By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Terraform based Webserver Connection Getting refused

0

HI, Anyone faced this problem while learning AWS Terraform ?

I am following the Book to practice the Terraform I am getting below error.

url: (7) Failed to connect to <<<removed Public IP Address of EC2 >> port 8080 after 49 ms: Couldn't connect to server

Please advise if there is any recent upgrade ?

My Code is below

provider "aws" { region="us-east-2" }

resource "aws_security_group" "instance" { name="terraform-example-instance"

ingress { from_port=8080 to_port=8080 protocol="tcp" cidr_blocks=["0.0.0.0/0"] }

} resource "aws_instance" "example" { ami="ami-0a695f0d95cefc163" instance_type="t2.micro" vpc_security_group_ids=[aws_security_group.instance.id]

user_data=<<-EOF #!/bin/bash echo "Hello, World" > index.html nohup busybox httpd -f -p 8080 & EOF tags={ "Name" = "terraform-example" } }

Topics
Management & GovernanceComputeNetworking & Content DeliverySecurity, Identity, & Compliance
Tags
AWS CloudFormationAmazon EC2Networking & Content DeliveryIAM Policies
Language
English
rePost-User-5918101
asked a year ago317 views
2 Answers
0

To reach out an instance from the internet, your ec2 needs to:

  1. have a public ip address
  2. be deployed on a public subnet (with the routing pointing to an internet gateway)

You said that you are trying to connect to the public ip, so i assume that you have already done the point 1, otherwise add associate_public_ip_address to the aws_instance resource. To accomplish the point 2, first create the internet gateway:

resource "aws_internet_gateway" "gw" {
  vpc_id = aws_vpc.your_vpc_resource_name.id

  tags = {
    Name = "main"
  }
}

then create a routing table that point to it:

resource "aws_route_table" "main" {
  vpc_id = aws_vpc.your_vpc_resource_name.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.gw.id
  }

  tags = {
    Name = "main"
  }
}

then associate it to the subnet where the EC2 has been deployed:

resource "aws_route_table_association" "main" {
  subnet_id      = aws_subnet.your_vpc_subnet_name.id
  route_table_id = aws_route_table.main.id
}

After that, your connection should works.

profile picture
DavideG
answered a year ago
  • rePost-User-5918101
    a year ago

    Thanks for your advise, Do I need to declare aws_vpc and aws_subnet resource also ?

    │ on main.tf line 6, in resource "aws_internet_gateway" "gw": │ 6: vpc_id = aws_vpc.your_vpc_resource_name.id │ │ A managed resource "aws_vpc" "your_vpc_resource_name" has not been declared in the root module.

0

Sure, you need even a vpc and a subnet, here it's a full example:

resource "aws_vpc" "main" {
  cidr_block       = "10.0.0.0/16"

  tags = {
    Name = "main"
  }
}

resource "aws_subnet" "a" {
  vpc_id     = aws_vpc.main.id
  cidr_block = "10.0.1.0/24"
  availability_zone = "us-east-2a"

  tags = {
    Name = "Main"
  }
}

resource "aws_internet_gateway" "gw" {
  vpc_id = aws_vpc.main.id

  tags = {
    Name = "main"
  }
}

resource "aws_route_table" "main" {
  vpc_id = aws_vpc.main.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.gw.id
  }

  tags = {
    Name = "main"
  }
}

resource "aws_route_table_association" "main" {
  subnet_id      = aws_subnet.a.id
  route_table_id = aws_route_table.main.id
}

Then you need to create a security group and the EC2 with the code that you have already written. regards

profile picture
DavideG
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content