我分别创建了 2 个安全组。一个用于在公共子网中运行的 ec2-instance,另一个用于在私有子网中运行的 ec2-instance。
我想从公共实例安全地 ssh 到私有实例。
私有安全组的以下端口配置是否正确或需要打开任何其他端口?这些安全组端口是否需要以某种方式连接才能通过 ssh 连接到私有实例?(我创建了 vpc,一个公共和私有子网,eip,nat-gateway)。
public_sgGroup.tf
resource "aws_security_group" "public_sg" {
name = "Public_sg"
description = "Security Group for Public instance-Bastion"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["${var.s_group_vpc_cidr}"]
}
egress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
egress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags {
Name = "Public_sgGroup"
}
}
private_sgGroup
resource "aws_security_group" "private_sg" {
name = "Private_sg"
description = "Security Group for Private instance"
egress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["${var.s_group_vpc_cidr}"]
}
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags {
Name = "Private_sgGroup"
}
}
提前致谢。