问题
Now
I've developed an application that works on top a set of services that are collecting and elaborating data collected from the Internet (app_one, app_two, app_three) and then I have a core App that merges and visualizes that information (app_core). This project is based on top of AWS Elastic Beanstalk, having for each App its own git. To handle the connection between Apps I've (insecurely) mapped each service with a subdomain.
What I would like to do
I will love to move development of this project inside a VPC and secure the interfaces between the REST Flask Apps (one,two,three) and the Core App.
My questions
1) How I can avoid to give a public ip to my eb-enviroment? Every time I run:
eb create myenvname --instance_type t2.XXX
it automatically set up a public IP. Can I move it inside the VPS behind and Internet Gateway?
2) If there is a way to securely move those services behind the gateway, how can I address HTTP requests between those Apps? I don't have subdomains here internally, Should I need to use the private IP's(I don't think so)? There is a way to privately address those services? like in Docker refer to the single docker as " app_one/ ".
I'm sorry if those questions could sound naive, but I have got a background in a completely other area of interest
thanks a lot
Edit
I add project folder structure:
--+/MyAPP
|
|---+/app_one # single env folder
| ...
|
|---+/app_two . # single env folder
| ...
|
|---+/app_three # single env folder
| ...
|
|---+/app_core # single env folder
|--/env # virtual env
|--+/app_core # flask application
|--/lib
|--+/.elasticbeanstalk # eb folder
| |--config.yml
|--application.py
|--requirements.txt
回答1:
You have to launch your apps either into a private subnet or set the configration flag AssociatePublicIpAddress = false.
How to set that flag?
Configuration Files
Use .ebextensions to configure options that are required to make your application work, and provide default values for other options that can be overridden at a higher level of precedence. Options specified in .ebextensions have the lowest level of precedence and are overridden by settings at any other level.
To use configuration files, create a folder named .ebextensions at the top level of your project's source code. Add a file with the extension .config and specify options in the following manner:
option_settings:
- namespace: namespace
option_name: option name
value: option value
- namespace: namespace
option_name: option name
value: option value
Set the flag AssociatePublicIpAddress = false
.ebextensions/app.config
option_settings:
- namespace: aws:ec2:vpc
option_name: AssociatePublicIpAddress
value: false
How to set the Subnet
.ebextensions/app.config
option_settings:
- namespace: aws:ec2:vpc
option_name: VPCId
value: vpc-4545121
- namespace: aws:ec2:vpc
option_name: Subnets
value: sub-45455565
+ Resources
- Configuration Options
- General Options for All Environments
- Advanced Environment Customization with Configuration Files .ebextensions
- Getting to Know and Love AWS Elastic Beanstalk Configuration Files .ebextensions
Hope it helps!
来源:https://stackoverflow.com/questions/48307120/create-and-secure-aws-eb-application-with-multiple-environments