Shell Access용 Session Manager를 Windows에서도 사용할 수 있습니다.

5052 단어 WindowsAWS
AWS는 이런 일을 할 수 있을 것 같다.
열쇠를 만들겠습니다. 22를 열면 SSH 연결이 필요 없습니다.AWS 대단하다.
내가 해봤는데 윈도우도 할 수 있어?

설치하다


여기에 쓰인 필요한 물건을 넣으세요.
우선 낡은 AWSCLI를 끄고 최신식에 넣으세요.

aws-cli/1.16.13 입장.
c:\work\AWS>aws --version
aws-cli/1.16.13 Python/3.6.0 Windows/10 botocore/1.12.3

c:\work\AWS>
연결 클라이언트도 SSM 관리자의 플러그인이 필요하기 때문에 넣었습니다.

SSM 관리자 플러그인, 1.0.0 이 (가) 삽입되었습니다.
c:\work\AWS>session-manager-plugin --version
1.0.0.0

c:\work\AWS>

EC2에 연결


EC2에 연결하고 싶습니다.
Ubuntu의 EC2를 만들고 AmazonEC2RoleforSSM에 IAM 역할을 할당합니다.

Ubuntu의 SSM 에이전트 버전이 오래되었기 때문에 잠시 SSH 연결로 다시 삽입합니다.
ubuntu@ip-172-31-20-135:~$ sudo snap list amazon-ssm-agent
Name              Version    Rev  Tracking  Publisher  Notes
amazon-ssm-agent  2.2.619.0  295  stable/…  aws        classic
ubuntu@ip-172-31-20-135:~$ sudo snap remove amazon-ssm-agent
amazon-ssm-agent removed
ubuntu@ip-172-31-20-135:~$
동적 관찰을 할 때의 축심점.
ubuntu@ip-172-31-20-135:~$ wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb
--2018-09-13 13:22:37--  https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb
Resolving s3.amazonaws.com (s3.amazonaws.com)... 52.216.225.19
Connecting to s3.amazonaws.com (s3.amazonaws.com)|52.216.225.19|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 17471702 (17M) [binary/octet-stream]
Saving to: ‘amazon-ssm-agent.deb’

amazon-ssm-agent.deb   100%[=========================>]  16.66M  4.70MB/s    in 4.8s

2018-09-13 13:22:43 (3.45 MB/s) - ‘amazon-ssm-agent.deb’ saved [17471702/17471702]

ubuntu@ip-172-31-20-135:~$ sudo dpkg -i amazon-ssm-agent.deb
Selecting previously unselected package amazon-ssm-agent.
(Reading database ... 51281 files and directories currently installed.)
Preparing to unpack amazon-ssm-agent.deb ...
Preparing for install
-> Systemd detected
active
Failed to stop amazon-ssm-agent.service: Unit amazon-ssm-agent.service not loaded.
Unpacking amazon-ssm-agent (2.3.50.0-1) ...
Setting up amazon-ssm-agent (2.3.50.0-1) ...
Starting agent
Created symlink from /etc/systemd/system/network-online.target.wants/amazon-ssm-agent.service to /lib/systemd/system/amazon-ssm-agent.service.
Processing triggers for ureadahead (0.100.0-19) ...
ubuntu@ip-172-31-20-135:~$ sudo systemctl status amazon-ssm-agent
● amazon-ssm-agent.service - amazon-ssm-agent
   Loaded: loaded (/lib/systemd/system/amazon-ssm-agent.service; enabled; vendor preset:
   Active: active (running) since Thu 2018-09-13 13:23:11 UTC; 28s ago
 Main PID: 2078 (amazon-ssm-agen)
   CGroup: /system.slice/amazon-ssm-agent.service
           mq2078 /usr/bin/amazon-ssm-agent

Sep 13 13:23:14 ip-172-31-20-135 amazon-ssm-agent[2078]: 2018-09-13 13:23:12 INFO [Startu
Sep 13 13:23:14 ip-172-31-20-135 amazon-ssm-agent[2078]: 2018-09-13 13:23:12 INFO [Startu
Sep 13 13:23:14 ip-172-31-20-135 amazon-ssm-agent[2078]: 2018-09-13 13:23:12 INFO [Startu
Sep 13 13:23:15 ip-172-31-20-135 amazon-ssm-agent[2078]: 2018-09-13 13:23:12 INFO [Messag
Sep 13 13:23:15 ip-172-31-20-135 amazon-ssm-agent[2078]: 2018-09-13 13:23:12 INFO [Messag
Sep 13 13:23:15 ip-172-31-20-135 amazon-ssm-agent[2078]: 2018-09-13 13:23:12 INFO [Messag
Sep 13 13:23:15 ip-172-31-20-135 amazon-ssm-agent[2078]: 2018-09-13 13:23:12 INFO [Messag
Sep 13 13:23:15 ip-172-31-20-135 amazon-ssm-agent[2078]: 2018-09-13 13:23:12 INFO [Messag
Sep 13 13:23:22 ip-172-31-20-135 amazon-ssm-agent[2078]: 2018-09-13 13:23:22 INFO [Messag
Sep 13 13:23:37 ip-172-31-20-135 amazon-ssm-agent[2078]: 2018-09-13 13:23:37 INFO [Health
ubuntu@ip-172-31-20-135:~$
연결을 시도해 보세요.
c:\work\AWS>aws --profile tokyo ssm start-session --target i-0904327474a9224fe


Starting session with SessionId: xxxxxx-0889f97c50da4cba8

$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.5 LTS"
$ uname -a
Linux ip-172-31-20-135 4.4.0-1065-aws #75-Ubuntu SMP Fri Aug 10 11:14:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ w
 13:32:00 up 52 min,  0 users,  load average: 0.00, 0.02, 0.01
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
$
연락이 닿다.
보안 그룹이 비어 있어도 직접 연결할 수 있습니다.

보안팀을 설정하거나 키를 만들어서 관리할 필요가 없어서 좋아요!

좋은 웹페이지 즐겨찾기