일 | 월 | 화 | 수 | 목 | 금 | 토 |
---|---|---|---|---|---|---|
1 | 2 | 3 | ||||
4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 | 12 | 13 | 14 | 15 | 16 | 17 |
18 | 19 | 20 | 21 | 22 | 23 | 24 |
25 | 26 | 27 | 28 | 29 | 30 | 31 |
Tags
- DANAWA
- 프로젝트
- 애자일
- opencv
- 다나와
- analyzing
- Crawling
- instance
- data
- webcrawling
- angular
- Method
- keras
- javascript
- data analyze
- 크롤링
- algorithm
- TypeScript
- pandas
- Project
- Agile
- ECS
- visualizing
- Scrum
- adaptive life cycle
- 자바스크립트
- AWS
- python
- tensorflow
- matplotlib
Archives
- Today
- Total
LiJell's 성장기
SSM Portfowarding 본문
반응형
Intro
To enhance security, I’ve relocated the bastion instance from the public subnet to the private subnet.
Previously, we accessed the database using SSH connection, but moving forward, we will use SSM port forwarding instead.
prerequisite
1. SSM Plugin should be installed first
2. AmazonSSMManagedInstanceCore should be on EC2 instance role
3. requried permission on User as below
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowSSMSessionControl",
"Effect": "Allow",
"Action": [
"ssm:StartSession",
"ssm:ResumeSession",
"ssm:TerminateSession",
"ssm:DescribeSessions"
],
"Resource": [
"arn:aws:ssm:*:*:session/*",
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Sid": "AllowPortForwardingDocs",
"Effect": "Allow",
"Action": [
"ssm:DescribeDocument"
],
"Resource": [
"arn:aws:ssm:*:*:document/AWS-StartPortForwardingSession",
"arn:aws:ssm:*:*:document/AWS-StartPortForwardingSessionToRemoteHost"
]
},
{
"Sid": "AllowInstanceInfo",
"Effect": "Allow",
"Action": [
"ssm:DescribeInstanceInformation"
],
"Resource": ["*"]
}
]
}
MacOS
brew tap aws/tap
brew install aws-sessionmanager-plugin
Ubuntu / Debian
# package download
curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" \
-o "session-manager-plugin.deb"
# install
sudo dpkg -i session-manager-plugin.deb
# check the version
session-manager-plugin --version
CentOS / Amazon Linux
sudo yum install -y https://s3.amazonaws.com/session-manager-downloads/plugin/latest/linux_64bit/session-manager-plugin.rpm
session-manager-plugin --version
Access command
- instance tag is required to run following command
aws ssm start-session \
--target $(aws ec2 describe-instances \
--filters "Name=tag:Name,Values=${EC2_NAME}" \
"Name=instance-state-name,Values=running" \
--query "Reservations[0].Instances[0].InstanceId" \
--output text \
--region ap-northeast-2) \
--document-name AWS-StartPortForwardingSessionToRemoteHost \
--parameters '{
"host":["${DB_ADDRESS}"],
"portNumber":["${DB_PORT}"],
"localPortNumber":["${DESIRE_LOCAL_PORT}"]
}' \
--region ap-northeast-2
- without tag version
aws ssm start-session --target i-01a195587b7b7c266 --document-name AWS-StartPortForwardingSessionToRemoteHost --parameters '{
"host":["${DB_ADDRESS}"],
"portNumber":["${DB_PORT}"],
"localPortNumber":["${DESIRE_LOCAL_PORT}"]
}' --region ap-northeast-2
The terminal should appear as following screenshot once the connection is successfully established.

Example
- DocDB
mongodb://${DB_USER}:${DB_PASSWORD}@localhost:${DESIRE_LOCAL_PORT}/admin?tlsAllowInvalidHostnames=true&directConnection=true
반응형
'Cloud' 카테고리의 다른 글
Inject the App Version into the environment file during the EC2 CI/CD process (0) | 2024.11.12 |
---|---|
S3 Lifecycle expiry date issue (2) | 2024.10.02 |
AWS Auto Scaling Group Warmpool (0) | 2024.09.05 |
AWS ECS Managed Termination Protection 옵션 사용시 주의할 점 (0) | 2024.03.13 |
Amazon ECS managed instance draining (0) | 2024.01.31 |
Comments