aws ことはじめ その1
まずは普通にインスタンスを立ててみる
VPCを作成
aws> ec2 create-vpc --cidr-block 192.168.0.0/16
{
"Vpc": {
"CidrBlock": "192.168.0.0/16",
"DhcpOptionsId": "dopt-338b0854",
"State": "pending",
"VpcId": "vpc-***masked***",
"InstanceTenancy": "default",
"Ipv6CidrBlockAssociationSet": [],
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-00b5fa50810ec9a2f",
"CidrBlock": "192.168.0.0/24",
"CidrBlockState": {
"State": "associated"
}
}
],
"IsDefault": false,
"Tags": []
}
}
subnetを作成
aws> ec2 create-subnet --vpc-id vpc-***masked*** --cidr-block 192.168.1.0/24
{
"Subnet": {
"AvailabilityZone": "ap-northeast-1d",
"AvailableIpAddressCount": 251,
"CidrBlock": "192.168.1.0/24",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"State": "pending",
"SubnetId": "subnet-***masked***1",
"VpcId": "vpc-***masked***",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": []
}
}
aws> ec2 create-subnet --vpc-id vpc-***masked*** --cidr-block 192.168.2.0/24 --availability-zone ap-northeast-1a
{
"Subnet": {
"AvailabilityZone": "ap-northeast-1a",
"AvailableIpAddressCount": 251,
"CidrBlock": "192.168.2.0/24",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"State": "pending",
"SubnetId": "subnet-***masked***2",
"VpcId": "vpc-***masked***",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": []
}
}
Security groupを作成
以下のような流れで作成する
create-security-groupでセキュリティグループを作成するauthorize-security-group-ingressでとりあえず自分ちからつながるようにする- キーペアを作成する
awa> ec2 create-security-group --group-name dev_private_ec2 --description "An environment for development" --vpc-id vpc-***masked***
{
"GroupId": "sg-***masked***"
}
aws> ec2 authorize-security-group-ingress --group-id sg-***masked*** --protocol tcp --port 22 --cidr X.X.X.X/32
aws> ec2 create-key-pair --key-name aws_default --query "KeyMaterial" --output text
EC2を起動
以下を指定する。
❯ aws ec2 run-instances \
--image-id ami-2724cf58 \
--subnet-id ***masked*** \
--security-group-ids ***masked*** \
--count 1 \
--instance-type t2.micro \
--key-name aws_default
{
"Groups": [],
"Instances": [
{
"AmiLaunchIndex": 0,
"ImageId": "ami-2724cf58",
"InstanceId": "***masked***",
"InstanceType": "t2.micro",
"KeyName": "aws_default",
"LaunchTime": "2018-05-20T09:17:33.000Z",
"Monitoring": {
"State": "disabled"
},
"Placement": {
"AvailabilityZone": "ap-northeast-1d",
"GroupName": "",
"Tenancy": "default"
},
"PrivateDnsName": "ip-192-168-1-93.ap-northeast-1.compute.internal",
"PrivateIpAddress": "192.168.1.93",
"ProductCodes": [],
"PublicDnsName": "",
"State": {
"Code": 0,
"Name": "pending"
},
"StateTransitionReason": "",
"SubnetId": "***masked***",
"VpcId": "***masked***",
"Architecture": "x86_64",
"BlockDeviceMappings": [],
"ClientToken": "",
"EbsOptimized": false,
"Hypervisor": "xen",
"NetworkInterfaces": [
{
"Attachment": {
"AttachTime": "2018-05-20T09:17:33.000Z",
"AttachmentId": "***masked***",
"DeleteOnTermination": true,
"DeviceIndex": 0,
"Status": "attaching"
},
"Description": "",
"Groups": [
{
"GroupName": "dev_private_ec2",
"GroupId": "***masked***"
}
],
"Ipv6Addresses": [],
"MacAddress": "0e:01:03:99:93:96",
"NetworkInterfaceId": "***masked***",
"OwnerId": "***masked***",
"PrivateIpAddress": "192.168.1.93",
"PrivateIpAddresses": [
{
"Primary": true,
"PrivateIpAddress": "192.168.1.93"
}
],
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "***masked***",
"VpcId": "***masked***"
}
],
"RootDeviceName": "/dev/xvda",
"RootDeviceType": "ebs",
"SecurityGroups": [
{
"GroupName": "dev_private_ec2",
"GroupId": "***masked***"
}
],
"SourceDestCheck": true,
"StateReason": {
"Code": "pending",
"Message": "pending"
},
"VirtualizationType": "hvm",
"CpuOptions": {
"CoreCount": 1,
"ThreadsPerCore": 1
}
}
],
"OwnerId": "***masked***",
"ReservationId": "r-0ec8efda16e57dfd9"
}
❯ aws ec2 describe-instances
{
// いっぱい出てくるので省略
}
インターネットゲートウェイとの接続
❯ aws ec2 create-internet-gateway
{
"InternetGateway": {
"Attachments": [],
"InternetGatewayId": "***masked***",
"Tags": []
}
}
❯ aws ec2 attach-internet-gateway \
--internet-gateway-id ***masked*** \
--vpc-id ***masked***
❯ aws ec2 allocate-address --domain vpc
{
"PublicIp": "X.X.X.X",
"AllocationId": "***masked***",
"Domain": "vpc"
}
❯ aws ec2 associate-address \
--instance-id ***masked*** \
--allocation-id ***masked***
{
"AssociationId": "***masked***"
}
これで、SSHでつながるぞ!と思ったら、繋がらない。
→自分で作ったSubnetのルートテーブルが、インターネットに出ていけない設定になっていたからでした。
ルートテーブルの変更
❯ aws ec2 describe-subnets --output table --query "Subnets[].[SubnetId,CidrBlock]"
------------------------------------------------
| DescribeSubnets |
+---------------------------+------------------+
| subnet-aaaaaaaaa | 172.31.16.0/20 |
| subnet-bbbbbbbb | 172.31.0.0/20 |
| subnet-0aaaaaaaaaaaaaaaaa | 192.168.1.0/24 |
| subnet-0bbbbbbbbbbbbbbb | 192.168.2.0/24 |
| subnet-ccccccccc | 172.31.32.0/20 |
+---------------------------+------------------+
❯ aws ec2 describe-internet-gateways
{
// 省略
}
❯ aws ec2 describe-route-tables
{
// 省略
}
❯ aws ec2 create-internet-gateway
❯ aws ec2 attach-internet-gateway \
--internet-gateway-id ***masked*** \
--vpc-id ***masked***
今日はここまで
create-vpcでVPC作成、create-subnetでサブネット作成。- 作成したサブネットに対して、
authorize-security-group-ingressで許可するインバウンド方向の通信を設定 create-key-pairでキーペアを作成する、- EC2を作成
