在 AWS 上使用 Application Load Balancer 在哪里处理微服务的授权和路由?
[英]Where to handle authorization and routing for microservices with Application Load Balancer on AWS?
问题描述
I currently have an ALB that forwards all http/s requests to a target group.
我目前有一个 ALB,它将所有 http/s 请求转发到目标组。 Inside the target group I have 3 EC2 instances each running the same NodeJS application.在目标组中,我有 3 个 EC2 实例,每个实例都运行相同的 NodeJS 应用程序。
If I want to break up my application into microservices with a "gateway service" that handles authorization of all incoming client requests and performs routing to the other microservices, how can I achieve this using ALB?如果我想使用处理所有传入客户端请求的授权并执行到其他微服务的路由的“网关服务”将我的应用程序分解为微服务,我如何使用 ALB 实现此目的?
My initial thought is to implement the following:我最初的想法是实现以下内容:
Inte.net -> ALB -> Target group with gateway microservices (auth happens here) -> ALB -> Target group with other microservices Inte.net -> ALB -> 具有网关微服务的目标组(此处进行身份验证)-> ALB -> 具有其他微服务的目标组
Is this kind of architecture possible / recommended?这种架构可能/推荐吗?
1 个解决方案
解决方案1
0 2023-01-14 08:28:50
One solution is to:一种解决方案是:
- use private AWS API gateway,使用私有 AWS API 网关,
- create VPC interface endpoint linked to it创建链接到它的 VPC 接口端点
- use IP address as a target group and使用 IP 地址作为目标组和
- pass traffic through the gateway to micro services通过网关将流量传递到微服务
Authorization can be done in the gateway by using Authorizers (Cognito or Lambda)可以使用授权器(Cognito 或 Lambda)在网关中完成授权
See https://aws.amazon.com/premiumsupport/knowledge-center/invoke-private-api-gateway/ for details.有关详细信息,请参阅https://aws.amazon.com/premiumsupport/knowledge-center/invoke-private-api-gateway/ 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.