{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"AWS最近宣佈,用於Amazon S3的"},{"type":"link","attrs":{"href":"https:\/\/cloud.google.com\/vpc\/docs\/private-access-options","title":null,"type":null},"content":[{"type":"text","text":"PrivateLink"}]},{"type":"text","text":"現在全面可用。有了PrivateLink,客戶可以安全地將Amazon S3連接到本地資源。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在去年的AWS re:Invent大會上,亞馬遜預先發布了用於Amazon S3的PrivateLink,現在已全面可用。通過用戶虛擬網絡中的私有IP,爲用戶提供Amazon Simple Storage Service與本地資源之間的私有連接。從2015年開始,S3已經配備了VPC端點,但仍然不允許AWS用戶通過安全連接(如AWS Direct Connect或AWS VPN)從內部訪問S3。AWS首席佈道師Martin Beeby在一篇博文中寫道,一些用戶在他們的Amazon虛擬私有云中設置了私有IP地址的代理服務器,並使用S3的網關端點:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"儘管這種解決方案是有效的,但代理服務器通常會限制性能,增加額外的故障點,並增加運維複雜性。我們研究瞭如何在避免這些缺陷的情況下爲客戶解決這個問題,於是就有了用於S3的PrivateLink。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"有了用於S3的PrivateLink,用戶現在可以在他們的虛擬私有云中使用新的VPC端點接口,在他們的安全虛擬網絡中作爲私有端點直接訪問S3。它擴展了現有網關端點的功能,使用戶能夠使用私有IP地址訪問S3——從其內部應用程序到S3的任何API請求和HTTPS請求都自動通過接口端點進行重定向。此外,用戶可以在其接口端點上設置安全組和訪問控制策略。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/9e\/9e84c9f32a90587f823e4e16d9ca2cbc.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"圖片來源:https:\/\/aws.amazon.com\/blogs\/aws\/aws-privatelink-for-amazon-s3-now-available\/"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"其他雲提供商也提供了類似的服務,允許用戶從本地連接到雲存儲服務。微軟提供了Azure Private Link,它從2020年3月開始爲Azure存儲提供私有端點支持。谷歌也爲用戶提供了私有訪問解決方案,包括Cloud Storage。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在Reddit上,受訪者對用於S3的PrivateLink的可用性表示歡迎:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這是針對一些特定的情況,即你正在使用本地資源,並希望通過連接獲得一個直接連接到S3的私有路由。以前,你能做的是將它指向一個EC2代理,並通過現有的VPC端點轉發,但這種方式不是很理想。或者通過公共網絡連接,這種方式也不是很理想。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"以及:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一些企業不能在他們的網絡中配置分離路由,所以他們不能使用網關端點。有了PrivateLink,他們就可以在PrivateLink接口上使用網關端點。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"此外,Trivadis的高級顧問和培訓師Daniel Hillinger在推特上表示:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"昨晚,AWS發佈了很棒的S3接口端點公告!特別是對安全有限定的客戶來說,這是期待已久的。因爲在之前,他們必須將公共IP加入白名單,並在S3網關端點的NACL中進行定期更新。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"注意,該特性只在用戶需要從內部訪問S3時纔有用,否則,就像Reddit上說的那樣:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果不需要從本地訪問S3,就不要使用它。S3網關端點是免費的,但這個端點可能很貴。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"PrivateLink目前適用於所有AWS區域,處理數據的費用按GB收取,VPC端點的費用按小時收取。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"原文鏈接"},{"type":"text","text":":"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/www.infoq.com\/news\/2021\/02\/aws-privatelink-amazon-s3-ga\/","title":null,"type":null},"content":[{"type":"text","text":"AWS Releases Privatelink for Amazon S3 into General Availability"}]}]}]}
AWS PrivateLink全面可用,可用安全地從本地訪問S3
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"AWS最近宣佈,用於Amazon S3的"},{"type":"link","attrs":{"href":"https:\/\/cloud.google.com\/vpc\/docs\/private-access-options","title":null,"type":null},"content":[{"type":"text","text":"PrivateLink"}]},{"type":"text","text":"現在全面可用。有了PrivateLink,客戶可以安全地將Amazon S3連接到本地資源。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在去年的AWS re:Invent大會上,亞馬遜預先發布了用於Amazon S3的PrivateLink,現在已全面可用。通過用戶虛擬網絡中的私有IP,爲用戶提供Amazon Simple Storage Service與本地資源之間的私有連接。從2015年開始,S3已經配備了VPC端點,但仍然不允許AWS用戶通過安全連接(如AWS Direct Connect或AWS VPN)從內部訪問S3。AWS首席佈道師Martin Beeby在一篇博文中寫道,一些用戶在他們的Amazon虛擬私有云中設置了私有IP地址的代理服務器,並使用S3的網關端點:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"儘管這種解決方案是有效的,但代理服務器通常會限制性能,增加額外的故障點,並增加運維複雜性。我們研究瞭如何在避免這些缺陷的情況下爲客戶解決這個問題,於是就有了用於S3的PrivateLink。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"有了用於S3的PrivateLink,用戶現在可以在他們的虛擬私有云中使用新的VPC端點接口,在他們的安全虛擬網絡中作爲私有端點直接訪問S3。它擴展了現有網關端點的功能,使用戶能夠使用私有IP地址訪問S3——從其內部應用程序到S3的任何API請求和HTTPS請求都自動通過接口端點進行重定向。此外,用戶可以在其接口端點上設置安全組和訪問控制策略。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/9e\/9e84c9f32a90587f823e4e16d9ca2cbc.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"圖片來源:https:\/\/aws.amazon.com\/blogs\/aws\/aws-privatelink-for-amazon-s3-now-available\/"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"其他雲提供商也提供了類似的服務,允許用戶從本地連接到雲存儲服務。微軟提供了Azure Private Link,它從2020年3月開始爲Azure存儲提供私有端點支持。谷歌也爲用戶提供了私有訪問解決方案,包括Cloud Storage。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在Reddit上,受訪者對用於S3的PrivateLink的可用性表示歡迎:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這是針對一些特定的情況,即你正在使用本地資源,並希望通過連接獲得一個直接連接到S3的私有路由。以前,你能做的是將它指向一個EC2代理,並通過現有的VPC端點轉發,但這種方式不是很理想。或者通過公共網絡連接,這種方式也不是很理想。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"以及:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一些企業不能在他們的網絡中配置分離路由,所以他們不能使用網關端點。有了PrivateLink,他們就可以在PrivateLink接口上使用網關端點。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"此外,Trivadis的高級顧問和培訓師Daniel Hillinger在推特上表示:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"昨晚,AWS發佈了很棒的S3接口端點公告!特別是對安全有限定的客戶來說,這是期待已久的。因爲在之前,他們必須將公共IP加入白名單,並在S3網關端點的NACL中進行定期更新。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"注意,該特性只在用戶需要從內部訪問S3時纔有用,否則,就像Reddit上說的那樣:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果不需要從本地訪問S3,就不要使用它。S3網關端點是免費的,但這個端點可能很貴。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"PrivateLink目前適用於所有AWS區域,處理數據的費用按GB收取,VPC端點的費用按小時收取。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"原文鏈接"},{"type":"text","text":":"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/www.infoq.com\/news\/2021\/02\/aws-privatelink-amazon-s3-ga\/","title":null,"type":null},"content":[{"type":"text","text":"AWS Releases Privatelink for Amazon S3 into General Availability"}]}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章