Please tell me about the description.
Elasticbeanstalk is installed in a private subnet, but is inaccessible via VPN (home) (instances can be generated without problems).
Our environment is
[Home]
192.168.11.0/24 Segment
Connect to AWS VPC over VPN
AWS
CIDR 192.168.112.0/20
Private Subnet 11192.168.112.0/24 → Installation of one RHEL (192.168.112.10)
Private Subnet 2192.168.114.0/24 → One Postgres (RDS) installed (192.168.114.224)
Private Subnet 3192.168.115.0/24 → Installation of ElasticBeanstalk (rails) (192.168.115.174 *Automatically granted instance)
Public Subnet 11 192.168.116.0/24 → NAT Gateway Installation (assigning the NAT Gateway Route Table to the 192.168.115.0/24 subnet)
Regarding the event,
·The EB (192.168.115.174) cannot be accessed from the home-installed machine (192.168.115.174)
·You can access EB (192.168.115.174) from RHEL (192.168.112.10)
The requirement is that the EB be installed in a private subnet (because you want to deny external access).
So I was thinking about accessing EB from home via NAT gateway, but it's just as it happened.
However,
https://docs.aws.amazon.com/ja_jp/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html#nat-gateway-other-services
When I checked the , I found that VYou cannot route traffic to the NAT gateway through a VPN connection through . をNAT gateways are not available from resources on the other side of these connections." I thought this incident was stuck with this limitation.
So I have a question, is it impossible for EB to access via VPN?If it is accessible by a method other than the NAT gateway (NAT instance?), could you tell me how to do it?
aws vpn vpc
First of all, I solved myself.I don't know if this is a best practice for AWS-like?, but I had no problem accessing it from home by deploying reverse proxy (Apache) on RHEL installed at 192.168.112.0/24, and redirecting it to EB.
In my environment, DNS name resolution had to be consistent between home and AWS.
It's even more self-less.
We found that reverse proxy cannot handle AutoScale because the IP changes during EB restart (drop → generation).So I looked for another way.
In conclusion, use ELB.If this is the case, I understand that this requirement can be met.
We installed EB and ELB in private segments (segmented) and NAT gateways in EB installation segments.
578 Understanding How to Configure Google API Key
574 Who developed the "avformat-59.dll" that comes with FFmpeg?
581 PHP ssh2_scp_send fails to send files as intended
618 Uncaught (inpromise) Error on Electron: An object could not be cloned
915 When building Fast API+Uvicorn environment with PyInstaller, console=False results in an error
© 2024 OneMinuteCode. All rights reserved.