在具有VPC对等功能的不同VPC上,Amazon RDS dbinstance和EC2实例的安全组规则是什么?
[英]What are the security group rules for Amazon RDS dbinstance and EC2 instance over the different VPCs with VPC Peering?
问题描述
What security group rules should I set for my db instance and my EC2 instance for accessing DB instance from my EC2 instance? 
我应该为数据库实例和EC2实例设置哪些安全组规则以从EC2实例访问数据库实例?
Both are in different VPCs and I used VPC Peering between them. 两者都在不同的VPC中,我在它们之间使用了VPC对等。
I did following configuration: 我做了以下配置:
- I created two VPC's 我创建了两个VPC
- One is with public subnet and another is with private subnet 一个是使用公共子网,另一个是使用私有子网
- Launch EC2 web instance with public VPC and MySQL db instance with private subnet 使用公共VPC启动EC2 Web实例,使用私有子网启动MySQL数据库实例
- Set VPC peering between them and they both have different security groups 在它们之间设置VPC对等,并且它们都具有不同的安全组
- Created a NAT Gateway in public subnet 在公共子网中创建了NAT网关
So, how should I set both security group rules for establishing connections between them? 因此,如何设置两个安全组规则以在它们之间建立连接?
1 个解决方案
解决方案1
0 2019-07-18 09:39:28
You should configure: 您应该配置:
- A security group on the Amazon EC2 instance (
App-SG) that permits access to the instance/application as desiredAmazon EC2实例 ( App-SG) 上的安全组,该安全组允许根据需要访问该实例/应用程序 - A security group on the Amazon RDS DB instance (
DB-SG) that permits inbound access on port 3306 forApp-SGAmazon RDS数据库实例 ( DB-SG) 上的安全组 ,允许在端口3306上对App-SG进行入站访问
That is, DB-SG should specifically refer to App-SG in the inbound rules. 也就是说, DB-SG App-SG在入站规则中应专门引用App-SG 。
When connecting from the EC2 to the database, make sure you are using the DNS Name of the RDS database. 从EC2连接到数据库时,请确保您使用的是RDS数据库的DNS名称。 This should resolve to a private IP address. 这应该解析为私有IP地址。
The NAT Gateway is not required for the above connection. 上述连接不需要NAT网关。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.