using the private IP address, then it can tell that it's coming from your security group. 通过使用专用IP地址,它可以告诉您它来自您的安全组。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 即使使用安全组完成网络分区后,MongoDB节点(AWS EC2实例)仍会响应 - MongoDB nodes (AWS EC2 Instances) are still responsive even after network partitioning done using Security Groups Mongodb 和 AWS EC2 安全问题 - Mongodb and AWS EC2 security issue 如果我可以使用 AWS 安全组来保护我的 MongoDB EC2 实例,我真的需要 VPC 吗? - Do I really need a VPC if I can use AWS security groups to secure my MongoDB EC2 instance? MongoDB无法在AWS EC2上运行的Node.js应用程序中连接 - MongoDB not connecting in Node.js App running on AWS EC2 AWS,NodeJS-将应用程序连接到另一个EC2实例上的Mongodb - AWS, NodeJS - Connecting app to Mongodb on another EC2 instance 如何连接在两个不同的AWS EC2实例上运行的pencilblue和mongodb? - How to connect pencilblue and mongodb running on two different AWS EC2 instances? 副本-MongoDB EC2实例 - Replica - MongoDB EC2 instances MongoDB Arbiter AWS EC2 - MongoDB Arbiter AWS EC2 nodejs mongodb单独的ec2实例 - nodejs mongodb separate ec2 instances Ruby-在EC2上远程连接到Mongodb - Ruby - Remotely connecting to Mongodb on EC2
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM