无法将实例连接到 ALB

无法将实例连接到 ALB

我正在尝试构建一个像这样的系统:

点击这里

我无法通过 ALB 连接到私有公共实例。我多次检查了我的云信息代码,但仍然找不到问题。请帮帮我。

AWSTemplateFormatVersion: 2010-09-09

Metadata:

  AWS::CloudFormation::Interface:

    ParameterGroups:
      - Label:
         default: "system"

Parameters:
  KeyNameA:
    Type: AWS::EC2::KeyPair::KeyName



  SSHLocation: 
      Type: String
      MinLength: 9
      MaxLength: 18
      Default: 0.0.0.0/0
      AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})


Resources:

  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.1.0.0/16
      EnableDnsSupport: True
      EnableDnsHostnames: True
      InstanceTenancy: default
      Tags:
      - Key: Name
        Value: !Sub ${AWS::StackName}-VPC

  InternetGateway: 
    Type: AWS::EC2::InternetGateway 
    DependsOn: VPC 



  AttachGateway: 
    Type: AWS::EC2::VPCGatewayAttachment 
    Properties: 
      VpcId: !Ref VPC 
      InternetGatewayId: !Ref InternetGateway



  PublicSubnetA: 
    Type: AWS::EC2::Subnet 
    Properties: 
      VpcId: !Ref VPC
      CidrBlock: 10.1.10.0/24
      AvailabilityZone: !Select [ 0, !GetAZs ]
      MapPublicIpOnLaunch: True 
      Tags: 
      - Key: Name 
        Value: !Sub ${AWS::StackName}-Public-A



  PublicSubnetB:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.1.30.0/24
      AvailabilityZone: !Select [ 1, !GetAZs ] 
      MapPublicIpOnLaunch: True
      Tags: 
      - Key: Name 
        Value: !Sub ${AWS::StackName}-Public-B



  PrivateSubnetA:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.1.20.0/24
      MapPublicIpOnLaunch: False
      AvailabilityZone: !Select [ 0, !GetAZs ] 
      Tags: 
      - Key: Name 
        Value: !Sub ${AWS::StackName}-Private-A



  PublicRouteTable: 
    Type: AWS::EC2::RouteTable 
    Properties: 
      VpcId: !Ref VPC
      Tags: 
      - Key: Name 
        Value: Public 




  PublicRoute:  
    Type: AWS::EC2::Route 
    DependsOn: AttachGateway 
    Properties: 
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0 
      GatewayId: !Ref InternetGateway


  PrivateRouteTable: 
    Type: AWS::EC2::RouteTable 
    Properties: 
      VpcId: !Ref VPC 
      Tags: 
      - Key: Name 
        Value: Private 



  PrivateRoute: 
    Type: AWS::EC2::Route 
    Properties: 
      RouteTableId: !Ref PrivateRouteTable
      DestinationCidrBlock: 0.0.0.0/0 
      NatGatewayId: !Ref NATGateway


  NATGateway: 
    Type: AWS::EC2::NatGateway  
    Properties: 
      AllocationId: !GetAtt ElasticIPAddress.AllocationId
      SubnetId: !Ref PublicSubnetA 


  ElasticIPAddress: 
    Type: AWS::EC2::EIP 
    Properties: 
      Domain: VPC



  PublicSubnetARouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation 
    Properties: 
      SubnetId: !Ref PublicSubnetA 
      RouteTableId: !Ref PublicRouteTable


  PublicSubnetBRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation 
    Properties: 
      SubnetId: !Ref PublicSubnetB 
      RouteTableId: !Ref PublicRouteTable


  PrivateSubnetARouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation 
    Properties: 
      SubnetId: !Ref PrivateSubnetA 
      RouteTableId: !Ref PrivateRouteTable



  TargetGroup:  
    Type: AWS::ElasticLoadBalancingV2::TargetGroup  
    Properties:  
      VpcId: !Ref VPC
      Name: WebInstanceTargetGroup  
      Protocol: HTTP  
      Port: 80  
      TargetType: instance  
      Targets:  
      - Id: !Ref WebInstance  
        Port: 80  



  ALBalancerSG:
    Type: AWS::EC2::SecurityGroup
    Properties: 
      GroupDescription: SG for ALBSG 
      GroupName: ALBSG
      VpcId: !Ref VPC
      SecurityGroupIngress:
      - IpProtocol: tcp 
        FromPort: 80 
        ToPort: 80 
        CidrIp: 0.0.0.0/0 


  ALB:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      Name: PublicALB  
      Scheme: internet-facing  
      IpAddressType: ipv4  
      Subnets:  
        - !Ref PublicSubnetA
        - !Ref PublicSubnetB
      SecurityGroups:  
        - !Ref ALBalancerSG  

  Listener:  
    Type: AWS::ElasticLoadBalancingV2::Listener  
    Properties:  
      LoadBalancerArn: !Ref ALB  
      Port: 80  
      Protocol: HTTP  
      DefaultActions:  
        - TargetGroupArn: !Ref TargetGroup  
          Type: forward  



  WebInstanceSecurityGroup: 
    Type: AWS::EC2::SecurityGroup 
    Properties: 
      GroupDescription: SG for WebInstance 
      GroupName: WebSG
      VpcId: !Ref VPC
      SecurityGroupIngress:
      - IpProtocol: tcp 
        FromPort: 80 
        ToPort: 80 
        CidrIp: 0.0.0.0/0 
        SourceSecurityGroupId: !Ref  ALBalancerSG
      - IpProtocol: tcp 
        FromPort: 22 
        ToPort: 22 
        CidrIp: !Ref SSHLocation



  WebInstance:
    Type: AWS::EC2::Instance
    Properties:
      BlockDeviceMappings: 
      - DeviceName: /dev/sda1 
        Ebs: 
          VolumeSize: 8 
          VolumeType: gp2
      DisableApiTermination: false
      InstanceType: !Ref InstanceTypeParameter
      KeyName: !Ref KeyNameA
      ImageId: ami-02b7cfebf005c915d
      SecurityGroupIds:
      - !Ref WebInstanceSecurityGroup
      SubnetId: !Ref PrivateSubnetA




  PrivateSubnetB:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.1.90.0/24
      AvailabilityZone: !Select [ 0, !GetAZs ] 
      Tags: 
      - Key: Name 
        Value: !Sub ${AWS::StackName}-Private-B


  PrivateSubnetC:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.1.110.0/24
      AvailabilityZone: !Select [ 1, !GetAZs ] 
      Tags: 
      - Key: Name 
        Value: !Sub ${AWS::StackName}-Private-C



  PrivateRouteTableRDS: 
    Type: AWS::EC2::RouteTable 
    Properties: 
      VpcId: !Ref VPC
      Tags: 
      - Key: Name 
        Value: Private2



  PrivateRouteRDS: 
    Type: AWS::EC2::Route 
    Properties: 
      RouteTableId: !Ref PrivateRouteTableRDS
      DestinationCidrBlock: 0.0.0.0/0 
      InstanceId: !Ref WebInstance



  PrivateSubnetBRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation 
    Properties: 
     SubnetId: !Ref PrivateSubnetB 
     RouteTableId: !Ref PrivateRouteTableRDS



  PrivateSubnetCRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation 
    Properties: 
     SubnetId: !Ref PrivateSubnetC 
     RouteTableId: !Ref PrivateRouteTableRDS



  DBSubnetGroup:
    Type: AWS::RDS::DBSubnetGroup
    Properties:
      DBSubnetGroupDescription: DBSubnetGroup for RDS instances
      SubnetIds:
        - Ref: PrivateSubnetB
        - Ref: PrivateSubnetC



  RDSSGIngress:
    Type: AWS::EC2::SecurityGroupIngress 
    Properties: 
      GroupId: !GetAtt VPC.DefaultSecurityGroup
      IpProtocol: tcp 
      FromPort: 5432
      ToPort: 5432
      CidrIp: 0.0.0.0/0 



  DBMasterInstance: 
    Type: AWS::RDS::DBInstance
    Properties: 
      DBInstanceIdentifier: DemoRDS
      DBName: MyRDS
      AllocatedStorage: 10
      DBInstanceClass: db.t2.micro
      StorageType: gp2
      Engine: postgres
      EngineVersion: 11.4
      MasterUsername: DBUser
      MasterUserPassword: DBPassword
      PubliclyAccessible: False
      VPCSecurityGroups:
        - !GetAtt VPC.DefaultSecurityGroup
      DBSubnetGroupName: !Ref DBSubnetGroup



  DBReplicaInstance: 
    Type: AWS::RDS::DBInstance
    Properties: 
      DBInstanceIdentifier: DemoReplica
      AllocatedStorage: 10
      DBInstanceClass: db.t2.micro
      SourceDBInstanceIdentifier: !Ref DBMasterInstance
      SourceRegion: ap-northeast-3

答案1

您的 CFN 模板存在以下几个问题:

  1. RDS 子网具有指向 Web 实例的默认路由 - 我怀疑您是否想这样做。通常,您只需要2 个或 3 个公共子网使用 IGW 作为 0.0.0.0/0 和2 或 3 个私有子网使用 NAT GW 作为 0.0.0.0/0。您的所有实例和数据库都应位于私有子网中,而 ALB 应位于公共子网中。

  2. 当你像模板所说的那样创建 Web 实例时没有运行网络服务器因此端口 80 上没有任何监听,反过来 ALB 会认为该实例不健康。这就是您收到“502 Bad gateway”或类似信息的原因。

    理想情况下,您应该在启动时通过实例 UserData 安装并启动 Web 服务器。这样,ALB 就会看到它正在运行,并开始向其发送流量。

  3. 由于 Web 实例位于私有子网中,因此您无法通过 SSH 连接到该实例。通常,您还会创建一个跳转主机在可以通过 SSH 和/或 VPN 连接的公有子网中,或者配置系统经理在 Web 实例上,您可以打开SSM 会议无需使用跳转主机即可访问它。您需要一个 EC2 角色。

这应该能给你一些入门建议。希望对你有帮助 :)

相关内容