使用Terraform时连接超时

Question

我尝试从子网和vpc id创建实例，但在提供远程exec.The时遇到问题。这样做的目的是创建两个公共子网(eu-west-1a)和两个私有子网(eu-west-1b)，并使用其中的子网和vpc id创建一个实例，然后使用ssh并安装nginx。我不确定如何解决这个问题，不幸的是，我不是Terraform的专家，所以这里需要指导。当我尝试使用命令提示符ssh它时，它显示连接超时。该端口在安全组端口22打开

╷│

 Error: remote-exec provisioner error
│ 
│   with aws_instance.EC2InstanceCreate,
│   on main_ec2.tf line 11, in resource "aws_instance" "EC2InstanceCreate":
│   11:   provisioner "remote-exec" {
│
│ timeout - last error: dial tcp 54.154.137.10:22: i/o timeout

╵

[1enter image description here

我的代码如下：

 `# Server Definition
resource "aws_instance" "EC2InstanceCreate" {
  ami                    = "${var.aws_ami}"
  instance_type          = "${var.server_type}"
  key_name               = "${var.target_keypairs}"
  subnet_id              = "${var.target_subnet}"

 
  provisioner "remote-exec" { 
  connection {
      type    = "ssh"
       host = "${self.public_ip}"
      user    = "centos"
      private_key = "${file("/home/michael/cs-104-michael/lesson6/EC2Tutorial.pem")}"
    timeout     = "5m"
    } 
  
  inline = [
  "sudo yum -y update",
  "sudo yum -y install nginx",
  "sudo service nginx start",
  "sudo yum -y install wget, unzip",
  
  ]

  
  }

  
  tags = {
    Name        = "cs-104-lesson6-michael"
    Environment = "TEST"
    App         = "React App"
  }
}

output "pub_ip" {
  value      = ["${aws_instance.EC2InstanceCreate.public_ip}"]
  depends_on = [aws_instance.EC2InstanceCreate]
}`

安全组配置：

# Create security group for webserver
resource "aws_security_group" "webserver_sg" {
  name        = "sg_ws_name"
  vpc_id      = "${var.target_vpc}"
  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    description = "HTTP"
    cidr_blocks = ["0.0.0.0/0"]
   }
  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    description = "HTTP"
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }
  tags = {
    Name = "Security Group VPC devmind" 
    Project = "demo-assignment"
  }
}

子网代码：

resource "aws_subnet" "public-subnet" {
 vpc_id      = "${aws_vpc.default.id}"
  cidr_block  = "${var.public_subnet_2a_cidr}"
  availability_zone = "eu-west-1a"
map_public_ip_on_launch = true
tags = {

Name = "Web Public subnet 1"

}

}

resource "aws_subnet" "public-subnet2" {      
 vpc_id      = "${aws_vpc.default.id}"        
  cidr_block  = "${var.public_subnet_2b_cidr}"
  availability_zone = "eu-west-1a"
map_public_ip_on_launch = true
tags = {

Name = "Web Public subnet 2"

}

}

# Define private subnets

resource "aws_subnet" "private-subnet" {      
 vpc_id      = "${aws_vpc.default.id}"
  cidr_block  = "${var.private_db_subnet_2a_cidr}"
  availability_zone = "eu-west-1b"
map_public_ip_on_launch = false
tags = {

Name = "App Private subnet 1"

}

}

resource "aws_subnet" "private-subnet2" {
 vpc_id      = "${aws_vpc.default.id}"
  cidr_block  = "${var.private_db_subnet_2b_cidr}"
  availability_zone = "eu-west-1b"
map_public_ip_on_launch = false
tags = {

Name = "App Private subnet 2"

}

}

私有网络代码：

# Define our VPC        
resource "aws_vpc" "default" {
  cidr_block  = "${var.vpc_cidr}"

  enable_dns_hostnames = true

tags = {

Name = "Devops POC VPC"

}

}  

Internet网关包含的代码：

# Internet Gateway      
resource "aws_internet_gateway" "gw" {
  vpc_id      = "${aws_vpc.default.id}"

tags = {

name = "VPC IGW"

}

} 

Answer 1

您没有为实例提供vpc_security_group_ids：

vpc_security_group_ids = [aws_security_group.webserver_sg.id]

可能还有许多其他问题，例如未显示的VPC设置不正确。