Jee*_*eet 8 amazon-ec2 subnet amazon-web-services aws-cloudformation aws-security-group
我正在创建一个基本的 AWS CloudFormation 模板,其中包含一个 VPC、3 个安全组和 5 个 EC2 实例,我的安全组看起来像这样 -
{
"WebApplicationServerSG": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "DevVpc"
},
"GroupDescription": "Enable HTTP, HTTPS and SSH access",
"Tags": [
{
"Key": "Name",
"Value": "WebApplicationServer Service Group"
}
],
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "a7977f00-48d6-488f-9e23-9bcd0785d399"
}
}
}
}
VPC 如下所示 -
{
"DevVpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "172.31.0.0/16",
"EnableDnsSupport": "false",
"EnableDnsHostnames": "false",
"InstanceTenancy": "dedicated",
"Tags": [
{
"Key": "Name",
"Value": "DevStackVpc"
}
]
}
}
}
使用模板创建堆栈时出现错误 -
安全组 sg-31f91b5a 和子网子网-ea0aa3a7 属于不同的网络。
11:13:01 UTC+0550 CREATE_FAILED AWS::EC2::Instance WebApplicationServer Security group sg-5147a53a and subnet subnet-ea0aa3a7 belong to different networks.
这是完整模板的要点,任何帮助将不胜感激。
tim*_*ord 11
如果有人使用 Terraform 到这里,我会收到类似的错误消息,结果如下:
variable "name" {}
locals {
vpc_id = "..."
subnet_id = "..."
}
resource "aws_instance" "web" {
ami = "ami-09def150731bdbcc2"
instance_type = "t3.micro"
vpc_security_group_ids = ["${aws_security_group.allow_http.id}"]
user_data = <<-EOF
#!/bin/bash
sudo amazon-linux-extras install nginx1.12 -y
sudo nginx
EOF
tags {
Name = "${var.name}"
}
}
resource "aws_security_group" "allow_http" {
description = "Allow inbound HTTP traffic for ${var.name} instance"
vpc_id = "${local.vpc_id}"
ingress {
from_port = 80
to_port = 80
protocol = "TCP"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
我部署到的子网没有auto assign public IPs启用。因此,我更新了aws_instance以包含subnet_id和associate_public_ip_address:
resource "aws_instance" "web" {
ami = "ami-09def150731bdbcc2"
instance_type = "t3.micro"
subnet_id = "${local.subnet_id}"
vpc_security_group_ids = ["${aws_security_group.allow_http.id}"]
associate_public_ip_address = true
user_data = <<-EOF
#!/bin/bash
sudo amazon-linux-extras install nginx1.12 -y
sudo nginx
EOF
tags {
Name = "${var.name}"
}
}
之后,一切正常。
我通过评论中提供的指针解决了上述问题, subnet VPC,Security-Groups和EC2实例如下 -
获得并且应该创建的第一件事是VPC
第二个是Subnet您在此处提到VpcId您之前创建的第三个您security groups在此处创建您也提到了VpcId您之前创建的内容。4、有NetworkInterfaces你提供的房产SubnetId和GroupSet它是安全组一组ID,这是你定义的安全组,VPC和子网之间的关系,这就是解决了这个问题。
以下是实际工作的示例模板 -
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"DevServerKeyPair": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the instance",
"Type": "AWS::EC2::KeyPair::KeyName",
"ConstraintDescription": "Must be the name of an existing EC2 KeyPair."
}
},
"Resources": {
"DevVpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "172.31.0.0/16",
"EnableDnsSupport": "false",
"EnableDnsHostnames": "false",
"InstanceTenancy": "dedicated",
"Tags": [
{
"Key": "Name",
"Value": "DevStackVpc"
}
]
}
},
"DevSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "DevVpc"
},
"CidrBlock": "172.31.0.0/16",
"AvailabilityZone": {
"Fn::Select": [
0,
{
"Fn::GetAZs": ""
}
]
}
}
},
"WebApplicationServerSG": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "DevVpc"
},
"GroupDescription": "Enable HTTP, HTTPS and SSH access",
"Tags": [
{
"Key": "Name",
"Value": "WebApplicationServer Service Group"
}
],
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
}
]
}
},
"WebApplicationServer": {
"Type": "AWS::EC2::Instance",
"Properties": {
"ImageId": "ami-f3e5aa9c",
"InstanceType": "t2.micro",
"Tags": [
{
"Key": "Name",
"Value": "WebApplicationServer"
}
],
"KeyName": {
"Ref": "DevServerKeyPair"
},
"NetworkInterfaces": [
{
"SubnetId": {"Ref": "DevSubnet"},
"AssociatePublicIpAddress": "true",
"DeviceIndex": "0",
"GroupSet": [{ "Ref" : "WebApplicationServerSG" }]
}
]
}
}
}
}
希望它可以帮助有人研究类似的问题。
| 归档时间: |
|
| 查看次数: |
12038 次 |
| 最近记录: |