[英]Why does cfn-init repond with this odd message?
I have trouble getting cfn-init to work on Windows.我无法让 cfn-init 在 Windows 上工作。
I do this:我这样做:
cfn-init.exe -v -c config
-s arn:aws:cloudformation:eu-north-1:894422057177:stack/Providence-Core-A47K89HAVG6V/20f830c0-05cd-12ea-9527-06c34fc32621
-r MyHost
--region eu-north-1
(line breaks added for clarity) (为清楚起见添加了换行符)
and get as a result:并得到结果:
('Connection aborted.', error(10060, 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond'))
What causes this error?是什么导致了这个错误? What is it that cannot be reached?什么是达不到的? (it is not the most verbose error message I've seen:-)) (这不是我见过的最详细的错误消息:-))
Is cfn-init.exe
actually trying to access something on the network? cfn-init.exe
实际上是在尝试访问网络上的某些内容吗? If so, what target address?如果是这样,什么目标地址? My outbound rules are fairly restrictive both when it comes to Network ACL and SecurityGroup.当涉及到网络 ACL 和安全组时,我的出站规则都相当严格。 They don't have general outbound access for http/https.他们没有 http/https 的一般出站访问权限。 Is that the reason?是这个原因吗?
Bottom line: yes, the cfn-init
command indeed does an outbound https request.底线:是的, cfn-init
命令确实执行了出站 https 请求。 Your SecurityGroup, Subnet ACLs, etc, must allow this.您的 SecurityGroup、子网 ACL 等必须允许这样做。
The cfn-init
command attempts to download the relevant CloudFormation stack from the AWS CloudFormation endpoint which is on Public Internet. cfn-init
命令尝试从公共 Internet 上的AWS CloudFormation 端点下载相关的 CloudFormation 堆栈。 Therefore, if the cfn-init feature is used, the EC2 instance must have outbound access to such endpoint.因此,如果使用 cfn-init 功能,EC2 实例必须具有对此类端点的出站访问权限。
If you don't want to grant generic outbound access for your EC2 instance then Amazon offers a VPC Endpoint for the AWS CloudFormation service .如果您不想为您的 EC2 实例授予通用出站访问权限,那么 Amazon 会为 AWS CloudFormation 服务提供一个 VPC 终端节点。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.