1
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 1 year has passed since last update.

AWS PrivateLink

Posted at

AWS PrivateLinkとは

Private LinkとVPC Endpoint

インターフェイス VPC エンドポイント

設定
  • Subnet
    • Private Subnetを進める
  • Security Group
    • 通信をBoundできる
    • 普段はHTTPSのInBoundを許可する
  • エンドポイントポリシー
  • 通知
構成図

構成図

Gateway Load Balancer エンドポイント

Gateway エンドポイント

  • ゲートウェイエンドポイントは AWS PrivateLink を有効化しません。

CloudformationでSSM用VPC Endpointを構築してみる

ssm_vpce.yml
AWSTemplateFormatVersion: "2010-09-09"
Description: 
  SSM VPC Endpoint

Resources:
  SsmVpcEndpointSG:
    Type: "AWS::EC2::SecurityGroup"
    Properties:
      VpcId: vpc-xxxxxx
      GroupName: "ssm-vpce-sg"
      GroupDescription: "ssm-vpc-endpoint-sg"
  SsmVpcEndpointSGIngress1:
    Type: "AWS::EC2::SecurityGroupIngress"
    Properties:
      GroupId: !Ref SsmVpcEndpointSG
      IpProtocol: tcp
      FromPort: 443
      ToPort: 443
      CidrIp: 172.16.0.0/16
  SsmVpcEndpoint:
    Type: AWS::EC2::VPCEndpoint
    Properties:
      ServiceName: !Sub "com.amazonaws.${AWS::Region}.ssm"
      VpcEndpointType: Interface
      PrivateDnsEnabled: true
      VpcId: vpc-xxxxxx
      SubnetIds:
        - subnet-xxxx
      SecurityGroupIds:
        - !Ref SsmVpcEndpointSG
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal: '*'
            Action:
              - "ssm:GetParameters"
              - "ssm:GetParameter"
            Resource:
              - !Sub "arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/*"

1
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
1
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?