我的任务是实现如图所示的结构并添加缺少的组件。 任务图
据我所知,我需要这样做:
完成所有这些操作后,我无法通过 dns 名称访问 LB。我遇到错误:目标组未配置为接收来自 LB 的流量。请指教,我忘记了什么。谢谢。档案U的副本可以通过以下link
找到主.tf
provider "aws" {
region = var.region
}
resource "aws_instance" "host1" {
instance_type = "t2.micro"
ami = data.aws_ami.latest_ubuntu.id
user_data = base64encode("${file("install_nginx.sh")}")
security_groups = [
aws_security_group.allow_http_https.id]
lifecycle {
create_before_destroy = true
}
subnet_id = aws_subnet.host1-private.id
tags = {
Name = "Host1"
}
}
resource "aws_instance" "host2" {
instance_type = "t2.micro"
ami = data.aws_ami.latest_ubuntu.id
user_data = base64encode("${file("install_nginx.sh")}")
security_groups = [
aws_security_group.allow_http_https.id]
lifecycle {
create_before_destroy = true
}
subnet_id = aws_subnet.host2-private.id
tags = {
Name = "Host2"
}
}
app_lb.tf
resource "aws_lb" "web" {
name = "mainLB"
internal = false
load_balancer_type = "application"
// security_groups = [aws_security_group.lb_sg.id]
subnets = [aws_subnet.host1-public.id, aws_subnet.host2-public.id]
tags = {
Name = "Main LB"
}
}
#---------------------------------------------
resource "aws_lb_listener" "http" {
load_balancer_arn = aws_lb.web.arn
port = "80"
protocol = "HTTP"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.http.arn
}
}
#---------------------------------------------
resource "aws_lb_target_group" "http" {
name = "http-tg"
port = 80
protocol = "HTTP"
vpc_id = aws_vpc.main.id
target_type = "instance"
}
#----------------------------------------------
resource "aws_lb_target_group_attachment" "host1" {
target_group_arn = aws_lb_target_group.http.arn
target_id = aws_instance.host1.id
port = 80
}
resource "aws_lb_target_group_attachment" "host2" {
target_group_arn = aws_lb_target_group.http.arn
target_id = aws_instance.host2.id
port = 80
}
网络.tf
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "main"
}
}
#-----------------------------------------------------
resource "aws_subnet" "host1-private" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.10.0/24"
availability_zone = data.aws_availability_zones.available.names[0]
tags = {
Name = "Private_Subnet_Host1"
}
}
resource "aws_subnet" "host1-public" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.11.0/24"
availability_zone = data.aws_availability_zones.available.names[0]
map_public_ip_on_launch = true
tags = {
Name = "Public_Subnet_Host1"
}
}
resource "aws_subnet" "host2-private" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.20.0/24"
availability_zone = data.aws_availability_zones.available.names[1]
tags = {
Name = "Private_Subnet_Host2"
}
}
resource "aws_subnet" "host2-public" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.21.0/24"
availability_zone = data.aws_availability_zones.available.names[1]
map_public_ip_on_launch = true
tags = {
Name = "Public_Subnet_Host2"
}
}
路由.tf
resource "aws_route_table" "web" {
vpc_id = aws_vpc.main.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gw.id
}
tags = {
Name = "Net rules"
}
}
resource "aws_route_table" "nat-a" {
vpc_id = aws_vpc.main.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_nat_gateway.nat_gw_host1.id
}
tags = {
Name = "Nat-a rules"
}
}
resource "aws_route_table" "nat-b" {
vpc_id = aws_vpc.main.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_nat_gateway.nat_gw_host2.id
}
tags = {
Name = "Nat-b rules"
}
}
resource "aws_route_table_association" "a" {
subnet_id = aws_subnet.host1-private.id
route_table_id = aws_route_table.nat-a.id
}
resource "aws_route_table_association" "b" {
subnet_id = aws_subnet.host2-private.id
route_table_id = aws_route_table.nat-b.id
}
resource "aws_route_table_association" "c" {
subnet_id = aws_subnet.host1-public.id
route_table_id = aws_route_table.web.id
}
resource "aws_route_table_association" "d" {
subnet_id = aws_subnet.host2-public.id
route_table_id = aws_route_table.web.id
}
网关.tf
resource "aws_internet_gateway" "gw" {
vpc_id = aws_vpc.main.id
tags = {
Name = "main"
}
}
#------------------------------------------------------
resource "aws_eip" "lb-host1" {
vpc = true
}
resource "aws_eip" "lb-host2" {
vpc = true
}
#------------------------------------------------------
resource "aws_nat_gateway" "nat_gw_host1" {
allocation_id = aws_eip.lb-host1.id
subnet_id = aws_subnet.host1-private.id
tags = {
Name = "gw NAT host1"
}
}
resource "aws_nat_gateway" "nat_gw_host2" {
allocation_id = aws_eip.lb-host2.id
subnet_id = aws_subnet.host2-private.id
tags = {
Name = "gw NAT host2"
}
}
acl
resource "aws_default_network_acl" "main" {
default_network_acl_id = aws_vpc.main.default_network_acl_id
ingress {
protocol = "tcp"
rule_no = 101
action = "allow"
cidr_block = "0.0.0.0/0"
from_port = 443
to_port = 443
}
ingress {
protocol = "tcp"
rule_no = 102
action = "allow"
cidr_block = "0.0.0.0/0"
from_port = 80
to_port = 80
}
egress {
protocol = "tcp"
rule_no = 103
action = "allow"
cidr_block = "0.0.0.0/0"
from_port = 80
to_port = 80
}
egress {
protocol = "tcp"
rule_no = 104
action = "allow"
cidr_block = "0.0.0.0/0"
from_port = 443
to_port = 443
}
tags = {
Name = "allow http & https traffic"
}
}
resource "aws_security_group" "allow_http_https" {
name = "Dynamic Security Group"
description = "Allow http & https inbound traffic"
vpc_id = aws_vpc.main.id
dynamic "ingress" {
for_each = var.sg_ports
content {
from_port = ingress.value
to_port = ingress.value
protocol = "tcp"
cidr_blocks = [
"0.0.0.0/0"]
}
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = [
"0.0.0.0/0"]
}
tags = {
Name = "allow_http_https"
}
}
数据.tf
data "aws_availability_zones" "available" {
}
data "aws_ami" "latest_ubuntu" {
owners = [
"099720109477"]
most_recent = true
filter {
name = "name"
values = [
"ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
}
}
data "aws_vpc" "default" {
default = true
}
data "aws_subnet_ids" "default" {
vpc_id = data.aws_vpc.default.id
}
这里可能有两个问题: