堆栈内存溢出
  简体   繁体   English

AWS - 使用 NAT 网关(由 Lambda 访问)的私有子网中的 EC2 代理到无服务器 Aurora 的 Internet 访问

[英]AWS - Internet Access for an EC2 Proxy to Serverless Aurora in a Private Subnet with NAT Gateway (Accessed by Lambda)

 原文  2022-01-29 06:47:04       amazon-web-services/ amazon-ec2/ aws-lambda/ amazon-rds

问题描述

I have an EC2 instance I use as an SSH proxy to my Aurora SERVERLESS instance.我有一个 EC2 实例,用作我的 Aurora SERVERLESS 实例的 SSH 代理。 I also have lambdas that access this Aurora DB.我也有访问这个 Aurora DB 的 lambda。 Finally I have setup the Lambdas (and subsequently pulled in the Aurora DB) into a private subnet and setup NAT Gateway to a public subnet with an Internet Gateway setup for internet access.最后,我将 Lambda(并随后将 Aurora DB 拉入)设置到私有子网中,并将 NAT 网关设置为公共子网,并设置 Internet 网关以访问 Internet。 This was required so that my lambdas can talk to AWS's Pinpoint.这是必需的,以便我的 lambda 可以与 AWS 的 Pinpoint 对话。

Before I setup all the private subnets for the Pinpoint access from the lambdas I could access my EC2 publicly (from my computer) and connect to my Aurora DB through an SSH connection as a proxy.在我为 lambdas 的 Pinpoint 访问设置所有私有子网之前,我可以公开访问我的 EC2(从我的计算机)并通过 SSH 连接作为代理连接到我的 Aurora DB。 That was all good.那一切都很好。 But now it's not accessible.但现在无法访问。

I believe the public IP of the EC2 is no longer accessible (it doesn't ping) or perhaps it's something else.我相信 EC2 的公共 IP 不再可访问(它不 ping)或者它可能是别的东西。 But what do I need to setup in order that I can access the EC2 publicly again?但是我需要设置什么才能再次公开访问 EC2? I thought about setting up port forwarding through the internet gateway/nat gateway but after looking into that it seemed quite complicated.我曾想过通过互联网网关/nat 网关设置端口转发,但经过研究,它似乎相当复杂。 Is there some sort of subnet, setup I should be putting my EC2 in to make things work?是否有某种子网设置,我应该将我的 EC2 放入其中以使事情正常运行?

1 个解决方案

解决方案1
 1  2022-01-29 10:10:30

But what do I need to setup in order that I can access the EC2 publicly again?但是我需要设置什么才能再次公开访问 EC2?

Put it back in a public subnet.将其放回公共子网中。 That's the entire point of a public subnet - to be able to access your resources from the internet.这就是公共子网的全部意义——能够从 Internet 访问您的资源。

You could also increase its security by using SSH tunnel through AWS Systems Manager .您还可以通过 AWS Systems Manager 使用 SSH 隧道来提高其安全性。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 私有子网中的 AWS EC2 实例无法通过 NAT 网关连接到互联网 - AWS EC2 instance in private subnet unable to connect to internet via NAT gateway AWS:SSH 通过 NAT 网关从公共 su.net EC2 实例到私有 su.net EC2 实例没有发生 - AWS : SSH to private subnet EC2 instance from public subnet EC2 instance via NAT GATEWAY is not happening 如何在私有子网中托管的 EC2 上使用 aws-cw-agent(没有 NAT 网关) - How can I use aws-cw-agent on an EC2 hosted in private subnet ( without NAT gateway) Private su.net 中的 EC2 Instance 是否需要此架构上的 Nat Gateway? - Does EC2 Instance in Private subnet need Nat Gateway on this architecture? 无法使用 NAT 网关从私有 Ec2 访问 Inte.net - Unable to Reach Internet from Private Ec2 with NAT Gateway 使用 EC2 作为代理连接到 Aurora Serverless - Connect to Aurora Serverless using EC2 as Proxy 使用 NAT 实例提供对私有 Ec2 实例的互联网访问 - Providing internet access to private Ec2 instance using NAT instance 公共子网中的 NAT 网关和 EC2 实例能否共享同一个 AWS ElasticIP? - Can a the same AWS ElasticIP be shared by a NAT gateway and an EC2 instance in a public subnet? AWS Lambda - NAT 网关 Internet 访问导致超时 - AWS Lambda - NAT Gateway internet access results in timeout 如何允许私有子网VPC中的AWS Lambda资源在不使用NAT的情况下与Internet通信? - How do I allow AWS lambda resources in a private subnet VPC to communicate with the internet without using a NAT?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM