【以下的问题经过翻译处理】 我正在尝试了解如何在 CF 模板中定义 ALB、其侦听器、目标组和安全组。所以我写出了这个代码清单。如果 ALB 是内部的,在端口 443 上侦听流量并将该流量发送到实例 Web 服务器上的端口 80,这是否正确?
ALB
Properties:
Type: internal
Listener: 80
Listener: 443
Subnets
SecurityGroups
LBAttributes
ALBListener80
Properties:
Reference: ALB
Port: 80
Redirect rule to port 443
ALBListener443
Properties:
Reference: ALB
Port: 443
SSL Policy
Certificate
Forward rule to ALBTarget80
ALBTarget80
Properties:
Port: 80
VPCid
TargetgroupAttributes
Registered instance(s)
Healthcheck
Check port 80
ALBSecurityGroup
Ingress rules:
Allow port 80 from VPC CIDR
Allow port 443 from VPC CIDR
Egress rules:
Allow port 80 to InstanceSecurityGroup
Allow port 443 to InstanceSecurityGroup
Allow All traffic to 127.0.0.1/32
InstanceSecurityGroup
Ingress rules:
Allow port 80 from VPC CIDR
Allow port 443 from VPC ALBSecurityGroup
Egress rules:
Allow all to 0.0.0.0/0
这样看起来对吗?