AWS EC2 - 开发者动态 ip 权限
[英]AWS EC2 - Developer dynamic ip permission
问题描述
Every single day I need to update inbound rules, because the dev team is at homeoffice.
每一天我都需要更新入站规则,因为开发团队在家办公。
Is there any solution for my dev team with dynamic IP addresses?我的开发团队有动态 IP 地址的解决方案吗?
1 个解决方案
解决方案1
2 2020-08-04 12:55:21
Since your team's IP addresess change and you only want to allow those specific IP addresses, you are out of luck: you need to update Security Groups inbound rules every time the IP changes.由于您团队的 IP 地址发生变化,而您只想允许那些特定的 IP 地址,因此您很不走运:每次 IP 发生变化时,您都需要更新安全组入站规则。
What you can do though is simplify this process.不过,您可以做的是简化这个过程。 AWS recently announced Prefix Lists . AWS 最近发布了前缀列表。 You can create a Prefix List with all your team's IP addresses and reference this in any Security Group you need.您可以使用您团队的所有 IP 地址创建一个前缀列表,并在您需要的任何安全组中引用它。 You can then maintain one Prefix List instead of a number of Security Groups.然后您可以维护一个前缀列表而不是多个安全组。
If you are willing to increase your exposure to a wider IP range, as a trade-off for less frequent IP address list maintenance, you can add your user's CIDR block instead of each specific IP address.如果您愿意增加对更广泛的 IP 范围的暴露,作为 IP 地址列表维护频率较低的权衡,您可以添加用户的 CIDR 块,而不是每个特定的 IP 地址。 Then, assuming that most dynamic IP addresses are allocated from the same CIDR block, your team members will be able to connect to your EC2 instances.然后,假设大多数动态 IP 地址是从同一个 CIDR 块分配的,您的团队成员将能够连接到您的 EC2 实例。 A simple whois query for a specific IP address can show you the CIDR (IP range) it belongs too (usually your ISP's CIDR).对特定 IP 地址的简单whois查询也可以向您显示它所属的 CIDR(IP 范围)(通常是您的 ISP 的 CIDR)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.