Amazon Elastic Beanstalk internal and internet acc

2019-04-07 17:41发布

问题:

We’re trying to create a setup of multiple APIs via the Amazon AWS Elastic Beanstalk (AEB) component. The reason we have chosen AEB is because it provides seamless deployment and scaling for the applications we deploy, without the need to manually create Load Balancers (LB) and scaling rules. We would very much like to keep it this way as we are planning on launching a (large) number of applications and APIs.

However, we’re facing a number of challenges with AEB.

First and foremost, some of the API’s need to communicate internally, and low latency is a core requirement for us. In order to utilize internal network communication in AEB we have been “forced” to:

  1. Allocate a VPC in Amazon
  2. Deploy each application to this VPC - each behind their own internal LB

Now, when using the Elastic beanstalk URLs the APIs are able to resolve the internal IP of the LB of another API and thus the latency is eliminated and all is good - the APIs can communicate with one another.

However, this spawns another issue for us: Some of these “internally” allocated APIs (remember, they’re behind an internal LB in a VPC) must also be accessible from the internet.

We still haven’t found a way to make the internal LBs internet accessible (while keeping their ability to also act as internal LB), so any help on this matter is greatly appreciated.

回答1:

  • Each application should be on a subnet within VPC
  • Update ACL and ELB Security Group to let external access

AWS Elastic Load Balancing Inside of a Virtual Private Cloud

Also, this question on SO contains relevant information: Amazon ELB in VPC