Closed3

踏み台用のEC2インスタンスを作成してRDSにアクセスできる状態にするまで

EC2
SSM
tamaco489tamaco489

さっと作成。user_data ブロックで初期設定しておく。※起動時に1度だけ読み込まれる設定のため変更した場合は再起動、もしくはリソース再作成する必要あり

インスタンスは Amazon Linux 2023 を使用。

  • ami_id: ami-0bb2c57f7cfafb1cb
  • ami_name: al2023-ami-2023.7.20250609.0-kernel-6.1-x86_64 
resource "aws_instance" "bastion" {
  ami                    = var.ami_id
  instance_type          = var.instance_type
  subnet_id              = data.terraform_remote_state.network.outputs.vpc.public_subnet_ids[0] # 本番運用時はprivateにしておいた方が良い
  vpc_security_group_ids = [aws_security_group.bastion.id]
  iam_instance_profile   = aws_iam_instance_profile.bastion.name

  tags = { Name = "${local.fqn}-bastion" }

  user_data = <<-EOF
    #cloud-config
    disable_root: 1
    ssh_pwauth: 0
    repo_upgrade: minimal
    runcmd:
      # MySQL install
      - sudo dnf -y install https://dev.mysql.com/get/mysql84-community-release-el9-1.noarch.rpm
      - sudo dnf -y install mysql mysql-community-client mysql-community-server

      # Git install
      - sudo dnf install -y git

      # Go 1.24.2 install
      - curl -LO https://go.dev/dl/go1.24.2.linux-amd64.tar.gz
      - sudo rm -rf /usr/local/go
      - sudo tar -C /usr/local -xzf go1.24.2.linux-amd64.tar.gz

      # Setup workspace
      - mkdir -p /home/ssm-user/workspace
      - git clone https://github.com/tamaco489/data_pipeline_sample.git /home/ssm-user/workspace/data_pipeline_sample
  EOF
}
tamaco489tamaco489

ssm接続

aws ssm start-session --target ${instance_id}
go のスクリプトが実行できるところまで
sh-5.2$ export PATH=$PATH:/usr/local/go/bin
sh-5.2$ which go
/usr/local/go/bin/go
sh-5.2$ go version
go version go1.24.2 linux/amd64
sh-5.2$ cd /home/ssm-user/workspace/data_pipeline_sample/api/shop
sh-5.2$ go run scripts/seeds/charge/main.go 
2025/06/22 10:29:08 INFO start charges script
panic: query failed: dial tcp 127.0.0.1:33306: connect: connection refused

goroutine 1 [running]:
main.main()
        /home/ssm-user/workspace/data_pipeline_sample/api/shop/scripts/seeds/charge/main.go:295 +0xbd
exit status 2

mysqlへの接続は考慮してない。RDS立ち上げてbastionから接続できるようにした後、スクリプト内のDSN変更してあげたら接続する想定。

tamaco489tamaco489

user_data に記載したコマンドが正しく実行されているか確認する場合はここを見る

sh-5.2$ sudo cat /var/log/cloud-init-output.log
sample
sh-5.2$ sudo head /var/log/cloud-init-output.log
Cloud-init v. 22.2.2 running 'init' at Sun, 22 Jun 2025 09:30:58 +0000. Up 7.08 seconds.
ci-info: ++++++++++++++++++++++++++++++++++++++Net device info+++++++++++++++++++++++++++++++++++++++
ci-info: +--------+------+-----------------------------+---------------+--------+-------------------+
ci-info: | Device |  Up  |           Address           |      Mask     | Scope  |     Hw-Address    |
ci-info: +--------+------+-----------------------------+---------------+--------+-------------------+
ci-info: |  enX0  | True |         10.1.11.217         | 255.255.255.0 | global | 06:66:50:71:2e:97 |
ci-info: |  enX0  | True | fe80::466:50ff:fe71:2e97/64 |       .       |  link  | 06:66:50:71:2e:97 |
ci-info: |   lo   | True |          127.0.0.1          |   255.0.0.0   |  host  |         .         |
ci-info: |   lo   | True |           ::1/128           |       .       |  host  |         .         |
ci-info: +--------+------+-----------------------------+---------------+--------+-------------------+

sh-5.2$ sudo tail /var/log/cloud-init-output.log
Installed:
  mysql-community-client-8.4.5-1.el9.x86_64                                     
  mysql-community-client-plugins-8.4.5-1.el9.x86_64                             
  mysql-community-common-8.4.5-1.el9.x86_64                                     
  mysql-community-icu-data-files-8.4.5-1.el9.x86_64                             
  mysql-community-libs-8.4.5-1.el9.x86_64                                       
  mysql-community-server-8.4.5-1.el9.x86_64                                     

Complete!
Cloud-init v. 22.2.2 finished at Sun, 22 Jun 2025 09:31:42 +0000. Datasource DataSourceEc2.  Up 51.00 seconds
このスクラップは3ヶ月前にクローズされました