Amazon web services 在CDK中将allowFrom应用程序迁移到网络负载平衡器_Amazon Web Services_Aws Cdk_Aws Load Balancer_Aws Application Load Balancer

Amazon web services 在CDK中将allowFrom应用程序迁移到网络负载平衡器

amazon-web-services

Amazon web services 在CDK中将allowFrom应用程序迁移到网络负载平衡器,amazon-web-services,aws-cdk,aws-load-balancer,aws-application-load-balancer,Amazon Web Services,Aws Cdk,Aws Load Balancer,Aws Application Load Balancer,问题：如何将执行allowFrom操作的ALB从以下snippdt迁移到NLB loadBalancer.connections.allowFrom( Peer.ipv4(vpc.vpcCidrBlock), Port.tcp(externalPort), `Allow from VPC on port ${externalPort}`, ); 原因和我拥有的：我需要将API网关重定向到EC2自动缩放组。我已经了解到这只能通过NLB实现，所以我必须将现有的ALB迁移到N

问题：如何将执行

allowFrom

操作的ALB从以下snippdt迁移到NLB

loadBalancer.connections.allowFrom(
    Peer.ipv4(vpc.vpcCidrBlock),
    Port.tcp(externalPort),
    `Allow from VPC on port ${externalPort}`,
);

原因和我拥有的：我需要将API网关重定向到EC2自动缩放组。我已经了解到这只能通过NLB实现，所以我必须将现有的ALB迁移到NLB。我有此ALB代码（部分）：

这就是我想将其迁移到NLB的方式，但我不确定是否遗漏了什么（尤其是我不知道如何迁移

loadBalancer.connections.allowFrom

）：

    this.autoScalingGroup = new AutoScalingGroup()
    this.autoScalingGroup.connections.allowFrom(
        Peer.ipv4(props.vpc.vpcCidrBlock),
        Port.tcp(22),
        "SSH Access from local VPC",
    );

    const externalPort = 80;
    const internalPort = 8080;

    const targetGroup = new ApplicationTargetGroup(this, "ApplicationTargetGroup", {
        targets: [asg],
        vpc: vpc,
        healthCheck: {
            path: "/ping",
        },
        port: internalPort,
        protocol: ApplicationProtocol.HTTP,
    });
    const loadBalancer = new ApplicationLoadBalancer(this, "ApplicationLoadBalancer", {
        vpc: vpc,
    });
    loadBalancer.addListener("ApplicationListener", {
        defaultTargetGroups: [targetGroup],
        open: false,
        port: externalPort,
        protocol: ApplicationProtocol.HTTP,
    });
    loadBalancer.connections.allowFrom(
        Peer.ipv4(vpc.vpcCidrBlock),
        Port.tcp(externalPort),
        `Allow from VPC on port ${externalPort}`,
    );

this.autoScalingGroup = new AutoScalingGroup()
this.autoScalingGroup.connections.allowFrom(
    Peer.ipv4(props.vpc.vpcCidrBlock),
    Port.tcp(22),
    "SSH Access from local VPC",
);

const externalPort = 80;
const internalPort = 8080;

const targetGroup = new NetworkTargetGroup(this, "NetworkLoadBalancer", {
    targets: [asg],
    vpc: vpc,
    healthCheck: {
        path: "/ping",
    },
    port: internalPort,
});

const networkLoadBalancer = new NetworkLoadBalancer(this, "NetworkLoadBalancer", {
    vpc: vpc,
});

networkLoadBalancer.addListener("ApplicationListener", {
    defaultTargetGroups: [targetGroup],
    port: externalPort,
});

// Is this ok to replace loadbalancer.connections.allowFrom ?
asg.connections.allowFrom(
    Peer.ipv4(vpc.vpcCidrBlock),
    Port.tcp(externalPort),
    `Allow from VPC on port ${externalPort}`,
);