java - 在没有公共(public)IP的情况下运行AWS Java SDK代码

Question

我们是否需要互联网连接才能在 AWS 实例中使用 AWS Java SDK？

我有一个在 VPC 内运行的实例，但我尚未为其分配任何公共(public) IP 地址。

根据我的初步调查结果，我发现要从 Amazon 中的此实例运行基于 AWS Java SDK 的 Java 程序，该实例需要具有互联网连接。

运行AWS Java SDK附带的示例程序AwsConsoleApp，我看到以下错误:

[javac]/home/ubuntu/aws-java-sdk-1.8.9.1/samples/AwsConsoleApp/build.xml:12:警告:未设置“includeantruntime”，默认为 build.sysclasspath=last；对于可重复build设置为 false [java] ============================================= [java] 欢迎使用 AWS Java SDK! [java] ===============================================

 [java] Sep 09, 2014 9:26:49 PM com.amazonaws.http.AmazonHttpClient executeHelper
 [java] INFO: Unable to execute HTTP request: Connect to ec2.us-east-1.amazonaws.com:443 timed out
 [java] org.apache.http.conn.ConnectTimeoutException: Connect to ec2.us-east-1.amazonaws.com:443 timed out
 [java]     at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:551)
 [java]     at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
 [java]     at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
 [java]     at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:645)
 [java]     at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480)
 [java]     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
 [java]     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
 [java]     at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:464)
 [java]     at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:273)
 [java]     at com.amazonaws.services.ec2.AmazonEC2Client.invoke(AmazonEC2Client.java:9320)
 [java]     at com.amazonaws.services.ec2.AmazonEC2Client.describeAvailabilityZones(AmazonEC2Client.java:359)
 [java]     at com.amazonaws.services.ec2.AmazonEC2Client.describeAvailabilityZones(AmazonEC2Client.java:8045)
 [java]     at AwsConsoleApp.main(Unknown Source)
 [java] 

我发现这与 Amazon 提供对其 EC2Metadata 服务的访问权限的方式相反。

有什么方法可以在不提供 AWS 实例公共(public) IP 的情况下运行这些 Java 程序吗？

Answer 1

您需要互联网连接，但不需要通过分配给运行代码的实例的公共(public) IP 进行连接。

公有 IP 可以位于 NAT 实例上，这允许 VPC 中的其他计算机访问 Internet，但不允许 Internet 上的系统访问您的私有(private)实例。

Instances that you launch into a private subnet in a virtual private cloud (VPC) can't communicate with the Internet. You can optionally use a network address translation (NAT) instance in a public subnet in your VPC to enable instances in the private subnet to initiate outbound traffic to the Internet, but prevent the instances from receiving inbound traffic initiated by someone on the Internet.

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html

另请参阅https://stackoverflow.com/a/22212017/1695906有关“私有(private)”与“公共(public)”子网、NAT 实例和路由的更多讨论。