AWS Cloud9環境のCloudShellでの構築

Last updated at 2024-02-08Posted at 2024-02-08

目的

AWS on for beginnersのハンズオンをCLIで実施するためのCloud9環境を用意する
VPCとサブネットはデフォルトで作成されているものを使用
EC2への接続方法はSSMを使用

構成図

構築

IAMロール作成

※作成済みの場合は不要

コマンド

aws iam create-role --role-name AWSCloud9SSMAccessRole --path /service-role/ --assume-role-policy-document '{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Principal": {"Service": ["ec2.amazonaws.com","cloud9.amazonaws.com"]      },"Action": "sts:AssumeRole"}]}'
aws iam attach-role-policy --role-name AWSCloud9SSMAccessRole --policy-arn arn:aws:iam::aws:policy/AWSCloud9SSMInstanceProfile
aws iam create-instance-profile --instance-profile-name AWSCloud9SSMInstanceProfile --path /cloud9/
aws iam add-role-to-instance-profile --instance-profile-name AWSCloud9SSMInstanceProfile --role-name AWSCloud9SSMAccessRole

出力

[cloudshell-user@ip-10-134-6-238 ~]$ aws iam create-role --role-name AWSCloud9SSMAccessRole --path /service-role/ --assume-role-policy-document '{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Principal": {"Service": ["ec2.amazonaws.com","cloud9.amazonaws.com"]      },"Action": "sts:AssumeRole"}]}'
{
    "Role": {
        "Path": "/service-role/",
        "RoleName": "AWSCloud9SSMAccessRole",
        "RoleId": "AROA4MTWMHGDBT5RJEQKI",
        "Arn": "arn:aws:iam::999999999999:role/service-role/AWSCloud9SSMAccessRole",
        "CreateDate": "2024-02-08T04:09:25+00:00",
        "AssumeRolePolicyDocument": {
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Effect": "Allow",
                    "Principal": {
                        "Service": [
                            "ec2.amazonaws.com",
                            "cloud9.amazonaws.com"
                        ]
                    },
                    "Action": "sts:AssumeRole"
                }
            ]
        }
    }
}
[cloudshell-user@ip-10-134-6-238 ~]$ aws iam attach-role-policy --role-name AWSCloud9SSMAccessRole --policy-arn arn:aws:iam::aws:policy/AWSCloud9SSMInstanceProfile
[cloudshell-user@ip-10-134-6-238 ~]$ aws iam create-instance-profile --instance-profile-name AWSCloud9SSMInstanceProfile --path /cloud9/
{
    "InstanceProfile": {
        "Path": "/cloud9/",
        "InstanceProfileName": "AWSCloud9SSMInstanceProfile",
        "InstanceProfileId": "AIPA4MTWMHGDH22ATE7JI",
        "Arn": "arn:aws:iam::999999999999:instance-profile/cloud9/AWSCloud9SSMInstanceProfile",
        "CreateDate": "2024-02-08T04:09:29+00:00",
        "Roles": []
    }
}
[cloudshell-user@ip-10-134-6-238 ~]$ aws iam add-role-to-instance-profile --instance-profile-name AWSCloud9SSMInstanceProfile --role-name AWSCloud9SSMAccessRole
[cloudshell-user@ip-10-134-6-238 ~]$

(変数設定)VPC ID

コマンド

EC2_VPC_ID=$( \
  aws ec2 describe-vpcs \
    --region ap-northeast-1 \
    --filters Name=is-default,Values=true \
    --query 'Vpcs[].VpcId' \
    --output text
) \
&& echo ${EC2_VPC_ID}

出力

[cloudshell-user@ip-10-134-6-238 ~]$ EC2_VPC_ID=$( \
>   aws ec2 describe-vpcs \
>     --region ap-northeast-1 \
>     --filters Name=is-default,Values=true \
>     --query 'Vpcs[].VpcId' \
>     --output text
> ) \
> && echo ${EC2_VPC_ID}
vpc-0a7c28cd53ed28d0e

(変数設定)サブネット ID

コマンド

EC2_SUBNET_ID=$( \
  aws ec2 describe-subnets \
    --region ap-northeast-1 \
    --filters Name=vpc-id,Values=${EC2_VPC_ID} \
              Name=availability-zone,Values="ap-northeast-1c" \
    --query "Subnets[].SubnetId" \
    --output text \
) \
&& echo ${EC2_SUBNET_ID}

出力

[cloudshell-user@ip-10-134-6-238 ~]$ EC2_SUBNET_ID=$( \
>   aws ec2 describe-subnets \
>     --region ap-northeast-1 \
>     --filters Name=vpc-id,Values=${EC2_VPC_ID} \
>               Name=availability-zone,Values="ap-northeast-1c" \
>     --query "Subnets[].SubnetId" \
>     --output text \
> ) \
> && echo ${EC2_SUBNET_ID}
subnet-03adbc40c8dd6b604

EC2 環境作成

※instance-typeは無料利用枠がある場合はt2.micro、無料利用枠がない場合はt3.microを使用

コマンド

aws cloud9 create-environment-ec2 \
  --name hands-on-for-beginners \
  --description "AWS Hands-on for Beginners" \
  --instance-type t2.micro \
  --image-id resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2023-x86_64 \
  --region ap-northeast-1 \
  --connection-type CONNECT_SSM \
  --subnet-id ${EC2_SUBNET_ID} \
  --automatic-stop-time-minutes 30

出力

[cloudshell-user@ip-10-134-6-238 ~]$ aws cloud9 create-environment-ec2 \
>   --name hands-on-for-beginners \
>   --description "AWS Hands-on for Beginners" \
>   --instance-type t2.micro \
>   --image-id resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2023-x86_64 \
>   --region ap-northeast-1 \
>   --connection-type CONNECT_SSM \
>   --subnet-id ${EC2_SUBNET_ID} \
>   --automatic-stop-time-minutes 30
{
    "environmentId": "285828429dc343278de3d3455ec1ac67"
}

(変数設定)環境ID

コマンド

ENVIRONMENTID=$( \
  aws cloud9 list-environments \
    --region ap-northeast-1 \
    --query environmentIds \
    --output text \
) \
&& echo ${ENVIRONMENTID}

出力

[cloudshell-user@ip-10-134-6-238 ~]$ ENVIRONMENTID=$( \
>   aws cloud9 list-environments \
>     --region ap-northeast-1 \
>     --query environmentIds \
>     --output text \
> ) \
> && echo ${ENVIRONMENTID}
285828429dc343278de3d3455ec1ac67

(確認)ステータス情報取得

コマンド

aws cloud9 describe-environment-status \
  --environment-id ${ENVIRONMENTID} \
  --region ap-northeast-1

出力

[cloudshell-user@ip-10-134-6-238 ~]$ aws cloud9 describe-environment-status \
>   --environment-id ${ENVIRONMENTID} \
>   --region ap-northeast-1
{
    "status": "ready",
    "message": "Environment is ready to use."
}

(確認)環境情報

コマンド

aws cloud9 describe-environments \
  --environment-ids ${ENVIRONMENTID} \
  --region ap-northeast-1

出力

[cloudshell-user@ip-10-134-6-238 ~]$ aws cloud9 describe-environments \
>   --environment-ids ${ENVIRONMENTID} \
>   --region ap-northeast-1
{
    "environments": [
        {
            "id": "285828429dc343278de3d3455ec1ac67",
            "name": "hands-on-for-beginners",
            "description": "AWS Hands-on for Beginners",
            "type": "ec2",
            "connectionType": "CONNECT_SSM",
            "arn": "arn:aws:cloud9:ap-northeast-1:999999999999:environment:285828429dc343278de3d3455ec1ac67",
            "ownerArn": "arn:aws:sts::999999999999:assumed-role/AWSReservedSSO_Cloud9_61ef1983d2a51f0e/handson-user",
            "lifecycle": {
                "status": "CREATED"
            },
            "managedCredentialsStatus": "DISABLED_BY_DEFAULT"
        }
    ]
}

削除

EC2 環境削除

コマンド

aws cloud9 delete-environment --environment-id ${ENVIRONMENTID}

出力

[cloudshell-user@ip-10-132-72-116 ~]$ aws cloud9 delete-environment --environment-id ${ENVIRONMENTID}
[cloudshell-user@ip-10-132-72-116 ~]$

IAMロール削除

コマンド

aws iam remove-role-from-instance-profile --instance-profile-name AWSCloud9SSMInstanceProfile --role-name AWSCloud9SSMAccessRole
aws iam delete-instance-profile --instance-profile-name AWSCloud9SSMInstanceProfile
aws iam detach-role-policy --role-name AWSCloud9SSMAccessRole --policy-arn arn:aws:iam::aws:policy/AWSCloud9SSMInstanceProfile
aws iam delete-role --role-name AWSCloud9SSMAccessRole```

出力

[cloudshell-user@ip-10-134-6-238 ~]$ aws iam remove-role-from-instance-profile --instance-profile-name AWSCloud9SSMInstanceProfile --role-name AWSCloud9SSMAccessRole
[cloudshell-user@ip-10-134-6-238 ~]$ aws iam delete-instance-profile --instance-profile-name AWSCloud9SSMInstanceProfile
[cloudshell-user@ip-10-134-6-238 ~]$ aws iam detach-role-policy --role-name AWSCloud9SSMAccessRole --policy-arn arn:aws:iam::aws:policy/AWSCloud9SSMInstanceProfile
[cloudshell-user@ip-10-134-6-238 ~]$ aws iam delete-role --role-name AWSCloud9SSMAccessRole

参考

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up