我在安全组中使用安全组。
例如,我希望mysql安全组允许mysql 3306连接到app服务器安全组。
但是,我的app服务器无法与mysql通信(通过mysql cli进行测试),但是当我专门将ip地址添加到mysql安全组中时,它就可以工作了。
救命?
I'm using security groups inside security groups.
For instance, I would like the mysql security group to allow mysql 3306 connections to the app server security group.
However, my app server cannot talk to mysql (testing via the mysql cli) but when I specifically add the ip address into the mysql security group, then it works.
Help?
最满意答案
考虑到您提供的配置信息很少,这可能有点远。 但是,我有一个非常奇怪的类似经历,所以这里...
检查您是使用私有IP而不是公共IP。 如果您单独指定公共IP,则它将起作用,但不会与安全组内的安全组一起使用。
另一方面,私有IP不是外部可访问的,但安全组似乎可行。
如果仍然无效,请确保在VPC中设置了本地路由,以确保私有IP可以跨子网工作。
This may be a bit of a long shot, given how little information about your configuration you've provided. However, I had a very eerily similar experience so here goes...
Check that you're using the private ip's and not the public ip's. The public ip will work if you individually specify, but won't with security groups inside security groups.
On the other hand, private ip's are not externally accessible, but then security groups seem to work.
If that still doesn't work, make sure that you have local routes set in your VPC to make sure that the private ip's can work across subnets.
更多推荐
发布评论