Is it possible to have an internal load balancer w

2019-06-07 11:04发布

问题:

I have an api that I deploy using elasticbeanstalk, and I wish to make it completely internal so that it cannot be accessed from the public Internet. I am doing this because I only want the service to be accessible via our other services (that each run in their own VPCs and are all deployed via elasticbeanstalk).

Is it possible to use an internal ELB with elasticbeanstalk? Is this even what I need to do? Can VPC peering help me here?

The ultimate aim is that the api needs to have some http resources public and some private. My approach was going to be to make the service private and expose any public resources via API Gateway, but perhaps this is not the right solution. Would it perhaps be better to expose everything through API Gateway, require IAM auth on the private resources and enforce in the api that requests come from API Gateway?

回答1:

Yes, you can add an ELB to any VPC, including those on private address ranges that are not accessible to the internet.

When configuring your Beanstalk instance, choose an appropriate VPC, unselect "Associate Public IP Address", place an ELB in at least one private subnet and select "Internal" for the ELB visibility.

The VPC configuration page looks like: