堆栈内存溢出
  简体   繁体   English

AWS VPC中的VPN设备

[英]VPN appliance in AWS VPC

 原文  2018-01-07 10:32:52       amazon-web-services/ amazon-ec2/ vpc

问题描述

I have a VPC on AWS with a public and a private subnet. 我在AWS上有一个VPC,其中有一个公共子网和一个私有子网。 I've deployed an instance of OpenVPN appliance in the public subnet to access my EC2 nodes in the private subnet. 我已经在公共子网中部署了OpenVPN设备实例,以访问私有子网中的EC2节点。 As expected, with VPN I can access (for eg SSH into) any EC2 node that I manually create in the private subnet. 如预期的那样,通过VPN,我可以访问(例如,通过SSH进入)我在专用子网中手动创建的任何EC2节点。 But I can't access services (for example Elastic Search or RDS Postgres) that AWS creates in the same private subnet. 但是我无法访问AWS在同一私有子网中创建的服务(例如Elastic Search或RDS Postgres)。 (I did make sure all security groups are properly configured on the Postgres and RDS). (我确实确保在Postgres和RDS上正确配置了所有安全组)。 What am I missing? 我想念什么?

1 个解决方案

解决方案1
 1 已采纳  2018-01-07 20:59:52

I use a similar setup when connecting to my private RDS instances via VPN. 通过VPN连接到我的私有RDS实例时,我使用类似的设置。 I apologize, I cannot comment since this account is new and I do not have the reputation, I will have to make assumptions. 抱歉,由于这个帐户是新帐户并且没有声誉,所以我无法发表评论,我将不得不做一些假设。

Your security groups need to be VPC security groups, not ec2 security groups (if they are not already). 您的安全组必须是VPC安全组,而不是ec2安全组(如果尚未安装)。

VPC SG 1 ( ec2 Bridge ): This group is assigned to your OpenVPN server and allows traffic on your Postgres port and private IP CIDR. VPC SG 1( ec2 Bridge ):该组已分配给您的OpenVPN服务器,并允许Postgres端口和专用IP CIDR上的流量。

Here is an example of mine for MSSQL and MySQL (I have multiple tunnels): 这是我的MSSQL和MySQL示例(我有多个隧道):

在此处输入图片说明

VPC SG 2 ( Dev RDS Bridge ): This has to allow traffic from VPC SG 1 VPC SG 2( 开发RDS桥 ):这必须允许来自VPC SG 1的流量

Here is an example group I made just made for Aurora MySQL: 这是我为Aurora MySQL创建的一个示例组:

在此处输入图片说明

Finally, assign VPC SG 2 to your RDS Instance: 最后,将VPC SG 2分配给您的RDS实例:

在此处输入图片说明

Now you should be able to talk to your RDS over your VPN connection while the RDS remains closed to the public. 现在,您应该可以通过VPN连接与RDS进行对话,而RDS仍不对公众开放。 The process is similar for other AWS private resources. 其他AWS私有资源的过程与此类似。

Let me know if I wrongly assumed anything or can help more. 让我知道我是否错误地假设了什么或可以提供更多帮助。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS VPN 到 AWS VPC - AWS VPN to AWS VPC 适用于VPC / VPN的AWS Cloudfront - AWS Cloudfront for VPC/VPN 通过VPC将AWS VPN NAT转换为AWS IOT - NAT AWS VPN to AWS IOT via VPC AWS VPC VPN IPsec 到客户网关 - AWS VPC VPN IPsec to customer gateway AWS 多 VPC VPN 共享可能性 - AWS Multi VPC VPN Sharing Possibility AWS VPC将流量路由到客户端VPN连接 - AWS VPC route traffic to Client VPN connections AWS Site-to-Site VPN 和 AWS VPC 对等互连之间的区别? - Difference between AWS Site-to-Site VPN and AWS VPC peering? AWS VPC公共Web应用程序通过VPN连接到数据库 - AWS VPC public web application connecting to database via VPN 通过对等 VPC 访问 AWS 客户端 VPN 终端节点的奇怪行为 - Weird behavior on AWS Client VPN endpoint access through Peered VPC AWS EC2 实例能否在同一个 VPC 上 ping 客户端 VPN? - Could AWS EC2 instances ping Client VPN on the same VPC?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM