堆棧內存溢出
  簡體   English   中英

為什么我不能ssh到我使用AWS CloudFormation創建的AWS ec2實例?

[英]Why I could not ssh to my AWS ec2 instance that I created using AWS CloudFormation?

 原文  2019-04-24 15:20:16       amazon-web-services/ amazon-ec2/ ssh/ yaml/ amazon-cloudformation

問題描述

我正在使用CloudFormation創建一個EC2實例,它提到了VPC,子網和安全組。 但是,當實例旋轉時,我無法ssh到實例並獲得以下消息:

ssh -i aws_jenkins.pem ec2-user@34.217.129.89

主持人'34 .217.129.89(34.217.129.89)'的真實性無法確定。 ECDSA密鑰指紋是SHA256:rs3bjVKolzdmktzfiSd0Oo5RU6dLdT / PGHpycStgFK8。 ECDSA密鑰指紋是MD5:7f:cc:61:c4:f3:1a:b7:45:9a:f0:da:e8:0c:a4:d9:bc。

您確定要繼續連接(是/否)嗎?

警告:永久性地將'34 .217.129.89'(ECDSA)添加到已知主機列表中。

權限被拒絕(publickey,gssapi-keyex,gssapi-with-mic)。

但是,如果我從AWS Console創建另一個EC2

使用相同的ImageID,VPC,Subnet,SecurityGroup和Key。 我可以通過SSH連接它。

但是為什么通過CloudFormation創建的實例不具備SSH功能

我無法解決這個問題,非常感謝任何見解/解決方案。 

AWSTemplateFormatVersion: 2010-09-09

Parameters:

  EnvironmentName:
    Description: An environment name that will be prefixed to resource names
    Type: String

  VpcCIDR: 
    Description: Please enter the IP range (CIDR notation) for this VPC
    Type: String
    Default: 10.192.0.0/16

  PublicSubnet1CIDR:
    Description: Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone
    Type: String
    Default: 10.192.10.0/24

  PublicSubnet2CIDR:
    Description: Please enter the IP range (CIDR notation) for the public subnet in the second Availability Zone
    Type: String
    Default: 10.192.11.0/24

  InstanceType:
    Description: WebServer EC2 instance type
    Type: String
    Default: t2.micro
    AllowedValues: [ t1.micro, t2.nano, t2.micro, t2.small, t2.medium]
    ConstraintDescription : must be a valid EC2 instance type.

  KeyName:
    Description: The EC2 Key Pair to allow SSH access to the instances
    Type: AWS::EC2::KeyPair::KeyName
    Default: jenkins-test
    ConstraintDescription: must be the name of an existing EC2 KeyPair.

  SSHLocation: 
    Description: The IP address range that can be used to SSH to the EC2 instances
    Type: String
    MinLength: 9
    MaxLength: 18
    Default: 0.0.0.0/0
    AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.

Resources:

  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: !Ref VpcCIDR
      EnableDnsSupport: true
      EnableDnsHostnames: true
      Tags: 
      - Key: Name
        Value: !Ref EnvironmentName

  InternetGateway:
    Type: AWS::EC2::InternetGateway
    DependsOn: VPC
    Properties:
      Tags:
      - Key: Name
        Value: !Ref EnvironmentName

  InternetGatewayAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      InternetGatewayId: !Ref InternetGateway
      VpcId: !Ref VPC

  PublicSubnet1: 
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: !Select [ 0, !GetAZs ]
      CidrBlock: !Ref PublicSubnet1CIDR
      MapPublicIpOnLaunch: true
      Tags: 
      - Key: Name 
        Value: !Sub ${EnvironmentName}-Public-Subnet-(AZ1)

  PublicSubnet2:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: !Select [ 1, !GetAZs ]
      CidrBlock: !Ref PublicSubnet2CIDR
      MapPublicIpOnLaunch: true
      Tags:
      - Key: Name
        Value: !Sub ${EnvironmentName}-Public-Subnet-(AZ2)     

  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties: 
      VpcId: !Ref VPC
      Tags: 
      - Key: Name 
        Value: !Sub ${EnvironmentName} Public Routes

  DefaultPublicRoute: 
    Type: AWS::EC2::Route
    DependsOn: InternetGatewayAttachment
    Properties: 
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway

  PublicSubnet1RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref PublicRouteTable
      SubnetId: !Ref PublicSubnet1

  PublicSubnet2RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref PublicRouteTable
      SubnetId: !Ref PublicSubnet2


  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access and HTTP to instance
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 22
        ToPort: 22
        CidrIp: !Ref SSHLocation

      - IpProtocol: tcp
        FromPort: 80
        ToPort: 80
        CidrIp: !Ref SSHLocation
      VpcId: !Ref VPC
      Tags:
      - Key: Name
        Value: TestSecurity_group

  MyInstance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: ami-061392db613a6357b
      InstanceType: !Ref InstanceType
      SubnetId: !Ref PublicSubnet1
      KeyName: !Ref KeyName
      SecurityGroupIds:
      - !Ref InstanceSecurityGroup
      Tags:
      - Key: Name
        Value: TestServer

1 個解決方案

解決方案1
 0 已采納  2019-04-24 16:34:41

在您的參數中,您有: 

KeyName:
    Description: The EC2 Key Pair to allow SSH access to the instances
    Type: AWS::EC2::KeyPair::KeyName
    Default: jenkins-test
    ConstraintDescription: must be the name of an existing EC2 KeyPair.
  1. 你是否讓它使用這個默認參數構建?
  2. 您確定使用的是正確的匹配密鑰嗎?

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 AWS - SSH 到通過 Cloudformation 創建的 EC2 SSH到AWS上的ec2實例 SSh AWS Ec2實例 我需要通過 SSH 提供我的 AWS EC2 實例的詳細信息 為什么不能SSH到新創建的AWS EC2實例? aws cloudformation - 在我的 vpc 中啟動 ec2 實例 aws ec2:ssh 到其他用戶創建的實例,沒有 pem 文件 使用CloudFormation模板設置AWS EC2實例主機名 我如何在AWS EC2實例上安裝特定字體? 我無法在 AWS EC2 實例中托管我的網站
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM