How to configure VPC for Elastic Beanstalk using CLI

问题

I am able to create an Elastic Beanstalk environment with a VPC using this command with eb-cli:

eb create --vpc

This asks me to configure several options:

Enter an RDS DB username (default is "ebroot"): ...
Enter an RDS DB master password: ...
Retype password to confirm: ...
Enter the VPC ID: ...
Do you want to associate a public IP address? (Y/n): ...
Enter a comma-separated list of Amazon EC2 subnets: ...
Enter a comma-separated list of Amazon ELB subnets: ...
Do you want the load balancer to be public? (Select no for internal) (Y/n): ...
Enter a comma-separated list of Amazon VPC security groups: ...
Creating application version archive ...

I have created a VPC with subnets and added an RDS instance to it following this thread here and here (thank you @Marcin!). But, there are a few things that I am confused about:

1. What is "Do you want to associate a public IP address?"
2. I remember creating subnets for my VPC, but what does it want me to add for the "EC2 subnets" and the "ELB subnets"? Should I add the ones from my VPC?
3. For "Do you want the load balancer to be public?", what does this exactly mean? I am assuming that public means that it is public on the internet, whereas private means I can only access it in the VPC?
4. For "Enter a comma-separated list of Amazon VPC security groups", do I need to add anything here?

I know these are pretty open ended, but hopefully this helps someone!

回答1:

Based on the chat discussion and comments.

1. What is "Do you want to associate a public IP address?"

For single instance EB env, it the EB should be in a public subnet with public IP.

2. I remember creating subnets for my VPC, but what does it want me to add for the "EC2 subnets" and the "ELB subnets"? Should I add the ones from my VPC?

For Load-balanced EB env, your load balancer should be in public subnets, while instances can be in private.

3. For "Do you want the load balancer to be public?", what does this exactly mean? I am assuming that public means that it is public on the internet, whereas private means I can only access it in the VPC?

Load balancer must be in public subnets. Without that, you won't be able to connect to your website from the internet.

4. For "Enter a comma-separated list of Amazon VPC security groups", do I need to add anything here?

You can use default ones, but may need to adjust them later if needed.

来源：https://stackoverflow.com/questions/62963690/how-to-configure-vpc-for-elastic-beanstalk-using-cli