【发布时间】:2021-12-29 20:18:24
【问题描述】:
我正在尝试通过 cloudformation 部署一组 EC2 实例。我的 cloudformation 的代码:
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref ESVpcCIDR
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: ES-VPC
#Connection configuration Starts
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: ESInternetGateway
InternetGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
#Conection Configuration ends
ESJenkinsSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: !Ref ESJenkinsCIDR
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: ESJenkinsSubnet
ESDevMuleSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: !Ref ESDevMuleCIDR
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: ESDevMuleSubnet
#Route Table configuration starts
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: RouteTable
DefaultRoute:
Type: AWS::EC2::Route
DependsOn: InternetGatewayAttachment
Properties:
RouteTableId: !Ref RouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
ESJenkinsSubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref ESJenkinsSubnet
ESDevMuleSubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref ESDevMuleSubnet
#Security Group Start
NoIngressSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: "no-ingress-security-group"
GroupDescription: "Security group with no ingress rule"
VpcId: !Ref VPC
ESJenkinsSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupName: "ES-Jenkins-security-group"
GroupDescription: Enable SSH access via port 22
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 8080
ToPort: 8085
CidrIp: 0.0.0.0/0
ESDEVMuleSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupName: "ES-DEV-Mule-security-group"
GroupDescription: Enable SSH access via port 22
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 8080
ToPort: 8085
CidrIp: 0.0.0.0/0
EC2InstanceMuleDev:
Type: AWS::EC2::Instance
Properties:
InstanceType: !Ref ESMuleDEVInstanceType
ImageId:
Fn::FindInMap:
- RegionMap
- Ref: AWS::Region
- MuleAMI
NetworkInterfaces:
- GroupSet:
- Ref: ESDEVMuleSecurityGroup
AssociatePublicIpAddress: 'true'
DeviceIndex: '0'
SubnetId: !Ref ESDevMuleSubnet
KeyName: !Ref ESLoginKeyPair
Tags:
- Key: Name
Value: ESDEVMULE
EC2InstanceJenkins:
Type: AWS::EC2::Instance
Properties:
InstanceType: !Ref ESJenkinsInstanceType
ImageId:
Fn::FindInMap:
- RegionMap
- Ref: AWS::Region
- JenkinsAMI
NetworkInterfaces:
- GroupSet:
- Ref: ESJenkinsSecurityGroup
AssociatePublicIpAddress: 'true'
DeviceIndex: '0'
SubnetId:
Ref: ESJenkinsSubnet
KeyName: !Ref ESLoginKeyPair
Tags:
- Key: Name
Value: ESJENKINS
我正在使用create-key-pair 命令通过 AWS CLI 创建此处提到的密钥对。
问题是。我无法通过 SSH 连接到任何实例。 SSH 客户端抛出 key too public 错误。我错过了任何连接细节?
所有必需的参数引用都已通过参数存储处理。 AMI 的映射已正确完成,出于明显的原因未包括在此处。
更新 我尝试在默认 VPC 中创建一个独立实例,也在其他 AWS 账户中,同样的问题。所以,我不认为问题出在模板上,而是 SSH 问题。
【问题讨论】:
-
确切的错误信息是什么?
-
“ESLoginKeyPair.pem”的权限 0555 太开放。要求您的私钥文件不能被其他人访问。此私钥将被忽略。加载密钥“ESLoginKeyPair.pem”:错误权限 ec2-user@ec2-35-89-4-252.us-west-2.compute.amazonaws.com:权限被拒绝(公钥)。
-
进展如何?仍然不清楚你能做什么?
-
@Marcin 是的,到目前为止未解决,我尝试了 chmod 400、600、644,尝试将
root更改为ec2-user,ubuntu,但没有解决。如果有帮助,我已经从 Amazon Linux 2 制作了自定义 AMI。
标签: amazon-web-services amazon-ec2 ssh amazon-cloudformation