Home > Software design >  Why is my ec2 instance not accessible via HTTP?
Why is my ec2 instance not accessible via HTTP?

Time:05-08

Hi I have tested my ec2 instance working or not from AWS console.

And it works fine. I have added the sample script to show hello world text in user data section. And then pasted the ip address without http 's'. Of course, it shows the text.

And I am trying to show the same text, but this time by using cloudformation. I have made it as followings. Everything looks the same as the one made through AWS console. However, the cloudformation one does not allow me to assess on web and the request gets hanged. I have no idea what I am missing, Can Someone please point out?

AWSTemplateFormatVersion: '2010-09-09'

Parameters:
  KeyName:
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
    Type: AWS::EC2::KeyPair::KeyName
    ConstraintDescription: must be the name of an existing EC2 KeyPair.
  InstanceType:
    Description: WebServer EC2 instance type
    Type: String
    Default: t2.micro
    AllowedValues:
    - t1.micro
    - t2.nano
    - t2.micro
  SSHLocation:
    Description: The IP address range that can be used to SSH to the EC2 instances
    Type: String
    MinLength: '9'
    MaxLength: '18'
    Default: 0.0.0.0/0
    AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.

Mappings:
  AWSInstanceType2Arch:
    t1.micro:
      Arch: PV64
    t2.nano:
      Arch: HVM64
    t2.micro:
      Arch: HVM64
  AWSInstanceType2NATArch:
    t1.micro:
      Arch: NATPV64
    t2.nano:
      Arch: NATHVM64
    t2.micro:
      Arch: NATHVM64
  AWSRegionArch2AMI:
    ca-central-1:
      PV64: NOT_SUPPORTED
      HVM64: ami-730ebd17
      HVMG2: NOT_SUPPORTED

Resources:
  # ===== EC2 Instance =====
  EC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType:
        Ref: InstanceType
      SecurityGroups:
      - Ref: InstanceSecurityGroup
      KeyName:
        Ref: KeyName
      UserData: 
        Fn::Base64:
          !Sub |
            #!/bin/bash

            sudo su
            yum update -y
            yum install -y httpd

            systemctl start httpd
            systemctl enable httpd

            echo "<h1>Hello World from $(hostname -f)</h1>" > /var/www/html/index.html
      ImageId:
        Fn::FindInMap:
        - AWSRegionArch2AMI
        - Ref: AWS::Region
        - Fn::FindInMap:
          - AWSInstanceType2Arch
          - Ref: InstanceType
          - Arch

  # ===== Security Group =====
  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access via port 22
      SecurityGroupIngress:
      # SSH
      - IpProtocol: tcp
        FromPort: 22
        ToPort: 22
        CidrIp:
          Ref: SSHLocation
      # HTTP
      - IpProtocol: tcp
        FromPort: 80
        ToPort: 80
        CidrIp:
          Ref: SSHLocation
      # HTTPS
      - IpProtocol: tcp
        FromPort: 443
        ToPort: 443
        CidrIp:
          Ref: SSHLocation

CodePudding user response:

There is nothing wrong with the template you showed and it works as expected (assuming that your AMI is for Amazon Linux 2). So probably your template in the question is not the one you are actually using, or perhaps you are using different operating system that you think you are. You have to double check your actual code.

CodePudding user response:

Which parameter value did you use for SSHLocation?

If you want to have 80 and 443 publicly accessible and SSH only with your own I, you will probably want to put instead the following SG.

InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access via port 22
      SecurityGroupIngress:
      # SSH
      - IpProtocol: tcp
        FromPort: 22
        ToPort: 22
        CidrIp:
          Ref: SSHLocation
      # HTTP
      - IpProtocol: tcp
        FromPort: 80
        ToPort: 80
        CidrIp: 0.0.0.0/0
      # HTTPS
      - IpProtocol: tcp
        FromPort: 443
        ToPort: 443
        CidrIp: 0.0.0.0/0

Then SSH your machine and check the web server conf inside.

  • Related