星期六, 4月 06, 2019

使用 AWS CLI 建立 openSUSE Leap 15 in AWS EC2 小記

使用 AWS CLI 建立 openSUSE Leap 15 in AWS EC2 小記


OS: openSUSE Leap 15
AWS CLI: 1.16.135

測試 aws ec2 指令
> aws  ec2  describe-regions  --output  table


----------------------------------------------------------
|                     DescribeRegions             |
+--------------------------------------------------------+
||                        Regions    ||
|+-----------------------------------+------------------+|
||             Endpoint       | RegionName ||
|+-----------------------------------+------------------+|
||  ec2.eu-north-1.amazonaws.com     | eu-north-1 ||
||  ec2.ap-south-1.amazonaws.com     | ap-south-1 ||
||  ec2.eu-west-3.amazonaws.com      | eu-west-3 ||
||  ec2.eu-west-2.amazonaws.com      | eu-west-2 ||
||  ec2.eu-west-1.amazonaws.com      | eu-west-1 ||
||  ec2.ap-northeast-2.amazonaws.com |  ap-northeast-2 ||
||  ec2.ap-northeast-1.amazonaws.com |  ap-northeast-1 ||
||  ec2.sa-east-1.amazonaws.com      | sa-east-1 ||
||  ec2.ca-central-1.amazonaws.com   | ca-central-1 ||
||  ec2.ap-southeast-1.amazonaws.com |  ap-southeast-1 ||
||  ec2.ap-southeast-2.amazonaws.com |  ap-southeast-2 ||
||  ec2.eu-central-1.amazonaws.com   | eu-central-1 ||
||  ec2.us-east-1.amazonaws.com      | us-east-1 ||
||  ec2.us-east-2.amazonaws.com      | us-east-2 ||
||  ec2.us-west-1.amazonaws.com      | us-west-1 ||
||  ec2.us-west-2.amazonaws.com      | us-west-2 ||
|+-----------------------------------+------------------+|

嘗試使用 aws  ec2 指令建立 security group
這邊先嘗試不指定 vpc-id 的方式來建立, 觀察預設值
> aws  ec2  create-security-group  --group-name  test-sg  --description "Test security group"
{
   "GroupId": "sg-0408e6036599eee01"
}


建立起來的 Security Group 是建立在 US East (N. Virginia)


觀察之前 AWS 的設定
> cat  ~/.aws/config


[default]
region = us-east-1
output = json


因為之前有設定 default region 為 us-east-1 所以 security group 會建立到 N. Virginia


目前測試環境在 Ohio ( us-east-2 )
所以大概有兩種方式
  • 將 ~/.aws/config 的 default region 設定為 us-east-2
  • 使用 aws ec2 指令的時候加上 --vpc-id 選項


嘗試使用指令 刪除剛剛的 security group , 這邊我使用 --group-name 的方式
> aws  ec2  delete-security-group  --group-name  test-sg


那要如何知道 --vpc-id 呢, 可以使用 aws ec2 指令進行查詢


> aws  ec2  describe-vpcs
{
   "Vpcs": [
       {
           "CidrBlock": "172.31.0.0/16",
           "DhcpOptionsId": "dopt-eab73381",
           "State": "available",
           "VpcId": "vpc-c42535ac",
           "OwnerId": "781126831804",
           "InstanceTenancy": "default",
           "CidrBlockAssociationSet": [
               {
                   "AssociationId": "vpc-cidr-assoc-3efaf757",
                   "CidrBlock": "172.31.0.0/16",
                   "CidrBlockState": {
                       "State": "associated"
                   }
               }
           ],
           "IsDefault": true
       }
   ]
}


有了 vpc-id 接下來使用 aws ec2 指令建立 security group 測試
> aws  ec2  create-security-group  --group-name  test-sg  --vpc-id  vpc-c42535ac --description "Test cli"


{
   "GroupId": "sg-090a6648734644155"
}


接下來建立 規則, 開放 所有 IP 連線 port 22
> aws  ec2  authorize-security-group-ingress  --group-name  test-sg --protocol  tcp  --port 22 --cidr  0.0.0.0/0

接下來建立 Key Pair
使用 aws ec2 指令建立金鑰
> aws  ec2  create-key-pair  --key-name  test-key  --query  "KeyMaterial"  --output  text  > test-key.pem


  • --query "KeyMaterial" 參數只擷取您需要的輸出部分到 .pem 檔案


調整 key 的權限
> chmod  400  test-key.pem


接下來準備要建立 instance
但是開始之前還有一些資訊要知道的
  • image-id
  • subnet-id
  • security-group-ids


image-id  的查詢方式 這邊我以 openSUSE 為例
> aws  ec2  describe-images  --filters  'Name=name,Values=openSUSE*'




subnet-id 查詢方式
> aws  ec2  describe-subnets


security-group-ids 查詢方式
> aws  ec2  describe-security-groups


再來就是啟動 instances 了


> aws  ec2  run-instances --image-id  ami-026fef571e7830801 --subnet-id  subnet-92dfe4fb --security-group-ids sg-090a6648734644255  --instance-type  t2.micro --key-name  test-key --count  1


建立的時候會回應相關資訊, 其中會有 InstanceId


透過 aws ec2 指令查詢 Public IP address
> aws ec2  describe-instances --instance-ids  i-YOUR_InstanceID --query "Reservations[0].Instances[0].PublicIpAddress"


"18.223.195.175"


根據得到的 IP 進行連線


> ssh  -i  test-key.pem  ec2-user@18.223.195.175


The authenticity of host '18.223.195.175 (18.223.195.175)' can't be established.
ECDSA key fingerprint is SHA256:HbjDjHC5oNzXGWwKsmExV1VzUWWfCjvmYgTHlRWbcJk.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '18.223.195.175' (ECDSA) to the list of known hosts.
openSUSE Leap 15.0 x86-64


As "root" use the:
- zypper command for package management
- yast command for configuration management


Have a lot of fun...
ec2-user@ip-172-31-0-246:~>

這樣也算是多邁入 AWS 一小步
~ enjoy it


Reference:

沒有留言: