我有以下 cloudformation 模板,它可以正确创建 ec2 实例,但无法通过 putty 中的实例连接或 ssh 连接到 ec2 实例。我看到其他答案建议将互联网网关附加到子网,我已经这样做了,但它仍然不起作用:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Metadata": {
"AWS::CloudFormation::Designer": {
"60dcb39c-cc02-4b3a-bc24-159bb4641b6d": {
"size": {
"width": 60,
"height": 60
},
"position": {
"x": 150,
"y": 90
},
"z": 1,
"embeds": [],
"iscontainedinside": [
"f249024f-80d9-4123-8e23-c94b2a3369bc"
]
},
"27de666e-5af9-44ee-bfa5-67e48f8cce27": {
"size": {
"width": 60,
"height": 60
},
"position": {
"x": 240,
"y": 90
},
"z": 1,
"embeds": [],
"iscontainedinside": [
"0c56b978-8a45-40dc-9691-635296a3fa7e"
]
},
"f249024f-80d9-4123-8e23-c94b2a3369bc": {
"size": {
"width": 90,
"height": 90
},
"position": {
"x": 360,
"y": 90
},
"z": 1,
"embeds": []
},
"0c56b978-8a45-40dc-9691-635296a3fa7e": {
"size": {
"width": 90,
"height": 90
},
"position": {
"x": 930,
"y": 150
},
"z": 1,
"embeds": []
},
"7ca9ec38-462f-4daa-be8e-3360b3396a7b": {
"size": {
"width": 60,
"height": 60
},
"position": {
"x": 270,
"y": 210
},
"z": 1,
"embeds": []
},
"45db66a4-341b-4870-90e9-408effaccabd": {
"size": {
"width": 60,
"height": 60
},
"position": {
"x": 420,
"y": 270
},
"z": 1,
"embeds": []
}
}
},
"Resources": {
"vpc1": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "70.70.0.0/16",
"EnableDnsSupport": "true",
"EnableDnsHostnames": "true"
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "0c56b978-8a45-40dc-9691-635296a3fa7e"
}
}
},
"subnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "vpc1"
},
"CidrBlock": "70.70.0.0/24",
"MapPublicIpOnLaunch": true,
"AvailabilityZone": "ap-south-1a"
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "f249024f-80d9-4123-8e23-c94b2a3369bc"
}
}
},
"secGrp1": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupName": "secGrpNm",
"GroupDescription": "secGrpDesc",
"VpcId": {
"Ref": "vpc1"
},
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": 8080,
"ToPort": 8080,
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": 22,
"ToPort": 22,
"CidrIp": "0.0.0.0/0"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0",
"Description": "Allow all traffic"
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "27de666e-5af9-44ee-bfa5-67e48f8cce27"
}
}
},
"ec2": {
"Type": "AWS::EC2::Instance",
"Properties": {
"ImageId": "ami-0376ec8eacdf70aae",
"InstanceType": "t2.micro",
"AvailabilityZone": "ap-south-1a",
"KeyName": "kipee",
"IamInstanceProfile": {
"Ref": "instanceProfile1"
},
"NetworkInterfaces": [
{
"AssociatePublicIpAddress": "true",
"DeviceIndex": "0",
"SubnetId": {
"Ref": "subnet1"
},
"GroupSet": [
{
"Ref": "secGrp1"
}
]
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "60dcb39c-cc02-4b3a-bc24-159bb4641b6d"
}
}
},
"instanceProfile1": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [
{
"Ref": "role1"
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "7ca9ec38-462f-4daa-be8e-3360b3396a7b"
}
}
},
"ig1": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {}
},
"gateway1": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": { "Ref": "vpc1" },
"InternetGatewayId": { "Ref": "ig1" }
}
},
"role1": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
},
"Path": "/",
"Policies": [
{
"PolicyName": "XrayWriteOnlyAccess",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords",
"xray:GetSamplingRules",
"xray:GetSamplingTargets",
"xray:GetSamplingStatisticSummaries"
],
"Resource": "*"
}
]
}
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "45db66a4-341b-4870-90e9-408effaccabd"
}
}
}
}
}
下面是堆栈的事件日志:
在 putty 中连接 key 对时出现超时错误:
这是实例连接错误:
更新1:
我在云形成中添加了网络行为,错误发生了变化,但我仍然无法连接:
"netAcl1": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": { "Ref": "vpc1" },
"Tags": [
{ "Key": "Name", "Value": "netAcl1" }
]
}
},
"MyNetworkAclInboundRule": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": { "Ref": "netAcl1" },
"RuleNumber": 100,
"Protocol": "6",
"RuleAction": "allow",
"CidrBlock": "0.0.0.0/0",
"Egress": false,
"PortRange": {
"From": 22,
"To": 22
}
}
},
"MyNetworkAclOutboundRule": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": { "Ref": "netAcl1" },
"RuleNumber": 100,
"Protocol": "6",
"RuleAction": "allow",
"CidrBlock": "0.0.0.0/0",
"Egress": true,
"PortRange": {
"From": 22,
"To": 22
}
}
}
新的错误是:
最佳答案
除了networkAcl之外,我似乎还缺少一些其他资源,例如路由,路由表,子网路由表关联。以下示例使我能够执行 ssh 操作,尽管它仍然没有修复实例连接,但现在我至少可以使用 ssh 工作:
{
"Resources": {
"MyVpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"EnableDnsSupport": "true",
"EnableDnsHostnames": "true"
}
},
"MySubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "MyVpc"
},
"CidrBlock": "10.0.1.0/24",
"MapPublicIpOnLaunch": true,
"AvailabilityZone": "ap-south-1a"
}
},
"MyInstance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"ImageId": "ami-0376ec8eacdf70aae",
"InstanceType": "t2.micro",
"KeyName": "kp1",
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash\n",
"echo 'Hello, World!' > /tmp/hello\n"
]
]
}
},
"NetworkInterfaces": [
{
"DeviceIndex": "0",
"AssociatePublicIpAddress": "true",
"DeleteOnTermination": "true",
"SubnetId": {
"Ref": "MySubnet"
},
"GroupSet": [
{
"Ref": "MySecurityGroup"
}
]
}
]
}
},
"MySecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "MyVpc"
},
"GroupDescription": "Allow SSH and HTTP traffic",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": 22,
"ToPort": 22,
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": 8080,
"ToPort": 8080,
"CidrIp": "0.0.0.0/0"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
]
}
},
"MyInternetGateway": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {}
},
"GatewayAttachment": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "MyVpc"
},
"InternetGatewayId": {
"Ref": "MyInternetGateway"
}
}
},
"PublicRouteTable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "MyVpc"
}
}
},
"PublicRoute": {
"Type": "AWS::EC2::Route",
"DependsOn": "GatewayAttachment",
"Properties": {
"RouteTableId": {
"Ref": "PublicRouteTable"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "MyInternetGateway"
}
}
},
"PublicSubnet1RouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "MySubnet"
},
"RouteTableId": {
"Ref": "PublicRouteTable"
}
}
},
"MyNetworkAcl": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {
"Ref": "MyVpc"
}
}
},
"MyNetworkAclEntryIngress1": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": {
"Ref": "MyNetworkAcl"
},
"RuleNumber": 100,
"Protocol": "6",
"RuleAction": "allow",
"CidrBlock": "0.0.0.0/0",
"Egress": false,
"PortRange": {
"From": 22,
"To": 22
}
}
},
"MyNetworkAclEntryEgress1": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": {
"Ref": "MyNetworkAcl"
},
"RuleNumber": 100,
"Protocol": "6",
"RuleAction": "allow",
"CidrBlock": "0.0.0.0/0",
"Egress": true,
"PortRange": {
"From": 22,
"To": 22
}
}
}
}
}
关于amazon-web-services - AWS XRay 模板正确创建 EC2 实例,但无法使用实例连接或 ssh 进行连接,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/75962122/