如何解决使用 cloudformation 在 ABL AWS 中进行健康检查失败
我尝试使用 cloudformation 创建一个具有 4 个子网(2 个公共,2 个私有)、2 个 ALB、2ASG、2 个 NATGateway 和 4 个 EC2 实例(2 个公共和 2 个私有)的 VPC。 一切正常,除了私有子网中的一个实例总是无法通过健康检查并出现超时错误。我检查了很多次代码,但找不到问题所在。请帮助指出我做错了什么。 试了几次,privatesubnetB(10.0.4.0)中的实例总是健康检查失败 这是代码。
Parameters:
NumberofAZs:
Type: Number
AllowedValues:
- 1
- 2
Default: 2
Description: How many AZ do you want to utilize
Privatesubnet:
Type: String
AllowedValues:
- True
- False
Default: True
Description: Do you want to build private subnet
NumberofPrivatesubnets:
Type: Number
AllowedValues:
- 1
- 2
Default: 1
Description: How many private subnet do you want to create
NatGateway:
Type: String
AllowedValues:
- True
- False
Default: True
Description: Do you want to create NAT Gateway for private subnet
KeyName:
Type: AWS::EC2::KeyPair::KeyName
Conditions:
Build2Public: !Not [!Equals [!Ref NumberofAZs,1]]
Build3Public: !Equals [!Ref NumberofAZs,3]
BuildPrivatesubnet: !Equals [!Ref Privatesubnet,True]
BuildOnePrivatesubnet: !And [!Equals [!Ref Privatesubnet,True],!Equals [!Ref NumberofPrivatesubnets,1]]
BuildTwoPrivatesubnet: !And [!Equals [!Ref Privatesubnet,2]]
BuildNatGateway: !Equals [!Ref NatGateway,True]
Resources:
myVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/21
Tags:
- Key: Name
Value: myVPC1
mySecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: allow8000
GroupDescription: Allow 80 8000 to client host
VpcId: !Ref myVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 8000
ToPort: 8000
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
myOwnACL:
Type: AWS::EC2::NetworkAcl
Properties:
VpcId: !Ref myVPC
Tags:
- Key: Name
Value: allow8000
InboundRule:
Type: AWS::EC2::NetworkAclEntry
Properties:
NetworkAclId: !Ref myOwnACL
RuleNumber: 100
Protocol: 6
RuleAction: allow
CidrBlock: 172.16.0.0/24
PortRange:
From: 8000
To: 8000
OutboundRule:
Type: AWS::EC2::NetworkAclEntry
Properties:
NetworkAclId: !Ref myOwnACL
RuleNumber: 100
Protocol: -1
Egress: true
RuleAction: allow
CidrBlock: 0.0.0.0/0
PublicsubnetA:
Type: AWS::EC2::subnet
Properties:
VpcId: !Ref myVPC
CidrBlock: 10.0.1.0/24
AvailabilityZone: !Select [ 0,!GetAZs ]
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-Public-A
PublicsubnetB:
Type: AWS::EC2::subnet
Condition: Build2Public
Properties:
VpcId: !Ref myVPC
CidrBlock: 10.0.2.0/24
AvailabilityZone: !Select [ 1,!GetAZs ]
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-Public-B
PrivatesubnetA:
Type: AWS::EC2::subnet
Condition: BuildPrivatesubnet
Properties:
VpcId: !Ref myVPC
CidrBlock: 10.0.3.0/24
AvailabilityZone: !Select [ 0,!GetAZs ]
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-Private-A
PrivatesubnetB:
Type: AWS::EC2::subnet
Condition: BuildTwoPrivatesubnet
Properties:
VpcId: !Ref myVPC
CidrBlock: 10.0.4.0/24
AvailabilityZone: !Select [ 1,!GetAZs ]
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-Private-B
mysubnetNetworkAclAssociation:
Type: AWS::EC2::subnetNetworkAclAssociation
Condition: BuildTwoPrivatesubnet
Properties:
subnetId: !Ref PrivatesubnetB
NetworkAclId: !Ref myOwnACL
InternetGateway:
Type: AWS::EC2::InternetGateway
DependsOn: myVPC
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref myVPC
InternetGatewayId: !Ref InternetGateway
NATGateway:
Condition: BuildNatGateway
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt ElasticIPAddress.AllocationId
subnetId: !Ref PublicsubnetA
ConnectivityType: public
Tags:
- Key: Name
Value: !Sub NAT-${AWS::StackName}
NATGatewayB:
Condition: BuildNatGateway
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt ElasticIPAddress2.AllocationId
subnetId: !Ref PublicsubnetB
ConnectivityType: public
Tags:
- Key: Name
Value: !Sub NAT-${AWS::StackName}-B
ElasticIPAddress:
Type: AWS::EC2::EIP
Condition: BuildPrivatesubnet
Properties:
Domain: VPC
ElasticIPAddress2:
Type: AWS::EC2::EIP
Condition: BuildPrivatesubnet
Properties:
Domain: VPC
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref myVPC
Tags:
- Key: Name
Value: Public
PublicRoute1:
Type: AWS::EC2::Route
DependsOn: AttachGateway
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
PrivateRouteTable:
Type: AWS::EC2::RouteTable
Condition: BuildPrivatesubnet
Properties:
VpcId: !Ref myVPC
Tags:
- Key: Name
Value: Private
PrivateRoute1:
Type: AWS::EC2::Route
Condition: BuildNatGateway
Properties:
RouteTableId: !Ref PrivateRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NATGateway
PrivateRouteTable2:
Type: AWS::EC2::RouteTable
Condition: BuildPrivatesubnet
Properties:
VpcId: !Ref myVPC
Tags:
- Key: Name
Value: Private
PrivateRoute2:
Type: AWS::EC2::Route
Condition: BuildNatGateway
Properties:
RouteTableId: !Ref PrivateRouteTable2
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NATGatewayB
PublicsubnetARouteTableAssociation:
Type: AWS::EC2::subnetRouteTableAssociation
Properties:
subnetId: !Ref PublicsubnetA
RouteTableId: !Ref PublicRouteTable
PublicsubnetbrouteTableAssociation:
Type: AWS::EC2::subnetRouteTableAssociation
Condition: Build2Public
Properties:
subnetId: !Ref PublicsubnetB
RouteTableId: !Ref PublicRouteTable
PrivatesubnetARouteTableAssociation:
Type: AWS::EC2::subnetRouteTableAssociation
Condition: BuildPrivatesubnet
Properties:
subnetId: !Ref PrivatesubnetA
RouteTableId: !Ref PrivateRouteTable
PrivatesubnetbrouteTableAssociation:
Type: AWS::EC2::subnetRouteTableAssociation
Condition: BuildTwoPrivatesubnet
Properties:
subnetId: !Ref PrivatesubnetB
RouteTableId: !Ref PrivateRouteTable2
MyEC2LaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateData:
ImageId: ami-05064bb33b40c33a2
InstanceType: t2.micro
KeyName: !Ref KeyName
Monitoring:
Enabled: true
SecurityGroupIds:
- !Ref mySecurityGroup
disableApiTermination: true
InstanceInitiatedShutdownBehavior: terminate
Hibernationoptions:
Configured: true
BlockDeviceMappings:
- Ebs:
VolumeSize: 8
VolumeType: gp2
DeleteOnTermination: true
Encrypted: true
DeviceName: /dev/xvda
UserData:
Fn::Base64:
!Sub |
#!/bin/bash -ex
sudo yum install -y httpd;
sudo echo "<html><h1>Hello CloudFormation A!!<h1></html>" > /var/www/html/index.html;
cd /var/www/html;
sudo chmod 755 index.html;
sudo service httpd start;
sudo chkconfig httpd on;
MyASG:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
MinSize: '1'
MaxSize: '3'
DesiredCapacity: '2'
TargetGroupARNs:
- !Ref MyTargetGroup
LaunchTemplate:
LaunchTemplateId: !Ref MyEC2LaunchTemplate
Version: !GetAtt MyEC2LaunchTemplate.LatestVersionNumber
VPCZoneIdentifier:
- !Ref PrivatesubnetA
- !Ref PrivatesubnetB
####### Target group
MyTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Name: MyTargets
targettype: instance
Protocol: HTTP
Port: 80
VpcId: !Ref myVPC
HealthCheckIntervalSeconds: 30
HealthCheckPath: /
HealthCheckPort: 80
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 5
HealthyThresholdCount: 2
############# Internal ALB
myInternalALB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
IpAddresstype: ipv4
Name: testALB
Scheme: internal
SecurityGroups:
- !Ref mySecurityGroup
subnets:
- !Ref PrivatesubnetA
- !Ref PrivatesubnetB
Type: application
myInternalALBListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref MyTargetGroup
LoadBalancerArn: !Ref myInternalALB
Port: '80'
Protocol: HTTP
exASG:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
MinSize: '1'
MaxSize: '3'
DesiredCapacity: '2'
TargetGroupARNs:
- !Ref MyexTargetGroup
LaunchTemplate:
LaunchTemplateId: !Ref MyEC2LaunchTemplate
Version: !GetAtt MyEC2LaunchTemplate.LatestVersionNumber
VPCZoneIdentifier:
- !Ref PublicsubnetA
- !Ref PublicsubnetB
# CreationPolicy:
# ResourceSignal:
# Count: 2
# Timeout: 'PT10M'
####### Target group for public subnets
MyexTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Name: MyexTargets
targettype: instance
Protocol: HTTP
Port: 80
VpcId: !Ref myVPC
HealthCheckIntervalSeconds: 30
HealthCheckPath: /
HealthCheckPort: 80
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 5
HealthyThresholdCount: 10
############# External ALB
myExternalALB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
IpAddresstype: ipv4
Name: testExALB
Scheme: internet-facing
SecurityGroups:
- !Ref mySecurityGroup
subnets:
- !Ref PublicsubnetA
- !Ref PublicsubnetB
Type: application
myExternalALBListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref MyexTargetGroup
LoadBalancerArn: !Ref myExternalALB
Port: '80'
Protocol: HTTP
解决方法
您的 myOwnACL 配置错误,仅在 Private-B 子网中使用。您的网站在端口 80 上,而不是 8000。另外,你为什么有
CidrBlock: 172.16.0.0/24
如果您的 vpc 是 10.0.0.0/16?
只需删除您的自定义 ACL,然后使用默认 ACL。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
