使用 AWS CLI 建立 openSUSE Leap 15 in AWS EC2 小記
OS: openSUSE Leap 15
AWS CLI: 1.16.135
測試 aws ec2 指令
> aws ec2 describe-regions --output table
----------------------------------------------------------
| DescribeRegions |
+--------------------------------------------------------+
|| Regions ||
|+-----------------------------------+------------------+|
|| Endpoint | RegionName ||
|+-----------------------------------+------------------+|
|| ec2.eu-north-1.amazonaws.com | eu-north-1 ||
|| ec2.ap-south-1.amazonaws.com | ap-south-1 ||
|| ec2.eu-west-3.amazonaws.com | eu-west-3 ||
|| ec2.eu-west-2.amazonaws.com | eu-west-2 ||
|| ec2.eu-west-1.amazonaws.com | eu-west-1 ||
|| ec2.ap-northeast-2.amazonaws.com | ap-northeast-2 ||
|| ec2.ap-northeast-1.amazonaws.com | ap-northeast-1 ||
|| ec2.sa-east-1.amazonaws.com | sa-east-1 ||
|| ec2.ca-central-1.amazonaws.com | ca-central-1 ||
|| ec2.ap-southeast-1.amazonaws.com | ap-southeast-1 ||
|| ec2.ap-southeast-2.amazonaws.com | ap-southeast-2 ||
|| ec2.eu-central-1.amazonaws.com | eu-central-1 ||
|| ec2.us-east-1.amazonaws.com | us-east-1 ||
|| ec2.us-east-2.amazonaws.com | us-east-2 ||
|| ec2.us-west-1.amazonaws.com | us-west-1 ||
|| ec2.us-west-2.amazonaws.com | us-west-2 ||
|+-----------------------------------+------------------+|
嘗試使用 aws ec2 指令建立 security group
這邊先嘗試不指定 vpc-id 的方式來建立, 觀察預設值
> aws ec2 create-security-group --group-name test-sg --description "Test security group"
{
"GroupId": "sg-0408e6036599eee01"
}
建立起來的 Security Group 是建立在 US East (N. Virginia)
觀察之前 AWS 的設定
> cat ~/.aws/config
[default]
region = us-east-1
output = json
因為之前有設定 default region 為 us-east-1 所以 security group 會建立到 N. Virginia
目前測試環境在 Ohio ( us-east-2 )
所以大概有兩種方式
- 將 ~/.aws/config 的 default region 設定為 us-east-2
- 使用 aws ec2 指令的時候加上 --vpc-id 選項
嘗試使用指令 刪除剛剛的 security group , 這邊我使用 --group-name 的方式
> aws ec2 delete-security-group --group-name test-sg
那要如何知道 --vpc-id 呢, 可以使用 aws ec2 指令進行查詢
> aws ec2 describe-vpcs
{
"Vpcs": [
{
"CidrBlock": "172.31.0.0/16",
"DhcpOptionsId": "dopt-eab73381",
"State": "available",
"VpcId": "vpc-c42535ac",
"OwnerId": "781126831804",
"InstanceTenancy": "default",
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-3efaf757",
"CidrBlock": "172.31.0.0/16",
"CidrBlockState": {
"State": "associated"
}
}
],
"IsDefault": true
}
]
}
有了 vpc-id 接下來使用 aws ec2 指令建立 security group 測試
> aws ec2 create-security-group --group-name test-sg --vpc-id vpc-c42535ac --description "Test cli"
{
"GroupId": "sg-090a6648734644155"
}
接下來建立 規則, 開放 所有 IP 連線 port 22
> aws ec2 authorize-security-group-ingress --group-name test-sg --protocol tcp --port 22 --cidr 0.0.0.0/0
接下來建立 Key Pair
使用 aws ec2 指令建立金鑰
> aws ec2 create-key-pair --key-name test-key --query "KeyMaterial" --output text > test-key.pem
- --query "KeyMaterial" 參數只擷取您需要的輸出部分到 .pem 檔案
調整 key 的權限
> chmod 400 test-key.pem
接下來準備要建立 instance
但是開始之前還有一些資訊要知道的
- image-id
- subnet-id
- security-group-ids
image-id 的查詢方式 這邊我以 openSUSE 為例
> aws ec2 describe-images --filters 'Name=name,Values=openSUSE*'
subnet-id 查詢方式
> aws ec2 describe-subnets
security-group-ids 查詢方式
> aws ec2 describe-security-groups
再來就是啟動 instances 了
> aws ec2 run-instances --image-id ami-026fef571e7830801 --subnet-id subnet-92dfe4fb --security-group-ids sg-090a6648734644255 --instance-type t2.micro --key-name test-key --count 1
建立的時候會回應相關資訊, 其中會有 InstanceId
透過 aws ec2 指令查詢 Public IP address
> aws ec2 describe-instances --instance-ids i-YOUR_InstanceID --query "Reservations[0].Instances[0].PublicIpAddress"
"18.223.195.175"
根據得到的 IP 進行連線
> ssh -i test-key.pem ec2-user@18.223.195.175
The authenticity of host '18.223.195.175 (18.223.195.175)' can't be established.
ECDSA key fingerprint is SHA256:HbjDjHC5oNzXGWwKsmExV1VzUWWfCjvmYgTHlRWbcJk.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '18.223.195.175' (ECDSA) to the list of known hosts.
openSUSE Leap 15.0 x86-64
As "root" use the:
- zypper command for package management
- yast command for configuration management
Have a lot of fun...
ec2-user@ip-172-31-0-246:~>
這樣也算是多邁入 AWS 一小步
~ enjoy it
Reference:
沒有留言:
張貼留言