Amazon web services Can';将SSH转换为使用Terraform创建的EC2实例
我正在做一个非常简单的地形项目。我正在使用windows命令提示符。我现在只有一个EC2实例。这是项目结构-Amazon web services Can';将SSH转换为使用Terraform创建的EC2实例,amazon-web-services,terraform,terraform-provider-aws,Amazon Web Services,Terraform,Terraform Provider Aws,我正在做一个非常简单的地形项目。我正在使用windows命令提示符。我现在只有一个EC2实例。这是项目结构- terraform-project |_ec2.tf |_vars.tf |_test-key |_test-key.pub |_.terraform |_terraform.tfstate ec2.tf文件如下所示- provider "aws" { region = "eu-central-1" } resource "aws_key_pair" "test-key"{
terraform-project
|_ec2.tf
|_vars.tf
|_test-key
|_test-key.pub
|_.terraform
|_terraform.tfstate
ec2.tf文件如下所示-
provider "aws" {
region = "eu-central-1"
}
resource "aws_key_pair" "test-key"{
key_name = "test-key"
public_key = "${file("test-key.pub")}"
}
resource "aws_instance" "my-ec2"{
ami = "${var.ami}"
instance_type = "${var.instance_type}"
key_name = "${aws_key_pair.test-key.key_name}"
tags = {
Name = "Terraform"
Batch = "7am"
}
}
variable "ami" {
default = "ami-0233214e13e500f77"
}
variable "instance_type" {
default = "t2.micro"
}
vars.tf文件如下所示-
provider "aws" {
region = "eu-central-1"
}
resource "aws_key_pair" "test-key"{
key_name = "test-key"
public_key = "${file("test-key.pub")}"
}
resource "aws_instance" "my-ec2"{
ami = "${var.ami}"
instance_type = "${var.instance_type}"
key_name = "${aws_key_pair.test-key.key_name}"
tags = {
Name = "Terraform"
Batch = "7am"
}
}
variable "ami" {
default = "ami-0233214e13e500f77"
}
variable "instance_type" {
default = "t2.micro"
}
Terraform Apply工作成功,我可以从AWS管理控制台看到该实例。但是当我尝试SSH到实例中时,我会遇到权限问题-
ssh -i test-key ec2-user@54.xx.xxx.xxx
ssh: connect to host 54.xx.xxx.xxx port 22: Permission denied
该实例具有默认的VPC和安全组。允许所有入站和出站流量。
我为一家公司的代理人工作。开始之前,我在windows命令提示符下设置了代理设置-
set HTTP_PROXY=http://proxy.companytnet.net:port
set HTTPS_PROXY=http://proxy.companynet.net:port
使用verbose的SSH提供了以下功能:
ssh -vvv -i test-key ec2-user@54.xx.xxx.xxx
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug1: Reading configuration data C:\\Users\\M710583/.ssh/config
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname 54.xx.xxx.xxx is address
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 54.xx.xxx.xxx [54.xx.xxx.xxx] port 22.
debug3: finish_connect - ERROR: async io completed with error: 10013, io:00000256B95289B0
debug1: connect to address 54.xx.xxx.xxx port 22: Permission denied
ssh: connect to host 54.xx.xxx.xxx port 22: Permission denied
我可以SSH连接到其他服务器和实例,但不能连接到使用Terraform创建的服务器和实例。我做错了什么 我建议将
vpc\u security\u group\u id=“${aws\u security\u group.main sg.id}”添加到EC2资源块中
此属性将您的VPC与您所引用的安全组相关联 您需要添加一个适当的安全组。比如:
resource "aws_security_group" "main" {
egress = [
{
cidr_blocks = [ "0.0.0.0/0", ]
description = ""
from_port = 0
ipv6_cidr_blocks = []
prefix_list_ids = []
protocol = "-1"
security_groups = []
self = false
to_port = 0
}
]
ingress = [
{
cidr_blocks = [ "0.0.0.0/0", ]
description = ""
from_port = 22
ipv6_cidr_blocks = []
prefix_list_ids = []
protocol = "tcp"
security_groups = []
self = false
to_port = 22
}
]
}
resource "aws_instance" "my-ec2"{
ami = "${var.ami}"
instance_type = "${var.instance_type}"
key_name = "${aws_key_pair.test-key.key_name}"
tags = {
Name = "Terraform"
Batch = "7am"
}
vpc_security_group_ids = [aws_security_group.main.id]
}
你确定你使用的sshkey\u name
是正确的吗?@Marcin-是的,我在terraform控制台上用“${aws\u key\u pair.test key.key\u name}”检查了一下。这将返回作为密钥名的测试密钥。ami是针对AmazonLinux2或类似系统的,而不是具有不同用户名的Ubuntu?@Marcin-Yes。这是一个Linux ami。我也尝试过ubuntu ami,但我仍然遇到同样的问题。你能编辑你的问题,将SSH命令的详细输出包含在SSH-vvv-I测试密钥中吗…
请?