I have my terraform code to ssh into a ec2 instance and i keep getting the error as below. Also, I am able to ssh into the instance from my local machine.
timeout - last error: SSH authentication failed (kali#:22): ssh: handshake failed: ssh:
│ unable to authenticate, attempted methods [none publickey], no supported methods remain
here is my code:
resource "aws_key_pair" "public_key" {
key_name = "public_key”
public_key = "ssh-rsa xxxxxxxxxxxxx"
}
data "template_file" "user_data" {
template = file("../kali_linux_aws/payload.sh")
}
resource "aws_default_subnet" "default" {
availability_zone = var.availability_zone
}
resource "aws_default_vpc" "default" {
tags = {
Name = "Default VPC"
}
}
resource "aws_security_group" "kali_security_group" {
name = "allow_tls"
description = "Allow TLS inbound traffic"
vpc_id = aws_default_vpc.default.id
ingress {
description = "ssh"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "rdp"
from_port = 3389
to_port = 3389
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags = {
Name = "kali_security_group"
}
}
resource "aws_instance" "kali_linux" {
ami = "ami-0f226738ik68873d1"
instance_type = var.instance_type
availability_zone = var.availability_zone
associate_public_ip_address = true
key_name = aws_key_pair.public_key.key_name
user_data = data.template_file.user_data.rendered
subnet_id = var.subnet_id == null ? aws_default_subnet.default.id : var.subnet_id
vpc_security_group_ids = [aws_security_group.kali_security_group.id]
root_block_device {
volume_size = var.volume_size
}
}
resource "null_resource" "provision"{
connection {
type = "ssh"
user = "kali"
private_key = "${file("/Users/path/to/id_rsa")}"
host = aws_instance.kali_linux.public_ip
}
provisioner "remote-exec" {
inline = [
"sudo apt-get update"
]
}
}
All i am trying to do is to create a kali linux EC2 instance on AWS and run some remote-exec commands. Can someone please help? Also if there are any workarounds please suggest as well. Thank you in advance.
Related
Im currently trying to set up an AWS EC2 Instance & integrated API-Gateway with terraform.
I watched the tutorial of Anton Putra: https://www.youtube.com/watch?v=XhS2JbPg8jA&t=287s
and also cloned his code: https://github.com/antonputra/tutorials/tree/main/lessons/118
I simply wanted to rename some of the resources and apply the terraform.
"terraform init" works but when i run "terraform apply", i get this message:
CMD Error Message
This is the code from the file its complaining about:
resource "aws_acm_certificate" "gradebook" {
domain_name = "gradebook.bmeisn.com"
validation_method = "DNS"
}
data "aws_route53_zone" "gradebook-r53z" {
name = "bmeisn.com"
private_zone = false
}
resource "aws_route53_record" "gradebook-r53r" {
for_each = {
for dvo in aws_acm_certificate.gradebook.domain_validation_options : dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}
allow_overwrite = true
name = each.value.name
records = [each.value.record]
ttl = 60
type = each.value.type
zone_id = data.aws_route53_zone.gradebook-r53z.zone_id
}
resource "aws_acm_certificate_validation" "gradebook" {
certificate_arn = aws_acm_certificate.gradebook.arn
validation_record_fqdns = [for record in aws_route53_record.gradebook-r53r : record.fqdn ]
}
I read that it might be because of the domain so heres the tf file for that aswell:
resource "aws_apigatewayv2_domain_name" "gradebook" {
domain_name = "gradebook.bmeisn.com" domain_name_configuration {
certificate_arn = aws_acm_certificate.gradebook.arn
endpoint_type = "REGIONAL"
security_policy = "TLS_1_2"
}
depends_on = [aws_acm_certificate_validation.gradebook]
}
resource "aws_route53_record" "gradebook-r53r-02" {
name = aws_apigatewayv2_domain_name.gradebook.domain_name
type = "A"
zone_id = data.aws_route53_zone.gradebook-r53z.zone_id alias {
name = aws_apigatewayv2_domain_name.gradebook.domain_name_configuration[0].target_domain_name
zone_id = aws_apigatewayv2_domain_name.gradebook.domain_name_configuration[0].hosted_zone_id
evaluate_target_health = false
}
}
resource "aws_apigatewayv2_api_mapping" "gradebook-map" {
api_id = aws_apigatewayv2_api.gradebook-agw.id
domain_name = aws_apigatewayv2_domain_name.gradebook.id
stage = aws_apigatewayv2_stage.dev.id
}
output "custom_domain_api-v2" {
value = "https://${aws_apigatewayv2_api_mapping.gradebook-map.domain_name}/health"
}
The whole setup around it seems to work so im assuming i did something wrong here, i just cant figure out what exactly as im not very experienced with this technology.
Also if this question is missing any important info, let me know.
As pointed out in the comments, you aren't exactly creating your Route 53 zone. If you're committed to do it via Terraform (I'd personally advise against it but it's your choice to make) aws_route53_zone resource is what you seek, it also has example on how to reference a zone you're to create.
In case you still get messages about it being absent AFTER referencing zone resource you are creating (Terraform borking the resource creating order), then just use depends_on and call it a day.
I tried to create an EC2 instance. When I don't set security group, it's good, but when set security group it failed with the following message:
│ Error: creating EC2 Instance: InvalidParameterValue: Value () for parameter groupId is invalid. The value cannot be empty
│ status code: 400, request id: 2935799e-2364-4676-ba02-457740336cd1
│
│ with aws_instance.my_first_instance,
│ on main.tf line 44, in resource "aws_instance" "my_first_instance":
│ 44: resource "aws_instance" "my_first_instance" {
The code is
variable "ecs_cluster_name" {
type = string
default = "production"
}
data "aws_ami" "ecs_ami" {
most_recent = true
owners = ["amazon"]
filter {
name = "name"
values = ["amzn2-ami-ecs-hvm-2.0.202*-x86_64-ebs"]
}
}
output "ami_name" {
value = data.aws_ami.ecs_ami.name
description = "the name of ecs ami"
}
output "security_group_id" {
value = aws_security_group.default.id
description = "id of security group"
}
resource "aws_security_group" "default" {
name = "terraform_Security_group"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_instance" "my_first_instance" {
ami = data.aws_ami.ecs_ami.id
instance_type = "t2.micro"
# security_groups = ["sg-06e91dae98b2c44c6"]
security_groups = [aws_security_group.default.id]
user_data = <<-EOF
#!/bin/bash
echo ECS_CLUSTER={cluster_name} >> /etc/ecs/ecs.config
EOF
}
You should be using vpc_security_group_ids:
vpc_security_group_ids = [aws_security_group.default.id]
In terraform version 1.1.9 am facing the below issue while doing terraform apply.
Help me to fix how this for_each can be done without error.
rke_nodes values sample will be :
# Outputs
output "rancher_nodes" {
value = [
for instance in flatten([[aws_instance.node_all], [aws_instance.node_master], [aws_instance.node_worker]]): {
public_ip = instance.public_ip
private_ip = instance.private_ip
hostname = instance.id
user = var.node_username
roles = split(",", instance.tags.K8sRoles)
ssh_key = file(var.ssh_key_file)
}
]
sensitive = true
}
I have variable.tf :
variable "rke_nodes" {
type = list(object({
public_ip = string
private_ip = string
hostname = string
roles = list(string)
user = string
ssh_key = string
}))
description = "Node info to install RKE cluster"
}
main.tf :
# Provision RKE cluster on provided infrastructure
resource "rke_cluster" "rancher_cluster" {
cluster_name = var.rke.cluster_name
dynamic nodes {
for_each = var.rke_nodes
content {
address = nodes.value.public_ip
internal_address = nodes.value.private_ip
hostname_override = nodes.value.hostname
user = nodes.value.user
role = nodes.value.roles
ssh_key = nodes.value.ssh_key
}
}
upgrade_strategy {
drain = false
max_unavailable_controlplane = "1"
max_unavailable_worker = "10%"
}
kubernetes_version = var.rke.kubernetes_version
}
I got error when terraform apply :
╷
│ Error: Invalid dynamic for_each value
│
│ on .terraform/modules/rke-cluster/main.tf line 6, in resource "rke_cluster" "rancher_cluster":
│ 6: for_each = var.rke_nodes
│ ├────────────────
│ │ var.rke_nodes has a sensitive value
│
│ Cannot use a list of object value in for_each. An iterable collection is required.
Actual Value when apply it can be list in sometimes:
- nodes {
- address = "65.2.140.68" -> null
- hostname_override = "i-0d5bf5f22fb84f5d4" -> null
- internal_address = "10.30.8.120" -> null
- labels = {} -> null
- role = [
- "controlplane",
- "etcd",
- "worker",
] -> null
- ssh_agent_auth = false -> null
- ssh_key = (sensitive value)
- user = (sensitive value)
}
You don't need index. It just should be:
for_each = var.rke_nodes
Note: This works only for dynamic blocks. If you use for_each in resource blocks, this form of for_each (list of maps) will not work.
I'm not sure why I'm getting this value.
I have this resource in bastion/main.tf
resource "aws_security_group" "bastion_sg" {
name = "${var.name}-bastion-security-group"
vpc_id = var.vpc_id
ingress {
protocol = "tcp"
from_port = 22
to_port = 22
cidr_blocks = ["0.0.0.0/0"]
}
egress {
protocol = -1
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "${var.name}-bastion-sg"
}
}
here is my output for that bastion/outputs.tf
output "bastion_sg_id" {
value = aws_security_group.bastion_sg
}
My eks module in my root directory main.tf
module "eks" {
source = "./eks"
name = var.name
key_name = module.bastion.key_name
bastion_sg = module.bastion.bastion_sg_id
vpc_id = module.networking.vpc_id
private_subnets = module.networking.vpc_private_subnets
}
my variables in my eks/variables.tf
variable "bastion_sg" {
description = "bastion sg to add to ingress rule of node sg"
}
lastly, my eks/main.tf where the error is occuring
esource "aws_security_group" "node-sg" {
name = "${var.name}-node-security-group"
vpc_id = var.vpc_id
ingress {
protocol = "tcp"
from_port = 22
to_port = 22
security_groups = [var.bastion_sg]
}
egress {
protocol = -1
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
}
I tried it with and without the [] for the security_groups argument and when I did it without I got the set of strings required error and when I added the [] I got this error
on eks\main.tf line 95, in resource "aws_security_group" "node-sg":
│ 95: security_groups = [var.bastion_sg]
│ ├────────────────
│ │ var.bastion_sg is object with 13 attributes
│
│ Inappropriate value for attribute "security_groups": element 0: string required.
It should be:
output "bastion_sg_id" {
value = aws_security_group.bastion_sg.id
}
Hello i have tf file for create my ec2 instance
resource "aws_vpc" "magazin-vpc" {
cidr_block = 10.249.0.0/16
}
resource "aws_subnet" "magazin-subnet" {
vpc_id = aws_vpc.magazin-vpc.id
cidr_block = "10.249.2.0/28"
}
resource "aws_instance" "magazin-vm" {
ami = "ami-058c02d7640104f1e"
instance_type = "t2.micro"
private_ip = "10.249.2.5"
subnet_id = aws_subnet.magazin-subnet.id
vpc_security_group_ids = [aws_security_group.magazin-sg.id]
credit_specification {
cpu_credits = "unlimited"
}
}
resource "aws_ebs_volume" "magazin-ebs" {
availability_zone = "eu-north-1a"
size = 10
tags = {
Name = "magazin-ebs"
}
}
resource "aws_volume_attachment" "magazin-ebs-att" {
device_name = "/dev/sdh"
volume_id = aws_ebs_volume.magazin-ebs.id
instance_id = aws_instance.magazin-vm.id
}
resource "aws_security_group" "magazin-sg" {
name = "magazin-sg"
ingress {
description = "Allow port SSH from office"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["172.16.0.0/24"]
}
ingress {
description = "Allow port HTTPS"
from_port = 9200
to_port = 9200
protocol = "tcp"
cidr_blocks = ["172.16.0.0/24"]
}
ingress {
description = "Allow port HTTPS"
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["172.16.0.0/24"]
}
egress {
description = "Allow ALL ports"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
and when i launch terraform apply i got
│ Error: Error launching source instance: InvalidParameter: Security group sg-090289f530fb61f8d and subnet subnet-08d14b2d736d10286 belong to different networks.
│ status code: 400, request id: 953d0bb8-cf92-4d8c-9923-d911cec3b453
│
│ with aws_instance.magazin-vm,
│ on dev-aerospike.tf line 6, in resource "aws_instance" "magazin-vm":
│ 6: resource "aws_instance" "magazin-vm" {
│
why this error happens? because i declarate vpc and subnet in my terraform file
i'm using terraform 1.1.6
p.s the site says that the text should be longer but I don't know what else to write so I'll write that terraform is a cool thing, though I still don't know how to use it
You have to specify vpc_id in your aws_security_group. Without that your group will be created in a default VPC, not the one you are creating:
resource "aws_security_group" "magazin-sg" {
name = "magazin-sg"
vpc_id = aws_vpc.magazin-vpc.id
ingress {
description = "Allow port SSH from office"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["172.16.0.0/24"]
}
ingress {
description = "Allow port HTTPS"
from_port = 9200
to_port = 9200
protocol = "tcp"
cidr_blocks = ["172.16.0.0/24"]
}
ingress {
description = "Allow port HTTPS"
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["172.16.0.0/24"]
}
egress {
description = "Allow ALL ports"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}