如果我不想访问互联网,是否需要 VPC 中的 NAT 网关和路由表?
[英]Do I need NAT gateway and route table in a VPC if I don't want internet access?
问题描述
I am going to build a Lambda and a RDS aurora for my application.
我将为我的应用程序构建一个 Lambda 和一个 RDS aurora。 The RDS aurora needs to be inside a VPC and it doesn't need internet access. RDS aurora 需要位于 VPC 内,并且不需要 Internet 访问。 I have read a lot articles about VPC setup for database and all of them mentioned that need to create VPC, public/private subnets, route table, NAT gateway and internet gateway.我已经阅读了很多关于数据库 VPC 设置的文章,所有文章都提到需要创建 VPC、公共/私有子网、路由表、NAT 网关和 Internet 网关。
However, in my case, I don't need internet access in the database VPC.但是,就我而言,我不需要在数据库 VPC 中访问 Internet。 So my question is do I need NAT gateway and route table at all?所以我的问题是我是否需要 NAT 网关和路由表? I know each VPC has a default route table, is the default route table good enough?我知道每个 VPC 都有一个默认路由表,默认路由表是否足够好? If I just create a VPC with 3 private subnets and attach the VPC to my lambda.如果我只是创建一个带有 3 个私有子网的 VPC 并将 VPC 附加到我的 lambda。 Does it work?它有效吗?
1 个解决方案
解决方案1
2 2020-10-09 11:51:31
Your understanding is correct and you don't need any NAT.您的理解是正确的,您不需要任何 NAT。
NAT is specifically used for accessing public internet from private subnet, but it doesn't seem to be required here. NAT 专门用于从私有子网访问公共互联网,但这里似乎不需要它。
Just make sure your Lambda doesn't need to access any external entity or AWS Service as well (Like S3).只需确保您的 Lambda 也不需要访问任何外部实体或 AWS 服务(如 S3)。 If you are required to access an AWS Service, you may create a VPC Endpoint for it.如果您需要访问 AWS 服务,您可以为其创建一个VPC 终端节点。 (Linked example is for S3) (链接示例适用于 S3)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.