Amazon web services 为什么可以';在应用之后,我不能连接到我的ec2实例吗?
我已经为AWS上的资产配置准备了第一个terraform脚本。但是,我无法连接到公共子网中的EC2实例 我可以看到所有预期的资源都已创建: 子网/实例/路由表/网关等 我已排除provider.tf,因为它包含敏感机密 我的地区是ap-south-1Amazon web services 为什么可以';在应用之后,我不能连接到我的ec2实例吗?,amazon-web-services,terraform,devops,Amazon Web Services,Terraform,Devops,我已经为AWS上的资产配置准备了第一个terraform脚本。但是,我无法连接到公共子网中的EC2实例 我可以看到所有预期的资源都已创建: 子网/实例/路由表/网关等 我已排除provider.tf,因为它包含敏感机密 我的地区是ap-south-1 resource "aws_vpc" "vpc1" { cidr_block = "10.20.0.0/16" tags = { name = "tf_vpc" } } # subnets below resource "aw
resource "aws_vpc" "vpc1" {
cidr_block = "10.20.0.0/16"
tags = {
name = "tf_vpc"
}
}
# subnets below
resource "aws_subnet" "subnet_public"{
vpc_id = "${aws_vpc.vpc1.id}"
cidr_block = "10.20.10.0/24"
availability_zone = "ap-south-1a"
map_public_ip_on_launch = true
}
resource "aws_subnet" "subnet_private"{
vpc_id = "${aws_vpc.vpc1.id}"
cidr_block = "10.20.20.0/24"
availability_zone = "ap-south-1a"
}
resource "aws_security_group" "sg-web" {
name ="allow80"
description="allows traffic on port 80"
vpc_id ="${aws_vpc.vpc1.id}"
ingress{
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress{
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
name="allowhttp"
}
}
resource "aws_default_route_table" "public" {
default_route_table_id = "${aws_vpc.vpc1.main_route_table_id}"
tags = {
name = "route-default"
}
}
resource "aws_internet_gateway" "ig"{
vpc_id = "${aws_vpc.vpc1.id}"
}
resource "aws_route_table" "route_public"{
vpc_id = "${aws_vpc.vpc1.id}"
}
resource "aws_route" "r1" {
route_table_id = "${aws_route_table.route_public.id}"
destination_cidr_block = "0.0.0.0/16"
gateway_id = "${aws_internet_gateway.ig.id}"
}
resource "aws_route_table_association" "public" {
subnet_id = "${aws_subnet.subnet_public.id}"
route_table_id = "${aws_route_table.route_public.id}"
}
resource "aws_instance" "ins1_web"{
ami = "ami-0447a12f28fddb066"
instance_type = "t2.micro"
subnet_id = "${aws_subnet.subnet_public.id}"
vpc_security_group_ids = ["${aws_security_group.sg-web.id}"]
key_name = "myBOMkey-2"
tags = {
name="tf-1"
}
}
resource "aws_instance" "ins1_db"{
ami = "ami-0447a12f28fddb066"
instance_type = "t2.micro"
subnet_id = "${aws_subnet.subnet_private.id}"
vpc_security_group_ids = ["${aws_security_group.sg-web.id}"]
key_name = "myBOMkey-2"
tags = {
name="tf-1"
}
}
为什么我不能在应用后连接到我的ec2实例?看看CIDR(0.0.0.0/16),它似乎不正确。可能是打字错误。任何IP都用“0.0.0.0/0”表示,因为任何IP目的地都需要路由到Internet网关
resource "aws_route" "r1" {
route_table_id = "${aws_route_table.route_public.id}"
destination_cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.ig.id}"
}
您的安全组配置中还缺少出口(出站)流量,因为terraform并没有将所有允许的流量保留为出站流量中的默认流量。请参阅terraform安全组文档
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
希望这有帮助 当您尝试连接到EC2实例时,您收到了什么错误消息?0.0.0/16在技术上并没有错,它只是毫无帮助,因为它只会将发送到0.0.x.x的流量路由到internet网关,因为这些IP无法使用,所以这些IP无法使用。我很惊讶AWS允许将此作为路由表条目。这就允许了一些可怕的考试问题。我花了这么多时间寻找问题的症结所在。关于
出口
安全组规则的信息是最后缺失的部分。我希望我能+5