我有以下脚本:
terraform plan当它完成时,我可以看到所有内容都已创建,我可以将端口22打开并正确连接到实例的安全组,但我根本无法进入它。我正在使用Elastic Ip的公共IP。
这是Terraform will perform the following actions:
+ aws_eip.pib
id: <computed>
allocation_id: <computed>
association_id: <computed>
domain: <computed>
instance: "${aws_instance.proxy.id}"
network_interface: <computed>
private_ip: <computed>
public_ip: <computed>
vpc: "true"
+ aws_instance.proxy
id: <computed>
ami: "ami-286f2a44"
associate_public_ip_address: "false"
availability_zone: <computed>
ebs_block_device.#: <computed>
ephemeral_block_device.#: <computed>
instance_state: <computed>
instance_type: "t2.micro"
ipv6_address_count: <computed>
ipv6_addresses.#: <computed>
key_name: "spkeypar"
network_interface.#: <computed>
network_interface_id: <computed>
placement_group: <computed>
primary_network_interface_id: <computed>
private_dns: <computed>
private_ip: <computed>
public_dns: <computed>
public_ip: <computed>
root_block_device.#: <computed>
security_groups.#: <computed>
source_dest_check: "true"
subnet_id: "${aws_subnet.main.id}"
tenancy: <computed>
volume_tags.%: <computed>
vpc_security_group_ids.#: <computed>
+ aws_internet_gateway.igw
id: <computed>
tags.%: "1"
tags.Name: "igw"
vpc_id: "${aws_vpc.main.id}"
+ aws_security_group.ssh
id: <computed>
description: "(Proxy) Allow SSH"
egress.#: "1"
egress.482069346.cidr_blocks.#: "1"
egress.482069346.cidr_blocks.0: "0.0.0.0/0"
egress.482069346.description: ""
egress.482069346.from_port: "0"
egress.482069346.ipv6_cidr_blocks.#: "0"
egress.482069346.prefix_list_ids.#: "0"
egress.482069346.protocol: "-1"
egress.482069346.security_groups.#: "0"
egress.482069346.self: "false"
egress.482069346.to_port: "0"
ingress.#: "1"
ingress.2541437006.cidr_blocks.#: "1"
ingress.2541437006.cidr_blocks.0: "0.0.0.0/0"
ingress.2541437006.description: ""
ingress.2541437006.from_port: "22"
ingress.2541437006.ipv6_cidr_blocks.#: "0"
ingress.2541437006.protocol: "tcp"
ingress.2541437006.security_groups.#: "0"
ingress.2541437006.self: "false"
ingress.2541437006.to_port: "22"
name: "ssh"
owner_id: <computed>
revoke_rules_on_delete: "false"
vpc_id: "${aws_vpc.main.id}"
+ aws_subnet.main
id: <computed>
assign_ipv6_address_on_creation: "false"
availability_zone: <computed>
cidr_block: "10.0.1.0/24"
ipv6_cidr_block: <computed>
ipv6_cidr_block_association_id: <computed>
map_public_ip_on_launch: "false"
tags.%: "1"
tags.Name: "Main"
vpc_id: "${aws_vpc.main.id}"
+ aws_vpc.main
id: <computed>
assign_generated_ipv6_cidr_block: "false"
cidr_block: "10.0.0.0/16"
default_network_acl_id: <computed>
default_route_table_id: <computed>
default_security_group_id: <computed>
dhcp_options_id: <computed>
enable_classiclink: <computed>
enable_classiclink_dns_support: <computed>
enable_dns_hostnames: <computed>
enable_dns_support: "true"
instance_tenancy: <computed>
ipv6_association_id: <computed>
ipv6_cidr_block: <computed>
main_route_table_id: <computed>
Plan: 6 to add, 0 to change, 0 to destroy.
:
input[name="month"]我已阅读过文档,但无法找到任何线索
答案 0 :(得分:3)
您似乎缺少https://www.terraform.io/docs/providers/aws/r/eip_association.html
中所述的EIP到实例关联resource "aws_eip_association" "eip_assoc" {
instance_id = "${aws_instance.proxy.id}"
allocation_id = "${aws_eip.pib.id}"
}
好的,那不是它...公共路由然后我看到的另一种可能性缺失(换句话说,将该子网中的所有内容路由到IGW):
# Public routing
resource "aws_route_table" "public" {
vpc_id = "${aws_vpc.main.id}"
}
resource "aws_route" "public_default" {
route_table_id = "${aws_route_table.public.id}"
gateway_id = "${aws_internet_gateway.igw.id}"
destination_cidr_block = "0.0.0.0/0"
}
resource "aws_route_table_association" "public" {
subnet_id = "${aws_subnet.main.id}"
route_table_id = "${aws_route_table.public.id}"
}
在您的子网定义中,您需要:
map_public_ip_on_launch = true
否则它将是一个私有子网。