aws(学习笔记第七课) 私有子网使用NAT服务器

aws(学习笔记第七课)

  • AWS的私有子网使用NAT服务器

学习内容:

  • AWS的私有子网使用NAT服务器

1. AWS的私有子网使用NAT服务器

在上面的例子的网络构成图中,可能会发现一个问题。就是Private SubnetApache server无法访问互联网。比如,当需要软件更新的时候,或者访问其他web service的时候,不能实现互联网访问。那么有实现同时让Apache Server躲在堡垒机后面(没有公网IP地址),还能兼顾访问互联网吗,这个解决方案就是NAT服务。

在这里插入图片描述

  1. 首先学习什么是NAT

    • 学习参考

      • 全面解析NAT
      • SNATDNAT

    • NAT的概念
      网络地址转换(NAT)是一种网络技术,用于在不同网络之间转换IP地址。它主要解决了IPv4地址短缺的问题,同时也可以增强网络安全性和提高网络性能。通过在路由器或防火墙设备上配置NAT,可以实现私有网络和公共网络之间的IP地址转换,从而隐藏内部网络的真实拓扑结构。

      • 静态NAT
        静态 NAT:一对一映射,将一个私有IP地址映射到一个公共IP地址。在这里插入图片描述
      • 动态NAT
        动态分配公共IP地址给私有IP地址,使得多个私有IP地址可以共享少量公共IP地址。在这里插入图片描述

    • SNATDNAT

      • SNAT
        SNAT 又称源地址转换。源地址转换是内网地址向外访问时,发起访问的内网ip地址转换为指定的ip地址(可指定具体的服务以及相应的端口或端口范围),这可以使内网中使用保留ip地址的主机访问外部网络,即内网的多部主机可以通过一个有效的公网ip地址访问外部网络。
        • 数据包从内网发送到公网时,SNAT会把数据包的源地址由私网IP转换成公网IP。
        • 当相应的数据包从公网发送到内网时,会把数据包的目的地址由公网IP转换为私网IP。
      • DNAT
        DNAT 又称目标地址转换。将私网中web服务器映射到公网IP,使其公网IP作为目标地址被公网中主机进行访问。
        • 数据包从外网发送到内网时,DNAT会把数据包的目标地址由公网IP转换成私网IP。
        • 当相应的数据包从内网发送到公网时,会把数据包的源地址由私网IP转换为公网IP。

    • AWS中的NAT实现

      • 实现之后的网络结构
        在这个结构中,位于私有子网的Apache Server没有直接访问互联网的路由,如果访问互联网0.0.0.0的场合,将其路由到公网的NAT Server,这样经过NAT Server的网络转换,同样能访问互联网。
        在这里插入图片描述

    • 定义NAT Server以及Apache Server的路由指向

      • 定义NAT Server所在的subnet

        		"SubnetPublicNAT": {"Type": "AWS::EC2::Subnet","Properties": {"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.0.0/24","VpcId": {"Ref": "VPC"}}},"RouteTablePublicNAT": {"Type": "AWS::EC2::RouteTable","Properties": {"VpcId": {"Ref": "VPC"}}},"RouteTableAssociationPublicNAT": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicNAT"},"RouteTableId": {"Ref": "RouteTablePublicNAT"}}},"RoutePublicNATToInternet": {"Type": "AWS::EC2::Route","Properties": {"RouteTableId": {"Ref": "RouteTablePublicNAT"},"DestinationCidrBlock": "0.0.0.0/0","GatewayId": {"Ref": "InternetGateway"}},"DependsOn": "VPCGatewayAttachment"},"NetworkAclPublicNAT": {"Type": "AWS::EC2::NetworkAcl","Properties": {"VpcId": {"Ref": "VPC"}}},"SubnetNetworkAclAssociationPublicNAT": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicNAT"},"NetworkAclId": {"Ref": "NetworkAclPublicNAT"}}},"NetworkAclEntryInPublicNATHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.0.0/16"}},"NetworkAclEntryInPublicNATHTTPS": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "443","To": "443"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.0.0/16"}},"NetworkAclEntryInPublicNATEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicNATHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicNATHTTPS": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "443","To": "443"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicNATEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},

      • 定义NAT Server

        		"NatServer": {"Type": "AWS::EC2::Instance","Properties": {"ImageId": {"Fn::FindInMap": ["EC2RegionMap", {"Ref": "AWS::Region"}, "AmazonLinuxNATAMIHVMEBSBacked64bit"]},"InstanceType": "t2.micro","KeyName": {"Ref": "KeyName"},"NetworkInterfaces": [{"AssociatePublicIpAddress": "true","DeleteOnTermination": "true","SubnetId": {"Ref": "SubnetPublicNAT"},"DeviceIndex": "0","GroupSet": [{"Ref": "SecurityGroup"}]}],"SourceDestCheck": "false","UserData": {"Fn::Base64": {"Fn::Join": ["", ["#!/bin/bash -ex\n","/opt/aws/bin/cfn-signal --stack ", {"Ref": "AWS::StackName"}, " --resource NatServer --region ", {"Ref": "AWS::Region"}, "\n"]]}}},"DependsOn": "VPCGatewayAttachment"},

      • Apache Server的互联网0.0.0.0的连接路由指向NAT Server

        		"RoutePrivateApacheToInternet": {"Type": "AWS::EC2::Route","Properties": {"RouteTableId": {"Ref": "RouteTablePrivateApache"},"DestinationCidrBlock": "0.0.0.0/0","InstanceId": {"Ref": "NatServer"}}},

    • AWS中的NAT实现整体CloudFormation代码

      {"AWSTemplateFormatVersion": "2010-09-09","Description": "(VPC)","Parameters": {"KeyName": {"Description": "Key Pair name","Type": "AWS::EC2::KeyPair::KeyName","Default": "my-cli-key"}},"Mappings": {"EC2RegionMap": {"ap-northeast-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-03f584e50b2d32776", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-03cf3903"},"ap-southeast-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-68d8e93a", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-b49dace6"},"ap-southeast-2": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-fd9cecc7", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-e7ee9edd"},"eu-central-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-a8221fb5", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-46073a5b"},"eu-west-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-a10897d6", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-6975eb1e"},"sa-east-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-b52890a8", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-fbfa41e6"},"us-east-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-1ecae776", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-303b1458"},"us-west-1": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-d114f295", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-7da94839"},"us-west-2": {"AmazonLinuxAMIHVMEBSBacked64bit": "ami-e7527ed7", "AmazonLinuxNATAMIHVMEBSBacked64bit": "ami-69ae8259"}}},"Resources": {"SecurityGroup": {"Type": "AWS::EC2::SecurityGroup","Properties": {"GroupDescription": "My security group","VpcId": {"Ref": "VPC"}}},"SecurityGroupIngress": {"Type": "AWS::EC2::SecurityGroupIngress","Properties":{"IpProtocol": "-1","FromPort": "-1","ToPort": "-1","CidrIp": "0.0.0.0/0","GroupId": {"Ref": "SecurityGroup"}}},"SecurityGroupEgress": {"Type": "AWS::EC2::SecurityGroupEgress","Properties":{"IpProtocol": "-1","FromPort": "-1","ToPort": "-1","CidrIp": "0.0.0.0/0","GroupId": {"Ref": "SecurityGroup"}}},"VPC": {"Type": "AWS::EC2::VPC","Properties": {"CidrBlock": "10.0.0.0/16","EnableDnsHostnames": "true"}},"InternetGateway": {"Type": "AWS::EC2::InternetGateway","Properties": {}},"VPCGatewayAttachment": {"Type": "AWS::EC2::VPCGatewayAttachment","Properties": {"VpcId": {"Ref": "VPC"},"InternetGatewayId": {"Ref": "InternetGateway"}}},"SubnetPublicNAT": {"Type": "AWS::EC2::Subnet","Properties": {"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.0.0/24","VpcId": {"Ref": "VPC"}}},"RouteTablePublicNAT": {"Type": "AWS::EC2::RouteTable","Properties": {"VpcId": {"Ref": "VPC"}}},"RouteTableAssociationPublicNAT": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicNAT"},"RouteTableId": {"Ref": "RouteTablePublicNAT"}}},"RoutePublicNATToInternet": {"Type": "AWS::EC2::Route","Properties": {"RouteTableId": {"Ref": "RouteTablePublicNAT"},"DestinationCidrBlock": "0.0.0.0/0","GatewayId": {"Ref": "InternetGateway"}},"DependsOn": "VPCGatewayAttachment"},"NetworkAclPublicNAT": {"Type": "AWS::EC2::NetworkAcl","Properties": {"VpcId": {"Ref": "VPC"}}},"SubnetNetworkAclAssociationPublicNAT": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicNAT"},"NetworkAclId": {"Ref": "NetworkAclPublicNAT"}}},"NetworkAclEntryInPublicNATHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.0.0/16"}},"NetworkAclEntryInPublicNATHTTPS": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "443","To": "443"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.0.0/16"}},"NetworkAclEntryInPublicNATEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicNATHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicNATHTTPS": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "443","To": "443"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicNATEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicNAT"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"SubnetPublicSSHBastion": {"Type": "AWS::EC2::Subnet","Properties": {"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.1.0/24","VpcId": {"Ref": "VPC"}}},"RouteTablePublicSSHBastion": {"Type": "AWS::EC2::RouteTable","Properties": {"VpcId": {"Ref": "VPC"}}},"RouteTableAssociationPublicSSHBastion": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicSSHBastion"},"RouteTableId": {"Ref": "RouteTablePublicSSHBastion"}}},"RoutePublicSSHBastionToInternet": {"Type": "AWS::EC2::Route","Properties": {"RouteTableId": {"Ref": "RouteTablePublicSSHBastion"},"DestinationCidrBlock": "0.0.0.0/0","GatewayId": {"Ref": "InternetGateway"}},"DependsOn": "VPCGatewayAttachment"},"NetworkAclPublicSSHBastion": {"Type": "AWS::EC2::NetworkAcl","Properties": {"VpcId": {"Ref": "VPC"}}},"SubnetNetworkAclAssociationPublicSSHBastion": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicSSHBastion"},"NetworkAclId": {"Ref": "NetworkAclPublicSSHBastion"}}},"NetworkAclEntryInPublicSSHBastionSSH": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicSSHBastion"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "22","To": "22"},"RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryInPublicSSHBastionEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicSSHBastion"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.0.0/16"}},"NetworkAclEntryOutPublicSSHBastionSSH": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicSSHBastion"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "22","To": "22"},"RuleAction": "allow","Egress": "true","CidrBlock": "10.0.0.0/16"}},"NetworkAclEntryOutPublicSSHBastionEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicSSHBastion"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"SubnetPublicVarnish": {"Type": "AWS::EC2::Subnet","Properties": {"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.2.0/24","VpcId": {"Ref": "VPC"}}},"RouteTablePublicVarnish": {"Type": "AWS::EC2::RouteTable","Properties": {"VpcId": {"Ref": "VPC"}}},"RouteTableAssociationPublicVarnish": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicVarnish"},"RouteTableId": {"Ref": "RouteTablePublicVarnish"}}},"RoutePublicVarnishToInternet": {"Type": "AWS::EC2::Route","Properties": {"RouteTableId": {"Ref": "RouteTablePublicVarnish"},"DestinationCidrBlock": "0.0.0.0/0","GatewayId": {"Ref": "InternetGateway"}},"DependsOn": "VPCGatewayAttachment"},"NetworkAclPublicVarnish": {"Type": "AWS::EC2::NetworkAcl","Properties": {"VpcId": {"Ref": "VPC"}}},"SubnetNetworkAclAssociationPublicVarnish": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetPublicVarnish"},"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"}}},"NetworkAclEntryInPublicVarnishSSH": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "22","To": "22"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.1.0/24"}},"NetworkAclEntryInPublicVarnishHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryInPublicVarnishEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicVarnishHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "80","To": "81"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicVarnishHTTPS": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "443","To": "443"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPublicVarnishEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPublicVarnish"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"SubnetPrivateApache": {"Type": "AWS::EC2::Subnet","Properties": {"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": ""}]},"CidrBlock": "10.0.3.0/24","VpcId": {"Ref": "VPC"}}},"RouteTablePrivateApache": {"Type": "AWS::EC2::RouteTable","Properties": {"VpcId": {"Ref": "VPC"}}},"RouteTableAssociationPrivateApache": {"Type": "AWS::EC2::SubnetRouteTableAssociation","Properties": {"SubnetId": {"Ref": "SubnetPrivateApache"},"RouteTableId": {"Ref": "RouteTablePrivateApache"}}},"RoutePrivateApacheToInternet": {"Type": "AWS::EC2::Route","Properties": {"RouteTableId": {"Ref": "RouteTablePrivateApache"},"DestinationCidrBlock": "0.0.0.0/0","InstanceId": {"Ref": "NatServer"}}},"NetworkAclPrivateApache": {"Type": "AWS::EC2::NetworkAcl","Properties": {"VpcId": {"Ref": "VPC"}}},"SubnetNetworkAclAssociationPrivateApache": {"Type": "AWS::EC2::SubnetNetworkAclAssociation","Properties": {"SubnetId": {"Ref": "SubnetPrivateApache"},"NetworkAclId": {"Ref": "NetworkAclPrivateApache"}}},"NetworkAclEntryInPrivateApacheSSH": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "22","To": "22"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.1.0/24"}},"NetworkAclEntryInPrivateApacheHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "false","CidrBlock": "10.0.2.0/24"}},"NetworkAclEntryInPrivateApacheEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "false","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPrivateApacheHTTP": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "100","Protocol": "6","PortRange": {"From": "80","To": "80"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPrivateApacheHTTPS": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "110","Protocol": "6","PortRange": {"From": "443","To": "443"},"RuleAction": "allow","Egress": "true","CidrBlock": "0.0.0.0/0"}},"NetworkAclEntryOutPrivateApacheEphemeralPorts": {"Type": "AWS::EC2::NetworkAclEntry","Properties": {"NetworkAclId": {"Ref": "NetworkAclPrivateApache"},"RuleNumber": "200","Protocol": "6","PortRange": {"From": "1024","To": "65535"},"RuleAction": "allow","Egress": "true","CidrBlock": "10.0.0.0/16"}},"NatServer": {"Type": "AWS::EC2::Instance","Properties": {"ImageId": {"Fn::FindInMap": ["EC2RegionMap", {"Ref": "AWS::Region"}, "AmazonLinuxNATAMIHVMEBSBacked64bit"]},"InstanceType": "t2.micro","KeyName": {"Ref": "KeyName"},"NetworkInterfaces": [{"AssociatePublicIpAddress": "true","DeleteOnTermination": "true","SubnetId": {"Ref": "SubnetPublicNAT"},"DeviceIndex": "0","GroupSet": [{"Ref": "SecurityGroup"}]}],"SourceDestCheck": "false","UserData": {"Fn::Base64": {"Fn::Join": ["", ["#!/bin/bash -ex\n","/opt/aws/bin/cfn-signal --stack ", {"Ref": "AWS::StackName"}, " --resource NatServer --region ", {"Ref": "AWS::Region"}, "\n"]]}}},"DependsOn": "VPCGatewayAttachment"},"BastionHost": {"Type": "AWS::EC2::Instance","Properties": {"ImageId": {"Fn::FindInMap": ["EC2RegionMap", {"Ref": "AWS::Region"}, "AmazonLinuxAMIHVMEBSBacked64bit"]},"InstanceType": "t2.micro","KeyName": {"Ref": "KeyName"},"NetworkInterfaces": [{"AssociatePublicIpAddress": "true","DeleteOnTermination": "true","SubnetId": {"Ref": "SubnetPublicSSHBastion"},"DeviceIndex": "0","GroupSet": [{"Ref": "SecurityGroup"}]}]},"DependsOn": "VPCGatewayAttachment"},"VarnishServer": {"Type": "AWS::EC2::Instance","Properties": {"ImageId": {"Fn::FindInMap": ["EC2RegionMap", {"Ref": "AWS::Region"}, "AmazonLinuxAMIHVMEBSBacked64bit"]},"InstanceType": "t2.micro","KeyName": {"Ref": "KeyName"},"NetworkInterfaces": [{"AssociatePublicIpAddress": "true","DeleteOnTermination": "true","SubnetId": {"Ref": "SubnetPublicVarnish"},"DeviceIndex": "0","GroupSet": [{"Ref": "SecurityGroup"}]}],"UserData": {"Fn::Base64": {"Fn::Join": ["", ["#!/bin/bash -ex\n","sudo -i\n","yum -y install nginx\n","cat > /etc/nginx/conf.d/http81.conf << EOF\n"," server {\n","      listen     81;\n","      location / {\n","               proxy_pass http://", {"Fn::GetAtt": ["ApacheServer", "PrivateIp"]} ,":80;\n","      }\n"," }\n","EOF\n","service nginx start\n"]]}}},"DependsOn": "VPCGatewayAttachment"},"ApacheServer": {"Type": "AWS::EC2::Instance","Properties": {"ImageId": {"Fn::FindInMap": ["EC2RegionMap", {"Ref": "AWS::Region"}, "AmazonLinuxAMIHVMEBSBacked64bit"]},"InstanceType": "t2.micro","KeyName": {"Ref": "KeyName"},"NetworkInterfaces": [{"AssociatePublicIpAddress": "false","DeleteOnTermination": "true","SubnetId": {"Ref": "SubnetPrivateApache"},"DeviceIndex": "0","GroupSet": [{"Ref": "SecurityGroup"}]}],"UserData": {"Fn::Base64": {"Fn::Join": ["", ["#!/bin/bash -ex\n","yum -y install httpd\n","service httpd start\n","/opt/aws/bin/cfn-signal --stack ", {"Ref": "AWS::StackName"}, " --resource ApacheServer --region ", {"Ref": "AWS::Region"}, "\n"]]}}},"DependsOn": "NatServer"}},"Outputs": {"BastionHostPublicName": {"Value": {"Fn::GetAtt": ["BastionHost", "PublicDnsName"]},"Description": "connect via SSH as user ec2-user"},"VarnishServerPublicName": {"Value": {"Fn::GetAtt": ["VarnishServer", "PublicDnsName"]},"Description": "handles HTTP requests"},"VarnishServerPrivateIp": {"Value": {"Fn::GetAtt": ["VarnishServer", "PrivateIp"]},"Description": "connect via SSH from bastion host"},"ApacheServerPrivateIp": {"Value": {"Fn::GetAtt": ["ApacheServer", "PrivateIp"]},"Description": "connect via SSH from bastion host"}}
}

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/diannao/56970.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

云计算-----单机LNMP结构WordPress网站

云计算-----单机LNMP结构WordPress网站

LNMP结构 博客网站 day1 小伙伴们&#xff0c;LNMP结构在第一二阶段浅浅的学习过&#xff0c;这里我们可以离线部署该结构。L指&#xff08;虚拟机&#xff09;服务器&#xff0c;nginx&#xff08;前端代理服务器&#xff09;mysql数据库&#xff0c;最后基于php建设动态…
阅读更多...
spark和hadoop、hive是什么关系

spark和hadoop、hive是什么关系

目录 1. 通俗解释**Hadoop 是什么&#xff1f;****Hive 是什么&#xff1f;****Spark 是什么&#xff1f;****他们怎么一起工作&#xff1f;** 2. spark和hadoop、hive的关系&#xff08;技术解释&#xff09; 1. 通俗解释 想象一下你有一个超级大书柜&#xff0c;这个书柜里装…
阅读更多...
DockerCompose快速部署Java项目、nginx前端和mysql数据库到centos虚拟机

DockerCompose快速部署Java项目、nginx前端和mysql数据库到centos虚拟机

简介&#xff1a;整理自&#xff1a;SpringCloud微服务开发与实战&#xff0c;java黑马商城项目微服务实战开发&#xff08;涵盖MybatisPlus、Docker、MQ、ES、Redis高级等&#xff09;课程的飞书文档。 DockerCompose介绍 大家可以看到&#xff0c;我们部署一个简单的java项…
阅读更多...
黑马程序员Java笔记整理(day03)

黑马程序员Java笔记整理(day03)

1.switch 2.for与while对比 3.嵌套定义,输出的区别性 4.break与continue 5.随机数生成的两种方式 6.Random 7.随机验证码
阅读更多...
到底是微服务,还是SOA?

到底是微服务,还是SOA?

引言&#xff1a;大概正式工作有5年了&#xff0c;换了三个大厂【也是真特么世道艰难&#xff0c;中国互联网人才饱和了】。基本上每个公司有的架构都不太相同&#xff0c;干过TOC和TOB的业务&#xff0c;但是大家用的架构都不太相同。有坚持ALL in one的SB&#xff0c;最后服务…
阅读更多...
【Linux】并行与并发(含时间片)

【Linux】并行与并发(含时间片)

简单来说 并发&#xff1a;多个进程轮流使用同一个CPU&#xff0c;在逻辑层面上&#xff0c;一段时间内推进完成了多个进程 并行&#xff1a;机器中有多个CPU可以使用&#xff0c;在物理层面上&#xff0c;做到同一时间会有多个进程同时在运行 举个例子&#xff1a;一群人需要…
阅读更多...
深入理解WPF中的命令机制

深入理解WPF中的命令机制

Windows Presentation Foundation&#xff08;WPF&#xff09;是微软推出的一种用于构建桌面客户端应用程序的技术。它被认为是现代Windows应用程序的基础&#xff0c;具有强大的图形和媒体处理能力。在WPF中&#xff0c;“命令”是一个重要的概念&#xff0c;它为应用程序开发…
阅读更多...
Mybatis操作

Mybatis操作

一、Mybatis基础操作 准备 准备数据库表 emp 1.创建一个新的springboot工程&#xff0c;选择引入对应的起步依赖&#xff08;mybatis、mysql驱动、lombok&#xff09; 2.application.properties中引入数据库连接信息 3.创建对应的实体类 Emp&#xff08;实体类属性采用驼峰…
阅读更多...
高等数学 7.3 齐次方程

高等数学 7.3 齐次方程

文章目录 一、齐次方程*二、可化为齐次的方程 一、齐次方程 如果一阶微分方程可化成 d y d x φ ( y x ) (1) \cfrac{\mathrm{d}y}{\mathrm{d}x} \varphi \left( \cfrac{y}{x} \right) \tag{1} dxdy​φ(xy​)(1) 的形式&#xff0c;那么就称这方程为齐次方程。 在齐次方程…
阅读更多...
尚硅谷redis 第97节 redisTmplate下答疑

尚硅谷redis 第97节 redisTmplate下答疑

int keyId ThreadLocalRandom.current().nextInt(1000)1; String serialNo UUID.randomUUID().toString(); String key ORDER_KEYkeyId; String value "京东订单"serialNo; redisTemplate.opsForValue().set(key,value); -----------这段执行后&…
阅读更多...
②PROFINET转ModbusTCP, EtherCAT/Ethernet/IP/Profinet/ModbusTCP协议互转工业串口网关

②PROFINET转ModbusTCP, EtherCAT/Ethernet/IP/Profinet/ModbusTCP协议互转工业串口网关

EtherCAT/Ethernet/IP/Profinet/ModbusTCP协议互转工业串口网关https://item.taobao.com/item.htm?ftt&id822721028899 协议转换通信网关 PROFINET 转 Modbus TCP &#xff08;接上一章&#xff09; 配置使用 与 PROFINET 主站进行组态说明 这里介绍与西门子 PLC 的…
阅读更多...
uview 组件遇到的问题以及响应的改造

uview 组件遇到的问题以及响应的改造

uview组件版本 2.0.36 u-action-sheet 选项太多,占满屏幕&#xff0c;设置滚动 问题描述&#xff1a; u-action-sheet组件绑定的选项过多的时候&#xff0c;会充满全屏 解决方案: 设置滚动 找到文件 /uni_modules/uview-ui/components/u-action-sheet/u-action-sheet.vue找到 …
阅读更多...
git分支模型

git分支模型

定义分支 长期分支 指长期存在的分支&#xff0c;也叫固定分支 developmaster 短期分支 短分支没有固定的分支名。但是有分支名规范 feature分支hotfix分支 分支模型 暂时无法在文档外展示此内容 参考 分支的目的是隔离&#xff0c;但多一个分支也意味着维护成本的增加。…
阅读更多...
NFT Insider #152:The Sandbox Alpha 第4季开启

NFT Insider #152:The Sandbox Alpha 第4季开启

市场数据 加密艺术及收藏品新闻 Realm of Historia 推出首个以古老文化遗址为主题的 NFT 系列 专注于文化遗产保护的区块链平台 Realm of Historia 正通过推出首个 NFT 系列扩大其全球影响力。该系列以亚美尼亚的古代遗址 Carahunge 为主题&#xff0c;这一遗址已有 7500 多年…
阅读更多...
ES6新增特性

ES6新增特性

ES6又称ECMAScript6、ECMAScript2015 新特性&#xff1a; 1. 块级作用域&#xff1a;let const &#xff0c;不会有变量提示、块级作用域的内容、不能在同一个作用域重复声明 2. Promise&#xff1a;解决了回调地狱 3. 箭头函数&#xff1a; 4. 定义类语法糖&#xff1a;C…
阅读更多...
EDM邮件营销,如何确保高频率发送不触发限制

EDM邮件营销,如何确保高频率发送不触发限制

EDM邮件营销需选对平台&#xff0c;遵守反垃圾邮件法规&#xff0c;高效管理邮件列表&#xff0c;合理制定发送频率&#xff0c;优化内容与设计&#xff0c;用智能化工具测试与优化&#xff0c;监控送达和反馈&#xff0c;维持良好ISP关系&#xff0c;确保高效安全发送不封号。…
阅读更多...
MATLAB中head函数用法

MATLAB中head函数用法

目录 语法 说明 示例 显示矩阵的前八行 显示表的前三行 返回表的前八行 head函数的功能是获取数组或表的顶行。 语法 head(A) head(A,k) B head(___) 说明 head(A) 在命令行窗口中显示数组、表或时间表 A 的前八行&#xff0c;但不存储值。 head(A,k) 显示 A 的前 k …
阅读更多...
13.3寸三防平板大尺寸+高速运行提升工业软件操作体验

13.3寸三防平板大尺寸+高速运行提升工业软件操作体验

在工业领域&#xff0c;移动设备的应用日益广泛&#xff0c;其性能直接影响着工作效率和数据安全。传统的工业平板电脑常常面临着屏幕尺寸过小、运行速度缓慢、以及抗环境能力不足等问题&#xff0c;这些都制约了工业软件的流畅运行和高效应用。而一款搭载先进硬件配置的13.3寸…
阅读更多...
线性代数基础02_矩阵(下)向量

线性代数基础02_矩阵(下)向量

目录 一、矩阵&#xff08;下&#xff09; 1、伴随矩阵 2、逆矩阵 3、初等变换 4、矩阵的标准形 4.1行阶梯形矩阵 4.2简化行阶梯型矩阵 二、向量 1、定义 2、向量的运算 3、矩阵的特征值和特征向量 4、向量的模 5、向量的内积 一、矩阵&#xff08;下&#xff09;…
阅读更多...
动态规划-子数组系列——乘积最大子数组

动态规划-子数组系列——乘积最大子数组

1.题目解析 题目来源&#xff1a;152.乘积最大子数组——力扣 测试用例 2.算法原理 1.状态表示 由于题目给的数组中可以包含负数&#xff0c;因此求最大乘积有两种情况&#xff1a; a.负数乘以最小数得出最大乘积 b.整数乘以最大数得出最大乘积 所以需要两个表分别求出最大最…
阅读更多...
最新文章

Copyright @ 2022~2023