[英]AWS security group for inbound traffic
I have two AWS Linux AMI servers. 我有两个AWS Linux AMI服务器。 One with a Node.JS HTTPS server and the second running my Mongo DB. 一台使用Node.JS HTTPS服务器,另一台运行我的Mongo数据库。
The only way to connect to my Mongo DB server is through my Node.JS server. 连接到Mongo DB服务器的唯一方法是通过Node.JS服务器。
In my in the AWS security group for the Mongo DB server I was able to put the name of the the AWS security group for the Node.JS server in the 'Source' column in the 'Inbound' tab and it allowed connectivity, but I'm wondering what setting the security group actually does? 在Mongo DB服务器的AWS安全组中,我能够将Node.JS服务器的AWS安全组的名称放在“入站”选项卡的“源”列中,并且它允许连接,但是我我想知道安全组的实际设置是什么?
More specifically, what IP addresses is this allowing? 更具体地说,这允许什么IP地址?
If you click the 'i' next to Source it states: 如果单击“源”旁边的“ i”,则会显示:
I initially resorted to using the "private IP address" for communication between AWS instances because according to AWS documentation , 最初,我诉诸使用“私有IP地址”在AWS实例之间进行通信,因为根据AWS文档 ,
A private IP address is an IP address that's not reachable over the Internet. 专用IP地址是Internet上无法访问的IP地址。 You can use private IP addresses for communication between instances in the same network (EC2-Classic or a VPC). 您可以使用私有IP地址在同一网络(EC2-Classic或VPC)中的实例之间进行通信。
But after some discussion (see comments below) it seems the better solution may be to utilize AWS Security Groups. 但是经过一番讨论(请参阅下面的评论),似乎更好的解决方案可能是利用AWS安全组。 My initially hesitation in using AWS security groups was unfounded. 我最初对使用AWS安全组的犹豫是没有根据的。
My fear was that if I added the same security group assigned to my Node.js server to the 'Source' for the inbound traffic tab of my MongoDB server, then my MongoDB server would inherit the same inbound traffic rules (all traffic). 我担心的是,如果我将分配给Node.js服务器的同一安全组添加到MongoDB服务器的“入站流量”选项卡的“源”,那么我的MongoDB服务器将继承相同的入站流量规则(所有流量)。
The aforementioned fear is unfounded because setting the inbound source to a security group does NOT inherit the rules, but rather simply allows inbound traffic from any instance that has been assigned to that security group. 由于将入站源设置为安全组不会继承规则,而只是允许来自已分配给该安全组的任何实例的入站流量,因此上述担心是没有根据的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.