Terraform - 无法访问 Web 服务器 - 实例停止服务

Question

我正在运行以下 terraform 代码以在 VPC 中部署一个 ec2 实例以用作 Web 服务器，但由于某种原因我无法访问该网站并且无法对其进行嘘声，我相信我已经正确设置了入口和出口规则：

########Provider########

provider "aws" {
    region      = "us-west-2"
    access_key  = "[redacted]"
    secret_key  = "[redacted]"
}

########VPC########
resource "aws_vpc" "vpc1" {
  cidr_block       = "10.1.0.0/16"
  tags = {
    Name = "Production"
  }
}

########Internet GW########
resource "aws_internet_gateway" "gw" {
  vpc_id = aws_vpc.vpc1.id
}

########Route table########
resource "aws_route_table" "rt" {
  vpc_id = aws_vpc.vpc1.id
  route {
    cidr_block = "0.0.0.0/24"
    gateway_id = aws_internet_gateway.gw.id
  }

  route {
    ipv6_cidr_block = "::/0"
    gateway_id = aws_internet_gateway.gw.id
  }

}

########Sub Net########
resource "aws_subnet" "subnet1" {
  vpc_id     = aws_vpc.vpc1.id
  cidr_block = "10.1.0.0/24"
  availability_zone = "us-west-2a"
  map_public_ip_on_launch = "true"

  tags = {
    Name = "prod-subnet-1"
  }
}

########RT assosiation########
resource "aws_route_table_association" "a" {
  subnet_id      = aws_subnet.subnet1.id
  route_table_id = aws_route_table.rt.id
}

########Security Group########
resource "aws_security_group" "sec1" {
  name        = "allow_web"
  description = "Allow web inbound traffic"
  vpc_id      = aws_vpc.vpc1.id

  ingress {
    description = "HTTP from VPC"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["10.1.0.0/16"]
  }

        #SSH access from anywhere
  ingress {
    description = "SSH from VPC"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    Name = "allow_web"
  }
}

########Net Interface for the Instance########
#resource "aws_network_interface" "wsn" {
#  subnet_id       = aws_subnet.subnet1.id
#  private_ips     = ["10.0.1.50"]
#  security_groups = [aws_security_group.sec1.id]
#}

########Load Balancer########
resource "aws_elb" "elb" {
    name = "lb"
    subnets = [aws_subnet.subnet1.id]
    security_groups = [aws_security_group.sec1.id]
    instances = [aws_instance.web1.id]

    listener {
        instance_port = 80
        instance_protocol = "http"
        lb_port = 80
        lb_protocol = "http"


    }

}

########EC2 Instance########
resource "aws_instance" "web1" {
    ami             = "ami-003634241a8fcdec0" #ubuntu 18.4
    instance_type   = "t2.micro"
    availability_zone = "us-west-2a"
    key_name = "main-key"
    subnet_id = aws_subnet.subnet1.id

    #network_interface {
    #        device_index = 0
    #        network_interface_id = aws_network_interface.wsn.id
    #}

    user_data = <<-EOF
        #!/bin/bash
        sudo apt update -y
        sudo apt install apache2 -y
        sudo systemctl start apache2
        sudo bash -c 'echo Hello world!!! > /var/www/html/index.html'

        
        EOF



    tags = {
    Name = "HelloWorld"
  }
}

output "aws_elb_public_dns" {
    value = aws_elb.elb.dns_name

}

计划和应用运行正常，但在负载均衡器中，实例“停止服务” 这里有什么问题？？

Answer 1

您的实例缺少安全组：vpc_security_group_ids。

随后，您将无法通过 ssh 访问它，也不会允许来自外部的 http 流量。

您的到 IGW 的路线也不正确。应该是：

    cidr_block = "0.0.0.0/0"

对于您的 ELB，SG 也是如此，以允许来自 Internet 的流量。应该是：

 cidr_blocks = ["0.0.0.0/0"]