amazon-web-services - 无法通过 SSH 连接到 EC2 | AWS Cloudformation 模板

Question

我有以下 CloudFormation 模板，用于在单个可用区的单个公有子网中创建 EC2 实例。我已将互联网网关附加到 VPC 并创建入口和导出路由以允许 SSH 连接到 EC2 实例。

下面是我的 CF 模板

AWSTemplateFormatVersion: "2010-09-09"
Description: "CF template for test website. v1.0.0. DEV Env"
Metadata:
  Instances: 
    Description: "This is the dev environment architecture. Use the dev settings when setting up this environment"
Parameters:
  ECommKeyPair:
    Type: AWS::EC2::KeyPair::KeyName
    Description: Select the dev key pair for the region
Resources:
  DevEnvInternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: Environment
          Value: Dev
        - Key: WebsiteName
          Value: test
  DevEnvVpc:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.1.1/16
      EnableDnsHostnames: 'true'
      EnableDnsSupport: 'true'
      Tags:
        - Key: Environment
          Value: Dev
        - Key: WebsiteName
          Value: test
  DevEnvVpcIgwAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId:
        Ref: DevEnvVpc
      InternetGatewayId:
        Ref: DevEnvInternetGateway
  DevEnvPublicSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId:
        Ref: DevEnvVpc
      CidrBlock: 10.0.1.1/16
      AvailabilityZone: "us-west-2a"
      MapPublicIpOnLaunch: 'true'
      Tags:
        - Key: Environment
          Value: Dev
        - Key: WebsiteName
          Value: test
  DevEnvSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Allow all inbound (ingress) and outbound (egress) traffic for port 22
      GroupName: test-website-sec-group
      VpcId:
        Ref: DevEnvVpc
      SecurityGroupIngress:
        - CidrIp: 0.0.0.0/0
          Description: allow all inbound traffic
          IpProtocol: tcp
          FromPort: 22
          ToPort: 22
      SecurityGroupEgress:
        - CidrIp: 0.0.0.0/0
          Description: allow all outbound traffic
          IpProtocol: tcp
          FromPort: 22
          ToPort: 22
      Tags:
        - Key: Environment
          Value: Dev
        - Key: WebsiteName
          Value: test
  DevEnvRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId:
        Ref: DevEnvVpc
      Tags:
        - Key: Environment
          Value: Dev
        - Key: WebsiteName
          Value: test
  DevEnvRoute:
    Type: AWS::EC2::Route
    Properties:
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId:
        Ref: DevEnvInternetGateway
      RouteTableId:
        Ref: DevEnvRouteTable
  DevEnvEc2Instance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.micro
      ImageId: ami-00f7e5c52c0f43726
      AvailabilityZone: "us-west-2a"
      KeyName:
        Ref: ECommKeyPair
      SecurityGroupIds:
        - !GetAtt "DevEnvSecurityGroup.GroupId"
      SubnetId:
        Ref: DevEnvPublicSubnet
      BlockDeviceMappings:
        - DeviceName: /dev/xvda
          Ebs:
            VolumeSize: 20
            VolumeType: gp2
      Tags:
        - Key: Environment
          Value: Dev
        - Key: WebsiteName
          Value: test

我正在使用 Putty 使用与 EC2 实例关联的私钥文件 (ppk) 连接到 EC2 实例。当尝试使用 Putty 连接到实例时，它收到“网络错误:连接超时”错误消息。

我什至无法通过 Web 浏览器使用 AWS 内置的“EC2 Instance Connect”连接到实例。

如果您能向我指出我的 CF 模板中的问题，我们将不胜感激。

Answer 1

您忘记创建 AWS::EC2::SubnetRouteTableAssociation:

  DevRouteAssos:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref DevEnvRouteTable
      SubnetId: !Ref DevEnvPublicSubnet