Unable to SSH to my ec2 instance when creating the resources through Cloudformation

0
votes

I am trying to deploy a set of EC2 instances through cloudformation. The code for my cloudformation :

Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: !Ref ESVpcCIDR
      EnableDnsSupport: true
      EnableDnsHostnames: true
      Tags:
        - Key: Name
          Value: ES-VPC

  #Connection configuration Starts
  InternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: Name
          Value: ESInternetGateway

  InternetGatewayAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      InternetGatewayId: !Ref InternetGateway
      VpcId: !Ref VPC

  #Conection Configuration ends

ESJenkinsSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: !Select [ 0, !GetAZs '' ]
      CidrBlock: !Ref ESJenkinsCIDR
      MapPublicIpOnLaunch: true
      Tags:
        - Key: Name
          Value: ESJenkinsSubnet
  
  ESDevMuleSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: !Select [ 0, !GetAZs '' ]
      CidrBlock: !Ref ESDevMuleCIDR
      MapPublicIpOnLaunch: true
      Tags:
        - Key: Name
          Value: ESDevMuleSubnet
  
  #Route Table configuration starts
  RouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: RouteTable

  DefaultRoute:
    Type: AWS::EC2::Route
    DependsOn: InternetGatewayAttachment
    Properties:
      RouteTableId: !Ref RouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway
ESJenkinsSubnetRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref RouteTable
      SubnetId: !Ref ESJenkinsSubnet

  ESDevMuleSubnetRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref RouteTable
      SubnetId: !Ref ESDevMuleSubnet

  #Security Group Start
  NoIngressSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: "no-ingress-security-group"
      GroupDescription: "Security group with no ingress rule"
      VpcId: !Ref VPC

  ESJenkinsSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupName: "ES-Jenkins-security-group"
      GroupDescription: Enable SSH access via port 22
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 8080
          ToPort: 8085
          CidrIp: 0.0.0.0/0

  ESDEVMuleSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupName: "ES-DEV-Mule-security-group"
      GroupDescription: Enable SSH access via port 22
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 8080
          ToPort: 8085
          CidrIp: 0.0.0.0/0

EC2InstanceMuleDev:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: !Ref ESMuleDEVInstanceType
      ImageId: 
        Fn::FindInMap:
        - RegionMap
        - Ref: AWS::Region
        - MuleAMI
      NetworkInterfaces:
      - GroupSet:
        - Ref: ESDEVMuleSecurityGroup
        AssociatePublicIpAddress: 'true'
        DeviceIndex: '0'
        SubnetId: !Ref ESDevMuleSubnet
      KeyName: !Ref ESLoginKeyPair
      Tags:
        - Key: Name
          Value: ESDEVMULE
EC2InstanceJenkins:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: !Ref ESJenkinsInstanceType
      ImageId: 
        Fn::FindInMap:
        - RegionMap
        - Ref: AWS::Region
        - JenkinsAMI
      NetworkInterfaces:
      - GroupSet:
        - Ref: ESJenkinsSecurityGroup
        AssociatePublicIpAddress: 'true'
        DeviceIndex: '0'
        SubnetId:
          Ref: ESJenkinsSubnet
      KeyName: !Ref ESLoginKeyPair
      Tags:
        - Key: Name
          Value: ESJENKINS

I am creating the Key-pair mentioned here through AWS CLI, using create-key-pair command.

The problem is. i cant SSH into any Instances. the SSH client throws key too public error.Ami i missing any connectivity detail?

All the required parameter references has been taken care of through parameter store. the mapping for AMI is done correctly, not included here for obvious reasons.

2
amazon-web-servicesamazon-ec2sshamazon-cloudformation
What is the exact error msg? - Marcin
Permissions 0555 for 'ESLoginKeyPair.pem' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. Load key "ESLoginKeyPair.pem": bad permissions ec2-user@ec2-35-89-4-252.us-west-2.compute.amazonaws.com: Permission denied (publickey). - Akash Singh

2 Answers

0
votes

This is just a permission problem, your file is to expose to others please try:

chmod 600 ESLoginKeyPair.pem

This changes file's permissions to only be readable by the current user.

Now try to ssh into your server again.

0
votes

You should change permissions of the key as explained in the docs:

chmod 400 my-key-pair.pem