amazon-web-services - 在私有子网中设置 Redash 实例。EC2 状态检查失败

Question

问题摘要

我想在私有子网中设置 Redash Instance，但效果不佳。实例状态检查为“1/2 失败”。问题是除了网站（ https://redash.io/help/open-source/setup）中介绍的设置外，是否还有一些必要的设置。

供您参考，如果我将 redash 实例放在公共子网上，它会运行良好。

技术细节：

AMI: ami-060741a96307668be

EC2 大小：t2.small

私有子网有 NAT 网关

CloudFormation 模板如下。（我删除了参数，因为那些是秘密信息。参数是正确的，因为我使用公共子网检查了这些参数。所以请检查其他部分，谢谢。）</p>

AWSTemplateFormatVersion: '2010-09-09'
Description: This template is used for creating redash analysis foundation
Resources:
  ####################################################################################################
  #### NetWork Setting
  ####################################################################################################
  RedashInstancePrivateSubnetA:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: ap-northeast-1a
      CidrBlock: !Ref PrivateSubnetACidrBlock
      VpcId: !Ref VpcId
 PrivateSubnetARoute:
   Type: AWS::EC2::SubnetRouteTableAssociation
   Properties:
     RouteTableId: !Ref PrivateSubnetRouteTable
     SubnetId: !Ref RedashInstancePrivateSubnetA
PrivateSubnetRouteTable:
Type: AWS::EC2::RouteTable
Properties:
    VpcId: !Ref VpcId
  NATGatewayForPrivateSubnetA:
    Type: AWS::EC2::NatGateway
    Properties:
      AllocationId: !GetAtt NATGatewayAEIP.AllocationId
      SubnetId: !Ref RedashALBPublicSubnetA
  NATGatewayAEIP:
    Type: AWS::EC2::EIP
    Properties:
      Domain: vpc
  PrivateARoute:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref PrivateSubnetRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      NatGatewayId: !Ref NATGatewayForPrivateSubnetA
  RedashALBPublicSubnetA:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: ap-northeast-1a
      CidrBlock: !Ref PublicSubnetACidrBlock
      VpcId: !Ref VpcId
  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VpcId
  PublicRoute:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Sub ${InternetGatewayId}
  PublicSubnetARoute:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref PublicRouteTable
      SubnetId: !Ref RedashALBPublicSubnetA
  ####################################################################################################
  #### Re:dash EC2 Instance
  ####################################################################################################
  RedashInstance:
    Type: AWS::EC2::Instance
    Properties:
      LaunchTemplate:
        LaunchTemplateId: !Ref RedashInstanceLaunchTemplate
        Version: !GetAtt RedashInstanceLaunchTemplate.LatestVersionNumber
      SubnetId: !Ref RedashInstancePrivateSubnetA
  RedashInstanceLaunchTemplate:
    Type: AWS::EC2::LaunchTemplate
    Properties:
      LaunchTemplateName: redash-isntance-lt
      LaunchTemplateData:
        SecurityGroupIds:
          - !Ref RedashInstanceSecurityGroup
        ImageId: ami-060741a96307668be
        InstanceType: t2.small
  RedashInstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: This Security Group is used for Re:dash Instance
      GroupName: redash-instance-sg
      SecurityGroupIngress:
          - IpProtocol: tcp
            FromPort: 80
            ToPort: 80
            SourceSecurityGroupId: !Ref RedashALBSecurityGroup
      VpcId: !Ref VpcId

根据 marcin 的评论，我尝试了下面的模板，但效果不佳，ec2 状态检查显示 '1/2 failed'

AWSTemplateFormatVersion: '2010-09-09'
Description: This template is used for creating redash analysis foundation
Resources:
  ####################################################################################################
  #### NetWork Setting
  ####################################################################################################

  RedashInstancePrivateSubnetA:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: ap-northeast-1a
      CidrBlock: 172.18.0.0/24
      VpcId: <VPCID>
      Tags:
        - Key: Name
          Value: Private

  PrivateSubnetARoute:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref PrivateSubnetRouteTable
      SubnetId: !Ref RedashInstancePrivateSubnetA


  PrivateSubnetRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
        VpcId: <VPCID>

  NATGatewayForPrivateSubnetA:
    Type: AWS::EC2::NatGateway
    Properties:
      AllocationId: !GetAtt NATGatewayAEIP.AllocationId
      SubnetId: !Ref RedashALBPublicSubnetA

  NATGatewayAEIP:
    Type: AWS::EC2::EIP
    Properties:
      Domain: vpc

  PrivateARoute:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref PrivateSubnetRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      NatGatewayId: !Ref NATGatewayForPrivateSubnetA

  RedashALBPublicSubnetA:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: ap-northeast-1a
      CidrBlock: 172.18.2.0/24
      VpcId: <VPCID>
      MapPublicIpOnLaunch: true
      Tags:
        - Key: Name
          Value: Public

  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: <VPCID>

  PublicRoute:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: <INTERNETGATEWAYID>

  PublicSubnetARoute:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref PublicRouteTable
      SubnetId: !Ref RedashALBPublicSubnetA
  ####################################################################################################
  #### Re:dash EC2 Instance
  ####################################################################################################
  RedashInstance:
    Type: AWS::EC2::Instance
    Properties:
      LaunchTemplate:
        LaunchTemplateId: !Ref RedashInstanceLaunchTemplate
        Version: !GetAtt RedashInstanceLaunchTemplate.LatestVersionNumber
      SubnetId: !Ref RedashInstancePrivateSubnetA

  RedashInstanceLaunchTemplate:
    Type: AWS::EC2::LaunchTemplate
    Properties:
      LaunchTemplateName: redash-isntance-lt
      LaunchTemplateData:
        SecurityGroupIds:
          - !Ref RedashInstanceSecurityGroup
        ImageId: ami-060741a96307668be
        InstanceType: t2.small

  RedashInstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: This Security Group is used for Re:dash Instance
      GroupName: redash-instance-sg
      SecurityGroupIngress:
          - IpProtocol: tcp
            FromPort: 80
            ToPort: 80
            CidrIp: 0.0.0.0/0
            #SourceSecurityGroupId: !Ref RedashALBSecurityGroup
      VpcId: <VPCID>

score 1 · Accepted Answer

我修改了模板以使其正常工作。我只能us-east-1在我的沙盒帐户中进行测试，因此我对该区域进行了更改。您需要进一步修改它，因为您的模板不完整，我不得不填写很多空白。

模板工作并提供实例（来自 curl）：

<div class="fixed-width-page">
  <div class="bg-white tiled">
    <h4 class="m-t-0">Welcome to Redash!</h4>
    <div>Before you can use your instance, you need to do a quick setup.</div>

完整的工作模板：

AWSTemplateFormatVersion: '2010-09-09'
Description: This template is used for creating redash analysis foundation
Resources:
  ####################################################################################################
  #### NetWork Setting
  ####################################################################################################

  VpcId:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsSupport: 'true'
      EnableDnsHostnames: 'true'

  RedashInstancePrivateSubnetA:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: us-east-1a #ap-northeast-1a
      CidrBlock: "10.0.1.0/24"
      VpcId: !Ref VpcId
      Tags:
        - Key: Name
          Value: Private      

  PrivateSubnetARoute:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref PrivateSubnetRouteTable
      SubnetId: !Ref RedashInstancePrivateSubnetA


  PrivateSubnetRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
        VpcId: !Ref VpcId
  

  NATGatewayForPrivateSubnetA:
    Type: AWS::EC2::NatGateway
    Properties:
      AllocationId: !GetAtt NATGatewayAEIP.AllocationId
      SubnetId: !Ref RedashALBPublicSubnetA

  NATGatewayAEIP:
    DependsOn: IGWAttachment
    Type: AWS::EC2::EIP
    Properties:
      Domain: vpc

  PrivateARoute:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref PrivateSubnetRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      NatGatewayId: !Ref NATGatewayForPrivateSubnetA

  RedashALBPublicSubnetA:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: us-east-1a #ap-northeast-1a
      CidrBlock: 10.0.0.0/24
      VpcId: !Ref VpcId
      MapPublicIpOnLaunch: true
      Tags:
        - Key: Name
          Value: Public

  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VpcId

  InternetGatewayId:      
    Type: AWS::EC2::InternetGateway
    Properties: {}

  IGWAttachment:    
    Type: AWS::EC2::VPCGatewayAttachment
    Properties: 
      InternetGatewayId: !Ref InternetGatewayId
      VpcId: !Ref VpcId
      #VpnGatewayId: String    

  PublicRoute:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGatewayId

  PublicSubnetARoute:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref PublicRouteTable
      SubnetId: !Ref RedashALBPublicSubnetA
  ####################################################################################################
  #### Re:dash EC2 Instance
  ####################################################################################################
  RedashInstance:
    Type: AWS::EC2::Instance
    Properties:
      LaunchTemplate:
        LaunchTemplateId: !Ref RedashInstanceLaunchTemplate
        Version: !GetAtt RedashInstanceLaunchTemplate.LatestVersionNumber
      SubnetId: !Ref RedashInstancePrivateSubnetA

  RedashInstanceLaunchTemplate:
    Type: AWS::EC2::LaunchTemplate
    Properties:
      LaunchTemplateName: redash-isntance-lt
      LaunchTemplateData:
        SecurityGroupIds:
          - !Ref RedashInstanceSecurityGroup
        ImageId: ami-0d915a031cabac0e0 #ami-060741a96307668be
        InstanceType: t2.small

  RedashInstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: This Security Group is used for Re:dash Instance
      GroupName: redash-instance-sg
      SecurityGroupIngress:
          - IpProtocol: tcp
            FromPort: 80
            ToPort: 80
            CidrIp: 0.0.0.0/0
            #SourceSecurityGroupId: !Ref RedashALBSecurityGroup
      VpcId: !Ref VpcId

amazon-web-services - 在私有子网中设置 Redash 实例。EC2 状态检查失败

1 回答 1

Related

Reference