初心者だからこそ触りたい、AWS CLI ~ "躓きやすい"を無くしたい ~ #devio2020

dl͖᪴΍͍͢zΛແ͍ͨ͘͠d ๺઒Ղಸ ॳ৺ऀ͔ͩΒͦ͜৮Γ͍ͨɺAWS CLI

๺઒Ղಸ͍͕ͨʔ ৽ଔΤϯδχΞظੜ "84Λத৺ʹษڧத

"84$-*͸͍͍ͧɻ

͜ͷηογϣϯͷର৅ AWS CLI(CUI)ʹۤखҙ͕ࣝ͋Δํ AWS CLIΛ৮Ζ͏ͱͯ͠৮Ε͍ͯͳ͍ํ AWSॳ৺ऀͷํ

͜ͷηογϣϯͷ࠷ऴ໨ඪ ͋ΕɺAWS CLIͬͯͦΜͳʹ೉͘͠ͳ͍ʁ ͱࢥ͍ͬͯͨͩ͘͜ͱ

"(&/%" ɾ"84$-*ͱ͸ʁ ɾॳ৺ऀ͔ͩΒͦ͜৮ͬͯཉ͍͠ ɾΠϯετʔϧͷ࢓ํ ɾ"84$-*Λ࢖ͬͯΈΑ͏ ɾ"84$-*$PNNBOE3FGFSFODFʹ͍ͭͯ ɾ"84ʹ׳Ε͍ͨͳΒɺ"84$-*Λ࢖ͬͯΈΑ͏

"84$-*ͱ͸ʁ Amazon Web Services Command Line Interface

"84ίϚϯυϥΠϯΠϯλʔϑΣʔεΑΓ AWS ίϚϯυϥΠϯΠϯλʔϑΣʔε (CLI) ͸ɺ AWS αʔϏεΛ؅ཧ͢ΔͨΊͷ౷߹πʔϧͰ͢ɻ μ΢ϯϩʔυ͓Αͼઃఆ༻ͷ୯ҰͷπʔϧͷΈΛ࢖༻ͯ͠ɺ ίϚϯυϥΠϯ͔Βෳ਺ͷ
AWS αʔϏεΛ੍ޚ͠ɺ εΫϦϓτΛ࢖༻ͯ͜͠ΕΒΛࣗಈԽ͢Δ͜ͱ͕Ͱ͖·͢ɻ

Ξοϓσʔτʹ͍ͭͯ 2020/02/12 V2͕Ұൠར༻Մೳʹ

Ξοϓσʔτʹ͍ͭͯ V2 Pythonͷόʔδϣϯؔ܎ͳ͘࢖͑Δ

͋ͷɺࠇ͍ը໘͸ۤखͰ͔͢ʁ

$6*ɺ͍ͩͿ׳Ε·ͨ͠ɻ ࢲ΋ۤ͘͢͝खͰͨ͠ɻ ৮ͬͯΑ͏΍͘׳Ε͖ͯͨɻ

ॳ৺ऀ͔ͩΒͦ͜৮ͬͯཉ͍͠"84$-* ࣮ࡍʹΞʔΩςΫνϟΛ૊Ή ྲྀΕ͕௫ΊΔɻ

Ϛωδϝϯτίϯιʔϧͱͷҧ͍ྑ͞ Ұͭͷը໘্Ͱૢ࡞͕Ͱ͖Δɻ

Ϛωδϝϯτίϯιʔϧͱͷҧ͍ྑ͞ ࣗಈԽ౳͕͠΍͍͢ɻ

Ϛωδϝϯτίϯιʔϧͱͷҧ͍ྑ͞ ׳ΕΔͱ࢖͍΍͍͢ɻ

"84$-*7Πϯετʔϧํ๏ GUI CUI

ࠓճͷ࣮ߦ؀ڥ mac OS Catalina 10.15.5

DVSMίϚϯυͰύοέʔδΛΠϯετʔϧ $ curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o “AWSCLIV2.pkg"

ύοέʔδ͔Β"84$-*ΛΠϯετʔϧ $ sudo installer -pkg AWSCLIV2.pkg -target /

͏·͘ΠϯετʔϧͰ͖͔ͨ֬ೝͯ͠ऴྃʂ $ aws - -version aws-cli/2.0.19 Python/3.7.4 Darwin/19.5.0 botocore/2.0.0dev23

Ξοϓσʔτʹ͍ͭͯ V2 Pythonͷόʔδϣϯؔ܎ͳ͘࢖͑Δ ࣗಈิ׬ػೳ͕࢖͑Δ

ࣗಈิ׬ػೳΛ࢖͏[TIͷ৔߹ ~/.zshrc ʹ௥Ճ

ࣗಈิ׬ػೳΛ࢖͏[TIͷ৔߹ autoload bashcompinit && bashcompinit complete -C '/usr/local/aws/bin/ aws_completer'
aws

ࣗಈิ׬ػೳΛ࢖͏[TIͷ৔߹ $ source ~/.zshrc

ແࣄɺิ׬ػೳΛ௥ՃͰ͖͍ͯΕ͹ TABΩʔΛԡ͢ͱิ׬͞ΕΔ

*".Ϣʔβʔͷ੾Γସ͑΋Մೳ aws configure - - profile USER1 (vi ~/.aws/config)

*".Ϣʔβʔͷ੾Γସ͑΋Մೳ export AWS_DEFAULT_PROFILE=USER1

"84$-*Λ৮ͬͯΈΑ͏ ΍Γ͍ͨ͜ͱΛࡉ͔͘෼͚ͯΈΔ

ࠓճ΍Γ͍ͨ͜ͱ VPC಺ʹEC2ΠϯελϯεΛىಈ͢Δ ͦͷΠϯελϯεʹ͸ssh઀ଓ͍ͨ͠ Πϯλʔωοτʹ઀ଓ͍ͨ͠

ͬ͘͟Γ෼͚Δ VPCͱ2ͭͷαϒωοτΛ࡞੒ ҰͭͷαϒωοτΛύϒϦοΫʹ͢Δ αϒωοτ಺ʹΠϯελϯεΛىಈ

ࠓճ΍Γ͍ͨ͜ͱ

ࡉ͔͘෼͚͍ͯ͘

ࡉ͔͘෼͚͍ͯ͘ aws ec2 create-vpc - -cidr-block 10.0.0.0/16

ࡉ͔͘෼͚͍ͯ͘

ࡉ͔͘෼͚͍ͯ͘ aws ec2 create-subnet - -cidr-block 10.0.1.0/24 aws ec2
create-subnet - -cidr-block 10.0.0.0/24

ࡉ͔͘෼͚͍ͯ͘

ࡉ͔͘෼͚͍ͯ͘ aws ec2 create-internet-gateway aws ec2 attach-internet-gateway —internet-gateway-id XXX
--vpc-id XXX

ࡉ͔͘෼͚͍ͯ͘ aws ec2 create-route-table --vpc-id XXX aws ec2 create-route
--route-table-id XXX —destination-cidr-block 0.0.0.0/0 —gateway-id XXX aws ec2 associate-route-table --subnet-id XXXXX —route-table-id XXX

ࡉ͔͘෼͚͍ͯ͘ aws ec2 modify-subnet-attribute --subnet-id XXXXX --map-public-ip-on-launch

ࡉ͔͘෼͚͍ͯ͘ aws ec2 create-key-pair --key-name KEY --query 'KeyMaterial' --output
text > ~/.ssh/$4.pem chmod 400 ~/.ssh/$4.pem

ࡉ͔͘෼͚͍ͯ͘ aws ec2 create-security-group --group-name Test —description "Security group
for SSH access Internet access" --vpc-id XXX

ηΩϡϦςΟάϧʔϓ Πϯελϯεͷ௨৴Λ੍ޚ͢Δ ϑΝΠΞ΢Υʔϧ σϑΥϧτ:Πϯό΢ϯυ௨৴͸શͯڋ൱ Ξ΢τό΢ϯυ͔Β͸શͯڐՄ

ࠓճɺઃఆ͢΂͖ηΩϡϦςΟάϧʔϓ 22൪ͱ80൪ϙʔτͷ Πϯό΢ϯυ઀ଓΛڐՄ

ࡉ͔͘෼͚͍ͯ͘ curl -s ifconﬁg.me /32

ࡉ͔͘෼͚͍ͯ͘ aws ec2 authorize-security-group-ingress --group-id XXX --protocol tcp --port
22 --cidr XXX

ࡉ͔͘෼͚͍ͯ͘ aws ec2 authorize-security-group-ingress --group-id XXX --protocol tcp --port
80 --cidr XXX

Ͳ͏ͳͬͨͷ͔

ࡉ͔͘෼͚͍ͯ͘ aws ec2 run-instances --image-id ami-0f310fced6141e627 --count 1 --instance-type
t2.nano --key-name XXX —security-group-ids XXX --subnet-id XXX

ࡉ͔͘෼͚͍ͯ͘

ࡉ͔͘෼͚͍͖ͯ·ͨ͠ ͦΕͧΕͷखॱΛҰ͍͖ͭͣͭͯ͠·͢ɻ

ࡉ͔͘෼͚͍͖ͯ·ͨ͠ ͦΕͧΕͷग़ྗ݁ՌΛϝϞ͢Δඞཁ͕͋Δɻ

͔ͤͬ͘ͳͷͰɺ͍͍ͱ͜ΖΛ׆͔ͦ͏ ࣗಈԽ͍͖͍ͯͨ͠ɻ

-FU`TࣗಈԽ εΫϦϓτ࡞Γ·ͨ͠ɻ

ग़ྗͷϑΟϧλϦϯά —query Φϓγϣϯ

εΫϦϓτ࣮ߦલʹΠϯετʔϧ͍͖͍ͯͨͩͨ͠෺ jqίϚϯυ JSONϑΝΠϧΛ੔ܗ͢Δ $ brew install jq

࣮ߦ࣌ͷίϚϯυ ྫ $ ./test.sh 10.0.0.0/16 10.0.0.0/24 10.1.0.0/24 test_key

࣮ߦ࣌ͷίϚϯυ $ ./test.sh (VPC_CIDR) (PUB_SUB_CIDR) (PRI_SUB_CIDR) (KEY_NAME)

࣮ࡍͷγΣϧεΫϦϓτ #!/bin/bash VPC=àws ec2 create-vpc --cidr-block $1 | jq
'.Vpc | .VpcId' | tr -d '"'` echo $VPC SUBNET_PUB=àws ec2 create-subnet --vpc-id $VPC --cidr-block $2 | jq '.Subnet | .SubnetId' | tr -d '"'` SUBNET_PRI=àws ec2 create-subnet --vpc-id $VPC --cidr-block $3 | jq '.Subnet | .SubnetId' | tr -d '"'` echo $SUBNET_PUB echo $SUBNET_PRI IGW=àws ec2 create-internet-gateway | jq '.InternetGateway | .InternetGatewayId' | tr -d '"'` aws ec2 attach-internet-gateway --internet-gateway-id $IGW --vpc-id $VPC RT=àws ec2 create-route-table --vpc-id $VPC | jq '.RouteTable | .RouteTableId' | tr -d '"'` aws ec2 create-route --route-table-id $RT --destination-cidr-block 0.0.0.0/0 --gateway-id $IGW aws ec2 associate-route-table --subnet-id $SUBNET_PUB --route-table-id $RT | jq '.AssociationState' aws ec2 modify-subnet-attribute --subnet-id $SUBNET_PUB --map-public-ip-on-launch aws ec2 create-key-pair --key-name $4 --query 'KeyMaterial' --output text > ~/.ssh/$4.pem chmod 400 ~/.ssh/$4.pem SG=àws ec2 create-security-group --group-name Test-SecurityG --description "Security group for SSH access Internet access" --vpc-id $VPC | jq .GroupId | tr -d '"'` MYIP=`curl -s ifconfig.me` MYIP="$MYIP/32" aws ec2 authorize-security-group-ingress --group-id $SG --protocol tcp --port 22 --cidr $MYIP aws ec2 authorize-security-group-ingress --group-id $SG --protocol tcp --port 80 --cidr $MYIP aws ec2 describe-security-groups --group-ids $SG | jq '.SecurityGroups[] | .IpPermissions[]' INSTANCE_ID=àws ec2 run-instances --image-id ami-0f310fced6141e627 --count 1 --instance-type t2.nano --key-name $4 --security-group-ids $SG --subnet-id $SUBNET_PUB | jq '.Instances[] | .InstanceId' | tr -d '"'` aws ec2 describe-instances --instance-id $INSTANCE_ID | jq '.Reservations[] | .Instances[] | .KeyName, .PublicIpAddress'

͜ͷεΫϦϓτ ઌ΄Ͳߦͬͨ΋ͷΛฒ΂͚ͨͩͰ͢ɻ

࣮ࡍͷγΣϧεΫϦϓτ #!/bin/bash VPC=àws ec2 create-vpc --cidr-block $1 | jq
'.Vpc | .VpcId' | tr -d '"'` echo $VPC SUBNET_PUB=àws ec2 create-subnet --vpc-id $VPC --cidr-block $2 | jq '.Subnet | .SubnetId' | tr -d '"'` SUBNET_PRI=àws ec2 create-subnet --vpc-id $VPC --cidr-block $3 | jq '.Subnet | .SubnetId' | tr -d '"'` echo $SUBNET_PUB echo $SUBNET_PRI IGW=àws ec2 create-internet-gateway | jq '.InternetGateway | .InternetGatewayId' | tr -d '"'` aws ec2 attach-internet-gateway --internet-gateway-id $IGW --vpc-id $VPC RT=àws ec2 create-route-table --vpc-id $VPC | jq '.RouteTable | .RouteTableId' | tr -d '"'` aws ec2 create-route --route-table-id $RT --destination-cidr-block 0.0.0.0/0 --gateway-id $IGW aws ec2 associate-route-table --subnet-id $SUBNET_PUB --route-table-id $RT | jq '.AssociationState' aws ec2 modify-subnet-attribute --subnet-id $SUBNET_PUB --map-public-ip-on-launch aws ec2 create-key-pair --key-name $4 --query 'KeyMaterial' --output text > ~/.ssh/$4.pem chmod 400 ~/.ssh/$4.pem SG=àws ec2 create-security-group --group-name Test-SecurityG --description "Security group for SSH access Internet access" --vpc-id $VPC | jq .GroupId | tr -d '"'` MYIP=`curl -s ifconfig.me` MYIP="$MYIP/32" aws ec2 authorize-security-group-ingress --group-id $SG --protocol tcp --port 22 --cidr $MYIP aws ec2 authorize-security-group-ingress --group-id $SG --protocol tcp --port 80 --cidr $MYIP aws ec2 describe-security-groups --group-ids $SG | jq '.SecurityGroups[] | .IpPermissions[]' INSTANCE_ID=àws ec2 run-instances --image-id ami-0f310fced6141e627 --count 1 --instance-type t2.nano --key-name $4 --security-group-ids $SG --subnet-id $SUBNET_PUB | jq '.Instances[] | .InstanceId' | tr -d '"'` aws ec2 describe-instances --instance-id $INSTANCE_ID | jq '.Reservations[] | .Instances[] | .KeyName, .PublicIpAddress'

࣮ࡍͷ࣮ߦ݁Ռ VPC ID PUBLIC SUBNET ID PRIVATE SUBNET ID
ϧʔτΛ࡞Ε͔ͨ ϧʔτςʔϒϧ͕ඥ͍͔ͮͨ ηΩϡϦςΟάϧʔϓͷத਎ Ωʔͷ໊લ ύϒϦοΫIP

"84$-*$PNNBOE3FGFSFODFʹ͍ͭͯ ࠔͬͨΒɺ͜͜ΛΈΔ

جຊతͳ࢖͍ํ aws ίϚϯυ໊ αϒίϚϯυ ύϥϝʔλ

͍͍ͩͨύλʔϯ͕ܾ·͍ͬͯ·͢ɻ aws αʔϏε໊ create-ʓʓ aws αʔϏε໊ describes-ʓʓ aws αʔϏε໊
delete-ʓʓ

େ੾ͳ͜ͱ खॱΛ೺Ѳ͢Δ

׳ΕΔ·Ͱ Ұ౓ɺGUI(Ϛωδϝϯτίϯιʔϧ)Ͱ ৮ͬͯΈΔͷ΋͓קΊͰ͢ɻ

"84$-*ʹ׳ΕΔͨΊʹ΍ͬͯΈͨ

"84ʹ׳Ε͍ͨͳΒʜʁ

"84ʹ׳Ε͍ͨͳΒʜʁ AWS CLI

初心者だからこそ触りたい、AWS CLI ~ "躓きやすい"を無くしたい ~ #devio2020

初心者だからこそ触りたい、AWS CLI ~ "躓きやすい"を無くしたい ~ #devio2020

More Decks by Kana Kitagawa

Other Decks in Technology

Featured

Transcript