如何使用许多安全组访问1个EC2实例?
我有一个简单的设置 - 一个EC2充当Web服务器。
首先,我只允许1组IP(第一个办公室)访问服务器,因此我创建了一个安全组,并允许他们通过HTTP和HTTP访问EC2。
现在,一个新的办公室(具有不同的IPS)想访问Web服务器。最好的方法是什么?
我尝试的
将每个IP添加到原始安全组中的工作有效,但是我不知道几个星期后哪个IP属于哪个办公室。不可持续。
我创建了另一个安全组,并为每个新IP添加了HTTP/HTTPS的规则。 在新安全组中添加IPS到入站规则
IP团体。 将新的安全组添加到原始安全组 (新的安全组是屏幕截图中的前两个行)
我希望EC2实例现在允许新的IPS,但事实并非如此。 (我在这里错过了什么吗?!)
I have a simple setup -- one EC2 acts as a web server.
At first, I allowed only 1 set of IPs (the first office) to access the server, so I created a security group and allowed them to access the EC2 through HTTP and HTTPS.
A new office (with different IPs) now wants to access the webserver. What's the best way to do it?
What I have tried
Adding each IP to the original security group works, but I will have no idea which IP belongs to which office in a few weeks. Not sustainable.
I created another security group and added rules for HTTP/HTTPS for each new IP.
Add IPs to inbound rule in new security group
Then I added the new security group to the original security group.
Add new security group to original security group
(The new security group is the first two rows in the screenshot)
I expected the EC2 instance to now allow the new IPs but it didn't. (Am I missing something here?!)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
每个安全组规则都可以具有可选的,最多255个字符。因此,我建议将Office名称添加为每个入站IP地址的描述。
将安全组添加到其他安全组中并不提供您要实现的功能。它仅允许将AWS资源与分配给他们的一个安全组一起访问资源,并与分配给他们的另一个安全组访问资源。它不允许在另一组中允许一个组中允许所有入站流量。
Each Security Group rule can have an optional description, up to 255 characters. So I suggest adding the office name as the description for each inbound IP address.
Adding security groups to other security groups doesn't provide the functionality you are trying to achieve. It only allows AWS resources with one security group assigned to them to access resources with the other security group assigned to them. It doesn't allow all inbound traffic allowed in one group to also be allowed in the other group.