Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/grails/5.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services 为什么可以';在应用之后,我不能连接到我的ec2实例吗?_Amazon Web Services_Terraform_Devops - Fatal编程技术网
Fatal编程技术网
  • amazon-web-services/
  • Amazon web services 为什么可以';在应用之后,我不能连接到我的ec2实例吗?

Amazon web services 为什么可以';在应用之后,我不能连接到我的ec2实例吗?

amazon-web-services terraform

Amazon web services 为什么可以';在应用之后,我不能连接到我的ec2实例吗?,amazon-web-services,terraform,devops,Amazon Web Services,Terraform,Devops,我已经为AWS上的资产配置准备了第一个terraform脚本。但是,我无法连接到公共子网中的EC2实例 我可以看到所有预期的资源都已创建: 子网/实例/路由表/网关等 我已排除provider.tf,因为它包含敏感机密 我的地区是ap-south-1 resource "aws_vpc" "vpc1" { cidr_block = "10.20.0.0/16" tags = { name = "tf_vpc" } } # subnets below resource "aw

我已经为AWS上的资产配置准备了第一个terraform脚本。但是,我无法连接到公共子网中的EC2实例

我可以看到所有预期的资源都已创建: 子网/实例/路由表/网关等

我已排除provider.tf,因为它包含敏感机密

我的地区是ap-south-1

resource "aws_vpc" "vpc1" {
  cidr_block = "10.20.0.0/16"
  tags = {
    name = "tf_vpc"
  }
}

# subnets below
resource "aws_subnet" "subnet_public"{
  vpc_id  = "${aws_vpc.vpc1.id}"
  cidr_block = "10.20.10.0/24"
  availability_zone = "ap-south-1a"

  map_public_ip_on_launch = true
}

resource "aws_subnet" "subnet_private"{
  vpc_id  = "${aws_vpc.vpc1.id}"
  cidr_block = "10.20.20.0/24"
  availability_zone = "ap-south-1a"
}

resource "aws_security_group" "sg-web" {
  name ="allow80"
  description="allows traffic on port 80"
  vpc_id ="${aws_vpc.vpc1.id}"

  ingress{
    from_port = 80
    to_port   = 80
    protocol  = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress{
    from_port = 22
    to_port   = 22
    protocol  = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    name="allowhttp"
  }
}

resource "aws_default_route_table" "public" {
  default_route_table_id = "${aws_vpc.vpc1.main_route_table_id}"

  tags = {
    name = "route-default"
  }
}

resource "aws_internet_gateway" "ig"{
  vpc_id = "${aws_vpc.vpc1.id}"
}

resource "aws_route_table" "route_public"{
  vpc_id = "${aws_vpc.vpc1.id}"
}

resource "aws_route" "r1" {
  route_table_id = "${aws_route_table.route_public.id}"
  destination_cidr_block = "0.0.0.0/16"
  gateway_id = "${aws_internet_gateway.ig.id}"
}

resource "aws_route_table_association" "public" {
  subnet_id = "${aws_subnet.subnet_public.id}"
  route_table_id = "${aws_route_table.route_public.id}"
}

resource "aws_instance" "ins1_web"{
  ami = "ami-0447a12f28fddb066"
  instance_type = "t2.micro"
  subnet_id = "${aws_subnet.subnet_public.id}"
  vpc_security_group_ids = ["${aws_security_group.sg-web.id}"]

  key_name = "myBOMkey-2"

  tags = {
    name="tf-1"
  } 
} 

resource "aws_instance" "ins1_db"{
  ami = "ami-0447a12f28fddb066"
  instance_type = "t2.micro"
  subnet_id = "${aws_subnet.subnet_private.id}"
  vpc_security_group_ids = ["${aws_security_group.sg-web.id}"]

  key_name = "myBOMkey-2"

  tags = {
    name="tf-1"
  } 
}
为什么我不能在应用后连接到我的ec2实例?

看看CIDR(0.0.0.0/16),它似乎不正确。可能是打字错误。任何IP都用“0.0.0.0/0”表示,因为任何IP目的地都需要路由到Internet网关

resource "aws_route" "r1" {
  route_table_id = "${aws_route_table.route_public.id}"
  destination_cidr_block = "0.0.0.0/0"
  gateway_id = "${aws_internet_gateway.ig.id}"
}
您的安全组配置中还缺少出口(出站)流量,因为terraform并没有将所有允许的流量保留为出站流量中的默认流量。请参阅terraform安全组文档

egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
希望这有帮助

当您尝试连接到EC2实例时,您收到了什么错误消息?0.0.0/16在技术上并没有错,它只是毫无帮助,因为它只会将发送到0.0.x.x的流量路由到internet网关,因为这些IP无法使用,所以这些IP无法使用。我很惊讶AWS允许将此作为路由表条目。这就允许了一些可怕的考试问题。我花了这么多时间寻找问题的症结所在。关于
出口
安全组规则的信息是最后缺失的部分。我希望我能+5