Amazon web services 在CDK中将allowFrom应用程序迁移到网络负载平衡器
问题:如何将执行Amazon web services 在CDK中将allowFrom应用程序迁移到网络负载平衡器,amazon-web-services,aws-cdk,aws-load-balancer,aws-application-load-balancer,Amazon Web Services,Aws Cdk,Aws Load Balancer,Aws Application Load Balancer,问题:如何将执行allowFrom操作的ALB从以下snippdt迁移到NLB loadBalancer.connections.allowFrom( Peer.ipv4(vpc.vpcCidrBlock), Port.tcp(externalPort), `Allow from VPC on port ${externalPort}`, ); 原因和我拥有的:我需要将API网关重定向到EC2自动缩放组。我已经了解到这只能通过NLB实现,所以我必须将现有的ALB迁移到N
allowFrom
操作的ALB从以下snippdt迁移到NLB
loadBalancer.connections.allowFrom(
Peer.ipv4(vpc.vpcCidrBlock),
Port.tcp(externalPort),
`Allow from VPC on port ${externalPort}`,
);
原因和我拥有的:我需要将API网关重定向到EC2自动缩放组。我已经了解到这只能通过NLB实现,所以我必须将现有的ALB迁移到NLB。我有此ALB代码(部分):
这就是我想将其迁移到NLB的方式,但我不确定是否遗漏了什么(尤其是我不知道如何迁移loadBalancer.connections.allowFrom
):
this.autoScalingGroup = new AutoScalingGroup()
this.autoScalingGroup.connections.allowFrom(
Peer.ipv4(props.vpc.vpcCidrBlock),
Port.tcp(22),
"SSH Access from local VPC",
);
const externalPort = 80;
const internalPort = 8080;
const targetGroup = new ApplicationTargetGroup(this, "ApplicationTargetGroup", {
targets: [asg],
vpc: vpc,
healthCheck: {
path: "/ping",
},
port: internalPort,
protocol: ApplicationProtocol.HTTP,
});
const loadBalancer = new ApplicationLoadBalancer(this, "ApplicationLoadBalancer", {
vpc: vpc,
});
loadBalancer.addListener("ApplicationListener", {
defaultTargetGroups: [targetGroup],
open: false,
port: externalPort,
protocol: ApplicationProtocol.HTTP,
});
loadBalancer.connections.allowFrom(
Peer.ipv4(vpc.vpcCidrBlock),
Port.tcp(externalPort),
`Allow from VPC on port ${externalPort}`,
);
this.autoScalingGroup = new AutoScalingGroup()
this.autoScalingGroup.connections.allowFrom(
Peer.ipv4(props.vpc.vpcCidrBlock),
Port.tcp(22),
"SSH Access from local VPC",
);
const externalPort = 80;
const internalPort = 8080;
const targetGroup = new NetworkTargetGroup(this, "NetworkLoadBalancer", {
targets: [asg],
vpc: vpc,
healthCheck: {
path: "/ping",
},
port: internalPort,
});
const networkLoadBalancer = new NetworkLoadBalancer(this, "NetworkLoadBalancer", {
vpc: vpc,
});
networkLoadBalancer.addListener("ApplicationListener", {
defaultTargetGroups: [targetGroup],
port: externalPort,
});
// Is this ok to replace loadbalancer.connections.allowFrom ?
asg.connections.allowFrom(
Peer.ipv4(vpc.vpcCidrBlock),
Port.tcp(externalPort),
`Allow from VPC on port ${externalPort}`,
);