Ich habe das folgende Skript:Cant ssh in Server, obwohl Sicherheitsgruppe erlaubt es
provider "aws" {
access_key = "xxx"
secret_key = "xxx"
region = "sa-east-1"
}
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
}
resource "aws_internet_gateway" "igw" {
vpc_id = "${aws_vpc.main.id}"
tags {
Name = "igw"
}
}
resource "aws_subnet" "main" {
vpc_id = "${aws_vpc.main.id}"
cidr_block = "10.0.1.0/24"
tags {
Name = "Main"
}
depends_on = [
"aws_internet_gateway.igw"
]
}
resource "aws_security_group" "ssh" {
name = "ssh"
description = "(Proxy) Allow SSH"
vpc_id = "${aws_vpc.main.id}"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_instance" "proxy" {
ami = "ami-286f2a44"
instance_type = "t2.micro"
key_name = "spkeypar"
subnet_id = "${aws_subnet.main.id}"
security_groups = ["${aws_security_group.ssh.id}"]
associate_public_ip_address = false
}
resource "aws_eip" "pib" {
instance = "${aws_instance.proxy.id}"
vpc = true
}
output "ip" {
value = "${aws_eip.pib.public_ip}"
}
, wenn es fertig ist, kann ich sehen, alles geschaffen wurde, kann ich die Sicherheitsgruppe mit Port 22 offen und korrekt angebracht die Instanz, aber ich kann überhaupt nicht hineinsehen. Ich benutze die öffentliche IP von Elastic Ip.
Dies ist die Ausgabe von terraform plan
:
Terraform will perform the following actions:
+ aws_eip.pib
id: <computed>
allocation_id: <computed>
association_id: <computed>
domain: <computed>
instance: "${aws_instance.proxy.id}"
network_interface: <computed>
private_ip: <computed>
public_ip: <computed>
vpc: "true"
+ aws_instance.proxy
id: <computed>
ami: "ami-286f2a44"
associate_public_ip_address: "false"
availability_zone: <computed>
ebs_block_device.#: <computed>
ephemeral_block_device.#: <computed>
instance_state: <computed>
instance_type: "t2.micro"
ipv6_address_count: <computed>
ipv6_addresses.#: <computed>
key_name: "spkeypar"
network_interface.#: <computed>
network_interface_id: <computed>
placement_group: <computed>
primary_network_interface_id: <computed>
private_dns: <computed>
private_ip: <computed>
public_dns: <computed>
public_ip: <computed>
root_block_device.#: <computed>
security_groups.#: <computed>
source_dest_check: "true"
subnet_id: "${aws_subnet.main.id}"
tenancy: <computed>
volume_tags.%: <computed>
vpc_security_group_ids.#: <computed>
+ aws_internet_gateway.igw
id: <computed>
tags.%: "1"
tags.Name: "igw"
vpc_id: "${aws_vpc.main.id}"
+ aws_security_group.ssh
id: <computed>
description: "(Proxy) Allow SSH"
egress.#: "1"
egress.482069346.cidr_blocks.#: "1"
egress.482069346.cidr_blocks.0: "0.0.0.0/0"
egress.482069346.description: ""
egress.482069346.from_port: "0"
egress.482069346.ipv6_cidr_blocks.#: "0"
egress.482069346.prefix_list_ids.#: "0"
egress.482069346.protocol: "-1"
egress.482069346.security_groups.#: "0"
egress.482069346.self: "false"
egress.482069346.to_port: "0"
ingress.#: "1"
ingress.2541437006.cidr_blocks.#: "1"
ingress.2541437006.cidr_blocks.0: "0.0.0.0/0"
ingress.2541437006.description: ""
ingress.2541437006.from_port: "22"
ingress.2541437006.ipv6_cidr_blocks.#: "0"
ingress.2541437006.protocol: "tcp"
ingress.2541437006.security_groups.#: "0"
ingress.2541437006.self: "false"
ingress.2541437006.to_port: "22"
name: "ssh"
owner_id: <computed>
revoke_rules_on_delete: "false"
vpc_id: "${aws_vpc.main.id}"
+ aws_subnet.main
id: <computed>
assign_ipv6_address_on_creation: "false"
availability_zone: <computed>
cidr_block: "10.0.1.0/24"
ipv6_cidr_block: <computed>
ipv6_cidr_block_association_id: <computed>
map_public_ip_on_launch: "false"
tags.%: "1"
tags.Name: "Main"
vpc_id: "${aws_vpc.main.id}"
+ aws_vpc.main
id: <computed>
assign_generated_ipv6_cidr_block: "false"
cidr_block: "10.0.0.0/16"
default_network_acl_id: <computed>
default_route_table_id: <computed>
default_security_group_id: <computed>
dhcp_options_id: <computed>
enable_classiclink: <computed>
enable_classiclink_dns_support: <computed>
enable_dns_hostnames: <computed>
enable_dns_support: "true"
instance_tenancy: <computed>
ipv6_association_id: <computed>
ipv6_cidr_block: <computed>
main_route_table_id: <computed>
Plan: 6 to add, 0 to change, 0 to destroy.
ich die Dokumentation gelesen habe aber keine Ahnung nicht gefunden konnte
Sie benötigen keine separate EIP. Warum sagst du nicht 'associate_public_ip_address = true' und gib 'aws_instance.proxy.public_ip_address' aus? – favoretti
in meinem Fall, ich brauche wirklich :( –
Ok, dann wo ist Ihr Anhang von EIP an die Instanz? – favoretti