上記、「AWS Hands-on for Beginners Network編#2 Amazon VPC間およびAmazon VPCとオンプレミスの プライベートネットワーク接続」 をAWS CLIでやってみる
ハンズオンから引用
1.メインVPCを作成する
変数設定 (IPv4 VPC CIDR block)
コマンド
VPC_CIDR_BLOCK_MAIN="10.0.0.0/16" \
&& echo ${VPC_CIDR_BLOCK_MAIN}
出力
[cloudshell-user@ip-10-130-33-176 ~]$ VPC_CIDR_BLOCK_MAIN="10.0.0.0/16" \
> && echo ${VPC_CIDR_BLOCK_MAIN}
10.0.0.0/16
変数設定 (VPC名)
コマンド
VPC_NAME_MAIN="Main VPC" \
&& echo ${VPC_NAME_MAIN}
出力
[cloudshell-user@ip-10-130-33-176 ~]$ VPC_NAME_MAIN="Main VPC" \
> && echo ${VPC_NAME_MAIN}
Main VPC
VPC 作成
コマンド
aws ec2 create-vpc \
--cidr-block ${VPC_CIDR_BLOCK_MAIN} \
--tag-specifications "ResourceType=vpc,Tags=[{Key=Name,Value=${VPC_NAME_MAIN}}]"
出力
[cloudshell-user@ip-10-130-33-176 ~]$ aws ec2 create-vpc \
> --cidr-block ${VPC_CIDR_BLOCK_MAIN} \
> --tag-specifications "ResourceType=vpc,Tags=[{Key=Name,Value=${VPC_NAME_MAIN}}]"
{
"Vpc": {
"CidrBlock": "10.0.0.0/16",
"DhcpOptionsId": "dopt-0e7d97fbb33a62ce1",
"State": "pending",
"VpcId": "vpc-044f0a97b7e8a476a",
"OwnerId": "999999999999",
"InstanceTenancy": "default",
"Ipv6CidrBlockAssociationSet": [],
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-036650403c9f5ee62",
"CidrBlock": "10.0.0.0/16",
"CidrBlockState": {
"State": "associated"
}
}
],
"IsDefault": false,
"Tags": [
{
"Key": "Name",
"Value": "Main VPC"
}
]
}
}
VPC IDの取得
コマンド
VPC_ID_MAIN=$( \
aws ec2 describe-vpcs \
--filters "Name=tag:Name,Values=${VPC_NAME_MAIN}" \
--query "Vpcs[0].VpcId" \
--output text\
)\
&& echo ${VPC_ID_MAIN}
出力
[cloudshell-user@ip-10-130-33-176 ~]$ VPC_ID_MAIN=$( \
> aws ec2 describe-vpcs \
> --filters "Name=tag:Name,Values=${VPC_NAME_MAIN}" \
> --query "Vpcs[0].VpcId" \
> --output text\
> )\
> && echo ${VPC_ID_MAIN}
vpc-044f0a97b7e8a476a
変数設定 (IPv4 Public CIDR block)
コマンド
SUBNET_CIDR_BLOCK_MAIN="10.0.0.0/24" \
&& echo ${SUBNET_CIDR_BLOCK_MAIN}
出力
[cloudshell-user@ip-10-130-33-176 ~]$ SUBNET_CIDR_BLOCK_MAIN="10.0.0.0/24" \
> && echo ${SUBNET_CIDR_BLOCK_MAIN}
10.0.0.0/24
変数設定 (アベイラビリティゾーン)
コマンド
AZ_MAIN="ap-northeast-1a" \
&& echo ${AZ_MAIN}
出力
[cloudshell-user@ip-10-130-33-176 ~]$ AZ_MAIN="ap-northeast-1a" \
> && echo ${AZ_MAIN}
ap-northeast-1a
変数設定 (サブネット名)
コマンド
SUBNET_NAME_MAIN="Main Public Subnet" \
&& echo ${SUBNET_NAME_MAIN}
出力
[cloudshell-user@ip-10-130-33-176 ~]$ SUBNET_NAME_MAIN="Main Public Subnet" \
> && echo ${SUBNET_NAME_MAIN}
Main Public Subnet
サブネットの作成
コマンド
aws ec2 create-subnet \
--vpc-id ${VPC_ID_MAIN} \
--cidr-block ${SUBNET_CIDR_BLOCK_MAIN} \
--availability-zone ${AZ_MAIN} \
--tag-specifications "ResourceType=subnet,Tags=[{Key=Name,Value=${SUBNET_NAME_MAIN}}]"
出力
[cloudshell-user@ip-10-130-33-176 ~]$ aws ec2 create-subnet \
> --vpc-id ${VPC_ID_MAIN} \
> --cidr-block ${SUBNET_CIDR_BLOCK_MAIN} \
> --availability-zone ${AZ_MAIN} \
> --tag-specifications "ResourceType=subnet,Tags=[{Key=Name,Value=${SUBNET_NAME_MAIN}}]"
{
"Subnet": {
"AvailabilityZone": "ap-northeast-1a",
"AvailabilityZoneId": "apne1-az4",
"AvailableIpAddressCount": 251,
"CidrBlock": "10.0.0.0/24",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"State": "available",
"SubnetId": "subnet-0e332a080d5517d6b",
"VpcId": "vpc-044f0a97b7e8a476a",
"OwnerId": "999999999999",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"Tags": [
{
"Key": "Name",
"Value": "Main Public Subnet"
}
],
"SubnetArn": "arn:aws:ec2:ap-northeast-1:999999999999:subnet/subnet-0e332a080d5517d6b",
"EnableDns64": false,
"Ipv6Native": false,
"PrivateDnsNameOptionsOnLaunch": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": false,
"EnableResourceNameDnsAAAARecord": false
}
}
}
サブネット IDの取得
コマンド
SUBNET_ID_MAIN=$( \
aws ec2 describe-subnets \
--filters Name=vpc-id,Values=${VPC_ID_MAIN} \
Name=tag:Name,Values="${SUBNET_NAME_MAIN}" \
--query "Subnets[].SubnetId" \
--output text \
) \
&& echo ${SUBNET_ID_MAIN}
出力
[cloudshell-user@ip-10-130-33-176 ~]$ SUBNET_ID_MAIN=$( \
> aws ec2 describe-subnets \
> --filters Name=vpc-id,Values=${VPC_ID_MAIN} \
> Name=tag:Name,Values="${SUBNET_NAME_MAIN}" \
> --query "Subnets[].SubnetId" \
> --output text \
> ) \
> && echo ${SUBNET_ID_MAIN}
subnet-0e332a080d5517d6b
サブネットのパブリックIPv4アドレス自動割り当ての有効化
コマンド
aws ec2 modify-subnet-attribute \
--subnet-id ${SUBNET_ID_MAIN} \
--map-public-ip-on-launch
出力
[cloudshell-user@ip-10-130-33-176 ~]$ aws ec2 modify-subnet-attribute \
> --subnet-id ${SUBNET_ID_MAIN} \
> --map-public-ip-on-launch
変数設定 (Internet Gateway名)
コマンド
INTERNET_GATEWAY_NAME_MAIN='Main Internet Gateway' \
&& echo ${INTERNET_GATEWAY_NAME_MAIN}
出力
[cloudshell-user@ip-10-130-33-176 ~]$ INTERNET_GATEWAY_NAME_MAIN='Main Internet Gateway' \
> && echo ${INTERNET_GATEWAY_NAME_MAIN}
Main Internet Gateway
Internet Gateway作成
コマンド
aws ec2 create-internet-gateway \
--tag-specifications "ResourceType=internet-gateway,Tags=[{Key=Name,Value=${INTERNET_GATEWAY_NAME_MAIN}}]"
出力
[cloudshell-user@ip-10-130-33-176 ~]$ aws ec2 create-internet-gateway \
> --tag-specifications "ResourceType=internet-gateway,Tags=[{Key=Name,Value=${INTERNET_GATEWAY_NAME_MAIN}}]"
{
"InternetGateway": {
"Attachments": [],
"InternetGatewayId": "igw-068f3e7ffa0776661",
"OwnerId": "999999999999",
"Tags": [
{
"Key": "Name",
"Value": "Main Internet Gateway"
}
]
}
}
変数設定 (Internet Gateway IDの取得)
コマンド
INTERNET_GATEWAY_ID_MAIN=$( \
aws ec2 describe-internet-gateways \
--filters Name=tag:Name,Values="${INTERNET_GATEWAY_NAME_MAIN}" \
--query "InternetGateways[].InternetGatewayId" \
--output text \
) \
&& echo ${INTERNET_GATEWAY_ID_MAIN}
出力
[cloudshell-user@ip-10-130-33-176 ~]$ INTERNET_GATEWAY_ID_MAIN=$( \
> aws ec2 describe-internet-gateways \
> --filters Name=tag:Name,Values="${INTERNET_GATEWAY_NAME_MAIN}" \
> --query "InternetGateways[].InternetGatewayId" \
> --output text \
> ) \
> && echo ${INTERNET_GATEWAY_ID_MAIN}
igw-068f3e7ffa0776661
Internet GatewayをVPCにアタッチ
コマンド
aws ec2 attach-internet-gateway \
--vpc-id ${VPC_ID_MAIN} \
--internet-gateway-id ${INTERNET_GATEWAY_ID_MAIN}
出力
[cloudshell-user@ip-10-130-33-176 ~]$ aws ec2 attach-internet-gateway \
> --vpc-id ${VPC_ID_MAIN} \
> --internet-gateway-id ${INTERNET_GATEWAY_ID_MAIN}
変数設定 (パブリック ルートテーブル名)
コマンド
PUBLIC_ROUTE_NAME_MAIN='Main Public Route Table' \
&& echo ${PUBLIC_ROUTE_NAME_MAIN}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ PUBLIC_ROUTE_NAME_MAIN='Main Public Route Table' \
> && echo ${PUBLIC_ROUTE_NAME_MAIN}
Main Public Route Table
パブリック ルートテーブル作成
コマンド
aws ec2 create-route-table \
--vpc-id ${VPC_ID_MAIN} \
--tag-specifications "ResourceType=route-table,Tags=[{Key=Name,Value=${PUBLIC_ROUTE_NAME_MAIN}}]"
出力
[cloudshell-user@ip-10-132-77-191 ~]$ aws ec2 create-route-table \
> --vpc-id ${VPC_ID_MAIN} \
> --tag-specifications "ResourceType=route-table,Tags=[{Key=Name,Value=${PUBLIC_ROUTE_NAME_MAIN}}]"
{
"RouteTable": {
"Associations": [],
"PropagatingVgws": [],
"RouteTableId": "rtb-06294855aa51d5273",
"Routes": [
{
"DestinationCidrBlock": "10.0.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "Main Public Route Table"
}
],
"VpcId": "vpc-044f0a97b7e8a476a",
"OwnerId": "999999999999"
},
"ClientToken": "2ef99fd0-40db-41b4-83c2-86c296c444f9"
}
変数設定 (パブリック ルートテーブルID取得)
コマンド
PUBLIC_ROUTE_ID_MAIN=$( \
aws ec2 describe-route-tables \
--filters Name=vpc-id,Values=${VPC_ID_MAIN} \
Name=tag:Name,Values="${PUBLIC_ROUTE_NAME_MAIN}" \
--query "RouteTables[].RouteTableId" \
--output text \
) \
&& echo ${PUBLIC_ROUTE_ID_MAIN}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ PUBLIC_ROUTE_ID_MAIN=$( \
> aws ec2 describe-route-tables \
> --filters Name=vpc-id,Values=${VPC_ID_MAIN} \
> Name=tag:Name,Values="${PUBLIC_ROUTE_NAME_MAIN}" \
> --query "RouteTables[].RouteTableId" \
> --output text \
> ) \
> && echo ${PUBLIC_ROUTE_ID_MAIN}
rtb-06294855aa51d5273
変数設定 (デフォルトルート指定)
コマンド
PUBLIC_ROUTE_DEFAULTROUTE_MAIN='0.0.0.0/0' \
&& echo ${PUBLIC_ROUTE_DEFAULTROUTE_MAIN}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ PUBLIC_ROUTE_DEFAULTROUTE_MAIN='0.0.0.0/0' \
> && echo ${PUBLIC_ROUTE_DEFAULTROUTE_MAIN}
0.0.0.0/0
デフォルトルート作成
コマンド
aws ec2 create-route \
--route-table-id ${PUBLIC_ROUTE_ID_MAIN} \
--destination-cidr-block ${PUBLIC_ROUTE_DEFAULTROUTE_MAIN} \
--gateway-id ${INTERNET_GATEWAY_ID_MAIN}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ aws ec2 create-route \
> --route-table-id ${PUBLIC_ROUTE_ID_MAIN} \
> --destination-cidr-block ${PUBLIC_ROUTE_DEFAULTROUTE_MAIN} \
> --gateway-id ${INTERNET_GATEWAY_ID_MAIN}
{
"Return": true
}
変数設定 (メインルートテーブルID取得)
コマンド
PRIVATE_ROUTE_ID_MAIN=$( \
aws ec2 describe-route-tables \
--filters Name=vpc-id,Values=${VPC_ID_MAIN} \
Name=association.main,Values=true \
--query "RouteTables[].RouteTableId" \
--output text \
) \
&& echo ${PRIVATE_ROUTE_ID_MAIN}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ PRIVATE_ROUTE_ID_MAIN=$( \
> aws ec2 describe-route-tables \
> --filters Name=vpc-id,Values=${VPC_ID_MAIN} \
> Name=association.main,Values=true \
> --query "RouteTables[].RouteTableId" \
> --output text \
> ) \
> && echo ${PRIVATE_ROUTE_ID_MAIN}
rtb-022300aa94b5b1e97
変数設定 (プライベート ルートテーブル名)
コマンド
PRIVATE_ROUTE_NAME_MAIN='Main Private Route Table' \
&& echo ${PRIVATE_ROUTE_NAME_MAIN}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ PRIVATE_ROUTE_NAME_MAIN='Main Private Route Table' \
> && echo ${PRIVATE_ROUTE_NAME_MAIN}
Main Private Route Table
メイン ルートテーブル名 変更
コマンド
aws ec2 create-tags \
--resources ${PRIVATE_ROUTE_ID_MAIN} \
--tags Key=Name,Value="${PRIVATE_ROUTE_NAME_MAIN}"
出力
[cloudshell-user@ip-10-132-77-191 ~]$ aws ec2 create-tags \
> --resources ${PRIVATE_ROUTE_ID_MAIN} \
> --tags Key=Name,Value="${PRIVATE_ROUTE_NAME_MAIN}"
パブリック ルートテーブルの関連付け
コマンド
aws ec2 associate-route-table \
--subnet-id ${SUBNET_ID_MAIN} \
--route-table-id ${PUBLIC_ROUTE_ID_MAIN}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 associate-route-table \
> --subnet-id ${SUBNET_ID_MAIN} \
> --route-table-id ${PUBLIC_ROUTE_ID_MAIN}
{
"AssociationId": "rtbassoc-0815f3e455e0ea7d4",
"AssociationState": {
"State": "associated"
}
}
2.ピアリングVPCを作成する
変数設定 (IPv4 VPC CIDR block)
コマンド
VPC_CIDR_BLOCK_PEERING="10.1.0.0/16" \
&& echo ${VPC_CIDR_BLOCK_PEERING}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ VPC_CIDR_BLOCK_PEERING="10.1.0.0/16" \
> && echo ${VPC_CIDR_BLOCK_PEERING}
10.1.0.0/16
変数設定 (VPC名)
コマンド
VPC_NAME_PEERING="Peering VPC" \
&& echo ${VPC_NAME_PEERING}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ VPC_NAME_PEERING="Peering VPC" \
> && echo ${VPC_NAME_PEERING}
Peering VPC
VPC 作成
コマンド
aws ec2 create-vpc \
--cidr-block ${VPC_CIDR_BLOCK_PEERING} \
--tag-specifications "ResourceType=vpc,Tags=[{Key=Name,Value=${VPC_NAME_PEERING}}]"
出力
[cloudshell-user@ip-10-132-77-191 ~]$ aws ec2 create-vpc \
> --cidr-block ${VPC_CIDR_BLOCK_PEERING} \
> --tag-specifications "ResourceType=vpc,Tags=[{Key=Name,Value=${VPC_NAME_PEERING}}]"
{
"Vpc": {
"CidrBlock": "10.1.0.0/16",
"DhcpOptionsId": "dopt-0e7d97fbb33a62ce1",
"State": "pending",
"VpcId": "vpc-08ef472fae4c3cb36",
"OwnerId": "999999999999",
"InstanceTenancy": "default",
"Ipv6CidrBlockAssociationSet": [],
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-0379457d7f4394ab7",
"CidrBlock": "10.1.0.0/16",
"CidrBlockState": {
"State": "associated"
}
}
],
"IsDefault": false,
"Tags": [
{
"Key": "Name",
"Value": "Peering VPC"
}
]
}
}
VPC IDの取得
コマンド
VPC_ID_PEERING=$( \
aws ec2 describe-vpcs \
--filters "Name=tag:Name,Values=${VPC_NAME_PEERING}" \
--query "Vpcs[0].VpcId" \
--output text\
)\
&& echo ${VPC_ID_PEERING}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ VPC_ID_PEERING=$( \
> aws ec2 describe-vpcs \
> --filters "Name=tag:Name,Values=${VPC_NAME_PEERING}" \
> --query "Vpcs[0].VpcId" \
> --output text\
> )\
> && echo ${VPC_ID_PEERING}
vpc-08ef472fae4c3cb36
変数設定 (IPv4 Public CIDR block)
コマンド
SUBNET_CIDR_BLOCK_PEERING="10.1.0.0/24" \
&& echo ${SUBNET_CIDR_BLOCK_PEERING}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ SUBNET_CIDR_BLOCK_PEERING="10.1.0.0/24" \
> && echo ${SUBNET_CIDR_BLOCK_PEERING}
10.1.0.0/24
変数設定 (アベイラビリティゾーン)
コマンド
AZ_PEERING="ap-northeast-1a" \
&& echo ${AZ_PEERING}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ AZ_PEERING="ap-northeast-1a" \
> && echo ${AZ_PEERING}
ap-northeast-1a
変数設定 (サブネット名)
コマンド
SUBNET_NAME_PEERING="Peering Public Subnet" \
&& echo ${SUBNET_NAME_PEERING}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ SUBNET_NAME_PEERING="Peering Public Subnet" \
> && echo ${SUBNET_NAME_PEERING}
Peering Public Subnet
サブネットの作成
コマンド
aws ec2 create-subnet \
--vpc-id ${VPC_ID_PEERING} \
--cidr-block ${SUBNET_CIDR_BLOCK_PEERING} \
--availability-zone ${AZ_PEERING} \
--tag-specifications "ResourceType=subnet,Tags=[{Key=Name,Value=${SUBNET_NAME_PEERING}}]"
出力
[cloudshell-user@ip-10-132-77-191 ~]$ aws ec2 create-subnet \
> --vpc-id ${VPC_ID_PEERING} \
> --cidr-block ${SUBNET_CIDR_BLOCK_PEERING} \
> --availability-zone ${AZ_PEERING} \
> --tag-specifications "ResourceType=subnet,Tags=[{Key=Name,Value=${SUBNET_NAME_PEERING}}]"
{
"Subnet": {
"AvailabilityZone": "ap-northeast-1a",
"AvailabilityZoneId": "apne1-az4",
"AvailableIpAddressCount": 251,
"CidrBlock": "10.1.0.0/24",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"State": "available",
"SubnetId": "subnet-04dbf198dbe2b7e22",
"VpcId": "vpc-08ef472fae4c3cb36",
"OwnerId": "999999999999",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"Tags": [
{
"Key": "Name",
"Value": "Peering Public Subnet"
}
],
"SubnetArn": "arn:aws:ec2:ap-northeast-1:999999999999:subnet/subnet-04dbf198dbe2b7e22",
"EnableDns64": false,
"Ipv6Native": false,
"PrivateDnsNameOptionsOnLaunch": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": false,
"EnableResourceNameDnsAAAARecord": false
}
}
}
サブネット IDの取得
コマンド
SUBNET_ID_PEERING=$( \
aws ec2 describe-subnets \
--filters Name=vpc-id,Values=${VPC_ID_PEERING} \
Name=tag:Name,Values="${SUBNET_NAME_PEERING}" \
--query "Subnets[].SubnetId" \
--output text \
) \
&& echo ${SUBNET_ID_PEERING}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ SUBNET_ID_PEERING=$( \
> aws ec2 describe-subnets \
> --filters Name=vpc-id,Values=${VPC_ID_PEERING} \
> Name=tag:Name,Values="${SUBNET_NAME_PEERING}" \
> --query "Subnets[].SubnetId" \
> --output text \
> ) \
> && echo ${SUBNET_ID_PEERING}
subnet-04dbf198dbe2b7e22
サブネットのパブリックIPv4アドレス自動割り当ての有効化
コマンド
aws ec2 modify-subnet-attribute \
--subnet-id ${SUBNET_ID_PEERING} \
--map-public-ip-on-launch
出力
[cloudshell-user@ip-10-132-77-191 ~]$ aws ec2 modify-subnet-attribute \
> --subnet-id ${SUBNET_ID_PEERING} \
> --map-public-ip-on-launch
変数設定 (Internet Gateway名)
コマンド
INTERNET_GATEWAY_NAME_PEERING='Peering Internet Gateway' \
&& echo ${INTERNET_GATEWAY_NAME_PEERING}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ INTERNET_GATEWAY_NAME_PEERING='Peering Internet Gateway' \
> && echo ${INTERNET_GATEWAY_NAME_PEERING}
Peering Internet Gateway
Internet Gateway作成
コマンド
aws ec2 create-internet-gateway \
--tag-specifications "ResourceType=internet-gateway,Tags=[{Key=Name,Value=${INTERNET_GATEWAY_NAME_PEERING}}]"
出力
[cloudshell-user@ip-10-132-77-191 ~]$ aws ec2 create-internet-gateway \
> --tag-specifications "ResourceType=internet-gateway,Tags=[{Key=Name,Value=${INTERNET_GATEWAY_NAME_PEERING}}]"
{
"InternetGateway": {
"Attachments": [],
"InternetGatewayId": "igw-0637a9179907abef1",
"OwnerId": "999999999999",
"Tags": [
{
"Key": "Name",
"Value": "Peering Internet Gateway"
}
]
}
}
変数設定 (Internet Gateway IDの取得)
コマンド
INTERNET_GATEWAY_ID_PEERING=$( \
aws ec2 describe-internet-gateways \
--filters Name=tag:Name,Values="${INTERNET_GATEWAY_NAME_PEERING}" \
--query "InternetGateways[].InternetGatewayId" \
--output text \
) \
&& echo ${INTERNET_GATEWAY_ID_PEERING}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ INTERNET_GATEWAY_ID_PEERING=$( \
> aws ec2 describe-internet-gateways \
> --filters Name=tag:Name,Values="${INTERNET_GATEWAY_NAME_PEERING}" \
> --query "InternetGateways[].InternetGatewayId" \
> --output text \
> ) \
> && echo ${INTERNET_GATEWAY_ID_PEERING}
igw-0637a9179907abef1
Internet GatewayをVPCにアタッチ
コマンド
aws ec2 attach-internet-gateway \
--vpc-id ${VPC_ID_PEERING} \
--internet-gateway-id ${INTERNET_GATEWAY_ID_PEERING}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ aws ec2 attach-internet-gateway \
> --vpc-id ${VPC_ID_PEERING} \
> --internet-gateway-id ${INTERNET_GATEWAY_ID_PEERING}
変数設定 (パブリック ルートテーブル名)
コマンド
PUBLIC_ROUTE_NAME_PEERING='Peering Public Route Table' \
&& echo ${PUBLIC_ROUTE_NAME_PEERING}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ PUBLIC_ROUTE_NAME_PEERING='Peering Public Route Table' \
> && echo ${PUBLIC_ROUTE_NAME_PEERING}
Peering Public Route Table
パブリック ルートテーブル作成
コマンド
aws ec2 create-route-table \
--vpc-id ${VPC_ID_PEERING} \
--tag-specifications "ResourceType=route-table,Tags=[{Key=Name,Value=${PUBLIC_ROUTE_NAME_PEERING}}]"
出力
[cloudshell-user@ip-10-132-77-191 ~]$ aws ec2 create-route-table \
> --vpc-id ${VPC_ID_PEERING} \
> --tag-specifications "ResourceType=route-table,Tags=[{Key=Name,Value=${PUBLIC_ROUTE_NAME_PEERING}}]"
{
"RouteTable": {
"Associations": [],
"PropagatingVgws": [],
"RouteTableId": "rtb-0b8505a17014c04b3",
"Routes": [
{
"DestinationCidrBlock": "10.1.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "Peering Public Route Table"
}
],
"VpcId": "vpc-08ef472fae4c3cb36",
"OwnerId": "999999999999"
},
"ClientToken": "6393d87f-e093-4c02-8109-615ca0ca00d8"
}
変数設定 (パブリック ルートテーブルID取得)
コマンド
PUBLIC_ROUTE_ID_PEERING=$( \
aws ec2 describe-route-tables \
--filters Name=vpc-id,Values=${VPC_ID_PEERING} \
Name=tag:Name,Values="${PUBLIC_ROUTE_NAME_PEERING}" \
--query "RouteTables[].RouteTableId" \
--output text \
) \
&& echo ${PUBLIC_ROUTE_ID_PEERING}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ PUBLIC_ROUTE_ID_PEERING=$( \
> aws ec2 describe-route-tables \
> --filters Name=vpc-id,Values=${VPC_ID_PEERING} \
> Name=tag:Name,Values="${PUBLIC_ROUTE_NAME_PEERING}" \
> --query "RouteTables[].RouteTableId" \
> --output text \
> ) \
> && echo ${PUBLIC_ROUTE_ID_PEERING}
rtb-0b8505a17014c04b3
変数設定 (デフォルトルート指定)
コマンド
PUBLIC_ROUTE_DEFAULTROUTE_PEERING='0.0.0.0/0' \
&& echo ${PUBLIC_ROUTE_DEFAULTROUTE_PEERING}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ PUBLIC_ROUTE_DEFAULTROUTE_PEERING='0.0.0.0/0' \
> && echo ${PUBLIC_ROUTE_DEFAULTROUTE_PEERING}
0.0.0.0/0
デフォルトルート作成
コマンド
aws ec2 create-route \
--route-table-id ${PUBLIC_ROUTE_ID_PEERING} \
--destination-cidr-block ${PUBLIC_ROUTE_DEFAULTROUTE_PEERING} \
--gateway-id ${INTERNET_GATEWAY_ID_PEERING}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ aws ec2 create-route \
> --route-table-id ${PUBLIC_ROUTE_ID_PEERING} \
> --destination-cidr-block ${PUBLIC_ROUTE_DEFAULTROUTE_PEERING} \
> --gateway-id ${INTERNET_GATEWAY_ID_PEERING}
{
"Return": true
}
変数設定 (メインルートテーブルID取得)
コマンド
PRIVATE_ROUTE_ID_PEERING=$( \
aws ec2 describe-route-tables \
--filters Name=vpc-id,Values=${VPC_ID_PEERING} \
Name=association.main,Values=true \
--query "RouteTables[].RouteTableId" \
--output text \
) \
&& echo ${PRIVATE_ROUTE_ID_PEERING}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ PRIVATE_ROUTE_ID_PEERING=$( \
> aws ec2 describe-route-tables \
> --filters Name=vpc-id,Values=${VPC_ID_PEERING} \
> Name=association.main,Values=true \
> --query "RouteTables[].RouteTableId" \
> --output text \
> ) \
> && echo ${PRIVATE_ROUT
変数設定 (プライベート ルートテーブル名)
コマンド
PRIVATE_ROUTE_NAME_PEERING='Peering Private Route Table' \
&& echo ${PRIVATE_ROUTE_NAME_PEERING}
出力
[cloudshell-user@ip-10-132-77-191 ~]$ PRIVATE_ROUTE_NAME_PEERING='Peering Private Route Table' \
> && echo ${PRIVATE_ROUTE_NAME_PEERING}
Peering Private Route Table
メイン ルートテーブル名 変更
コマンド
aws ec2 create-tags \
--resources ${PRIVATE_ROUTE_ID_PEERING} \
--tags Key=Name,Value="${PRIVATE_ROUTE_NAME_PEERING}"
出力
[cloudshell-user@ip-10-132-77-191 ~]$ aws ec2 create-tags \
> --resources ${PRIVATE_ROUTE_ID_PEERING} \
> --tags Key=Name,Value="${PRIVATE_ROUTE_NAME_PEERING}"
パブリック ルートテーブルの関連付け
コマンド
aws ec2 associate-route-table \
--subnet-id ${SUBNET_ID_PEERING} \
--route-table-id ${PUBLIC_ROUTE_ID_PEERING}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 associate-route-table \
> --subnet-id ${SUBNET_ID_PEERING} \
> --route-table-id ${PUBLIC_ROUTE_ID_PEERING}
{
"AssociationId": "rtbassoc-0ffbd9966965324a4",
"AssociationState": {
"State": "associated"
}
}
3.ピアリング接続を作成&承諾する
変数設定 (ピアリング接続名)
コマンド
PEERING_CONNECTION_NAME='peering-handson' \
&& echo ${PEERING_CONNECTION_NAME}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ PEERING_CONNECTION_NAME='peering-handson' \
> && echo ${PEERING_CONNECTION_NAME}
peering-handson
ピアリング接続を作成
コマンド
aws ec2 create-vpc-peering-connection \
--vpc-id ${VPC_ID_MAIN} \
--peer-vpc-id ${VPC_ID_PEERING} \
--tag-specifications "ResourceType=vpc-peering-connection,Tags=[{Key=Name,Value=${PEERING_CONNECTION_NAME}}]"
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 create-vpc-peering-connection \
> --vpc-id ${VPC_ID_MAIN} \
> --peer-vpc-id ${VPC_ID_PEERING} \
> --tag-specifications "ResourceType=vpc-peering-connection,Tags=[{Key=Name,Value=${PEERING_CONNECTION_NAME}}]"
{
"VpcPeeringConnection": {
"AccepterVpcInfo": {
"OwnerId": "999999999999",
"VpcId": "vpc-08ef472fae4c3cb36",
"Region": "ap-northeast-1"
},
"ExpirationTime": "2024-06-16T01:00:33+00:00",
"RequesterVpcInfo": {
"CidrBlock": "10.0.0.0/16",
"CidrBlockSet": [
{
"CidrBlock": "10.0.0.0/16"
}
],
"OwnerId": "999999999999",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": false,
"AllowEgressFromLocalClassicLinkToRemoteVpc": false,
"AllowEgressFromLocalVpcToRemoteClassicLink": false
},
"VpcId": "vpc-044f0a97b7e8a476a",
"Region": "ap-northeast-1"
},
"Status": {
"Code": "initiating-request",
"Message": "Initiating Request to 999999999999"
},
"Tags": [
{
"Key": "Name",
"Value": "peering-handson"
}
],
"VpcPeeringConnectionId": "pcx-08504013baf5ee54c"
}
}
変数設定 (ピアリング接続ID取得)
コマンド
PEERING_CONNECTION_ID=$(aws ec2 describe-vpc-peering-connections \
--filters Name=tag:Name,Values="${PEERING_CONNECTION_NAME}" \
--query "VpcPeeringConnections[].VpcPeeringConnectionId" \
--output text)\
&& echo ${PEERING_CONNECTION_ID}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ PEERING_CONNECTION_ID=$(aws ec2 describe-vpc-peering-connections \
> --filters Name=tag:Name,Values="${PEERING_CONNECTION_NAME}" \
> --query "VpcPeeringConnections[].VpcPeeringConnectionId" \
> --output text)\
> && echo ${PEERING_CONNECTION_ID}
pcx-08504013baf5ee54c
VPCピアリング接続の承認
コマンド
aws ec2 accept-vpc-peering-connection \
--vpc-peering-connection-id ${PEERING_CONNECTION_ID}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 accept-vpc-peering-connection \
> --vpc-peering-connection-id ${PEERING_CONNECTION_ID}
{
"VpcPeeringConnection": {
"AccepterVpcInfo": {
"CidrBlock": "10.1.0.0/16",
"CidrBlockSet": [
{
"CidrBlock": "10.1.0.0/16"
}
],
"OwnerId": "999999999999",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": false,
"AllowEgressFromLocalClassicLinkToRemoteVpc": false,
"AllowEgressFromLocalVpcToRemoteClassicLink": false
},
"VpcId": "vpc-08ef472fae4c3cb36",
"Region": "ap-northeast-1"
},
"RequesterVpcInfo": {
"CidrBlock": "10.0.0.0/16",
"CidrBlockSet": [
{
"CidrBlock": "10.0.0.0/16"
}
],
"OwnerId": "999999999999",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": false,
"AllowEgressFromLocalClassicLinkToRemoteVpc": false,
"AllowEgressFromLocalVpcToRemoteClassicLink": false
},
"VpcId": "vpc-044f0a97b7e8a476a",
"Region": "ap-northeast-1"
},
"Status": {
"Code": "provisioning",
"Message": "Provisioning"
},
"Tags": [],
"VpcPeeringConnectionId": "pcx-08504013baf5ee54c"
}
}
4.ピアリング接続⽤VPCのルートテーブルを更新する
ルートテーブル更新
コマンド
aws ec2 create-route \
--route-table-id ${PUBLIC_ROUTE_ID_PEERING} \
--destination-cidr-block ${VPC_CIDR_BLOCK_MAIN} \
--gateway-id ${PEERING_CONNECTION_ID}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 create-route \
> --route-table-id ${PUBLIC_ROUTE_ID_PEERING} \
> --destination-cidr-block ${VPC_CIDR_BLOCK_MAIN} \
> --gateway-id ${PEERING_CONNECTION_ID}
{
"Return": true
}
ルーティングテーブル確認
コマンド
aws ec2 describe-route-tables \
--filters "Name=vpc-id,Values=${VPC_ID_PEERING}"
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 describe-route-tables \
> --filters "Name=vpc-id,Values=${VPC_ID_PEERING}"
{
"RouteTables": [
{
"Associations": [
{
"Main": true,
"RouteTableAssociationId": "rtbassoc-0de8129a171b7848b",
"RouteTableId": "rtb-0af5a214697f87fa4",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-0af5a214697f87fa4",
"Routes": [
{
"DestinationCidrBlock": "10.1.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "Peering Private Route Table"
}
],
"VpcId": "vpc-08ef472fae4c3cb36",
"OwnerId": "999999999999"
},
{
"Associations": [
{
"Main": false,
"RouteTableAssociationId": "rtbassoc-0ffbd9966965324a4",
"RouteTableId": "rtb-0b8505a17014c04b3",
"SubnetId": "subnet-04dbf198dbe2b7e22",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-0b8505a17014c04b3",
"Routes": [
{
"DestinationCidrBlock": "10.0.0.0/16",
"Origin": "CreateRoute",
"State": "active",
"VpcPeeringConnectionId": "pcx-08504013baf5ee54c"
},
{
"DestinationCidrBlock": "10.1.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": "igw-0637a9179907abef1",
"Origin": "CreateRoute",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "Peering Public Route Table"
}
],
"VpcId": "vpc-08ef472fae4c3cb36",
"OwnerId": "999999999999"
}
]
}
5.メインVPCのルートテーブルを更新する
ルートテーブル更新
コマンド
aws ec2 create-route \
--route-table-id ${PUBLIC_ROUTE_ID_MAIN} \
--destination-cidr-block ${VPC_CIDR_BLOCK_PEERING} \
--gateway-id ${PEERING_CONNECTION_ID}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 create-route \
> --route-table-id ${PUBLIC_ROUTE_ID_MAIN} \
> --destination-cidr-block ${VPC_CIDR_BLOCK_PEERING} \
> --gateway-id ${PEERING_CONNECTION_ID}
{
"Return": true
}
ルーティングテーブル確認
コマンド
aws ec2 describe-route-tables \
--filters "Name=vpc-id,Values=${VPC_ID_MAIN}"
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 describe-route-tables \
> --filters "Name=vpc-id,Values=${VPC_ID_MAIN}"
{
"RouteTables": [
{
"Associations": [
{
"Main": true,
"RouteTableAssociationId": "rtbassoc-08a0f3e7e390bf6c7",
"RouteTableId": "rtb-022300aa94b5b1e97",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-022300aa94b5b1e97",
"Routes": [
{
"DestinationCidrBlock": "10.0.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "Main Private Route Table"
}
],
"VpcId": "vpc-044f0a97b7e8a476a",
"OwnerId": "999999999999"
},
{
"Associations": [
{
"Main": false,
"RouteTableAssociationId": "rtbassoc-0815f3e455e0ea7d4",
"RouteTableId": "rtb-06294855aa51d5273",
"SubnetId": "subnet-0e332a080d5517d6b",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-06294855aa51d5273",
"Routes": [
{
"DestinationCidrBlock": "10.0.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "10.1.0.0/16",
"Origin": "CreateRoute",
"State": "active",
"VpcPeeringConnectionId": "pcx-08504013baf5ee54c"
},
{
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": "igw-068f3e7ffa0776661",
"Origin": "CreateRoute",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "Main Public Route Table"
}
],
"VpcId": "vpc-044f0a97b7e8a476a",
"OwnerId": "999999999999"
}
]
}
6.ピアリング接続⽤VPCにEC2を作成
変数設定 (セキュリティグループ名)
コマンド
EC2_SECURITY_GROUP_NAME='peering' \
&& echo ${EC2_SECURITY_GROUP_NAME}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ EC2_SECURITY_GROUP_NAME='peering' \
> && echo ${EC2_SECURITY_GROUP_NAME}
peering
変数設定 (セキュリティグループ説明)
コマンド
EC2_SECURITY_GROUP_DESCRIPTION='peering' \
&& echo ${EC2_SECURITY_GROUP_DESCRIPTION}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ EC2_SECURITY_GROUP_DESCRIPTION='peering' \
> && echo ${EC2_SECURITY_GROUP_DESCRIPTION}
peering
セキュリティグループ作成
コマンド
aws ec2 create-security-group \
--group-name ${EC2_SECURITY_GROUP_NAME} \
--description "${EC2_SECURITY_GROUP_DESCRIPTION}" \
--vpc-id ${VPC_ID_PEERING}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 create-security-group \
> --group-name ${EC2_SECURITY_GROUP_NAME} \
> --description "${EC2_SECURITY_GROUP_DESCRIPTION}" \
> --vpc-id ${VPC_ID_PEERING}
{
"GroupId": "sg-0ba7ed8e0caa563ac"
}
変数設定 (セキュリティグループID取得)
コマンド
EC2_SECURITY_GROUP_ID=$( \
aws ec2 describe-security-groups \
--filters Name=vpc-id,Values=${VPC_ID_PEERING} \
Name=group-name,Values=${EC2_SECURITY_GROUP_NAME} \
--query "SecurityGroups[].GroupId" \
--output text \
) \
&& echo ${EC2_SECURITY_GROUP_ID}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ EC2_SECURITY_GROUP_ID=$( \
> aws ec2 describe-security-groups \
> --filters Name=vpc-id,Values=${VPC_ID_PEERING} \
> Name=group-name,Values=${EC2_SECURITY_GROUP_NAME} \
> --query "SecurityGroups[].GroupId" \
> --output text \
> ) \
> && echo ${EC2_SECURITY_GROUP_ID}
sg-0ba7ed8e0caa563ac
セキュリティグループ ルール追加
コマンド
aws ec2 authorize-security-group-ingress \
--group-id ${EC2_SECURITY_GROUP_ID} \
--protocol -1 \
--cidr ${VPC_CIDR_BLOCK_MAIN}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 authorize-security-group-ingress \
> --group-id ${EC2_SECURITY_GROUP_ID} \
> --protocol -1 \
> --cidr ${VPC_CIDR_BLOCK_MAIN}
{
"Return": true,
"SecurityGroupRules": [
{
"SecurityGroupRuleId": "sgr-03d76773b358bf99e",
"GroupId": "sg-0ba7ed8e0caa563ac",
"GroupOwnerId": "999999999999",
"IsEgress": false,
"IpProtocol": "-1",
"FromPort": -1,
"ToPort": -1,
"CidrIpv4": "10.0.0.0/16"
}
]
}
変数設定 (EC2名)
コマンド
EC2_NAME_PEERING='Peering' \
&& echo ${EC2_NAME_PEERING}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ EC2_NAME_PEERING='Peering' \
> && echo ${EC2_NAME_PEERING}
Peering
変数設定 (プライベートIP)
コマンド
EC2_PRIVATE_IP='10.1.0.100' \
&& echo ${EC2_PRIVATE_IP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ EC2_PRIVATE_IP='10.1.0.100' \
> && echo ${EC2_PRIVATE_IP}
10.1.0.100
パブリック EC2作成
コマンド
aws ec2 run-instances \
--image-id resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2-x86_64 \
--instance-type t2.micro \
--security-group-ids ${EC2_SECURITY_GROUP_ID} \
--subnet-id ${SUBNET_ID_PEERING} \
--private-ip-address ${EC2_PRIVATE_IP} \
--no-associate-public-ip-address \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=Peering}]'
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 run-instances \
> --image-id resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2-x86_64 \
> --instance-type t2.micro \
> --security-group-ids ${EC2_SECURITY_GROUP_ID} \
> --subnet-id ${SUBNET_ID_PEERING} \
> --private-ip-address ${EC2_PRIVATE_IP} \
> --no-associate-public-ip-address \
> --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=Peering}]'
{
"Groups": [],
"Instances": [
{
"AmiLaunchIndex": 0,
"ImageId": "ami-057086e4e77484a4a",
"InstanceId": "i-0493671798dbd6f07",
"InstanceType": "t2.micro",
"LaunchTime": "2024-06-09T03:09:21+00:00",
"Monitoring": {
"State": "disabled"
},
"Placement": {
"AvailabilityZone": "ap-northeast-1a",
"GroupName": "",
"Tenancy": "default"
},
"PrivateDnsName": "ip-10-1-0-100.ap-northeast-1.compute.internal",
"PrivateIpAddress": "10.1.0.100",
"ProductCodes": [],
"PublicDnsName": "",
"State": {
"Code": 0,
"Name": "pending"
},
"StateTransitionReason": "",
"SubnetId": "subnet-04dbf198dbe2b7e22",
"VpcId": "vpc-08ef472fae4c3cb36",
"Architecture": "x86_64",
"BlockDeviceMappings": [],
"ClientToken": "918731fc-cc9d-44a8-8276-f7e2f19cf99c",
"EbsOptimized": false,
"EnaSupport": true,
"Hypervisor": "xen",
"NetworkInterfaces": [
{
"Attachment": {
"AttachTime": "2024-06-09T03:09:21+00:00",
"AttachmentId": "eni-attach-099d4e2fa7bfe5679",
"DeleteOnTermination": true,
"DeviceIndex": 0,
"Status": "attaching",
"NetworkCardIndex": 0
},
"Description": "",
"Groups": [
{
"GroupName": "peering",
"GroupId": "sg-0ba7ed8e0caa563ac"
}
],
"Ipv6Addresses": [],
"MacAddress": "06:d3:bd:05:9d:d3",
"NetworkInterfaceId": "eni-00d972a168497d87a",
"OwnerId": "999999999999",
"PrivateIpAddress": "10.1.0.100",
"PrivateIpAddresses": [
{
"Primary": true,
"PrivateIpAddress": "10.1.0.100"
}
],
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "subnet-04dbf198dbe2b7e22",
"VpcId": "vpc-08ef472fae4c3cb36",
"InterfaceType": "interface"
}
],
"RootDeviceName": "/dev/xvda",
"RootDeviceType": "ebs",
"SecurityGroups": [
{
"GroupName": "peering",
"GroupId": "sg-0ba7ed8e0caa563ac"
}
],
"SourceDestCheck": true,
"StateReason": {
"Code": "pending",
"Message": "pending"
},
"Tags": [
{
"Key": "Name",
"Value": "Peering"
}
],
"VirtualizationType": "hvm",
"CpuOptions": {
"CoreCount": 1,
"ThreadsPerCore": 1
},
"CapacityReservationSpecification": {
"CapacityReservationPreference": "open"
},
"MetadataOptions": {
"State": "pending",
"HttpTokens": "optional",
"HttpPutResponseHopLimit": 1,
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "disabled",
"InstanceMetadataTags": "disabled"
},
"EnclaveOptions": {
"Enabled": false
},
"PrivateDnsNameOptions": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": false,
"EnableResourceNameDnsAAAARecord": false
},
"MaintenanceOptions": {
"AutoRecovery": "default"
},
"CurrentInstanceBootMode": "legacy-bios"
}
],
"OwnerId": "999999999999",
"ReservationId": "r-0c54a7aa6a4e8a7d9"
}
7.メインVPCにCloud9を作成
変数設定 (Cloud9名)
コマンド
CLOUD9_NAME='handson' \
&& echo ${CLOUD9_NAME}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ CLOUD9_NAME='handson' \
> && echo ${CLOUD9_NAME}
handson
Cloud9環境の作成
コマンド
aws cloud9 create-environment-ec2 \
--name ${CLOUD9_NAME} \
--instance-type t2.micro \
--image-id resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2-x86_64 \
--connection-type CONNECT_SSM \
--automatic-stop-time-minutes 30 \
--subnet-id ${SUBNET_ID_MAIN}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws cloud9 create-environment-ec2 \
> --name ${CLOUD9_NAME} \
> --instance-type t2.micro \
> --image-id resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2-x86_64 \
> --connection-type CONNECT_SSM \
> --automatic-stop-time-minutes 30 \
> --subnet-id ${SUBNET_ID_MAIN}
{
"environmentId": "b49e70dac3ce4fd7a037a3285ef93f8b"
}
8.VPCピアリング接続 疎通確認
Cloud9 IPアドレス確認
コマンド
ip address show
出力
admin:~/environment $ ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000
link/ether 06:1e:48:f6:6d:8b brd ff:ff:ff:ff:ff:ff
inet 10.0.0.240/24 brd 10.0.0.255 scope global dynamic eth0
valid_lft 3442sec preferred_lft 3442sec
inet6 fe80::41e:48ff:fef6:6d8b/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:27:fe:1a:9e brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
疎通確認
コマンド
ping 10.1.0.100
出力
admin:~/environment $ ping 10.1.0.100
PING 10.1.0.100 (10.1.0.100) 56(84) bytes of data.
64 bytes from 10.1.0.100: icmp_seq=1 ttl=255 time=0.954 ms
64 bytes from 10.1.0.100: icmp_seq=2 ttl=255 time=0.428 ms
64 bytes from 10.1.0.100: icmp_seq=3 ttl=255 time=0.518 ms
64 bytes from 10.1.0.100: icmp_seq=4 ttl=255 time=0.448 ms
^C
--- 10.1.0.100 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3029ms
rtt min/avg/max/mdev = 0.428/0.587/0.954/0.214 ms
VPCピアリングの削除
コマンド
aws ec2 delete-vpc-peering-connection \
--vpc-peering-connection-id ${PEERING_CONNECTION_ID}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 delete-vpc-peering-connection \
> --vpc-peering-connection-id ${PEERING_CONNECTION_ID}
{
"Return": true
}
疎通確認 (VPCピアリング削除後)
コマンド
ping 10.1.0.100
出力
PING 10.1.0.100 (10.1.0.100) 56(84) bytes of data.
^C
--- 10.1.0.100 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 7147ms
ルーティングテーブル確認 (VPCピアリング削除後)
メインVPC
コマンド
aws ec2 describe-route-tables \
--filters "Name=vpc-id,Values=${VPC_ID_MAIN}"
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 describe-route-tables \
> --filters "Name=vpc-id,Values=${VPC_ID_MAIN}"
{
"RouteTables": [
{
"Associations": [
{
"Main": true,
"RouteTableAssociationId": "rtbassoc-08a0f3e7e390bf6c7",
"RouteTableId": "rtb-022300aa94b5b1e97",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-022300aa94b5b1e97",
"Routes": [
{
"DestinationCidrBlock": "10.0.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "Main Private Route Table"
}
],
"VpcId": "vpc-044f0a97b7e8a476a",
"OwnerId": "999999999999"
},
{
"Associations": [
{
"Main": false,
"RouteTableAssociationId": "rtbassoc-0815f3e455e0ea7d4",
"RouteTableId": "rtb-06294855aa51d5273",
"SubnetId": "subnet-0e332a080d5517d6b",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-06294855aa51d5273",
"Routes": [
{
"DestinationCidrBlock": "10.0.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "10.1.0.0/16",
"Origin": "CreateRoute",
"State": "blackhole",
"VpcPeeringConnectionId": "pcx-08504013baf5ee54c"
},
{
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": "igw-068f3e7ffa0776661",
"Origin": "CreateRoute",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "Main Public Route Table"
}
],
"VpcId": "vpc-044f0a97b7e8a476a",
"OwnerId": "999999999999"
}
]
}
ピアリングVPC
コマンド
aws ec2 describe-route-tables \
--filters "Name=vpc-id,Values=${VPC_ID_PEERING}"
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 describe-route-tables \
> --filters "Name=vpc-id,Values=${VPC_ID_PEERING}"
{
"RouteTables": [
{
"Associations": [
{
"Main": true,
"RouteTableAssociationId": "rtbassoc-0de8129a171b7848b",
"RouteTableId": "rtb-0af5a214697f87fa4",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-0af5a214697f87fa4",
"Routes": [
{
"DestinationCidrBlock": "10.1.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "Peering Private Route Table"
}
],
"VpcId": "vpc-08ef472fae4c3cb36",
"OwnerId": "999999999999"
},
{
"Associations": [
{
"Main": false,
"RouteTableAssociationId": "rtbassoc-0ffbd9966965324a4",
"RouteTableId": "rtb-0b8505a17014c04b3",
"SubnetId": "subnet-04dbf198dbe2b7e22",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-0b8505a17014c04b3",
"Routes": [
{
"DestinationCidrBlock": "10.0.0.0/16",
"Origin": "CreateRoute",
"State": "blackhole",
"VpcPeeringConnectionId": "pcx-08504013baf5ee54c"
},
{
"DestinationCidrBlock": "10.1.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": "igw-0637a9179907abef1",
"Origin": "CreateRoute",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "Peering Public Route Table"
}
],
"VpcId": "vpc-08ef472fae4c3cb36",
"OwnerId": "999999999999"
}
]
}
VPCピアリング接続復旧
変数設定 (ピアリング接続名)
コマンド
PEERING_CONNECTION_NAME='handson' \
&& echo ${PEERING_CONNECTION_NAME}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ PEERING_CONNECTION_NAME='handson' \
> && echo ${PEERING_CONNECTION_NAME}
handson
ピアリング接続を作成
コマンド
aws ec2 create-vpc-peering-connection \
--vpc-id ${VPC_ID_MAIN} \
--peer-vpc-id ${VPC_ID_PEERING} \
--tag-specifications "ResourceType=vpc-peering-connection,Tags=[{Key=Name,Value=${PEERING_CONNECTION_NAME}}]"
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 create-vpc-peering-connection \
> --vpc-id ${VPC_ID_MAIN} \
> --peer-vpc-id ${VPC_ID_PEERING} \
> --tag-specifications "ResourceType=vpc-peering-connection,Tags=[{Key=Name,Value=${PEERING_CONNECTION_NAME}}]"
{
"VpcPeeringConnection": {
"AccepterVpcInfo": {
"OwnerId": "999999999999",
"VpcId": "vpc-08ef472fae4c3cb36",
"Region": "ap-northeast-1"
},
"ExpirationTime": "2024-06-16T04:37:27+00:00",
"RequesterVpcInfo": {
"CidrBlock": "10.0.0.0/16",
"CidrBlockSet": [
{
"CidrBlock": "10.0.0.0/16"
}
],
"OwnerId": "999999999999",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": false,
"AllowEgressFromLocalClassicLinkToRemoteVpc": false,
"AllowEgressFromLocalVpcToRemoteClassicLink": false
},
"VpcId": "vpc-044f0a97b7e8a476a",
"Region": "ap-northeast-1"
},
"Status": {
"Code": "initiating-request",
"Message": "Initiating Request to 999999999999"
},
"Tags": [
{
"Key": "Name",
"Value": "handson"
}
],
"VpcPeeringConnectionId": "pcx-0c1944c75b00e0912"
}
}
変数設定 (ピアリング接続ID取得)
コマンド
PEERING_CONNECTION_ID=$(aws ec2 describe-vpc-peering-connections \
--filters Name=tag:Name,Values="${PEERING_CONNECTION_NAME}" \
--query "VpcPeeringConnections[].VpcPeeringConnectionId" \
--output text)\
&& echo ${PEERING_CONNECTION_ID}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ PEERING_CONNECTION_ID=$(aws ec2 describe-vpc-peering-connections \
> --filters Name=tag:Name,Values="${PEERING_CONNECTION_NAME}" \
> --query "VpcPeeringConnections[].VpcPeeringConnectionId" \
> --output text)\
> && echo ${PEERING_CONNECTION_ID}
pcx-0c1944c75b00e0912
VPCピアリング接続の承認
コマンド
aws ec2 accept-vpc-peering-connection \
--vpc-peering-connection-id ${PEERING_CONNECTION_ID}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 accept-vpc-peering-connection \
> --vpc-peering-connection-id ${PEERING_CONNECTION_ID}
{
"VpcPeeringConnection": {
"AccepterVpcInfo": {
"CidrBlock": "10.1.0.0/16",
"CidrBlockSet": [
{
"CidrBlock": "10.1.0.0/16"
}
],
"OwnerId": "999999999999",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": false,
"AllowEgressFromLocalClassicLinkToRemoteVpc": false,
"AllowEgressFromLocalVpcToRemoteClassicLink": false
},
"VpcId": "vpc-08ef472fae4c3cb36",
"Region": "ap-northeast-1"
},
"RequesterVpcInfo": {
"CidrBlock": "10.0.0.0/16",
"CidrBlockSet": [
{
"CidrBlock": "10.0.0.0/16"
}
],
"OwnerId": "999999999999",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": false,
"AllowEgressFromLocalClassicLinkToRemoteVpc": false,
"AllowEgressFromLocalVpcToRemoteClassicLink": false
},
"VpcId": "vpc-044f0a97b7e8a476a",
"Region": "ap-northeast-1"
},
"Status": {
"Code": "provisioning",
"Message": "Provisioning"
},
"Tags": [],
"VpcPeeringConnectionId": "pcx-0c1944c75b00e0912"
}
}
ルートテーブル削除 (メインVPC)
コマンド
aws ec2 delete-route \
--route-table-id ${PUBLIC_ROUTE_ID_MAIN} \
--destination-cidr-block ${VPC_CIDR_BLOCK_PEERING}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 delete-route \
> --route-table-id ${PUBLIC_ROUTE_ID_MAIN} \
> --destination-cidr-block ${VPC_CIDR_BLOCK_PEERING}
ルートテーブル追加 (メインVPC)
コマンド
aws ec2 create-route \
--route-table-id ${PUBLIC_ROUTE_ID_MAIN} \
--destination-cidr-block ${VPC_CIDR_BLOCK_PEERING} \
--gateway-id ${PEERING_CONNECTION_ID}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 create-route \
> --route-table-id ${PUBLIC_ROUTE_ID_MAIN} \
> --destination-cidr-block ${VPC_CIDR_BLOCK_PEERING} \
> --gateway-id ${PEERING_CONNECTION_ID}
{
"Return": true
}
ルーティングテーブル確認 (メインVPC)
コマンド
aws ec2 describe-route-tables \
--filters "Name=vpc-id,Values=${VPC_ID_MAIN}"
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 describe-route-tables \
> --filters "Name=vpc-id,Values=${VPC_ID_MAIN}"
{
"RouteTables": [
{
"Associations": [
{
"Main": true,
"RouteTableAssociationId": "rtbassoc-08a0f3e7e390bf6c7",
"RouteTableId": "rtb-022300aa94b5b1e97",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-022300aa94b5b1e97",
"Routes": [
{
"DestinationCidrBlock": "10.0.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "Main Private Route Table"
}
],
"VpcId": "vpc-044f0a97b7e8a476a",
"OwnerId": "999999999999"
},
{
"Associations": [
{
"Main": false,
"RouteTableAssociationId": "rtbassoc-0815f3e455e0ea7d4",
"RouteTableId": "rtb-06294855aa51d5273",
"SubnetId": "subnet-0e332a080d5517d6b",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-06294855aa51d5273",
"Routes": [
{
"DestinationCidrBlock": "10.0.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "10.1.0.0/16",
"Origin": "CreateRoute",
"State": "active",
"VpcPeeringConnectionId": "pcx-0c1944c75b00e0912"
},
{
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": "igw-068f3e7ffa0776661",
"Origin": "CreateRoute",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "Main Public Route Table"
}
],
"VpcId": "vpc-044f0a97b7e8a476a",
"OwnerId": "999999999999"
}
]
}
ルートテーブル削除 (ピアリングVPC)
コマンド
aws ec2 delete-route \
--route-table-id ${PUBLIC_ROUTE_ID_PEERING} \
--destination-cidr-block ${VPC_CIDR_BLOCK_MAIN}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 delete-route \
> --route-table-id ${PUBLIC_ROUTE_ID_PEERING} \
> --destination-cidr-block ${VPC_CIDR_BLOCK_MAIN}
ルートテーブル追加 (ピアリングVPC)
コマンド
aws ec2 create-route \
--route-table-id ${PUBLIC_ROUTE_ID_PEERING} \
--destination-cidr-block ${VPC_CIDR_BLOCK_MAIN} \
--gateway-id ${PEERING_CONNECTION_ID}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 create-route \
> --route-table-id ${PUBLIC_ROUTE_ID_PEERING} \
> --destination-cidr-block ${VPC_CIDR_BLOCK_MAIN} \
> --gateway-id ${PEERING_CONNECTION_ID}
{
"Return": true
}
ルーティングテーブル確認 (ピアリングVPC)
コマンド
aws ec2 describe-route-tables \
--filters "Name=vpc-id,Values=${VPC_ID_PEERING}"
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 describe-route-tables \
> --filters "Name=vpc-id,Values=${VPC_ID_PEERING}"
{
"RouteTables": [
{
"Associations": [
{
"Main": true,
"RouteTableAssociationId": "rtbassoc-0de8129a171b7848b",
"RouteTableId": "rtb-0af5a214697f87fa4",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-0af5a214697f87fa4",
"Routes": [
{
"DestinationCidrBlock": "10.1.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "Peering Private Route Table"
}
],
"VpcId": "vpc-08ef472fae4c3cb36",
"OwnerId": "999999999999"
},
{
"Associations": [
{
"Main": false,
"RouteTableAssociationId": "rtbassoc-0ffbd9966965324a4",
"RouteTableId": "rtb-0b8505a17014c04b3",
"SubnetId": "subnet-04dbf198dbe2b7e22",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-0b8505a17014c04b3",
"Routes": [
{
"DestinationCidrBlock": "10.0.0.0/16",
"Origin": "CreateRoute",
"State": "active",
"VpcPeeringConnectionId": "pcx-0c1944c75b00e0912"
},
{
"DestinationCidrBlock": "10.1.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": "igw-0637a9179907abef1",
"Origin": "CreateRoute",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "Peering Public Route Table"
}
],
"VpcId": "vpc-08ef472fae4c3cb36",
"OwnerId": "999999999999"
}
]
}
疎通確認 (復旧後)
コマンド
ping 10.1.0.100
出力
admin:~/environment $ ping 10.1.0.100
PING 10.1.0.100 (10.1.0.100) 56(84) bytes of data.
64 bytes from 10.1.0.100: icmp_seq=1 ttl=255 time=0.386 ms
64 bytes from 10.1.0.100: icmp_seq=2 ttl=255 time=0.487 ms
64 bytes from 10.1.0.100: icmp_seq=3 ttl=255 time=0.541 ms
64 bytes from 10.1.0.100: icmp_seq=4 ttl=255 time=0.462 ms
^C
--- 10.1.0.100 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3049ms
rtt min/avg/max/mdev = 0.386/0.469/0.541/0.055 ms
9.オンプレ想定VPCを作成する
変数設定 (IPv4 VPC CIDR block)
コマンド
VPC_CIDR_BLOCK_ONP="192.168.0.0/16" \
&& echo ${VPC_CIDR_BLOCK_ONP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ VPC_CIDR_BLOCK_ONP="192.168.0.0/16" \
> && echo ${VPC_CIDR_BLOCK_ONP}
192.168.0.0/16
変数設定 (VPC名)
コマンド
VPC_NAME_ONP="OnP VPC" \
&& echo ${VPC_NAME_ONP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ VPC_NAME_ONP="OnP VPC" \
> && echo ${VPC_NAME_ONP}
OnP VPC
VPC 作成
コマンド
aws ec2 create-vpc \
--cidr-block ${VPC_CIDR_BLOCK_ONP} \
--tag-specifications "ResourceType=vpc,Tags=[{Key=Name,Value=${VPC_NAME_ONP}}]"
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 create-vpc \
> --cidr-block ${VPC_CIDR_BLOCK_ONP} \
> --tag-specifications "ResourceType=vpc,Tags=[{Key=Name,Value=${VPC_NAME_ONP}}]"
{
"Vpc": {
"CidrBlock": "192.168.0.0/16",
"DhcpOptionsId": "dopt-0e7d97fbb33a62ce1",
"State": "pending",
"VpcId": "vpc-0c34ac37fdf3439c2",
"OwnerId": "999999999999",
"InstanceTenancy": "default",
"Ipv6CidrBlockAssociationSet": [],
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-0fb75ac9ecc76b5e6",
"CidrBlock": "192.168.0.0/16",
"CidrBlockState": {
"State": "associated"
}
}
],
"IsDefault": false,
"Tags": [
{
"Key": "Name",
"Value": "OnP VPC"
}
]
}
}
VPC IDの取得
コマンド
VPC_ID_ONP=$( \
aws ec2 describe-vpcs \
--filters "Name=tag:Name,Values=${VPC_NAME_ONP}" \
--query "Vpcs[0].VpcId" \
--output text\
)\
&& echo ${VPC_ID_ONP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ VPC_ID_ONP=$( \
> aws ec2 describe-vpcs \
> --filters "Name=tag:Name,Values=${VPC_NAME_ONP}" \
> --query "Vpcs[0].VpcId" \
> --output text\
> )\
> && echo ${VPC_ID_ONP}
vpc-0c34ac37fdf3439c2
変数設定 (IPv4 Public CIDR block)
コマンド
SUBNET_CIDR_BLOCK_ONP="192.168.0.0/24" \
&& echo ${SUBNET_CIDR_BLOCK_ONP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ SUBNET_CIDR_BLOCK_ONP="192.168.0.0/24" \
> && echo ${SUBNET_CIDR_BLOCK_ONP}
192.168.0.0/24
変数設定 (アベイラビリティゾーン)
コマンド
AZ_ONP="ap-northeast-1a" \
&& echo ${AZ_ONP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ AZ_ONP="ap-northeast-1a" \
> && echo ${AZ_ONP}
ap-northeast-1a
変数設定 (サブネット名)
コマンド
SUBNET_NAME_ONP="OnP Public Subnet" \
&& echo ${SUBNET_NAME_ONP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ SUBNET_NAME_ONP="OnP Public Subnet" \
> && echo ${SUBNET_NAME_ONP}
OnP Public Subnet
サブネットの作成
コマンド
aws ec2 create-subnet \
--vpc-id ${VPC_ID_ONP} \
--cidr-block ${SUBNET_CIDR_BLOCK_ONP} \
--availability-zone ${AZ_ONP} \
--tag-specifications "ResourceType=subnet,Tags=[{Key=Name,Value=${SUBNET_NAME_ONP}}]"
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 create-subnet \
> --vpc-id ${VPC_ID_ONP} \
> --cidr-block ${SUBNET_CIDR_BLOCK_ONP} \
> --availability-zone ${AZ_ONP} \
> --tag-specifications "ResourceType=subnet,Tags=[{Key=Name,Value=${SUBNET_NAME_ONP}}]"
{
"Subnet": {
"AvailabilityZone": "ap-northeast-1a",
"AvailabilityZoneId": "apne1-az4",
"AvailableIpAddressCount": 251,
"CidrBlock": "192.168.0.0/24",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"State": "available",
"SubnetId": "subnet-083066e22334ecd5e",
"VpcId": "vpc-0c34ac37fdf3439c2",
"OwnerId": "999999999999",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"Tags": [
{
"Key": "Name",
"Value": "OnP Public Subnet"
}
],
"SubnetArn": "arn:aws:ec2:ap-northeast-1:999999999999:subnet/subnet-083066e22334ecd5e",
"EnableDns64": false,
"Ipv6Native": false,
"PrivateDnsNameOptionsOnLaunch": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": false,
"EnableResourceNameDnsAAAARecord": false
}
}
}
サブネット IDの取得
コマンド
SUBNET_ID_ONP=$( \
aws ec2 describe-subnets \
--filters Name=vpc-id,Values=${VPC_ID_ONP} \
Name=tag:Name,Values="${SUBNET_NAME_ONP}" \
--query "Subnets[].SubnetId" \
--output text \
) \
&& echo ${SUBNET_ID_ONP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ SUBNET_ID_ONP=$( \
> aws ec2 describe-subnets \
> --filters Name=vpc-id,Values=${VPC_ID_ONP} \
> Name=tag:Name,Values="${SUBNET_NAME_ONP}" \
> --query "Subnets[].SubnetId" \
> --output text \
> ) \
> && echo ${SUBNET_ID_ONP}
subnet-083066e22334ecd5e
サブネットのパブリックIPv4アドレス自動割り当ての有効化
コマンド
aws ec2 modify-subnet-attribute \
--subnet-id ${SUBNET_ID_ONP} \
--map-public-ip-on-launch
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 modify-subnet-attribute \
> --subnet-id ${SUBNET_ID_ONP} \
> --map-public-ip-on-launch
変数設定 (Internet Gateway名)
コマンド
INTERNET_GATEWAY_NAME_ONP='OnP Internet Gateway' \
&& echo ${INTERNET_GATEWAY_NAME_ONP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ INTERNET_GATEWAY_NAME_ONP='OnP Internet Gateway' \
> && echo ${INTERNET_GATEWAY_NAME_ONP}
OnP Internet Gateway
Internet Gateway作成
コマンド
aws ec2 create-internet-gateway \
--tag-specifications "ResourceType=internet-gateway,Tags=[{Key=Name,Value=${INTERNET_GATEWAY_NAME_ONP}}]"
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 create-internet-gateway \
> --tag-specifications "ResourceType=internet-gateway,Tags=[{Key=Name,Value=${INTERNET_GATEWAY_NAME_ONP}}]"
{
"InternetGateway": {
"Attachments": [],
"InternetGatewayId": "igw-07d90ca57c38f8118",
"OwnerId": "999999999999",
"Tags": [
{
"Key": "Name",
"Value": "OnP Internet Gateway"
}
]
}
}
変数設定 (Internet Gateway IDの取得)
コマンド
INTERNET_GATEWAY_ID_ONP=$( \
aws ec2 describe-internet-gateways \
--filters Name=tag:Name,Values="${INTERNET_GATEWAY_NAME_ONP}" \
--query "InternetGateways[].InternetGatewayId" \
--output text \
) \
&& echo ${INTERNET_GATEWAY_ID_ONP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ INTERNET_GATEWAY_ID_ONP=$( \
> aws ec2 describe-internet-gateways \
> --filters Name=tag:Name,Values="${INTERNET_GATEWAY_NAME_ONP}" \
> --query "InternetGateways[].InternetGatewayId" \
> --output text \
> ) \
> && echo ${INTERNET_GATEWAY_ID_ONP}
igw-07d90ca57c38f8118
Internet GatewayをVPCにアタッチ
コマンド
aws ec2 attach-internet-gateway \
--vpc-id ${VPC_ID_ONP} \
--internet-gateway-id ${INTERNET_GATEWAY_ID_ONP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 attach-internet-gateway \
> --vpc-id ${VPC_ID_ONP} \
> --internet-gateway-id ${INTERNET_GATEWAY_ID_ONP}
変数設定 (パブリック ルートテーブル名)
コマンド
PUBLIC_ROUTE_NAME_ONP='OnP Public Route Table' \
&& echo ${PUBLIC_ROUTE_NAME_ONP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ PUBLIC_ROUTE_NAME_ONP='OnP Public Route Table' \
> && echo ${PUBLIC_ROUTE_NAME_ONP}
OnP Public Route Table
パブリック ルートテーブル作成
コマンド
aws ec2 create-route-table \
--vpc-id ${VPC_ID_ONP} \
--tag-specifications "ResourceType=route-table,Tags=[{Key=Name,Value=${PUBLIC_ROUTE_NAME_ONP}}]"
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 create-route-table \
> --vpc-id ${VPC_ID_ONP} \
> --tag-specifications "ResourceType=route-table,Tags=[{Key=Name,Value=${PUBLIC_ROUTE_NAME_ONP}}]"
{
"RouteTable": {
"Associations": [],
"PropagatingVgws": [],
"RouteTableId": "rtb-0935aafd7f8fa7475",
"Routes": [
{
"DestinationCidrBlock": "192.168.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "OnP Public Route Table"
}
],
"VpcId": "vpc-0c34ac37fdf3439c2",
"OwnerId": "999999999999"
},
"ClientToken": "9e3db242-f854-4300-85d6-9fab5dc22216"
}
変数設定 (パブリック ルートテーブルID取得)
コマンド
PUBLIC_ROUTE_ID_ONP=$( \
aws ec2 describe-route-tables \
--filters Name=vpc-id,Values=${VPC_ID_ONP} \
Name=tag:Name,Values="${PUBLIC_ROUTE_NAME_ONP}" \
--query "RouteTables[].RouteTableId" \
--output text \
) \
&& echo ${PUBLIC_ROUTE_ID_ONP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ PUBLIC_ROUTE_ID_ONP=$( \
> aws ec2 describe-route-tables \
> --filters Name=vpc-id,Values=${VPC_ID_ONP} \
> Name=tag:Name,Values="${PUBLIC_ROUTE_NAME_ONP}" \
> --query "RouteTables[].RouteTableId" \
> --output text \
> ) \
> && echo ${PUBLIC_ROUTE_ID_ONP}
rtb-0935aafd7f8fa7475
変数設定 (デフォルトルート指定)
コマンド
PUBLIC_ROUTE_DEFAULTROUTE_ONP='0.0.0.0/0' \
&& echo ${PUBLIC_ROUTE_DEFAULTROUTE_ONP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ PUBLIC_ROUTE_DEFAULTROUTE_ONP='0.0.0.0/0' \
> && echo ${PUBLIC_ROUTE_DEFAULTROUTE_ONP}
0.0.0.0/0
デフォルトルート作成
コマンド
aws ec2 create-route \
--route-table-id ${PUBLIC_ROUTE_ID_ONP} \
--destination-cidr-block ${PUBLIC_ROUTE_DEFAULTROUTE_ONP} \
--gateway-id ${INTERNET_GATEWAY_ID_ONP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 create-route \
> --route-table-id ${PUBLIC_ROUTE_ID_ONP} \
> --destination-cidr-block ${PUBLIC_ROUTE_DEFAULTROUTE_ONP} \
> --gateway-id ${INTERNET_GATEWAY_ID_ONP}
{
"Return": true
}
変数設定 (オンプレルートテーブルID取得)
コマンド
PRIVATE_ROUTE_ID_ONP=$( \
aws ec2 describe-route-tables \
--filters Name=vpc-id,Values=${VPC_ID_ONP} \
Name=association.main,Values=true \
--query "RouteTables[].RouteTableId" \
--output text \
) \
&& echo ${PRIVATE_ROUTE_ID_ONP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ PRIVATE_ROUTE_ID_ONP=$( \
> aws ec2 describe-route-tables \
> --filters Name=vpc-id,Values=${VPC_ID_ONP} \
> Name=association.main,Values=true \
> --query "RouteTables[].RouteTableId" \
> --output text \
> ) \
> && echo ${PRIVATE_ROUTE_ID_ONP}
rtb-08ad96035db244af9
変数設定 (プライベート ルートテーブル名)
コマンド
PRIVATE_ROUTE_NAME_ONP='OnP Private Route Table' \
&& echo ${PRIVATE_ROUTE_NAME_ONP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ PRIVATE_ROUTE_NAME_ONP='OnP Private Route Table' \
> && echo ${PRIVATE_ROUTE_NAME_ONP}
OnP Private Route Table
パブリック ルートテーブル名 変更
コマンド
aws ec2 create-tags \
--resources ${PRIVATE_ROUTE_ID_ONP} \
--tags Key=Name,Value="${PRIVATE_ROUTE_NAME_ONP}"
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 create-tags \
> --resources ${PRIVATE_ROUTE_ID_ONP} \
> --tags Key=Name,Value="${PRIVATE_ROUTE_NAME_ONP}"
パブリック ルートテーブルの関連付け
コマンド
aws ec2 associate-route-table \
--subnet-id ${SUBNET_ID_ONP} \
--route-table-id ${PUBLIC_ROUTE_ID_ONP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 associate-route-table \
> --subnet-id ${SUBNET_ID_ONP} \
> --route-table-id ${PUBLIC_ROUTE_ID_ONP}
{
"AssociationId": "rtbassoc-03f2f49cc1dc05681",
"AssociationState": {
"State": "associated"
}
}
変数設定 (キーペア名)
コマンド
KEY_PAIR_NAME='handson' \
&& echo ${KEY_PAIR_NAME}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ KEY_PAIR_NAME='handson' \
> && echo ${KEY_PAIR_NAME}
handson
キーペア作成
コマンド
aws ec2 create-key-pair \
--key-name ${KEY_PAIR_NAME} \
--query 'KeyMaterial' \
--output text > ${KEY_PAIR_NAME}.pem
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 create-key-pair \
> --key-name ${KEY_PAIR_NAME} \
> --query 'KeyMaterial' \
> --output text > ${KEY_PAIR_NAME}.pem
変数設定 (マーケットプレイス名)
出力
MARKETPLACE_NAME="VyOS 1.3.6" \
&& echo ${MARKETPLACE_NAME}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ MARKETPLACE_NAME="VyOS 1.3.6" \
> && echo ${MARKETPLACE_NAME}
VyOS 1.3.6
変数設定 (マーケットプレイスAMI)
出力
MARKETPLACE_AMI=$( \
aws ec2 describe-images \
--filters "Name=name,Values=*${MARKETPLACE_NAME}*" \
--query "Images[*].[ImageId]" \
--output text
) \
&& echo ${MARKETPLACE_AMI}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ MARKETPLACE_AMI=$( \
> aws ec2 describe-images \
> --filters "Name=name,Values=*${MARKETPLACE_NAME}*" \
> --query "Images[*].[ImageId]" \
> --output text
> ) \
> && echo ${MARKETPLACE_AMI}
ami-0e4c3f448b872d874
変数設定 (マーケットプレイスプロダクトコード)
コマンド
MARKETPLACE_PRODUCT_CODE=$( \
aws ec2 describe-images \
--filters "Name=name,Values=*${MARKETPLACE_NAME}*" \
--query "Images[*].ProductCodes[*].[ProductCodeId]" \
--output text
) \
出力
[cloudshell-user@ip-10-134-25-38 ~]$ MARKETPLACE_PRODUCT_CODE=$( \
> aws ec2 describe-images \
> --filters "Name=name,Values=*${MARKETPLACE_NAME}*" \
> --query "Images[*].ProductCodes[*].[ProductCodeId]" \
> --output text
> ) \
> && echo ${MARKETPLACE_PRODUCT_CODE}
8wqdkv3u2b9sa0y73xob2yl90
変数設定 (インスタンスタイプ)
コマンド
INSTANCE_TYPE="c5n.large" \
&& echo ${INSTANCE_TYPE}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ INSTANCE_TYPE="c5n.large" \
> && echo ${INSTANCE_TYPE}
c5n.large
変数設定 (EC2名)
コマンド
ONP_EC2_NAME='CGW' \
&& echo ${ONP_EC2_NAME}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ ONP_EC2_NAME='CGW' \
> && echo ${ONP_EC2_NAME}
CGW
変数設定 (プライベートIP)
コマンド
ONP_EC2_PRIVATE_IP='192.168.0.200' \
&& echo ${ONP_EC2_PRIVATE_IP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ ONP_EC2_PRIVATE_IP='192.168.0.200' \
> && echo ${ONP_EC2_PRIVATE_IP}
192.168.0.200
変数設定 (セキュリティグループ名)
コマンド
ONP_EC2_SECURITY_GROUP_NAME='cgw' \
&& echo ${ONP_EC2_SECURITY_GROUP_NAME}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ ONP_EC2_SECURITY_GROUP_NAME='cgw' \
> && echo ${ONP_EC2_SECURITY_GROUP_NAME}
cgw
変数設定 (セキュリティグループ説明)
コマンド
ONP_EC2_SECURITY_GROUP_DESCRIPTION='cgw' \
&& echo ${ONP_EC2_SECURITY_GROUP_DESCRIPTION}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ ONP_EC2_SECURITY_GROUP_DESCRIPTION='cgw' \
> && echo ${ONP_EC2_SECURITY_GROUP_DESCRIPTION}
cgw
セキュリティグループ作成
コマンド
aws ec2 create-security-group \
--group-name ${ONP_EC2_SECURITY_GROUP_NAME} \
--description "${ONP_EC2_SECURITY_GROUP_DESCRIPTION}" \
--vpc-id ${VPC_ID_ONP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 create-security-group \
> --group-name ${ONP_EC2_SECURITY_GROUP_NAME} \
> --description "${ONP_EC2_SECURITY_GROUP_DESCRIPTION}" \
> --vpc-id ${VPC_ID_ONP}
{
"GroupId": "sg-07cc13eac10970d9e"
}
変数設定 (セキュリティグループID取得)
コマンド
ONP_EC2_SECURITY_GROUP_ID=$( \
aws ec2 describe-security-groups \
--filters Name=vpc-id,Values=${VPC_ID_ONP} \
Name=group-name,Values=${ONP_EC2_SECURITY_GROUP_NAME} \
--query "SecurityGroups[].GroupId" \
--output text \
) \
&& echo ${ONP_EC2_SECURITY_GROUP_ID}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ ONP_EC2_SECURITY_GROUP_ID=$( \
> aws ec2 describe-security-groups \
> --filters Name=vpc-id,Values=${VPC_ID_ONP} \
> Name=group-name,Values=${ONP_EC2_SECURITY_GROUP_NAME} \
> --query "SecurityGroups[].GroupId" \
> --output text \
> ) \
> && echo ${ONP_EC2_SECURITY_GROUP_ID}
sg-07cc13eac10970d9e
セキュリティグループ ルール追加
コマンド
aws ec2 authorize-security-group-ingress \
--group-id ${ONP_EC2_SECURITY_GROUP_ID} \
--protocol tcp \
--port 22 \
--cidr 0.0.0.0/0
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 authorize-security-group-ingress \
> --group-id ${ONP_EC2_SECURITY_GROUP_ID} \
> --protocol tcp \
> --port 22 \
> --cidr 0.0.0.0/0
{
"Return": true,
"SecurityGroupRules": [
{
"SecurityGroupRuleId": "sgr-00e66b44f88276f4e",
"GroupId": "sg-07cc13eac10970d9e",
"GroupOwnerId": "999999999999",
"IsEgress": false,
"IpProtocol": "tcp",
"FromPort": 22,
"ToPort": 22,
"CidrIpv4": "0.0.0.0/0"
}
]
}
EC2作成
コマンド
aws ec2 run-instances \
--image-id ${MARKETPLACE_AMI} \
--instance-type ${INSTANCE_TYPE} \
--key-name ${KEY_PAIR_NAME} \
--security-group-ids ${ONP_EC2_SECURITY_GROUP_ID} \
--subnet-id ${SUBNET_ID_ONP} \
--private-ip-address ${ONP_EC2_PRIVATE_IP} \
--associate-public-ip-address \
--tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=${ONP_EC2_NAME}}]"
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 run-instances \
> --image-id ${MARKETPLACE_AMI} \
> --instance-type ${INSTANCE_TYPE} \
> --key-name ${KEY_PAIR_NAME} \
> --security-group-ids ${ONP_EC2_SECURITY_GROUP_ID} \
> --subnet-id ${SUBNET_ID_ONP} \
> --private-ip-address ${ONP_EC2_PRIVATE_IP} \
> --associate-public-ip-address \
> --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=${ONP_EC2_NAME}}]"
{
"Groups": [],
"Instances": [
{
"AmiLaunchIndex": 0,
"ImageId": "ami-0e4c3f448b872d874",
"InstanceId": "i-0c5e77f5aa0d68f78",
"InstanceType": "c5n.large",
"KeyName": "handson",
"LaunchTime": "2024-06-09T09:51:14+00:00",
"Monitoring": {
"State": "disabled"
},
"Placement": {
"AvailabilityZone": "ap-northeast-1a",
"GroupName": "",
"Tenancy": "default"
},
"PrivateDnsName": "ip-192-168-0-200.ap-northeast-1.compute.internal",
"PrivateIpAddress": "192.168.0.200",
"ProductCodes": [],
"PublicDnsName": "",
"State": {
"Code": 0,
"Name": "pending"
},
"StateTransitionReason": "",
"SubnetId": "subnet-083066e22334ecd5e",
"VpcId": "vpc-0c34ac37fdf3439c2",
"Architecture": "x86_64",
"BlockDeviceMappings": [],
"ClientToken": "cf41e0d7-c52a-4dc9-8a39-f9f10784ba10",
"EbsOptimized": false,
"EnaSupport": true,
"Hypervisor": "xen",
"NetworkInterfaces": [
{
"Attachment": {
"AttachTime": "2024-06-09T09:51:14+00:00",
"AttachmentId": "eni-attach-0707589e69eab0a9b",
"DeleteOnTermination": true,
"DeviceIndex": 0,
"Status": "attaching",
"NetworkCardIndex": 0
},
"Description": "",
"Groups": [
{
"GroupName": "cgw",
"GroupId": "sg-07cc13eac10970d9e"
}
],
"Ipv6Addresses": [],
"MacAddress": "06:42:a9:a3:d7:99",
"NetworkInterfaceId": "eni-0a1aa6b09162b10c0",
"OwnerId": "999999999999",
"PrivateIpAddress": "192.168.0.200",
"PrivateIpAddresses": [
{
"Primary": true,
"PrivateIpAddress": "192.168.0.200"
}
],
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "subnet-083066e22334ecd5e",
"VpcId": "vpc-0c34ac37fdf3439c2",
"InterfaceType": "interface"
}
],
"RootDeviceName": "/dev/xvda",
"RootDeviceType": "ebs",
"SecurityGroups": [
{
"GroupName": "cgw",
"GroupId": "sg-07cc13eac10970d9e"
}
],
"SourceDestCheck": true,
"StateReason": {
"Code": "pending",
"Message": "pending"
},
"Tags": [
{
"Key": "Name",
"Value": "CGW"
}
],
"VirtualizationType": "hvm",
"CpuOptions": {
"CoreCount": 1,
"ThreadsPerCore": 2
},
"CapacityReservationSpecification": {
"CapacityReservationPreference": "open"
},
"MetadataOptions": {
"State": "pending",
"HttpTokens": "optional",
"HttpPutResponseHopLimit": 1,
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "disabled",
"InstanceMetadataTags": "disabled"
},
"EnclaveOptions": {
"Enabled": false
},
"PrivateDnsNameOptions": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": false,
"EnableResourceNameDnsAAAARecord": false
},
"MaintenanceOptions": {
"AutoRecovery": "default"
},
"CurrentInstanceBootMode": "legacy-bios"
}
],
"OwnerId": "999999999999",
"ReservationId": "r-056e8603f60cd7528"
}
変数設定 (EC2 ID取得)
コマンド
ONP_EC2_INSTANCE_ID=$( \
aws ec2 describe-instances \
--filters Name=tag:Name,Values=${ONP_EC2_NAME} \
--query "Reservations[*].Instances[*].[InstanceId]" \
--output text
) \
&& echo ${ONP_EC2_INSTANCE_ID}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ ONP_EC2_INSTANCE_ID=$( \
> aws ec2 describe-instances \
> --filters Name=tag:Name,Values=${ONP_EC2_NAME} \
> --query "Reservations[*].Instances[*].[InstanceId]" \
> --output text
> ) \
> && echo ${ONP_EC2_INSTANCE_ID}
i-0c5e77f5aa0d68f78
Elastic IPを取得
コマンド
aws ec2 allocate-address
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 allocate-address
{
"PublicIp": "18.177.254.176",
"AllocationId": "eipalloc-0f9dbb8df9726344e",
"PublicIpv4Pool": "amazon",
"NetworkBorderGroup": "ap-northeast-1",
"Domain": "vpc"
}
Elastic IP AllocationIdを取得
コマンド
ADDRESS_ALLOCATION_ID=$( \
aws ec2 describe-addresses \
--query 'Addresses[].AllocationId' \
--output text
) \
&& echo ${ADDRESS_ALLOCATION_ID}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ ADDRESS_ALLOCATION_ID=$( \
> aws ec2 describe-addresses \
> --query 'Addresses[].AllocationId' \
> --output text
> ) \
> && echo ${ADDRESS_ALLOCATION_ID}
eipalloc-0f9dbb8df9726344e
Elastic IP Allocation IPを取得
コマンド
ADDRESS_ALLOCATION_IP=$( \
aws ec2 describe-addresses \
--query 'Addresses[].PublicIp' \
--output text
) \
&& echo ${ADDRESS_ALLOCATION_IP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ ADDRESS_ALLOCATION_IP=$( \
> aws ec2 describe-addresses \
> --query 'Addresses[].PublicIp' \
> --output text
> ) \
> && echo ${ADDRESS_ALLOCATION_IP}
18.177.254.176
Elastic IPをEC2インスタンスに関連付け
コマンド
aws ec2 associate-address \
--allocation-id ${ADDRESS_ALLOCATION_ID} \
--instance-id ${ONP_EC2_INSTANCE_ID} \
--private-ip-address ${ONP_EC2_PRIVATE_IP}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 associate-address \
> --allocation-id ${ADDRESS_ALLOCATION_ID} \
> --instance-id ${ONP_EC2_INSTANCE_ID} \
> --private-ip-address ${ONP_EC2_PRIVATE_IP}
{
"AssociationId": "eipassoc-052bfce4a56bc335a"
}
キーペアのCloud9へのアップロード
WebUIで実施
キーペアのパーミッションの変更 (Cloud9で実施)
コマンド
chmod 400 handson.pem
出力
admin:~/environment $ chmod 400 handson.pem
SSH接続 (Cloud9で実施)
コマンド
ssh -i handson.pem vyos@18.177.254.176
出力
admin:~/environment $ ssh -i handson.pem vyos@18.177.254.176
The authenticity of host '18.177.254.176 (18.177.254.176)' can't be established.
ECDSA key fingerprint is SHA256:E9IlE6+ES0849wZUidFX3tWK0InOmvz36umA8FabajU.
ECDSA key fingerprint is MD5:2b:4f:8f:2f:28:1c:c4:3a:c7:c3:99:26:81:3a:89:f2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '18.177.254.176' (ECDSA) to the list of known hosts.
Welcome to VyOS!
Check out project news at https://blog.vyos.io
and feel free to report bugs at https://phabricator.vyos.net
Visit https://support.vyos.io to create a support ticket.
You can change this banner using "set system login banner post-login" command.
VyOS is a free software distribution that includes multiple components,
you can check individual component licenses under /usr/share/doc/*/copyright
Use of this pre-built image is governed by the EULA you can find at
/usr/share/vyos/EULA
10.メインVPCでVGWの作成とアタッチ
変数設定 (仮想プライベートゲートウェイ名)
コマンド
VGW_NAME_MAIN='vgw-handson' \
&& echo ${VGW_NAME_MAIN}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ VGW_NAME_MAIN='vgw-handson' \
> && echo ${VGW_NAME_MAIN}
vgw-handson
仮想プライベートゲートウェイの作成
コマンド
aws ec2 create-vpn-gateway \
--type ipsec.1 \
--tag-specifications "ResourceType=vpn-gateway,Tags=[{Key=Name,Value=${VGW_NAME_MAIN}}]"
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 create-vpn-gateway \
> --type ipsec.1 \
> --tag-specifications "ResourceType=vpn-gateway,Tags=[{Key=Name,Value=${VGW_NAME_MAIN}}]"
{
"VpnGateway": {
"State": "available",
"Type": "ipsec.1",
"VpcAttachments": [],
"VpnGatewayId": "vgw-0a3a20e598d03cca4",
"AmazonSideAsn": 64512,
"Tags": [
{
"Key": "Name",
"Value": "vgw-handson"
}
]
}
}
変数設定 (仮想プライベートゲートウェイID)
コマンド
VGW_ID_MAIN=$(
aws ec2 describe-vpn-gateways \
--filters "Name=tag:Name,Values=${VGW_NAME_MAIN}" \
--query 'VpnGateways[0].VpnGatewayId' \
--output text
)\
&& echo ${VGW_ID_MAIN}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ VGW_ID_MAIN=$(
> aws ec2 describe-vpn-gateways \
> --filters "Name=tag:Name,Values=${VGW_NAME_MAIN}" \
> --query 'VpnGateways[0].VpnGatewayId' \
> --output text
> )\
> && echo ${VGW_ID_MAIN}
vgw-0a3a20e598d03cca4
仮想プライベートゲートウェイをVPCへアタッチ
コマンド
aws ec2 attach-vpn-gateway \
--vpc-id ${VPC_ID_MAIN} \
--vpn-gateway-id ${VGW_ID_MAIN}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 attach-vpn-gateway \
> --vpc-id ${VPC_ID_MAIN} \
> --vpn-gateway-id ${VGW_ID_MAIN}
{
"VpcAttachment": {
"State": "attaching",
"VpcId": "vpc-044f0a97b7e8a476a"
}
}
変数設定 (カスタマーゲートウェイ名)
コマンド
CGW_NAME_MAIN='cgw-handson' \
&& echo ${CGW_NAME_MAIN}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ CGW_NAME_MAIN='cgw-handson' \
> && echo ${CGW_NAME_MAIN}
cgw-handson
変数設定 (BGP ASN)
コマンド
CGW_BGP_ASN_MAIN=65000 \
&& echo ${CGW_BGP_ASN_MAIN}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ CGW_BGP_ASN_MAIN=65000 \
> && echo ${CGW_BGP_ASN_MAIN}
65000
カスタマーゲートウェイ作成
コマンド
aws ec2 create-customer-gateway \
--type ipsec.1 \
--public-ip ${ADDRESS_ALLOCATION_IP} \
--bgp-asn ${CGW_BGP_ASN_MAIN} \
--tag-specifications "ResourceType=customer-gateway,Tags=[{Key=Name,Value=${CGW_NAME_MAIN}}]"
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 create-customer-gateway \
> --type ipsec.1 \
> --public-ip ${ADDRESS_ALLOCATION_IP} \
> --bgp-asn ${CGW_BGP_ASN_MAIN} \
> --tag-specifications "ResourceType=customer-gateway,Tags=[{Key=Name,Value=${CGW_NAME_MAIN}}]"
{
"CustomerGateway": {
"BgpAsn": "65000",
"CustomerGatewayId": "cgw-0f7eb5053efae35be",
"IpAddress": "18.177.254.176",
"State": "available",
"Type": "ipsec.1",
"Tags": [
{
"Key": "Name",
"Value": "cgw-handson"
}
]
}
}
変数設定 (カスタマーゲートウェイID)
コマンド
CGW_ID_MAIN=$(
aws ec2 describe-customer-gateways \
--filters "Name=tag:Name,Values=${CGW_NAME_MAIN}" \
--query 'CustomerGateways[0].CustomerGatewayId' \
--output text
)\
&& echo ${CGW_ID_MAIN}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ CGW_ID_MAIN=$(
> aws ec2 describe-customer-gateways \
> --filters "Name=tag:Name,Values=${CGW_NAME_MAIN}" \
> --query 'CustomerGateways[0].CustomerGatewayId' \
> --output text
> )\
> && echo ${CGW_ID_MAIN}
cgw-0f7eb5053efae35be
11.AWS Site-to-Site VPNの設定
変数設定 (Site-to-Site VPN名)
コマンド
VPN_NAME_MAIN='vpn-handson' \
&& echo ${VPN_NAME_MAIN}
出力
[cloudshell-user@ip-10-134-25-38 ~]$ VPN_NAME_MAIN='vpn-handson' \
> && echo ${VPN_NAME_MAIN}
vpn-handson
AWS Site-to-Site VPNの設定
コマンド
aws ec2 create-vpn-connection \
--type ipsec.1 \
--customer-gateway-id ${CGW_ID_MAIN} \
--vpn-gateway-id ${VGW_ID_MAIN} \
--options '{"StaticRoutesOnly":false}' \
--tag-specifications "ResourceType=vpn-connection,Tags=[{Key=Name,Value=${VPN_NAME_MAIN}}]"
出力
[cloudshell-user@ip-10-134-25-38 ~]$ aws ec2 create-vpn-connection \
> --type ipsec.1 \
> --customer-gateway-id ${CGW_ID_MAIN} \
> --vpn-gateway-id ${VGW_ID_MAIN} \
> --options '{"StaticRoutesOnly":false}' \
> --tag-specifications "ResourceType=vpn-connection,Tags=[{Key=Name,Value=${VPN_NAME_MAIN}}]"
{
"VpnConnection": {
"CustomerGatewayConfiguration": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<vpn_connection id=\"vpn-00604c32eefa380e1\">\n <customer_gateway_id>cgw-0f7eb5053efae35be</customer_gateway_id>\n <vpn_gateway_id>vgw-0a3a20e598d03cca4</vpn_gateway_id>\n <vpn_connection_type>ipsec.1</vpn_connection_type>\n <ipsec_tunnel>\n <customer_gateway>\n <tunnel_outside_address>\n <ip_address>18.177.254.176</ip_address>\n </tunnel_outside_address>\n <tunnel_inside_address>\n <ip_address>169.254.206.190</ip_address>\n <network_mask>255.255.255.252</network_mask>\n <network_cidr>30</network_cidr>\n </tunnel_inside_address>\n <bgp>\n <asn>65000</asn>\n <hold_time>30</hold_time>\n </bgp>\n </customer_gateway>\n <vpn_gateway>\n <tunnel_outside_address>\n <ip_address>3.114.51.170</ip_address>\n </tunnel_outside_address>\n <tunnel_inside_address>\n <ip_address>169.254.206.189</ip_address>\n <network_mask>255.255.255.252</network_mask>\n <network_cidr>30</network_cidr>\n </tunnel_inside_address>\n <bgp>\n <asn>64512</asn>\n <hold_time>30</hold_time>\n </bgp>\n </vpn_gateway>\n <ike>\n <authentication_protocol>sha1</authentication_protocol>\n <encryption_protocol>aes-128-cbc</encryption_protocol>\n <lifetime>28800</lifetime>\n <perfect_forward_secrecy>group2</perfect_forward_secrecy>\n <mode>main</mode>\n <pre_shared_key>wMSZ5io.0Z41uwQXB2mJ2J9T2yvhmHgz</pre_shared_key>\n </ike>\n <ipsec>\n <protocol>esp</protocol>\n <authentication_protocol>hmac-sha1-96</authentication_protocol>\n <encryption_protocol>aes-128-cbc</encryption_protocol>\n <lifetime>3600</lifetime>\n <perfect_forward_secrecy>group2</perfect_forward_secrecy>\n <mode>tunnel</mode>\n <clear_df_bit>true</clear_df_bit>\n <fragmentation_before_encryption>true</fragmentation_before_encryption>\n <tcp_mss_adjustment>1379</tcp_mss_adjustment>\n <dead_peer_detection>\n <interval>10</interval>\n <retries>3</retries>\n </dead_peer_detection>\n </ipsec>\n </ipsec_tunnel>\n <ipsec_tunnel>\n <customer_gateway>\n <tunnel_outside_address>\n <ip_address>18.177.254.176</ip_address>\n </tunnel_outside_address>\n <tunnel_inside_address>\n <ip_address>169.254.23.174</ip_address>\n <network_mask>255.255.255.252</network_mask>\n <network_cidr>30</network_cidr>\n </tunnel_inside_address>\n <bgp>\n <asn>65000</asn>\n <hold_time>30</hold_time>\n </bgp>\n </customer_gateway>\n <vpn_gateway>\n <tunnel_outside_address>\n <ip_address>35.76.170.130</ip_address>\n </tunnel_outside_address>\n <tunnel_inside_address>\n <ip_address>169.254.23.173</ip_address>\n <network_mask>255.255.255.252</network_mask>\n <network_cidr>30</network_cidr>\n </tunnel_inside_address>\n <bgp>\n <asn>64512</asn>\n <hold_time>30</hold_time>\n </bgp>\n </vpn_gateway>\n <ike>\n <authentication_protocol>sha1</authentication_protocol>\n <encryption_protocol>aes-128-cbc</encryption_protocol>\n <lifetime>28800</lifetime>\n <perfect_forward_secrecy>group2</perfect_forward_secrecy>\n <mode>main</mode>\n <pre_shared_key>NDaCobdm2Mzc2rE3WDigT8zoMUE8doC1</pre_shared_key>\n </ike>\n <ipsec>\n <protocol>esp</protocol>\n <authentication_protocol>hmac-sha1-96</authentication_protocol>\n <encryption_protocol>aes-128-cbc</encryption_protocol>\n <lifetime>3600</lifetime>\n <perfect_forward_secrecy>group2</perfect_forward_secrecy>\n <mode>tunnel</mode>\n <clear_df_bit>true</clear_df_bit>\n <fragmentation_before_encryption>true</fragmentation_before_encryption>\n <tcp_mss_adjustment>1379</tcp_mss_adjustment>\n <dead_peer_detection>\n <interval>10</interval>\n <retries>3</retries>\n </dead_peer_detection>\n </ipsec>\n </ipsec_tunnel>\n</vpn_connection>\n",
"CustomerGatewayId": "cgw-0f7eb5053efae35be",
"Category": "VPN",
"State": "pending",
"VpnConnectionId": "vpn-00604c32eefa380e1",
"VpnGatewayId": "vgw-0a3a20e598d03cca4",
"GatewayAssociationState": "associated",
"Options": {
"EnableAcceleration": false,
"StaticRoutesOnly": false,
"LocalIpv4NetworkCidr": "0.0.0.0/0",
"RemoteIpv4NetworkCidr": "0.0.0.0/0",
"OutsideIpAddressType": "PublicIpv4",
"TunnelInsideIpVersion": "ipv4",
"TunnelOptions": [
{
"OutsideIpAddress": "3.114.51.170",
"TunnelInsideCidr": "169.254.206.188/30",
"PreSharedKey": "wMSZ5io.0Z41uwQXB2mJ2J9T2yvhmHgz",
"LogOptions": {
"CloudWatchLogOptions": {
"LogEnabled": false
}
}
},
{
"OutsideIpAddress": "35.76.170.130",
"TunnelInsideCidr": "169.254.23.172/30",
"PreSharedKey": "NDaCobdm2Mzc2rE3WDigT8zoMUE8doC1",
"LogOptions": {
"CloudWatchLogOptions": {
"LogEnabled": false
}
}
}
]
},
"Routes": [],
"Tags": [
{
"Key": "Name",
"Value": "vpn-handson"
}
]
}
}
変数設定 (Site-to-Site VPN ID)
コマンド
VPN_ID_MAIN=$(
aws ec2 describe-vpn-connections \
--filters "Name=tag:Name,Values=${VPN_NAME_MAIN}" \
--query 'VpnConnections[0].VpnConnectionId' \
--output text
)\
&& echo ${VPN_ID_MAIN}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ VPN_ID_MAIN=$(
> aws ec2 describe-vpn-connections \
> --filters "Name=tag:Name,Values=${VPN_NAME_MAIN}" \
> --query 'VpnConnections[0].VpnConnectionId' \
> --output text
> )\
> && echo ${VPN_ID_MAIN}
vpn-00604c32eefa380e1
12.オンプレミスルータ想定EC2の設定
設定モードに移行
コマンド
configure
出力
vyos@ip-192-168-0-200:~$ configure
[edit]
設定投入
コマンド
set vpn ipsec ike-group AWS lifetime '28800'
set vpn ipsec ike-group AWS proposal 1 dh-group '2'
set vpn ipsec ike-group AWS proposal 1 encryption 'aes128'
set vpn ipsec ike-group AWS proposal 1 hash 'sha1'
set vpn ipsec site-to-site peer 3.114.51.170 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 3.114.51.170 authentication pre-shared-secret 'wMSZ5io.0Z41uwQXB2mJ2J9T2yvhmHgz'
set vpn ipsec site-to-site peer 3.114.51.170 description 'VPC tunnel 1'
set vpn ipsec site-to-site peer 3.114.51.170 ike-group 'AWS'
set vpn ipsec site-to-site peer 3.114.51.170 local-address '192.168.0.200'
set vpn ipsec site-to-site peer 3.114.51.170 vti bind 'vti0'
set vpn ipsec site-to-site peer 3.114.51.170 vti esp-group 'AWS'
set vpn ipsec ipsec-interfaces interface 'eth0'
set vpn ipsec esp-group AWS compression 'disable'
set vpn ipsec esp-group AWS lifetime '3600'
set vpn ipsec esp-group AWS mode 'tunnel'
set vpn ipsec esp-group AWS pfs 'enable'
set vpn ipsec esp-group AWS proposal 1 encryption 'aes128'
set vpn ipsec esp-group AWS proposal 1 hash 'sha1'
set vpn ipsec ike-group AWS dead-peer-detection action 'restart'
set vpn ipsec ike-group AWS dead-peer-detection interval '15'
set vpn ipsec ike-group AWS dead-peer-detection timeout '30'
set interfaces vti vti0 address '169.254.206.190/30'
set interfaces vti vti0 description 'VPC tunnel 1'
set interfaces vti vti0 mtu '1436'
set protocols bgp 65000 neighbor 169.254.206.189 remote-as '64512'
set protocols bgp 65000 neighbor 169.254.206.189 address-family ipv4-unicast soft-reconfiguration 'inbound'
set protocols bgp 65000 neighbor 169.254.206.189 timers holdtime '30'
set protocols bgp 65000 neighbor 169.254.206.189 timers keepalive '10'
set protocols bgp 65000 address-family ipv4-unicast network 192.168.0.0/16
set vpn ipsec site-to-site peer 35.76.170.130 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 35.76.170.130 authentication pre-shared-secret 'NDaCobdm2Mzc2rE3WDigT8zoMUE8doC1'
set vpn ipsec site-to-site peer 35.76.170.130 description 'VPC tunnel 2'
set vpn ipsec site-to-site peer 35.76.170.130 ike-group 'AWS'
set vpn ipsec site-to-site peer 35.76.170.130 local-address '192.168.0.200'
set vpn ipsec site-to-site peer 35.76.170.130 vti bind 'vti1'
set vpn ipsec site-to-site peer 35.76.170.130 vti esp-group 'AWS'
set interfaces vti vti1 address '169.254.23.174/30'
set interfaces vti vti1 description 'VPC tunnel 2'
set interfaces vti vti1 mtu '1436'
set protocols bgp 65000 neighbor 169.254.23.173 remote-as '64512'
set protocols bgp 65000 neighbor 169.254.23.173 address-family ipv4-unicast soft-reconfiguration 'inbound'
set protocols bgp 65000 neighbor 169.254.23.173 timers holdtime '30'
set protocols bgp 65000 neighbor 169.254.23.173 timers keepalive '10'
出力
vyos@ip-192-168-0-200# set vpn ipsec ike-group AWS lifetime '28800'
ription 'VPC tunnel 2'
set vpn ipsec site-to-site peer 35.76.170.130 ike-group 'AWS'
set vpn ipsec site-to-site peer 35.76.170.130 local-address '192.168.0.200'
set vpn ipsec site-to-site peer 35.76.170.130 vti bind 'vti1'
set vpn ipsec site-to-site peer 35.76.170.130 vti esp-group 'AWS'
set interfaces vti vti1 address '169.254.23.174/30'
set interfaces vti vti1 description 'VPC tunnel 2'
set interfaces vti vti1 mtu '1436'
set protocols bgp 65000 neighbor 169.254.23.173 remote-as '64512'
set protocols bgp 65000 neighbor 169.254.23.173 address-family ipv4-unicast soft-reconfiguration 'inbound'
set protocols bgp 65000 neighbor 169.254.23.173 timers holdtime '30'
set protocols bgp 65000 neighbor 169.254.23.173 timers keepalive '10'[edit]
vyos@ip-192-168-0-200# set vpn ipsec ike-group AWS proposal 1 dh-group '2'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec ike-group AWS proposal 1 encryption 'aes128'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec ike-group AWS proposal 1 hash 'sha1'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec site-to-site peer 3.114.51.170 authentication mode 'pre-shared-secret'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec site-to-site peer 3.114.51.170 authentication pre-shared-secret 'wMSZ5io.0Z41uwQXB2mJ2J9T2yvhmHgz'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec site-to-site peer 3.114.51.170 description 'VPC tunnel 1'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec site-to-site peer 3.114.51.170 ike-group 'AWS'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec site-to-site peer 3.114.51.170 local-address '192.168.0.200'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec site-to-site peer 3.114.51.170 vti bind 'vti0'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec site-to-site peer 3.114.51.170 vti esp-group 'AWS'
[edit]
vyos@ip-192-168-0-200#
[edit]
vyos@ip-192-168-0-200# set vpn ipsec ipsec-interfaces interface 'eth0'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec esp-group AWS compression 'disable'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec esp-group AWS lifetime '3600'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec esp-group AWS mode 'tunnel'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec esp-group AWS pfs 'enable'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec esp-group AWS proposal 1 encryption 'aes128'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec esp-group AWS proposal 1 hash 'sha1'
[edit]
vyos@ip-192-168-0-200#
[edit]
vyos@ip-192-168-0-200# set vpn ipsec ike-group AWS dead-peer-detection action 'restart'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec ike-group AWS dead-peer-detection interval '15'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec ike-group AWS dead-peer-detection timeout '30'
[edit]
vyos@ip-192-168-0-200#
[edit]
vyos@ip-192-168-0-200# set interfaces vti vti0 address '169.254.206.190/30'
[edit]
vyos@ip-192-168-0-200# set interfaces vti vti0 description 'VPC tunnel 1'
[edit]
vyos@ip-192-168-0-200# set interfaces vti vti0 mtu '1436'
[edit]
vyos@ip-192-168-0-200#
[edit]
vyos@ip-192-168-0-200# set protocols bgp 65000 neighbor 169.254.206.189 remote-as '64512'
[edit]
vyos@ip-192-168-0-200# set protocols bgp 65000 neighbor 169.254.206.189 address-family ipv4-unicast soft-reconfiguration 'inbound'
[edit]
vyos@ip-192-168-0-200# set protocols bgp 65000 neighbor 169.254.206.189 timers holdtime '30'
[edit]
vyos@ip-192-168-0-200# set protocols bgp 65000 neighbor 169.254.206.189 timers keepalive '10'
[edit]
vyos@ip-192-168-0-200#
[edit]
vyos@ip-192-168-0-200# set protocols bgp 65000 address-family ipv4-unicast network 192.168.0.0/16
[edit]
vyos@ip-192-168-0-200#
[edit]
vyos@ip-192-168-0-200# set vpn ipsec site-to-site peer 35.76.170.130 authentication mode 'pre-shared-secret'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec site-to-site peer 35.76.170.130 authentication pre-shared-secret 'NDaCobdm2Mzc2rE3WDigT8zoMUE8doC1'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec site-to-site peer 35.76.170.130 description 'VPC tunnel 2'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec site-to-site peer 35.76.170.130 ike-group 'AWS'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec site-to-site peer 35.76.170.130 local-address '192.168.0.200'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec site-to-site peer 35.76.170.130 vti bind 'vti1'
[edit]
vyos@ip-192-168-0-200# set vpn ipsec site-to-site peer 35.76.170.130 vti esp-group 'AWS'
[edit]
vyos@ip-192-168-0-200#
[edit]
vyos@ip-192-168-0-200# set interfaces vti vti1 address '169.254.23.174/30'
[edit]
vyos@ip-192-168-0-200# set interfaces vti vti1 description 'VPC tunnel 2'
[edit]
vyos@ip-192-168-0-200# set interfaces vti vti1 mtu '1436'
[edit]
vyos@ip-192-168-0-200#
[edit]
vyos@ip-192-168-0-200# set protocols bgp 65000 neighbor 169.254.23.173 remote-as '64512'
[edit]
vyos@ip-192-168-0-200# set protocols bgp 65000 neighbor 169.254.23.173 address-family ipv4-unicast soft-reconfiguration 'inbound'
[edit]
vyos@ip-192-168-0-200# set protocols bgp 65000 neighbor 169.254.23.173 timers holdtime '30'
[edit]
vyos@ip-192-168-0-200# set protocols bgp 65000 neighbor 169.254.23.173 timers keepalive '10'
[edit]
設定有効化
コマンド
commit
出力
vyos@ip-192-168-0-200# commit
[edit]
設定保存
コマンド
save
出力
vyos@ip-192-168-0-200# save
Saving configuration to '/config/config.boot'...
Done
[edit]
設定モード終了
コマンド
exit
出力
vyos@ip-192-168-0-200# exit
exit
BGPプロセスリセット
コマンド
reset ip bgp all
出力
vyos@ip-192-168-0-200:~$ reset ip bgp all
経路確認
コマンド
show ip route
出力
vyos@ip-192-168-0-200:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
S>* 0.0.0.0/0 [210/0] via 192.168.0.1, eth0, weight 1, 01:37:14
B>* 10.0.0.0/16 [20/100] via 169.254.206.189, vti0, weight 1, 00:01:18
C>* 169.254.23.172/30 is directly connected, vti1, 00:05:00
C>* 169.254.206.188/30 is directly connected, vti0, 00:05:00
C>* 192.168.0.0/24 is directly connected, eth0, 01:37:15
BGPテーブル確認
コマンド
show ip bgp
出力
vyos@ip-192-168-0-200:~$ show ip bgp
BGP table version is 4, local router ID is 192.168.0.200, vrf id 0
Default local pref 100, local AS 65000
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 10.0.0.0/16 169.254.23.173 200 0 64512 i
*> 169.254.206.189 100 0 64512 i
*> 192.168.0.0/16 0.0.0.0 0 32768 i
Displayed 2 routes and 3 total paths
VPNトンネル状態確認
コマンド
aws ec2 describe-vpn-connections \
--vpn-connection-ids ${VPN_ID_MAIN} \
--query 'VpnConnections[0].VgwTelemetry'
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 describe-vpn-connections \
> --vpn-connection-ids ${VPN_ID_MAIN} \
> --query 'VpnConnections[0].VgwTelemetry'
[
{
"AcceptedRouteCount": 1,
"LastStatusChange": "2024-06-09T11:25:03+00:00",
"OutsideIpAddress": "3.114.51.170",
"Status": "UP",
"StatusMessage": "1 BGP ROUTES"
},
{
"AcceptedRouteCount": 1,
"LastStatusChange": "2024-06-09T11:25:05+00:00",
"OutsideIpAddress": "35.76.170.130",
"Status": "UP",
"StatusMessage": "1 BGP ROUTES"
}
]
13.ルートテーブルの伝搬設定
コマンド
aws ec2 enable-vgw-route-propagation \
--route-table-id ${PUBLIC_ROUTE_ID_MAIN} \
--gateway-id ${VGW_ID_MAIN}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 enable-vgw-route-propagation \
> --route-table-id ${PUBLIC_ROUTE_ID_MAIN} \
> --gateway-id ${VGW_ID_MAIN}
ルーティングテーブル確認
コマンド
aws ec2 describe-route-tables \
--filters "Name=vpc-id,Values=${VPC_ID_MAIN}"
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 describe-route-tables \
> --filters "Name=vpc-id,Values=${VPC_ID_MAIN}"
{
"RouteTables": [
{
"Associations": [
{
"Main": true,
"RouteTableAssociationId": "rtbassoc-08a0f3e7e390bf6c7",
"RouteTableId": "rtb-022300aa94b5b1e97",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-022300aa94b5b1e97",
"Routes": [
{
"DestinationCidrBlock": "10.0.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "Main Private Route Table"
}
],
"VpcId": "vpc-044f0a97b7e8a476a",
"OwnerId": "999999999999"
},
{
"Associations": [
{
"Main": false,
"RouteTableAssociationId": "rtbassoc-0815f3e455e0ea7d4",
"RouteTableId": "rtb-06294855aa51d5273",
"SubnetId": "subnet-0e332a080d5517d6b",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [
{
"GatewayId": "vgw-0a3a20e598d03cca4"
}
],
"RouteTableId": "rtb-06294855aa51d5273",
"Routes": [
{
"DestinationCidrBlock": "10.0.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "10.1.0.0/16",
"Origin": "CreateRoute",
"State": "active",
"VpcPeeringConnectionId": "pcx-0c1944c75b00e0912"
},
{
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": "igw-068f3e7ffa0776661",
"Origin": "CreateRoute",
"State": "active"
},
{
"DestinationCidrBlock": "192.168.0.0/16",
"GatewayId": "vgw-0a3a20e598d03cca4",
"Origin": "EnableVgwRoutePropagation",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "Main Public Route Table"
}
],
"VpcId": "vpc-044f0a97b7e8a476a",
"OwnerId": "999999999999"
}
]
}
14.オンプレ想定VPCのRoute Tableを更新する
ルートテーブル更新
コマンド
aws ec2 create-route \
--route-table-id ${PUBLIC_ROUTE_ID_ONP} \
--destination-cidr-block ${VPC_CIDR_BLOCK_MAIN} \
--instance-id ${ONP_EC2_INSTANCE_ID}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 create-route \
> --route-table-id ${PUBLIC_ROUTE_ID_ONP} \
> --destination-cidr-block ${VPC_CIDR_BLOCK_MAIN} \
> --instance-id ${ONP_EC2_INSTANCE_ID}
{
"Return": true
}
ルーティングテーブル確認
コマンド
aws ec2 describe-route-tables \
--filters "Name=vpc-id,Values=${VPC_ID_ONP}"
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 describe-route-tables \
> --filters "Name=vpc-id,Values=${VPC_ID_ONP}"
{
"RouteTables": [
{
"Associations": [
{
"Main": true,
"RouteTableAssociationId": "rtbassoc-0056220dde2b9b2a6",
"RouteTableId": "rtb-08ad96035db244af9",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-08ad96035db244af9",
"Routes": [
{
"DestinationCidrBlock": "192.168.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "OnP Private Route Table"
}
],
"VpcId": "vpc-0c34ac37fdf3439c2",
"OwnerId": "999999999999"
},
{
"Associations": [
{
"Main": false,
"RouteTableAssociationId": "rtbassoc-03f2f49cc1dc05681",
"RouteTableId": "rtb-0935aafd7f8fa7475",
"SubnetId": "subnet-083066e22334ecd5e",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-0935aafd7f8fa7475",
"Routes": [
{
"DestinationCidrBlock": "192.168.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "10.0.0.0/16",
"InstanceId": "i-0c5e77f5aa0d68f78",
"InstanceOwnerId": "999999999999",
"NetworkInterfaceId": "eni-0a1aa6b09162b10c0",
"Origin": "CreateRoute",
"State": "active"
},
{
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": "igw-07d90ca57c38f8118",
"Origin": "CreateRoute",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "OnP Public Route Table"
}
],
"VpcId": "vpc-0c34ac37fdf3439c2",
"OwnerId": "999999999999"
}
]
}
15.オンプレミスルータ想定EC2の送信先/宛先チェックを無効化
変数設定 (ネットワークインターフェースIDを取得)
コマンド
ONP_EC2_NETWORK_INTERFACE_ID=$(
aws ec2 describe-instances \
--instance-ids $INSTANCE_ID \
--query 'Reservations[0].Instances[0].NetworkInterfaces[0].NetworkInterfaceId' \
--output text
)\
&& echo ${ONP_EC2_NETWORK_INTERFACE_ID}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ ONP_EC2_NETWORK_INTERFACE_ID=$(
> aws ec2 describe-instances \
> --instance-ids $INSTANCE_ID \
> --query 'Reservations[0].Instances[0].NetworkInterfaces[0].NetworkInterfaceId' \
> --output text
> )\
> && echo ${ONP_EC2_NETWORK_INTERFACE_ID}
eni-0009f07520555d3ac
# 送信先/宛先チェックを無効化
コマンド
aws ec2 modify-instance-attribute \
--instance-id ${ONP_EC2_INSTANCE_ID} \
--no-source-dest-check
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 modify-instance-attribute \
> --instance-id ${ONP_EC2_INSTANCE_ID} \
> --no-source-dest-check
オンプレ想定VPCにEC2を作成
変数設定 (EC2名)
コマンド
EC2_ONP_2_NAME='OnP' \
&& echo ${EC2_ONP_2_NAME}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ EC2_SECURITY_GROUP_2_NAME='OnP' \
> && echo ${EC2_SECURITY_GROUP_2_NAME}
OnP
変数設定 (プライベートIP)
コマンド
ONP_EC2_PRIVATE_2_IP='192.168.0.100' \
&& echo ${ONP_EC2_PRIVATE_2_IP}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ ONP_EC2_PRIVATE_2_IP='192.168.0.100' \
> && echo ${ONP_EC2_PRIVATE_2_IP}
192.168.0.100
変数設定 (セキュリティグループ名)
コマンド
ONP_EC2_SECURITY_GROUP_2_NAME='onp' \
&& echo ${ONP_EC2_SECURITY_GROUP_2_NAME}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ ONP_EC2_SECURITY_GROUP_2_NAME='onp' \
> && echo ${ONP_EC2_SECURITY_GROUP_2_NAME}
onp
変数設定 (セキュリティグループ説明)
コマンド
ONP_EC2_SECURITY_GROUP_2_DESCRIPTION='onp' \
&& echo ${ONP_EC2_SECURITY_GROUP_2_DESCRIPTION}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ ONP_EC2_SECURITY_GROUP_2_DESCRIPTION='onp' \
> && echo ${ONP_EC2_SECURITY_GROUP_2_DESCRIPTION}
onp
セキュリティグループ作成
コマンド
aws ec2 create-security-group \
--group-name ${ONP_EC2_SECURITY_GROUP_2_NAME} \
--description "${ONP_EC2_SECURITY_GROUP_2_DESCRIPTION}" \
--vpc-id ${VPC_ID_ONP}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 create-security-group \
> --group-name ${ONP_EC2_SECURITY_GROUP_2_NAME} \
> --description "${ONP_EC2_SECURITY_GROUP_2_DESCRIPTION}" \
> --vpc-id ${VPC_ID_ONP}
{
"GroupId": "sg-036a9939b8dca2957"
}
変数設定 (セキュリティグループID取得)
コマンド
ONP_EC2_SECURITY_GROUP_2_ID=$( \
aws ec2 describe-security-groups \
--filters Name=vpc-id,Values=${VPC_ID_ONP} \
Name=group-name,Values=${ONP_EC2_SECURITY_GROUP_2_NAME} \
--query "SecurityGroups[].GroupId" \
--output text \
) \
&& echo ${ONP_EC2_SECURITY_GROUP_2_ID}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ ONP_EC2_SECURITY_GROUP_2_ID=$( \
> aws ec2 describe-security-groups \
> --filters Name=vpc-id,Values=${VPC_ID_ONP} \
> Name=group-name,Values=${ONP_EC2_SECURITY_GROUP_2_NAME} \
> --query "SecurityGroups[].GroupId" \
> --output text \
> ) \
> && echo ${ONP_EC2_SECURITY_GROUP_2_ID}
sg-036a9939b8dca2957
セキュリティグループ ルール追加
コマンド
aws ec2 authorize-security-group-ingress \
--group-id ${ONP_EC2_SECURITY_GROUP_2_ID} \
--protocol -1 \
--cidr ${VPC_CIDR_BLOCK_MAIN}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 authorize-security-group-ingress \
> --group-id ${ONP_EC2_SECURITY_GROUP_2_ID} \
> --protocol -1 \
> --cidr ${VPC_CIDR_BLOCK_MAIN}
{
"Return": true,
"SecurityGroupRules": [
{
"SecurityGroupRuleId": "sgr-067bef11521ac9f84",
"GroupId": "sg-036a9939b8dca2957",
"GroupOwnerId": "999999999999",
"IsEgress": false,
"IpProtocol": "-1",
"FromPort": -1,
"ToPort": -1,
"CidrIpv4": "10.0.0.0/16"
}
]
}
パブリック EC2作成
コマンド
aws ec2 run-instances \
--image-id resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2-x86_64 \
--instance-type t2.micro \
--security-group-ids ${ONP_EC2_SECURITY_GROUP_2_ID} \
--subnet-id ${SUBNET_ID_ONP} \
--private-ip-address ${ONP_EC2_PRIVATE_2_IP} \
--no-associate-public-ip-address \
--tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=${EC2_ONP_2_NAME}}]"
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 run-instances \
> --image-id resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2-x86_64 \
> --instance-type t2.micro \
> --security-group-ids ${ONP_EC2_SECURITY_GROUP_2_ID} \
> --subnet-id ${SUBNET_ID_ONP} \
> --private-ip-address ${ONP_EC2_PRIVATE_2_IP} \
> --no-associate-public-ip-address \
> --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=${EC2_ONP_2_NAME}}]"
{
"Groups": [],
"Instances": [
{
"AmiLaunchIndex": 0,
"ImageId": "ami-057086e4e77484a4a",
"InstanceId": "i-0224321cc66e5e61c",
"InstanceType": "t2.micro",
"LaunchTime": "2024-06-09T13:54:28+00:00",
"Monitoring": {
"State": "disabled"
},
"Placement": {
"AvailabilityZone": "ap-northeast-1a",
"GroupName": "",
"Tenancy": "default"
},
"PrivateDnsName": "ip-192-168-0-100.ap-northeast-1.compute.internal",
"PrivateIpAddress": "192.168.0.100",
"ProductCodes": [],
"PublicDnsName": "",
"State": {
"Code": 0,
"Name": "pending"
},
"StateTransitionReason": "",
"SubnetId": "subnet-083066e22334ecd5e",
"VpcId": "vpc-0c34ac37fdf3439c2",
"Architecture": "x86_64",
"BlockDeviceMappings": [],
"ClientToken": "7da11a8c-7295-4905-8321-801605cc5bce",
"EbsOptimized": false,
"EnaSupport": true,
"Hypervisor": "xen",
"NetworkInterfaces": [
{
"Attachment": {
"AttachTime": "2024-06-09T13:54:28+00:00",
"AttachmentId": "eni-attach-0819dd6e4d09763e9",
"DeleteOnTermination": true,
"DeviceIndex": 0,
"Status": "attaching",
"NetworkCardIndex": 0
},
"Description": "",
"Groups": [
{
"GroupName": "onp",
"GroupId": "sg-036a9939b8dca2957"
}
],
"Ipv6Addresses": [],
"MacAddress": "06:cc:e9:32:c0:db",
"NetworkInterfaceId": "eni-06b43a74a2def0158",
"OwnerId": "999999999999",
"PrivateIpAddress": "192.168.0.100",
"PrivateIpAddresses": [
{
"Primary": true,
"PrivateIpAddress": "192.168.0.100"
}
],
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "subnet-083066e22334ecd5e",
"VpcId": "vpc-0c34ac37fdf3439c2",
"InterfaceType": "interface"
}
],
"RootDeviceName": "/dev/xvda",
"RootDeviceType": "ebs",
"SecurityGroups": [
{
"GroupName": "onp",
"GroupId": "sg-036a9939b8dca2957"
}
],
"SourceDestCheck": true,
"StateReason": {
"Code": "pending",
"Message": "pending"
},
"Tags": [
{
"Key": "Name",
"Value": "OnP"
}
],
"VirtualizationType": "hvm",
"CpuOptions": {
"CoreCount": 1,
"ThreadsPerCore": 1
},
"CapacityReservationSpecification": {
"CapacityReservationPreference": "open"
},
"MetadataOptions": {
"State": "pending",
"HttpTokens": "optional",
"HttpPutResponseHopLimit": 1,
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "disabled",
"InstanceMetadataTags": "disabled"
},
"EnclaveOptions": {
"Enabled": false
},
"PrivateDnsNameOptions": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": false,
"EnableResourceNameDnsAAAARecord": false
},
"MaintenanceOptions": {
"AutoRecovery": "default"
},
"CurrentInstanceBootMode": "legacy-bios"
}
],
"OwnerId": "999999999999",
"ReservationId": "r-01177b17c832fbdf1"
}
IPアドレス確認
コマンド
ip address show
出力
admin:~/environment $ ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000
link/ether 06:1e:48:f6:6d:8b brd ff:ff:ff:ff:ff:ff
inet 10.0.0.240/24 brd 10.0.0.255 scope global dynamic eth0
valid_lft 2289sec preferred_lft 2289sec
inet6 fe80::41e:48ff:fef6:6d8b/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:b7:b4:8c:83 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
``
## 疎通確認
```:コマンド
ping 192.168.0.100
出力
admin:~/environment $ ping 192.168.0.100
PING 192.168.0.100 (192.168.0.100) 56(84) bytes of data.
64 bytes from 192.168.0.100: icmp_seq=1 ttl=254 time=4.43 ms
64 bytes from 192.168.0.100: icmp_seq=2 ttl=254 time=4.01 ms
64 bytes from 192.168.0.100: icmp_seq=3 ttl=254 time=4.16 ms
64 bytes from 192.168.0.100: icmp_seq=4 ttl=254 time=4.11 ms
^C
--- 192.168.0.100 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 4.019/4.181/4.430/0.152 ms
仮想プライベートゲートウェイのデタッチ
コマンド
aws ec2 detach-vpn-gateway \
--vpn-gateway-id ${VGW_ID_MAIN} \
--vpc-id ${VPC_ID_MAIN}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 detach-vpn-gateway \
> --vpn-gateway-id ${VGW_ID_MAIN} \
> --vpc-id ${VPC_ID_MAIN}
疎通確認 (デタッチ後)
コマンド
ping 192.168.0.100
出力
admin:~/environment $ ping 192.168.0.100
PING 192.168.0.100 (192.168.0.100) 56(84) bytes of data.
^C
--- 192.168.0.100 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3067ms
VPNトンネル状態確認
コマンド
aws ec2 describe-vpn-connections \
--vpn-connection-ids ${VPN_ID_MAIN} \
--query 'VpnConnections[0].VgwTelemetry'
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 describe-vpn-connections \
> --vpn-connection-ids ${VPN_ID_MAIN} \
> --query 'VpnConnections[0].VgwTelemetry'
[
{
"AcceptedRouteCount": 1,
"LastStatusChange": "2024-06-09T11:25:03+00:00",
"OutsideIpAddress": "3.114.51.170",
"Status": "UP",
"StatusMessage": "1 BGP ROUTES"
},
{
"AcceptedRouteCount": 1,
"LastStatusChange": "2024-06-09T11:25:05+00:00",
"OutsideIpAddress": "35.76.170.130",
"Status": "UP",
"StatusMessage": "1 BGP ROUTES"
}
]
仮想プライベートゲートウェイをVPCへアタッチ
コマンド
aws ec2 attach-vpn-gateway \
--vpc-id ${VPC_ID_MAIN} \
--vpn-gateway-id ${VGW_ID_MAIN}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 attach-vpn-gateway \
> --vpc-id ${VPC_ID_MAIN} \
> --vpn-gateway-id ${VGW_ID_MAIN}
{
"VpcAttachment": {
"State": "attaching",
"VpcId": "vpc-044f0a97b7e8a476a"
}
}
ルートテーブルの伝搬設定
コマンド
aws ec2 enable-vgw-route-propagation \
--route-table-id ${PUBLIC_ROUTE_ID_MAIN} \
--gateway-id ${VGW_ID_MAIN}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 enable-vgw-route-propagation \
> --route-table-id ${PUBLIC_ROUTE_ID_MAIN} \
> --gateway-id ${VGW_ID_MAIN}
疎通確認 (復旧後)
コマンド
ping 192.168.0.100
出力
admin:~/environment $ ping 192.168.0.100
PING 192.168.0.100 (192.168.0.100) 56(84) bytes of data.
64 bytes from 192.168.0.100: icmp_seq=1 ttl=254 time=4.30 ms
64 bytes from 192.168.0.100: icmp_seq=2 ttl=254 time=5.45 ms
64 bytes from 192.168.0.100: icmp_seq=3 ttl=254 time=4.11 ms
64 bytes from 192.168.0.100: icmp_seq=4 ttl=254 time=6.27 ms
^C
--- 192.168.0.100 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 4.115/5.039/6.278/0.882 ms
リソースの削除
Cloud9 削除
変数設定 (Cloud9)
コマンド
CLOUD9_ENVIRONMENT_ID=$(
aws cloud9 list-environments \
--query environmentIds[2] \
--output text
)\
&& echo ${CLOUD9_ENVIRONMENT_ID}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ CLOUD9_ENVIRONMENT_ID=$(
> aws cloud9 list-environments \
> --query environmentIds[2] \
> --output text
> )\
> && echo ${CLOUD9_ENVIRONMENT_ID}
b49e70dac3ce4fd7a037a3285ef93f8b
Cloud9削除
コマンド
aws cloud9 delete-environment \
--environment-id ${CLOUD9_ENVIRONMENT_ID}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws cloud9 delete-environment \
> --environment-id ${CLOUD9_ENVIRONMENT_ID}
Elastic IP 削除(解放)
関連付け解除
コマンド
aws ec2 disassociate-address \
--public-ip ${ADDRESS_ALLOCATION_IP}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 disassociate-address \
> --public-ip ${ADDRESS_ALLOCATION_IP}
Elastic IP 削除(解放)
コマンド
aws ec2 release-address \
--allocation-id ${ADDRESS_ALLOCATION_ID}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 release-address \
> --allocation-id ${ADDRESS_ALLOCATION_ID}
EC2 削除
コマンド
aws ec2 terminate-instances \
--region ap-northeast-1 \
--instance-ids ${EC2_ID_PEERING} ${EC2_ID_CGW} ${EC2_ID_ONP}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 terminate-instances \
> --region ap-northeast-1 \
> --instance-ids ${EC2_ID_PEERING} ${EC2_ID_CGW} ${EC2_ID_ONP}
{
"TerminatingInstances": [
{
"CurrentState": {
"Code": 32,
"Name": "shutting-down"
},
"InstanceId": "i-0493671798dbd6f07",
"PreviousState": {
"Code": 16,
"Name": "running"
}
},
{
"CurrentState": {
"Code": 32,
"Name": "shutting-down"
},
"InstanceId": "i-0c5e77f5aa0d68f78",
"PreviousState": {
"Code": 16,
"Name": "running"
}
},
{
"CurrentState": {
"Code": 32,
"Name": "shutting-down"
},
"InstanceId": "i-0224321cc66e5e61c",
"PreviousState": {
"Code": 16,
"Name": "running"
}
}
]
}
キーペア 削除
コマンド
aws ec2 delete-key-pair --key-name ${KEY_PAIR_NAME}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 delete-key-pair --key-name ${KEY_PAIR_NAME}
{
"Return": true,
"KeyPairId": "key-0ba25e562b113b2d9"
}
Subnet 削除
メイン
コマンド
aws ec2 delete-subnet --subnet-id ${SUBNET_ID_MAIN}
出力
[cloudshell-user@ip-10-130-38-83 ~]$ aws ec2 delete-subnet --subnet-id ${SUBNET_ID_MAIN}
ピアリング
コマンド
aws ec2 delete-subnet --subnet-id ${SUBNET_ID_PEERING}
出力
[cloudshell-user@ip-10-130-38-83 ~]$ aws ec2 delete-subnet --subnet-id ${SUBNET_ID_PEERING}
OnP
コマンド
aws ec2 delete-subnet --subnet-id ${SUBNET_ID_ONP}
出力
[cloudshell-user@ip-10-130-38-83 ~]$ aws ec2 delete-subnet --subnet-id ${SUBNET_ID_ONP}
セキュリティグループ 削除
ピアリング
コマンド
aws ec2 delete-security-group --group-id ${EC2_SECURITY_GROUP_ID}
出力
[cloudshell-user@ip-10-130-58-180 ~]$ aws ec2 delete-security-group --group-id ${EC2_SECURITY_GROUP_ID}
OnP
コマンド
aws ec2 delete-security-group --group-id ${ONP_EC2_SECURITY_GROUP_ID}
aws ec2 delete-security-group --group-id ${ONP_EC2_SECURITY_GROUP_2_ID}
出力
[cloudshell-user@ip-10-130-58-180 ~]$ aws ec2 delete-security-group --group-id ${ONP_EC2_SECURITY_GROUP_ID}
[cloudshell-user@ip-10-130-58-180 ~]$ aws ec2 delete-security-group --group-id ${ONP_EC2_SECURITY_GROUP_2_ID}
サイト間VPN接続 削除
コマンド
aws ec2 delete-vpn-connection --vpn-connection-id ${VPN_ID_MAIN}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 delete-vpn-connection --vpn-connection-id ${VPN_ID_MAIN}
カスタマーゲートウェイ 削除
コマンド
aws ec2 delete-customer-gateway --customer-gateway-id ${CGW_ID_MAIN}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 delete-customer-gateway --customer-gateway-id ${CGW_ID_MAIN}
VGW 削除
仮想プライベートゲートウェイのデタッチ
コマンド
aws ec2 detach-vpn-gateway \
--vpn-gateway-id ${VGW_ID_MAIN} \
--vpc-id ${VPC_ID_MAIN}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 detach-vpn-gateway \
> --vpn-gateway-id ${VGW_ID_MAIN} \
> --vpc-id ${VPC_ID_MAIN}
仮想プライベートゲートウェイの削除
コマンド
aws ec2 delete-vpn-gateway --vpn-gateway-id ${VGW_ID_MAIN}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 delete-vpn-gateway --vpn-gateway-id ${VGW_ID_MAIN}
ピアリング接続 削除
コマンド
aws ec2 delete-vpc-peering-connection --vpc-peering-connection-id ${PEERING_CONNECTION_ID}
出力
[cloudshell-user@ip-10-130-50-123 ~]$ aws ec2 delete-vpc-peering-connection --vpc-peering-connection-id ${PEERING_CONNECTION_ID}
{
"Return": true
}
Subnet 削除
メイン
コマンド
aws ec2 delete-subnet --subnet-id ${SUBNET_ID_MAIN}
出力
[cloudshell-user@ip-10-130-38-83 ~]$ aws ec2 delete-subnet --subnet-id ${SUBNET_ID_MAIN}
ピアリング
コマンド
aws ec2 delete-subnet --subnet-id ${SUBNET_ID_PEERING}
出力
[cloudshell-user@ip-10-130-38-83 ~]$ aws ec2 delete-subnet --subnet-id ${SUBNET_ID_PEERING}
OnP
コマンド
aws ec2 delete-subnet --subnet-id ${SUBNET_ID_ONP}
出力
[cloudshell-user@ip-10-130-38-83 ~]$ aws ec2 delete-subnet --subnet-id ${SUBNET_ID_ONP}
インターネットゲートウェイ デタッチ
メイン
コマンド
aws ec2 detach-internet-gateway --internet-gateway-id ${INTERNET_GATEWAY_ID_MAIN} --vpc-id ${VPC_ID_MAIN}
出力
[cloudshell-user@ip-10-130-38-83 ~]$ aws ec2 detach-internet-gateway --internet-gateway-id ${INTERNET_GATEWAY_ID_MAIN} --vpc-id ${VPC_ID_MAIN}
ピアリング
コマンド
aws ec2 detach-internet-gateway --internet-gateway-id ${INTERNET_GATEWAY_ID_PEERING} --vpc-id ${VPC_ID_PEERING}
出力
[cloudshell-user@ip-10-130-58-180 ~]$ aws ec2 detach-internet-gateway --internet-gateway-id ${INTERNET_GATEWAY_ID_PEERING} --vpc-id ${VPC_ID_PEERING}
OnP
コマンド
aws ec2 detach-internet-gateway --internet-gateway-id ${INTERNET_GATEWAY_ID_ONP} --vpc-id ${VPC_ID_ONP}
出力
[cloudshell-user@ip-10-130-58-180 ~]$ aws ec2 detach-internet-gateway --internet-gateway-id ${INTERNET_GATEWAY_ID_ONP} --vpc-id ${VPC_ID_ONP}
インターネットゲートウェイ 削除
メイン
コマンド
aws ec2 delete-internet-gateway --internet-gateway-id ${INTERNET_GATEWAY_ID_MAIN}
出力
[cloudshell-user@ip-10-130-38-83 ~]$ aws ec2 delete-internet-gateway --internet-gateway-id ${INTERNET_GATEWAY_ID_MAIN}
ピアリング
コマンド
aws ec2 delete-internet-gateway --internet-gateway-id ${INTERNET_GATEWAY_ID_PEERING}
出力
[cloudshell-user@ip-10-130-58-180 ~]$ aws ec2 delete-internet-gateway --internet-gateway-id ${INTERNET_GATEWAY_ID_PEERING}
OnP
コマンド
aws ec2 delete-internet-gateway --internet-gateway-id ${INTERNET_GATEWAY_ID_ONP}
出力
[cloudshell-user@ip-10-130-58-180 ~]$ aws ec2 delete-internet-gateway --internet-gateway-id ${INTERNET_GATEWAY_ID_ONP}
ルートテーブル 削除
メイン
コマンド
aws ec2 delete-route-table --route-table-id ${PUBLIC_ROUTE_ID_MAIN}
出力
[cloudshell-user@ip-10-130-58-180 ~]$ aws ec2 delete-route-table --route-table-id ${PUBLIC_ROUTE_ID_MAIN}
ピアリング
コマンド
aws ec2 delete-route-table --route-table-id ${PUBLIC_ROUTE_ID_PEERING}
出力
[cloudshell-user@ip-10-130-58-180 ~]$ aws ec2 delete-route-table --route-table-id ${PUBLIC_ROUTE_ID_PEERING}
OnP
コマンド
aws ec2 delete-route-table --route-table-id ${PUBLIC_ROUTE_ID_ONP}
出力
[cloudshell-user@ip-10-130-58-180 ~]$ aws ec2 delete-route-table --route-table-id ${PUBLIC_ROUTE_ID_ONP}
VPC 削除
メイン
コマンド
aws ec2 delete-vpc --vpc-id ${VPC_ID_MAIN}
出力
[cloudshell-user@ip-10-130-58-180 ~]$ aws ec2 delete-vpc --vpc-id ${VPC_ID_MAIN}
ピアリング
コマンド
aws ec2 delete-vpc --vpc-id ${VPC_ID_PEERING}
出力
[cloudshell-user@ip-10-130-58-180 ~]$ aws ec2 delete-vpc --vpc-id ${VPC_ID_PEERING}
OnP
コマンド
aws ec2 delete-vpc --vpc-id ${VPC_ID_ONP}
出力
[cloudshell-user@ip-10-130-58-180 ~]$ aws ec2 delete-vpc --vpc-id ${VPC_ID_ONP}
3rd Partyソフトウェアのサブスクリプションのキャンセル
マネージメントコンソールから実施