aws ことはじめ その1
まずは普通にインスタンスを立ててみる
VPCを作成
aws> ec2 create-vpc --cidr-block 192.168.0.0/16 { "Vpc": { "CidrBlock": "192.168.0.0/16", "DhcpOptionsId": "dopt-338b0854", "State": "pending", "VpcId": "vpc-***masked***", "InstanceTenancy": "default", "Ipv6CidrBlockAssociationSet": [], "CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-00b5fa50810ec9a2f", "CidrBlock": "192.168.0.0/24", "CidrBlockState": { "State": "associated" } } ], "IsDefault": false, "Tags": [] } }
subnetを作成
aws> ec2 create-subnet --vpc-id vpc-***masked*** --cidr-block 192.168.1.0/24 { "Subnet": { "AvailabilityZone": "ap-northeast-1d", "AvailableIpAddressCount": 251, "CidrBlock": "192.168.1.0/24", "DefaultForAz": false, "MapPublicIpOnLaunch": false, "State": "pending", "SubnetId": "subnet-***masked***1", "VpcId": "vpc-***masked***", "AssignIpv6AddressOnCreation": false, "Ipv6CidrBlockAssociationSet": [] } } aws> ec2 create-subnet --vpc-id vpc-***masked*** --cidr-block 192.168.2.0/24 --availability-zone ap-northeast-1a { "Subnet": { "AvailabilityZone": "ap-northeast-1a", "AvailableIpAddressCount": 251, "CidrBlock": "192.168.2.0/24", "DefaultForAz": false, "MapPublicIpOnLaunch": false, "State": "pending", "SubnetId": "subnet-***masked***2", "VpcId": "vpc-***masked***", "AssignIpv6AddressOnCreation": false, "Ipv6CidrBlockAssociationSet": [] } }
Security groupを作成
以下のような流れで作成する
create-security-group
でセキュリティグループを作成するauthorize-security-group-ingress
でとりあえず自分ちからつながるようにする- キーペアを作成する
awa> ec2 create-security-group --group-name dev_private_ec2 --description "An environment for development" --vpc-id vpc-***masked*** { "GroupId": "sg-***masked***" } aws> ec2 authorize-security-group-ingress --group-id sg-***masked*** --protocol tcp --port 22 --cidr X.X.X.X/32 aws> ec2 create-key-pair --key-name aws_default --query "KeyMaterial" --output text
EC2を起動
以下を指定する。
❯ aws ec2 run-instances \ --image-id ami-2724cf58 \ --subnet-id ***masked*** \ --security-group-ids ***masked*** \ --count 1 \ --instance-type t2.micro \ --key-name aws_default { "Groups": [], "Instances": [ { "AmiLaunchIndex": 0, "ImageId": "ami-2724cf58", "InstanceId": "***masked***", "InstanceType": "t2.micro", "KeyName": "aws_default", "LaunchTime": "2018-05-20T09:17:33.000Z", "Monitoring": { "State": "disabled" }, "Placement": { "AvailabilityZone": "ap-northeast-1d", "GroupName": "", "Tenancy": "default" }, "PrivateDnsName": "ip-192-168-1-93.ap-northeast-1.compute.internal", "PrivateIpAddress": "192.168.1.93", "ProductCodes": [], "PublicDnsName": "", "State": { "Code": 0, "Name": "pending" }, "StateTransitionReason": "", "SubnetId": "***masked***", "VpcId": "***masked***", "Architecture": "x86_64", "BlockDeviceMappings": [], "ClientToken": "", "EbsOptimized": false, "Hypervisor": "xen", "NetworkInterfaces": [ { "Attachment": { "AttachTime": "2018-05-20T09:17:33.000Z", "AttachmentId": "***masked***", "DeleteOnTermination": true, "DeviceIndex": 0, "Status": "attaching" }, "Description": "", "Groups": [ { "GroupName": "dev_private_ec2", "GroupId": "***masked***" } ], "Ipv6Addresses": [], "MacAddress": "0e:01:03:99:93:96", "NetworkInterfaceId": "***masked***", "OwnerId": "***masked***", "PrivateIpAddress": "192.168.1.93", "PrivateIpAddresses": [ { "Primary": true, "PrivateIpAddress": "192.168.1.93" } ], "SourceDestCheck": true, "Status": "in-use", "SubnetId": "***masked***", "VpcId": "***masked***" } ], "RootDeviceName": "/dev/xvda", "RootDeviceType": "ebs", "SecurityGroups": [ { "GroupName": "dev_private_ec2", "GroupId": "***masked***" } ], "SourceDestCheck": true, "StateReason": { "Code": "pending", "Message": "pending" }, "VirtualizationType": "hvm", "CpuOptions": { "CoreCount": 1, "ThreadsPerCore": 1 } } ], "OwnerId": "***masked***", "ReservationId": "r-0ec8efda16e57dfd9" } ❯ aws ec2 describe-instances { // いっぱい出てくるので省略 }
インターネットゲートウェイとの接続
❯ aws ec2 create-internet-gateway { "InternetGateway": { "Attachments": [], "InternetGatewayId": "***masked***", "Tags": [] } } ❯ aws ec2 attach-internet-gateway \ --internet-gateway-id ***masked*** \ --vpc-id ***masked*** ❯ aws ec2 allocate-address --domain vpc { "PublicIp": "X.X.X.X", "AllocationId": "***masked***", "Domain": "vpc" } ❯ aws ec2 associate-address \ --instance-id ***masked*** \ --allocation-id ***masked*** { "AssociationId": "***masked***" }
これで、SSHでつながるぞ!と思ったら、繋がらない。
→自分で作ったSubnetのルートテーブルが、インターネットに出ていけない設定になっていたからでした。
ルートテーブルの変更
❯ aws ec2 describe-subnets --output table --query "Subnets[].[SubnetId,CidrBlock]" ------------------------------------------------ | DescribeSubnets | +---------------------------+------------------+ | subnet-aaaaaaaaa | 172.31.16.0/20 | | subnet-bbbbbbbb | 172.31.0.0/20 | | subnet-0aaaaaaaaaaaaaaaaa | 192.168.1.0/24 | | subnet-0bbbbbbbbbbbbbbb | 192.168.2.0/24 | | subnet-ccccccccc | 172.31.32.0/20 | +---------------------------+------------------+ ❯ aws ec2 describe-internet-gateways { // 省略 } ❯ aws ec2 describe-route-tables { // 省略 } ❯ aws ec2 create-internet-gateway ❯ aws ec2 attach-internet-gateway \ --internet-gateway-id ***masked*** \ --vpc-id ***masked***
今日はここまで
create-vpc
でVPC作成、create-subnet
でサブネット作成。- 作成したサブネットに対して、
authorize-security-group-ingress
で許可するインバウンド方向の通信を設定 create-key-pair
でキーペアを作成する、- EC2を作成