๐ก AWS๋ฅผ ์ฌ์ฉํ๋ค๋ณด๋ฉด Managed ๋ ์๋น์ค๋ค์ ์ด์ฉํ๋ ๋น์ฉ์ด ์ง์์ ์ผ๋ก ์ฆ๊ฐํ๊ฒ ๋๋ค.
EC2์ ๊ฐ DB๋ฅผ ์ค์นํ๊ณ ๊ด๋ฆฌํ๋ ๋ฐฉ๋ฒ์ ์ต๋ํ๊ณ ์ ํ๋ค.
Architecture
- Bastion Host๋ฅผ ํตํด Private Subnet์ ์๋ DB Instance๋ฅผ ์ ๊ทผ
- Bastion host
- Grafana
- DB Instance
- PostgreSQL
- Redis
- MongoDB
- Prometheus
1. VPC(Network)
์๋ ๊ทธ๋ฆผ๊ณผ ๋ฌ๋ฆฌ EC2 Instance Type์ ๊ฐ์ฅ ํฌ๊ธฐ๊ฐ ์์ Type์ผ๋ก ํ๊ธฐ ์ํด์๋ AZ a,c์์ ์์ฑํด์ผ๋๋ฏ๋ก ๊ฐ์ฉ์์ญ์ A, C๋ก ์ ํ.
1.1 VPC ์์ฑ
๊ฐ๊ฐ VPC, Subnet, Routing Table, NACL์ ์์ฑํด๋ ๋จ.
ํ์ง๋ง AWS Console์์ ์ง์ํด์ฃผ๋ VPC + Subnet + Endpoint ์์ฑํด์ฃผ๋๊ฑธ๋ก VPC ์์ฑ.
1.2 Security Group ์์ฑ
Bastion Host- Public Subnet์์ Private Subnet์ผ๋ก ์ฐ๊ฒฐํ๊ธฐ ์ํ ๋๋ฆฌ์ Instance
- Public Subnet์ EC2 ์์ฑ
- ์์ฑ์ ์ํ Security Group ์์ฑ
1.2.1 Public Security Group
Bastion HostGrafana: Monitoring Dashboard- ๋๊ฐ์ง ํญ๋ชฉ์ ์ํ Security Group
PortTypeSSH(22)- Tunneling ์ ์ํ SSH ํต์
๋ชจ๋ ICMP - IPv4- ์๋ฒ์์ Ping Test์ ๊ฐ์ ์๋ฒ ์ฒดํฌ์ฉ๋๋ก ์ฌ์ฉ.
TCP(3000)- Grafana๋ฅผ ์ํ Port
์์ค- My IP์๋ง Open
1.2.2 Private Security Group
PostgreSQL, Redis, MongoDBPostgreSQL: 5432MongoDB: 27017Redis: 6379
SSH- 22
Prometheus- ๊ฐ ์๋ฒ ๋๋ DB Metrics ์์ง์ ์ํ Open Source Monitoring Solution
- 9090 : PostgreSQL Exporter
- 9100 : Node Exporter
๋ชจ๋ ICMP - IPv4- ์๋ฒ์์ Ping Test์ ๊ฐ์ ์๋ฒ ์ฒดํฌ์ฉ๋๋ก ์ฌ์ฉ.
์์ค(Source)Public Security Group- ๋ชจ๋ Port๋ Bastion Host๋ฅผ ํตํด์๋ง ํต์ ํ ์ ์๋๋ก ์ฒ๋ฆฌ.
2. EC2 Instance ์์ฑ
์ผ๋ฐ์ ์ผ๋ก EC2๋ฅผ ์์ฑํ๋ ๋ฐฉ๋ฒ๊ณผ ๋์ผํจ.
Access Key
- ๊ธฐ์กด์ ์ฌ์ฉํ๊ณ ์๋ Access Key ๋๋ ์ ๊ท๋ก ๋ฐ๊ธํ์ฌ ์ฌ์ฉ.
2.1 Public EC2(Bastion Host)
- Public Security Group์ Binding ํ EC2 Instance ์์ฑ
2.2 Private EC2
- Private Security Group์ Binding ํ EC2 Instance ์์ฑ
2.3 How to Connect Private EC2 Through Bastion Host
2.3.1 ๋ฐฉ๋ฒ 1
- ํฐ๋ฏธ๋ 2๊ฐ๋ฅผ ์ด์ฉ.
- 1๋ฒ ํฐ๋ฏธ๋์์ SSH ํฐ๋๋ง
- 2๋ฒ ํฐ๋ฏธ๋์์ Private EC2 SSH ์ฐ๊ฒฐ
## Terminal 1 ssh -i "accesskey.pem" -N -L {customport}:{target-private-ip}:22 {userid}@{bastion-host-public-ip} ## Terminal 2 ssh -i "accesskey" -p 33322 {userid}@localhost *ssh -i "ma-pipeline-key.pem" -N -L 33322:10.15.159.221:22 ubuntu@3.38.92.37* ssh -i ma-pipeline-key.pem -p 33322 ubuntu@localhost2.3.2 ๋ฐฉ๋ฒ 2
- ssh config ํ์ผ์ host ์ ๋ณด๋ฅผ ์ ๋ ฅํ์ฌ ์ฌ์ฉ.
vi ~/.ssh/config Host bastion-host HostName <Public IP address of Bastion Host> User <USERID> Port 22 IdentityFile ~/.ssh/<key pair> IdentitiesOnly yes Host private-ec2 HostName <Private IP address of private EC2 instance> User <USERID> Port 22 IdentityFile ~/.ssh/<key pair> IdentitiesOnly yes ProxyJump bastion-host- ssh ์ ์
ssh private-ec2 # bastion-host๋ฅผ ์ ํํ์ฌ ์ ๊ทผํจ. 2.4 Bastion-host Access Key ๋ณต์ฌ
scp -i ma-pipeline-key.pem ma-pipeline-key.pem ubuntu@13.124.178.153:/home/ubuntu/ scp -i [Bastion-EC2ํคํ์ด๊ฒฝ๋ก] [์
๋ก๋ํ ํ์ผ] [user id]@[ec2 public IP]:[์ ์ฅ๊ฒฝ๋ก]2.4.1 Bastion → Private EC2 ์ ๊ทผ
ssh -i /home/ubuntu/workspace/ma-pipeline-key.pem ubuntu@10.15.159.221 #๋ณต์ฌ๋ Key ๋ก ssh ์ ๊ทผํ๋ฉด๋จ.3. NAT Gateway
- Private Subnet์ด NAT Gateway๋ฅผ ํตํด ์ธ๋ถ๋ก ์ ๊ทผํ ์ ์๋๋ก ์ฒ๋ฆฌ
3.1 ์์ฑ
- ์๋ธ๋ท : Public Subnet
- ํ๋ ฅ์ IP ํ ๋น
3.2 Route Table ์์
- Route Table์์ ํ์ฉ์ด ๋์ผ๋๋ค.
- Private Route Table ์์ NAT๋ก ์ ๋ฌ๋์ผ๋๋ค.
- 0.0.0.0/0 → NAT Gateway๋ก ์ ๋ ฅ
)
๋ค์ ํธ์ ๊ณ์....
'AWS > EC2' ์นดํ ๊ณ ๋ฆฌ์ ๋ค๋ฅธ ๊ธ
| 5.Install Database on EC2(Monitoring, Prometheus, PostgreSQL Exporter, Node Exporter) (0) | 2023.09.13 |
|---|---|
| 4.Install Database on EC2(Redis ์ค์น) (0) | 2023.09.13 |
| 3.Install Database on EC2(MongoDB ์ค์น) (0) | 2023.09.13 |
| 2.Install Database on EC2(PostgreSQL ์ค์น) (1) | 2023.09.13 |
| EC2 Windows SSH ์ ๊ทผ ์๋ฌ(Permission Deny) (0) | 2022.05.04 |
