当我通过Terraform设置VPC和EC2时，为什么不能ping我的EC2实例？

我通过Terraform进行了设置，其中包括VPC，公共子网和带有安全组的EC2实例。我试图对EC2实例执行ping操作，但超时。

我尝试确保的几件事：

• EC2在子网中，并且该子网通过网关路由到Internet

• EC2具有一个安全组，允许双向所有流量

• EC2具有弹性IP

• VPC具有一个附加到子网的ACL，并允许双向所有流量

我不确定我在这里错过了什么。

我的tf文件看起来像（已编辑，以反映最新更改）：

resource "aws_vpc" "foobar" {
  cidr_block = "10.0.0.0/16"
}

resource "aws_internet_gateway" "foobar_gateway" {
  vpc_id = aws_vpc.foobar.id
}

/*
Public subnet
*/
resource "aws_subnet" "foobar_subnet" {
  vpc_id = aws_vpc.foobar.id
  cidr_block = "10.0.1.0/24"
}

resource "aws_route_table" "foobar_routetable" {
  vpc_id = aws_vpc.foobar.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.foobar_gateway.id
  }
}

resource "aws_route_table_association" "foobar_routetable_assoc" {
  subnet_id = aws_subnet.foobar_subnet.id
  route_table_id = aws_route_table.foobar_routetable.id
}

/*
Web
*/
resource "aws_security_group" "web" {
  name = "vpc_web"
  vpc_id = aws_vpc.foobar.id

  ingress {
    protocol    = -1
    from_port   = 0
    to_port     = 0
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    protocol    = -1
    from_port   = 0
    to_port     = 0
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_network_acl" "main" {
  vpc_id = aws_vpc.foobar.id
  subnet_ids = [aws_subnet.foobar_subnet.id]

  egress {
    protocol   = -1
    rule_no    = 100
    action     = "allow"
    cidr_block = "0.0.0.0/0"
    from_port  = 0
    to_port    = 0
  }

  ingress {
    protocol   = -1
    rule_no    = 100
    action     = "allow"
    cidr_block = "0.0.0.0/0"
    from_port  = 0
    to_port    = 0
  }
}

resource "aws_instance" "web-1" {
  ami = "ami-0323c3dd2da7fb37d"
  instance_type = "t2.micro"
  subnet_id = aws_subnet.foobar_subnet.id
  associate_public_ip_address = true
}

resource "aws_eip" "web-1" {
  instance = aws_instance.web-1.id
  vpc = true
}

为什么我通过Terraform设置VPC和EC2时不能ping我的EC2实例？