Terraform AWS 无法 ping，或者 ssh 刚刚创建了 EC2 实例

Question

我想寻求帮助。 我编写了创建 5 个 EC2 实例的 terraform 脚本，但我无法 ping 或 SSH 它们。 你觉得这有什么潜在的问题吗？我打开了 icmp、ssh，而不是当我检查其他计算机/站点时，我得到的端口已关闭。 当我手动创建 EC2 在我的计算机上工作时，我可以 ssh/ping，但不能使用这个 terraform 脚本。

provider "aws" {
  version = "~> 3.0"
  region  = "us-east-1"
  access_key = "AKxxxxxxxxxxx"
  secret_key = "2CLBj/s9dC5r52Y"
}

# Create a VPC
resource "aws_vpc" "BrokenByteVPC" {
  cidr_block = "192.168.100.0/28"
  tags = {
    Name = "BrokenByteVPC"
  }
}

resource "aws_subnet" "BrokenbyteLB-subnet" {
  vpc_id     = aws_vpc.BrokenByteVPC.id
  cidr_block = "192.168.100.0/28"
  availability_zone = "us-east-1a"
  tags = {
    Name = "BrokenbyteLB-subnet"
  }
}

resource "aws_internet_gateway" "BrokenByte-gateway" {
  vpc_id = aws_vpc.BrokenByteVPC.id

  tags = {
    Name = "BrokenByte-gateway"
  }
}

resource "aws_route_table" "BrokenByte-Route-table" {
  vpc_id = aws_vpc.BrokenByteVPC.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.BrokenByte-gateway.id
  }
}

resource "aws_route_table_association" "a" {
  subnet_id      = aws_subnet.BrokenbyteLB-subnet.id
  route_table_id = aws_route_table.BrokenByte-Route-table.id
}


resource "aws_security_group" "allow_traffic" {
  name        = "allow_Traffic"
  description = "Allow SSH,HTTP and HTTPS  inbound traffic"
  vpc_id      = aws_vpc.BrokenByteVPC.id


ingress {
    description = "Dozvoli SVEEEEEEEE"
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

ingress {
    description = "SSH traffic"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

ingress {
    description = "HTTP traffic"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    description = "HTTPS traffic"
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    Name = "Allow_ssh_http_https"
  }
}

resource "aws_network_interface" "NginX-public" {
  subnet_id       = aws_subnet.BrokenbyteLB-subnet.id
  #private_ips     = ["192.168.100.2"]
  security_groups = [aws_security_group.allow_traffic.id]
}

resource "aws_network_interface" "NginX-LB" {
  subnet_id       = aws_subnet.BrokenbyteLB-subnet.id
  private_ips     = ["192.168.100.10"]
  security_groups = [aws_security_group.allow_traffic.id]
}
resource "aws_network_interface" "www1" {
  subnet_id       = aws_subnet.BrokenbyteLB-subnet.id
  private_ips     = ["192.168.100.11"]
  security_groups = [aws_security_group.allow_traffic.id]
}
resource "aws_network_interface" "www2" {
  subnet_id       = aws_subnet.BrokenbyteLB-subnet.id
  private_ips     = ["192.168.100.12"]
  security_groups = [aws_security_group.allow_traffic.id]
}

resource "aws_network_interface" "www3" {
  subnet_id       = aws_subnet.BrokenbyteLB-subnet.id
  private_ips     = ["192.168.100.13"]
  security_groups = [aws_security_group.allow_traffic.id]
}

resource "aws_eip" "BrokenByte-PublicIP" {
  vpc                       = true
  network_interface         = aws_network_interface.NginX-public.id
  #associate_with_private_ip = "192.168.100.10"
  depends_on = [aws_internet_gateway.BrokenByte-gateway, aws_instance.BrokenByteNginX]
}

resource "aws_instance" "BrokenByteNginX" {
  ami = "ami-0dba2cb6798deb6d8"
  availability_zone = "us-east-1a"
  instance_type = "t2.micro"
  key_name = "aws_test"
  network_interface {
       device_index=0
       network_interface_id = aws_network_interface.NginX-LB.id
  }
    network_interface {
       device_index=1
       network_interface_id = aws_network_interface.NginX-public.id
  }
  
  
  tags = {
    Name = "BrokenByteNginXLB"
  }

  user_data =  <<-EOF
               #!/bin/bash
               sudo apt-get update -y
               EOF
}

resource "aws_instance" "BrokenByteWWW1" {
  ami = "ami-0dba2cb6798deb6d8"
  availability_zone = "us-east-1a"
  instance_type = "t2.micro"
  key_name = "aws_test"
  network_interface {
       device_index=0
       network_interface_id = aws_network_interface.www1.id
  }
  tags = {
    Name = "BrokenByteWWW1"
  }

}

resource "aws_instance" "BrokenByteWWW2" {
  ami = "ami-0dba2cb6798deb6d8"
  availability_zone = "us-east-1a"
  instance_type = "t2.micro"
  key_name = "aws_test"
  network_interface {
       device_index=0
       network_interface_id = aws_network_interface.www2.id
  }
  tags = {
    Name = "BrokenByteWWW2"
  }

}

resource "aws_instance" "BrokenByteWWW3" {
  ami = "ami-0dba2cb6798deb6d8"
  availability_zone = "us-east-1a"
  instance_type = "t2.micro"
  key_name = "aws_test"
  network_interface {
       device_index=0
       network_interface_id = aws_network_interface.www3.id
  }
  tags = {
    Name = "BrokenByteWWW3"
  }

}

Answer 1

您的所有实例都没有公共 IP 地址（带有aws_eip.BrokenByte-PublicIP 的实例除外），因为您的公共子网缺少map_public_ip_on_launch。您可以通过以下方式解决问题：

resource "aws_subnet" "BrokenbyteLB-subnet" {
  vpc_id     = aws_vpc.BrokenByteVPC.id
  cidr_block = "192.168.100.0/28"
  availability_zone = "us-east-1a"

  map_public_ip_on_launch = true

  tags = {
    Name = "BrokenbyteLB-subnet"
  }
}

Answer 2

我确定与网卡有关，但不确定是什么。 现在很好，我可以 ping 和 SSH，只是将公共 IP 交换为网络 0，然后我删除了网络代码。 @Marcin，你的第一个回复告诉我该往哪个方向看。

  # network_interface {
  #      device_index=0
  #      network_interface_id = aws_network_interface.NginX-LB.id
  # }
    network_interface {
       device_index=0
       network_interface_id = aws_network_interface.NginX-public.id
  }