【发布时间】:2021-05-25 23:06:51
【问题描述】:
从昨天开始,我一直在尝试让这个 CloudFormation 模板正常工作……目标是将 EC2 实例启动到我可以通过 HTTP 访问的公共子网中。对我来说,一切看起来都已正确创建,但实例无法在浏览器中连接。我检查过的东西:
- EC2 实例部署在正确的子网中
- 子网有一个指向 IGW 的路由表
- EC2 实例有一个公共 IP
- 安全组允许所有来源通过端口 80、443 和 22 进行入站访问
- 在没有用户数据的情况下创建
- 已验证的用户数据在手动 EC2 中正常工作
对其他检查有什么建议吗?
这是我的模板:
Resources:
myVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.2.0.0/16
Tags:
- Key: Name
Value: myVPC
WebDMZcf:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Open to HTTP, HTTPS and SSH on all ports
GroupName: WebDMZcf
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: WebDMZcf
VpcId:
Ref: myVPC
myInternetGatewayCF:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: myInternetGatewayCF
myInternetGatewayCFAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId:
Ref: myInternetGatewayCF
VpcId:
Ref: myVPC
myRouteTableCF:
Type: AWS::EC2::RouteTable
Properties:
Tags:
- Key: Name
Value: myRouteTableCF
VpcId:
Ref: myVPC
IGWRoute:
Type: AWS::EC2::Route
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId:
Ref: myInternetGatewayCF
RouteTableId:
Ref: myRouteTableCF
PublicSubnet:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 10.2.1.0/24
# MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: PublicSubnet
VpcId:
Ref: myVPC
PublicEC2:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-047a51fa27710816e
InstanceType: t2.micro
NetworkInterfaces:
- AssociatePublicIpAddress: True
DeviceIndex: 0
SubnetId:
Ref: PublicSubnet
DeleteOnTermination: True
GroupSet:
- Ref: WebDMZcf
Tags:
- Key: Name
Value: PublicEC2
UserData:
!Base64 |
#!/bin/bash
# Install Apache Web Server
yum install httpd -y
systemctl start httpd
systemctl enable httpd
# Discovery configuration from using the EC2 metadata service
ID=$(curl 169.254.169.254/latest/meta-data/instance-id)
TYPE=$(curl 169.254.169.254/latest/meta-data/instance-type)
AZ=$(curl 169.254.169.254/latest/meta-data/placement/availability-zone)
IPV4=$(curl -f 169.254.169.254/latest/meta-data/public-ipv4)
# Set up the Web Site
cd /var/www/html
## Generate customized index.html for this instance
echo "<html><body><H1>Hello, EC2 Instance!</H1><p><p>" > ./index.html
echo "The ID of this instance is " >> ./index.html
echo "<strong>$ID</strong>.<p><p>" >> ./index.html
echo "This is a <strong>$TYPE</strong> instance" >> ./index.html
echo " in <strong>$AZ</strong>. <p><p>" >> ./index.html
if [ "$IPV4" ];
then
echo "The public ip is <strong>$IPV4</strong>.<p><p>" >> ./index.html
else
echo "This instance does <strong>NOT</strong> have" >> ./index.html
echo "a public ip address.<p><p>" >> ./index.html
fi
echo "</body></html>" >> ./index.html
编辑:
我现在已经向实例添加了一个密钥对,但我也无法在其中进行 SSH。当我尝试使用控制台中的“连接”按钮时,我得到了这个:
There was a problem connecting to your instance We were unable to connect to your instance. Make sure that your instance’s network settings are configured correctly for EC2 Instance Connect. For more information, see [Task 1: Configure network access to an instance.][1] 我现在正在调查。
【问题讨论】:
-
您的安全组没有出口规则,这意味着所有出站流量都被阻止。
-
使用默认的egress规则,允许所有流量:All traffic All All 0.0.0.0/0
-
啊,terraform 没有应用默认的出口规则,我认为 CF 也没有。
标签: amazon-web-services amazon-ec2 amazon-cloudformation