简体   繁体   English

我可以使用Iam Role或使用其他方式从另一个实例(不在VPC中)连接到在私有子网(在VPC中)运行的实例吗?

[英]Can I connect to an instance running in private subnet(in a VPC) from an another instance (not in VPC) using Iam Role or using another way?

I have a old Instance(Not in any VPC) lets say INS1, used for monitoring purpose. 我有一个旧的Instance(不在任何VPC中),可以说是INS1,用于监视目的。 Now I create two instance in private subnet(in some new VPC) say INVPC1,INVPC2. 现在,我在专用子网(在某些新的VPC中)中创建两个实例,分别是INVPC1,INVPC2。

Now, Can I connect to INVPC1,INVPC2 using INS1, Is it possible using IAM role ? 现在,我可以使用INS1连接到INVPC1,INVPC2吗,可以使用IAM角色吗? There there any way to do this ? 有什么办法可以做到这一点?

I am afraid it won't be possible. 恐怕不可能。 IAM has nothing to do with it. IAM与它无关。 VPC are private networks that you can configure according to your needs to isolate your infrastructure components from each others (like you would do in a datacenter) or from other AWS customers' networks. VPC是专用网络,您可以根据需要进行配置,以将基础结构组件彼此隔离(就像在数据中心中那样)或与其他AWS客户的网络隔离。

A private subnet in a VPC, is a subnet which has no route to the internet and only private (non routable) IP addresses. VPC中的专用子网是没有通往Internet的路由,并且只有专用(不可路由)IP地址的子网。 So the EC2 instances started in these subnets have no possibilities to receive inbound connections from the public internet or the old non VPC EC2 instances. 因此,在这些子网中启动的EC2实例无法接收来自公共Internet或旧的非VPC EC2实例的入站连接。 They can initiate an outbound connection if your VPC is configured with a NAT gateway. 如果您的VPC配置了NAT网关,他们可以启动出站连接。

This is similar to your Home network setup. 这类似于您的家庭网络设置。 Your wifi is private and is using non routable IP addresses (typically, in the range 192.168.0.0/24). 您的wifi是私有的,并且使用不可路由的IP地址(通常在192.168.0.0/24范围内)。 These machines can not receive incoming connections from the Internet. 这些计算机无法接收来自Internet的传入连接。 But these machines can initiate outbound connections (to navigate web sites or watch Netflix for example), by sending their connection request to a NAT Gateway : your ISP provided router / box. 但是,这些计算机可以通过将连接请求发送到NAT网关(您的ISP提供的路由器/盒子)来启动出站连接(例如,浏览网站或观看Netflix)。

I would suggest to save the whole configuration of your INS1 instances as an AMI and re-create a new instance, based on that AMI, in your new VPC to migrate your monitoring instance to the VPC. 我建议将INS1实例的整个配置保存为AMI,然后在新的VPC中基于该AMI重新创建一个新实例,以将监视实例迁移到VPC。 To get started, in the console, right click on the instance and select Images => Create Image. 首先,在控制台中,右键单击实例,然后选择Images => Create Image。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 另一个 vpc 的私有子网中的 ssh ec2 实例而不使用堡垒 - ssh ec2 instance in Private subnet of another vpc without using bastion 为什么在对等互连后无法从另一个 VPC 中的 EC2 实例连接 AWS RDS 实例 - Why can't I connect AWS RDS instance from EC2 instance in another VPC after peering 用户数据未在私有VPC子网中的EC2实例上运行 - User Data is not running on EC2 instance in Private VPC subnet AWS VPC - 无法从私有子网中的堡垒主机通过 SSH 连接到不同子网中同一 VPC 中的 EC2 实例 - AWS VPC - Cannot SSH from Bastion Host in private subnet to EC2 instance in the same VPC in a different subnet 从NAT实例后面的AWS VPC私有子网访问ftp - ftp access from AWS VPC private subnet behind a NAT instance 我可以在VPC子网中使用任何辅助私有IP到我的linux ec2实例吗 - can I use any secondary private ip in VPC subnet to my linux ec2 instance <aws vpc>无法从公有子网实例 ping 私有子网实例</aws> - <AWS VPC> Unable to ping private subnet instance from a public subnet instance 如何获取 kubernetes 资源以成功连接到另一个 vpc 中的 RDS 实例 - How can I get kubernetes resources to succesfully connect to an RDS instance in another vpc 如何连接到私有 VPC 中的 AWS IAM API? - How can I connect to the AWS IAM API in a private VPC? 是否可以将EMR群集启动到没有公共IP的私有VPC子网中,而该公共IP无法通过公共子网中的NAT实例访问Internet? - Can an EMR cluster be launched into a private VPC subnet with no public IPs that accesses the internet through a NAT instance in a public subnet?
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM