1. vbox 설정
1.1 vbox 초기 설정
- centos-7-minimal iso 다운로드
- RAM 크기 지정
- 디스크 용량 설정
- ip 확인 후 selinux disabled
- vi /etc/selinux/config
- 아래 명령어 진행
yum install -y bash-completion wget unzip rdate
rdate -s time.bora.net
setenforce 0
yum update -y
- 왼쪽 파일 버튼 누르고 가상머신 내보내기 클릭
- 그대로 내보내기
2. AWS CLI
2.1 AWS CLI CentOS설치
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
yum install -y unzip wget bash-completion mysql git
unzip awscliv2.zip
./aws/install
echo "complete -C '/usr/local/bin/aws_completer' aws" >> .bash_profile # 자동완성 기능
exit
aws --version
aws configure
aws s3 ls
vi /etc/selinux/config
SELINUX=disabled
setenforce 0- AWS CLI 설치 명령어
2.2 CLI 자격증명
- admin 권한 주기
- 엑세스 키 생성
- 태그이름은 지정하지 않는다.
- 엑세스 키를 따로 보관한다.
- 자격증명을 마친다
2.3 VPC와 서브넷 만들기
- VPC 생성
- Subnet 생성; Private 영역까지 총 8개 생성
aws ec2 create-vpc --cidr-block 192.168.0.0/16 --tag-specification "ResourceType=vpc,Tags=[{Key=Name,Value=test-vpc}]" --output text
test_vpc=vpc-0004e61e8cd045380
echo $test_vpc
aws ec2 create-subnet --vpc-id $test_vpc --cidr-block 192.168.0.0/20 --availability-zone ap-northeast-2a --tag-specification "ResourceType=subnet,Tags=[{Key=Name,Value=test-pub-2a}]"
aws ec2 create-subnet --vpc-id $test_vpc --cidr-block 192.168.16.0/20 --availability-zone ap-northeast-2b --tag-specification "ResourceType=subnet,Tags=[{Key=Name,Value=test-pub-2b}]"
aws ec2 create-subnet --vpc-id $test_vpc --cidr-block 192.168.32.0/20 --availability-zone ap-northeast-2c --tag-specification "ResourceType=subnet,Tags=[{Key=Name,Value=test-pub-2c}]"
aws ec2 create-subnet --vpc-id $test_vpc --cidr-block 192.168.48.0/20 --availability-zone ap-northeast-2d --tag-specification "ResourceType=subnet,Tags=[{Key=Name,Value=test-pub-2d}]"
aws ec2 create-subnet --vpc-id $test_vpc --cidr-block 192.168.64.0/20 --availability-zone ap-northeast-2a --tag-specification "ResourceType=subnet,Tags=[{Key=Name,Value=test-pvt-2a}]"
aws ec2 create-subnet --vpc-id $test_vpc --cidr-block 192.168.80.0/20 --availability-zone ap-northeast-2b --tag-specification "ResourceType=subnet,Tags=[{Key=Name,Value=test-pvt-2b}]"
aws ec2 create-subnet --vpc-id $test_vpc --cidr-block 192.168.96.0/20 --availability-zone ap-northeast-2c --tag-specification "ResourceType=subnet,Tags=[{Key=Name,Value=test-pvt-2c}]"
aws ec2 create-subnet --vpc-id $test_vpc --cidr-block 192.168.112.0/20 --availability-zone ap-northeast-2d --tag-specification "ResourceType=subnet,Tags=[{Key=Name,Value=test-pvt-2d}]"
aws ec2 describe-subnets --filters "Name=vpc-id,Values=$test_vpc" --query 'Subnets[*].{AZ:AvailabilityZone,CIDR:CidrBlock,SUBNET:Tags[0].Value}'
2.4 퍼블릭 및 프라이빗 서브넷으로 만들기
* internet-gateway 생성 후 확인
aws ec2 create-internet-gateway --tag-specification "ResourceType=internet-gateway,Tags=[{Key=Name,Value=test-igw}]" --output text
test_igw=igw-0d43ccb41068ca608
echo $test_igw
aws ec2 attach-internet-gateway --vpc-id $test_vpc --internet-gateway-id $test_igw
aws ec2 describe-internet-gateways --filters "Name=internet-gateway-id,Values=$test_igw" --output table
* routing table 확인
aws ec2 describe-route-tables --filter "Name=vpc-id,Values=$test_vpc"
test_pub_rtb=rtb-009733801bebb4cff
echo $test_pub_rtb
aws ec2 create-route --route-table-id $test_pub_rtb --destination-cidr-block 0.0.0.0/0 --gateway-id $test_igw
aws ec2 create-tags --resources $test_pub_rtb --tags "Key=Name,Value=test-pub-rtb"
aws ec2 describe-route-tables --route-table-id $test_pub_rtb --output table
* 라우팅 테이블에 서브넷 연결 후 vpc에 연결
* public subnet
aws ec2 describe-subnets --filters "Name=vpc-id,Values=$test_vpc" --query 'Subnets[*]. {ID:SubnetId,CIDR:CidrBlock,TAGS:Tags[0].Value}'
test_pub_2a=subnet-0a92ebd07506f8015
test_pub_2b=subnet-03c28641e38ea3756
test_pub_2c=subnet-0639df17d27e1fc49
test_pub_2d=subnet-00fe482cb75a419ba
test_pvt_2a=subnet-02ab5505c72943418
test_pvt_2b=subnet-098d6b8ad28a21aaf
test_pvt_2c=subnet-03c35668d0df64fa7
test_pvt_2d=subnet-01cd5594e7f8d9103
aws ec2 associate-route-table --subnet-id $test_pub_2a --route-table-id $test_pub_rtb
aws ec2 associate-route-table --subnet-id $test_pub_2b --route-table-id $test_pub_rtb
aws ec2 associate-route-table --subnet-id $test_pub_2c --route-table-id $test_pub_rtb
aws ec2 associate-route-table --subnet-id $test_pub_2d --route-table-id $test_pub_rtb
aws ec2 modify-subnet-attribute --subnet-id $test_pub_2a --map-public-ip-on-launch
aws ec2 modify-subnet-attribute --subnet-id $test_pub_2b --map-public-ip-on-launch
aws ec2 modify-subnet-attribute --subnet-id $test_pub_2c --map-public-ip-on-launch
aws ec2 modify-subnet-attribute --subnet-id $test_pub_2d --map-public-ip-on-launch
aws ec2 create-route-table --vpc-id $test_vpc* private subnet
test_pvt_rtb=rtb-02281ff77d487f3ca
aws ec2 create-tags --resources $test_pvt_rtb --tags "Key=Name,Value=test-pvt-rtb"
aws ec2 associate-route-table --subnet-id $test_pvt_2a --route-table-id $test_pvt_rtb
aws ec2 associate-route-table --subnet-id $test_pvt_2b --route-table-id $test_pvt_rtb
aws ec2 associate-route-table --subnet-id $test_pvt_2c --route-table-id $test_pvt_rtb
aws ec2 associate-route-table --subnet-id $test_pvt_2d --route-table-id $test_pvt_rtb
aws ec2 modify-vpc-attribute --vpc-id $test_vpc --enable-dns-hostnames
* 키페어, 보안그룹 만들기
aws ec2 create-key-pair --key-name test-key --query 'KeyMaterial' --output text > test-key.pem
chmod 400 test-key.pem
aws ec2 create-security-group --group-name test-sg-web --description "Security group for HTTP_SSH access" --vpc-id $test_vpc --tag-specification "ResourceType=security-group,Tags=[{Key=Name,Value=test-sg-web}]"
test_web_sg=sg-02b1e4a73b85458ea
aws ec2 authorize-security-group-ingress --group-id $test_web_sg --protocol tcp --port 22 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-id $test_web_sg --protocol tcp --port 80 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-id $test_web_sg --protocol icmp --port -1 --cidr 0.0.0.0/0
aws ec2 describe-security-groups --group-id $test_web_sg
aws ec2 describe-security-groups --group-id $test_web_sg --output table
2.5 볼륨 및 인스턴스 만들기
# vi mapping.json
[
{
"DeviceName": "/dev/xvda",// root volume
"Ebs": {
"VolumeSize": 8
}
},
{
"DeviceName": "/dev/xvdb",
"Ebs": {
"VolumeSize": 8
}
}
]
# vi my_script.txt
#!/bin/bash
yum install -y httpd
systemctl enable --now httpd
echo "<h1>Hello AWS CLI</h1>" > /var/www/html/index.html
# aws ec2 run-instances \
--image-id ami-035da6a0773842f64 \
--count 1 \
--instance-type t2.micro \
--key-name test-key \
--security-group-ids $test_web_sg \
--subnet-id $test_pub_2a \
--block-device-mappings file://mapping.json \
--user-data file://my_script.txt \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=test-web}]' 'ResourceType=volume,Tags=[{Key=Name,Value=test-root}]'
test_iid=i-08b84a8f3a4cbe689
aws ec2 describe-instances --instance-id $test_iid | grep PublicIp
ssh -i "test-key.pem" ec2-user@52.78.179.102
curl 52.78.179.102
2.6 정리(삭제)
aws ec2 terminate-instances --instance-id $test_iid
aws ec2 delete-security-group --group-id $test_web_sg
aws ec2 delete-subnet --subnet-id $test_pub_2a
aws ec2 delete-subnet --subnet-id $test_pub_2b
aws ec2 delete-subnet --subnet-id $test_pub_2c
aws ec2 delete-subnet --subnet-id $test_pub_2d
aws ec2 delete-subnet --subnet-id $test_pvt_2a
aws ec2 delete-subnet --subnet-id $test_pvt_2b
aws ec2 delete-subnet --subnet-id $test_pvt_2c
aws ec2 delete-subnet --subnet-id $test_pvt_2d
aws ec2 detach-internet-gateway --internet-gateway-id $test_igw --vpc-id $test_vpc
aws ec2 delete-internet-gateway --internet-gateway-id $test_igw
aws ec2 delete-route-table --route-table-id $test_pvt_rtb
aws ec2 delete-route --route-table-id $test_pub_rtb --destination-cidr-block 0.0.0.0/0
aws ec2 delete-vpc --vpc-id $test_vpc'Cloud Solution Architect > AWS' 카테고리의 다른 글
| Terraform - VPC, EC2, Autoscaling (0) | 2023.05.18 |
|---|---|
| AWS-CloudFormation (0) | 2023.05.16 |
| 2차 세미 프로젝트 - Openstack (0) | 2023.05.11 |
| AWS - Amazon Inspector, CloudWatchLog, NAT Instance (0) | 2023.05.02 |
| AWS - CloudFront, Cloud 보안, ACM을 활용한 HTTPS 프로토콜 접속 (0) | 2023.05.01 |