问题描述
我正在使用Terraform 0.12.26,我想构建一个AWS Ubuntu计算机实例.
I'm using Terraform 0.12.26 and I want to build an AWS Ubuntu machine instance.
当我运行terraform apply
时,一切看起来都不错……但是我无法使用SSH来连接新的EC2计算机.我的家庭防火墙允许在任何地方使用SSH,而且我可以使用SSH来访问任何其他Internet资源.
When I run terraform apply
, everything looks right... but I can't ssh to the new EC2 machine. My home firewall allows ssh everywhere, and I can ssh to any other internet resources.
如果我在同一区域/az中手动安装EC2实例,则ssh可以正常工作...此问题似乎仅限于Terraform.
If I manually install an EC2 instance in the same region / az, ssh works fine... this problem seems to be limited to Terraform.
$ terraform apply
...
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_key_pair.mykeypair: Creating...
aws_vpc.main: Creating...
aws_key_pair.mykeypair: Creation complete after 2s [id=mykeypair-pub]
aws_vpc.main: Still creating... [10s elapsed]
aws_vpc.main: Creation complete after 14s [id=vpc-0396212cf58236e68]
aws_subnet.first_subnet: Creating...
aws_security_group.ingress-policy-example: Creating...
aws_subnet.first_subnet: Creation complete after 10s [id=subnet-0558eb0d5c2a4cb3e]
aws_security_group.ingress-policy-example: Still creating... [10s elapsed]
aws_security_group.ingress-policy-example: Creation complete after 13s [id=sg-080e7fa96dc485107]
aws_instance.example: Creating...
aws_instance.example: Still creating... [10s elapsed]
aws_instance.example: Still creating... [20s elapsed]
aws_instance.example: Creation complete after 25s [id=i-0aaf3c53023c1226f]
Apply complete! Resources: 5 added, 0 changed, 0 destroyed.
Outputs:
ip = 34.217.88.173
$ telnet 34.217.88.173 22
Trying 34.217.88.173...
telnet: Unable to connect to remote host: Resource temporarily unavailable
$
这是我的Terraform代码:
This is my terraform code:
$ cat main.tf
provider "aws" {
region = var.region
access_key = "SECRET_ACCESS_KEY_HERE"
secret_key = "SECRET_KEY_HERE"
# Allow any 2.x version of the AWS provider
version = "~> 2.0"
}
variable region {
default = "us-west-2"
}
variable availability_zone_01 {
default = "us-west-2a"
}
variable key_path {
default = "~/.ssh/id_rsa.pub"
}
variable site_supernet {
default = "10.0.0.0/16"
}
variable first_subnet {
default = "10.0.1.0/24"
}
resource "aws_vpc" "main" {
cidr_block = var.site_supernet
enable_dns_hostnames = true
enable_dns_support = true
instance_tenancy = "default"
tags = {
Name = "tag-primary-vpc"
}
}
resource "aws_subnet" "first_subnet" {
vpc_id = aws_vpc.main.id
cidr_block = var.first_subnet
availability_zone = var.availability_zone_01
map_public_ip_on_launch = true
tags = {
Name = "tag-first_subnet"
}
}
resource "aws_security_group" "ingress-policy-example" {
vpc_id = aws_vpc.main.id
ingress {
cidr_blocks = ["0.0.0.0/0",]
from_port = 22 # Port from 22 to 22...
to_port = 22
protocol = "tcp"
}
## This egress rule was missing from my original question...
egress {
# Terraform doesn't allow all egress traffic by default...
cidr_blocks = ["0.0.0.0/0"]
from_port = 0
to_port = 0
protocol = "-1"
}
tags = {
Name = "tag-sg-allow-ssh"
}
}
resource "aws_key_pair" "mykeypair" {
key_name = "mykeypair-pub"
public_key = file(var.key_path)
}
resource "aws_instance" "example" {
#ami = "ami-0994c095691a46fb5"
ami = "ami-003634241a8fcdec0"
instance_type = "t2.nano"
key_name = aws_key_pair.mykeypair.key_name
subnet_id = aws_subnet.first_subnet.id
vpc_security_group_ids = [
aws_security_group.ingress-policy-example.id,
]
associate_public_ip_address = true
root_block_device {
delete_on_termination = false
}
user_data = <<-EOF
#!/bin/bash
apt-get update
apt-get install openssh-server
EOF
tags = {
Name = "stackoverflow_20200619"
}
}
output "ip" {
value = aws_instance.example.public_ip
}
问题:如何修复此Terraform部署,以便可以SSH到上面的服务器?
QUESTION: How can I fix this terraform deployment so I can ssh to the server above?
我尝试过的事情:
- 使用密钥身份验证手动构建Ubuntu映像;这个工作正常,我可以使用它
- 删除terraform安全组;没有帮助
- 已更改的AWS地形区域/可用性区域;没有帮助
- 删除
user_data
软件包安装;没有帮助 - 删除
aws_subnet
;没有帮助 - 删除
instance_tenancy
;没有帮助 - 用另一个ssh密钥替换ssh密钥;没有帮助
- 用静态用户名/密码替换ssh密钥;没有帮助
- 使用PuTTY从Windows取代SSH(而不是linux& openssh);没有帮助
- Manually building an Ubuntu image using key auth; this works fine and I can ssh to it
- Removing the terraform security group; does not help
- Changed AWS terraform regions / availability zones; does not help
- Removing
user_data
package installation; does not help - Removing the
aws_subnet
; does not help - Removing
instance_tenancy
; does not help - Replace ssh key with another ssh key; does not help
- Replace ssh key with static username / password; does not help
- SSH from Windows with PuTTY (instead of linux & openssh); does not help
推荐答案
您的VPC没有Internet网关(IGW).您需要创建它并为其添加一个路由表条目.
Your VPC has no Internet Gateway (IGW). You'll need to create that and add a route table entry for it.
添加这些资源应该可以(将其写在我的手机上,这样您的里程可能会有所不同):
Adding these resources should work (wrote this on my phone so your mileage may vary):
resource "aws_internet_gateway" "igw" {
vpc_id = aws_vpc.main.id
tags = {
Name = "main"
}
}
resource "aws_route" "r" {
route_table_id = aws_route_table.rt
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.igw.id
}
resource "aws_route_table" "rt" {
vpc_id = aws_vpc.main.id
}
resource "aws_route_table_association" "rta" {
subnet_id = aws_subnet.first_subnet.id
route_table_id = aws_route_table.rt.id
}
这篇关于Terraform EC2网络断开的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!