| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | 31 |
Tags
- Method
- DANAWA
- AWS
- TypeScript
- tensorflow
- Agile
- adaptive life cycle
- opencv
- analyzing
- 자바스크립트
- 프로젝트
- Scrum
- keras
- python
- ECS
- pandas
- matplotlib
- Project
- 크롤링
- data analyze
- webcrawling
- data
- algorithm
- 다나와
- javascript
- visualizing
- angular
- instance
- Crawling
- 애자일
Archives
- Today
- Total
LiJell's 성장기
SSM Portfowarding 본문
반응형
Intro
To enhance security, I’ve relocated the bastion instance from the public subnet to the private subnet.
Previously, we accessed the database using SSH connection, but moving forward, we will use SSM port forwarding instead.
prerequisite
1. SSM Plugin should be installed first
2. AmazonSSMManagedInstanceCore should be on EC2 instance role
3. requried permission on User as below
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowSSMSessionControl",
"Effect": "Allow",
"Action": [
"ssm:StartSession",
"ssm:ResumeSession",
"ssm:TerminateSession",
"ssm:DescribeSessions"
],
"Resource": [
"arn:aws:ssm:*:*:session/*",
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Sid": "AllowPortForwardingDocs",
"Effect": "Allow",
"Action": [
"ssm:DescribeDocument"
],
"Resource": [
"arn:aws:ssm:*:*:document/AWS-StartPortForwardingSession",
"arn:aws:ssm:*:*:document/AWS-StartPortForwardingSessionToRemoteHost"
]
},
{
"Sid": "AllowInstanceInfo",
"Effect": "Allow",
"Action": [
"ssm:DescribeInstanceInformation"
],
"Resource": ["*"]
}
]
}MacOS
brew tap aws/tap
brew install aws-sessionmanager-pluginUbuntu / Debian
# package download
curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" \
-o "session-manager-plugin.deb"
# install
sudo dpkg -i session-manager-plugin.deb
# check the version
session-manager-plugin --version
CentOS / Amazon Linux
sudo yum install -y https://s3.amazonaws.com/session-manager-downloads/plugin/latest/linux_64bit/session-manager-plugin.rpm
session-manager-plugin --versionAccess command
- instance tag is required to run following command
aws ssm start-session \
--target $(aws ec2 describe-instances \
--filters "Name=tag:Name,Values=${EC2_NAME}" \
"Name=instance-state-name,Values=running" \
--query "Reservations[0].Instances[0].InstanceId" \
--output text \
--region ap-northeast-2) \
--document-name AWS-StartPortForwardingSessionToRemoteHost \
--parameters '{
"host":["${DB_ADDRESS}"],
"portNumber":["${DB_PORT}"],
"localPortNumber":["${DESIRE_LOCAL_PORT}"]
}' \
--region ap-northeast-2- without tag version
aws ssm start-session --target i-01a195587b7b7c266 --document-name AWS-StartPortForwardingSessionToRemoteHost --parameters '{
"host":["${DB_ADDRESS}"],
"portNumber":["${DB_PORT}"],
"localPortNumber":["${DESIRE_LOCAL_PORT}"]
}' --region ap-northeast-2
The terminal should appear as following screenshot once the connection is successfully established.
Example
- DocDB
mongodb://${DB_USER}:${DB_PASSWORD}@localhost:${DESIRE_LOCAL_PORT}/admin?tlsAllowInvalidHostnames=true&directConnection=true반응형
'Cloud' 카테고리의 다른 글
| Inject the App Version into the environment file during the EC2 CI/CD process (0) | 2024.11.12 |
|---|---|
| S3 Lifecycle expiry date issue (2) | 2024.10.02 |
| AWS Auto Scaling Group Warmpool (0) | 2024.09.05 |
| AWS ECS Managed Termination Protection 옵션 사용시 주의할 점 (0) | 2024.03.13 |
| Amazon ECS managed instance draining (0) | 2024.01.31 |
'Cloud' Related Articles
more
Comments