我已经设置了一个具有两个公共子网和两个私有子网的 VPC。这两个私有子网有两个 EC2 状态,每个都有在端口 8080 上运行的 tomcat 服务器。
我已经设置了一个负载均衡器(terraform),但运行状况检查总是失败。有人可以帮我解决这里的问题。
安全组:
# Create Security Group for the Application Load Balancer
# terraform aws create security group
resource "aws_security_group" "alb-security-group" {
name = "ALB Security Group"
description = "Enable HTTP/HTTPS access on Port 80/443"
vpc_id = aws_vpc.OrchVPC.id
ingress {
description = "HTTP Access"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "HTTPS Access"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "ALB Security Group"
}
}
# Create Security Group for the Bastion Host aka Jump Box
# terraform aws create security group
resource "aws_security_group" "ssh-security-group" {
name = "SSH Security Group"
description = "Enable SSH access on Port 22"
vpc_id = aws_vpc.OrchVPC.id
ingress {
description = "SSH Access"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "SSH Security Group"
}
}
# Create Security Group for the Web Server
# terraform aws create security group
resource "aws_security_group" "webserver-security-group" {
name = "Web Server Security Group"
description = "Enable HTTP/HTTPS access on Port 80/443 via ALB and SSH access on Port 22 via SSH SG"
vpc_id = aws_vpc.OrchVPC.id
ingress {
description = "HTTP Access"
from_port = 80
to_port = 80
protocol = "tcp"
security_groups = ["${aws_security_group.alb-security-group.id}"]
}
ingress {
description = "HTTPS Access"
from_port = 443
to_port = 443
protocol = "tcp"
security_groups = ["${aws_security_group.alb-security-group.id}"]
}
ingress {
description = "HTTP/HTTPS Access"
from_port = 8080
to_port = 8080
protocol = "tcp"
security_groups = ["${aws_security_group.alb-security-group.id}"]
}
ingress {
description = "SSH Access"
from_port = 22
to_port = 22
protocol = "tcp"
security_groups = ["${aws_security_group.ssh-security-group.id}"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "Web Server Security Group"
}
}
负载均衡器:
# Target group for application load balancer
resource "aws_lb_target_group" "targetgroup" {
health_check {
interval = 5
path = "/"
protocol = "HTTP"
timeout = 2
healthy_threshold = 2
unhealthy_threshold = 2
}
stickiness {
type = "lb_cookie"
enabled = true
}
name = "targetgroup"
port = 8080
protocol = "HTTP"
target_type = "instance"
vpc_id = aws_vpc.OrchVPC.id
}
# Load Balancer Target Group attachment for first instance
resource "aws_lb_target_group_attachment" "myec2vm1tg1" {
target_group_arn = aws_lb_target_group.targetgroup.arn
target_id = aws_instance.myec2vm1.id
port = 8080
}
# Load Balancer Target Group attachment for second instance
resource "aws_lb_target_group_attachment" "myec2vm2tg1" {
target_group_arn = aws_lb_target_group.targetgroup.arn
target_id = aws_instance.myec2vm2.id
port = 8080
}
# Applicaiton Load Balancer
resource "aws_lb" "alb" {
name = "alb"
internal = false
load_balancer_type = "application"
security_groups = [aws_security_group.alb-security-group.id]
subnets = [aws_subnet.PublicSubnet1.id, aws_subnet.PublicSubnet2.id]
tags = {
Name = "alb"
}
timeouts {
create = "30m"
delete = "30m"
}
}
# Load Balancer Listener
resource "aws_lb_listener" "alblistener" {
load_balancer_arn = aws_lb.alb.arn
port = "80"
protocol = "HTTP"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.targetgroup.arn
}
}
