Amazon web services Terraform AWS无法ping,或者ssh刚刚创建了EC2实例
我想寻求帮助。 我编写了terraform脚本,它正在创建5个EC2实例,但我无法ping或SSH它们。 你认为这有什么潜在的问题吗?我已经打开了icmp,ssh,而不是当我检查其他计算机/站点时,我得到的端口已关闭。 当我在计算机上手动创建EC2时,我可以使用ssh/ping,但不能使用这个terraform脚本Amazon web services Terraform AWS无法ping,或者ssh刚刚创建了EC2实例,amazon-web-services,ssh,terraform,ping,Amazon Web Services,Ssh,Terraform,Ping,我想寻求帮助。 我编写了terraform脚本,它正在创建5个EC2实例,但我无法ping或SSH它们。 你认为这有什么潜在的问题吗?我已经打开了icmp,ssh,而不是当我检查其他计算机/站点时,我得到的端口已关闭。 当我在计算机上手动创建EC2时,我可以使用ssh/ping,但不能使用这个terraform脚本 provider "aws" { version = "~> 3.0" region = "us-east-1&q
provider "aws" {
version = "~> 3.0"
region = "us-east-1"
access_key = "AKxxxxxxxxxxx"
secret_key = "2CLBj/s9dC5r52Y"
}
# Create a VPC
resource "aws_vpc" "BrokenByteVPC" {
cidr_block = "192.168.100.0/28"
tags = {
Name = "BrokenByteVPC"
}
}
resource "aws_subnet" "BrokenbyteLB-subnet" {
vpc_id = aws_vpc.BrokenByteVPC.id
cidr_block = "192.168.100.0/28"
availability_zone = "us-east-1a"
tags = {
Name = "BrokenbyteLB-subnet"
}
}
resource "aws_internet_gateway" "BrokenByte-gateway" {
vpc_id = aws_vpc.BrokenByteVPC.id
tags = {
Name = "BrokenByte-gateway"
}
}
resource "aws_route_table" "BrokenByte-Route-table" {
vpc_id = aws_vpc.BrokenByteVPC.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.BrokenByte-gateway.id
}
}
resource "aws_route_table_association" "a" {
subnet_id = aws_subnet.BrokenbyteLB-subnet.id
route_table_id = aws_route_table.BrokenByte-Route-table.id
}
resource "aws_security_group" "allow_traffic" {
name = "allow_Traffic"
description = "Allow SSH,HTTP and HTTPS inbound traffic"
vpc_id = aws_vpc.BrokenByteVPC.id
ingress {
description = "Dozvoli SVEEEEEEEE"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "SSH traffic"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "HTTP traffic"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "HTTPS traffic"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "Allow_ssh_http_https"
}
}
resource "aws_network_interface" "NginX-public" {
subnet_id = aws_subnet.BrokenbyteLB-subnet.id
#private_ips = ["192.168.100.2"]
security_groups = [aws_security_group.allow_traffic.id]
}
resource "aws_network_interface" "NginX-LB" {
subnet_id = aws_subnet.BrokenbyteLB-subnet.id
private_ips = ["192.168.100.10"]
security_groups = [aws_security_group.allow_traffic.id]
}
resource "aws_network_interface" "www1" {
subnet_id = aws_subnet.BrokenbyteLB-subnet.id
private_ips = ["192.168.100.11"]
security_groups = [aws_security_group.allow_traffic.id]
}
resource "aws_network_interface" "www2" {
subnet_id = aws_subnet.BrokenbyteLB-subnet.id
private_ips = ["192.168.100.12"]
security_groups = [aws_security_group.allow_traffic.id]
}
resource "aws_network_interface" "www3" {
subnet_id = aws_subnet.BrokenbyteLB-subnet.id
private_ips = ["192.168.100.13"]
security_groups = [aws_security_group.allow_traffic.id]
}
resource "aws_eip" "BrokenByte-PublicIP" {
vpc = true
network_interface = aws_network_interface.NginX-public.id
#associate_with_private_ip = "192.168.100.10"
depends_on = [aws_internet_gateway.BrokenByte-gateway, aws_instance.BrokenByteNginX]
}
resource "aws_instance" "BrokenByteNginX" {
ami = "ami-0dba2cb6798deb6d8"
availability_zone = "us-east-1a"
instance_type = "t2.micro"
key_name = "aws_test"
network_interface {
device_index=0
network_interface_id = aws_network_interface.NginX-LB.id
}
network_interface {
device_index=1
network_interface_id = aws_network_interface.NginX-public.id
}
tags = {
Name = "BrokenByteNginXLB"
}
user_data = <<-EOF
#!/bin/bash
sudo apt-get update -y
EOF
}
resource "aws_instance" "BrokenByteWWW1" {
ami = "ami-0dba2cb6798deb6d8"
availability_zone = "us-east-1a"
instance_type = "t2.micro"
key_name = "aws_test"
network_interface {
device_index=0
network_interface_id = aws_network_interface.www1.id
}
tags = {
Name = "BrokenByteWWW1"
}
}
resource "aws_instance" "BrokenByteWWW2" {
ami = "ami-0dba2cb6798deb6d8"
availability_zone = "us-east-1a"
instance_type = "t2.micro"
key_name = "aws_test"
network_interface {
device_index=0
network_interface_id = aws_network_interface.www2.id
}
tags = {
Name = "BrokenByteWWW2"
}
}
resource "aws_instance" "BrokenByteWWW3" {
ami = "ami-0dba2cb6798deb6d8"
availability_zone = "us-east-1a"
instance_type = "t2.micro"
key_name = "aws_test"
network_interface {
device_index=0
network_interface_id = aws_network_interface.www3.id
}
tags = {
Name = "BrokenByteWWW3"
}
}
提供商“aws”{
version=“~>3.0”
region=“us-east-1”
访问\u key=“akxxxxxxxxxx”
机密密钥=“2CLBj/s9dC5r52Y”
}
#创建专有网络
资源“aws_vpc”“BrokenByteVPC”{
cidr_block=“192.168.100.0/28”
标签={
Name=“BrokenByteVPC”
}
}
资源“aws_子网”“断开的字节子网”{
vpc_id=aws_vpc.BrokenByte vpc.id
cidr_block=“192.168.100.0/28”
可用性\u zone=“us-east-1a”
标签={
Name=“brokenbyteb子网”
}
}
资源“aws\U internet\U网关”“BrokenByte网关”{
vpc_id=aws_vpc.BrokenByte vpc.id
标签={
Name=“BrokenByte网关”
}
}
资源“aws\U路由表”“BrokenByte路由表”{
vpc_id=aws_vpc.BrokenByte vpc.id
路线{
cidr_block=“0.0.0.0/0”
gateway\u id=aws\u internet\u gateway.BrokenByte-gateway.id
}
}
资源“aws\U路由\U表\U关联”“a”{
subnet_id=aws_subnet.BrokenbyteLB-subnet.id
route_table_id=aws_route_table.BrokenByte-route-table.id
}
资源“aws\u安全组”“允许通信”{
name=“允许通信”
description=“允许SSH、HTTP和HTTPS入站流量”
vpc_id=aws_vpc.BrokenByte vpc.id
入口{
description=“Dozvoli sveeee”
从_端口=0
至_端口=0
协议=“-1”
cidr_块=[“0.0.0.0/0”]
}
入口{
description=“SSH流量”
从_端口=22
至_端口=22
协议=“tcp”
cidr_块=[“0.0.0.0/0”]
}
入口{
description=“HTTP流量”
从_端口=80
至_端口=80
协议=“tcp”
cidr_块=[“0.0.0.0/0”]
}
入口{
description=“HTTPS流量”
从_端口=443
至_端口=443
协议=“tcp”
cidr_块=[“0.0.0.0/0”]
}
出口{
从_端口=0
至_端口=0
协议=“-1”
cidr_块=[“0.0.0.0/0”]
}
标签={
Name=“允许\u ssh\u http\u https”
}
}
资源“aws\U网络接口”“NginX公共”{
subnet_id=aws_subnet.BrokenbyteLB-subnet.id
#私人_ips=[“192.168.100.2”]
security\u groups=[aws\u security\u group.allow\u traffic.id]
}
资源“aws\U网络接口”“NginX LB”{
subnet_id=aws_subnet.BrokenbyteLB-subnet.id
私人_ips=[“192.168.100.10”]
security\u groups=[aws\u security\u group.allow\u traffic.id]
}
资源“aws_网络_接口”“www1”{
subnet_id=aws_subnet.BrokenbyteLB-subnet.id
私人_ips=[“192.168.100.11”]
security\u groups=[aws\u security\u group.allow\u traffic.id]
}
资源“aws\U网络接口”“www2”{
subnet_id=aws_subnet.BrokenbyteLB-subnet.id
私人_ips=[“192.168.100.12”]
security\u groups=[aws\u security\u group.allow\u traffic.id]
}
资源“aws\U网络接口”“www3”{
subnet_id=aws_subnet.BrokenbyteLB-subnet.id
私人_ips=[“192.168.100.13”]
security\u groups=[aws\u security\u group.allow\u traffic.id]
}
资源“aws_eip”“BrokenByte PublicIP”{
vpc=真
network\u interface=aws\u network\u interface.NginX-public.id
#将_与_private_ip=“192.168.100.10”关联
依赖于=[aws\U internet\U gateway.BrokenByte-gateway,aws\U实例.BrokenByteNginX]
}
资源“aws_实例”“BrokenByteNginX”{
ami=“ami-0dba2cb6798deb6d8”
可用性\u zone=“us-east-1a”
实例_type=“t2.micro”
key\u name=“aws\u测试”
网络接口{
设备索引=0
网络接口id=aws网络接口NginX-LB.id
}
网络接口{
设备索引=1
network\u interface\u id=aws\u network\u interface.NginX-public.id
}
标签={
Name=“BrokenByteNginXLB”
}
用户\u数据=您的实例都没有公共IP地址(除了带有aws\u eip.BrokenByte PublicIP
的实例),因为您的公共子网在\u启动时缺少映射\u公共\u IP。\n您可以通过以下方式纠正此问题:
resource "aws_subnet" "BrokenbyteLB-subnet" {
vpc_id = aws_vpc.BrokenByteVPC.id
cidr_block = "192.168.100.0/28"
availability_zone = "us-east-1a"
map_public_ip_on_launch = true
tags = {
Name = "BrokenbyteLB-subnet"
}
}
我肯定是和网卡有关,但不确定是什么。
现在很好,我可以ping和SSH,只需将公共IP交换为网络0,并且删除了网络的代码。
@马辛,你的第一个回复告诉我该往哪个方向看
# network_interface {
# device_index=0
# network_interface_id = aws_network_interface.NginX-LB.id
# }
network_interface {
device_index=0
network_interface_id = aws_network_interface.NginX-public.id
}
感谢您的回复,是的,我只希望一个实例具有公共IP,并将通过专用IP地址与其他3,4进行通信。我希望在此拓扑中测试负载平衡、反向代理。我尝试过,但仍然无法工作:(.IP地址分配给了正确的实例。@zeenmc您必须重新设计您的网络。如果您不希望您的实例有公共IP,为什么要将它们放在公共子网中?在这种情况下,它们应该在私有子网中,而不是公共子网中。谢谢@Marcin的回复。我分配了私有子网,192.168.100.0/28,或者我需要在其他一些子网中这样做方法?我需要一个实例具有公共性,它确实如此。显然,我现在获得了公共IP地址,它们正在工作,只是我无法访问具有EIP地址的设备。子网192.168.100.0/28
是公共子网,因为它有到intnet gateway的路由表。@zeenmc我猜是您混淆了接口。我不确定您需要什么我们正在为这个安装使用额外的接口。如果您想使用负载平衡器,为什么需要它?