Why isn't the Public IP address connecting to the Server?

0

I'm new to AWS and learning Terraform from the book Terraform Up and Running, and set up an EC2 Instance. I revised the code below based on prior posts in this forum and with the help of ChatGPT. "Terraform Apply" was successful. However, when I enter the Public IP Address in a browser or in the terminal of my MacBook, it's not connecting to the server after revising the code multiple times and many attempts. The Instance State is Running, it's listening on the correct port and the Security Group setting looks okay.

Any help would be appreciated. Here's my code:

terraform { required_providers { aws = { source = "hashicorp/aws" version = " 5.4.0" } } }

provider "aws" { region = "us-east-1" access_key = "xxxxx" secret_key = "xxxxx" }

resource "aws_instance" "ubuntu" { ami = "ami-0dd13bd6eb6a9effe" instance_type = "t4g.micro" vpc_security_group_ids= [aws_security_group.instance.id] subnet_id = "subnet-xxxxx"

user_data = <<-EOF #!/bin/bash echo "Hello, World" > index.html nohup busybox httpd -f -p 8080 & EOF

user_data_replace_on_change = true

tags = { Name = "ubuntu" } }

resource "aws_security_group" "instance" { name = "terraform-example-instance" vpc_id = "vpc-xxxxx"

ingress { from_port = 8080 to_port = 8080 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] }

ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] }

egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } }

resource "aws_route_table" "main" { vpc_id = "vpc-xxxxx"

route { cidr_block = "0.0.0.0/0" gateway_id = "igw-xxxxxx" }

tags = { Name = "main" } }

resource "aws_route_table_association" "main" { subnet_id = "subnet-02630f93b67c2d350" route_table_id = aws_route_table.main.id }

Jim
asked a year ago357 views
1 Answer
2
Accepted Answer

First of all, you must remove the access key and secret key from here immediately as you see and terminate the instance and disable this access and secret key. These keys have now been exposed and your AWS account/resources are at risk. Make sure you have blocked access to all resources and see if there is no unusual activity.

Follow this guide at earliest What to do, if I exposed long lived credentials accidentally

Check your subnet's route table and make sure it has a route to the Internet Gateway? Can you check if your subnet NACLs are fully allowing ephemeral ports?

Your subnet route table should have an entry like below:

"Destination" 0.0.0.0/0 "Target" igw-XXXXXXXXXX

profile pictureAWS
EXPERT
answered a year ago
profile picture
EXPERT
reviewed a year ago
profile picture
EXPERT
reviewed a year ago
  • Yes, the subnet route table shows these two routes:

    "Destination" 0.0.0.0/0 "Target" igw-XXXXXXXXXX "Status" Active "Propagated" No

    "Destination" 172.XX.X.X/16 "Target" local "Status" Active "Propagated" No

    I had initially inserted XXXX at the end of the Access Key and Secret Key, but changed it to all X's on your advice. Thanks.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions