[오픈소스컨설팅AWS 서비스 구성 및 관리 가이드-2014.02기준

1. AWS Project Name: Open Source Consulting Internal Department: AWS Department Focus Area: Amazon Web Service Product/Process: EC2(EC2, EBS, VPC, CloudWatch, Auto Scaling, ELB), RDS, S3 Prepared By: Document Owner(s) Project/Organization Role Sang-Cheon Park Technical Assistance Project Status Report Version Control Version Date Author Change Description 1.0 2014/02/04 Sang-Cheon Park Document created Confidential Last printed on 2/18/2014 2:31:00 AM

2. Configuration & Management Guide TABLE OF CONTENTS 1 ......................................................................................................................... 4 2 ELASTIC COMPUTE CLOUD(EC2) .......................................................................................... 4 2.1 .............................................................................................................................. 4 2.2 EC2 ....................................................................................................... 4 2.3 Elastic Block Storage(EBS) ......................................................................................... 10 2.4 Elastic IP ..................................................................................................................... 14 2.5 Virtual Private Cloud(VPC) ......................................................................................... 16 2.5.1 VPC ...................................................................................................... 16 2.5.2 VPC .......................................................................................................... 16 2.5.3 VPC .......................................................................................................... 17 2.5.4 Architecture ................................................................................................. 18 2.5.5 VPC .......................................................................................................... 19 2.5.6 Subnet .......................................................................................................... 21 2.5.7 Network ACL(NACL) .................................................................................... 22 2.5.8 Route Table ................................................................................................. 24 2.5.9 Internet Gateway ......................................................................................... 26 2.5.10 ELB ............................................................................................................... 27 Confidential Page 2

3. Configuration & Management Guide 2.5.11 NAT Instance ............................................................................................... 27 2.5.12 Proxy ............................................................................................................ 30 2.6 CloudWatch ............................................................................................................... 31 2.6.1 Monitoring ........................................................................................................... 31 2.6.2 Alarm .................................................................................................................... 33 2.7 2.8 3 Auto Scaling ............................................................................................................... 34 Elastic Load Balancer(ELB) ......................................................................................... 35 RELATIONAL DATABASE SERVICE(RDS) ............................................................................ 41 3.1 3.2 RDS .................................................................................................................... 48 3.3 4 RDS .................................................................................................................... 41 ............................................................................................................................ 50 SIMPLE STORAGE SERVICE(S3) ........................................................................................... 51 4.1 Bucket ................................................................................................................ 51 4.2 Bucket ................................................................................................................ 52 Confidential Page 3

4. 1 AWS(Amazon Web Service) EC2, RDS, S3 . 2 Elastic Compute Cloud(EC2) Amazon Elastic Compute Cloud(Amazon EC2) AWS CPU OS . 2.1 EC2 . Elastic Block Store : EC2 Elastic IP : IP Virtual Private Cloud : CloudWatch : AWS Auto Scaling : Amazon EC2 Elastic Load Balancing : , EBS , Region Availability Zone . 2.2 EC2 . Confidential Last printed on 2/18/2014 2:31:00 AM

5. Configuration & Management Guide Instances Launch Instance . Instance . - AMI Amazon OS , AWS , AWS Marketplace, Community AMI . . - []AWS_EC2_Instance__V1.0_20140206.docx . Confidential Page 5

6. Configuration & Management Guide /. - VPC 2.5 Virtual Private Cloud(VPC) . Confidential Page 6

7. Configuration & Management Guide EBS //, Instance Store / . Name Tag . Confidential Page 7

8. Configuration & Management Guide Security Group Security Group . Launch . Confidential Page 8

9. Configuration & Management Guide key-pair key-pair Launch Instances . . Confidential Page 9

10. Configuration & Management Guide . [nices96@nices96s-MacBook-Pro ~]$ ssh -i test.pem [email protected] The authenticity of host 'ec2-54-80-69-47.compute-1.amazonaws.com (54.80.69.47)' can't be established. RSA key fingerprint is 38:86:b3:a3:93:61:02:ff:07:3e:3f:51:97:a5:de:62. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ec2-54-80-69-47.compute-1.amazonaws.com,54.80.69.47' (RSA) to the list of known hosts. __| __|_ ) _| ( / Amazon Linux AMI ___|___|___| https://aws.amazon.com/amazon-linux-ami/2013.09-release-notes/ 9 package(s) needed for security, out of 30 available Run "sudo yum update" to apply all updates. [ec2-user@domU-12-31-39-04-38-8C ~]$ 2.3 Elastic Block Storage(EBS) EBS EC2 EC2 //, EBS umount EBS . Volumes Create Volume EBS . Confidential Page 10

11. Configuration & Management Guide * EC2 Availability Zone . Attach Volume EC2 . Confidential Page 11

12. Configuration & Management Guide [root@domU-12-31-39-04-38-8C ~]# fdisk /dev/sdf Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel Building a new DOS disklabel with disk identifier 0xbd923834. Changes will remain in memory only, until you decide to write them. After that, of course, the previous content won't be recoverable. Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite) WARNING: DOS-compatible mode is deprecated. It's strongly recommended to switch off the mode (command 'c') and change display units to sectors (command 'u'). Command (m for help): n Command action e extended p primary partition (1-4) p Partition number (1-4): 1 First cylinder (1-1305, default 1): Using default value 1 Last cylinder, +cylinders or +size{K,M,G} (1-1305, default 1305): Using default value 1305 Command (m for help): w The partition table has been altered! Calling ioctl() to re-read partition table. Syncing disks. Confidential Page 12

13. Configuration & Management Guide [root@domU-12-31-39-04-38-8C ~]# mkfs.ext4 /dev/xvdf1 mke2fs 1.42.3 (14-May-2012) Filesystem label= OS type: Linux Block size=4096 (log=2) Fragment size=4096 (log=2) Stride=0 blocks, Stripe width=0 blocks 655360 inodes, 2620595 blocks 131029 blocks (5.00%) reserved for the super user First data block=0 Maximum filesystem blocks=2684354560 80 block groups 32768 blocks per group, 32768 fragments per group 8192 inodes per group Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632 Allocating group tables: done Writing inode tables: done Creating journal (32768 blocks): done Writing superblocks and filesystem accounting information: done [root@domU-12-31-39-04-38-8C ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/xvda1 7.9G 1.1G 6.8G 14% / tmpfs 829M 0 829M 0% /dev/shm [root@domU-12-31-39-04-38-8C ~]# mkdir -p /mnt/sdf [root@domU-12-31-39-04-38-8C ~]# echo "/dev/xvdf1 /mnt/sdf ext4 defaults 0 0" >> /etc/fstab [root@domU-12-31-39-04-38-8C ~]# mount -a [root@domU-12-31-39-04-38-8C ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/xvda1 7.9G 1.1G 6.8G 14% / Confidential Page 13

14. Configuration & Management Guide tmpfs /dev/xvdf1 829M 0 829M 0% /dev/shm 9.9G 151M 9.2G 2% /mnt/sdf 2.4 Elastic IP Elastic IP IP IP . Elastic IPs Allocate New Address . EIP Associate Address . Confidential Page 14

15. Configuration & Management Guide EIP . [nices96@nices96s-MacBook-Pro ~]$ ssh -i test.pem [email protected] The authenticity of host '54.83.1.231 (54.83.1.231)' can't be established. RSA key fingerprint is 38:86:b3:a3:93:61:02:ff:07:3e:3f:51:97:a5:de:62. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '54.83.1.231' (RSA) to the list of known hosts. Last login: Mon Feb 10 06:10:53 2014 from 121.138.109.61 __| __|_ ) _| ( / Amazon Linux AMI ___|___|___| https://aws.amazon.com/amazon-linux-ami/2013.09-release-notes/ 9 package(s) needed for security, out of 30 available Confidential Page 15

16. Configuration & Management Guide Run "sudo yum update" to apply all updates. [ec2-user@domU-12-31-39-04-38-8C ~]$ 2.5 Virtual Private Cloud(VPC) VPC AWS . EC2-Classic IP , Subnet , Route Table Internet Gateway . EC2 Classic Public Cloud VPC Private Cloud . 2.5.1 VPC VPC (Network ACL, Security Group, IGW, VGW ) IDC . VPC . 2.5.2 VPC VPC . : Security Group Outbound . - EC2 Classic OutBound Any Open VPC Security Group Outbound . : Network ACL . Confidential Page 16

17. Configuration & Management Guide - VPC Subnet Access Control . . Stateful Security Group Stateless Blacklist IP . : Dedicated VPC (). - AWS Host , VPC Host . , . : VPN Legacy (IDC) . - VPN Legacy . Legacy VPC VPN , . 2.5.3 VPC EC2-Classic . . VPC . Instance . Confidential Page 17

18. Configuration & Management Guide : Public Subnet Instance Private Subnet Instance . , Jumphost, NTP , NAT Instance Public Subnet . Subnet AZ HA Subnet . Security Group . : Network ACL Stateless , Blacklist Allow Rule . Network ACL Blacklist Security Group Whitelist . : Security Group Outbound . . : VPC DHCP Option Set DNS , DNS . VPN IDC IP , IP . 2.5.4 Architecture . VPC .( Region Region ) VPC Subnet , Public Subnet Private Subnet . Public Subnet NAT, DNS, NTP, Jumphost, Proxy . Instance Subnet . Confidential Page 18

19. Configuration & Management Guide .ELB Subnet , Internal ELB Private Subnet , External ELB Public Subnet . Security Group Inbound, Outbound Any Open . , 80,443 . Network ACL Allow Black list . Private Subnet (Internet) NAT Proxy . : NAT HA . : Proxy INT-ELB , Auto Scaling . Instance Jumphost , Jumphost VPN . 2.5.5 VPC CIDR Prefix c class /32 1 hosts 1/32 c class /28 16 hosts 1/16 c class /27 32 hosts 1/8 c class /26 64 hosts 1/4 c class /25 128 hosts 1/2 c class /24 256 hosts 1 c class /23 512 hosts 2 c class /22 1024 hosts 4 c class /21 2048 hosts 8 c class /20 Confidential hosts 4096 hosts 16 c class Page 19 C Class

20. Configuration & Management Guide /19 8192 hosts 32 c class /18 16,384 hosts 64 c class /17 32,768 hosts 128 c class /16 65,536 hosts 256 c class B VPC . CIDR Block , C Class Subnet Hosts . (VPC /16 ~ /28(65,536 hosts ~ 16 hosts) .) VPC IP IP . 10.0.0.0 ~ 10.255.255.255.255 172.16.0.0 ~ 172.31.255.255 192.168.0.0 ~ 192.168.255.255 ** Amazon Default VPC 172.31.0.0/16 B 256 C (172.31.0.0/24 ~ 172.31.255.0/24) , Create VPC 10.0.0.0/16 256 C (10.0.0.0/24 ~ 10.0.255.0/24) . Confidential Page 20

21. Configuration & Management Guide - Tenancy VPC Default On-Demand Instance VPC Instance , Dedicated . 2.5.6 Subnet Subnet VPC , VPC (10.0.0.0/16 .) . Confidential Page 21

22. Configuration & Management Guide Subnet Private/Public Subnet , Route Table Route (Internet Gateway) Private/Public Subnet . Public Subnet Instance Public IP . Public Subnet Subnet , Subnet EXT-ELB, NAT, Proxy, NTP, DNS, Jumphost . Private Subnet Subnet NAT Proxy . Private Subnet WEB, WAS, Database Service Server . 2.5.7 Network ACL(NACL) Network ACL (Network Access Control List) (Access Control) Subnet Level Security Group , Security Group Confidential Page 22

23. Configuration & Management Guide . Security Group Stateful , Network ACL Stateless . Network ACL : Network ACL ANY Allow , Deny . ACL , (Subnet ) . , Rule ACL 20 . Network ACL : Network ACL ACL VPC . Network ACL : Network ACL Subnet Associate Subnet . Network ACL Rule : Rule , Port, Source/Destination, Allow/Deny . Confidential Page 23

24. Configuration & Management Guide 2.5.8 Route Table Route Table Subnet Route Table , (Packet) , Drop . Route Table , AWS VPC Route Table , Main Route Table (Packet) . Private/Public Subnet Route Table IGW(Internet Gateway) , IGW Public Subnet , Private Subnet . Private Subnet Security Group Inboud/Outbound Route Table IGW . Route Table Confidential Page 24

25. Configuration & Management Guide Public Subnet Route Table : Route Table , Routes VPC . Route Table . , Public Subnet Instance Internet Gateway . : , Associations Route Table Public Subnet . Private Subnet Routing Table (NAT Routing Talbe ) Confidential Page 25

26. Configuration & Management Guide : Public Subnet Route Table Private Subnet Route Table NAT Instance . : , Associations Route Table Private Subnet . 2.5.9 Internet Gateway VPC Instance , Route Table Internet Gateway . , Internet Gateway Public Subnet , Internet Gateway Private Subnet . Internet Gateway - Create Internet Gateway Internet Gateway . - , Attach to VPC VPC . Confidential Page 26

27. Configuration & Management Guide 2.5.10 ELB VPC ELB(Elastic Load Balancer) INT-ELB(Internal ELB) EXT-ELB(External ELB) INT-ELB VPC ELB , Backend Instance WAS . EXT-ELB ELB Public IP Public DNS Backend Instance WEB . ELB : ELB Subnet . EXT-ELB AZ Public Subnet , INT-ELB AZ Private Subnet . Subnet Public, Private /27 (CIDR- 32hosts) . 2.5.11 NAT Instance NAT Instance Private Subnet Instance (Internet) Instance . AWS NAT Instance AMI , . http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html Confidential Page 27

28. Configuration & Management Guide NAT Instance : NAT Instance HA , HA AWS . http://aws.amazon.com/articles/2781451301784570 1. Private Subnet NAT Internet . 2. NAT 1 SPoF(Single Point of Failure) , HA . 3. NAT Subnet , Route table 0.0.0.0/0 NAT . (NAT Subnet .) 4. HA NAT Heart Beat . 5. NAT Heart Beat NAT Route table NAT . 6. NAT Route Table , 2 NAT . NAT Instance : NAT Instance , NAT Instance Security Group . : NAT Instance Security Group In/Outbound . ) HTTP(80), HTTPS(443) Inbound Source Protocol Port Range Comments 10.0.2.0/24 TCP 80 Private Subnet HTTP Traffic 10.0.2.0/24 TCP 443 Private Subnet HTTP Traffic Public IP TCP 2022 IP Protocol Port Range Comments Outbound Destination Confidential Page 28

29. Configuration & Management Guide 0.0.0.0/0 TCP 80 Internet 0.0.0.0/0 TCP 443 Internet - , NAT Instance Public AMI (ami-vpcnat) NAT Instance . Instance Classic-EC2 Instance . VPC Public Subnet . Public AMI NAT Instance , NAT Instance EC2 Instance Source/Destination Check Disable . Confidential Page 29

30. Configuration & Management Guide - , NAT Instance Source/Dest Check Disable . NAT Instance Source/Dest Check Disable . : EC2 Instance Source/Dest Check , NAT Instance Instance, Source/Dest Instance Traffic , Source/Dest Check Disable . : Source/Dest Check , NAT Instance Private Subnet Instance Private Subnet Route Table Associations NAT Instance ID . 2.5.12 Proxy Proxy NAT Private Subnet Instance (Internet) . Confidential Page 30

31. Configuration & Management Guide Proxy : Proxy AutoScaling NAT Service . AutoScaling Proxy . Proxy : Proxy Layer 7(Application Level) , Instance , Service . (HTTP, HTTPS) Proxy . NAT Layer 3 , Service . Proxy : INT-ELB AutoScaling , (HTTP, HTTPS) . AutoScaling Proxy . 2.6 CloudWatch CloudWatch AWS , , , CPU , , . , , . 2.6.1 Monitoring EC2 RDS Metrics . Confidential Page 31

32. Configuration & Management Guide Metrics , 2 . Confidential Page 32

33. Configuration & Management Guide 2.6.2 Alarm Alarm CloudWatch SNS Queue Alarm Email . Create Alarm Alarm . Confidential Page 33

34. Configuration & Management Guide : Topic Alarm . : ALARM, INSUFFICIENT, OK , ALARM, INSUFFICIENT, OK . 2.7 Auto Scaling Auto Scaling EC2 Amazon EC2 , . Auto Scaling . Confidential Page 34

35. Configuration & Management Guide 2.8 Elastic Load Balancer(ELB) ELB Amazon EC2 , . ELB Availability Zone Availability Zone . Load Balancers Create Load Balancer . Load Balancer Listener . : Protocol HTTP, HTTPS(Secure HTTP), TCP, SSL(Secure TCP) . : HTTPS SSL . Confidential Page 35

36. Configuration & Management Guide Confidential Page 36

37. Configuration & Management Guide Health Check / .ELB Ping Protocol , HTTP Path . Confidential Page 37

38. Configuration & Management Guide - Ping Protocol / Port / Path : ELB Ping Protocol , HTTP Path . - Response Timeout : Ping - Heal Check Interval : Ping - Unhealthy Threshold : Ping - Healthy Threshold : Ping ELB EC2 . Confidential Page 38

39. Configuration & Management Guide ELB . Confidential Page 39

40. Configuration & Management Guide - Description : ELB (Sticky Session ) - Instances : / - Health Check : ELB Health Check - Monitoring : ELB - Security : ELB Security Group - Listener : Listener / - Monitoring : ELB * Health Check In Service . - Health Check Ping Protocol, Ping Port, Ping Path . - Security Group ELB Ping Port . Confidential Page 40

41. 3 Relational Database Service(RDS) RDS , MySQL, Oracle, Microsoft SQL Server PostgreSQL . , . MySQL RDS . 3.1 RDS RDS EC2 Security Group . EC2 RDS Security Group . RDS Security Groups Create DB Security Group . Confidential Last printed on 2/18/2014 2:31:00 AM

42. Rule . RDS Instances Launch DB Instance . Confidential Last printed on 2/18/2014 2:31:00 AM

43. DB . Confidential Last printed on 2/18/2014 2:31:00 AM

44. Multi-AZ Deployment(HA ) Provisioned IOPS Storage . DB Instance /. Confidential Last printed on 2/18/2014 2:31:00 AM

45. Configuration & Management Guide - Production Mode Multi-AZ Deployment Provisioned IOPS Storage . - Auto Minor Version Upgrade Production Mode . DB , Port /. - log innodb Parameter Group . Confidential Page 45

46. . Production Mode . Confidential Last printed on 2/18/2014 2:31:00 AM

47. RDS Instance / . Confidential Last printed on 2/18/2014 2:31:00 AM

49. Configuration & Management Guide Confidential Page 49

50. Configuration & Management Guide 3.3 , , notification . Confidential Page 50

51. Configuration & Management Guide 4 Simple Storage Service(S3) S3 99.99% 99.999999999% . , , , . S3 Region Global , Region . 4.1 Bucket Bucket . S3 Create Bucket . Bucket . - Bucket AWS unique , naming . Confidential Page 51

52. Configuration & Management Guide 4.2 Bucket Bucket Properties Bucket . Confidential Page 52

53. Configuration & Management Guide Permissions - Everyone, Authenticated User, Log Delivery List, Upload/Delete, View Permission, Edit Permission . Static Website Hosting - S3 , Endpoint URL . Logging - Bucket Notifications - notification . Confidential Page 53

54. Configuration & Management Guide Lifecycle - Bucket Amazon Glacier Tags - Tag S3 . Requester Pays - Bucket Download . , . Versioning - S3 Bucket . Confidential Page 54

Technology

[오픈소스컨설팅AWS 서비스 구성 및 관리 가이드-2014.02기준