[LINUX] Deployment procedure on AWS ① Network environment settings

I will write a deployment procedure using AWS, which is difficult for beginners

AWS has a lot of UI changes, so I am writing in the current one (2019/10), (AWS has a UI that changes frequently, so it may look a little different depending on the version ...)

Contents this time [** STEP1 Network environment settings **](https://qiita.com/tksh8/items/9a8e88a777a3a4ee7a09#step1-%E3%83%8D%E3%83%83%E3%83%88%E3%83% AF% E3% 83% BC% E3% 82% AF% E7% 92% B0% E5% A2% 83% E8% A8% AD% E5% AE% 9A)

  1. Creating a VPC
  2. Create subnet
  3. Create an internet gateway
  4. Creating a route table
  5. Linking with subnets
  6. Create a security group

[** STEP2 EC2 settings **] (https://qiita.com/tksh8/items/9a8e88a777a3a4ee7a09#step2-ec2%E3%81%AE%E8%A8%AD%E5%AE%9A)

  1. Create an instance on EC2
  2. Elastic IP assignment
  3. SSH into your instance

Next time content [** STEP3 or later Steps to deploy on AWS ② Server (EC2 instance) environment settings **] (https://qiita.com/tksh8/items/3d2f2eeaf0e8de291b6d)

* The server here is an AWS EC2 instance (Amazon Linux).

STEP1 Network environment settings

1. Creating a VPC

VPC (a private virtual network that is logically separated on the AWS cloud)

https://aws.amazon.com/ Sign in with Amazon Web Services

Set the region in the header to Tokyo and Search for "VPC" and go to "VPC"

スクリーンショット 2019-10-01 10.13.39.png

Click [Create VPC] from VPC in the side menu. スクリーンショット 2019-09-29 20.26.18.png

Because it will be a creation screen This time, set as below and click [Create].

・ Name tag:testVPC
-IPv4 CIDR block:10.0.0.0/16
-IPv4 CIDR block:No block
・ Tenancy:Default
スクリーンショット 2019-10-01 10.18.41.png

2. Create subnet

A subnet is a group of networks that initially divides the CIDR block created by the VPC.

This subnet is configured to create two subnets for placing [RDS].

Click [Create Subnet] from the subnet in the side menu. スクリーンショット 2019-09-29 20.30.39.png

Because it will be a creation screen Set as below and press [Create]

・ Name tag:testSubnet
・ VPC:Select the one you created earlier
・ Availability zone:ap-northeast-1a
・ CIDR block:10.0.0.0/24

Create another one in the same way

・ Name tag:testSubnet2
・ VPC:Select the one you created earlier
・ Availability zone:ap-northeast-1c
・ CIDR block:10.0.1.0/24
68747470733a2f2f71696974612d696d6167652d73746f72652e73332e61702d6e6f727468656173742d312e616d617a6f6e6177732e636f6d2f302f3335353531372f34633731633536382d346231352d653262622d636665612d6333373631643964363634642e706e67.png

3. Create an internet gateway

What is an internet gateway (a gateway required to communicate with the internet)

From the internet gateway on the side menu Click [Create Internet Gateway]

スクリーンショット 2019-09-29 20.34.02.png

Because it will be a creation screen Set as below and press [Create]

Name tag:testGateway
68747470733a2f2f71696974612d696d6167652d73746f72652e73332e61702d6e6f727468656173742d312e616d617a6f6e6177732e636f6d2f302f3335353531372f30303636333333392d383839352d643333632d343637332d6362376530643365353366632e706e67.png

Press [Action], and then press [Attach to VPC]. 68747470733a2f2f71696974612d696d6167652d73746f72652e73332e61702d6e6f727468656173742d312e616d617a6f6e6177732e636f6d2f302f3335353531372f63333666633763662d313638622d626136392d306135652d3365326235653836303433642e706e67.png

Set as below and press [Attach]

VPC:Select the one you created earlier
68747470733a2f2f71696974612d696d6167652d73746f72652e73332e61702d6e6f727468656173742d312e616d617a6f6e6177732e636f6d2f302f3335353531372f66303032333238392d653838612d326264652d306337632d3661323536666230373264312e706e67.png

4. Creating a route table

The route table (which defines the rules for where the instances in the subnet go to communication)

Press [Create Route Table] from the route table in the side menu.

68747470733a2f2f71696974612d696d6167652d73746f72652e73332e61702d6e6f727468656173742d312e616d617a6f6e6177732e636f6d2f302f3335353531372f37616534643065332d323862302d613333372d346132632d6630623434383936643238352e706e67.png

Because it will be a creation screen Set as below and press [Create]

Name tag:testTable
VPC:Select the one you created earlier
68747470733a2f2f71696974612d696d6167652d73746f72652e73332e61702d6e6f727468656173742d312e616d617a6f6e6177732e636f6d2f302f3335353531372f32623430326161332d633761652d666461622d616163622d6130326265323933383230652e706e67.png

With the created route table selected Click the tabs "Route"> "Edit Route" below, and press [Add Route].

68747470733a2f2f71696974612d696d6167652d73746f72652e73332e61702d6e6f727468656173742d312e616d617a6f6e6177732e636f6d2f302f3335353531372f35336331383337372d353137662d613265342d313139352d3263613730396130306661632e706e67.png

Set as below and press [Save Rule]

Destination:0.0.0.0/0
target:Select Internet Gateway and select the gateway ID you created earlier
68747470733a2f2f71696974612d696d6167652d73746f72652e73332e61702d6e6f727468656173742d312e616d617a6f6e6177732e636f6d2f302f3335353531372f63626462313066362d656534352d616239312d613164612d6534363733636333313136662e706e67.png

5. Linking with subnets

A subnet is a group of networks that initially divides the CIDR block created by the VPC.

→ Select "Subnet" on the left
→ Select the subnet whose association you want to change
→ Select the route table at the bottom of the screen
→[Editing route table associations]Press
スクリーンショット 2019-10-01 10.35.17.png

→ Select the route table ID created earlier
→[Save]Press
スクリーンショット 2019-10-01 10.39.06.png

6. Create a security group

A security group is a virtual firewall that summarizes security rules.

Side menu From Security> Security Group> Click [Create Security Group] スクリーンショット 2019-09-29 21.07.37.png

Set as below and press [Create]

Security group name:testSecurityGroup
Description:そのセキュリティグループのDescription
VPC:Select the one you created earlier
スクリーンショット 2019-10-01 10.43.36.png

Click [Edit Rule] of the inbound rule at the bottom of the screen, and then click [Add Rule]. Set as below and press [Save Rule]

type:SSH
Source:My IP
スクリーンショット 2019-09-30 21.23.54.png

STEP2 EC2 settings

If you want to use DB on AWS

-Create an instance on EC2
・ Use RDS
* However, if you use RDS, you will be charged, so
If you do not use it, create the database directly on the server.

There are two types of methods. This time Create an instance on EC2 (create a database directly on the server) I will mainly do

1. Create an instance on EC2

If the instance remains up You will be charged, so if you do not use it It is recommended to put it in a stopped state

Search and access "EC2" in the AWS Management Console

スクリーンショット 2019-09-26 23.58.51.png

Click [Create Instance] from the instance in the side menu.

スクリーンショット 2019-09-27 0.02.03.png

Click here this time スクリーンショット 2019-09-27 0.06.56.png

Click Next Steps: Set Instance Details

スクリーンショット 2019-09-27 0.08.21.png

Set the following and click [Next step: Add storage]

Network: Select the VPC you just created
Subnet: Select the subnet you just created
Auto-assign public IP: Enabled
Others remain default
68747470733a2f2f71696974612d696d6167652d73746f72652e73332e61702d6e6f727468656173742d312e616d617a6f6e6177732e636f6d2f302f3335353531372f30353438646266632d333631362d396662392d386166662d6265383133353536653934632e706e67.png

Keep the default and click [Next step: Add tag]

Add a tag

Click [Add Tag] スクリーンショット 2019-09-30 16.46.54.png

Key: Name
Value: testInstance

Click [Next Step: Security Group Settings]

Security group settings

Security Group Assignment: Existing Select it, select the security group you just created, Click [Confirm and Create] 68747470733a2f2f71696974612d696d6167652d73746f72652e73332e61702d6e6f727468656173742d312e616d617a6f6e6177732e636f6d2f302f3335353531372f39616532356237392d396565342d363531342d396237392d6237333732613434373030322e706e67.png

Since it will be a list screen Finally, click [Start]

It will be displayed as below Choose to create a new key pair, Enter the key pair name and Click [Download Key Pair] (Note that once the file is created, it cannot be downloaded again.) スクリーンショット 2019-09-30 19.51.28.png

After downloading, click [Create Instance]

An instance will be created after a while !!

2. Elastic IP assignment

Side menu Network & Security> Press Elastic IP [Assign New Address]

68747470733a2f2f71696974612d696d6167652d73746f72652e73332e61702d6e6f727468656173742d312e616d617a6f6e6177732e636f6d2f302f3335353531372f36323739383338622d633864352d643366312d383066342d6639613635663234633238612e706e67.png

Click [Assign] スクリーンショット 2019-09-30 17.06.31.png

Return with [Close]

Click [Action]> Address Association 68747470733a2f2f71696974612d696d6167652d73746f72652e73332e61702d6e6f727468656173742d312e616d617a6f6e6177732e636f6d2f302f3335353531372f34643235323034332d663531632d653261362d396330362d3462626139363734326635662e706e67.png

Select the instance you created earlier and press [Associate]. スクリーンショット 2019-09-30 17.09.45.png

There is no charge as long as the instance to which the Elastic IP is attached (associates) is running. However, if your instance is "down" or you are not using Elastic IP, you will be charged. Therefore, you should delete the Elastic IPs that you do not use.

If the Elastic IP is still attached to your instance, select it from the Elastic IPs and click Actions → Disassociate Address. A confirmation screen will be displayed. If there is no mistake, click "Disassociate Address" and detach the EIP.

After that, select the relevant IP again and click "Action"-> "Release Address" to delete the EIP. Now you will not be charged.

The setting on the AWS side is completed once

3. SSH into your instance

Open a terminal on your PC

Various installation

python

$ brew install python

pip (python package management system)

$ easy_install pip

awscli (for handling aws from the console of the PC)

$ pip install awscli

Click here if you can't https://docs.aws.amazon.com/ja_jp/cli/latest/userguide/install-macos.html

Log in to your instance with ec2-user

On AWS As a user who can log in to your EC2 instance A user named ec2-user is provided by default Here, first log in as ec2-user

I will put the following in the terminal (* TestKey.pem is the key downloaded in STEP2 earlier)

$ mv Downloads/testKey.pem .ssh/
(#Move the created public key to the ssh folder)

$ cd .ssh/
(#Move directory to ssh)

$ chmod 600 testKey.pem
(#Grant the access right defined by No. 600 to the public key)

$ ssh -i testKey.pem [email protected](@For the following URLs, use the Elastic IP associated with the created EC2 instance.)
(#Ec2 using public key-Login as user)

Example:
($ ssh -i testKey.pem [email protected])

I'm asked yes / no

Press Enter with yes スクリーンショット 2019-09-30 21.49.54.png

You have successfully logged in! !! !!

ssh port 22 Operation timed out Click here if an error occurs https://qiita.com/yokoto/items/338bd80262d9eefb152e

https://qiita.com/minicoopers0716/items/cac50f29ef79a03f1d8d

User creation (operation on EC2)

While logged in to the instance as described above

[ec2-user|~]$ sudo adduser testuser
(#Register new user name)
[ec2-user|~]$ sudo passwd testuser
(#Password registration for new user name)


Register password

Write to add permissions to users with vim

$ sudo visudo

Go to vim mode

## Allows people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

## Same thing without a password
# %wheel  ALL=(ALL)       NOPASSWD: ALL

## Allows members of the users group to mount and unmount the
## cdrom as root
# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

## Allows members of the users group to shutdown this system
# %users  localhost=/sbin/shutdown -h now

In search mode below Look for "wheel" (Enter "/ wheel" on the keyboard and press it, then press "N" to go next)

## Same thing without a password
# %wheel  ALL=(ALL)       NOPASSWD: ALL

Press "i" on the keyboard to enter edit mode

# %wheel ALL=(ALL) NOPASSWD: ALL Uncomment

## Same thing without a password
%wheel  ALL=(ALL)       NOPASSWD: ALL

further

Next, the description to add authority to the created user as shown below
testuser   ALL=(ALL)       ALL  
Add
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
testuser   ALL=(ALL)       ALL

Press "esc" on the keyboard Type ": wq" and press Enter to save

Please switch users here.

[ec2-user|~]$ sudo su - testuser
(#Switch user name)
[[email protected] ~]

It's OK if [ec2-user | switches to testuser (created user name) safely.

exit

Twice Log out once with

Create key pair for additional users

This is a local work

$ cd .ssh
[.ssh]$ ssh-keygen -t rsa
(#Create public key)
-----------------------------
Enter file in which to save the key ():
(#Enter the name of the file here and press enter)
test_key_rsa 

Enter passphrase (empty for no passphrase): 
(#Enter as it is without doing anything)
Enter same passphrase again: 
(#Enter as it is without doing anything)
-----------------------------

[.ssh]$ ls
#「test_key_rsa "and" test_key_rsa.Confirm that "pub" has been generated
[.ssh]$ vi config
(#Start VIM and edit the configuration file)
-----------------------------

Press "i" on the keyboard to enter edit mode

#Add the following
Host test_key_rsa
Hostname Elastic IP mentioned above(#According to your settings)
  Port 22
  User testuser (#Username)
  IdentityFile ~/.ssh/test_key_rsa (#Private key setting)
*Delete the () part.
-----------------------------
Press "esc" on the keyboard
「:Save with "wq"

[.ssh]$ cat test_key_rsa.pub (#Output the contents of the key on the terminal)

★ ssh-rsa~~~~Copy up to local

Server-side work

Next is the work on the server Log in as ec2-user

$ cd .ssh
$ ssh -i testKey.pem [email protected](@For the following URLs, use the Elastic IP associated with the created EC2 instance.)
[ec2-user|~]$ sudo su - testuser
[[email protected] ~]$ mkdir .ssh
[[email protected] ~]$ chmod 700 .ssh
[[email protected] ~]$ cd .ssh
[[email protected] |.ssh~]$ vi authorized_keys

(Since vim opens, press "i" and
I just copied the ssh with ★-paste rsa)
Press "esc" on the keyboard
「:Save with "wq"

[[email protected] |.ssh~]$ chmod 600 authorized_keys

$ exit
once again
$ exit
Log out
[~]$ ssh test_key_rsa

If you can log in, the user settings are completed.

In addition, you may not be able to log in locally over time, so in that case,
Security group>Inbound>In editing
With SSH source
Select My IP[Save]Then you will be able to connect

Click here for more [** Procedure to deploy on AWS (2) Server (EC2 instance) environment settings **] (https://qiita.com/tksh8/items/3d2f2eeaf0e8de291b6d)

Recommended Posts

Deployment procedure on AWS ① Network environment settings
Deployment procedure on AWS (2) Server (EC2 instance) environment settings
Procedure for building a kube environment on amazon linux2 (aws) ~ (with bonus)
python environment settings
Deployment method (2) (EC2 environment construction / Linux / MySQL settings)
Jupyter on AWS
# 2 Build a Python environment on AWS EC2 instance (ubuntu18.04)
Procedure for building a CDK environment on Windows (Python)
Procedure for creating a Line Bot on AWS Lambda
AWS CLI installation procedure
Install Docker on AWS
Anaconda3 environment installation procedure
Scrapy environment installation procedure
Build Keras environment on AWS E2 G2 instance February 2017 version
Python environment construction procedure memo using Docker on Windows10 Home
[AWS EC2] Settings you want to do on Amazon Linux 2
Building an environment to execute python programs on AWS EC2
Machine learning environment settings based on Python 3 on Mac (coexistence with Python 2)