Bastion Host ์‚ฌ์šฉํ•˜์—ฌ RDS ์ ‘์†ํ•˜๊ธฐ

2023-09-25
๐Ÿ“‚ Cloud > aws
๐Ÿงถ #BastionHost #RDS

Bastion Host ๋กœ ๊ตฌ์„ฑ๋œ EC2์—์„œ mysql ์‚ฌ์šฉ

์ ์šฉ ๋ฐฐ๊ฒฝ

  • dev ํ™˜๊ฒฝ์—์„œ stg ํ™˜๊ฒฝ์œผ๋กœ RDS table์„ ์ด๊ด€ํ•˜๊ธฐ ์œ„ํ•ด์„œ mysql dump ๊ธฐ๋Šฅ ์‚ฌ์šฉ
  • AWS Bastion Host ๊ตฌ์„ฑ ๋ฐ RDS ๊ตฌ์„ฑ์ด ์™„๋ฃŒ๋˜์–ด์žˆ๋Š” ์ƒํ™ฉ์„ ์ „์ œ๋กœ ์ž‘์„ฑ๋จ
  • window10 ํ™˜๊ฒฝ์—์„œ wsl ์„ค์น˜ ํ›„ awscli ์‚ฌ์šฉํ•˜์—ฌ ๋ช…๋ น์–ด ์‹คํ–‰

1. .pem file ์ค€๋น„

  • window ํ™˜๊ฒฝ์—์„œ MySQL Workbench ์‚ฌ์šฉ์„ ์œ„ํ•ด ๋กœ์ปฌ์— .pem ํŒŒ์ผ์„ ์ €์žฅํ•ด๋‘์—ˆ๋‹ค.
  • wsl์—์„œ ์œˆ๋„์šฐ์— ์ €์žฅ๋œ ํŒŒ์ผ๊ฐ™์€ ๊ฒฝ์šฐ /mnt ๋””๋ ‰ํ† ๋ฆฌ ํ•˜์œ„์—์„œ ์กฐํšŒ ๊ฐ€๋Šฅํ•˜์ง€๋งŒ ๋‚˜์ค‘์— ์ ‘์†ํ•˜๋ ค๊ณ  ๋ช…๋ น์–ด ๋‚ ๋ฆฌ๋ฉด Permission ์—๋Ÿฌ๊ฐ€ ๋ฐœ์ƒํ•œ๋‹ค.
  • ๋”ฐ๋ผ์„œ wsl์—์„œ ๋ฐ”๋กœ ์ฝ์„ ์ˆ˜ ์žˆ๋Š” ์œ„์น˜๋กœ ํŒŒ์ผ copyํ•ด๋‘”๋‹ค โ–ถ ๋‚˜์ค‘์— ~/.ssh ์œ„์น˜์— config ํŒŒ์ผ ๋งŒ๋“ค๊ฑฐ๋ผ์„œ ๊ฐ™์€ ์œ„์น˜๋กœ ๋ณต์‚ฌํ•œ ๋’ค ๊ถŒํ•œ ์ฒ˜๋ฆฌ ํ•ด๋‘์—ˆ์Œ. 
    1m3rri@hostname:/$ cp "/mnt/h/์›๋ž˜ ์œ„์น˜/key.pem" ~/.ssh/
2m3rri@hostname:/$ sudo chmod 400 ~/.ssh/key.pem

2. aws ssm ์„ค์น˜

1m3rri@hostname:/$ curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" -o "session-manager-plugin.deb"
2m3rri@hostname:/$ sudo dpkg -i session-manager-plugin.deb
3m3rri@hostname:/$ session-manager-plugin
4
5The Session Manager plugin was installed successfully. Use the AWS CLI to start a session.
6
7m3rri@hostname:/$

3. config ์ž‘์„ฑ

1m3rri@hostname:/$ sudo vim config
2
3host i-* mi-*
4  ProxyCommand sh -c "aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"
5  User ec2-user
6  IdentityFile ./key.pem
  • ec2-user : Bastion Host ํ™˜๊ฒฝ์˜ EC2 user name์ž„ ๊ผญ ec2-user๊ฐ€ ์•„๋‹ ์ˆ˜ ์žˆ์Œ

4. ssh ์‹คํ–‰

  • EC2 console์—์„œ ์ธ์Šคํ„ด์Šค ID ํ™•์ธ ํ•„์š” image
1m3rri@hostname:/$ ssh i-*****************
2The authenticity of host 'i-***************** (<no hostip for proxy command>)' can't be established.
3ED25519 key fingerprint is SHA256:*****************/*****************.
4This host key is known by the following other names/addresses:
5    ~/.ssh/known_hosts:1: [hashed name]
6Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
7Warning: Permanently added 'i-*****************' (ED25519) to the list of known hosts.
8Last login: Mon Sep 25 01:31:20 2023 from 61.74.175.54
9
10       __|  __|_  )
11       _|  (     /   Amazon Linux 2 AMI
12      ___|\___|___|
13
14https://aws.amazon.com/amazon-linux-2/
1523 package(s) needed for security, out of 49 available
16Run "sudo yum update" to apply all updates.

5. mysql ์‹คํ–‰

1[ec2-user@ip-172-00-0-000 ~]$ mysql -u[username] -h[mysql host name] -P3306 -p[password]
2Welcome to the MariaDB monitor.  Commands end with ; or \g.
3Your MySQL connection id is 426485
4Server version: 8.0.26 Source distribution
5
6Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
7
8Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
9
10MySQL [(none)]> use testdb;
11Reading table information for completion of table and column names
12You can turn off this feature to get a quicker startup with -A
13
14Database changed
15MySQL [testdb]> select * from user_info;
  • mysql ๋ช…๋ น์–ด ์‹คํ–‰ ์‹œ -u, -h, -p๋“ฑ์˜ ์˜ต์…˜ ๋’ค์— ๊ณต๋ฐฑ์ด ์—†์–ด์•ผํ•จ!(-P3306 ์ฐธ์กฐ)

์ฐธ์กฐ

musma - [์‹ค์Šต] SSH์ฒ˜๋Ÿผ ์œ„์žฅํ•˜๊ธฐ + ํฌํŠธ ํฌ์›Œ๋”ฉ (๊ณ ๊ธ‰)

/end of Bastion Host ์‚ฌ์šฉํ•˜์—ฌ RDS ์ ‘์†ํ•˜๊ธฐ
CONTENT LISTMERRI๏ผ‡s DEVELOG
์›น ์ทจ์•ฝ์ 
security | #web security #web์ทจ์•ฝ์ 
2024-11-19
๋กœ์ปฌ์—์„œ minikube๋กœ k8s ๋ง›๋ณด๊ธฐ
kubernetes | #devops #k8s #ingress
2024-10-23
๊ธฐ์ดˆ ๋„คํŠธ์›Œํฌ[์œ ํˆฌ๋ธŒ ์กฐ์ฝ”๋”ฉ - ๊ผญ ์•Œ์•„์•ผ ํ•˜๋Š” ๋„คํŠธ์›Œํฌ ์ง€์‹...(feat.๊ฐ•๋ฏผ์ฒ )
network | #network #http
2024-06-20
Java Bean Mapping library ์ ์šฉ - MapStruct
spring | #MapStruct #jpa #java
2023-05-26
wsl.exe ์‹คํ–‰๋˜์ง€ ์•Š์Œ
window | #wsl #ubuntu
2023-02-21