Open http ports for ec2 for ssm to work

ikovac · ikovac · commit 2d05e6019702 · 2023-10-11T14:11:35.000+02:00
diff --git a/src/components/ec2-ssm-connect.ts b/src/components/ec2-ssm-connect.ts
@@ -37,6 +37,18 @@ export class Ec2SSMConnect extends pulumi.ComponentResource {
             toPort: 22,
             cidrBlocks: ['0.0.0.0/0'],
           },
+          {
+            protocol: 'tcp',
+            fromPort: 80,
+            toPort: 80,
+            cidrBlocks: ['0.0.0.0/0'],
+          },
+          {
+            protocol: 'tcp',
+            fromPort: 443,
+            toPort: 443,
+            cidrBlocks: ['0.0.0.0/0'],
+          },
         ],
         egress: [
           { protocol: '-1', fromPort: 0, toPort: 0, cidrBlocks: ['0.0.0.0/0'] },
@@ -82,6 +94,31 @@ export class Ec2SSMConnect extends pulumi.ComponentResource {
       { parent: this, dependsOn: [ssmPolicyAttachment] },
     );
 
+    this.sshKeyPair = new aws.ec2.KeyPair(
+      `${name}-ec2-keypair`,
+      {
+        publicKey: args.sshPublicKey,
+      },
+      { parent: this },
+    );
+
+    this.ec2 = new aws.ec2.Instance(
+      `${name}-ec2`,
+      {
+        ami: 'ami-067d1e60475437da2',
+        associatePublicIpAddress: false,
+        instanceType: 't2.micro',
+        keyName: this.sshKeyPair.keyName,
+        iamInstanceProfile: ssmProfile.name,
+        subnetId,
+        vpcSecurityGroupIds: [this.ec2SecurityGroup.id],
+        tags: {
+          Name: `${name}-ec2`,
+        },
+      },
+      { parent: this },
+    );
+
     this.ssmVpcEndpoint = new aws.ec2.VpcEndpoint(
       `${name}-ssm-vpc-endpoint`,
       {
@@ -93,7 +130,7 @@ export class Ec2SSMConnect extends pulumi.ComponentResource {
         securityGroupIds: [this.ec2SecurityGroup.id],
         privateDnsEnabled: true,
       },
-      { parent: this },
+      { parent: this, dependsOn: [this.ec2] },
     );
 
     this.ec2MessagesVpcEndpoint = new aws.ec2.VpcEndpoint(
@@ -107,7 +144,7 @@ export class Ec2SSMConnect extends pulumi.ComponentResource {
         securityGroupIds: [this.ec2SecurityGroup.id],
         privateDnsEnabled: true,
       },
-      { parent: this },
+      { parent: this, dependsOn: [this.ec2] },
     );
 
     this.ssmMessagesVpcEndpoint = new aws.ec2.VpcEndpoint(
@@ -121,32 +158,7 @@ export class Ec2SSMConnect extends pulumi.ComponentResource {
         securityGroupIds: [this.ec2SecurityGroup.id],
         privateDnsEnabled: true,
       },
-      { parent: this },
-    );
-
-    this.sshKeyPair = new aws.ec2.KeyPair(
-      `${name}-ec2-keypair`,
-      {
-        publicKey: args.sshPublicKey,
-      },
-      { parent: this },
-    );
-
-    this.ec2 = new aws.ec2.Instance(
-      `${name}-ec2`,
-      {
-        ami: 'ami-067d1e60475437da2',
-        associatePublicIpAddress: false,
-        instanceType: 't2.micro',
-        keyName: this.sshKeyPair.keyName,
-        iamInstanceProfile: ssmProfile.name,
-        subnetId,
-        vpcSecurityGroupIds: [this.ec2SecurityGroup.id],
-        tags: {
-          Name: `${name}-ec2`,
-        },
-      },
-      { parent: this },
+      { parent: this, dependsOn: [this.ec2] },
     );
 
     this.registerOutputs();
