我正试图创建一个ec2实例,但我遇到了一个问题,即使我的安全组打开了端口22,我也完全无法在内部ssh。
我的地形像这样。
variable "path_to_public_key"{
default = "/<path-to-ssh>/.ssh/id_rsa.pub"
}
resource "aws_vpc" "demo-vpc" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "Ec2-EFront-Demo-Vpc"
}
}
resource "aws_subnet" "efront-subnet" {
vpc_id = aws_vpc.demo-vpc.id
cidr_block = "10.0.1.0/24"
availability_zone = "eu-west-1a"
tags = {
Name = "EFront-Subnet"
}
}
resource "aws_network_interface" "efront-network-interface" {
subnet_id = aws_subnet.efront-subnet.id
private_ips = ["10.0.1.100"]
tags = {
Name = "Efront_primary_network_interface"
}
}
resource "aws_key_pair" "efront-ssh-key" {
key_name = "id_rsa"
public_key = "${file(var.path_to_public_key)}"
}
resource "aws_security_group" "allow-ssh-single" {
vpc_id = aws_vpc.demo-vpc.id
name = "allow-ssh-access"
description = "security group that allows ssh and all egress traffic"
egress {
from_port = 0
protocol = "-1"
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
protocol = "tcp"
to_port = 22
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "allow-ssh"
Environment = "Prod"
}
}
data "aws_ami" "ubuntu"{
most_recent = true
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
owners = ["099720109477"] # Canonical
}
resource "aws_instance" "Efront-DEMO" {
ami = data.aws_ami.ubuntu.id
instance_type = "t3a.small"
subnet_id = aws_subnet.efront-subnet.id
associate_public_ip_address = true
security_groups = [aws_security_group.allow-ssh-single.id]
key_name = aws_key_pair.efront-ssh-key.key_name
tags = {
Name = "EFront-DEMO"
}
}
terraform初始化和应用程序运行时没有任何问题。该实例是健康的,但当我尝试在虚拟机内ssh时。我得到:
ssh: connect to host <IP> port 22: Operation timed out
我的安全组允许通过端口22访问,这是我唯一的安全组。
我试着把chmod改为400,但什么都没有。
关于我为什么会出现这个错误,有什么建议吗?
检查:
- 您正在连接到EC2的公共IP
- 您的NACL(网络访问(没有任何限制列表(