I am trying to deploy a set of EC2 instances through cloudformation. The code for my cloudformation :
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref ESVpcCIDR
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: ES-VPC
#Connection configuration Starts
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: ESInternetGateway
InternetGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
#Conection Configuration ends
ESJenkinsSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: !Ref ESJenkinsCIDR
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: ESJenkinsSubnet
ESDevMuleSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: !Ref ESDevMuleCIDR
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: ESDevMuleSubnet
#Route Table configuration starts
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: RouteTable
DefaultRoute:
Type: AWS::EC2::Route
DependsOn: InternetGatewayAttachment
Properties:
RouteTableId: !Ref RouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
ESJenkinsSubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref ESJenkinsSubnet
ESDevMuleSubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref ESDevMuleSubnet
#Security Group Start
NoIngressSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: "no-ingress-security-group"
GroupDescription: "Security group with no ingress rule"
VpcId: !Ref VPC
ESJenkinsSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupName: "ES-Jenkins-security-group"
GroupDescription: Enable SSH access via port 22
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 8080
ToPort: 8085
CidrIp: 0.0.0.0/0
ESDEVMuleSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupName: "ES-DEV-Mule-security-group"
GroupDescription: Enable SSH access via port 22
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 8080
ToPort: 8085
CidrIp: 0.0.0.0/0
EC2InstanceMuleDev:
Type: AWS::EC2::Instance
Properties:
InstanceType: !Ref ESMuleDEVInstanceType
ImageId:
Fn::FindInMap:
- RegionMap
- Ref: AWS::Region
- MuleAMI
NetworkInterfaces:
- GroupSet:
- Ref: ESDEVMuleSecurityGroup
AssociatePublicIpAddress: 'true'
DeviceIndex: '0'
SubnetId: !Ref ESDevMuleSubnet
KeyName: !Ref ESLoginKeyPair
Tags:
- Key: Name
Value: ESDEVMULE
EC2InstanceJenkins:
Type: AWS::EC2::Instance
Properties:
InstanceType: !Ref ESJenkinsInstanceType
ImageId:
Fn::FindInMap:
- RegionMap
- Ref: AWS::Region
- JenkinsAMI
NetworkInterfaces:
- GroupSet:
- Ref: ESJenkinsSecurityGroup
AssociatePublicIpAddress: 'true'
DeviceIndex: '0'
SubnetId:
Ref: ESJenkinsSubnet
KeyName: !Ref ESLoginKeyPair
Tags:
- Key: Name
Value: ESJENKINS
I am creating the Key-pair mentioned here through AWS CLI, using create-key-pair command.
The problem is. i cant SSH into any Instances. the SSH client throws key too public error.Ami i missing any connectivity detail?
All the required parameter references has been taken care of through parameter store. the mapping for AMI is done correctly, not included here for obvious reasons.
CodePudding user response:
You should change permissions of the key as explained in the docs:
chmod 400 my-key-pair.pem
CodePudding user response:
This is just a permission problem, your file is too expose to others please try:
chmod 600 ESLoginKeyPair.pem
This changes file's permissions to only be readable by the current user.
Now try to ssh into your server again.