0
我想不使用嚮導來創建一個VPC虛擬機。AWS無法連接到內部VPC
我加的路由,互聯網網關,NaCl和安全組,但我的虛擬機仍在可達,下面我從AWS CLI公佈細節,讓您精確的細節。
我有它的東西與我的路感。我無法ping或ssh到我的JumpBox
架構圖: -
[email protected]:~$ aws ec2 describe-security-groups --group-ids sg-ab7a71cd
{
"SecurityGroups": [
{
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"UserIdGroupPairs": [],
"PrefixListIds": []
}
],
"Description": "mysg",
"IpPermissions": [
{
"PrefixListIds": [],
"FromPort": 22,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": 22,
"IpProtocol": "tcp",
"UserIdGroupPairs": []
},
{
"PrefixListIds": [],
"FromPort": -1,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": -1,
"IpProtocol": "icmp",
"UserIdGroupPairs": []
}
],
"GroupName": "mysg",
"VpcId": "vpc-220e9346",
"OwnerId": "646132786531",
"GroupId": "sg-ab7a71cd"
}
]
}
[email protected]:~$ aws ec2 describe-network-acls --network-acl-ids acl-1816717c
{
"NetworkAcls": [
{
"Associations": [
{
"SubnetId": "subnet-91a025ac",
"NetworkAclId": "acl-1816717c",
"NetworkAclAssociationId": "aclassoc-78fa7001"
},
{
"SubnetId": "subnet-aea02593",
"NetworkAclId": "acl-1816717c",
"NetworkAclAssociationId": "aclassoc-ede56f94"
},
{
"SubnetId": "subnet-6da02550",
"NetworkAclId": "acl-1816717c",
"NetworkAclAssociationId": "aclassoc-19e46e60"
}
],
"NetworkAclId": "acl-1816717c",
"VpcId": "vpc-220e9346",
"Tags": [],
"Entries": [
{
"CidrBlock": "0.0.0.0/0",
"RuleNumber": 100,
"Protocol": "-1",
"Egress": true,
"RuleAction": "allow"
},
{
"CidrBlock": "0.0.0.0/0",
"RuleNumber": 32767,
"Protocol": "-1",
"Egress": true,
"RuleAction": "deny"
},
{
"RuleNumber": 100,
"Protocol": "6",
"PortRange": {
"To": 22,
"From": 22
},
"Egress": false,
"RuleAction": "allow",
"CidrBlock": "0.0.0.0/0"
},
{
"IcmpTypeCode": {
"Code": -1,
"Type": -1
},
"RuleNumber": 200,
"Protocol": "1",
"Egress": false,
"RuleAction": "allow",
"CidrBlock": "0.0.0.0/0"
},
{
"CidrBlock": "0.0.0.0/0",
"RuleNumber": 32767,
"Protocol": "-1",
"Egress": false,
"RuleAction": "deny"
}
],
"IsDefault": true
}
]
[email protected]:~$ aws ec2 describe-vpcs --vpc-id vpc-220e9346
{
"Vpcs": [
{
"VpcId": "vpc-220e9346",
"InstanceTenancy": "default",
"Tags": [
{
"Value": "big",
"Key": "Name"
}
],
"State": "available",
"DhcpOptionsId": "dopt-80c96ce5",
"CidrBlock": "192.168.0.0/20",
"IsDefault": false
}
]
}
[email protected]:~$ aws ec2 describe-subnets --subnet-ids subnet-6da02550 subnet-aea02593 subnet-91a025ac
{
"Subnets": [
{
"VpcId": "vpc-220e9346",
"Tags": [
{
"Value": "big-private-databases",
"Key": "Name"
}
],
"CidrBlock": "192.168.3.0/24",
"MapPublicIpOnLaunch": false,
"DefaultForAz": false,
"State": "available",
"AvailabilityZone": "us-east-1e",
"SubnetId": "subnet-91a025ac",
"AvailableIpAddressCount": 251
},
{
"VpcId": "vpc-220e9346",
"Tags": [
{
"Value": "big-internet",
"Key": "Name"
}
],
"CidrBlock": "192.168.1.0/24",
"MapPublicIpOnLaunch": false,
"DefaultForAz": false,
"State": "available",
"AvailabilityZone": "us-east-1e",
"SubnetId": "subnet-6da02550",
"AvailableIpAddressCount": 250
},
{
"VpcId": "vpc-220e9346",
"Tags": [
{
"Value": "big-private-computes",
"Key": "Name"
}
],
"CidrBlock": "192.168.2.0/24",
"MapPublicIpOnLaunch": false,
"DefaultForAz": false,
"State": "available",
"AvailabilityZone": "us-east-1e",
"SubnetId": "subnet-aea02593",
"AvailableIpAddressCount": 250
}
]
}
[email protected]:~$ aws ec2 describe-route-tables --route-table-ids rtb-fb83c99f rtb-1eb9f37a rtb-c980caad rtb-9980cafd
{
"RouteTables": [
{
"Associations": [],
"RouteTableId": "rtb-fb83c99f",
"VpcId": "vpc-220e9346",
"PropagatingVgws": [],
"Tags": [
{
"Value": "big-in",
"Key": "Name"
}
],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "192.168.0.0/20",
"State": "active",
"Origin": "CreateRouteTable"
},
{
"GatewayId": "igw-51638f35",
"DestinationCidrBlock": "0.0.0.0/0",
"State": "active",
"Origin": "CreateRoute"
}
]
},
{
"Associations": [
{
"RouteTableAssociationId": "rtbassoc-0113ef66",
"Main": true,
"RouteTableId": "rtb-1eb9f37a"
}
],
"RouteTableId": "rtb-1eb9f37a",
"VpcId": "vpc-220e9346",
"PropagatingVgws": [],
"Tags": [
{
"Value": "big",
"Key": "Name"
}
],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "192.168.0.0/20",
"State": "active",
"Origin": "CreateRouteTable"
}
]
},
{
"Associations": [],
"RouteTableId": "rtb-c980caad",
"VpcId": "vpc-220e9346",
"PropagatingVgws": [],
"Tags": [
{
"Value": "big-in-computes",
"Key": "Name"
}
],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "192.168.0.0/20",
"State": "active",
"Origin": "CreateRouteTable"
}
]
},
{
"Associations": [],
"RouteTableId": "rtb-9980cafd",
"VpcId": "vpc-220e9346",
"PropagatingVgws": [],
"Tags": [
{
"Value": "big-computes-databases",
"Key": "Name"
}
],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "192.168.0.0/20",
"State": "active",
"Origin": "CreateRouteTable"
}
]
}
]
}
[email protected]:~$ aws ec2 describe-internet-gateways --internet-gateway-ids igw-51638f35
{
"InternetGateways": [
{
"Tags": [
{
"Value": "big",
"Key": "Name"
}
],
"InternetGatewayId": "igw-51638f35",
"Attachments": [
{
"State": "available",
"VpcId": "vpc-220e9346"
}
]
}
]
}
[email protected]:~$ aws ec2 describe-instances --instance-ids --instance-ids i-3c6c09c5
{
"Reservations": [
{
"OwnerId": "646132786531",
"ReservationId": "r-12f788fb",
"Groups": [],
"Instances": [
{
"Monitoring": {
"State": "disabled"
},
"PublicDnsName": "",
"State": {
"Code": 16,
"Name": "running"
},
"EbsOptimized": false,
"LaunchTime": "2015-12-10T16:30:41.000Z",
"PublicIpAddress": "52.70.141.142",
"PrivateIpAddress": "192.168.1.67",
"ProductCodes": [],
"VpcId": "vpc-220e9346",
"StateTransitionReason": "",
"InstanceId": "i-3c6c09c5",
"ImageId": "ami-60b6c60a",
"PrivateDnsName": "ip-192-168-1-67.ec2.internal",
"KeyName": "yamazaki",
"SecurityGroups": [
{
"GroupName": "mysg",
"GroupId": "sg-ab7a71cd"
}
],
"ClientToken": "DpGNG1449765041380",
"SubnetId": "subnet-6da02550",
"InstanceType": "t2.micro",
"NetworkInterfaces": [
{
"Status": "in-use",
"MacAddress": "06:1a:f4:6a:b6:f5",
"SourceDestCheck": true,
"VpcId": "vpc-220e9346",
"Description": "Primary network interface",
"Association": {
"PublicIp": "52.70.141.142",
"PublicDnsName": "",
"IpOwnerId": "646132786531"
},
"NetworkInterfaceId": "eni-971b94ab",
"PrivateIpAddresses": [
{
"Association": {
"PublicIp": "52.70.141.142",
"PublicDnsName": "",
"IpOwnerId": "646132786531"
},
"Primary": true,
"PrivateIpAddress": "192.168.1.67"
}
],
"Attachment": {
"Status": "attached",
"DeviceIndex": 0,
"DeleteOnTermination": true,
"AttachmentId": "eni-attach-cdd36cbc",
"AttachTime": "2015-12-10T16:30:41.000Z"
},
"Groups": [
{
"GroupName": "mysg",
"GroupId": "sg-ab7a71cd"
}
],
"SubnetId": "subnet-6da02550",
"OwnerId": "646132786531",
"PrivateIpAddress": "192.168.1.67"
}
],
"SourceDestCheck": true,
"Placement": {
"Tenancy": "default",
"GroupName": "",
"AvailabilityZone": "us-east-1e"
},
"Hypervisor": "xen",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"Status": "attached",
"DeleteOnTermination": true,
"VolumeId": "vol-5ade4392",
"AttachTime": "2015-12-10T16:30:45.000Z"
}
}
],
"Architecture": "x86_64",
"RootDeviceType": "ebs",
"RootDeviceName": "/dev/xvda",
"VirtualizationType": "hvm",
"Tags": [
{
"Value": "jumpbox",
"Key": "Name"
}
],
"AmiLaunchIndex": 0
}
]
}
]
你可以設置所有的網絡ACL規則爲默認,並刪除'RuleNumber' 100和200? – BMW