Fatal编程技术网
  • amazon-web-services/
  • Amazon web services 专用子网上2个或多个节点之间的地形AWS路由

Amazon web services 专用子网上2个或多个节点之间的地形AWS路由

amazon-web-services terraform

Amazon web services 专用子网上2个或多个节点之间的地形AWS路由,amazon-web-services,terraform,Amazon Web Services,Terraform,我有一个地形图(下图),它在AWS上的私有VPC中创建了几个节点。一切似乎都很好,但我无法在VPC中的节点之间使用ssh或ping 在以下配置中,我遗漏了什么,以允许专用网络中的2个节点能够相互通信 provider "aws" { region = "${var.aws_region}" access_key = "${var.aws_access_key}" secret_key = "${var.aws_secret_key}" } # Create a VPC to la

我有一个地形图(下图),它在AWS上的私有VPC中创建了几个节点。一切似乎都很好,但我无法在VPC中的节点之间使用ssh或ping

在以下配置中,我遗漏了什么,以允许专用网络中的2个节点能够相互通信

provider "aws" {
  region = "${var.aws_region}"
  access_key = "${var.aws_access_key}"
  secret_key = "${var.aws_secret_key}"
}


# Create a VPC to launch our instances into
resource "aws_vpc" "default" {
  cidr_block = "10.0.0.0/16"


  tags {
    Name = "SolrCluster1"
  }
}


# Create an internet gateway to give our subnet access to the outside world
resource "aws_internet_gateway" "default" {
  vpc_id = "${aws_vpc.default.id}"


  tags {
    Name = "SolrCluster1"
  }
}


# Grant the VPC internet access on its main route table
resource "aws_route" "internet_access" {
  route_table_id = "${aws_vpc.default.main_route_table_id}"
  destination_cidr_block = "0.0.0.0/0"
  gateway_id = "${aws_internet_gateway.default.id}"
}




# Create a subnet to launch our instances into
resource "aws_subnet" "private" {
  vpc_id = "${aws_vpc.default.id}"
  cidr_block = "10.0.1.0/24"


  # if true, instances launched into this subnet should be assigned a public IP
  map_public_ip_on_launch = true


  # availability_zone = 


  tags {
    Name = "SolrCluster1"
  }
}




# Security Group to Access the instances over SSH, and 8983
resource "aws_security_group" "main_security_group" {
  name = "SolrCluster1"
  description = "Allow access to the servers via port 22"


  vpc_id = "${aws_vpc.default.id}"


  // allow traffic from the SG itself for tcp
  ingress {
    from_port = 1
    to_port = 65535
    protocol = "tcp"
    self = true
  }


  // allow traffic from the SG itself for udp
  ingress {
    from_port = 1
    to_port = 65535
    protocol = "udp"
    self = true
  }


  // allow SSH traffic from anywhere TODO: Button this up a bit?
  ingress {
    from_port = 22
    to_port = 22
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }


  // allow ICMP
  ingress {
    from_port = -1
    to_port = -1
    protocol = "icmp"
    cidr_blocks = ["0.0.0.0/0"]
  }


}


resource "aws_instance" "solr" {
  ami = "ami-408c7f28"
  instance_type = "t1.micro"


  # The name of our SSH keypair we created above.
  # key_name = "${aws_key_pair.auth.id}"
  key_name = "${var.key_name}"


  vpc_security_group_ids = ["${aws_security_group.main_security_group.id}"]


  # Launch the instances into our subnet
  subnet_id = "${aws_subnet.private.id}"


  # The connection block tells our provisioner how to communicate with the 
  # resource (instance)
  connection {
    # The default username for our AMI
    user = "ubuntu"
    # The connection will use the local SSH agent for authentication.
    private_key = "${file(var.private_key_path)}"
  }


  /* provisioner "remote-exec" { */
  /*   inline = [ */
  /*     "sudo apt-get -y update", */
  /*     "sudo apt-get -y --force-yes install nginx", */
  /*     "sudo service nginx start" */
  /*   ] */
  /* } */


  tags {
    Name = "SolrDev${count.index}"
  }


  count = 2
}
结果我遗漏了我的子网的出口规则:

  egress {
    from_port = 1
    to_port = 65535
    protocol = "tcp"
    self = true
  }

  // allow traffic from the SG itself for udp
  egress {
    from_port = 1
    to_port = 65535
    protocol = "udp"
    self = true
  }