JAWS-UG_CLI_Setup_SSM_20211028

by h-ashisan

Slide 1

Slide 1 text

1 ʲॳ৺ऀ޲͚ʳ Systems ManagerͬͯͲ͏࢝ΊΔΜ͚ͩͬʁ

Slide 2

Slide 2 text

2 ࣗݾ঺հ ɾ໊લ ɹ- ͋͠͞Μ(@ashi_ssan) ɾॴଐ ɹ- Ϋϥεϝιουגࣜձࣾ ɹ- AWSࣄۀຊ෦ ίϯαϧςΟϯά෦ ɾུྺ ɹ- ৽ଔ→ಠཱܥSIer→ݱ৬(2021/09ʙ) ɾ޷͖ͳAWSαʔϏε ɹ- CloudShell ɹ- Systems Manager SessionManager/RunCommand ɾϒϩά

Slide 3

Slide 3 text

3 গ͚ͩ͠એ఻ ɾMeety࢝Ί·ͨ͠ʢࠓ೔ʣ

Slide 4

Slide 4 text

4 ͸͡Ίʹ ࿩͢͜ͱ ɾAWS Systems Manager(SSM)ͷηοτΞοϓํ๏ ࿩͞ͳ͍͜ͱ ɾ֤SSMαʔϏεʹ͍ͭͯͷઆ໌

Slide 5

Slide 5 text

5 ͖͔͚ͬ

Slide 6

Slide 6 text

6 ͖͔͚ͬ Amazon LinuxܥͷΠϯελϯεʹ͸ SSM Agent͕σϑΥϧτͰϓϦΠϯετʔϧ͞Ε͍ͯΔ (ެࣜυΩϡϝϯτΑΓ)

Slide 7

Slide 7 text

7 ͖͔͚ͬ SSM Agent͕ϓϦΠϯετʔϧ͞Ε͍ͯΔ = ଈ SSM ηοτΞοϓ׬ྃʂ = ηογϣϯϚωʔδϟʔՄೳ Ͱ͸ʁʁ

Slide 8

Slide 8 text

8 ࣮ࡍʹ΍ͬͯΈͨ

Slide 9

Slide 9 text

9 ࣮ࡍʹ΍ͬͯΈͨ ࢀߟɿSSMηογϣϯϚωʔδϟʔͷCLIίϚϯυ $ aws ssm start-session --target

Slide 10

Slide 10 text

10 ࣮ࡍʹ΍ͬͯΈͨ

Slide 11

Slide 11 text

11 ࣮ࡍʹ΍ͬͯΈͨ ໰ɿ ͜ͷߏ੒ͰηογϣϯϚωʔδϟʔ͸ ࢖͑Δʁ

Slide 12

Slide 12 text

12 ࣮ࡍʹ΍ͬͯΈͨ ౴͑ɿͰ͖·ͤΜʂ

Slide 13

Slide 13 text

13 ࣮ࡍʹ΍ͬͯΈͨ ݪҼɿ ɾIAMϩʔϧ(ΠϯελϯεϓϩϑΝΠϧ)͕ෆ଍ →ʮAmazonSSMManagedInstanceCoreʯͷΞΫηεڐՄ͕ඞཁ ※ʮAmazonEC2RoleforSSMʯ͸ΞΫηεڐՄൣғ͕޿͍ͨΊඇਪ঑ ࢀߟɿ https://docs.aws.amazon.com/ja_jp/systems-manager/latest/userguide/setup-instance-profile.html

Slide 14

Slide 14 text

14 ࣮ࡍʹ΍ͬͯΈͨ

Slide 15

Slide 15 text

15 ࣮ࡍʹ΍ͬͯΈͨ ໰ɿ ͜ͷߏ੒ͰηογϣϯϚωʔδϟʔ(ry

Slide 16

Slide 16 text

16 ࣮ࡍʹ΍ͬͯΈͨ ౴͑ɿͰ͖·ͨ͠

Slide 17

Slide 17 text

17 ࣮ࡍʹ΍ͬͯΈͨ ࢀߟɿCLI͔Β઀ଓ࣌ͷϩά bash-3.2$ aws ssm start-session --target i-0aa906b95f3c0cf2d Starting session with SessionId: 1635351198-session-0790888dbb163125d sh-4.2$ sh-4.2$ ifconfig |grep "10\.0\." inet 10.0.0.24 netmask 255.255.255.0 broadcast 10.0.0.255 sh-4.2$ exit exit Exiting session with sessionId: 1635351198-session-0790888dbb163125d.

Slide 18

Slide 18 text

18 ࣮ࡍʹ΍ͬͯΈͨ

Slide 19

Slide 19 text

19 ࣮ࡍʹ΍ͬͯΈͨ ໰ɿ ͜ͷߏ੒Ͱ(ry

Slide 20

Slide 20 text

20 ࣮ࡍʹ΍ͬͯΈͨ ౴͑ɿͰ͖·ͤΜʂ

Slide 21

Slide 21 text

21 ࣮ࡍʹ΍ͬͯΈͨ ݪҼɿ SystemsManager API΁ͷૄ௨ܦ࿏͕ͳ͍ →ʮΠϯελϯε͔ΒSystemsManager API΁ͷΞ΢τό΢ϯ υͷ௨৴ܦ࿏(443ϙʔτ)ʯ͕ඞཁ (࣮૷ྫ) ①NAT Gateway/Πϯελϯεܦ༝Ͱ௨৴͢Δ ②VPC Endpointܦ༝Ͱ௨৴͢Δ

Slide 22

Slide 22 text

22 ①NAT Gateway/Πϯελϯεܦ༝Ͱ௨৴͢Δ

Slide 23

Slide 23 text

23 ②VPC Endpointܦ༝Ͱ௨৴͢Δ

Slide 24

Slide 24 text

24 ໰ɿ (ry

Slide 25

Slide 25 text

25 ౴͑ɿͰ͖·ͨ͠

Slide 26

Slide 26 text

26 ɾCLI͔Βܨ͛ͨ࣌ͷϩά bash-3.2$ aws ssm start-session --target i-0118cd8e6d13fc095 Starting session with SessionId: 1635351198-session-0afb128b8b6169055 sh-4.2$ sh-4.2$ ifconfig |grep "10\.0\." inet 10.0.3.251 netmask 255.255.255.0 broadcast 10.0.3.255 sh-4.2$ exit exit Exiting session with sessionId: 1635351198-session-0790888dbb163125d.

Slide 27

Slide 27 text

27 ·ͱΊ

Slide 28

Slide 28 text

28 SSM Agent͕ϓϦΠϯετʔϧ͞Ε͍ͯΔ ≠ ଈ SSM ηοτΞοϓ׬ྃʂ ≠ ηογϣϯϚωʔδϟʔՄೳ

Slide 29

Slide 29 text

29 ࠓ೔ֶΜͩ͜ͱ ɾSSMηοτΞοϓͷνΣοΫϙΠϯτ ✅ SSM Agent͕Πϯετʔϧ͞Ε͍ͯΔ͔ʁ ✅ Πϯελϯεʹద੾ͳݖݶ͕෇༩͞ΕͨIAMϩʔϧ͕Ξλον͞Ε͍ͯΔ͔ʁ ✅ Πϯελϯε͔ΒSSM API΁ͷ௨৴ܦ࿏͸֬อ͞Ε͍ͯΔ͔ʁ

Slide 30

Slide 30 text

30 ࢀߟ ɾAWS BlackBelt https://d1.awsstatic.com/webinars/jp/pdf/services/20200212_AWSBlackBelt_SystemsManager_0214.pdf ɾηογϣϯϚωʔδϟʔͷϋϚΓͲ͜ΖΛύλʔϯ͝ͱʹ੔ཧ ͯ͠ΈΔ(DevelopersIO) https://dev.classmethod.jp/articles/session-manager-pattern/

Slide 31

Slide 31 text

31 Ҏ্ɻ