Elastic Beanstalk 无法在自定义 VPC 和子网中启动

【问题标题】:Elastic Beanstalk fails to launch in custom VPC and subnetElastic Beanstalk 无法在自定义 VPC 和子网中启动
【发布时间】:2021-05-19 06:14:55
【问题描述】:

由于 EC2 和 Elastic Beanstalk 之间的连接,我的 Elastic Beanstalk env 无法启动:

 Error: Error waiting for Elastic Beanstalk Environment (e-xxxxxxxxxx) to become ready: 2 errors occurred:

    * 2021-02-16 11:00:21.529 +0000 UTC (e-xxxxxxxxxx) : 
            Stack named 'awseb-e-xxxxxxxxxx-stack' aborted operation. Current state: 'CREATE_FAILED'  
            Reason: The following resource(s) failed to create: [AWSEBInstanceLaunchWaitCondition].

    * 2021-02-16 11:00:21.662 +0000 UTC (e-xxxxxxxxxx) : 
            The EC2 instances failed to communicate with AWS Elastic Beanstalk, either because of configuration problems with the VPC or a failed EC2 instance. Check your VPC configuration and try launching the environment again.

但是,我可以通过 SSH 连接到 EC2 实例,并在其中找到以下内容:

$ tail /var/log/eb-cfn-init.log 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:02:09 --:--:--     0curl: (7) Failed to connect to elasticbeanstalk-platform-assets-eu-west-2.s3.eu-west-2.amazonaws.com port 443: Connection timed out
+ RESULT=7
+ [[ 7 -ne 0 ]]
+ sleep_delay
+ ((  40 < 3600  ))
+ echo Sleeping 40
Sleeping 40
+ sleep 40

这个错误让我很吃惊,因为我在这个 VPC 中有一个 S3 VPC 端点:

resource "aws_vpc_endpoint" "s3_endpoint_public" {
  vpc_id       = aws_vpc.main.id
  service_name = "com.amazonaws.${var.aws_region}.s3"
}

resource "aws_vpc_endpoint_route_table_association" "s3_public_route_table_association" {
  route_table_id  = aws_route_table.public.id
  vpc_endpoint_id = aws_vpc_endpoint.s3_endpoint_public.id
}

如何调试/修复我的 Elastic Beanstalk 环境?

路由表/子网配置

resource "aws_route_table" "public" {
  vpc_id = aws_vpc.main.id
}

resource "aws_route_table_association" "public_a" {
  route_table_id = aws_route_table.public.id
  subnet_id      = aws_subnet.public_c.id
}

resource "aws_route_table_association" "public_b" {
  route_table_id = aws_route_table.public.id
  subnet_id      = aws_subnet.public_c.id
}

resource "aws_route_table_association" "public_c" {
  route_table_id = aws_route_table.public.id
  subnet_id      = aws_subnet.public_c.id
}

resource "aws_internet_gateway" "public" {
  vpc_id = aws_vpc.main.id
}

resource "aws_route" "public_internet" {
  route_table_id = aws_route_table.public.id
  gateway_id     = aws_internet_gateway.public.id

  destination_cidr_block = "0.0.0.0/0"
}

【问题讨论】:

  • s3 端点是不够的。如果您不想使用 nat,您还需要 CloudFormation、EB 本身等的端点。您是否检查过docs 是否将 EB 与 VPC 结合使用?
  • 我有 CloudFormation、SQS、Kinesis、Elastic Beanstalk 和 Elastic Beanstalk Health 的端点。我只提到 S3 是因为日志显示 EC2 无法连接到 S3。
  • 我明白了。你能澄清一下aws_route_table.public是什么吗?它是公共子网中的路由表,还是私有的?它和你的 EB 是同一个子网吗?
  • 我刚刚注意到 aws_subnet.public_c 关联了 3 次!错误只是一个错字...
  • 那么您在公共子网中有 S3 vpn 端点吗?所以你的 EB 实例也在公共子网中?

标签: amazon-web-services amazon-ec2 amazon-elastic-beanstalk terraform


【解决方案1】:

确保子网与路由表相关联,并且路由表具有互联网网关。

【讨论】:

    猜你喜欢
    • 2017-01-29
    • 2013-08-01
    • 2021-04-27
    • 2017-01-17
    • 2020-11-04
    • 2017-08-30
    • 2016-04-20
    • 2017-01-10
    • 2023-03-06
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode