Instance Provisioning with remote-exec in Terraform docs not working on MacOS. Error: timeout

Instance Provisioning with remote-exec in Terraform docs not working on MacOS. Error: timeout

我一直在使用 terraform 文档来学习 terraform,但是 I'm stuck at this step where I need to SSH into an ec2-instance.

默认 5 分钟后,我经常收到超时错误

aws_instance.example (remote-exec): Connecting to remote host via SSH...
aws_instance.example (remote-exec):   Host: 63.32.57.5
aws_instance.example (remote-exec):   User: ec2-user
aws_instance.example (remote-exec):   Password: false
aws_instance.example (remote-exec):   Private key: true
aws_instance.example (remote-exec):   Certificate: false
aws_instance.example (remote-exec):   SSH Agent: true
aws_instance.example (remote-exec):   Checking Host Key: false
aws_instance.example: Still creating... [5m10s elapsed]
aws_instance.example: Still creating... [5m20s elapsed]


Error: timeout - last error: dial tcp 63.32.57.5:22: i/o timeout

正常ssh进入服务器returns超时。 

ssh -i ~/.ssh/terraform ec2-user@52.215.89.205

returns

ssh: connect to host 52.215.89.205 port 22: Operation timed out

很明显问题是因为安全组中不允许ssh。在 terraform 中如何获取默认 vpc?

我在一些在线答案(例如 here)中发现,要消除此错误,我需要设置一个安全组,以允许通过端口 22 进入 ec2 实例。但直到文档中的这一点,我们还没有创建或设置任何安全组、VPC 或子网。

I also tried to research further in the documentation to try to create my own security group. That's where I found out that a security group also depends on creating a VPC resource. 当然,在创建 VPC 之后,您将不得不进行一些额外的配置,例如创建自己的子网、路由 table、弹性 IP 等。

解决这个问题的简单方法是什么?我不能使用默认 VPC 的凭据而不是创建新的 VPC。如果可以,那怎么做?

这是文档中到目前为止我的 Terraform 代码。 

provider "aws" {
  profile = "default"
  region  = "eu-west-1"
  version = "~> 2.49"
}

resource "aws_key_pair" "example" {
  key_name = "examplekey"
  public_key = file("~/.ssh/terraform.pub")
}

resource "aws_instance" "example" {
  key_name = aws_key_pair.example.key_name
  ami = "ami-0e61341fa75fcaa18"
  instance_type = "t2.micro"
  # vpc_security_group_ids = ["sg-0e8bcd72"]
  # subnet_id = "subnet-6f86e027"

  connection {
    type = "ssh"
    user = "ec2-user"
    private_key = file("~/.ssh/terraform")
    host = self.public_ip
  }

  provisioner "remote-exec" {
    inline = [
      "sudo amazon-linux-extras enable nginx1.12",
      "sudo yum -y install nginx",
      "sudo systemctl start nginx"
    ]
  }
}


resource "aws_eip" "ip" {
  vpc = true
  instance = aws_instance.example.id
}

如何消除此超时错误?

找到了一种添加安全组并允许从 terraform 脚本访问 ec2 实例的方法。此解决方案将允许入口(入站)和出口(出站)访问创建的 ec2 实例。

如果全部运行成功,当您在浏览器中访问创建的实例的 public IP 时,您应该会看到此页面。

注意:请确保为支持 amazon-linux-extras 的 EC2 实例使用 ami,或将其添加到 remote-exec 配置程序

中的安装

创建安全组

resource "aws_security_group" "instance" {
  name = "terraform-example-instance"

  ingress {
    from_port   = 8080
    to_port     = 8080
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

然后像这样添加到aws_instance资源中

resource "aws_instance" "example" {
  key_name = aws_key_pair.example.key_name
  ami = "ami-0e61341fa75fcaa18"
  instance_type = "t2.micro"
  vpc_security_group_ids = [aws_security_group.instance.id]
  # subnet_id = "subnet-6f86e027"

  connection {
    type = "ssh"
    user = "ec2-user"
    private_key = file("~/.ssh/terraform")
    host = self.public_ip
  }

  provisioner "remote-exec" {
    inline = [
      "sudo amazon-linux-extras enable nginx1.12",
      "sudo yum -y install nginx",
      "sudo systemctl start nginx"
    ]
  }
}

我的完整 terraform 代码现在如下所示:

provider "aws" {
  profile = "default"
  region  = "eu-west-1"
  version = "~> 2.49"
}

resource "aws_key_pair" "example" {
  key_name   = "examplekey"
  public_key = file("~/.ssh/terraform.pub")
}

resource "aws_security_group" "instance" {
  name = "terraform-example-instance"

  ingress {
    from_port   = 0
    to_port     = 8080
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_instance" "example" {
  key_name               = aws_key_pair.example.key_name
  ami                    = "ami-099a8245f5daa82bf"
  instance_type          = "t2.micro"
  vpc_security_group_ids = [aws_security_group.instance.id]
  # subnet_id = "subnet-6f86e027"

  # user_data = <<-EOF
  #             #!/bin/bash
  #             echo "Hello, World" > index.html
  #             nohup busybox httpd -f -p 8080 &
  #             EOF

  connection {
    type        = "ssh"
    user        = "ec2-user"
    private_key = file("~/.ssh/terraform")
    host        = self.public_ip
  }

  provisioner "remote-exec" {
    inline = [
      "sudo amazon-linux-extras enable nginx1.12",
      "sudo yum -y install nginx",
      "sudo systemctl start nginx"
    ]
  }

  tags = {
    Name = "terraform-example"
  }
}

resource "aws_eip" "ip" {
  vpc      = true
  instance = aws_instance.example.id
}

安全组解决方案摘自:Yevgeniy Brikman。 “Terraform:Up & 运行,第 2 版”。苹果图书。