问题描述
我分别创建了2个安全组。 一个用于在公共子网中运行的ec2实例,另一个用于在私有子网中运行的ec2实例。
我想从公共实例安全地转入私有实例。
以下用于私有安全组的端口配置是否正确,或者是否需要打开任何其他端口? 这些安全组端口是否需要以某种方式连接才能切入专用实例? (我已经创建了vpc,一个公共和私有子网,eip,nat-gateway)。
public_sgGroup.tf
resource "aws_security_group" "public_sg" {
name = "Public_sg"
description = "Security Group for Public instance-Bastion"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["${var.s_group_vpc_cidr}"]
}
egress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
egress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags {
Name = "Public_sgGroup"
}
}
private_sgGroup
resource "aws_security_group" "private_sg" {
name = "Private_sg"
description = "Security Group for Private instance"
egress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["${var.s_group_vpc_cidr}"]
}
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags {
Name = "Private_sgGroup"
}
}
谢谢。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)