terraform - 成功应用 TF 后,Terraform EC2 实例不可用于 SSH(除非 SSH 配置)
问题描述
我正在为示例目的构建此代码,但是无论我如何配置它,EC2 实例都不会通过 EC2 本身提供的设置变为 SSHable,尽管它说它应该能够连接。使用 tf v0.13.1
这是我的 TF 代码:
resource "aws_instance" "live" {
ami = "ami-060e472760062f83f"
instance_type = "t2.nano"
key_name = "xxx"
subnet_id = aws_subnet.default.id
vpc_security_group_ids = [
aws_security_group.http-group.id,
aws_security_group.https-group.id,
aws_security_group.ssh-group.id,
aws_security_group.all-outbound-traffic.id,
]
depends_on = [
aws_internet_gateway.gw,
aws_network_interface.default
]
}
网络设置:
resource "aws_security_group" "https-group" {
name = "https-access-group"
description = "Allow traffic on port 443 (HTTPS)"
tags = {
Name = "HTTPS Inbound Traffic Security Group"
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_security_group" "http-group" {
name = "http-access-group"
description = "Allow traffic on port 80 (HTTP)"
tags = {
Name = "HTTP Inbound Traffic Security Group"
}
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_security_group" "all-outbound-traffic" {
name = "all-outbound-traffic-group"
description = "Allow traffic to leave the AWS instance"
tags = {
Name = "Outbound Traffic Security Group"
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_security_group" "ssh-group" {
name = "ssh-access-group"
description = "Allow traffic to port 22 (SSH)"
tags = {
Name = "SSH Access Security Group"
}
ingress {
description = "SSH to VPC"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_vpc" "default" {
cidr_block = "10.0.0.0/16"
enable_dns_support = true
}
resource "aws_subnet" "default" {
vpc_id = aws_vpc.default.id
cidr_block = "10.0.10.0/24"
}
resource "aws_internet_gateway" "gw" {
vpc_id = aws_vpc.default.id
}
resource "aws_eip_association" "eip_assoc" {
depends_on = [
aws_instance.live,
aws_eip.lb
]
instance_id = aws_instance.live.id
allocation_id = aws_eip.lb.id
#network_interface_id = aws_network_interface.multi-ip.id
}
resource "aws_eip" "lb" {
vpc = true
instance = aws_instance.live.id
depends_on = [
aws_instance.live
]
}
resource "aws_network_interface" "default" {
subnet_id = aws_subnet.default.id
security_groups = [
aws_security_group.all-outbound-traffic.id,
aws_security_group.http-group.id,
aws_security_group.https-group.id,
aws_security_group.ssh-group.id
]
}
和 Route53 设置:
resource "aws_route53_zone" "default" {
name = "xxx.io."
vpc {
vpc_id = aws_vpc.default.id
}
}
resource "aws_route53_record" "x-www" {
zone_id = aws_route53_zone.default.zone_id
name = "www.xxx.io"
type = "A"
ttl = "300"
records = [aws_eip.lb.public_ip]
}
resource "aws_route53_record" "x-sub-www" {
zone_id = aws_route53_zone.default.zone_id
name = "*.xxx.io"
type = "A"
ttl = "300"
records = [aws_eip.lb.public_ip]
}
在 AWS 控制台中,一切似乎都很好地连接在一起,但是 tf 中的本地 exec 也无法通过 SSH 连接到 EC2 实例,我也不能。我做错了什么?
但是该实例仍然无法通过 SSH 调用。实例正在正确构建,并且在 EC2 控制台中似乎都设置正确:
安全组正确设置为 EC2 实例:
解决方案
您已创建正确但未附加到您的 ec2 实例的安全组,因此永远不会打开该实例上的端口 22。
用这个 :
resource "aws_network_interface_sg_attachment" "sg_attachment" {
security_group_id = aws_security_group.ssh-group.id
network_interface_id = aws_instance.live.primary_network_interface_id
}
同样附加其他安全组...
推荐阅读
- angular - 对象输入的 PrimeNG 数据表自定义过滤器
- xpath - 如何从使用 xpath 找到的标签中找到原始 html
- spring-boot - 自定义存储库
- c# - 如何指定子元素在全局名称空间中?
- r - 在 for 循环中跳过迭代
- ios - 如何使用 swift 在情节提要中从一个视图控制器移动到另一个视图控制器
- reactjs - 如何在 React with Promises 中将键添加到我的 div 标签
- python - Accessing s3 data locally with pyspark - trustAnchors parameter must be non-empty
- php - updateOrCreate cause ErrorException in laravel
- java - 如何执行来自另一个应用程序的发布请求