无法通过 Internet 访问负载均衡器 aws

【问题标题】:No internet access to load balancer aws无法通过 Internet 访问负载均衡器 aws
【发布时间】:2023-03-08 23:25:01
【问题描述】:

伙计们。 我是新手,正在尝试通过 terraform 创建蓝绿部署 aws 的基础设施。 我在 2 个公共区域、1 个互联网网关、1 个弹性负载均衡器、安全组、1 个 vpc 上创建了 2 个实例。 但我无法登录负载均衡器 dns。我相信,我忘记了什么。另外请建议,如果我应该为公共区域创建一个 NAT,我猜 - 不。

主要

provider "aws" {
  profile = "default"
  region = var.region_name
}


resource "aws_vpc" "main_subnet" {
  cidr_block = "10.0.0.0/16"
  tags = {
    Name = "Main Subnet"
  }
}


resource "aws_subnet" "public_subnet_1" {
  vpc_id     = aws_vpc.main_subnet.id
  cidr_block = "10.0.10.0/24"
  availability_zone = data.aws_availability_zones.my-zones.names[0]

  tags = {
    Name = "Public Subnet1"
  }
}


resource "aws_subnet" "public_subnet_2" {
  vpc_id     = aws_vpc.main_subnet.id
  cidr_block = "10.0.20.0/24"
  availability_zone = data.aws_availability_zones.my-zones.names[1]

  tags = {
    Name = "Public Subnet 2"
  }
}


resource "aws_subnet" "private_subnet_1" {
  vpc_id     = aws_vpc.main_subnet.id
  cidr_block = "10.0.11.0/24"
  availability_zone = data.aws_availability_zones.my-zones.names[0]


  tags = {
    Name = "Private Subnet 1"
  }
}

resource "aws_subnet" "private_subnet_2" {
  vpc_id     = aws_vpc.main_subnet.id
  cidr_block = "10.0.21.0/24"
  availability_zone = data.aws_availability_zones.my-zones.names[1]

  tags = {
    Name = "Private Subnet 2"
  }
}

互联网网关

resource "aws_internet_gateway" "gw" {
  vpc_id = aws_vpc.main_subnet.id

  tags = {
    Name = "Main internet gateway"
  }
}

EC2

resource "aws_instance" "test_server" {
  ami = "ami-0453cb7b5f2b7fca2"
  instance_type = "t2.micro"
  user_data = file("init_script.sh")
//  vpc_security_group_ids = [aws_security_group.my_sg.id]
  subnet_id = aws_subnet.public_subnet_1.id
  security_groups = [aws_security_group.my_sg.id]

  tags = {
    Name = "ExampleAppServerInstance"
  }

  key_name = var.keypair
}



resource "aws_instance" "test_server2" {
  ami = "ami-0453cb7b5f2b7fca2"
  instance_type = "t2.micro"
  user_data = file("init_script.sh")
  //  vpc_security_group_ids = [aws_security_group.my_sg.id]
  subnet_id = aws_subnet.public_subnet_2.id
  security_groups = [aws_security_group.my_sg.id]

  tags = {
    Name = "ExampleAppServerInstance2"
  }

  key_name = var.keypair
}

负载均衡器

resource "aws_eip" "lb" {
  instance = aws_instance.test_server.id
}

resource "aws_lb" "my_lb" {
  name = "my-lb"
  load_balancer_type = "application"
  security_groups = [
    aws_security_group.my_sg.id]
  subnets = [
    aws_subnet.public_subnet_1.id,
    aws_subnet.public_subnet_2.id]

  //  access_logs {
  //    bucket  = aws_s3_bucket.my_bucket.bucket
  //    prefix  = "test-lb-log-"
  //    enabled = true
  //  }

  tags = {
    Name = "My loadbalancer"
  }
}


resource "aws_lb_listener" "front_end" {
  load_balancer_arn = aws_lb.my_lb.arn
  port              = "80"
  protocol          = "HTTP"

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.my_tg.arn
  }
}


resource "aws_lb_target_group" "my_tg" {
  name = "http-tg"
  port = 80
  protocol = "HTTP"
  vpc_id = aws_vpc.main_subnet.id
  target_type = "instance"
}

resource "aws_lb_target_group_attachment" "host1" {
  target_group_arn = aws_lb_target_group.my_tg.arn
  target_id        = aws_instance.test_server.id
  port             = 80
}

resource "aws_lb_target_group_attachment" "host2" {
  target_group_arn = aws_lb_target_group.my_tg.arn
  target_id        = aws_instance.test_server2.id
  port             = 80
}

路由

resource "aws_route_table" "web" {
  vpc_id = aws_vpc.main_subnet.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.gw.id
  }

  tags = {
    Name = "Net rules"
  }
}

安全组

resource "aws_security_group" "my_sg" {
  name = "my_sg"
  vpc_id = aws_vpc.main_subnet.id

  dynamic "ingress" {
    for_each = var.sg_ports
    content {
      from_port = ingress.value
      to_port = ingress.value
      protocol = "tcp"
      cidr_blocks = [
        "0.0.0.0/0"]
    }
  }

  egress {
    from_port = 0
    to_port = 0
    protocol = "-1"
    cidr_blocks = [
      "0.0.0.0/0"]
  }

  tags = {
    Name = "allow_http_https_ssh"
  }
}

数据

data "aws_availability_zones" "my-zones"{
  state = "available"
}

变量

variable "region_name" {
  description = "The desired region of work"
  default = "eu-central-1"
}

variable "sg_ports" {
  type = list(number)
  default = [22, 80, 443]
}


variable "keypair" {
  default = "aws_privatekey"
}

init_script.sh

#!/bin/bash
yum update -y
amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
yum install -y httpd mariadb-server
systemctl start httpd
systemctl enable httpd
usermod -a -G apache ec2-user
chown -R ec2-user:apache /var/www
chmod 2775 /var/www
find /var/www -type d -exec chmod 2775 {} \;
find /var/www -type f -exec chmod 0664 {} \;
echo "<?php phpinfo(); ?>" > /var/www/html/index.php

【问题讨论】:

  • 我认为您需要将您的resource "aws_route_table" "web" 路由表关联到公共子网。
  • 非常感谢,很有帮助。

标签: amazon-web-services amazon-ec2 terraform


【解决方案1】:

您不需要为公共子网创建 NAT 网关,NAT 用于没有直接 Internet 访问权限的私有子网。

您能否告诉我您是否尝试通过 SSH 连接您的负载均衡器 DNS 或 EC2 实例,也是公共子网 EC2 实例还是私有实例。

【讨论】:

  • 我正在尝试 ssh 到 EC2,还尝试在负载均衡器 dns 和 EC2 的 ip 处打开网页。 EC2 位于公共子网中,在创建负载均衡器之前,一切正常。
【解决方案2】:

问题是,我没有将路由与公共子网关联

resource "aws_route_table_association" "a" {
  subnet_id      = aws_subnet.public_subnet_1.id
  route_table_id = aws_route_table.web.id
}


resource "aws_route_table_association" "b" {
  subnet_id      = aws_subnet.public_subnet_2.id
  route_table_id = aws_route_table.web.id
}

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2014-12-18
    • 2015-12-04
    • 2021-06-26
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode