Host not available despite having public IP

[jakubgs]

I was trying to access my EB host behind the ELB but I found out that when checking with nmap all ports were filtered.

I did have the following settings:

• ssh_listener_port set to "22"
• ssh_listener_enabled set to "true"
• ssh_source_restriction set to "0.0.0.0/0"
• associate_public_ip_address set to "true"

And yet I could not access any of the open ports on the instance.

I also had these set for the subnet module:

• nat_gateway_enabled set to "true"
• map_public_ip_on_launch set to "true"

What did work was setting the private_subnets setting to use module.subnets.public_subnet_ids rather than module.subnets.private_subnet_ids.

(I found this out by adding a host to the same VPC manually but in the public rather than private subnet, and it had access.)

I was wondering if this is Intended behavior?
And if so, maybe some additional documentation could help?

[ff6347]

Same problem for me. Only after using the module.subnets.public_subnet_ids for the private_subnets i can configure eb-cli to use eb ssh

[razorsedge]

ssh_source_restriction is a variable but is not implemented in the tf code, so I imagine the security group is not being updated with a port 22/tcp rule.

[helllicht]

+1 have the same issue
Is there a solution without moving EBS to public subnet?