[英]Setting up Redash Instance in private subnet. EC2 status check failed
Issue Summary问题摘要
I would like to set up Redash Instance in private subnet, but it didn't work well.我想在私有子网中设置 Redash 实例,但效果不佳。 The instance status check is “1/2 failed”.
实例状态检查为“1/2 失败”。 The question is whether there is some necessary setting in addition to the setting introduced in the website( https://redash.io/help/open-source/setup ).
问题是除了网站( https://redash.io/help/open-source/setup )介绍的设置之外,是否还有一些必要的设置。
For your information, if I place the redash instance on the public subnet, it works well.供您参考,如果我将 redash 实例放在公共子网上,它运行良好。
Technical details:技术细节:
AMI: ami-060741a96307668be AMI:ami-060741a96307668be
EC2 size: t2.small EC2 大小:t2.small
the private subnet has NAT Gateway私有子网有 NAT 网关
CloudFormation template is below.(I removed parameters because those were kind of secret information. CloudFormation 模板如下。(我删除了参数,因为那些是机密信息。 The parameters are correct because I checked those parameters with public subnet.
参数是正确的,因为我使用公共子网检查了这些参数。 So please check the other part, Thank you.)
所以请检查其他部分,谢谢。)
AWSTemplateFormatVersion: '2010-09-09'
Description: This template is used for creating redash analysis foundation
Resources:
####################################################################################################
#### NetWork Setting
####################################################################################################
RedashInstancePrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: !Ref PrivateSubnetACidrBlock
VpcId: !Ref VpcId
PrivateSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
SubnetId: !Ref RedashInstancePrivateSubnetA
PrivateSubnetRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
NATGatewayForPrivateSubnetA:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NATGatewayAEIP.AllocationId
SubnetId: !Ref RedashALBPublicSubnetA
NATGatewayAEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
PrivateARoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NATGatewayForPrivateSubnetA
RedashALBPublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: !Ref PublicSubnetACidrBlock
VpcId: !Ref VpcId
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Sub ${InternetGatewayId}
PublicSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref RedashALBPublicSubnetA
####################################################################################################
#### Re:dash EC2 Instance
####################################################################################################
RedashInstance:
Type: AWS::EC2::Instance
Properties:
LaunchTemplate:
LaunchTemplateId: !Ref RedashInstanceLaunchTemplate
Version: !GetAtt RedashInstanceLaunchTemplate.LatestVersionNumber
SubnetId: !Ref RedashInstancePrivateSubnetA
RedashInstanceLaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: redash-isntance-lt
LaunchTemplateData:
SecurityGroupIds:
- !Ref RedashInstanceSecurityGroup
ImageId: ami-060741a96307668be
InstanceType: t2.small
RedashInstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: This Security Group is used for Re:dash Instance
GroupName: redash-instance-sg
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
SourceSecurityGroupId: !Ref RedashALBSecurityGroup
VpcId: !Ref VpcId
From marcin's comment, I try the template below, but it did not work well, ec2 status check shows '1/2 failed'根据 marcin 的评论,我尝试了下面的模板,但效果不佳,ec2 状态检查显示“1/2 失败”
AWSTemplateFormatVersion: '2010-09-09'
Description: This template is used for creating redash analysis foundation
Resources:
####################################################################################################
#### NetWork Setting
####################################################################################################
RedashInstancePrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: 172.18.0.0/24
VpcId: <VPCID>
Tags:
- Key: Name
Value: Private
PrivateSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
SubnetId: !Ref RedashInstancePrivateSubnetA
PrivateSubnetRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: <VPCID>
NATGatewayForPrivateSubnetA:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NATGatewayAEIP.AllocationId
SubnetId: !Ref RedashALBPublicSubnetA
NATGatewayAEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
PrivateARoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NATGatewayForPrivateSubnetA
RedashALBPublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: 172.18.2.0/24
VpcId: <VPCID>
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Public
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: <VPCID>
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: <INTERNETGATEWAYID>
PublicSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref RedashALBPublicSubnetA
####################################################################################################
#### Re:dash EC2 Instance
####################################################################################################
RedashInstance:
Type: AWS::EC2::Instance
Properties:
LaunchTemplate:
LaunchTemplateId: !Ref RedashInstanceLaunchTemplate
Version: !GetAtt RedashInstanceLaunchTemplate.LatestVersionNumber
SubnetId: !Ref RedashInstancePrivateSubnetA
RedashInstanceLaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: redash-isntance-lt
LaunchTemplateData:
SecurityGroupIds:
- !Ref RedashInstanceSecurityGroup
ImageId: ami-060741a96307668be
InstanceType: t2.small
RedashInstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: This Security Group is used for Re:dash Instance
GroupName: redash-instance-sg
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
#SourceSecurityGroupId: !Ref RedashALBSecurityGroup
VpcId: <VPCID>
I modified the template so that it works.我修改了模板以使其正常工作。 I can only test in
us-east-1
in my sandbox account, so I made changes for that region.我只能在我的沙箱帐户中的
us-east-1
中进行测试,因此我对该区域进行了更改。 You need to modify it further as your template is incomplete and I had to fill out a lot of blanks.你需要进一步修改它,因为你的模板不完整,我不得不填写很多空白。
The template works and provisions the instance (from curl):模板工作并提供实例(来自 curl):
<div class="fixed-width-page">
<div class="bg-white tiled">
<h4 class="m-t-0">Welcome to Redash!</h4>
<div>Before you can use your instance, you need to do a quick setup.</div>
Full working template:完整的工作模板:
AWSTemplateFormatVersion: '2010-09-09'
Description: This template is used for creating redash analysis foundation
Resources:
####################################################################################################
#### NetWork Setting
####################################################################################################
VpcId:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
RedashInstancePrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1a #ap-northeast-1a
CidrBlock: "10.0.1.0/24"
VpcId: !Ref VpcId
Tags:
- Key: Name
Value: Private
PrivateSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
SubnetId: !Ref RedashInstancePrivateSubnetA
PrivateSubnetRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
NATGatewayForPrivateSubnetA:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NATGatewayAEIP.AllocationId
SubnetId: !Ref RedashALBPublicSubnetA
NATGatewayAEIP:
DependsOn: IGWAttachment
Type: AWS::EC2::EIP
Properties:
Domain: vpc
PrivateARoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NATGatewayForPrivateSubnetA
RedashALBPublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1a #ap-northeast-1a
CidrBlock: 10.0.0.0/24
VpcId: !Ref VpcId
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Public
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
InternetGatewayId:
Type: AWS::EC2::InternetGateway
Properties: {}
IGWAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGatewayId
VpcId: !Ref VpcId
#VpnGatewayId: String
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGatewayId
PublicSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref RedashALBPublicSubnetA
####################################################################################################
#### Re:dash EC2 Instance
####################################################################################################
RedashInstance:
Type: AWS::EC2::Instance
Properties:
LaunchTemplate:
LaunchTemplateId: !Ref RedashInstanceLaunchTemplate
Version: !GetAtt RedashInstanceLaunchTemplate.LatestVersionNumber
SubnetId: !Ref RedashInstancePrivateSubnetA
RedashInstanceLaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: redash-isntance-lt
LaunchTemplateData:
SecurityGroupIds:
- !Ref RedashInstanceSecurityGroup
ImageId: ami-0d915a031cabac0e0 #ami-060741a96307668be
InstanceType: t2.small
RedashInstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: This Security Group is used for Re:dash Instance
GroupName: redash-instance-sg
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
#SourceSecurityGroupId: !Ref RedashALBSecurityGroup
VpcId: !Ref VpcId
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.