본문 바로가기

퍼블릭 클라우드

[draft] AWS EC2 Instance Connect를 설정하는 방법

728x90

AWS EC2 Instance Connect를 설정하는 방법

Amazon Linux 2에 EC2 Instance Connect(ec2-instance-connect) 설치

yum install ec2-instance-connect

인터스턴 생성 시 ec2-instance-connect 패키지기 포함되어 있나 봐요(설치되어 있네요 ㅠㅠ)

$ sudo yum install -y ec2-instance-connect
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Package ec2-instance-connect-1.1-14.amzn2.noarch already installed and latest version
Nothing to do

/opt/aws/bin/ 폴더에 4개의 스크립트가 있는지 확인합니다.

$ ll /opt/aws/bin/ | egrep -v lrwxrwxrwx
total 36
-rwxr-xr-x 1 root root  6852 Apr  8 22:02 eic_curl_authorized_keys
-rwxr-xr-x 1 root root  7323 Apr  8 22:02 eic_harvest_hostkeys
-rwxr-xr-x 1 root root 15696 Apr  8 22:02 eic_parse_authorized_keys
-rwxr-xr-x 1 root root   823 Apr  8 22:02 eic_run_authorized_keys

sshd_config 파일에 AuthorizedKeysCommand, AuthorizedKeysCommandUser 설정이 되어 있는지 확인합니다.

$ cat /etc/ssh/sshd_config | egrep 'AuthorizedKeysCommand|AuthorizedKeysCommandUser'
AuthorizedKeysCommand /opt/aws/bin/eic_run_authorized_keys %u %f
AuthorizedKeysCommandUser ec2-instance-connect

EC2 콘솔 출력

지정된 인스턴스에 대한 콘솔 출력을 가져옵니다.

aws --profile sangchul --region ap-northeast-2 ec2 get-console-output --instance-id i-0cfba68204744e399 --output text

$ aws --profile sangchul --region ap-northeast-2 ec2 get-console-output \
--instance-id i-0cfba68204744e399 --output text
...
<14>Sep 23 06:45:37 ec2:
<14>Sep 23 06:45:37 ec2: #############################################################
<14>Sep 23 06:45:37 ec2: -----BEGIN SSH HOST KEY FINGERPRINTS-----
<14>Sep 23 06:45:37 ec2: 256 SHA256:13gxHjB75MnpiCU7zuYBvtXQJmBnp7 no comment (ECDSA)
<14>Sep 23 06:45:37 ec2: 256 SHA256:sh1xvNBwI1sxWu0YgMYODrUYrgsqLv no comment (ED25519)
<14>Sep 23 06:45:37 ec2: 2048 SHA256:awZqbM3qrnWHbBFk6srQKohccqMih no comment (RSA)
<14>Sep 23 06:45:37 ec2: -----END SSH HOST KEY FINGERPRINTS-----
<14>Sep 23 06:45:37 ec2: #############################################################
-----BEGIN SSH HOST KEY KEYS-----
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHDCug7i
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFTC2FandAHqoDsJVgrYoHYrtkRR6E/VBSiEWkETsnJq
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkQkIiD+wf0pxyaSMHFSXWi9RzMLSoGznRWGFp7PYM
-----END SSH HOST KEY KEYS-----
[   14.638094] cloud-init[2418]: Cloud-init v. 19.3-44.amzn2 finished 
at Thu, 23 Sep 2021 06:45:37 +0000. Datasource DataSourceEc2.  
Up 14.60 seconds
	2021-09-23T06:51:49.000Z

EC2 Instance Connect에 대한 IAM 보안 권한 설정 및 부여

정책 이름 : ec2-instance-connect

설명 : EC2 Instance Connect

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "ec2-instance-connect:SendSSHPublicKey",
            "Resource": "arn:aws:ec2:region:account-id:instance/*",
            "Condition": {
                "StringEquals": {
                    "aws:ResourceTag/Connect": "ec2-instance-connect"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": "ec2:DescribeInstances",
            "Resource": "*"
        }
    ]
}

IAM 사용자 그룹 또는 사용자에게 정책 권한 할당

IAM > 사용자 그룹 > Infrastructure_Team > 권한 추가

EC2 인스턴스에 태그 설정

Key : Connect

Value : ec2-instance-connect

EC2 Instance Connect로 인스턴스 연결

인스턴스에 연결하는 중에 문제가 발생했습니다.

https://docs.aws.amazon.com/ko_kr/AWSEC2/latest/UserGuide/ec2-instance-connect-set-up.html

 

728x90