- Mais recentes
- Mais votos
- Mais comentários
In the Register targets page in Step 5, make sure that you select Other private IP address
in the Network drop down. By default, the existing VPC in the account is selected, which the Lightsail instance private IP address is not a part of. Once you change it to Other private IP address
, you should be able to add the private IP address of the Lightsail instance to the target group.
Set up a NAT instance or gateway in your VPC that can route traffic from the ALB to your Lightsail instance. This requires careful configuration of routing tables and security groups.
or
Set up a reverse proxy (like Nginx or Apache) in your VPC that forwards requests to the Lightsail instance. The reverse proxy would be added to the ALB target group instead of the Lightsail instance directly.
A NAT gateway adds a lot of additional cost here, and unless I'm mistaken the latter option wouldn't work with multiple Lightsail servers (how is the ALB going to tell the proxy which Lightsail server to go to? The proxy itself would have to be doing the load balancing, unless you mean one proxy server per lightsail instance)
Either way, it's odd that the documentation is lacking here, given it's only from September this year. It seems like complete overkill to have to go to this many steps for WAF integration.
I did some research, and found an alternative way to do this, after some investigation.
Target groups in EC2 can't have Lightsail instances in them - but you can make a CloudFront Distribution, set a Lightsail Load Balancer as its origin, and use WAF on that distribution instead. A bit unwieldy, but it seems to work. The Lightsail load balancer needs to have the domain name of the CDN distribution included in its SSL/TLS certificate.
Conteúdo relevante
- AWS OFICIALAtualizada há 3 anos
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 3 anos
- AWS OFICIALAtualizada há 3 anos
Ahh.. somehow I had thought that box was only to select VPCs and didn't notice that (evidently I didn't have enough coffee). Thanks for pointing this out!