Hi, am building my dev env using terraform, i have 3 boxes inside a vpc, and a security group that has 3 ingress rules ssh, http, https, an internet gateway and couple of subnets private and public along with NAT, after creating them , i cant ssh to them, nmap on port 22 shows this:
PORT STATE SERVICE
443/tcp filtered https
Am not sure what could be blocking ssh, i created an instance manually and i can access it with no problem.
Here the code of main.tf, am putting all of it there and then partitioning once i know it works, but still stucked on ssh, also i wonder what is the best practice for initial setup to manually ssh or if is better to have puppet or ansible set that from the start.
Thanks!
provider "aws" {
region = "eu-north-1"
}
# Create VPC
resource "aws_vpc" "neo4j-poc" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "neo4j-poc"
}
}
# Create public subnet
resource "aws_subnet" "public_subnet" {
vpc_id = aws_vpc.neo4j-poc.id
cidr_block = "10.0.1.0/24"
availability_zone = "eu-north-1a" # Change this to desired AZ
tags = {
Name = "Public Subnet"
}
}
# Create private subnet
resource "aws_subnet" "private_subnet" {
vpc_id = aws_vpc.neo4j-poc.id
cidr_block = "10.0.2.0/24"
availability_zone = "eu-north-1a" # Change this to desired AZ
tags = {
Name = "Private Subnet"
}
}
# Create Internet Gateway for public subnet
resource "aws_internet_gateway" "igw" {
vpc_id = aws_vpc.neo4j-poc.id
tags = {
Name = "igw"
}
}
# Attach Internet Gateway to public subnet
resource "aws_route_table" "public_route_table" {
vpc_id = aws_vpc.neo4j-poc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.igw.id
}
tags = {
Name = "Public Route Table"
}
}
resource "aws_route_table_association" "public_subnet_association" {
subnet_id = aws_subnet.public_subnet.id
route_table_id = aws_route_table.public_route_table.id
}
# Create NAT Gateway for private subnet
resource "aws_eip" "nat_eip" {
vpc = true
}
resource "aws_nat_gateway" "nat" {
allocation_id = aws_eip.nat_eip.id
subnet_id = aws_subnet.public_subnet.id
tags = {
Name = "nat"
}
}
# Route private subnet to NAT Gateway
resource "aws_route_table" "private_route_table" {
vpc_id = aws_vpc.neo4j-poc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_nat_gateway.nat.id
}
tags = {
Name = "Private Route Table"
}
}
resource "aws_route_table_association" "private_subnet_association" {
subnet_id = aws_subnet.private_subnet.id
route_table_id = aws_route_table.private_route_table.id
}
# Create security group for SSH, HTTP, and HTTPS
resource "aws_security_group" "neo4j-nsg" {
vpc_id = aws_vpc.neo4j-poc.id
ingress {
description = "SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["45.83.220.204/24"]
}
ingress {
description = "HTTP"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "HTTPS"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "Neo4j NSG"
}
}
# Create EC2 Instances
resource "aws_instance" "ansible" {
ami = "ami-08766f81ab52792ce"
instance_type = "t3.micro"
subnet_id = aws_subnet.private_subnet.id
associate_public_ip_address = true
vpc_security_group_ids = [aws_security_group.ssh_http_https.id]
key_name = "terraform-user"
tags = {
Name = "ansible"
}
}
resource "aws_instance" "jenkins" {
ami = "ami-08766f81ab52792ce"
instance_type = "t3.micro"
subnet_id = aws_subnet.private_subnet.id
associate_public_ip_address = true
vpc_security_group_ids = [aws_security_group.ssh_http_https.id]
key_name = "terraform-user"
tags = {
Name = "jenkins"
}
}
resource "aws_instance" "docker" {
ami = "ami-08766f81ab52792ce"
instance_type = "t3.micro"
subnet_id = aws_subnet.private_subnet.id
associate_public_ip_address = true
vpc_security_group_ids = [aws_security_group.ssh_http_https.id]
key_name = "terraform-user"
tags = {
Name = "docker"
}
}