AWS EC2:入站规则源中存在安全组名称
[英]AWS EC2: Security group name present in inbound rule's source
问题描述
I'm investigating security setting of an EC2 instance, and taking a look at security group setting.
我正在调查 EC2 实例的安全设置,并查看安全组设置。 In one of the inbound rule's source, instead of source IP address, it has it's own security group's ID and Group name.在入站规则的源之一中,它有自己的安全组 ID 和组名称,而不是源 IP 地址。
What does this mean?这是什么意思?
1 个解决方案
解决方案1
3 已采纳 2019-08-06 23:26:30
In AWS, Security Groups are applied to each resource individually .在 AWS 中,安全组单独应用于每个资源。
So, let's say you had:所以,假设你有:
- A security group (
App-SG) permitting inbound HTTP access on port 80允许端口 80 上的入站 HTTP 访问的安全组 ( App-SG) - Two Amazon EC2 instances in a public subnet associated with
App-SG与App-SG关联的公有子网中的两个 Amazon EC2 实例
Even though both EC2 instances have the same security group, they are not able to SSH with each other.即使两个 EC2 实例具有相同的安全组,它们也无法相互通过 SSH。 Some people sometimes say that the instances would be "in" the same security group (which gives the impression that they can communicate with each other), but it is more appropriate to say that the instances are associated with the same security group.有些人有时会说实例会“在”同一个安全组中(这给人的印象是它们可以相互通信),但更合适的说法是实例与同一个安全组相关联。
The thing to remember is that security group rules are applied to each instance individually .需要记住的是,安全组规则单独应用于每个实例。
So, if you wanted to permit both instances to SSH to each other, you could add an inbound rule to the security group:因此,如果您想允许两个实例通过 SSH 相互连接,您可以向安全组添加入站规则:
- Protocol: SSH (Port 22)协议:SSH(端口 22)
- Source:
App-SG来源: App-SG
This says: "Allow any resource associated with this security group to receive traffic from any other resource associated with this security group on port 22".这表示:“允许与此安全组关联的任何资源在端口 22 上接收来自与此安全组关联的任何其他资源的流量”。
You might say that security group can "communicate with itself", but the reality is that the same rules are applied separately on each resource.您可能会说安全组可以“与自身通信”,但实际情况是相同的规则分别应用于每个资源。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.