Elastic Beanstalk 无法在自定义 VPC 和子网中启动

Posted 2023-03-04

【中文标题】Elastic Beanstalk 无法在自定义 VPC 和子网中启动

【英文标题】：Elastic Beanstalk fails to launch in custom VPC and subnet

【发布时间】：2021-05-19 06:14:55

【问题描述】：

由于 EC2 和 Elastic Beanstalk 之间的连接，我的 Elastic Beanstalk env 无法启动：

 Error: Error waiting for Elastic Beanstalk Environment (e-xxxxxxxxxx) to become ready: 2 errors occurred:

    * 2021-02-16 11:00:21.529 +0000 UTC (e-xxxxxxxxxx) : 
            Stack named 'awseb-e-xxxxxxxxxx-stack' aborted operation. Current state: 'CREATE_FAILED'  
            Reason: The following resource(s) failed to create: [AWSEBInstanceLaunchWaitCondition].

    * 2021-02-16 11:00:21.662 +0000 UTC (e-xxxxxxxxxx) : 
            The EC2 instances failed to communicate with AWS Elastic Beanstalk, either because of configuration problems with the VPC or a failed EC2 instance. Check your VPC configuration and try launching the environment again.

但是，我可以通过 SSH 连接到 EC2 实例，并在其中找到以下内容：

$ tail /var/log/eb-cfn-init.log 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:02:09 --:--:--     0curl: (7) Failed to connect to elasticbeanstalk-platform-assets-eu-west-2.s3.eu-west-2.amazonaws.com port 443: Connection timed out
+ RESULT=7
+ [[ 7 -ne 0 ]]
+ sleep_delay
+ ((  40 < 3600  ))
+ echo Sleeping 40
Sleeping 40
+ sleep 40

这个错误让我很吃惊，因为我在这个 VPC 中有一个 S3 VPC 端点：

resource "aws_vpc_endpoint" "s3_endpoint_public" 
  vpc_id       = aws_vpc.main.id
  service_name = "com.amazonaws.$var.aws_region.s3"


resource "aws_vpc_endpoint_route_table_association" "s3_public_route_table_association" 
  route_table_id  = aws_route_table.public.id
  vpc_endpoint_id = aws_vpc_endpoint.s3_endpoint_public.id

如何调试/修复我的 Elastic Beanstalk 环境？

---

路由表/子网配置

resource "aws_route_table" "public" 
  vpc_id = aws_vpc.main.id


resource "aws_route_table_association" "public_a" 
  route_table_id = aws_route_table.public.id
  subnet_id      = aws_subnet.public_c.id


resource "aws_route_table_association" "public_b" 
  route_table_id = aws_route_table.public.id
  subnet_id      = aws_subnet.public_c.id


resource "aws_route_table_association" "public_c" 
  route_table_id = aws_route_table.public.id
  subnet_id      = aws_subnet.public_c.id


resource "aws_internet_gateway" "public" 
  vpc_id = aws_vpc.main.id


resource "aws_route" "public_internet" 
  route_table_id = aws_route_table.public.id
  gateway_id     = aws_internet_gateway.public.id

  destination_cidr_block = "0.0.0.0/0"

【问题讨论】：

s3 端点是不够的。如果您不想使用 nat，您还需要 CloudFormation、EB 本身等的端点。您是否检查过docs 是否将 EB 与 VPC 结合使用？

我有 CloudFormation、SQS、Kinesis、Elastic Beanstalk 和 Elastic Beanstalk Health 的端点。我只提到 S3 是因为日志显示 EC2 无法连接到 S3。

我明白了。你能澄清一下aws_route_table.public是什么吗？它是公共子网中的路由表，还是私有的？它和你的 EB 是同一个子网吗？

我刚刚注意到 aws_subnet.public_c 关联了 3 次！错误只是一个错字...

那么您在公共子网中有 S3 *** 端点吗？所以你的 EB 实例也在公共子网中？

【参考方案1】：

确保子网与路由表相关联，并且路由表具有互联网网关。