堆栈内存溢出
  简体   繁体   English

如何允许 ECS 集群向内连接到 EC2 MongoDB

[英]How to allow an ECS cluster connect inboud to a EC2 MongoDB

 原文  2022-12-30 14:03:50       mongodb/ amazon-web-services/ amazon-ec2/ cloud/ amazon-ecs

问题描述

Context: I created a MongoDB server in a EC2 but I want to "lock" the IP connections to just the ECS cluster to connect it.上下文:我在 EC2 中创建了一个 MongoDB 服务器,但我想将 IP 连接“锁定”到 ECS 集群以连接它。 But I don`t know and I didnt find it too which IP I put in EC2 Security Group to allow inbound.network.但我不知道,我也没有找到我在 EC2 安全组中放入哪个 IP 以允许 inbound.network。

The current inbound.network is 0.0.0.0 but it is kinda bad practice.当前的 inbound.network 是 0.0.0.0 但这是一种不好的做法。 I dont know if I put the IP of the VPC or the IP of the SG.不知道是放VPC的IP还是SG的IP。 The EC2 must be in the same VPC, VPN, SG, ELB of the ECS? EC2必须和ECS在同一个VPC、VPN、SG、ELB吗? How does it works?它是如何工作的? thanks谢谢

I tried to put the IP of the SG but it says that I cant because they are not "in the same.network".我试着输入 SG 的 IP,但它说我不能,因为它们不在“同一个网络中”。 I searched about but I dont know what exactly it means.我搜索了一下,但我不知道它到底是什么意思。

1 个解决方案

解决方案1
 1 已采纳  2022-12-30 14:10:16

You should use security groups not IP addresses, that way if you change machines in your cluster access will still be permitted.您应该使用安全组而不是 IP 地址,这样,如果您更改集群中的机器,访问仍将被允许。

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html

I typically do this with security group references rather than IPs.我通常使用安全组引用而不是 IP 来执行此操作。 Make sure each resource (ECS) is assigned a security group that isn't used for anything else - ie not the default SG.确保为每个资源 (ECS) 分配了一个安全组,该安全组不用于任何其他用途 - 即不是默认 SG。 Default works but it's not good practice and it's more difficult to keep track of.默认有效,但这不是好的做法,而且更难跟踪。

You need to put in matching security group rules to allow traffic out from ECS to the EC2, and into the EC2 from ECS:您需要放入匹配的安全组规则以允许流量从 ECS 流出到 EC2,并从 ECS 流入 EC2:

  • ECS SG : allow outbound connectivity to the EC2 SG on the required port. ECS SG :允许在所需端口上与 EC2 SG 建立出站连接。
  • EC2 SG : allow inbound connectivity from the ECS SG on the required port. EC2 SG :允许在所需端口上从 ECS SG 进行入站连接。

Since security groups are stateful you don't need to allow incoming into ECS or outgoing from EC2.由于安全组是有状态的,因此您不需要允许传入 ECS 或从 EC2 传出。

If for some reason you need to do this with IPs make sure you use private IPs rather than public.如果出于某种原因您需要使用 IP 执行此操作,请确保您使用私有 IP 而不是公共 IP。 In AWS public IPs are only translated in the inte.net gateway, they're not used within the VPC.在 AWS 中,公共 IP 仅在 inte.net 网关中转换,它们不在 VPC 中使用。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 是否有适当的方法来停止集群内的 ECS 任务和 EC2 实例? - Is there a proper way to stop ECS tasks and the EC2 instances inside a cluster? 如何连接EC2实例? - How to connect EC2 instance? 如何使用 AWS EC2 设置 RabbitMQ 集群 - How to setup RabbitMQ cluster with AWS EC2 由 ECS 集群创建的 EC2 t3.micro 是否符合免费套餐的条件? - Is EC2 t3.micro created by ECS cluster eligible for free tier? 如何在私有 VPC 中连接到 EC2? - How to connect to EC2 in private VPC? 关于 AWS EC2 实例中的 Kubernetes 集群 - About Kubernetes cluster in AWS EC2 instances ECS/EKS 比直接 EC2 节省的成本 - Cost Savings of ECS/EKS over Straight EC2 ECS on EC2 同一任务中两个容器之间的双向通信 - ECS on EC2 bidirectional communication between two containers in the same task 如何在 Visual Studio 中连接 mysql(基于 EC2 实例)? - How to connect mysql(based on EC2 instance) in Visual studio? AWS:如何将流式数据保存到托管在 EC2 上的数据库(例如 MySQL/MongoDB) - AWS: How to save Streaming data to database hosted on EC2 ( ex. MySQL/ MongoDB )
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM