问题描述

我有一个Web应用程序，该应用程序在附加了3个实例的Amazon AWS Elastic Load Balancer后面运行。该应用程序具有 / refresh 端点，用于重新加载参考数据。只要有新数据，就需要运行它，每周发生几次。

I have a web app which runs behind Amazon AWS Elastic Load Balancer with 3 instances attached. The app has a /refresh endpoint to reload reference data. It need to be run whenever new data is available, which happens several times a week.

我一直在为所有实例分配公共地址，并独立刷新（使用 ec2-url / refresh ）。我同意，ELB后面的EC2实例不应允许直接公共访问。现在我的问题是如何使 elb-url / refresh 调用到达负载均衡器后面的所有实例？

What I have been doing is assigning public address to all instances, and do refresh independently (using ec2-url/refresh). I agree with Michael's answer on a different topic, EC2 instances behind ELB shouldn't allow direct public access. Now my problem is how can I make elb-url/refresh call reaching all instances behind the load balancer?

如果我可以从多个实例收集HTTP响应，那就太好了。但是我现在不介意盲目进行刷新。

And it would be nice if I can collect HTTP responses from multiple instances. But I don't mind doing the refresh blindly for now.

推荐答案

您不能通过负载均衡器发出这些请求，因此，您将必须打开实例的安全组，以允许来自非ELB来源的传入流量。不过，这并不意味着您需要将其开放给所有直接流量。您可以简单地在安全组中将IP地址列入白名单，以允许来自特定计算机的请求。

You can't make these requests through the load balancer, So you will have to open up the security group of the instances to allow incoming traffic from source other than the ELB. That doesn't mean you need to open it to all direct traffic though. You could simply whitelist an IP address in the security group to allow requests from your specific computer.

如果您不想向这些服务器添加公共IP地址，则您可以将需要在VPC内的EC2实例上运行类似 curl 的命令。在这种情况下，您只需要打开安全组以允许来自VPC中存在的某些服务器（或服务器组）的流量。

If you don't want to add public IP addresses to these servers then you will need to run something like a curl command on an EC2 instance inside the VPC. In that case you would only need to open the security group to allow traffic from some server (or group of servers) that exist in the VPC.

这篇关于如何使HTTP调用到达Amazon AWS负载均衡器背后的所有实例？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！