上記、「AWS Hands-on for Beginners 〜 スケーラブルウェブサイト構築編 〜」 をAWS CLIでやってみる
ハンズオンから引用
1. Amazon VPC の作成
変数設定
コマンド
# VPC名
VPC_NAME="handson-user1" \
&& echo ${VPC_NAME}
# IPv4 CIDR ブロック
VPC_CIDR_BLOCK="10.0.0.0/16" \
&& echo ${VPC_CIDR_BLOCK}
# 第1アベイラビリティーゾーン
AZ_1="ap-northeast-1a" \
&& echo ${AZ_1}
# 第2アベイラビリティーゾーン
AZ_2="ap-northeast-1c" \
&& echo ${AZ_2}
# 第1アベイラビリティーゾーンのパブリックサブネットCIDRブロック
AZ1_PUBLIC_CIDR_BLOCK="10.0.0.0/24" \
&& echo ${AZ1_PUBLIC_CIDR_BLOCK}
# 第2アベイラビリティーゾーンのパブリックサブネットCIDRブロック
AZ2_PUBLIC_CIDR_BLOCK="10.0.1.0/24" \
&& echo ${AZ2_PUBLIC_CIDR_BLOCK}
# 第1アベイラビリティーゾーンのプライベートサブネットCIDRブロック
AZ1_PRIVATE_CIDR_BLOCK="10.0.2.0/24" \
&& echo ${AZ1_PRIVATE_CIDR_BLOCK}
# 第2アベイラビリティーゾーンのプライベートサブネットCIDRブロック
AZ2_PRIVATE_CIDR_BLOCK="10.0.3.0/24" \
&& echo ${AZ2_PRIVATE_CIDR_BLOCK}
# 第1アベイラビリティーゾーンのパブリックサブネット名
AZ1_PUBLIC_NAME="パブリックサブネット-1a" \
&& echo ${AZ1_PUBLIC_NAME}
# 第2アベイラビリティーゾーンのパブリックサブネット名
AZ2_PUBLIC_NAME="パブリックサブネット-1c" \
&& echo ${AZ2_PUBLIC_NAME}
# 第1アベイラビリティーゾーンのプライベートサブネット名
AZ1_PRIVATE_NAME="プライベートサブネット-1a" \
&& echo ${AZ1_PRIVATE_NAME}
# 第2アベイラビリティーゾーンのプライベートサブネット名
AZ2_PRIVATE_NAME="プライベートサブネット-1c" \
&& echo ${AZ2_PRIVATE_NAME}
# インターネットゲートウェイ名
INTERNET_GATEWAY_NAME=${VPC_NAME}-igw \
&& echo ${INTERNET_GATEWAY_NAME}
# パブリックルートテーブル名
PUBLIC_ROUTE_NAME=${VPC_NAME}-rtb-public \
&& echo ${PUBLIC_ROUTE_NAME}
# デフォルトルート
PUBLIC_ROUTE_DEFAULTROUTE='0.0.0.0/0' \
&& echo ${PUBLIC_ROUTE_DEFAULTROUTE}
出力
[cloudshell-user@ip-10-134-1-141 ~]$ # VPC名
[cloudshell-user@ip-10-134-1-141 ~]$ VPC_NAME="handson-user1" \
> && echo ${VPC_NAME}
handson-user1
[cloudshell-user@ip-10-134-1-141 ~]$
[cloudshell-user@ip-10-134-1-141 ~]$ # IPv4 CIDR ブロック
[cloudshell-user@ip-10-134-1-141 ~]$ VPC_CIDR_BLOCK="10.0.0.0/16" \
> && echo ${VPC_CIDR_BLOCK}
10.0.0.0/16
[cloudshell-user@ip-10-134-1-141 ~]$
[cloudshell-user@ip-10-134-1-141 ~]$ # 第1アベイラビリティーゾーン
[cloudshell-user@ip-10-134-1-141 ~]$ AZ_1="ap-northeast-1a" \
> && echo ${AZ_1}
ap-northeast-1a
[cloudshell-user@ip-10-134-1-141 ~]$
[cloudshell-user@ip-10-134-1-141 ~]$ # 第2アベイラビリティーゾーン
[cloudshell-user@ip-10-134-1-141 ~]$ AZ_2="ap-northeast-1c" \
> && echo ${AZ_2}
ap-northeast-1c
[cloudshell-user@ip-10-134-1-141 ~]$
[cloudshell-user@ip-10-134-1-141 ~]$ # 第1アベイラビリティーゾーンのパブリックサブネットCIDRブロック
[cloudshell-user@ip-10-134-1-141 ~]$ AZ1_PUBLIC_CIDR_BLOCK="10.0.0.0/24" \
> && echo ${AZ1_PUBLIC_CIDR_BLOCK}
10.0.0.0/24
[cloudshell-user@ip-10-134-1-141 ~]$
[cloudshell-user@ip-10-134-1-141 ~]$ # 第2アベイラビリティーゾーンのパブリックサブネットCIDRブロック
[cloudshell-user@ip-10-134-1-141 ~]$ AZ2_PUBLIC_CIDR_BLOCK="10.0.1.0/24" \
> && echo ${AZ2_PUBLIC_CIDR_BLOCK}
10.0.1.0/24
[cloudshell-user@ip-10-134-1-141 ~]$
[cloudshell-user@ip-10-134-1-141 ~]$ # 第1アベイラビリティーゾーンのプライベートサブネットCIDRブロック
[cloudshell-user@ip-10-134-1-141 ~]$ AZ1_PRIVATE_CIDR_BLOCK="10.0.2.0/24" \
> && echo ${AZ1_PRIVATE_CIDR_BLOCK}
10.0.2.0/24
[cloudshell-user@ip-10-134-1-141 ~]$
[cloudshell-user@ip-10-134-1-141 ~]$ # 第2アベイラビリティーゾーンのプライベートサブネットCIDRブロック
[cloudshell-user@ip-10-134-1-141 ~]$ AZ2_PRIVATE_CIDR_BLOCK="10.0.3.0/24" \
> && echo ${AZ2_PRIVATE_CIDR_BLOCK}
10.0.3.0/24
[cloudshell-user@ip-10-134-1-141 ~]$
[cloudshell-user@ip-10-134-1-141 ~]$ # 第1アベイラビリティーゾーンのパブリックサブネット名
[cloudshell-user@ip-10-134-1-141 ~]$ AZ1_PUBLIC_NAME="パブリックサブネット-1a" \
> && echo ${AZ1_PUBLIC_NAME}
パブリックサブネット-1a
[cloudshell-user@ip-10-134-1-141 ~]$
[cloudshell-user@ip-10-134-1-141 ~]$ # 第2アベイラビリティーゾーンのパブリックサブネット名
[cloudshell-user@ip-10-134-1-141 ~]$ AZ2_PUBLIC_NAME="パブリックサブネット-1c" \
> && echo ${AZ2_PUBLIC_NAME}
パブリックサブネット-1c
[cloudshell-user@ip-10-134-1-141 ~]$
[cloudshell-user@ip-10-134-1-141 ~]$ # 第1アベイラビリティーゾーンのプライベートサブネット名
[cloudshell-user@ip-10-134-1-141 ~]$ AZ1_PRIVATE_NAME="プライベートサブネット-1a" \
> && echo ${AZ1_PRIVATE_NAME}
プライベートサブネット-1a
[cloudshell-user@ip-10-134-1-141 ~]$
[cloudshell-user@ip-10-134-1-141 ~]$ # 第2アベイラビリティーゾーンのプライベートサブネット名
[cloudshell-user@ip-10-134-1-141 ~]$ AZ2_PRIVATE_NAME="プライベートサブネット-1c" \
> && echo ${AZ2_PRIVATE_NAME}
プライベートサブネット-1c
[cloudshell-user@ip-10-134-1-141 ~]$
[cloudshell-user@ip-10-134-1-141 ~]$ # インターネットゲートウェイ名
[cloudshell-user@ip-10-134-1-141 ~]$ INTERNET_GATEWAY_NAME=${VPC_NAME}-igw \
> && echo ${INTERNET_GATEWAY_NAME}
handson-user1-igw
[cloudshell-user@ip-10-134-1-141 ~]$
[cloudshell-user@ip-10-134-1-141 ~]$ # パブリックルートテーブル名
[cloudshell-user@ip-10-134-1-141 ~]$ PUBLIC_ROUTE_NAME=${VPC_NAME}-rtb-public \
> && echo ${PUBLIC_ROUTE_NAME}
handson-user1-rtb-public
[cloudshell-user@ip-10-134-1-141 ~]$ # デフォルトルート
[cloudshell-user@ip-10-134-1-141 ~]$ PUBLIC_ROUTE_DEFAULTROUTE='0.0.0.0/0' \
> && echo ${PUBLIC_ROUTE_DEFAULTROUTE}
0.0.0.0/0
VPC作成
作成
コマンド
aws ec2 create-vpc \
--cidr-block ${VPC_CIDR_BLOCK} \
--tag-specifications "ResourceType=vpc,Tags=[{Key=Name,Value=${VPC_NAME}}]"
出力
[cloudshell-user@ip-10-134-1-141 ~]$ aws ec2 create-vpc \
> --cidr-block ${VPC_CIDR_BLOCK} \
> --tag-specifications "ResourceType=vpc,Tags=[{Key=Name,Value=${VPC_NAME}}]"
{
"Vpc": {
"CidrBlock": "10.0.0.0/16",
"DhcpOptionsId": "dopt-0e7d97fbb33a62ce1",
"State": "pending",
"VpcId": "vpc-069134134e327d764",
"OwnerId": "999999999999",
"InstanceTenancy": "default",
"Ipv6CidrBlockAssociationSet": [],
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-06571a7a9609de652",
"CidrBlock": "10.0.0.0/16",
"CidrBlockState": {
"State": "associated"
}
}
],
"IsDefault": false,
"Tags": [
{
"Key": "Name",
"Value": "handson-user1"
}
]
}
}
ID取得
コマンド
VPC_ID=$( \
aws ec2 describe-vpcs \
--filters "Name=tag:Name,Values=${VPC_NAME}" \
--query "Vpcs[0].VpcId" \
--output text\
)\
&& echo ${VPC_ID}
出力
[cloudshell-user@ip-10-134-1-141 ~]$ VPC_ID=$( \
> aws ec2 describe-vpcs \
> --filters "Name=tag:Name,Values=${VPC_NAME}" \
> --query "Vpcs[0].VpcId" \
> --output text\
> )\
> && echo ${VPC_ID}
vpc-069134134e327d764
サブネット作成
第1アベイラビリティーゾーンのパブリックサブネット
コマンド
aws ec2 create-subnet \
--vpc-id ${VPC_ID} \
--cidr-block ${AZ1_PUBLIC_CIDR_BLOCK} \
--availability-zone ${AZ_1} \
--tag-specifications "ResourceType=subnet,Tags=[{Key=Name,Value=${AZ1_PUBLIC_NAME}}]"
出力
[cloudshell-user@ip-10-134-1-141 ~]$ aws ec2 create-subnet \
> --vpc-id ${VPC_ID} \
> --cidr-block ${AZ1_PUBLIC_CIDR_BLOCK} \
> --availability-zone ${AZ_1} \
> --tag-specifications "ResourceType=subnet,Tags=[{Key=Name,Value=${AZ1_PUBLIC_NAME}}]"
{
"Subnet": {
"AvailabilityZone": "ap-northeast-1a",
"AvailabilityZoneId": "apne1-az4",
"AvailableIpAddressCount": 251,
"CidrBlock": "10.0.0.0/24",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"State": "available",
"SubnetId": "subnet-04f5f25e6909a40fd",
"VpcId": "vpc-069134134e327d764",
"OwnerId": "999999999999",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"Tags": [
{
"Key": "Name",
"Value": "パブリックサブネット-1a"
}
],
"SubnetArn": "arn:aws:ec2:ap-northeast-1:999999999999:subnet/subnet-04f5f25e6909a40fd",
"EnableDns64": false,
"Ipv6Native": false,
"PrivateDnsNameOptionsOnLaunch": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": false,
"EnableResourceNameDnsAAAARecord": false
}
}
}
第2アベイラビリティーゾーンのパブリックサブネット
コマンド
aws ec2 create-subnet \
--vpc-id ${VPC_ID} \
--cidr-block ${AZ2_PUBLIC_CIDR_BLOCK} \
--availability-zone ${AZ_2} \
--tag-specifications "ResourceType=subnet,Tags=[{Key=Name,Value=${AZ2_PUBLIC_NAME}}]"
出力
[cloudshell-user@ip-10-134-1-141 ~]$ aws ec2 create-subnet \
> --vpc-id ${VPC_ID} \
> --cidr-block ${AZ2_PUBLIC_CIDR_BLOCK} \
> --availability-zone ${AZ_2} \
> --tag-specifications "ResourceType=subnet,Tags=[{Key=Name,Value=${AZ2_PUBLIC_NAME}}]"
{
"Subnet": {
"AvailabilityZone": "ap-northeast-1c",
"AvailabilityZoneId": "apne1-az1",
"AvailableIpAddressCount": 251,
"CidrBlock": "10.0.1.0/24",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"State": "available",
"SubnetId": "subnet-04bc427d5377b960e",
"VpcId": "vpc-069134134e327d764",
"OwnerId": "999999999999",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"Tags": [
{
"Key": "Name",
"Value": "パブリックサブネット-1c"
}
],
"SubnetArn": "arn:aws:ec2:ap-northeast-1:999999999999:subnet/subnet-04bc427d5377b960e",
"EnableDns64": false,
"Ipv6Native": false,
"PrivateDnsNameOptionsOnLaunch": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": false,
"EnableResourceNameDnsAAAARecord": false
}
}
}
第1アベイラビリティーゾーンのプライベートサブネット
コマンド
aws ec2 create-subnet \
--vpc-id ${VPC_ID} \
--cidr-block ${AZ1_PRIVATE_CIDR_BLOCK} \
--availability-zone ${AZ_1} \
--tag-specifications "ResourceType=subnet,Tags=[{Key=Name,Value=${AZ1_PRIVATE_NAME}}]"
出力
[cloudshell-user@ip-10-134-1-141 ~]$ aws ec2 create-subnet \
> --vpc-id ${VPC_ID} \
> --cidr-block ${AZ1_PRIVATE_CIDR_BLOCK} \
> --availability-zone ${AZ_1} \
> --tag-specifications "ResourceType=subnet,Tags=[{Key=Name,Value=${AZ1_PRIVATE_NAME}}]"
{
"Subnet": {
"AvailabilityZone": "ap-northeast-1a",
"AvailabilityZoneId": "apne1-az4",
"AvailableIpAddressCount": 251,
"CidrBlock": "10.0.2.0/24",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"State": "available",
"SubnetId": "subnet-0bf117b6d88abe777",
"VpcId": "vpc-069134134e327d764",
"OwnerId": "999999999999",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"Tags": [
{
"Key": "Name",
"Value": "プライベートサブネット-1a"
}
],
"SubnetArn": "arn:aws:ec2:ap-northeast-1:999999999999:subnet/subnet-0bf117b6d88abe777",
"EnableDns64": false,
"Ipv6Native": false,
"PrivateDnsNameOptionsOnLaunch": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": false,
"EnableResourceNameDnsAAAARecord": false
}
}
}
第2アベイラビリティーゾーンのプライベートサブネット
コマンド
aws ec2 create-subnet \
--vpc-id ${VPC_ID} \
--cidr-block ${AZ2_PRIVATE_CIDR_BLOCK} \
--availability-zone ${AZ_2} \
--tag-specifications "ResourceType=subnet,Tags=[{Key=Name,Value=${AZ2_PRIVATE_NAME}}]"
出力
[cloudshell-user@ip-10-134-1-141 ~]$ aws ec2 create-subnet \
> --vpc-id ${VPC_ID} \
> --cidr-block ${AZ2_PRIVATE_CIDR_BLOCK} \
> --availability-zone ${AZ_2} \
> --tag-specifications "ResourceType=subnet,Tags=[{Key=Name,Value=${AZ2_PRIVATE_NAME}}]"
{
"Subnet": {
"AvailabilityZone": "ap-northeast-1c",
"AvailabilityZoneId": "apne1-az1",
"AvailableIpAddressCount": 251,
"CidrBlock": "10.0.3.0/24",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"State": "available",
"SubnetId": "subnet-0324b1fccc0ae599f",
"VpcId": "vpc-069134134e327d764",
"OwnerId": "999999999999",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"Tags": [
{
"Key": "Name",
"Value": "プライベートサブネット-1c"
}
],
"SubnetArn": "arn:aws:ec2:ap-northeast-1:999999999999:subnet/subnet-0324b1fccc0ae599f",
"EnableDns64": false,
"Ipv6Native": false,
"PrivateDnsNameOptionsOnLaunch": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": false,
"EnableResourceNameDnsAAAARecord": false
}
}
}
ID取得
コマンド
# 第1アベイラビリティーゾーンのパブリックサブネット
AZ1_PUBLIC_ID=$( \
aws ec2 describe-subnets \
--filters Name=vpc-id,Values=${VPC_ID} \
Name=tag:Name,Values="${AZ1_PUBLIC_NAME}" \
--query "Subnets[].SubnetId" \
--output text \
) \
&& echo ${AZ1_PUBLIC_ID}
# 第2アベイラビリティーゾーンのパブリックサブネット
AZ2_PUBLIC_ID=$( \
aws ec2 describe-subnets \
--filters Name=vpc-id,Values=${VPC_ID} \
Name=tag:Name,Values="${AZ2_PUBLIC_NAME}" \
--query "Subnets[].SubnetId" \
--output text \
) \
&& echo ${AZ2_PUBLIC_ID}
# 第1アベイラビリティーゾーンのプライベートサブネット
AZ1_PRIVATE_ID=$( \
aws ec2 describe-subnets \
--filters Name=vpc-id,Values=${VPC_ID} \
Name=tag:Name,Values="${AZ1_PRIVATE_NAME}" \
--query "Subnets[].SubnetId" \
--output text \
) \
&& echo ${AZ1_PRIVATE_ID}
# 第2アベイラビリティーゾーンのプライベートサブネット
AZ2_PRIVATE_ID=$( \
aws ec2 describe-subnets \
--filters Name=vpc-id,Values=${VPC_ID} \
Name=tag:Name,Values="${AZ2_PRIVATE_NAME}" \
--query "Subnets[].SubnetId" \
--output text \
) \
&& echo ${AZ2_PRIVATE_ID}
出力
[cloudshell-user@ip-10-134-1-141 ~]$ # 第1アベイラビリティーゾーンのパブリックサブネット
[cloudshell-user@ip-10-134-1-141 ~]$ AZ1_PUBLIC_ID=$( \
> aws ec2 describe-subnets \
> --filters Name=vpc-id,Values=${VPC_ID} \
> Name=tag:Name,Values="${AZ1_PUBLIC_NAME}" \
> --query "Subnets[].SubnetId" \
> --output text \
> ) \
> && echo ${AZ1_PUBLIC_ID}
subnet-04f5f25e6909a40fd
[cloudshell-user@ip-10-134-1-141 ~]$
[cloudshell-user@ip-10-134-1-141 ~]$ # 第2アベイラビリティーゾーンのパブリックサブネット
[cloudshell-user@ip-10-134-1-141 ~]$ AZ2_PUBLIC_ID=$( \
> aws ec2 describe-subnets \
> --filters Name=vpc-id,Values=${VPC_ID} \
> Name=tag:Name,Values="${AZ2_PUBLIC_NAME}" \
> --query "Subnets[].SubnetId" \
> --output text \
> ) \
> && echo ${AZ2_PUBLIC_ID}
subnet-04bc427d5377b960e
[cloudshell-user@ip-10-134-1-141 ~]$
[cloudshell-user@ip-10-134-1-141 ~]$ # 第1アベイラビリティーゾーンのプライベートサブネット
[cloudshell-user@ip-10-134-1-141 ~]$ AZ1_PRIVATE_ID=$( \
> aws ec2 describe-subnets \
> --filters Name=vpc-id,Values=${VPC_ID} \
> Name=tag:Name,Values="${AZ1_PRIVATE_NAME}" \
> --query "Subnets[].SubnetId" \
> --output text \
> ) \
> && echo ${AZ1_PRIVATE_ID}
subnet-0bf117b6d88abe777
[cloudshell-user@ip-10-134-1-141 ~]$
[cloudshell-user@ip-10-134-1-141 ~]$ # 第2アベイラビリティーゾーンのプライベートサブネット
[cloudshell-user@ip-10-134-1-141 ~]$ AZ2_PRIVATE_ID=$( \
> aws ec2 describe-subnets \
> --filters Name=vpc-id,Values=${VPC_ID} \
> Name=tag:Name,Values="${AZ2_PRIVATE_NAME}" \
> --query "Subnets[].SubnetId" \
> --output text \
> ) \
> && echo ${AZ2_PRIVATE_ID}
subnet-0324b1fccc0ae599f
インターネットゲートウェイ
作成
コマンド
aws ec2 create-internet-gateway \
--tag-specifications "ResourceType=internet-gateway,Tags=[{Key=Name,Value=${INTERNET_GATEWAY_NAME}}]"
出力
[cloudshell-user@ip-10-134-1-141 ~]$ aws ec2 create-internet-gateway \
> --tag-specifications "ResourceType=internet-gateway,Tags=[{Key=Name,Value=${INTERNET_GATEWAY_NAME}}]"
{
"InternetGateway": {
"Attachments": [],
"InternetGatewayId": "igw-01707b8f3c610757f",
"OwnerId": "999999999999",
"Tags": [
{
"Key": "Name",
"Value": "handson-user1-igw"
}
]
}
}
ID取得
コマンド
INTERNET_GATEWAY_ID=$( \
aws ec2 describe-internet-gateways \
--filters Name=tag:Name,Values="${INTERNET_GATEWAY_NAME}" \
--query "InternetGateways[].InternetGatewayId" \
--output text
) \
&& echo ${INTERNET_GATEWAY_ID}
出力
[cloudshell-user@ip-10-134-1-141 ~]$ INTERNET_GATEWAY_ID=$( \
> aws ec2 describe-internet-gateways \
> --filters Name=tag:Name,Values="${INTERNET_GATEWAY_NAME}" \
> --query "InternetGateways[].InternetGatewayId" \
> --output text
> ) \
> && echo ${INTERNET_GATEWAY_ID}
igw-01707b8f3c610757f
VPCにアタッチ
コマンド
aws ec2 attach-internet-gateway \
--vpc-id ${VPC_ID} \
--internet-gateway-id ${INTERNET_GATEWAY_ID}
出力
[cloudshell-user@ip-10-134-1-141 ~]$ aws ec2 attach-internet-gateway \
> --vpc-id ${VPC_ID} \
> --internet-gateway-id ${INTERNET_GATEWAY_ID}
パブリックルートテーブル
作成
コマンド
aws ec2 create-route-table \
--vpc-id ${VPC_ID} \
--tag-specifications "ResourceType=route-table,Tags=[{Key=Name,Value=${PUBLIC_ROUTE_NAME}}]"
出力
[cloudshell-user@ip-10-134-1-141 ~]$ aws ec2 create-route-table \
> --vpc-id ${VPC_ID} \
> --tag-specifications "ResourceType=route-table,Tags=[{Key=Name,Value=${PUBLIC_ROUTE_NAME}}]"
{
"RouteTable": {
"Associations": [],
"PropagatingVgws": [],
"RouteTableId": "rtb-09bd656f899382523",
"Routes": [
{
"DestinationCidrBlock": "10.0.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "handson-user1-rtb-public"
}
],
"VpcId": "vpc-069134134e327d764",
"OwnerId": "999999999999"
},
"ClientToken": "7bb54df1-96d4-4b75-ab62-6423e44adea9"
}
ID取得
コマンド
PUBLIC_ROUTE_ID=$( \
aws ec2 describe-route-tables \
--filters Name=vpc-id,Values=${VPC_ID} \
Name=tag:Name,Values="${PUBLIC_ROUTE_NAME}" \
--query "RouteTables[].RouteTableId" \
--output text \
) \
&& echo ${PUBLIC_ROUTE_ID}
出力
[cloudshell-user@ip-10-134-1-141 ~]$ PUBLIC_ROUTE_ID=$( \
> aws ec2 describe-route-tables \
> --filters Name=vpc-id,Values=${VPC_ID} \
> Name=tag:Name,Values="${PUBLIC_ROUTE_NAME}" \
> --query "RouteTables[].RouteTableId" \
> --output text \
> ) \
> && echo ${PUBLIC_ROUTE_ID}
rtb-09bd656f899382523
デフォルトルート作成
コマンド
aws ec2 create-route \
--route-table-id ${PUBLIC_ROUTE_ID} \
--destination-cidr-block ${PUBLIC_ROUTE_DEFAULTROUTE} \
--gateway-id ${INTERNET_GATEWAY_ID}
出力
[cloudshell-user@ip-10-134-1-141 ~]$ aws ec2 create-route \
> --route-table-id ${PUBLIC_ROUTE_ID} \
> --destination-cidr-block ${PUBLIC_ROUTE_DEFAULTROUTE} \
> --gateway-id ${INTERNET_GATEWAY_ID}
{
"Return": true
}
サブネットの関連付け
コマンド
# 第1アベイラビリティーゾーンのパブリックサブネット
aws ec2 associate-route-table \
--subnet-id ${AZ1_PUBLIC_ID} \
--route-table-id ${PUBLIC_ROUTE_ID}
# 第2アベイラビリティーゾーンのパブリックサブネット
aws ec2 associate-route-table \
--subnet-id ${AZ2_PUBLIC_ID} \
--route-table-id ${PUBLIC_ROUTE_ID}
出力
[cloudshell-user@ip-10-134-1-141 ~]$ # 第1アベイラビリティーゾーンのパブリックサブネット
[cloudshell-user@ip-10-134-1-141 ~]$ aws ec2 associate-route-table \
> --subnet-id ${AZ1_PUBLIC_ID} \
> --route-table-id ${PUBLIC_ROUTE_ID}
{
"AssociationId": "rtbassoc-0af745f58ec2dbdf1",
"AssociationState": {
"State": "associated"
}
}
[cloudshell-user@ip-10-134-1-141 ~]$
[cloudshell-user@ip-10-134-1-141 ~]$ # 第2アベイラビリティーゾーンのパブリックサブネット
[cloudshell-user@ip-10-134-1-141 ~]$ aws ec2 associate-route-table \
> --subnet-id ${AZ2_PUBLIC_ID} \
> --route-table-id ${PUBLIC_ROUTE_ID}
{
"AssociationId": "rtbassoc-0ce33dbeb05459f02",
"AssociationState": {
"State": "associated"
}
}
2. Amazon EC2の作成
変数設定
コマンド
# EC2インスタンス名1
EC2_NAME_1='webserver#1-user1' \
&& echo ${EC2_NAME_1}
# EC2セキュリティグループ名
EC2_SECURITY_GROUP_NAME='web-user1' \
&& echo ${EC2_SECURITY_GROUP_NAME}
# EC2セキュリティグループ説明
EC2_SECURITY_GROUP_DESCRIPTION='web-user1' \
&& echo ${EC2_SECURITY_GROUP_DESCRIPTION}
出力
[cloudshell-user@ip-10-134-1-141 ~]$ # EC2インスタンス名1
[cloudshell-user@ip-10-134-1-141 ~]$ EC2_NAME_1='webserver#1-user1' \
> && echo ${EC2_NAME_1}
webserver#1-user1
[cloudshell-user@ip-10-134-1-141 ~]$
[cloudshell-user@ip-10-134-1-141 ~]$ # EC2セキュリティグループ名
[cloudshell-user@ip-10-134-1-141 ~]$ EC2_SECURITY_GROUP_NAME='web-user1' \
> && echo ${EC2_SECURITY_GROUP_NAME}
web-user1
[cloudshell-user@ip-10-134-1-141 ~]$
[cloudshell-user@ip-10-134-1-141 ~]$ # EC2セキュリティグループ説明
[cloudshell-user@ip-10-134-1-141 ~]$ EC2_SECURITY_GROUP_DESCRIPTION='web-user1' \
> && echo ${EC2_SECURITY_GROUP_DESCRIPTION}
web-user1
セキュリティグループ作成
作成
コマンド
aws ec2 create-security-group \
--group-name ${EC2_SECURITY_GROUP_NAME} \
--description ${EC2_SECURITY_GROUP_DESCRIPTION} \
--vpc-id ${VPC_ID}
出力
[cloudshell-user@ip-10-132-94-95 ~]$ aws ec2 create-security-group \
> --group-name ${EC2_SECURITY_GROUP_NAME} \
> --description ${EC2_SECURITY_GROUP_DESCRIPTION} \
> --vpc-id ${VPC_ID}
{
"GroupId": "sg-0a3c93993d20a0deb"
}
ID取得
コマンド
EC2_SECURITY_GROUP_ID=$( \
aws ec2 describe-security-groups \
--filters Name=vpc-id,Values=${VPC_ID} \
Name=group-name,Values=${EC2_SECURITY_GROUP_NAME} \
--query "SecurityGroups[].GroupId" \
--output text \
) \
&& echo ${EC2_SECURITY_GROUP_ID}
出力
[cloudshell-user@ip-10-132-94-95 ~]$ EC2_SECURITY_GROUP_ID=$( \
> aws ec2 describe-security-groups \
> --filters Name=vpc-id,Values=${VPC_ID} \
> Name=group-name,Values=${EC2_SECURITY_GROUP_NAME} \
> --query "SecurityGroups[].GroupId" \
> --output text \
> ) \
> && echo ${EC2_SECURITY_GROUP_ID}
sg-0a3c93993d20a0deb
ルール追加
コマンド
aws ec2 authorize-security-group-ingress \
--group-id ${EC2_SECURITY_GROUP_ID} \
--protocol tcp \
--port 22 \
--cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress \
--group-id ${EC2_SECURITY_GROUP_ID} \
--protocol tcp \
--port 80 \
--cidr 0.0.0.0/0
出力
[cloudshell-user@ip-10-132-94-95 ~]$ aws ec2 authorize-security-group-ingress \
> --group-id ${EC2_SECURITY_GROUP_ID} \
> --protocol tcp \
> --port 22 \
> --cidr 0.0.0.0/0
{
"Return": true,
"SecurityGroupRules": [
{
"SecurityGroupRuleId": "sgr-0087fbc413f62e8bc",
"GroupId": "sg-0a3c93993d20a0deb",
"GroupOwnerId": "999999999999",
"IsEgress": false,
"IpProtocol": "tcp",
"FromPort": 22,
"ToPort": 22,
"CidrIpv4": "0.0.0.0/0"
}
]
}
[cloudshell-user@ip-10-132-94-95 ~]$ aws ec2 authorize-security-group-ingress \
> --group-id ${EC2_SECURITY_GROUP_ID} \
> --protocol tcp \
> --port 80 \
> --cidr 0.0.0.0/0
{
"Return": true,
"SecurityGroupRules": [
{
"SecurityGroupRuleId": "sgr-0ff62ba736b57f11d",
"GroupId": "sg-0a3c93993d20a0deb",
"GroupOwnerId": "999999999999",
"IsEgress": false,
"IpProtocol": "tcp",
"FromPort": 80,
"ToPort": 80,
"CidrIpv4": "0.0.0.0/0"
}
]
}
EC2作成
ユーザーデータ作成(ヒアドキュメント)
※スクリプトはハンズオンから引用
コマンド
cat << 'EOF' > user_data.txt
#!/bin/bash
yum -y update
yum -y install php httpd mysql
PHP_VERSION=`php -v | head -n 1 | awk '{print $2}' | awk -F "." '{print $1}'`
while [ ${PHP_VERSION} -ne 7 ]
do
amazon-linux-extras install php7.4 -y
PHP_VERSION=`php -v | head -n 1 | awk '{print $2}' | awk -F "." '{print $1}'`
done
yum -y install php-mbstring php-xml
wget http://ja.wordpress.org/latest-ja.tar.gz -P /tmp/
tar zxvf /tmp/latest-ja.tar.gz -C /tmp
cp -r /tmp/wordpress/* /var/www/html/
chown apache:apache -R /var/www/html
systemctl enable httpd.service
systemctl start httpd.service
EOF
出力
[cloudshell-user@ip-10-132-94-95 ~]$ cat << 'EOF' > user_data.txt
> #!/bin/bash
>
> yum -y update
> yum -y install php httpd mysql
>
> PHP_VERSION=`php -v | head -n 1 | awk '{print $2}' | awk -F "." '{print $1}'`
> while [ ${PHP_VERSION} -ne 7 ]
> do
> amazon-linux-extras install php7.4 -y
> PHP_VERSION=`php -v | head -n 1 | awk '{print $2}' | awk -F "." '{print $1}'`
> done
>
> yum -y install php-mbstring php-xml
>
> wget http://ja.wordpress.org/latest-ja.tar.gz -P /tmp/
> tar zxvf /tmp/latest-ja.tar.gz -C /tmp
> cp -r /tmp/wordpress/* /var/www/html/
> chown apache:apache -R /var/www/html
>
> systemctl enable httpd.service
> systemctl start httpd.service
> EOF
作成
コマンド
aws ec2 run-instances \
--image-id resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 \
--instance-type t2.micro \
--security-group-ids ${EC2_SECURITY_GROUP_ID} \
--subnet-id ${AZ1_PUBLIC_ID} \
--associate-public-ip-address \
--user-data file://user_data.txt \
--tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=${EC2_NAME_1}}]"
出力
[cloudshell-user@ip-10-132-94-95 ~]$ aws ec2 run-instances \
> --image-id resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 \
> --instance-type t2.micro \
> --security-group-ids ${EC2_SECURITY_GROUP_ID} \
> --subnet-id ${AZ1_PUBLIC_ID} \
> --associate-public-ip-address \
> --user-data file://user_data.txt \
> --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=${EC2_NAME_1}}]"
{
"Groups": [],
"Instances": [
{
"AmiLaunchIndex": 0,
"ImageId": "ami-029dc392355a76964",
"InstanceId": "i-0ef1f8c47c0802907",
"InstanceType": "t2.micro",
"LaunchTime": "2024-06-16T01:59:48+00:00",
"Monitoring": {
"State": "disabled"
},
"Placement": {
"AvailabilityZone": "ap-northeast-1a",
"GroupName": "",
"Tenancy": "default"
},
"PrivateDnsName": "ip-10-0-0-52.ap-northeast-1.compute.internal",
"PrivateIpAddress": "10.0.0.52",
"ProductCodes": [],
"PublicDnsName": "",
"State": {
"Code": 0,
"Name": "pending"
},
"StateTransitionReason": "",
"SubnetId": "subnet-04f5f25e6909a40fd",
"VpcId": "vpc-069134134e327d764",
"Architecture": "x86_64",
"BlockDeviceMappings": [],
"ClientToken": "edddb040-ca24-496f-8450-0682bf11cb5a",
"EbsOptimized": false,
"EnaSupport": true,
"Hypervisor": "xen",
"NetworkInterfaces": [
{
"Attachment": {
"AttachTime": "2024-06-16T01:59:48+00:00",
"AttachmentId": "eni-attach-0b0b003cf225a610e",
"DeleteOnTermination": true,
"DeviceIndex": 0,
"Status": "attaching",
"NetworkCardIndex": 0
},
"Description": "",
"Groups": [
{
"GroupName": "web-user1",
"GroupId": "sg-0a3c93993d20a0deb"
}
],
"Ipv6Addresses": [],
"MacAddress": "06:ac:df:e3:61:3f",
"NetworkInterfaceId": "eni-046accac5b90173c1",
"OwnerId": "999999999999",
"PrivateIpAddress": "10.0.0.52",
"PrivateIpAddresses": [
{
"Primary": true,
"PrivateIpAddress": "10.0.0.52"
}
],
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "subnet-04f5f25e6909a40fd",
"VpcId": "vpc-069134134e327d764",
"InterfaceType": "interface"
}
],
"RootDeviceName": "/dev/xvda",
"RootDeviceType": "ebs",
"SecurityGroups": [
{
"GroupName": "web-user1",
"GroupId": "sg-0a3c93993d20a0deb"
}
],
"SourceDestCheck": true,
"StateReason": {
"Code": "pending",
"Message": "pending"
},
"Tags": [
{
"Key": "Name",
"Value": "webserver#1-user1"
}
],
"VirtualizationType": "hvm",
"CpuOptions": {
"CoreCount": 1,
"ThreadsPerCore": 1
},
"CapacityReservationSpecification": {
"CapacityReservationPreference": "open"
},
"MetadataOptions": {
"State": "pending",
"HttpTokens": "optional",
"HttpPutResponseHopLimit": 1,
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "disabled",
"InstanceMetadataTags": "disabled"
},
"EnclaveOptions": {
"Enabled": false
},
"PrivateDnsNameOptions": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": false,
"EnableResourceNameDnsAAAARecord": false
},
"MaintenanceOptions": {
"AutoRecovery": "default"
},
"CurrentInstanceBootMode": "legacy-bios"
}
],
"OwnerId": "999999999999",
"ReservationId": "r-051d34a8ac3ad4a5a"
}
ID取得
コマンド
EC2_ID_1=$( \
aws ec2 describe-instances \
--filters Name=tag:Name,Values=${EC2_NAME_1} \
--query "Reservations[*].Instances[*].[InstanceId]" \
--output text
) \
&& echo ${EC2_ID_1}
出力
[cloudshell-user@ip-10-132-94-95 ~]$ EC2_ID_1=$( \
> aws ec2 describe-instances \
> --filters Name=tag:Name,Values=${EC2_NAME_1} \
> --query "Reservations[*].Instances[*].[InstanceId]" \
> --output text
> ) \
> && echo ${EC2_ID_1}
i-0ef1f8c47c0802907
3. Amazon RDSの作成
変数設定
コマンド
# DBセキュリティグループ名
DB_SECURITY_GROUP_NAME='db-user1' \
&& echo ${DB_SECURITY_GROUP_NAME}
# DBセキュリティグループ説明
DB_SECURITY_GROUP_DESCRIPTION='RDS for MySQL' \
&& echo ${DB_SECURITY_GROUP_DESCRIPTION}
# サブネットグループ名
DB_SUBNET_NAME='db-subnet-user1' \
&& echo ${DB_SUBNET_NAME}
# サブネットグループ説明
DB_SUBNET_DESCRIPTION='RDS for MySQL' \
&& echo ${DB_SUBNET_DESCRIPTION}
# DB インスタンス識別子
DB_INSTANCE_IDENTIFIER='db-user1' \
&& echo ${DB_INSTANCE_IDENTIFIER}
# 最初のデータベース名
DB_NAME="wordpress" \
&& echo ${DB_NAME}
# インスタンスクラス
DB_INSTANCE_CLASS="db.t3.micro" \
&& echo ${DB_INSTANCE_CLASS}
# エンジンのタイプ
ENGINE="mysql" \
&& echo ${ENGINE}
# マスターユーザー名
MASTER_USERNAME="admin" \
&& echo ${MASTER_USERNAME}
# マスターパスワード
MASTER_USER_PASSWORD=$(< /dev/urandom tr -dc 'A-Za-z0-9' | head -c12) \
&& echo ${MASTER_USER_PASSWORD}
# ストレージ割り当て
ALLOCATED_STORAGE=20 \
&& echo ${ALLOCATED_STORAGE}
# 最大ストレージしきい値
MAX_ALLOCATED_STORAGE=1000 \
&& echo ${MAX_ALLOCATED_STORAGE}
出力
[cloudshell-user@ip-10-132-94-95 ~]$ # DBセキュリティグループ名
[cloudshell-user@ip-10-132-94-95 ~]$ DB_SECURITY_GROUP_NAME='db-user1' \
> && echo ${DB_SECURITY_GROUP_NAME}
db-user1
[cloudshell-user@ip-10-132-94-95 ~]$
[cloudshell-user@ip-10-132-94-95 ~]$ # DBセキュリティグループ説明
[cloudshell-user@ip-10-132-94-95 ~]$ DB_SECURITY_GROUP_DESCRIPTION='RDS for MySQL' \
> && echo ${DB_SECURITY_GROUP_DESCRIPTION}
RDS for MySQL
[cloudshell-user@ip-10-132-94-95 ~]$
[cloudshell-user@ip-10-132-94-95 ~]$ # サブネットグループ名
[cloudshell-user@ip-10-132-94-95 ~]$ DB_SUBNET_NAME='db-subnet-user1' \
> && echo ${DB_SUBNET_NAME}
db-subnet-user1
[cloudshell-user@ip-10-132-94-95 ~]$
[cloudshell-user@ip-10-132-94-95 ~]$ # サブネットグループ説明
[cloudshell-user@ip-10-132-94-95 ~]$ DB_SUBNET_DESCRIPTION='RDS for MySQL' \
> && echo ${DB_SUBNET_DESCRIPTION}
RDS for MySQL
[cloudshell-user@ip-10-132-94-95 ~]$
[cloudshell-user@ip-10-132-94-95 ~]$ # DB インスタンス識別子
[cloudshell-user@ip-10-132-94-95 ~]$ DB_INSTANCE_IDENTIFIER='db-user1' \
> && echo ${DB_INSTANCE_IDENTIFIER}
db-user1
[cloudshell-user@ip-10-132-94-95 ~]$
[cloudshell-user@ip-10-132-94-95 ~]$ # 最初のデータベース名
[cloudshell-user@ip-10-132-94-95 ~]$ DB_NAME="wordpress" \
> && echo ${DB_NAME}
wordpress
[cloudshell-user@ip-10-132-94-95 ~]$
[cloudshell-user@ip-10-132-94-95 ~]$ # インスタンスクラス
[cloudshell-user@ip-10-132-94-95 ~]$ DB_INSTANCE_CLASS="db.t3.micro" \
> && echo ${DB_INSTANCE_CLASS}
db.t3.micro
[cloudshell-user@ip-10-132-94-95 ~]$
[cloudshell-user@ip-10-132-94-95 ~]$ # エンジンのタイプ
[cloudshell-user@ip-10-132-94-95 ~]$ ENGINE="mysql" \
> && echo ${ENGINE}
mysql
[cloudshell-user@ip-10-132-94-95 ~]$
[cloudshell-user@ip-10-132-94-95 ~]$ # マスターユーザー名
[cloudshell-user@ip-10-132-94-95 ~]$ MASTER_USERNAME="admin" \
> && echo ${MASTER_USERNAME}
admin
[cloudshell-user@ip-10-132-94-95 ~]$
[cloudshell-user@ip-10-132-94-95 ~]$ # マスターパスワード
[cloudshell-user@ip-10-132-94-95 ~]$ MASTER_USER_PASSWORD=$(< /dev/urandom tr -dc 'A-Za-z0-9' | head -c12) \
> && echo ${MASTER_USER_PASSWORD}
yhWFTH780M4K
[cloudshell-user@ip-10-132-94-95 ~]$
[cloudshell-user@ip-10-132-94-95 ~]$ # ストレージ割り当て
[cloudshell-user@ip-10-132-94-95 ~]$ ALLOCATED_STORAGE=20 \
> && echo ${ALLOCATED_STORAGE}
20
[cloudshell-user@ip-10-132-94-95 ~]$
[cloudshell-user@ip-10-132-94-95 ~]$ # 最大ストレージしきい値
[cloudshell-user@ip-10-132-94-95 ~]$ MAX_ALLOCATED_STORAGE=1000 \
> && echo ${MAX_ALLOCATED_STORAGE}
1000
セキュリティグループ作成
作成
コマンド
aws ec2 create-security-group \
--group-name "${DB_SECURITY_GROUP_NAME}" \
--description "${DB_SECURITY_GROUP_DESCRIPTION}" \
--vpc-id ${VPC_ID}
出力
[cloudshell-user@ip-10-132-94-95 ~]$ aws ec2 create-security-group \
> --group-name "${DB_SECURITY_GROUP_NAME}" \
> --description "${DB_SECURITY_GROUP_DESCRIPTION}" \
> --vpc-id ${VPC_ID}
{
"GroupId": "sg-00a065607e5f7d245"
}
ID取得
コマンド
DB_SECURITY_GROUP_ID=$( \
aws ec2 describe-security-groups \
--filters Name=vpc-id,Values=${VPC_ID} \
Name=group-name,Values=${DB_SECURITY_GROUP_NAME} \
--query "SecurityGroups[].GroupId" \
--output text \
) \
&& echo ${DB_SECURITY_GROUP_ID}
出力
[cloudshell-user@ip-10-132-94-95 ~]$ DB_SECURITY_GROUP_ID=$( \
> aws ec2 describe-security-groups \
> --filters Name=vpc-id,Values=${VPC_ID} \
> Name=group-name,Values=${DB_SECURITY_GROUP_NAME} \
> --query "SecurityGroups[].GroupId" \
> --output text \
> ) \
> && echo ${DB_SECURITY_GROUP_ID}
sg-00a065607e5f7d245
ルール追加
コマンド
aws ec2 authorize-security-group-ingress \
--group-id ${DB_SECURITY_GROUP_ID} \
--protocol tcp \
--port 3306 \
--source-group ${EC2_SECURITY_GROUP_ID}
出力
[cloudshell-user@ip-10-132-94-95 ~]$ aws ec2 authorize-security-group-ingress \
> --group-id ${DB_SECURITY_GROUP_ID} \
> --protocol tcp \
> --port 3306 \
> --source-group ${EC2_SECURITY_GROUP_ID}
{
"Return": true,
"SecurityGroupRules": [
{
"SecurityGroupRuleId": "sgr-052ebbc8dd02ef727",
"GroupId": "sg-00a065607e5f7d245",
"GroupOwnerId": "999999999999",
"IsEgress": false,
"IpProtocol": "tcp",
"FromPort": 3306,
"ToPort": 3306,
"ReferencedGroupInfo": {
"GroupId": "sg-0a3c93993d20a0deb",
"UserId": "999999999999"
}
}
]
}
サブネットグループ作成
コマンド
aws rds create-db-subnet-group \
--db-subnet-group-name "${DB_SUBNET_NAME}" \
--db-subnet-group-description "${DB_SUBNET_DESCRIPTION}" \
--subnet-ids ${AZ1_PRIVATE_ID} ${AZ2_PRIVATE_ID}
出力
[cloudshell-user@ip-10-132-94-95 ~]$ aws rds create-db-subnet-group \
> --db-subnet-group-name "${DB_SUBNET_NAME}" \
> --db-subnet-group-description "${DB_SUBNET_DESCRIPTION}" \
> --subnet-ids ${AZ1_PRIVATE_ID} ${AZ2_PRIVATE_ID}
{
"DBSubnetGroup": {
"DBSubnetGroupName": "db-subnet-user1",
"DBSubnetGroupDescription": "RDS for MySQL",
"VpcId": "vpc-069134134e327d764",
"SubnetGroupStatus": "Complete",
"Subnets": [
{
"SubnetIdentifier": "subnet-0324b1fccc0ae599f",
"SubnetAvailabilityZone": {
"Name": "ap-northeast-1c"
},
"SubnetOutpost": {},
"SubnetStatus": "Active"
},
{
"SubnetIdentifier": "subnet-0bf117b6d88abe777",
"SubnetAvailabilityZone": {
"Name": "ap-northeast-1a"
},
"SubnetOutpost": {},
"SubnetStatus": "Active"
}
],
"DBSubnetGroupArn": "arn:aws:rds:ap-northeast-1:999999999999:subgrp:db-subnet-user1",
"SupportedNetworkTypes": [
"IPV4"
]
}
}
RDS作成
コマンド
aws rds create-db-instance \
--db-name ${DB_NAME} \
--db-instance-identifier ${DB_INSTANCE_IDENTIFIER} \
--allocated-storage ${ALLOCATED_STORAGE} \
--max-allocated-storage ${MAX_ALLOCATED_STORAGE} \
--storage-encrypted \
--db-instance-class ${DB_INSTANCE_CLASS} \
--engine ${ENGINE} \
--master-username ${MASTER_USERNAME} \
--master-user-password ${MASTER_USER_PASSWORD} \
--vpc-security-group-ids ${DB_SECURITY_GROUP_ID} \
--availability-zone ${AZ_1} \
--db-subnet-group-name ${DB_SUBNET_NAME} \
--backup-retention-period 0 \
--no-publicly-accessible
出力
[cloudshell-user@ip-10-132-94-95 ~]$ aws rds create-db-instance \
> --db-name ${DB_NAME} \
> --db-instance-identifier ${DB_INSTANCE_IDENTIFIER} \
> --allocated-storage ${ALLOCATED_STORAGE} \
> --max-allocated-storage ${MAX_ALLOCATED_STORAGE} \
> --storage-encrypted \
> --db-instance-class ${DB_INSTANCE_CLASS} \
> --engine ${ENGINE} \
> --master-username ${MASTER_USERNAME} \
> --master-user-password ${MASTER_USER_PASSWORD} \
> --vpc-security-group-ids ${DB_SECURITY_GROUP_ID} \
> --availability-zone ${AZ_1} \
> --db-subnet-group-name ${DB_SUBNET_NAME} \
> --backup-retention-period 0 \
> --no-publicly-accessible
{
"DBInstance": {
"DBInstanceIdentifier": "db-user1",
"DBInstanceClass": "db.t3.micro",
"Engine": "mysql",
"DBInstanceStatus": "creating",
"MasterUsername": "admin",
"DBName": "wordpress",
"AllocatedStorage": 20,
"PreferredBackupWindow": "19:23-19:53",
"BackupRetentionPeriod": 0,
"DBSecurityGroups": [],
"VpcSecurityGroups": [
{
"VpcSecurityGroupId": "sg-00a065607e5f7d245",
"Status": "active"
}
],
"DBParameterGroups": [
{
"DBParameterGroupName": "default.mysql8.0",
"ParameterApplyStatus": "in-sync"
}
],
"AvailabilityZone": "ap-northeast-1a",
"DBSubnetGroup": {
"DBSubnetGroupName": "db-subnet-user1",
"DBSubnetGroupDescription": "RDS for MySQL",
"VpcId": "vpc-069134134e327d764",
"SubnetGroupStatus": "Complete",
"Subnets": [
{
"SubnetIdentifier": "subnet-0324b1fccc0ae599f",
"SubnetAvailabilityZone": {
"Name": "ap-northeast-1c"
},
"SubnetOutpost": {},
"SubnetStatus": "Active"
},
{
"SubnetIdentifier": "subnet-0bf117b6d88abe777",
"SubnetAvailabilityZone": {
"Name": "ap-northeast-1a"
},
"SubnetOutpost": {},
"SubnetStatus": "Active"
}
]
},
"PreferredMaintenanceWindow": "sun:14:24-sun:14:54",
"PendingModifiedValues": {
"MasterUserPassword": "****"
},
"MultiAZ": false,
"EngineVersion": "8.0.35",
"AutoMinorVersionUpgrade": true,
"ReadReplicaDBInstanceIdentifiers": [],
"LicenseModel": "general-public-license",
"OptionGroupMemberships": [
{
"OptionGroupName": "default:mysql-8-0",
"Status": "in-sync"
}
],
"PubliclyAccessible": false,
"StorageType": "gp2",
"DbInstancePort": 0,
"StorageEncrypted": true,
"KmsKeyId": "arn:aws:kms:ap-northeast-1:999999999999:key/951b3fa0-aedb-4215-a2e6-9b7c2f5292e5",
"DbiResourceId": "db-VFUF2LFFPX5VT6FJ5ETFQN3VQY",
"CACertificateIdentifier": "rds-ca-rsa2048-g1",
"DomainMemberships": [],
"CopyTagsToSnapshot": false,
"MonitoringInterval": 0,
"DBInstanceArn": "arn:aws:rds:ap-northeast-1:999999999999:db:db-user1",
"IAMDatabaseAuthenticationEnabled": false,
"PerformanceInsightsEnabled": false,
"DeletionProtection": false,
"AssociatedRoles": [],
"MaxAllocatedStorage": 1000,
"TagList": [],
"CustomerOwnedIpEnabled": false,
"BackupTarget": "region",
"NetworkType": "IPV4",
"StorageThroughput": 0,
"CertificateDetails": {
"CAIdentifier": "rds-ca-rsa2048-g1"
},
"DedicatedLogVolume": false,
"EngineLifecycleSupport": "open-source-rds-extended-support"
}
}
4. ELBの作成
コマンド
# ELBセキュリティグループ名
ELB_SECURITY_GROUP_NAME='elb-user1' \
&& echo ${ELB_SECURITY_GROUP_NAME}
# DBセキュリティグループ説明
ELB_SECURITY_GROUP_DESCRIPTION='elb-user1' \
&& echo ${ELB_SECURITY_GROUP_DESCRIPTION}
# ターゲットタイプ
Target_GROUP_TYPE="instance" \
&& echo ${Target_GROUP_TYPE}
# ターゲットグループ名
Target_GROUP_NAME="target-user1" \
&& echo ${Target_GROUP_NAME}
# ターゲットグループ プロトコル
Target_GROUP_PROTOCOL="HTTP" \
&& echo ${Target_GROUP_PROTOCOL}
# ターゲットグループ ポート
Target_GROUP_PORT="80" \
&& echo ${Target_GROUP_PORT}
# ターゲットグループ プロトコルバージョン
Target_GROUP_PROTOCOLVERSION="HTTP1" \
&& echo ${Target_GROUP_PROTOCOLVERSION}
# ヘルスチェックプロトコル
HEALTH_CHECK_PROTOCOL="HTTP" \
&& echo ${HEALTH_CHECK_PROTOCOL}
# ヘルスチェックパス
HEALTH_CHECK_PATH="/wp-includes/images/blank.gif" \
&& echo ${HEALTH_CHECK_PATH}
# ロードバランサー名
LB_NAME="elb-user1" \
&& echo ${LB_NAME}
# リスナー プロトコル
LISTENER_PROTOCOL="HTTP" \
&& echo ${LISTENER_PROTOCOL}
# リスナー ポート
LISTENER_PORT="80" \
&& echo ${LISTENER_PORT}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ # ELBセキュリティグループ名
[cloudshell-user@ip-10-132-69-166 ~]$ ELB_SECURITY_GROUP_NAME='elb-user1' \
> && echo ${ELB_SECURITY_GROUP_NAME}
elb-user1
[cloudshell-user@ip-10-132-69-166 ~]$
[cloudshell-user@ip-10-132-69-166 ~]$ # DBセキュリティグループ説明
[cloudshell-user@ip-10-132-69-166 ~]$ ELB_SECURITY_GROUP_DESCRIPTION='elb-user1' \
> && echo ${ELB_SECURITY_GROUP_DESCRIPTION}
elb-user1
[cloudshell-user@ip-10-132-69-166 ~]$
[cloudshell-user@ip-10-132-69-166 ~]$ # ターゲットタイプ
[cloudshell-user@ip-10-132-69-166 ~]$ Target_GROUP_TYPE="instance" \
> && echo ${Target_GROUP_TYPE}
instance
[cloudshell-user@ip-10-132-69-166 ~]$
[cloudshell-user@ip-10-132-69-166 ~]$ # ターゲットグループ名
[cloudshell-user@ip-10-132-69-166 ~]$ Target_GROUP_NAME="target-user1" \
> && echo ${Target_GROUP_NAME}
target-user1
[cloudshell-user@ip-10-132-69-166 ~]$
[cloudshell-user@ip-10-132-69-166 ~]$ # ターゲットグループ プロトコル
[cloudshell-user@ip-10-132-69-166 ~]$ Target_GROUP_PROTOCOL="HTTP" \
> && echo ${Target_GROUP_PROTOCOL}
HTTP
[cloudshell-user@ip-10-132-69-166 ~]$
[cloudshell-user@ip-10-132-69-166 ~]$ # ターゲットグループ ポート
[cloudshell-user@ip-10-132-69-166 ~]$ Target_GROUP_PORT="80" \
> && echo ${Target_GROUP_PORT}
80
[cloudshell-user@ip-10-132-69-166 ~]$
[cloudshell-user@ip-10-132-69-166 ~]$ # ターゲットグループ プロトコルバージョン
[cloudshell-user@ip-10-132-69-166 ~]$ Target_GROUP_PROTOCOLVERSION="HTTP1" \
> && echo ${Target_GROUP_PROTOCOLVERSION}
HTTP1
[cloudshell-user@ip-10-132-69-166 ~]$
[cloudshell-user@ip-10-132-69-166 ~]$ # ヘルスチェックプロトコル
[cloudshell-user@ip-10-132-69-166 ~]$ HEALTH_CHECK_PROTOCOL="HTTP" \
> && echo ${HEALTH_CHECK_PROTOCOL}
HTTP
[cloudshell-user@ip-10-132-69-166 ~]$
[cloudshell-user@ip-10-132-69-166 ~]$ # ヘルスチェックパス
[cloudshell-user@ip-10-132-69-166 ~]$ HEALTH_CHECK_PATH="/wp-includes/images/blank.gif" \
> && echo ${HEALTH_CHECK_PATH}
/wp-includes/images/blank.gif
[cloudshell-user@ip-10-132-69-166 ~]$
[cloudshell-user@ip-10-132-69-166 ~]$ # ロードバランサー名
[cloudshell-user@ip-10-132-69-166 ~]$ LB_NAME="elb-user1" \
> && echo ${LB_NAME}
elb-user1
[cloudshell-user@ip-10-132-69-166 ~]$
[cloudshell-user@ip-10-132-69-166 ~]$ # リスナー プロトコル
[cloudshell-user@ip-10-132-69-166 ~]$ LISTENER_PROTOCOL="HTTP" \
> && echo ${LISTENER_PROTOCOL}
HTTP
[cloudshell-user@ip-10-132-69-166 ~]$
[cloudshell-user@ip-10-132-69-166 ~]$ # リスナー ポート
[cloudshell-user@ip-10-132-69-166 ~]$ LISTENER_PORT="80" \
> && echo ${LISTENER_PORT}
80
セキュリティグループ作成
作成
コマンド
aws ec2 create-security-group \
--group-name ${ELB_SECURITY_GROUP_NAME} \
--description ${ELB_SECURITY_GROUP_DESCRIPTION} \
--vpc-id ${VPC_ID}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws ec2 create-security-group \
> --group-name ${ELB_SECURITY_GROUP_NAME} \
> --description ${ELB_SECURITY_GROUP_DESCRIPTION} \
> --vpc-id ${VPC_ID}
{
"GroupId": "sg-08397d5cd87ce3ea4"
}
ID取得
コマンド
ELB_SECURITY_GROUP_ID=$( \
aws ec2 describe-security-groups \
--filters Name=vpc-id,Values=${VPC_ID} \
Name=group-name,Values=${ELB_SECURITY_GROUP_NAME} \
--query "SecurityGroups[].GroupId" \
--output text \
) \
&& echo ${ELB_SECURITY_GROUP_ID}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ ELB_SECURITY_GROUP_ID=$( \
> aws ec2 describe-security-groups \
> --filters Name=vpc-id,Values=${VPC_ID} \
> Name=group-name,Values=${ELB_SECURITY_GROUP_NAME} \
> --query "SecurityGroups[].GroupId" \
> --output text \
> ) \
> && echo ${ELB_SECURITY_GROUP_ID}
sg-08397d5cd87ce3ea4
ルール追加
コマンド
aws ec2 authorize-security-group-ingress \
--group-id ${ELB_SECURITY_GROUP_ID} \
--protocol tcp \
--port 80 \
--cidr 0.0.0.0/0
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws ec2 authorize-security-group-ingress \
> --group-id ${ELB_SECURITY_GROUP_ID} \
> --protocol tcp \
> --port 80 \
> --cidr 0.0.0.0/0
{
"Return": true,
"SecurityGroupRules": [
{
"SecurityGroupRuleId": "sgr-046b236995cdc3a93",
"GroupId": "sg-08397d5cd87ce3ea4",
"GroupOwnerId": "999999999999",
"IsEgress": false,
"IpProtocol": "tcp",
"FromPort": 80,
"ToPort": 80,
"CidrIpv4": "0.0.0.0/0"
}
]
}
ターゲットグループ作成
作成
コマンド
aws elbv2 create-target-group \
--name ${Target_GROUP_NAME} \
--protocol ${Target_GROUP_PROTOCOL} \
--port ${Target_GROUP_PORT} \
--vpc-id ${VPC_ID} \
--target-type ${Target_GROUP_TYPE} \
--health-check-protocol ${HEALTH_CHECK_PROTOCOL} \
--health-check-path ${HEALTH_CHECK_PATH}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws elbv2 create-target-group \
> --name ${Target_GROUP_NAME} \
> --protocol ${Target_GROUP_PROTOCOL} \
> --port ${Target_GROUP_PORT} \
> --vpc-id ${VPC_ID} \
> --target-type ${Target_GROUP_TYPE} \
> --health-check-protocol ${HEALTH_CHECK_PROTOCOL} \
> --health-check-path ${HEALTH_CHECK_PATH}
{
"TargetGroups": [
{
"TargetGroupArn": "arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:targetgroup/target-user1/df889a1031369dbb",
"TargetGroupName": "target-user1",
"Protocol": "HTTP",
"Port": 80,
"VpcId": "vpc-069134134e327d764",
"HealthCheckProtocol": "HTTP",
"HealthCheckPort": "traffic-port",
"HealthCheckEnabled": true,
"HealthCheckIntervalSeconds": 30,
"HealthCheckTimeoutSeconds": 5,
"HealthyThresholdCount": 5,
"UnhealthyThresholdCount": 2,
"HealthCheckPath": "/wp-includes/images/blank.gif",
"Matcher": {
"HttpCode": "200"
},
"TargetType": "instance",
"ProtocolVersion": "HTTP1",
"IpAddressType": "ipv4"
}
]
}
ARN取得
コマンド
TARGET_GROUP_ARN=$(
aws elbv2 describe-target-groups \
--names $TARGET_GROUP_NAME \
--query 'TargetGroups[*].TargetGroupArn' \
--output text
) \
&& echo ${TARGET_GROUP_ARN}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ TARGET_GROUP_ARN=$(
> aws elbv2 describe-target-groups \
> --names $TARGET_GROUP_NAME \
> --query 'TargetGroups[*].TargetGroupArn' \
> --output text
> ) \
> && echo ${TARGET_GROUP_ARN}
arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:targetgroup/target-user1/df889a1031369dbb
ターゲットの登録
コマンド
aws elbv2 register-targets \
--target-group-arn ${TARGET_GROUP_ARN} \
--targets Id=${EC2_ID_1}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws elbv2 register-targets \
> --target-group-arn ${TARGET_GROUP_ARN} \
> --targets Id=${EC2_ID_1}
ロードバランサー作成
作成
コマンド
aws elbv2 create-load-balancer \
--name ${LB_NAME} \
--type application \
--scheme internet-facing \
--ip-address-type ipv4 \
--subnets ${AZ1_PUBLIC_ID} ${AZ2_PUBLIC_ID} \
--security-groups ${ELB_SECURITY_GROUP_ID}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws elbv2 create-load-balancer \
> --name ${LB_NAME} \
> --type application \
> --scheme internet-facing \
> --ip-address-type ipv4 \
> --subnets ${AZ1_PUBLIC_ID} ${AZ2_PUBLIC_ID} \
> --security-groups ${ELB_SECURITY_GROUP_ID}
{
"LoadBalancers": [
{
"LoadBalancerArn": "arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:loadbalancer/app/elb-user1/0b8fa9ac15e1161e",
"DNSName": "elb-user1-99595779.ap-northeast-1.elb.amazonaws.com",
"CanonicalHostedZoneId": "Z14GRHDCWA56QT",
"CreatedTime": "2024-06-16T10:05:20+00:00",
"LoadBalancerName": "elb-user1",
"Scheme": "internet-facing",
"VpcId": "vpc-069134134e327d764",
"State": {
"Code": "provisioning"
},
"Type": "application",
"AvailabilityZones": [
{
"ZoneName": "ap-northeast-1c",
"SubnetId": "subnet-04bc427d5377b960e",
"LoadBalancerAddresses": []
},
{
"ZoneName": "ap-northeast-1a",
"SubnetId": "subnet-04f5f25e6909a40fd",
"LoadBalancerAddresses": []
}
],
"SecurityGroups": [
"sg-08397d5cd87ce3ea4"
],
"IpAddressType": "ipv4"
}
]
}
ARN取得
コマンド
LB_ARN=$(
aws elbv2 describe-load-balancers \
--names ${LB_NAME} \
--query 'LoadBalancers[*].LoadBalancerArn' \
--output text
) \
&& echo ${LB_ARN}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ LB_ARN=$(
> aws elbv2 describe-load-balancers \
> --names ${LB_NAME} \
> --query 'LoadBalancers[*].LoadBalancerArn' \
> --output text
> ) \
> && echo ${LB_ARN}
arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:loadbalancer/app/elb-user1/0b8fa9ac15e1161e
リスナーの追加
コマンド
aws elbv2 create-listener \
--load-balancer-arn ${LB_ARN} \
--protocol ${LISTENER_PROTOCOL} \
--port ${LISTENER_PORT} \
--default-actions Type=forward,TargetGroupArn=${TARGET_GROUP_ARN}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws elbv2 create-listener \
> --load-balancer-arn ${LB_ARN} \
> --protocol ${LISTENER_PROTOCOL} \
> --port ${LISTENER_PORT} \
> --default-actions Type=forward,TargetGroupArn=${TARGET_GROUP_ARN}
{
"Listeners": [
{
"ListenerArn": "arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:listener/app/elb-user1/0b8fa9ac15e1161e/55d5b6ee537e8e35",
"LoadBalancerArn": "arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:loadbalancer/app/elb-user1/0b8fa9ac15e1161e",
"Port": 80,
"Protocol": "HTTP",
"DefaultActions": [
{
"Type": "forward",
"TargetGroupArn": "arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:targetgroup/target-user1/df889a1031369dbb",
"ForwardConfig": {
"TargetGroups": [
{
"TargetGroupArn": "arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:targetgroup/target-user1/df889a1031369dbb",
"Weight": 1
}
],
"TargetGroupStickinessConfig": {
"Enabled": false
}
}
}
]
}
]
}
5. WordPressの初期設定
WebUIからの設定のため省略
6. AMIの作成
変数設定
コマンド
# イメージ名
AMI_NAME='wordpress-user1' \
&& echo ${AMI_NAME}
出力
[cloudshell-user@ip-10-132-94-95 ~]$ # イメージ名
[cloudshell-user@ip-10-132-94-95 ~]$ AMI_NAME='wordpress-user1' \
> && echo ${AMI_NAME}
wordpress-user1
作成
AMI作成
コマンド
aws ec2 create-image \
--instance-id ${EC2_ID_1} \
--name "${AMI_NAME}"
出力
[cloudshell-user@ip-10-132-94-95 ~]$ aws ec2 create-image \
> --instance-id ${EC2_ID_1} \
> --name "${AMI_NAME}"
{
"ImageId": "ami-00ae51c144bb0fe98"
}
ID取得
コマンド
IMAGE_ID=$(
aws ec2 describe-images \
--filters "Name=name,Values=${AMI_NAME}" \
--query 'Images[0].ImageId' \
--output text
) \
&& echo ${IMAGE_ID}
出力
[cloudshell-user@ip-10-132-94-95 ~]$ IMAGE_ID=$(
> aws ec2 describe-images \
> --filters "Name=name,Values=${AMI_NAME}" \
> --query 'Images[0].ImageId' \
> --output text
> ) \
> && echo ${IMAGE_ID}
ami-00ae51c144bb0fe98
7. EC2作成
変数設定
コマンド
# EC2インスタンス名2
EC2_NAME_2='webserver#2-user1' \
&& echo ${EC2_NAME_2}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ # EC2インスタンス名2
[cloudshell-user@ip-10-132-69-166 ~]$ EC2_NAME_2='webserver#2-user1' \
> && echo ${EC2_NAME_2}
webserver#2-user1
作成
EC2作成
コマンド
aws ec2 run-instances \
--image-id ${IMAGE_ID} \
--instance-type t2.micro \
--security-group-ids ${EC2_SECURITY_GROUP_ID} \
--subnet-id ${AZ2_PUBLIC_ID} \
--associate-public-ip-address \
--tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=${EC2_NAME_2}}]"
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws ec2 run-instances \
> --image-id ${IMAGE_ID} \
> --instance-type t2.micro \
> --security-group-ids ${EC2_SECURITY_GROUP_ID} \
> --subnet-id ${AZ2_PUBLIC_ID} \
> --associate-public-ip-address \
> --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=${EC2_NAME_2}}]"
{
"Groups": [],
"Instances": [
{
"AmiLaunchIndex": 0,
"ImageId": "ami-00ae51c144bb0fe98",
"InstanceId": "i-00fcdbfef91aedeff",
"InstanceType": "t2.micro",
"LaunchTime": "2024-06-16T10:15:23+00:00",
"Monitoring": {
"State": "disabled"
},
"Placement": {
"AvailabilityZone": "ap-northeast-1c",
"GroupName": "",
"Tenancy": "default"
},
"PrivateDnsName": "ip-10-0-1-77.ap-northeast-1.compute.internal",
"PrivateIpAddress": "10.0.1.77",
"ProductCodes": [],
"PublicDnsName": "",
"State": {
"Code": 0,
"Name": "pending"
},
"StateTransitionReason": "",
"SubnetId": "subnet-04bc427d5377b960e",
"VpcId": "vpc-069134134e327d764",
"Architecture": "x86_64",
"BlockDeviceMappings": [],
"ClientToken": "174ad3af-8852-44cf-b0d1-9ea85501c2da",
"EbsOptimized": false,
"EnaSupport": true,
"Hypervisor": "xen",
"NetworkInterfaces": [
{
"Attachment": {
"AttachTime": "2024-06-16T10:15:23+00:00",
"AttachmentId": "eni-attach-0847c10c2a8c85f86",
"DeleteOnTermination": true,
"DeviceIndex": 0,
"Status": "attaching",
"NetworkCardIndex": 0
},
"Description": "",
"Groups": [
{
"GroupName": "web-user1",
"GroupId": "sg-0a3c93993d20a0deb"
}
],
"Ipv6Addresses": [],
"MacAddress": "0a:a3:35:36:fd:9f",
"NetworkInterfaceId": "eni-0a4d6556871b44019",
"OwnerId": "999999999999",
"PrivateIpAddress": "10.0.1.77",
"PrivateIpAddresses": [
{
"Primary": true,
"PrivateIpAddress": "10.0.1.77"
}
],
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "subnet-04bc427d5377b960e",
"VpcId": "vpc-069134134e327d764",
"InterfaceType": "interface"
}
],
"RootDeviceName": "/dev/xvda",
"RootDeviceType": "ebs",
"SecurityGroups": [
{
"GroupName": "web-user1",
"GroupId": "sg-0a3c93993d20a0deb"
}
],
"SourceDestCheck": true,
"StateReason": {
"Code": "pending",
"Message": "pending"
},
"Tags": [
{
"Key": "Name",
"Value": "webserver#2-user1"
}
],
"VirtualizationType": "hvm",
"CpuOptions": {
"CoreCount": 1,
"ThreadsPerCore": 1
},
"CapacityReservationSpecification": {
"CapacityReservationPreference": "open"
},
"MetadataOptions": {
"State": "pending",
"HttpTokens": "optional",
"HttpPutResponseHopLimit": 1,
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "disabled",
"InstanceMetadataTags": "disabled"
},
"EnclaveOptions": {
"Enabled": false
},
"PrivateDnsNameOptions": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": false,
"EnableResourceNameDnsAAAARecord": false
},
"MaintenanceOptions": {
"AutoRecovery": "default"
},
"CurrentInstanceBootMode": "legacy-bios"
}
],
"OwnerId": "999999999999",
"ReservationId": "r-08d733676570f5855"
}
ID取得
コマンド
EC2_ID_2=$( \
aws ec2 describe-instances \
--filters Name=tag:Name,Values=${EC2_NAME_2} \
--query "Reservations[*].Instances[*].[InstanceId]" \
--output text
) \
&& echo ${EC2_ID_2}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ EC2_ID_2=$( \
> aws ec2 describe-instances \
> --filters Name=tag:Name,Values=${EC2_NAME_2} \
> --query "Reservations[*].Instances[*].[InstanceId]" \
> --output text
> ) \
> && echo ${EC2_ID_2}
i-00fcdbfef91aedeff
8. 2つ目のEC2インスタンスをELBに登録
作成
ターゲットの登録
コマンド
aws elbv2 register-targets \
--target-group-arn ${TARGET_GROUP_ARN} \
--targets Id=${EC2_ID_2}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws elbv2 register-targets \
> --target-group-arn ${TARGET_GROUP_ARN} \
> --targets Id=${EC2_ID_2}
9. RDSインスタンスのマルチAZ化
変更
RDS変更
コマンド
aws rds modify-db-instance \
--db-instance-identifier ${DB_INSTANCE_IDENTIFIER} \
--multi-az \
--apply-immediately
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws rds modify-db-instance \
> --db-instance-identifier ${DB_INSTANCE_IDENTIFIER} \
> --multi-az \
> --apply-immediately
{
"DBInstance": {
"DBInstanceIdentifier": "db-user1",
"DBInstanceClass": "db.t3.micro",
"Engine": "mysql",
"DBInstanceStatus": "available",
"MasterUsername": "admin",
"DBName": "wordpress",
"Endpoint": {
"Address": "db-user1.clacqicsiqrt.ap-northeast-1.rds.amazonaws.com",
"Port": 3306,
"HostedZoneId": "Z24O6O9L7SGTNB"
},
"AllocatedStorage": 20,
"InstanceCreateTime": "2024-06-16T04:43:22.079000+00:00",
"PreferredBackupWindow": "19:23-19:53",
"BackupRetentionPeriod": 0,
"DBSecurityGroups": [],
"VpcSecurityGroups": [
{
"VpcSecurityGroupId": "sg-00a065607e5f7d245",
"Status": "active"
}
],
"DBParameterGroups": [
{
"DBParameterGroupName": "default.mysql8.0",
"ParameterApplyStatus": "in-sync"
}
],
"AvailabilityZone": "ap-northeast-1a",
"DBSubnetGroup": {
"DBSubnetGroupName": "db-subnet-user1",
"DBSubnetGroupDescription": "RDS for MySQL",
"VpcId": "vpc-069134134e327d764",
"SubnetGroupStatus": "Complete",
"Subnets": [
{
"SubnetIdentifier": "subnet-0324b1fccc0ae599f",
"SubnetAvailabilityZone": {
"Name": "ap-northeast-1c"
},
"SubnetOutpost": {},
"SubnetStatus": "Active"
},
{
"SubnetIdentifier": "subnet-0bf117b6d88abe777",
"SubnetAvailabilityZone": {
"Name": "ap-northeast-1a"
},
"SubnetOutpost": {},
"SubnetStatus": "Active"
}
]
},
"PreferredMaintenanceWindow": "sun:14:24-sun:14:54",
"PendingModifiedValues": {
"MultiAZ": true
},
"MultiAZ": false,
"EngineVersion": "8.0.35",
"AutoMinorVersionUpgrade": true,
"ReadReplicaDBInstanceIdentifiers": [],
"LicenseModel": "general-public-license",
"OptionGroupMemberships": [
{
"OptionGroupName": "default:mysql-8-0",
"Status": "in-sync"
}
],
"PubliclyAccessible": false,
"StorageType": "gp2",
"DbInstancePort": 0,
"StorageEncrypted": true,
"KmsKeyId": "arn:aws:kms:ap-northeast-1:999999999999:key/951b3fa0-aedb-4215-a2e6-9b7c2f5292e5",
"DbiResourceId": "db-VFUF2LFFPX5VT6FJ5ETFQN3VQY",
"CACertificateIdentifier": "rds-ca-rsa2048-g1",
"DomainMemberships": [],
"CopyTagsToSnapshot": false,
"MonitoringInterval": 0,
"DBInstanceArn": "arn:aws:rds:ap-northeast-1:999999999999:db:db-user1",
"IAMDatabaseAuthenticationEnabled": false,
"PerformanceInsightsEnabled": false,
"DeletionProtection": false,
"AssociatedRoles": [],
"MaxAllocatedStorage": 1000,
"TagList": [],
"CustomerOwnedIpEnabled": false,
"BackupTarget": "region",
"NetworkType": "IPV4",
"StorageThroughput": 0,
"CertificateDetails": {
"CAIdentifier": "rds-ca-rsa2048-g1",
"ValidTill": "2025-06-16T04:42:31+00:00"
},
"DedicatedLogVolume": false,
"EngineLifecycleSupport": "open-source-rds-extended-support"
}
}
10. EC2インスタンスを1つ停止させ、全体の可用性の確認
停止
コマンド
aws ec2 stop-instances --instance-ids ${EC2_ID_1}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws ec2 stop-instances --instance-ids ${EC2_ID_1}
{
"StoppingInstances": [
{
"CurrentState": {
"Code": 64,
"Name": "stopping"
},
"InstanceId": "i-0ef1f8c47c0802907",
"PreviousState": {
"Code": 16,
"Name": "running"
}
}
]
}
開始
コマンド
aws ec2 start-instances --instance-ids ${EC2_ID_1}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws ec2 start-instances --instance-ids ${EC2_ID_1}
{
"StartingInstances": [
{
"CurrentState": {
"Code": 0,
"Name": "pending"
},
"InstanceId": "i-0ef1f8c47c0802907",
"PreviousState": {
"Code": 80,
"Name": "stopped"
}
}
]
}
11. RDSインスタンスのフェイルオーバーを行い、全体の可用性を確認
コマンド
aws rds reboot-db-instance \
--db-instance-identifier ${DB_INSTANCE_IDENTIFIER} \
--force-failover
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws rds reboot-db-instance \
> --db-instance-identifier ${DB_INSTANCE_IDENTIFIER} \
> --force-failover
{
"DBInstance": {
"DBInstanceIdentifier": "db-user1",
"DBInstanceClass": "db.t3.micro",
"Engine": "mysql",
"DBInstanceStatus": "rebooting",
"MasterUsername": "admin",
"DBName": "wordpress",
"Endpoint": {
"Address": "db-user1.clacqicsiqrt.ap-northeast-1.rds.amazonaws.com",
"Port": 3306,
"HostedZoneId": "Z24O6O9L7SGTNB"
},
"AllocatedStorage": 20,
"InstanceCreateTime": "2024-06-16T04:43:22.079000+00:00",
"PreferredBackupWindow": "19:23-19:53",
"BackupRetentionPeriod": 0,
"DBSecurityGroups": [],
"VpcSecurityGroups": [
{
"VpcSecurityGroupId": "sg-00a065607e5f7d245",
"Status": "active"
}
],
"DBParameterGroups": [
{
"DBParameterGroupName": "default.mysql8.0",
"ParameterApplyStatus": "in-sync"
}
],
"AvailabilityZone": "ap-northeast-1a",
"DBSubnetGroup": {
"DBSubnetGroupName": "db-subnet-user1",
"DBSubnetGroupDescription": "RDS for MySQL",
"VpcId": "vpc-069134134e327d764",
"SubnetGroupStatus": "Complete",
"Subnets": [
{
"SubnetIdentifier": "subnet-0324b1fccc0ae599f",
"SubnetAvailabilityZone": {
"Name": "ap-northeast-1c"
},
"SubnetOutpost": {},
"SubnetStatus": "Active"
},
{
"SubnetIdentifier": "subnet-0bf117b6d88abe777",
"SubnetAvailabilityZone": {
"Name": "ap-northeast-1a"
},
"SubnetOutpost": {},
"SubnetStatus": "Active"
}
]
},
"PreferredMaintenanceWindow": "sun:14:24-sun:14:54",
"PendingModifiedValues": {},
"MultiAZ": true,
"EngineVersion": "8.0.35",
"AutoMinorVersionUpgrade": true,
"ReadReplicaDBInstanceIdentifiers": [],
"LicenseModel": "general-public-license",
"OptionGroupMemberships": [
{
"OptionGroupName": "default:mysql-8-0",
"Status": "in-sync"
}
],
"SecondaryAvailabilityZone": "ap-northeast-1c",
"PubliclyAccessible": false,
"StorageType": "gp2",
"DbInstancePort": 0,
"StorageEncrypted": true,
"KmsKeyId": "arn:aws:kms:ap-northeast-1:999999999999:key/951b3fa0-aedb-4215-a2e6-9b7c2f5292e5",
"DbiResourceId": "db-VFUF2LFFPX5VT6FJ5ETFQN3VQY",
"CACertificateIdentifier": "rds-ca-rsa2048-g1",
"DomainMemberships": [],
"CopyTagsToSnapshot": false,
"MonitoringInterval": 0,
"DBInstanceArn": "arn:aws:rds:ap-northeast-1:999999999999:db:db-user1",
"IAMDatabaseAuthenticationEnabled": false,
"PerformanceInsightsEnabled": false,
"DeletionProtection": false,
"AssociatedRoles": [],
"MaxAllocatedStorage": 1000,
"TagList": [],
"CustomerOwnedIpEnabled": false,
"BackupTarget": "region",
"NetworkType": "IPV4",
"StorageThroughput": 0,
"CertificateDetails": {
"CAIdentifier": "rds-ca-rsa2048-g1",
"ValidTill": "2025-06-16T04:42:31+00:00"
},
"DedicatedLogVolume": false,
"EngineLifecycleSupport": "open-source-rds-extended-support"
}
}
12. 作成したリソースの削除
RDS削除
インスタンス削除
コマンド
aws rds delete-db-instance \
--db-instance-identifier ${DB_INSTANCE_IDENTIFIER} \
--skip-final-snapshot \
--delete-automated-backups
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws rds delete-db-instance \
> --db-instance-identifier ${DB_INSTANCE_IDENTIFIER} \
> --skip-final-snapshot \
> --delete-automated-backups
{
"DBInstance": {
"DBInstanceIdentifier": "db-user1",
"DBInstanceClass": "db.t3.micro",
"Engine": "mysql",
"DBInstanceStatus": "deleting",
"MasterUsername": "admin",
"DBName": "wordpress",
"Endpoint": {
"Address": "db-user1.clacqicsiqrt.ap-northeast-1.rds.amazonaws.com",
"Port": 3306,
"HostedZoneId": "Z24O6O9L7SGTNB"
},
"AllocatedStorage": 20,
"InstanceCreateTime": "2024-06-16T04:43:22.079000+00:00",
"PreferredBackupWindow": "19:23-19:53",
"BackupRetentionPeriod": 0,
"DBSecurityGroups": [],
"VpcSecurityGroups": [
{
"VpcSecurityGroupId": "sg-00a065607e5f7d245",
"Status": "active"
}
],
"DBParameterGroups": [
{
"DBParameterGroupName": "default.mysql8.0",
"ParameterApplyStatus": "in-sync"
}
],
"AvailabilityZone": "ap-northeast-1c",
"DBSubnetGroup": {
"DBSubnetGroupName": "db-subnet-user1",
"DBSubnetGroupDescription": "RDS for MySQL",
"VpcId": "vpc-069134134e327d764",
"SubnetGroupStatus": "Complete",
"Subnets": [
{
"SubnetIdentifier": "subnet-0324b1fccc0ae599f",
"SubnetAvailabilityZone": {
"Name": "ap-northeast-1c"
},
"SubnetOutpost": {},
"SubnetStatus": "Active"
},
{
"SubnetIdentifier": "subnet-0bf117b6d88abe777",
"SubnetAvailabilityZone": {
"Name": "ap-northeast-1a"
},
"SubnetOutpost": {},
"SubnetStatus": "Active"
}
]
},
"PreferredMaintenanceWindow": "sun:14:24-sun:14:54",
"PendingModifiedValues": {},
"MultiAZ": true,
"EngineVersion": "8.0.35",
"AutoMinorVersionUpgrade": true,
"ReadReplicaDBInstanceIdentifiers": [],
"LicenseModel": "general-public-license",
"OptionGroupMemberships": [
{
"OptionGroupName": "default:mysql-8-0",
"Status": "in-sync"
}
],
"SecondaryAvailabilityZone": "ap-northeast-1a",
"PubliclyAccessible": false,
"StorageType": "gp2",
"DbInstancePort": 0,
"StorageEncrypted": true,
"KmsKeyId": "arn:aws:kms:ap-northeast-1:999999999999:key/951b3fa0-aedb-4215-a2e6-9b7c2f5292e5",
"DbiResourceId": "db-VFUF2LFFPX5VT6FJ5ETFQN3VQY",
"CACertificateIdentifier": "",
"DomainMemberships": [],
"CopyTagsToSnapshot": false,
"MonitoringInterval": 0,
"DBInstanceArn": "arn:aws:rds:ap-northeast-1:999999999999:db:db-user1",
"IAMDatabaseAuthenticationEnabled": false,
"PerformanceInsightsEnabled": false,
"DeletionProtection": false,
"AssociatedRoles": [],
"MaxAllocatedStorage": 1000,
"TagList": [],
"CustomerOwnedIpEnabled": false,
"BackupTarget": "region",
"NetworkType": "IPV4",
"StorageThroughput": 0,
"DedicatedLogVolume": false,
"EngineLifecycleSupport": "open-source-rds-extended-support"
}
}
サブネットグループ削除
コマンド
aws rds delete-db-subnet-group --db-subnet-group-name ${DB_SUBNET_NAME}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws rds delete-db-subnet-group --db-subnet-group-name ${DB_SUBNET_NAME}
EC2削除
EC2インスタンス削除
コマンド
aws ec2 terminate-instances --instance-ids ${EC2_ID_1} ${EC2_ID_2}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws ec2 terminate-instances --instance-ids ${EC2_ID_1} ${EC2_ID_2}
{
"TerminatingInstances": [
{
"CurrentState": {
"Code": 32,
"Name": "shutting-down"
},
"InstanceId": "i-0ef1f8c47c0802907",
"PreviousState": {
"Code": 16,
"Name": "running"
}
},
{
"CurrentState": {
"Code": 32,
"Name": "shutting-down"
},
"InstanceId": "i-00fcdbfef91aedeff",
"PreviousState": {
"Code": 16,
"Name": "running"
}
}
]
}
スナップショットID取得
コマンド
SNAPSHOT_ID=$( \
aws ec2 describe-images \
--image-ids ${IMAGE_ID} \
--output text
) \
&& echo ${SNAPSHOT_ID}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ SNAPSHOT_ID=$( \
> aws ec2 describe-images \
> --image-ids ${IMAGE_ID} \
> --output text
> ) \
> && echo ${SNAPSHOT_ID}
snap-0c7ac14512a4e1810
スナップショットを削除する
コマンド
aws ec2 delete-snapshot --snapshot-id ${SNAPSHOT_ID}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws ec2 delete-snapshot --snapshot-id ${SNAPSHOT_ID}
AMI削除
コマンド
aws ec2 deregister-image --image-id ${IMAGE_ID}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws ec2 deregister-image --image-id ${IMAGE_ID}
ロードバランサー削除
ロードバランサー削除
コマンド
aws elbv2 delete-load-balancer --load-balancer-arn ${LB_ARN}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws elbv2 delete-load-balancer --load-balancer-arn ${LB_ARN}
ターゲットグループ削除
コマンド
aws elbv2 delete-target-group --target-group-arn ${TARGET_GROUP_ARN}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws elbv2 delete-target-group --target-group-arn ${TARGET_GROUP_ARN}
セキュリティグループ削除
コマンド
aws ec2 delete-security-group --group-id ${ELB_SECURITY_GROUP_ID}
aws ec2 delete-security-group --group-id ${DB_SECURITY_GROUP_ID}
aws ec2 delete-security-group --group-id ${EC2_SECURITY_GROUP_ID}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws ec2 delete-security-group --group-id ${ELB_SECURITY_GROUP_ID}
[cloudshell-user@ip-10-132-69-166 ~]$ aws ec2 delete-security-group --group-id ${DB_SECURITY_GROUP_ID}
[cloudshell-user@ip-10-132-69-166 ~]$ aws ec2 delete-security-group --group-id ${EC2_SECURITY_GROUP_ID}
VPC削除
インターネットゲートウェイ 削除
コマンド
# インターネットゲートウェイ デタッチ
aws ec2 detach-internet-gateway \
--internet-gateway-id ${INTERNET_GATEWAY_ID} \
--vpc-id ${VPC_ID}
# インターネットゲートウェイ削除
aws ec2 delete-internet-gateway --internet-gateway-id ${INTERNET_GATEWAY_ID}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ # インターネットゲートウェイ デタッチ
[cloudshell-user@ip-10-132-69-166 ~]$ aws ec2 detach-internet-gateway \
> --internet-gateway-id ${INTERNET_GATEWAY_ID} \
> --vpc-id ${VPC_ID}
[cloudshell-user@ip-10-132-69-166 ~]$
[cloudshell-user@ip-10-132-69-166 ~]$ # インターネットゲートウェイ削除
[cloudshell-user@ip-10-132-69-166 ~]$ aws ec2 delete-internet-gateway --internet-gateway-id ${INTERNET_GATEWAY_ID}
Subnet 削除
コマンド
aws ec2 delete-subnet --subnet-id ${AZ1_PUBLIC_ID}
aws ec2 delete-subnet --subnet-id ${AZ2_PUBLIC_ID}
aws ec2 delete-subnet --subnet-id ${AZ1_PRIVATE_ID}
aws ec2 delete-subnet --subnet-id ${AZ2_PRIVATE_ID}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws ec2 delete-subnet --subnet-id ${AZ1_PUBLIC_ID}
[cloudshell-user@ip-10-132-69-166 ~]$ aws ec2 delete-subnet --subnet-id ${AZ2_PUBLIC_ID}
[cloudshell-user@ip-10-132-69-166 ~]$ aws ec2 delete-subnet --subnet-id ${AZ1_PRIVATE_ID}
[cloudshell-user@ip-10-132-69-166 ~]$ aws ec2 delete-subnet --subnet-id ${AZ2_PRIVATE_ID}
ルートテーブル削除
コマンド
aws ec2 delete-route-table --route-table-id ${PUBLIC_ROUTE_ID}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws ec2 delete-route-table --route-table-id ${PUBLIC_ROUTE_ID}
VPC削除
コマンド
aws ec2 delete-vpc --vpc-id ${VPC_ID}
出力
[cloudshell-user@ip-10-132-69-166 ~]$ aws ec2 delete-vpc --vpc-id ${VPC_ID}