amazon-web-services - 使用 Terraform 时连接超时
问题描述
我尝试从子网和 vpc id 创建实例,但在提供远程 exec 时遇到问题。这样做的目的是创建 2 个公共子网(eu-west-1a)和 2 个私有子网(eu-west-1b)和使用其中的子网和 vpc id 创建一个实例,然后 ssh 并安装 nginx。我不知道如何解决这个问题,不幸的是我不是 Terraform 方面的专家,所以这里需要指导。当我尝试使用命令提示符对其进行 ssh 时,它说连接超时。该端口在安全组端口 22 中打开
╷ │</p>
Error: remote-exec provisioner error
│
│ with aws_instance.EC2InstanceCreate,
│ on main_ec2.tf line 11, in resource "aws_instance" "EC2InstanceCreate":
│ 11: provisioner "remote-exec" {
│
│ timeout - last error: dial tcp 54.154.137.10:22: i/o timeout
╵</p>
我的代码如下:
`# Server Definition
resource "aws_instance" "EC2InstanceCreate" {
ami = "${var.aws_ami}"
instance_type = "${var.server_type}"
key_name = "${var.target_keypairs}"
subnet_id = "${var.target_subnet}"
provisioner "remote-exec" {
connection {
type = "ssh"
host = "${self.public_ip}"
user = "centos"
private_key = "${file("/home/michael/cs-104-michael/lesson6/EC2Tutorial.pem")}"
timeout = "5m"
}
inline = [
"sudo yum -y update",
"sudo yum -y install nginx",
"sudo service nginx start",
"sudo yum -y install wget, unzip",
]
}
tags = {
Name = "cs-104-lesson6-michael"
Environment = "TEST"
App = "React App"
}
}
output "pub_ip" {
value = ["${aws_instance.EC2InstanceCreate.public_ip}"]
depends_on = [aws_instance.EC2InstanceCreate]
}`
安全组配置:
# Create security group for webserver
resource "aws_security_group" "webserver_sg" {
name = "sg_ws_name"
vpc_id = "${var.target_vpc}"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
description = "HTTP"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
description = "HTTP"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags = {
Name = "Security Group VPC devmind"
Project = "demo-assignment"
}
}
子网代码:
resource "aws_subnet" "public-subnet" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "${var.public_subnet_2a_cidr}"
availability_zone = "eu-west-1a"
map_public_ip_on_launch = true
tags = {
Name = "Web Public subnet 1"
}
}
resource "aws_subnet" "public-subnet2" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "${var.public_subnet_2b_cidr}"
availability_zone = "eu-west-1a"
map_public_ip_on_launch = true
tags = {
Name = "Web Public subnet 2"
}
}
# Define private subnets
resource "aws_subnet" "private-subnet" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "${var.private_db_subnet_2a_cidr}"
availability_zone = "eu-west-1b"
map_public_ip_on_launch = false
tags = {
Name = "App Private subnet 1"
}
}
resource "aws_subnet" "private-subnet2" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "${var.private_db_subnet_2b_cidr}"
availability_zone = "eu-west-1b"
map_public_ip_on_launch = false
tags = {
Name = "App Private subnet 2"
}
}
vpc代码:
# Define our VPC
resource "aws_vpc" "default" {
cidr_block = "${var.vpc_cidr}"
enable_dns_hostnames = true
tags = {
Name = "Devops POC VPC"
}
}
互联网网关包含代码:
# Internet Gateway
resource "aws_internet_gateway" "gw" {
vpc_id = "${aws_vpc.default.id}"
tags = {
name = "VPC IGW"
}
}
解决方案
您没有为您的实例提供vpc_security_group_ids:
vpc_security_group_ids = [aws_security_group.webserver_sg.id]
可能还有许多其他问题,例如未显示的错误设置 VPC。
推荐阅读
- python - 使用 VL 格式从 Python 将字符串列表存储到 HDF5 数据集
- c# - 在库项目中使用 .NET Core 中的 AutoMapper
- javascript - 使用字符串引用导入的模块
- reactjs - DatePicker 在初始状态下显示 fromat/custom 消息
- authentication - 尝试使用 UiPath Orchestrator 的智能卡远程启动机器人时出错
- create-react-app - 是否可以在不弹出的情况下将 devextreme 与 create-react-app 一起使用?
- selenium - 在我的移动应用程序的 appium 中找不到任何元素
- scala - 如何在 Akka 中限制发送给 IO(Tcp) 角色的消息
- angular - Angular Cli:带有水平分隔线的图表
- python - Pandas - 查找行的空列并在一列中更新