mongoDB bindIp 允许通过 VPC 从 lambda 连接
[英]mongoDB bindIp to allow connection from lambda through VPC
问题描述
I have a MongoDB running in my ec2.
我有一个 MongoDB 在我的 ec2 中运行。 Currently my MongoDB mongod.conf is as below:目前我的 MongoDB mongod.conf如下:
net:
port: 27017
bindIp: 127.0.0.1
As you can see, it only allows local connection.如您所见,它只允许本地连接。 But currently, it's not a problem since my nodejs app is running in the same ec2 instance.但目前,这不是问题,因为我的 nodejs 应用程序在同一个 ec2 实例中运行。 However, we're moving our code to serverless lambda, so we will need our code in lambda to be able to connect to this MongoDB.但是,我们正在将我们的代码移动到无服务器 lambda,因此我们需要 lambda 中的代码才能连接到此 MongoDB。 Our lambda will connect through VPC to this ec2 instance.我们的 lambda 将通过 VPC 连接到这个 ec2 实例。
Do I need to change the bindIp to some other values to allow this, or leave it as it is?我是否需要将bindIp更改为其他一些值以允许这样做,还是保持原样?
1 个解决方案
解决方案1
0 2020-08-21 10:03:23
Yes, I need to change my bindIp to 0.0.0.0 .是的,我需要将我的bindIp更改为0.0.0.0 。 I know many people will say this is a security issue, but since I configured the security group of the instance where my MongoDB is running to only allow connection to port 27017` from the same VPC, I believe this should make my MongoDB secure.我知道很多人会说这是一个安全问题,但是由于我将运行 MongoDB 的实例的安全组配置为仅允许从同一 VPC 连接到端口 27017`,我相信这应该使我的 MongoDB 安全。
Some information which may help others out there, since I'm using the serverless framework, I need to add my security group id and subnet id to my serverless.yaml configuration file, as below:一些可能对其他人有帮助的信息,因为我使用的是无服务器框架,我需要将我的安全组 ID 和子网 ID 添加到我的serverless.yaml配置文件中,如下所示:
provider:
name: aws
vpc:
securityGroupIds:
- sg-02XXXXXXXXXX
subnetIds:
- subnet-eXXXXXX
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.