我无法SSH到使用Terraform创建的EC2实例
我希望看到这一点的每个人都做得很好。
我还在学习Terraform和AWS的诀窍。
我已经创建了一个包含4个子网的私有网络。1个子网为公有子网,3个子网为私有子网。我目前在我的公共子网(堡垒盒子/服务器)中有1个EC2实例。我还为该实例创建了一个安全组,并创建了一个NACL规则,允许我仅从我的IP通过ssh连接到该实例。由于某些原因,当我尝试ssh到这个实例时,我的终端挂起了,我看到以下消息:
OpenSSH_8.2p1 Ubuntu-4ubuntu0.1,OpenSSL 1.1.1f 2020年3月31日
debug1:读取配置数据/etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config第19行: include /etc/ssh/ssh_config.d/*.conf没有匹配的文件
debug1: /etc/ssh/ssh_config第21行:为*应用选项
debug1:正在连接到'instance_public_ip instance_public_ip端口22
然后它会告诉我连接超时。
我更改了规则,允许来自所有I的ssh连接(例如0.0.0.0/0),但仍然得到相同的问题。基础设施的terraform代码如下:
# Elastic IP for bastion server
resource "aws_eip" "bastion_eip" {
instance = aws_instance.Bastion.id
vpc = true
}
# EIP association for bastion server
resource "aws_eip_association" "eip_assoc" {
instance_id = aws_instance.Bastion.id
allocation_id = aws_eip.bastion_eip.id
}
# Create internet gateway
resource "aws_internet_gateway" "main-gateway" {
vpc_id = aws_vpc.main-vpc.id
tags = {
Name = "main"
}
}
# Create route table for public subnet
resource "aws_route_table" "public-route-table" {
vpc_id = aws_vpc.main-vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.main-gateway.id
}
tags = {
Name = "public-route-table"
}
}
# Create subnet 4
resource "aws_subnet" "subnet-4" {
vpc_id = aws_vpc.main-vpc.id
cidr_block = "10.0.4.0/24"
availability_zone = "eu-west-2a"
tags = {
Name = "subnet-public"
}
}
# Associate subnet 4 with public route table
resource "aws_route_table_association" "subnet-4" {
subnet_id = aws_subnet.subnet-4.id
route_table_id = aws_route_table.public-route-table.id
}
# Create bastion server security group (subnet 4)
resource "aws_security_group" "bastion-sg" {
name = "bastion-sg"
description = "Allow web traffic from specific IPs"
vpc_id = aws_vpc.main-vpc.id
# SSH Traffic
ingress {
description = "SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"] #allow web traffic.
}
egress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "allow_access_bastion_server"
}
}
# Create NACL for public subnet with Prod server & bastion server
resource "aws_network_acl" "public_nacl" {
vpc_id = aws_vpc.main-vpc.id
subnet_ids = [aws_subnet.subnet-4.id]
# Allow inbound http traffic from internet
ingress {
protocol = "tcp"
rule_no = 100
action = "allow"
cidr_block = "0.0.0.0/0"
from_port = 80
to_port = 80
}
# Allow outbound http traffic to internet
egress {
protocol = "tcp"
rule_no = 100
action = "allow"
cidr_block = "0.0.0.0/0"
from_port = 80
to_port = 80
}
# Allow inbound SSH traffic from specific IP
ingress {
protocol = "tcp"
rule_no = 103
action = "allow"
cidr_block = "0.0.0.0/0"
from_port = 22
to_port = 22
}
# Allow outbound SSH traffic from specific IP
egress {
protocol = "tcp"
rule_no = 103
action = "allow"
cidr_block = "0.0.0.0/0"
from_port = 22
to_port = 22
}
tags = {
Name = "public NACL"
}
}
# Create bastion box
resource "aws_instance" "Bastion" {
ami = var.ami-id
instance_type = var.instance-type
key_name = "aws_key_name"
vpc_security_group_ids = ["security_group_id"]
subnet_id = "subnet_id"
tags = {
Name = "Bastion Server"
}
}我已经看了一段时间了,我真的看不出我哪里错了。是我的安全组还是我的IGW或路由表有问题?如果您觉得有任何其他需要的信息,请让我知道:)并提前感谢您的帮助
回答 1
Stack Overflow用户
发布于 2020-10-21 22:13:51
我想问题出在安全组上。
# SSH Traffic
ingress {
description = "SSH"
from_port = 0 # SSH client port is not a fixed port
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"] #allow web traffic. 46.64.73.251/32
}
egress {
from_port = 22
to_port = 0 # SSH client port is not a fixed port
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}https://stackoverflow.com/questions/64464951
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号