- 最新
- 投票最多
- 评论最多
Hi Exter, now that I got some context also from your other questions, it feels like something is odd. I see the current architecture you have is as it follows: APIGW -> VPC Link -> Private NLB -> Public ALB.
The part that seems odd is that your architecture is placing a public ALB behind a private NLB, instead of a private/internal ALB, (as APIGW -> VPC Link -> Private NLB -> Internal ALB). I assume you cannot change the architecture, but typically, with public ALBs, you would just use API Gatewat http integrations, while VPCLink fits more for private integrations.
To answer your question, VPC Link require a Network Load Balancer, so, as your Application Load Balancer is a target of the NLB, you should follow this: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-update-security-groups.html.
相关内容
AWS 官方已更新 2 年前
No, The current architecture is :
APIGW -> VPC Link -> Public ALB.
The ALB Security group has an inbound rule for 0.0.0.0/0 which is what I want to avoid. I can make architecture change if it is a must but the ALB has to be public.
Introducing NLB is one of the options I found....
Are you sure that you are linking the VPC Link directly with a public ALB? Can you share details of VPC LInk, because even when you go to UI, when creating a VPCLINK, you can only associate it with a Network Load Balancer, as you cannot have VPCLink -> ALB directly.
Yes, I am sure that APIGW is linked to public ALB using VPC link.
We can link both NLB/ALB using VPC Link:
https://repost.aws/knowledge-center/api-gateway-alb-integration
Integration type: Private resource Target service: ALB