(온보딩 교육 2일차) 2. AWS 기초 2023

개발자는 네트워크를 어려워한다. 네트워크를 알려준다~

목표

AWS기본 네트워크 이해하기 - Public, Private , DB Subnet , NAT , ELB

AWS 기본 네트워크 구축하기 -Public, Private , DB Subnet , NAT , ELB

<1> 디폴트 네트워크 만들기

<2> 사설에서 나가는것은 NAT Gateway사용한다

<3> 들어오는것은 ELB 사용한다.

<4> 서브네팅

<5> 네트워크 , 서버 만드는 방법?

<6> 후기

<1> 디폴트 네트워크 만들기

디폴트 네트워크 만들기

public subnet, private subnet 만들기

NAT만들기

로드 밸런서 만들기

public subnet 2개

private subnet 2개

NAT 2개

ELB 1개

<2> 사설에서 나가는것은 NAT Gateway사용한다

NAT IP 2개를 협력업체에게 알려주어 방화벽 허용을 해야 한다.

확인해보자

<3> 들어오는것은 ELB 사용한다.

NLB는 기본적으로 고정 IP를 사용한다.

ALB는 NLB+ ALB구성으로 고정 IP를 사용할수 있다.

<4> 서브네팅

인턴교육-2022-0420-ip.xlsx

<5> 네트워크 , 서버 만드는 방법?

1)

디폴트 VPC 만들기

2)

AWS 위저드 사용 - 부족한 부분 클릭 클릭

3) 콘솔에서 수동으로 클릭 클릭

Your VPCs New

public subnet 2개

private subnet 2개

NAT 2개

ELB 1개

4)

Cloud Formation 사용 - AWS IAC 툴이다.

또는 AWS CDK 사용.

pub2, pri2, ec2 1대

myeks-1week.yaml

AWSTemplateFormatVersion: '2010-09-09'

Metadata:

AWS::CloudFormation::Interface:

ParameterGroups:

- Label:

default: "<<<<< EKSCTL MY EC2 >>>>>"

Parameters:

- ClusterBaseName

- KeyName

- SgIngressSshCidr

- MyInstanceType

- LatestAmiId

- Label:

default: "<<<<< Region AZ >>>>>"

Parameters:

- TargetRegion

- AvailabilityZone1

- AvailabilityZone2

- Label:

default: "<<<<< VPC Subnet >>>>>"

Parameters:

- VpcBlock

- PublicSubnet1Block

- PublicSubnet2Block

- PrivateSubnet1Block

- PrivateSubnet2Block

Parameters:

ClusterBaseName:

Type: String

Default: myeks

AllowedPattern: "[a-zA-Z][-a-zA-Z0-9]*"

Description: must be a valid Allowed Pattern '[a-zA-Z][-a-zA-Z0-9]*'

ConstraintDescription: ClusterBaseName - must be a valid Allowed Pattern

KeyName:

Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter

Type: AWS::EC2::KeyPair::KeyName

ConstraintDescription: must be the name of an existing EC2 KeyPair.

SgIngressSshCidr:

Description: The IP address range that can be used to communicate to the EC2 instances

Type: String

MinLength: '9'

MaxLength: '18'

Default: 0.0.0.0/0

AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})

ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.

MyInstanceType:

Description: Enter t2.micro, t2.small, t2.medium, t3.micro, t3.small, t3.medium. Default is t2.micro.

Type: String

Default: t3.medium

AllowedValues:

- t2.micro

- t2.small

- t2.medium

- t3.micro

- t3.small

- t3.medium

LatestAmiId:

Description: (DO NOT CHANGE)

Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'

Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'

AllowedValues:

- /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2

TargetRegion:

Type: String

Default: ap-northeast-2

AvailabilityZone1:

Type: String

Default: ap-northeast-2a

AvailabilityZone2:

Type: String

Default: ap-northeast-2c

VpcBlock:

Type: String

Default: 192.168.0.0/16

PublicSubnet1Block:

Type: String

Default: 192.168.1.0/24

PublicSubnet2Block:

Type: String

Default: 192.168.2.0/24

PrivateSubnet1Block:

Type: String

Default: 192.168.3.0/24

PrivateSubnet2Block:

Type: String

Default: 192.168.4.0/24

Resources:

# VPC

EksVPC:

Type: AWS::EC2::VPC

Properties:

CidrBlock: !Ref VpcBlock

EnableDnsSupport: true

EnableDnsHostnames: true

Tags:

- Key: Name

Value: !Sub ${ClusterBaseName}-VPC

# PublicSubnets

PublicSubnet1:

Type: AWS::EC2::Subnet

Properties:

AvailabilityZone: !Ref AvailabilityZone1

CidrBlock: !Ref PublicSubnet1Block

VpcId: !Ref EksVPC

MapPublicIpOnLaunch: true

Tags:

- Key: Name

Value: !Sub ${ClusterBaseName}-PublicSubnet1

- Key: kubernetes.io/role/elb

Value: 1

PublicSubnet2:

Type: AWS::EC2::Subnet

Properties:

AvailabilityZone: !Ref AvailabilityZone2

CidrBlock: !Ref PublicSubnet2Block

VpcId: !Ref EksVPC

MapPublicIpOnLaunch: true

Tags:

- Key: Name

Value: !Sub ${ClusterBaseName}-PublicSubnet2

- Key: kubernetes.io/role/elb

Value: 1

InternetGateway:

Type: AWS::EC2::InternetGateway

VPCGatewayAttachment:

Type: AWS::EC2::VPCGatewayAttachment

Properties:

InternetGatewayId: !Ref InternetGateway

VpcId: !Ref EksVPC

PublicSubnetRouteTable:

Type: AWS::EC2::RouteTable

Properties:

VpcId: !Ref EksVPC

Tags:

- Key: Name

Value: !Sub ${ClusterBaseName}-PublicSubnetRouteTable

PublicSubnetRoute:

Type: AWS::EC2::Route

Properties:

RouteTableId: !Ref PublicSubnetRouteTable

DestinationCidrBlock: 0.0.0.0/0

GatewayId: !Ref InternetGateway

PublicSubnet1RouteTableAssociation:

Type: AWS::EC2::SubnetRouteTableAssociation

Properties:

SubnetId: !Ref PublicSubnet1

RouteTableId: !Ref PublicSubnetRouteTable

PublicSubnet2RouteTableAssociation:

Type: AWS::EC2::SubnetRouteTableAssociation

Properties:

SubnetId: !Ref PublicSubnet2

RouteTableId: !Ref PublicSubnetRouteTable

# PrivateSubnets

PrivateSubnet1:

Type: AWS::EC2::Subnet

Properties:

AvailabilityZone: !Ref AvailabilityZone1

CidrBlock: !Ref PrivateSubnet1Block

VpcId: !Ref EksVPC

Tags:

- Key: Name

Value: !Sub ${ClusterBaseName}-PrivateSubnet1

- Key: kubernetes.io/role/internal-elb

Value: 1

PrivateSubnet2:

Type: AWS::EC2::Subnet

Properties:

AvailabilityZone: !Ref AvailabilityZone2

CidrBlock: !Ref PrivateSubnet2Block

VpcId: !Ref EksVPC

Tags:

- Key: Name

Value: !Sub ${ClusterBaseName}-PrivateSubnet2

- Key: kubernetes.io/role/internal-elb

Value: 1

PrivateSubnetRouteTable:

Type: AWS::EC2::RouteTable

Properties:

VpcId: !Ref EksVPC

Tags:

- Key: Name

Value: !Sub ${ClusterBaseName}-PrivateSubnetRouteTable

PrivateSubnet1RouteTableAssociation:

Type: AWS::EC2::SubnetRouteTableAssociation

Properties:

SubnetId: !Ref PrivateSubnet1

RouteTableId: !Ref PrivateSubnetRouteTable

PrivateSubnet2RouteTableAssociation:

Type: AWS::EC2::SubnetRouteTableAssociation

Properties:

SubnetId: !Ref PrivateSubnet2

RouteTableId: !Ref PrivateSubnetRouteTable

# EKSCTL-Host

EKSEC2SG:

Type: AWS::EC2::SecurityGroup

Properties:

GroupDescription: eksctl-host Security Group

VpcId: !Ref EksVPC

Tags:

- Key: Name

Value: !Sub ${ClusterBaseName}-HOST-SG

SecurityGroupIngress:

- IpProtocol: '-1'

#FromPort: '22'

#ToPort: '22'

CidrIp: !Ref SgIngressSshCidr

EKSEC2:

Type: AWS::EC2::Instance

Properties:

InstanceType: !Ref MyInstanceType

ImageId: !Ref LatestAmiId

KeyName: !Ref KeyName

Tags:

- Key: Name

Value: !Sub ${ClusterBaseName}-host

NetworkInterfaces:

- DeviceIndex: 0

SubnetId: !Ref PublicSubnet1

GroupSet:

- !Ref EKSEC2SG

AssociatePublicIpAddress: true

PrivateIpAddress: 192.168.1.100

BlockDeviceMappings:

- DeviceName: /dev/xvda

Ebs:

VolumeType: gp3

VolumeSize: 20

DeleteOnTermination: true

UserData:

Fn::Base64:

!Sub |

#!/bin/bash

hostnamectl --static set-hostname "${ClusterBaseName}-host"

# Config convenience

echo 'alias vi=vim' >> /etc/profile

echo "sudo su -" >> /home/ec2-user/.bashrc

# Change Timezone

sed -i "s/UTC/Asia\/Seoul/g" /etc/sysconfig/clock

ln -sf /usr/share/zoneinfo/Asia/Seoul /etc/localtime

# Install Packages

cd /root

yum -y install tree jq git htop lynx

# Install kubectl & helm

#curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.26.2/2023-03-17/bin/linux/amd64/kubectl

curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.25.7/2023-03-17/bin/linux/amd64/kubectl

install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl

curl -s https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash

# Install eksctl

curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp

mv /tmp/eksctl /usr/local/bin

# Install aws cli v2

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"

unzip awscliv2.zip >/dev/null 2>&1

sudo ./aws/install

complete -C '/usr/local/bin/aws_completer' aws

echo 'export AWS_PAGER=""' >>/etc/profile

export AWS_DEFAULT_REGION=${AWS::Region}

echo "export AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION" >> /etc/profile

# Install YAML Highlighter

wget https://github.com/andreazorzetto/yh/releases/download/v0.4.0/yh-linux-amd64.zip

unzip yh-linux-amd64.zip

mv yh /usr/local/bin/

# Install krew

curl -LO https://github.com/kubernetes-sigs/krew/releases/download/v0.4.3/krew-linux_amd64.tar.gz

tar zxvf krew-linux_amd64.tar.gz

./krew-linux_amd64 install krew

export PATH="$PATH:/root/.krew/bin"

echo 'export PATH="$PATH:/root/.krew/bin"' >> /etc/profile

# Install kube-ps1

echo 'source <(kubectl completion bash)' >> /etc/profile

echo 'alias k=kubectl' >> /etc/profile

echo 'complete -F __start_kubectl k' >> /etc/profile

git clone https://github.com/jonmosco/kube-ps1.git /root/kube-ps1

cat <<"EOT" >> /root/.bash_profile

source /root/kube-ps1/kube-ps1.sh

KUBE_PS1_SYMBOL_ENABLE=false

function get_cluster_short() {

echo "$1" | cut -d . -f1

}

KUBE_PS1_CLUSTER_FUNCTION=get_cluster_short

KUBE_PS1_SUFFIX=') '

PS1='$(kube_ps1)'$PS1

EOT

# Install krew plugin

kubectl krew install ctx ns get-all # ktop df-pv mtail tree

# Install Docker

amazon-linux-extras install docker -y

systemctl start docker && systemctl enable docker

# CLUSTER_NAME

export CLUSTER_NAME=${ClusterBaseName}

echo "export CLUSTER_NAME=$CLUSTER_NAME" >> /etc/profile

# Create SSH Keypair

ssh-keygen -t rsa -N "" -f /root/.ssh/id_rsa

Outputs:

eksctlhost:

Value: !GetAtt EKSEC2.PublicIp

5)

테라폼 등 사용

- AWS나 Google , Azure등 다양한 CSP 서비스에서 사용 가능하다.

https://brunch.co.kr/@topasvga/2752

(Start) 1. 테라폼-AWS-설치

<6> 후기

1

2/3 인원은 AWS를 기본적으로 다루어 봤다.

2

네트워크에 대해서는 잘 모른다. EIP와 서버 1대 만드는건 안다.

그러나, NAT, ELB는 잘 모른다.

3

"동영상 녹화자료를 봐야 따라할수 있을거 같다" 가 대부분이다.

앞으로 Zoom 녹화자료를 제공해야 겠다.

타이머

https://vclock.kr/timer/#countdown=00:10:00&enabled=0&seconds=0&sound=xylophone&loop=1

타이머 온라인 - 타이머 - 온라인 타이머 - Timer - vClock.kr

감사합니다.