问题描述
我从昨天开始就一直在尝试让这个 CloudFormation 模板工作......目标是将 EC2 实例启动到我可以通过 HTTP 访问的公共子网中。对我来说,一切看起来都已正确创建,但该实例无法在浏览器中连接。我检查过的东西:
- 部署在正确子网中的 EC2 实例
- 子网有一个指向 IGW 的路由表
- EC2 实例有一个公共 IP
- 安全组允许所有来源通过端口 80、443 和 22 进行入站访问
- 在没有用户数据的情况下创建
- 经过验证的用户数据可在手动 EC2 中正常工作
对于其他检查事项有什么建议吗?
这是我的模板:
Resources:
myVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.2.0.0/16
Tags:
- Key: Name
Value: myVPC
WebDMZcf:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Open to HTTP,HTTPS and SSH on all ports
GroupName: WebDMZcf
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: WebDMZcf
VpcId:
Ref: myVPC
myInternetGatewayCF:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: myInternetGatewayCF
myInternetGatewayCFAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId:
Ref: myInternetGatewayCF
VpcId:
Ref: myVPC
myRouteTableCF:
Type: AWS::EC2::RouteTable
Properties:
Tags:
- Key: Name
Value: myRouteTableCF
VpcId:
Ref: myVPC
IGWRoute:
Type: AWS::EC2::Route
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId:
Ref: myInternetGatewayCF
RouteTableId:
Ref: myRouteTableCF
Publicsubnet:
Type: AWS::EC2::subnet
Properties:
CidrBlock: 10.2.1.0/24
# MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Publicsubnet
VpcId:
Ref: myVPC
PublicEC2:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-047a51fa27710816e
InstanceType: t2.micro
NetworkInterfaces:
- AssociatePublicIpAddress: True
DeviceIndex: 0
subnetId:
Ref: Publicsubnet
DeleteOnTermination: True
GroupSet:
- Ref: WebDMZcf
Tags:
- Key: Name
Value: PublicEC2
UserData:
!Base64 |
#!/bin/bash
# Install Apache Web Server
yum install httpd -y
systemctl start httpd
systemctl enable httpd
# discovery configuration from using the EC2 Metadata service
ID=$(curl 169.254.169.254/latest/Meta-data/instance-id)
TYPE=$(curl 169.254.169.254/latest/Meta-data/instance-type)
AZ=$(curl 169.254.169.254/latest/Meta-data/placement/availability-zone)
IPV4=$(curl -f 169.254.169.254/latest/Meta-data/public-ipv4)
# Set up the Web Site
cd /var/www/html
## Generate customized index.html for this instance
echo "<html><body><H1>Hello,EC2 Instance!</H1><p><p>" > ./index.html
echo "The ID of this instance is " >> ./index.html
echo "<strong>$ID</strong>.<p><p>" >> ./index.html
echo "This is a <strong>$TYPE</strong> instance" >> ./index.html
echo " in <strong>$AZ</strong>. <p><p>" >> ./index.html
if [ "$IPV4" ];
then
echo "The public ip is <strong>$IPV4</strong>.<p><p>" >> ./index.html
else
echo "This instance does <strong>NOT</strong> have" >> ./index.html
echo "a public ip address.<p><p>" >> ./index.html
fi
echo "</body></html>" >> ./index.html
编辑:
我现在已经向实例添加了一个密钥对,但我无法在其中使用 SSH。当我尝试使用控制台中的“连接”按钮时,我得到了这个:
There was a problem connecting to your instance We were unable to connect to your instance. Make sure that your instance’s network settings are configured correctly for EC2 Instance Connect. For more information,see [Task 1: Configure network access to an instance.][1] 我现在正在调查。
解决方法
您没有 SubnetRouteTableAssociation,因此您的公有子网未与 VPC 的默认路由表相关联,因此您的公有子网没有到 Internet 网关的默认路由,因此无法访问 Internet。
添加以下内容:
PublicSubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref myRouteTableCF
SubnetId: !Ref PublicSubnet