在私有子网中设置 Redash 实例。 EC2 状态检查失败
Setting up Redash Instance in private subnet. EC2 status check failed
问题总结
我想在私有子网中设置 Redash 实例,但效果不佳。实例状态检查为“1/2 失败”。
问题是除了网站介绍的设置外,是否还有一些必要的设置(https://redash.io/help/open-source/setup)。
供您参考,如果我将 redash 实例放在 public 子网上,它运行良好。
技术细节:
AMI:ami-060741a96307668be
EC2 大小:t2.small
私有子网有NAT网关
CloudFormation 模板如下。(我删除了参数,因为那些是机密信息。参数是正确的,因为我用 public 子网检查了这些参数。所以请检查其他部分,谢谢。)
AWSTemplateFormatVersion: '2010-09-09'
Description: This template is used for creating redash analysis foundation
Resources:
####################################################################################################
#### NetWork Setting
####################################################################################################
RedashInstancePrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: !Ref PrivateSubnetACidrBlock
VpcId: !Ref VpcId
PrivateSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
SubnetId: !Ref RedashInstancePrivateSubnetA
PrivateSubnetRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
NATGatewayForPrivateSubnetA:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NATGatewayAEIP.AllocationId
SubnetId: !Ref RedashALBPublicSubnetA
NATGatewayAEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
PrivateARoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NATGatewayForPrivateSubnetA
RedashALBPublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: !Ref PublicSubnetACidrBlock
VpcId: !Ref VpcId
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Sub ${InternetGatewayId}
PublicSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref RedashALBPublicSubnetA
####################################################################################################
#### Re:dash EC2 Instance
####################################################################################################
RedashInstance:
Type: AWS::EC2::Instance
Properties:
LaunchTemplate:
LaunchTemplateId: !Ref RedashInstanceLaunchTemplate
Version: !GetAtt RedashInstanceLaunchTemplate.LatestVersionNumber
SubnetId: !Ref RedashInstancePrivateSubnetA
RedashInstanceLaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: redash-isntance-lt
LaunchTemplateData:
SecurityGroupIds:
- !Ref RedashInstanceSecurityGroup
ImageId: ami-060741a96307668be
InstanceType: t2.small
RedashInstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: This Security Group is used for Re:dash Instance
GroupName: redash-instance-sg
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
SourceSecurityGroupId: !Ref RedashALBSecurityGroup
VpcId: !Ref VpcId
根据 marcin 的评论,我尝试了下面的模板,但效果不佳,ec2 状态检查显示“1/2 失败”
AWSTemplateFormatVersion: '2010-09-09'
Description: This template is used for creating redash analysis foundation
Resources:
####################################################################################################
#### NetWork Setting
####################################################################################################
RedashInstancePrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: 172.18.0.0/24
VpcId: <VPCID>
Tags:
- Key: Name
Value: Private
PrivateSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
SubnetId: !Ref RedashInstancePrivateSubnetA
PrivateSubnetRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: <VPCID>
NATGatewayForPrivateSubnetA:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NATGatewayAEIP.AllocationId
SubnetId: !Ref RedashALBPublicSubnetA
NATGatewayAEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
PrivateARoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NATGatewayForPrivateSubnetA
RedashALBPublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: 172.18.2.0/24
VpcId: <VPCID>
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Public
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: <VPCID>
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: <INTERNETGATEWAYID>
PublicSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref RedashALBPublicSubnetA
####################################################################################################
#### Re:dash EC2 Instance
####################################################################################################
RedashInstance:
Type: AWS::EC2::Instance
Properties:
LaunchTemplate:
LaunchTemplateId: !Ref RedashInstanceLaunchTemplate
Version: !GetAtt RedashInstanceLaunchTemplate.LatestVersionNumber
SubnetId: !Ref RedashInstancePrivateSubnetA
RedashInstanceLaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: redash-isntance-lt
LaunchTemplateData:
SecurityGroupIds:
- !Ref RedashInstanceSecurityGroup
ImageId: ami-060741a96307668be
InstanceType: t2.small
RedashInstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: This Security Group is used for Re:dash Instance
GroupName: redash-instance-sg
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
#SourceSecurityGroupId: !Ref RedashALBSecurityGroup
VpcId: <VPCID>
我修改了模板,使其可以正常工作。我只能在我的沙盒帐户中的 us-east-1 中进行测试,因此我对该区域进行了更改。您需要进一步修改它,因为您的模板不完整,我不得不填写很多空白。
模板有效并提供实例(来自 curl):
<div class="fixed-width-page">
<div class="bg-white tiled">
<h4 class="m-t-0">Welcome to Redash!</h4>
<div>Before you can use your instance, you need to do a quick setup.</div>
完整的工作模板:
AWSTemplateFormatVersion: '2010-09-09'
Description: This template is used for creating redash analysis foundation
Resources:
####################################################################################################
#### NetWork Setting
####################################################################################################
VpcId:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
RedashInstancePrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1a #ap-northeast-1a
CidrBlock: "10.0.1.0/24"
VpcId: !Ref VpcId
Tags:
- Key: Name
Value: Private
PrivateSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
SubnetId: !Ref RedashInstancePrivateSubnetA
PrivateSubnetRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
NATGatewayForPrivateSubnetA:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NATGatewayAEIP.AllocationId
SubnetId: !Ref RedashALBPublicSubnetA
NATGatewayAEIP:
DependsOn: IGWAttachment
Type: AWS::EC2::EIP
Properties:
Domain: vpc
PrivateARoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NATGatewayForPrivateSubnetA
RedashALBPublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1a #ap-northeast-1a
CidrBlock: 10.0.0.0/24
VpcId: !Ref VpcId
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Public
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
InternetGatewayId:
Type: AWS::EC2::InternetGateway
Properties: {}
IGWAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGatewayId
VpcId: !Ref VpcId
#VpnGatewayId: String
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGatewayId
PublicSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref RedashALBPublicSubnetA
####################################################################################################
#### Re:dash EC2 Instance
####################################################################################################
RedashInstance:
Type: AWS::EC2::Instance
Properties:
LaunchTemplate:
LaunchTemplateId: !Ref RedashInstanceLaunchTemplate
Version: !GetAtt RedashInstanceLaunchTemplate.LatestVersionNumber
SubnetId: !Ref RedashInstancePrivateSubnetA
RedashInstanceLaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: redash-isntance-lt
LaunchTemplateData:
SecurityGroupIds:
- !Ref RedashInstanceSecurityGroup
ImageId: ami-0d915a031cabac0e0 #ami-060741a96307668be
InstanceType: t2.small
RedashInstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: This Security Group is used for Re:dash Instance
GroupName: redash-instance-sg
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
#SourceSecurityGroupId: !Ref RedashALBSecurityGroup
VpcId: !Ref VpcId
问题总结
我想在私有子网中设置 Redash 实例,但效果不佳。实例状态检查为“1/2 失败”。 问题是除了网站介绍的设置外,是否还有一些必要的设置(https://redash.io/help/open-source/setup)。
供您参考,如果我将 redash 实例放在 public 子网上,它运行良好。
技术细节:
AMI:ami-060741a96307668be
EC2 大小:t2.small
私有子网有NAT网关
CloudFormation 模板如下。(我删除了参数,因为那些是机密信息。参数是正确的,因为我用 public 子网检查了这些参数。所以请检查其他部分,谢谢。)
AWSTemplateFormatVersion: '2010-09-09'
Description: This template is used for creating redash analysis foundation
Resources:
####################################################################################################
#### NetWork Setting
####################################################################################################
RedashInstancePrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: !Ref PrivateSubnetACidrBlock
VpcId: !Ref VpcId
PrivateSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
SubnetId: !Ref RedashInstancePrivateSubnetA
PrivateSubnetRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
NATGatewayForPrivateSubnetA:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NATGatewayAEIP.AllocationId
SubnetId: !Ref RedashALBPublicSubnetA
NATGatewayAEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
PrivateARoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NATGatewayForPrivateSubnetA
RedashALBPublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: !Ref PublicSubnetACidrBlock
VpcId: !Ref VpcId
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Sub ${InternetGatewayId}
PublicSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref RedashALBPublicSubnetA
####################################################################################################
#### Re:dash EC2 Instance
####################################################################################################
RedashInstance:
Type: AWS::EC2::Instance
Properties:
LaunchTemplate:
LaunchTemplateId: !Ref RedashInstanceLaunchTemplate
Version: !GetAtt RedashInstanceLaunchTemplate.LatestVersionNumber
SubnetId: !Ref RedashInstancePrivateSubnetA
RedashInstanceLaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: redash-isntance-lt
LaunchTemplateData:
SecurityGroupIds:
- !Ref RedashInstanceSecurityGroup
ImageId: ami-060741a96307668be
InstanceType: t2.small
RedashInstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: This Security Group is used for Re:dash Instance
GroupName: redash-instance-sg
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
SourceSecurityGroupId: !Ref RedashALBSecurityGroup
VpcId: !Ref VpcId
根据 marcin 的评论,我尝试了下面的模板,但效果不佳,ec2 状态检查显示“1/2 失败”
AWSTemplateFormatVersion: '2010-09-09'
Description: This template is used for creating redash analysis foundation
Resources:
####################################################################################################
#### NetWork Setting
####################################################################################################
RedashInstancePrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: 172.18.0.0/24
VpcId: <VPCID>
Tags:
- Key: Name
Value: Private
PrivateSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
SubnetId: !Ref RedashInstancePrivateSubnetA
PrivateSubnetRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: <VPCID>
NATGatewayForPrivateSubnetA:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NATGatewayAEIP.AllocationId
SubnetId: !Ref RedashALBPublicSubnetA
NATGatewayAEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
PrivateARoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NATGatewayForPrivateSubnetA
RedashALBPublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: 172.18.2.0/24
VpcId: <VPCID>
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Public
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: <VPCID>
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: <INTERNETGATEWAYID>
PublicSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref RedashALBPublicSubnetA
####################################################################################################
#### Re:dash EC2 Instance
####################################################################################################
RedashInstance:
Type: AWS::EC2::Instance
Properties:
LaunchTemplate:
LaunchTemplateId: !Ref RedashInstanceLaunchTemplate
Version: !GetAtt RedashInstanceLaunchTemplate.LatestVersionNumber
SubnetId: !Ref RedashInstancePrivateSubnetA
RedashInstanceLaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: redash-isntance-lt
LaunchTemplateData:
SecurityGroupIds:
- !Ref RedashInstanceSecurityGroup
ImageId: ami-060741a96307668be
InstanceType: t2.small
RedashInstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: This Security Group is used for Re:dash Instance
GroupName: redash-instance-sg
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
#SourceSecurityGroupId: !Ref RedashALBSecurityGroup
VpcId: <VPCID>
我修改了模板,使其可以正常工作。我只能在我的沙盒帐户中的 us-east-1 中进行测试,因此我对该区域进行了更改。您需要进一步修改它,因为您的模板不完整,我不得不填写很多空白。
模板有效并提供实例(来自 curl):
<div class="fixed-width-page">
<div class="bg-white tiled">
<h4 class="m-t-0">Welcome to Redash!</h4>
<div>Before you can use your instance, you need to do a quick setup.</div>
完整的工作模板:
AWSTemplateFormatVersion: '2010-09-09'
Description: This template is used for creating redash analysis foundation
Resources:
####################################################################################################
#### NetWork Setting
####################################################################################################
VpcId:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
RedashInstancePrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1a #ap-northeast-1a
CidrBlock: "10.0.1.0/24"
VpcId: !Ref VpcId
Tags:
- Key: Name
Value: Private
PrivateSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
SubnetId: !Ref RedashInstancePrivateSubnetA
PrivateSubnetRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
NATGatewayForPrivateSubnetA:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NATGatewayAEIP.AllocationId
SubnetId: !Ref RedashALBPublicSubnetA
NATGatewayAEIP:
DependsOn: IGWAttachment
Type: AWS::EC2::EIP
Properties:
Domain: vpc
PrivateARoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NATGatewayForPrivateSubnetA
RedashALBPublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1a #ap-northeast-1a
CidrBlock: 10.0.0.0/24
VpcId: !Ref VpcId
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Public
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
InternetGatewayId:
Type: AWS::EC2::InternetGateway
Properties: {}
IGWAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGatewayId
VpcId: !Ref VpcId
#VpnGatewayId: String
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGatewayId
PublicSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref RedashALBPublicSubnetA
####################################################################################################
#### Re:dash EC2 Instance
####################################################################################################
RedashInstance:
Type: AWS::EC2::Instance
Properties:
LaunchTemplate:
LaunchTemplateId: !Ref RedashInstanceLaunchTemplate
Version: !GetAtt RedashInstanceLaunchTemplate.LatestVersionNumber
SubnetId: !Ref RedashInstancePrivateSubnetA
RedashInstanceLaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: redash-isntance-lt
LaunchTemplateData:
SecurityGroupIds:
- !Ref RedashInstanceSecurityGroup
ImageId: ami-0d915a031cabac0e0 #ami-060741a96307668be
InstanceType: t2.small
RedashInstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: This Security Group is used for Re:dash Instance
GroupName: redash-instance-sg
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
#SourceSecurityGroupId: !Ref RedashALBSecurityGroup
VpcId: !Ref VpcId