Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Host not available despite having public IP #88

Open
jakubgs opened this issue Jul 29, 2019 · 3 comments
Open

Host not available despite having public IP #88

jakubgs opened this issue Jul 29, 2019 · 3 comments

Comments

@jakubgs
Copy link

jakubgs commented Jul 29, 2019

I was trying to access my EB host behind the ELB but I found out that when checking with nmap all ports were filtered.

I did have the following settings:

  • ssh_listener_port set to "22"
  • ssh_listener_enabled set to "true"
  • ssh_source_restriction set to "0.0.0.0/0"
  • associate_public_ip_address set to "true"

And yet I could not access any of the open ports on the instance.

I also had these set for the subnet module:

  • nat_gateway_enabled set to "true"
  • map_public_ip_on_launch set to "true"

What did work was setting the private_subnets setting to use module.subnets.public_subnet_ids rather than module.subnets.private_subnet_ids.

(I found this out by adding a host to the same VPC manually but in the public rather than private subnet, and it had access.)

I was wondering if this is Intended behavior?
And if so, maybe some additional documentation could help?
jakubgs added a commit to dap-ps/infra-dapps that referenced this issue Jul 30, 2019
@jakubgs
use public subnet to allow for debugging
b885e54 
For more details see:
cloudposse/terraform-aws-elastic-beanstalk-environment#88

Signed-off-by: Jakub Sokołowski <jakub@status.im>
@ff6347
Copy link

ff6347 commented Nov 5, 2019

Same problem for me. Only after using the module.subnets.public_subnet_ids for the private_subnets i can configure eb-cli to use eb ssh

@razorsedge
Copy link
Contributor

ssh_source_restriction is a variable but is not implemented in the tf code, so I imagine the security group is not being updated with a port 22/tcp rule.

@helllicht
Copy link

helllicht commented Sep 13, 2021
edited

+1 have the same issue
Is there a solution without moving EBS to public subnet?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ff6347 @razorsedge @jakubgs