AWS Internal Alb无法重新指导到私人MWAA WebServer
我正在尝试在AWS中设置MWAA,UI Web服务器需要在私有子网内部。 基于文档对于Web服务器VPC端点,需要使用VPN/BASTION/LOAD BALANCER,我理想地希望使用Load Balancer授予用户访问。
我可以看到创建的VPC端点,并且与在初始环境设置中选择的每个子网(两个子网总计)中的IP相关联。
使用https设置了目标组:443。
与上面的目标组创建了内部ALB。
UI作为弹出链接在MWAA控制台中呈现。访问我被发送发送到一个说网站的页面时,该网站无法到达,并且URL的语法类似于
https://####-vpce.c71.us-east-1.airflow.amazonaws.com/aws_mwaa/aws-console-sso?login=true<MWAA_WEB_TOKEN>
我替换URL的开头,我能够到达下面适当的MWAA网页,但有一些HTTPS证书问题,我以后可以找出这些问题,但这似乎是我需要联系的适当着陆页。
https://<INTERNAL_ALB_A_RECORD>/aws_mwaa/aws-console-sso?login=true<MWAA_WEB_TOKEN>
如果我只访问浏览器中的内部ALB记录,
https://<INTERNAL_ALB_A_RECORD>
则将重定向到MWAA的登录页面,单击登录按钮,然后将其重新定向到下面的,该页面上有无法到达此站点。 /代码>页面。
https://####-vpce.c71.us-east-1.airflow.amazonaws.com/aws_mwaa/aws-console-sso?login=true<MWAA_WEB_TOKEN>
我不确定问题所在,但似乎我没有被重新定向到需要去的地方。
我应该尝试一个指向ALB作为目标组的NLB吗?另外,当访问内部ALB时,我读到您需要访问VPC。这到底是什么意思?
I am attempting to setup MWAA in AWS and the UI web server needs to be inside a private subnet. Based on documentation the way to setup access to the web server VPC endpoints requires using a VPN/Bastion/Load Balancer and I would ideally like to use the load balancer to grant users access.
I am able to see the VPC endpoint created and it is associated to an IP in each subnet (two subnets total) that were chosen during the initial environment setup.
Target groups were setup to these IP addresses with HTTPS:443.
An internal ALB was created with the target groups above.
The UI is presented in the MWAA console as a pop-out link. When accessing that I am sent sent to a page that says The site can't be reached and the URL has a syntax similar to
https://####-vpce.c71.us-east-1.airflow.amazonaws.com/aws_mwaa/aws-console-sso?login=true<MWAA_WEB_TOKEN>
If I replace the beginning of the URL with below I am able to get to the proper MWAA webpage but there are some HTTPS certificate issues which I can figure out later but this seems to be the proper landing page I need to reach.
https://<INTERNAL_ALB_A_RECORD>/aws_mwaa/aws-console-sso?login=true<MWAA_WEB_TOKEN>
If I access just the internal ALB A record in my browser
https://<INTERNAL_ALB_A_RECORD>
I get redirected to a login page for MWAA, click the login button, then I get re-directed to the below which has the This site can't be reached page.
https://####-vpce.c71.us-east-1.airflow.amazonaws.com/aws_mwaa/aws-console-sso?login=true<MWAA_WEB_TOKEN>
I am not sure exactly where the issue is but it seems to be that I am not being re-directed to where I need to go.
Should I try a NLB pointing to the ALB as a target group? Additionally when accessing an internal ALB I read that you need access to the VPC. What does this mean exactly?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
仍然不确定重定向未发生的根本原因是什么。
在这种情况下,我们的网络不需要 ALB 或 NLB,因为我们建立了 DirectConnect 设置,如果我们使用公司 VPN,它允许我们解析 VPC 端点。我仍然会看到一个页面,其中包含有关
无法访问此网站的错误消息,并且要访问正确的登录页面,我只需在浏览器的 URL 搜索栏中再次按 Enter 键即可。如果其他人遇到此问题,请确保在再次按 Enter 之前将登录令牌附加到 URL 条目的末尾。
我已经向 AWS 提出了一个关于此问题的案例,因此如果他们能够找出根本原因,我将进行更新。
Still unsure of what the root cause is for the re-direction not taking place.
Our networking does not need an ALB or NLB in this scenario since we have a DirectConnect setup established which allows us to resolve VPC endpoints if we are on our corporate VPN. I still do end up at a page with an error message regarding
This site can't be reachedand to get to the proper landing page I just have to hit Enter again in my browser's URL search bar.If anyone else comes across this make sure that you have the login token appended to the end of your URL entry before hitting enter again.
I have a case open with AWS on this so I will update if they are able to figure out the root cause.