dan*_*oll 6 amazon-ec2 amazon-web-services aws-ec2-instance-connect
我的实例连接在本地计算机上的 CLI 中工作正常,因为我已将我的 IP 添加到 ec2 实例的安全组中以进行入站 ssh 访问。
但是,EC2 控制台中基于浏览器的版本似乎需要我添加所有互联网以进行入站访问才能使其正常工作!我确信它只需要特定的 AWS IP 范围,但我找不到任何文档来告诉我它们是什么。另外,我不知道如果这些范围是动态的或其他什么的话,维持这可能会有多大的痛苦。
有人可以帮忙吗?
谢谢
从设置 EC2 实例连接 - Amazon Elastic Compute Cloud:
(基于浏览器的客户端)我们建议您的实例允许来自为服务发布的推荐 IP 块的入站 SSH 流量。使用参数
EC2_INSTANCE_CONNECT的过滤器service来获取 EC2 Instance Connect 子集中的 IP 地址范围。
这是因为 Web 浏览器客户端通过 HTTPS 连接到 AWS 中的 EC2 Instance Connect“服务”。然后,该服务与实例建立实际的 SSH 连接。
IP 地址文件的示例如下:
{
"ip_prefix": "18.252.4.0/30",
"region": "us-gov-east-1",
"service": "EC2_INSTANCE_CONNECT",
"network_border_group": "us-gov-east-1"
}
{
"ip_prefix": "15.200.28.80/30",
"region": "us-gov-west-1",
"service": "EC2_INSTANCE_CONNECT",
"network_border_group": "us-gov-west-1"
}
{
"ip_prefix": "13.244.121.196/30",
"region": "af-south-1",
"service": "EC2_INSTANCE_CONNECT",
"network_border_group": "af-south-1"
}
{
"ip_prefix": "3.112.23.0/29",
"region": "ap-northeast-1",
"service": "EC2_INSTANCE_CONNECT",
"network_border_group": "ap-northeast-1"
}
{
"ip_prefix": "13.209.1.56/29",
"region": "ap-northeast-2",
"service": "EC2_INSTANCE_CONNECT",
"network_border_group": "ap-northeast-2"
}
{
"ip_prefix": "13.233.177.0/29",
"region": "ap-south-1",
"service": "EC2_INSTANCE_CONNECT",
"network_border_group": "ap-south-1"
}
{
"ip_prefix": "3.0.5.32/29",
"region": "ap-southeast-1",
"service": "EC2_INSTANCE_CONNECT",
"network_border_group": "ap-southeast-1"
}
{
"ip_prefix": "13.239.158.0/29",
"region": "ap-southeast-2",
"service": "EC2_INSTANCE_CONNECT",
"network_border_group": "ap-southeast-2"
}
{
"ip_prefix": "35.183.92.176/29",
"region": "ca-central-1",
"service": "EC2_INSTANCE_CONNECT",
"network_border_group": "ca-central-1"
}
{
"ip_prefix": "3.120.181.40/29",
"region": "eu-central-1",
"service": "EC2_INSTANCE_CONNECT",
"network_border_group": "eu-central-1"
}
{
"ip_prefix": "13.48.4.200/30",
"region": "eu-north-1",
"service": "EC2_INSTANCE_CONNECT",
"network_border_group": "eu-north-1"
}
{
"ip_prefix": "15.161.135.164/30",
"region": "eu-south-1",
"service": "EC2_INSTANCE_CONNECT",
"network_border_group": "eu-south-1"
}
{
"ip_prefix": "18.202.216.48/29",
"region": "eu-west-1",
"service": "EC2_INSTANCE_CONNECT",
"network_border_group": "eu-west-1"
}
{
"ip_prefix": "3.8.37.24/29",
"region": "eu-west-2",
"service": "EC2_INSTANCE_CONNECT",
"network_border_group": "eu-west-2"
}
{
"ip_prefix": "35.180.112.80/29",
"region": "eu-west-3",
"service": "EC2_INSTANCE_CONNECT",
"network_border_group": "eu-west-3"
}
{
"ip_prefix": "18.228.70.32/29",
"region": "sa-east-1",
"service": "EC2_INSTANCE_CONNECT",
"network_border_group": "sa-east-1"
}
{
"ip_prefix": "18.206.107.24/29",
"region": "us-east-1",
"service": "EC2_INSTANCE_CONNECT",
"network_border_group": "us-east-1"
}
{
"ip_prefix": "3.16.146.0/29",
"region": "us-east-2",
"service": "EC2_INSTANCE_CONNECT",
"network_border_group": "us-east-2"
}
{
"ip_prefix": "13.52.6.112/29",
"region": "us-west-1",
"service": "EC2_INSTANCE_CONNECT",
"network_border_group": "us-west-1"
}
{
"ip_prefix": "18.237.140.160/29",
"region": "us-west-2",
"service": "EC2_INSTANCE_CONNECT",
"network_border_group": "us-west-2"
}
因此,这些是您应该添加到安全组的范围。只需使用您调用 EC2 Instance Connect 的区域的范围。
注意:此 IP 已更新,您可以通过运行获取更新版本(必需:curl 和 jq):
curl -f -s -# https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.service == "EC2_INSTANCE_CONNECT")'
或者
curl -f -s -# https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.service == "EC2_INSTANCE_CONNECT") | .ip_prefix'
仅具有 IP 范围列表
| 归档时间: |
|
| 查看次数: |
2958 次 |
| 最近记录: |