Why isn't the Public IP address connecting to the Server?

0

I'm new to AWS and learning Terraform from the book Terraform Up and Running, and set up an EC2 Instance. I revised the code below based on prior posts in this forum and with the help of ChatGPT. "Terraform Apply" was successful. However, when I enter the Public IP Address in a browser or in the terminal of my MacBook, it's not connecting to the server after revising the code multiple times and many attempts. The Instance State is Running, it's listening on the correct port and the Security Group setting looks okay.

Any help would be appreciated. Here's my code:

terraform { required_providers { aws = { source = "hashicorp/aws" version = " 5.4.0" } } }

provider "aws" { region = "us-east-1" access_key = "xxxxx" secret_key = "xxxxx" }

resource "aws_instance" "ubuntu" { ami = "ami-0dd13bd6eb6a9effe" instance_type = "t4g.micro" vpc_security_group_ids= [aws_security_group.instance.id] subnet_id = "subnet-xxxxx"

user_data = <<-EOF #!/bin/bash echo "Hello, World" > index.html nohup busybox httpd -f -p 8080 & EOF

user_data_replace_on_change = true

tags = { Name = "ubuntu" } }

resource "aws_security_group" "instance" { name = "terraform-example-instance" vpc_id = "vpc-xxxxx"

ingress { from_port = 8080 to_port = 8080 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] }

ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] }

egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } }

resource "aws_route_table" "main" { vpc_id = "vpc-xxxxx"

route { cidr_block = "0.0.0.0/0" gateway_id = "igw-xxxxxx" }

tags = { Name = "main" } }

resource "aws_route_table_association" "main" { subnet_id = "subnet-02630f93b67c2d350" route_table_id = aws_route_table.main.id }

Jim
posta 10 mesi fa327 visualizzazioni
1 Risposta
2
Risposta accettata

First of all, you must remove the access key and secret key from here immediately as you see and terminate the instance and disable this access and secret key. These keys have now been exposed and your AWS account/resources are at risk. Make sure you have blocked access to all resources and see if there is no unusual activity.

Follow this guide at earliest What to do, if I exposed long lived credentials accidentally

Check your subnet's route table and make sure it has a route to the Internet Gateway? Can you check if your subnet NACLs are fully allowing ephemeral ports?

Your subnet route table should have an entry like below:

"Destination" 0.0.0.0/0 "Target" igw-XXXXXXXXXX

profile pictureAWS
ESPERTO
con risposta 10 mesi fa
profile picture
ESPERTO
verificato 10 mesi fa
profile picture
ESPERTO
verificato 10 mesi fa
  • Yes, the subnet route table shows these two routes:

    "Destination" 0.0.0.0/0 "Target" igw-XXXXXXXXXX "Status" Active "Propagated" No

    "Destination" 172.XX.X.X/16 "Target" local "Status" Active "Propagated" No

    I had initially inserted XXXX at the end of the Access Key and Secret Key, but changed it to all X's on your advice. Thanks.

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande