| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 |
Tags
- opencv
- Agile
- adaptive life cycle
- 프로젝트
- Project
- angular
- 애자일
- pandas
- Method
- data
- ECS
- matplotlib
- python
- data analyze
- instance
- keras
- 다나와
- algorithm
- webcrawling
- AWS
- 자바스크립트
- Crawling
- analyzing
- DANAWA
- visualizing
- javascript
- Scrum
- TypeScript
- tensorflow
- 크롤링
Archives
- Today
- Total
LiJell's 성장기
SSM Portfowarding 본문
반응형
Intro
To enhance security, I’ve relocated the bastion instance from the public subnet to the private subnet.
Previously, we accessed the database using SSH connection, but moving forward, we will use SSM port forwarding instead.
prerequisite
1. SSM Plugin should be installed first
2. AmazonSSMManagedInstanceCore should be on EC2 instance role
3. requried permission on User as below
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowSSMSessionControl",
"Effect": "Allow",
"Action": [
"ssm:StartSession",
"ssm:ResumeSession",
"ssm:TerminateSession",
"ssm:DescribeSessions"
],
"Resource": [
"arn:aws:ssm:*:*:session/*",
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Sid": "AllowPortForwardingDocs",
"Effect": "Allow",
"Action": [
"ssm:DescribeDocument"
],
"Resource": [
"arn:aws:ssm:*:*:document/AWS-StartPortForwardingSession",
"arn:aws:ssm:*:*:document/AWS-StartPortForwardingSessionToRemoteHost"
]
},
{
"Sid": "AllowInstanceInfo",
"Effect": "Allow",
"Action": [
"ssm:DescribeInstanceInformation"
],
"Resource": ["*"]
}
]
}MacOS
brew tap aws/tap
brew install aws-sessionmanager-pluginUbuntu / Debian
# package download
curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" \
-o "session-manager-plugin.deb"
# install
sudo dpkg -i session-manager-plugin.deb
# check the version
session-manager-plugin --version
CentOS / Amazon Linux
sudo yum install -y https://s3.amazonaws.com/session-manager-downloads/plugin/latest/linux_64bit/session-manager-plugin.rpm
session-manager-plugin --versionAccess command
- instance tag is required to run following command
aws ssm start-session \
--target $(aws ec2 describe-instances \
--filters "Name=tag:Name,Values=${EC2_NAME}" \
"Name=instance-state-name,Values=running" \
--query "Reservations[0].Instances[0].InstanceId" \
--output text \
--region ap-northeast-2) \
--document-name AWS-StartPortForwardingSessionToRemoteHost \
--parameters '{
"host":["${DB_ADDRESS}"],
"portNumber":["${DB_PORT}"],
"localPortNumber":["${DESIRE_LOCAL_PORT}"]
}' \
--region ap-northeast-2- without tag version
aws ssm start-session --target i-01a195587b7b7c266 --document-name AWS-StartPortForwardingSessionToRemoteHost --parameters '{
"host":["${DB_ADDRESS}"],
"portNumber":["${DB_PORT}"],
"localPortNumber":["${DESIRE_LOCAL_PORT}"]
}' --region ap-northeast-2
The terminal should appear as following screenshot once the connection is successfully established.
Example
- DocDB
mongodb://${DB_USER}:${DB_PASSWORD}@localhost:${DESIRE_LOCAL_PORT}/admin?tlsAllowInvalidHostnames=true&directConnection=true반응형
'Cloud' 카테고리의 다른 글
| Amazone DynamoDB Global Table (0) | 2025.06.27 |
|---|---|
| Amazon Aurora Global Database (3) | 2025.06.27 |
| Inject the App Version into the environment file during the EC2 CI/CD process (0) | 2024.11.12 |
| S3 Lifecycle expiry date issue (2) | 2024.10.02 |
| AWS Auto Scaling Group Warmpool (0) | 2024.09.05 |
'Cloud' Related Articles
more
Comments