为什么在申请后无法连接到我的ec2实例?

问题描述 投票:1回答:1

我整理了我的第一个Terraform脚本,用于在AWS上进行资产配置。但是,我无法在公共子网中连接到EC2实例

我可以看到所有预期的资源都已创建:子网/实例/路由表/网关等

我已排除provider.tf,因为它包含敏感机密。

我的地区是ap-south-1。

resource "aws_vpc" "vpc1" {
  cidr_block = "10.20.0.0/16"
  tags = {
    name = "tf_vpc"
  }
}

# subnets below
resource "aws_subnet" "subnet_public"{
  vpc_id  = "${aws_vpc.vpc1.id}"
  cidr_block = "10.20.10.0/24"
  availability_zone = "ap-south-1a"

  map_public_ip_on_launch = true
}

resource "aws_subnet" "subnet_private"{
  vpc_id  = "${aws_vpc.vpc1.id}"
  cidr_block = "10.20.20.0/24"
  availability_zone = "ap-south-1a"
}

resource "aws_security_group" "sg-web" {
  name ="allow80"
  description="allows traffic on port 80"
  vpc_id ="${aws_vpc.vpc1.id}"

  ingress{
    from_port = 80
    to_port   = 80
    protocol  = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress{
    from_port = 22
    to_port   = 22
    protocol  = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    name="allowhttp"
  }
}

resource "aws_default_route_table" "public" {
  default_route_table_id = "${aws_vpc.vpc1.main_route_table_id}"

  tags = {
    name = "route-default"
  }
}

resource "aws_internet_gateway" "ig"{
  vpc_id = "${aws_vpc.vpc1.id}"
}

resource "aws_route_table" "route_public"{
  vpc_id = "${aws_vpc.vpc1.id}"
}

resource "aws_route" "r1" {
  route_table_id = "${aws_route_table.route_public.id}"
  destination_cidr_block = "0.0.0.0/16"
  gateway_id = "${aws_internet_gateway.ig.id}"
}

resource "aws_route_table_association" "public" {
  subnet_id = "${aws_subnet.subnet_public.id}"
  route_table_id = "${aws_route_table.route_public.id}"
}

resource "aws_instance" "ins1_web"{
  ami = "ami-0447a12f28fddb066"
  instance_type = "t2.micro"
  subnet_id = "${aws_subnet.subnet_public.id}"
  vpc_security_group_ids = ["${aws_security_group.sg-web.id}"]

  key_name = "myBOMkey-2"

  tags = {
    name="tf-1"
  } 
} 

resource "aws_instance" "ins1_db"{
  ami = "ami-0447a12f28fddb066"
  instance_type = "t2.micro"
  subnet_id = "${aws_subnet.subnet_private.id}"
  vpc_security_group_ids = ["${aws_security_group.sg-web.id}"]

  key_name = "myBOMkey-2"

  tags = {
    name="tf-1"
  } 
}

为什么在申请后不能连接到我的ec2实例?

amazon-web-services terraform devops
1个回答
1
投票

看一下CIDR(0.0.0.0/16),这似乎不正确。可能是拼写错误。 Any-IP用“ 0.0.0.0/0”表示,因为任何IP目标都需要路由到Internet网关。 

resource "aws_route" "r1" {
  route_table_id = "${aws_route_table.route_public.id}"
  destination_cidr_block = "0.0.0.0/0"
  gateway_id = "${aws_internet_gateway.ig.id}"
}

安全组配置中也缺少出口(出站)流量,因为terraform不会将所有流量作为默认值保留在出站流量中。请参阅terraform安全组文档。 

egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

希望这会有所帮助!

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.