安全组和子网属于不同的网络

如果有任何使用Terraform的人来到这里,我会收到一条类似的错误消息,结果如下:

variable "name" {}

locals {
  vpc_id    = "..."
  subnet_id = "..."
}

resource "aws_instance" "web" {
  ami                         = "ami-09def150731bdbcc2"
  instance_type               = "t3.micro"
  vpc_security_group_ids      = ["${aws_security_group.allow_http.id}"]

  user_data = <<-EOF
    #!/bin/bash
    sudo amazon-linux-extras install nginx1.12 -y
    sudo nginx
  EOF

  tags {
    Name = "${var.name}"
  }
}

resource "aws_security_group" "allow_http" {
  description = "Allow inbound HTTP traffic for ${var.name} instance"
  vpc_id      = "${local.vpc_id}"

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "TCP"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

我部署到的子网没有 auto assign public IPs 启用。因此,我更新了 aws_instance 包括 subnet_id 和 associate_public_ip_address :

resource "aws_instance" "web" {
  ami                         = "ami-09def150731bdbcc2"
  instance_type               = "t3.micro"
  subnet_id                   = "${local.subnet_id}"
  vpc_security_group_ids      = ["${aws_security_group.allow_http.id}"]
  associate_public_ip_address = true

  user_data = <<-EOF
    #!/bin/bash
    sudo amazon-linux-extras install nginx1.12 -y
    sudo nginx
  EOF

  tags {
    Name = "${var.name}"
  }
}

之后,一切顺利。

我通过注释中提供的指针解决了上述问题 subnet VPC , Security-Groups 和 EC2 实例如下-

首先要做的是 专有网络 第二个是 Subnet 这里你提到 VpcId 您之前创建的 您创建的第三个 security groups 这里你提到 VpcId 您之前也创建了。 第四,有一处房产 NetworkInterfaces 您提供的位置 SubnetId 和 GroupSet 这是一个安全组ID数组,在这里定义安全组、专有网络和子网之间的关系,这就是解决问题的方法。

下面是实际工作的示例模板-

{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
    "DevServerKeyPair": {
        "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instance",
        "Type": "AWS::EC2::KeyPair::KeyName",
        "ConstraintDescription": "Must be the name of an existing EC2 KeyPair."
    }
},
"Resources": {
    "DevVpc": {
        "Type": "AWS::EC2::VPC",
        "Properties": {
            "CidrBlock": "172.31.0.0/16",
            "EnableDnsSupport": "false",
            "EnableDnsHostnames": "false",
            "InstanceTenancy": "dedicated",
            "Tags": [
                {
                    "Key": "Name",
                    "Value": "DevStackVpc"
                }
            ]
        }
    },
    "DevSubnet": {
        "Type": "AWS::EC2::Subnet",
        "Properties": {
            "VpcId": {
                "Ref": "DevVpc"
            },
            "CidrBlock": "172.31.0.0/16",
            "AvailabilityZone": {
                "Fn::Select": [
                    0,
                    {
                        "Fn::GetAZs": ""
                    }
                ]
            }
        }
    },
    "WebApplicationServerSG": {
        "Type": "AWS::EC2::SecurityGroup",
        "Properties": {
            "VpcId": {
                "Ref": "DevVpc"
            },
            "GroupDescription": "Enable HTTP, HTTPS and SSH access",
            "Tags": [
                {
                    "Key": "Name",
                    "Value": "WebApplicationServer Service Group"
                }
            ],
            "SecurityGroupIngress": [
                {
                    "IpProtocol": "tcp",
                    "FromPort": "443",
                    "ToPort": "443",
                    "CidrIp": "0.0.0.0/0"
                },
                {
                    "IpProtocol": "tcp",
                    "FromPort": "80",
                    "ToPort": "80",
                    "CidrIp": "0.0.0.0/0"
                },
                {
                    "IpProtocol": "tcp",
                    "FromPort": "22",
                    "ToPort": "22",
                    "CidrIp": "0.0.0.0/0"
                }
            ],
            "SecurityGroupEgress": [
                {
                    "IpProtocol": "tcp",
                    "FromPort": "443",
                    "ToPort": "443",
                    "CidrIp": "0.0.0.0/0"
                },
                {
                    "IpProtocol": "tcp",
                    "FromPort": "80",
                    "ToPort": "80",
                    "CidrIp": "0.0.0.0/0"
                },
                {
                    "IpProtocol": "tcp",
                    "FromPort": "22",
                    "ToPort": "22",
                    "CidrIp": "0.0.0.0/0"
                }
            ]
        }
    },
    "WebApplicationServer": {
        "Type": "AWS::EC2::Instance",
        "Properties": {
            "ImageId": "ami-f3e5aa9c",
            "InstanceType": "t2.micro",
            "Tags": [
                {
                    "Key": "Name",
                    "Value": "WebApplicationServer"
                }
            ],
            "KeyName": {
                "Ref": "DevServerKeyPair"
            },
            "NetworkInterfaces": [
                {
                    "SubnetId": {"Ref": "DevSubnet"},
                    "AssociatePublicIpAddress": "true",
                    "DeviceIndex": "0",
                    "GroupSet": [{ "Ref" : "WebApplicationServerSG" }]
                }
            ]
        }
    }
  }
}

希望这对研究类似问题的人有所帮助。

您尝试使用的安全组存在问题!使用模板创建时,它使用默认专有网络。 在创建安全组的CLoudFormation模板上,您需要识别您喜欢使用的VpcId(非默认),这将解决问题。或者,您可以使用(非默认)VPC手动创建新的安全组,然后运行新实例。