terraform aws ec2 ssh

1
votes

I have this terraform script:

provider "aws" {
  region = "us-weast-1"
}


resource "aws_security_group" "allow_all" {
  name        = "allow_all"
  description = "Allow all inbound traffic"


  ingress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
    cidr_blocks     = ["0.0.0.0/0"]
  }

  vpc_id = "vpc-154c1701"

}


resource "aws_instance" "wso2-testing" {
  ami           = "ami-0f9cf087c1f27d9b1"
  instance_type = "t2.small"
  key_name = "mykeypair"
  vpc_security_group_ids = ["${aws_security_group.allow_all.id}"]

    }

The machine is created correctly, but i can´t connect to ec2 instance using my key pair with ssh. Always i have the error:

ssh: connect to host x.x.x.x port 22: Operation timed out

The VPC es aws default with internet gateway

2
amazon-web-servicesterraform
what is your operating system?Vasudev Vyas
start watching this video from 30:00 min youtube.com/watch?v=v0g1M5bb9u4 you will definitely get your answerVasudev Vyas
Did you try with protocol = "all" as well? To be honest, I don't see any error in the script if id values are correctPubudu Jayawardana
Your security group has a VPC-ID but your instance does not. Is this private IP or public IP instance. My recommendation is to remove the VPC from the instance or assign the default VPC to both. The issue could be your VPC, Subnet, NACLs, ...victor m
There's also a typo in your provider "aws" block: us-weast-1 should be us-west-1Adil B

2 Answers

2
votes

You can add your own IP to security group using below snippet:

data "http" "myip"{
    url = "https://ipv4.icanhazip.com"
}

ingress {
        # TCP (change to whatever ports you need)
        from_port   = 0
        to_port     = 0
        protocol    = "-1"
        # Please restrict your ingress to only necessary IPs and ports.
        # Opening to 0.0.0.0/0 can lead to security vulnerabilities.
        cidr_blocks = ["${chomp(data.http.myip.body)}/32"]
      }

egress {
        # Outbound traffic is set to all
        from_port       = 0
        to_port         = 0
        protocol        = "-1"
        cidr_blocks     = ["0.0.0.0/0"]
    }
-1
votes

You need to add your own IP into inbound rule of your security group. Check my blog or git sample
https://sv-technical.blogspot.com/2019/12/terraform.html
https://github.com/svermaji/terraform

HTH