[英]Can I connect to an instance running in private subnet(in a VPC) from an another instance (not in VPC) using Iam Role or using another way?
I have a old Instance(Not in any VPC) lets say INS1, used for monitoring purpose. 我有一个旧的Instance(不在任何VPC中),可以说是INS1,用于监视目的。 Now I create two instance in private subnet(in some new VPC) say INVPC1,INVPC2. 现在,我在专用子网(在某些新的VPC中)中创建两个实例,分别是INVPC1,INVPC2。
Now, Can I connect to INVPC1,INVPC2 using INS1, Is it possible using IAM role ? 现在,我可以使用INS1连接到INVPC1,INVPC2吗,可以使用IAM角色吗? There there any way to do this ? 有什么办法可以做到这一点?
I am afraid it won't be possible. 恐怕不可能。 IAM has nothing to do with it. IAM与它无关。 VPC are private networks that you can configure according to your needs to isolate your infrastructure components from each others (like you would do in a datacenter) or from other AWS customers' networks. VPC是专用网络,您可以根据需要进行配置,以将基础结构组件彼此隔离(就像在数据中心中那样)或与其他AWS客户的网络隔离。
A private subnet in a VPC, is a subnet which has no route to the internet and only private (non routable) IP addresses. VPC中的专用子网是没有通往Internet的路由,并且只有专用(不可路由)IP地址的子网。 So the EC2 instances started in these subnets have no possibilities to receive inbound connections from the public internet or the old non VPC EC2 instances. 因此,在这些子网中启动的EC2实例无法接收来自公共Internet或旧的非VPC EC2实例的入站连接。 They can initiate an outbound connection if your VPC is configured with a NAT gateway. 如果您的VPC配置了NAT网关,他们可以启动出站连接。
This is similar to your Home network setup. 这类似于您的家庭网络设置。 Your wifi is private and is using non routable IP addresses (typically, in the range 192.168.0.0/24). 您的wifi是私有的,并且使用不可路由的IP地址(通常在192.168.0.0/24范围内)。 These machines can not receive incoming connections from the Internet. 这些计算机无法接收来自Internet的传入连接。 But these machines can initiate outbound connections (to navigate web sites or watch Netflix for example), by sending their connection request to a NAT Gateway : your ISP provided router / box. 但是,这些计算机可以通过将连接请求发送到NAT网关(您的ISP提供的路由器/盒子)来启动出站连接(例如,浏览网站或观看Netflix)。
I would suggest to save the whole configuration of your INS1 instances as an AMI and re-create a new instance, based on that AMI, in your new VPC to migrate your monitoring instance to the VPC. 我建议将INS1实例的整个配置保存为AMI,然后在新的VPC中基于该AMI重新创建一个新实例,以将监视实例迁移到VPC。 To get started, in the console, right click on the instance and select Images => Create Image. 首先,在控制台中,右键单击实例,然后选择Images => Create Image。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.