stackoom
  简体   繁体   中英

AWS: Make EC2 instances reachable from each other

 原文  2018-07-23 11:09:21       amazon-web-services/ amazon-ec2/ elastic-ip

Question

I have a VPC with several instances;

These need to be reachable among them via public url s, ie one instance, say 

mysub1.mydomain.com

should be able to access 

mysub2.mydomain.com

and vice-versa;

My only way for the moment to go about this is:

a) allocate ElasticIP to each one (so that they do not change)

b) add explicit allow rules in the respective security group so that the above requests are possible;

Since I am short on ElasticIP s, is there another way to go about this case, given that the instance number is expected to grow?

I can place those instances behind ELB or ALB if that solves the problem somehow;

edit : Could the usage of a NAT Gateway with a twist (that actually allows both incoming and outgoing traffic to/from my instances) be the solution to save IP addresses? but how can this be combined with a load balancer (either ELB or ALB) that I have to use during some requirements?

2 answers

solution1
 1  2018-07-23 23:36:26

If your requirement merely that they communicate locally within the VPC to reach each other via their DNS names, you should be able to create a Private Hosted Zone for Amazon VPC in Amazon Route 53.

Add entries for each instance pointing to their private IP address . This way, the DNS name will resolve within the VPC to point to the private IP address rather than a public address. Traffic will flow within the VPC, without going out to the Internet. This also would not require an public IP addresses to be allocated.

If you also need the DNS names to resolve on the Internet (outside the VPC), you do not necessarily need to use Elastic IP addresses. Each Amazon EC2 can request a public IP address when the instance is created. You can point the public DNS names to this address. However, please note that the public IP address might change if the instance is stopped and started (whereas Elastic IP addresses will not change).

solution2
 0  2018-07-23 12:02:18

Ideally, you should create a VPC with public and private subnets ( https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html ) and place your instances (unless specific needs) in private subnets.

You will then configure external and internal load balancers and DNS for communication so that you don't need to rely on public IPs and you can scale your application (you can use either classic or application load balancers depending on your needs).

You can set up public and private DNS zones on route53 ( https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-private.html ) so that you can resolve certain endpoints just from inside the VPC.

You can then even improve security by creating "security-group to security-group" rules or restricting inbound traffic to specific subnets.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question aws ec2 instances in different vpc subnets access each other How to make two ec2 instances connected with each other internally Connect between two AWS EC2 Instances to share data from one EC2 instance to other EC2 instance Parse migration “No reachable servers” on AWS EC2 AWS CLI - aws ec2 describe-instances to retrieve keypair mame for each EC2 instance AWS EC2: Moving two web apps from 1 instance to 4 instances (2 each) Kubernetes pod level restricted access to other EC2 instances from AWS EKS nodes AWS Console - EC2 Instances not visible to other member's The nature of Amazon EC2 instances and other AWS services AWS WAF + EC2 Instances
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM