Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/amazon-web-services/12.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services 登录到bastion主机后,无法ping和ssh登录到ec2实例_Amazon Web Services_Amazon Ec2_Terraform_Aws Ec2 Instance Connect - Fatal编程技术网
Fatal编程技术网
  • amazon-web-services/
  • Amazon web services 登录到bastion主机后,无法ping和ssh登录到ec2实例

Amazon web services 登录到bastion主机后,无法ping和ssh登录到ec2实例

amazon-web-services amazon-ec2 terraform

Amazon web services 登录到bastion主机后,无法ping和ssh登录到ec2实例,amazon-web-services,amazon-ec2,terraform,aws-ec2-instance-connect,Amazon Web Services,Amazon Ec2,Terraform,Aws Ec2 Instance Connect,我使用模块“terraform aws模块/vpc/aws”和“terraform aws模块/ec2实例/aws”配置的vpc和ec2实例。请参阅下面的代码。我能够通过bastion主机公共ip通过ssh登录到bastion主机。在bastion主机内部,我无法ping和ssh登录到其私有ip的其他ec2实例。我在ec2实例中添加了安全组sg_ssh。但是,我仍然无法从bastion主机登录到ec2实例。sg_ssh正确吗 main.tf # Terraform configuration

我使用模块“terraform aws模块/vpc/aws”和“terraform aws模块/ec2实例/aws”配置的vpc和ec2实例。请参阅下面的代码。我能够通过bastion主机公共ip通过ssh登录到bastion主机。在bastion主机内部,我无法ping和ssh登录到其私有ip的其他ec2实例。我在ec2实例中添加了安全组sg_ssh。但是,我仍然无法从bastion主机登录到ec2实例。sg_ssh正确吗

main.tf 
# Terraform configuration

provider "aws" {
  region = "us-west-2"
}

resource "aws_security_group" "sg_ssh" {
  vpc_id      = module.vpc.vpc_id
  name        = "sg_ssh"
  ingress {
    from_port   = "22"
    to_port     = "22"
    protocol    = "tcp"
    cidr_blocks = ["30.0.0.0/16"]
  }
  tags = {
    Name = "sg_ssh"
  }
}

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "2.21.0"

  name = var.vpc_name
  cidr = var.vpc_cidr

  azs             = var.vpc_azs
  private_subnets = var.vpc_private_subnets
  public_subnets  = var.vpc_public_subnets

  enable_nat_gateway = var.vpc_enable_nat_gateway

  tags = var.vpc_tags
}

module "ec2_instances" {
  source  = "terraform-aws-modules/ec2-instance/aws"
  version = "2.12.0"

  name           = "my-ec2-cluster"
  instance_count = 2

  ami                    = "ami-0c5204531f799e0c6"
  instance_type          = "t2.micro"
  vpc_security_group_ids = [module.vpc.default_security_group_id, aws_security_group.sg_ssh.id]
  subnet_id              = module.vpc.public_subnets[0]

  tags = {
    Terraform   = "true"
    Environment = "dev"
  }
}

# Bastion
resource "aws_security_group" "allow-ssh" {
  vpc_id      = module.vpc.vpc_id
  name        = "allow-ssh"
  description = "security group that allows ssh and all egress traffic"
  egress {
    from_port   = "0"
    to_port     = "0"
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = "22"
    to_port     = "22"
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  tags = {
    Name = "allow-ssh"
  }
}

resource "aws_instance" "bastion_instance" {
  ami                = "ami-0c5204531f799e0c6"
  instance_type      = "t2.micro"
  subnet_id          = module.vpc.public_subnets[0]
  vpc_security_group_ids = [aws_security_group.allow-ssh.id]

  key_name               = var.key_name

  tags = {
    Name = "bastion_instance"
  }
}
您尚未将ssh入口添加到ec2

在ec2模块中:

vpc_security_group_ids = [module.vpc.default_security_group_id]
您只在默认vpc安全组中注册它们,该组可能未配置为允许ssh

您需要创建一个安全组,允许从bastion进行ssh,并将其连接到您的EC2。

谢谢您的回答。我添加了安全组sg_ssh,并将其附加到ec2实例。但是,我仍然无法从bastion主机登录到ec2实例。知道吗?我想你的vpc在30.0.0.0/16范围内?知道。我使用“30.0.0.0/16”、私有_子网=[“30.0.1.0/24”、“30.0.2.0/24”]、公共_子网=[“30.0.101.0/24”、“30.0.102.0/24”]。当你说你不能登录时,你是说你不能连接还是你可以连接但不能验证?在bastion主机内,ssh-30.0.101.231权限被拒绝(公钥、gssapi密钥、gssapi和mic)。当我ping 30.0.101.231时没有响应您是否将私有ssh密钥复制到您的堡垒上?你如何通过ssh连接到其他istances?