Amazon web services Terraform-can';无法到达web服务器-实例停止服务
我正在运行以下terraform代码,以便在VPC内部署一个ec2实例作为web服务器,但由于某些原因,我无法访问该网站,也无法嘘它,我已经正确设置了入口和出口规则,我相信:Amazon web services Terraform-can';无法到达web服务器-实例停止服务,amazon-web-services,terraform,terraform-provider-aws,Amazon Web Services,Terraform,Terraform Provider Aws,我正在运行以下terraform代码,以便在VPC内部署一个ec2实例作为web服务器,但由于某些原因,我无法访问该网站,也无法嘘它,我已经正确设置了入口和出口规则,我相信: ########Provider######## provider "aws" { region = "us-west-2" access_key = "[redacted]" secret_key = "[red
########Provider########
provider "aws" {
region = "us-west-2"
access_key = "[redacted]"
secret_key = "[redacted]"
}
########VPC########
resource "aws_vpc" "vpc1" {
cidr_block = "10.1.0.0/16"
tags = {
Name = "Production"
}
}
########Internet GW########
resource "aws_internet_gateway" "gw" {
vpc_id = aws_vpc.vpc1.id
}
########Route table########
resource "aws_route_table" "rt" {
vpc_id = aws_vpc.vpc1.id
route {
cidr_block = "0.0.0.0/24"
gateway_id = aws_internet_gateway.gw.id
}
route {
ipv6_cidr_block = "::/0"
gateway_id = aws_internet_gateway.gw.id
}
}
########Sub Net########
resource "aws_subnet" "subnet1" {
vpc_id = aws_vpc.vpc1.id
cidr_block = "10.1.0.0/24"
availability_zone = "us-west-2a"
map_public_ip_on_launch = "true"
tags = {
Name = "prod-subnet-1"
}
}
########RT assosiation########
resource "aws_route_table_association" "a" {
subnet_id = aws_subnet.subnet1.id
route_table_id = aws_route_table.rt.id
}
########Security Group########
resource "aws_security_group" "sec1" {
name = "allow_web"
description = "Allow web inbound traffic"
vpc_id = aws_vpc.vpc1.id
ingress {
description = "HTTP from VPC"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["10.1.0.0/16"]
}
#SSH access from anywhere
ingress {
description = "SSH from VPC"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "allow_web"
}
}
########Net Interface for the Instance########
#resource "aws_network_interface" "wsn" {
# subnet_id = aws_subnet.subnet1.id
# private_ips = ["10.0.1.50"]
# security_groups = [aws_security_group.sec1.id]
#}
########Load Balancer########
resource "aws_elb" "elb" {
name = "lb"
subnets = [aws_subnet.subnet1.id]
security_groups = [aws_security_group.sec1.id]
instances = [aws_instance.web1.id]
listener {
instance_port = 80
instance_protocol = "http"
lb_port = 80
lb_protocol = "http"
}
}
########EC2 Instance########
resource "aws_instance" "web1" {
ami = "ami-003634241a8fcdec0" #ubuntu 18.4
instance_type = "t2.micro"
availability_zone = "us-west-2a"
key_name = "main-key"
subnet_id = aws_subnet.subnet1.id
#network_interface {
# device_index = 0
# network_interface_id = aws_network_interface.wsn.id
#}
user_data = <<-EOF
#!/bin/bash
sudo apt update -y
sudo apt install apache2 -y
sudo systemctl start apache2
sudo bash -c 'echo Hello world!!! > /var/www/html/index.html'
EOF
tags = {
Name = "HelloWorld"
}
}
output "aws_elb_public_dns" {
value = aws_elb.elb.dns_name
}
提供商########
提供商“aws”{
region=“美国西部-2”
access_key=“[redact]”
secret_key=“[redact]”
}
########专有网络########
资源“aws_vpc”“vpc1”{
cidr_block=“10.1.0.0/16”
标签={
Name=“生产”
}
}
########互联网千兆瓦########
资源“aws\U internet\U网关”“gw”{
vpc_id=aws_vpc.vpc1.id
}
########路由表########
资源“aws\U路由表”“rt”{
vpc_id=aws_vpc.vpc1.id
路线{
cidr_block=“0.0.0.0/24”
网关\u id=aws\u互联网\u网关.gw.id
}
路线{
ipv6_cidr_block=“::/0”
网关\u id=aws\u互联网\u网关.gw.id
}
}
########子网########
资源“aws_子网”“子网1”{
vpc_id=aws_vpc.vpc1.id
cidr_block=“10.1.0.0/24”
可用性分区=“us-west-2a”
将\u public\u ip\u映射到\u launch=“true”
标签={
Name=“prod-subnet-1”
}
}
########RT协会########
资源“aws\U路由\U表\U关联”“a”{
子网\u id=aws\u子网.subnet1.id
路由\表\ id=aws\路由\表.rt.id
}
########安全组########
资源“aws\U安全组”“sec1”{
name=“允许网络”
description=“允许web入站流量”
vpc_id=aws_vpc.vpc1.id
入口{
description=“来自VPC的HTTP”
从_端口=80
至_端口=80
协议=“tcp”
cidr_块=[“10.1.0.0/16”]
}
#从任何地方进行SSH访问
入口{
description=“来自VPC的SSH”
从_端口=22
至_端口=22
协议=“tcp”
cidr_块=[“0.0.0.0/0”]
}
出口{
从_端口=0
至_端口=0
协议=“-1”
cidr_块=[“0.0.0.0/0”]
}
标签={
Name=“允许网络”
}
}
########实例的Net接口########
#资源“aws\u网络接口”“wsn”{
#子网\u id=aws\u子网.subnet1.id
#私人_ips=[“10.0.1.50”]
#安全组=[aws\u security\u group.sec1.id]
#}
########负载平衡器########
资源“aws_elb”“elb”{
name=“lb”
子网=[aws_subnet.subnet1.id]
安全组=[aws\u security\u group.sec1.id]
实例=[aws_instance.web1.id]
听众{
实例_端口=80
实例_protocol=“http”
lb_端口=80
lb_protocol=“http”
}
}
########EC2实例########
资源“aws_实例”“web1”{
ami=“ami-003634241a8fcdec0”#ubuntu 18.4
实例_type=“t2.micro”
可用性分区=“us-west-2a”
key\u name=“主键”
子网\u id=aws\u子网.subnet1.id
#网络接口{
#设备索引=0
#network\u interface\u id=aws\u network\u interface.wsn.id
#}
用户_data=您的实例缺少安全组:
随后,您将无法使用ssh连接到它,也不允许从外部进行http通信
此外,到IGW的路线不正确。应该是:
cidr_block = "0.0.0.0/0"
cidr_blocks = ["0.0.0.0/0"]
对于您的ELB,SG也是如此,以允许来自internet的流量。它应该是:
cidr_block = "0.0.0.0/0"
cidr_blocks = ["0.0.0.0/0"]
在未来,请考虑将您的帖子清理为个人凭证。谢谢您,我做了您的更改,并创建了一个单独的SG:<代码>入口{FasePoT=80=80=80协议=“TCP”CIDRYBROCK= = [101.0.0/5] ] }//> EC2实例,现在工作正常。