AWS 파트너와 함께하는 Partner Hands On Labs 2

1. AWS 파트너와 함께하는
Partner Hands On Labs 2
2016. 10. 17
베스핀글로벌
신인철

2. 스크립트로 AWS 서비스
자동화 하기

3. 2016 ⓒ BESPIN GLOBAL
시간 내용 담당자
14:00-14:20 등록 및 실습 환경 설정 베스핀글로벌 SA
14:20-14:30 공지사항 및 파트너사 소개 PDM
14:30-15:00 파트너사 발표 세션 베스핀글로벌 SA
15:00-15:50 강사 주도식 실습 베스핀글로벌 SA
15:50-16:00 Coffee Break
16:00-17:50 자유 주제 선택 실습 AWS SA
17:50-18:00 종료 공지사항 김진영 매니저
일정

4. AWS 서비스에 접속하는 3가지 방법
Management
Interface
CLI
SDK
Web
http://aws.amazon.com/tools/
http://aws.amazon.com/cli/
http://aws.amazon.com/console/

5. 1. AWS Management Console
• AWS Managemnet Console
• 고객사의 컴퓨팅, 스토리지, 그리고 기타 클라우드 리소
스를 관리하기 위한 사용하기 쉬운 그래픽 인터페이스
• 각 서비스를 위한 대부분의 기능을 지원하여, 콘솔 상에
서 대부분의 AWS 제품을 사용 가능
• AWS 관리 콘솔은 대부분의 컴퓨팅, 스토리지, 그리고
기타 AWS 서비스에 액세스해 관리하도록 도와주는
WEB UI

6. 1. AWS Management Console

7. 2. AWS CLI(Command Line
Interface)
• CLI는 개발자와 같이 명령을 입력하는 것이 더 편
한 이들을 위한 도구. AWS 제품 별 CLI와 설명서에
대한 링크들을 하기 URL의 웹 페이지에서 확인
• 명령줄 도구는 개발자가 명령 프롬프트 상에서 직
접 명령을 실행할

8. 2016 ⓒ BESPIN GLOBAL
• AWS CLI(Command Line Interface)
• 명령줄 인터페이스 (CLI) 도구는 명령 프롬프트 상에서 AWS API와 바로 연동되는 편리한 Scripting
Interface를 제공. 일반적인 명령줄 프롬프트인 PROMPT> 접두사를 명령줄 텍스트에 붙여 표기
리눅스
$aws ec2 describe-regions
윈도우
C:>aws ec2 describe-regions

9. 3. AWS SDK(Software
Development Kit)
• SDK는 고객사에서 선호하는 개발 언어를 사용해
AWS 서비스에 쉽게 액세스.
• 각 개발 언어 별 SDK 참조 링크 확인
https://aws.amazon.com/ko/tools/
• 각 개발 언어 별 SDK Sample Code 참조 링크 확인
https://aws.amazon.com/code/

10. Installation

11. 2016 ⓒ BESPIN GLOBAL
Windows:
32-bit MSI :
http://s3.amazonaws.com/aws-cli/AWSCLI32.msi
64-bit MSI :
http://s3.amazonaws.com/aws-cli/AWSCLI64.msi
Bundled Installer :
http://aws-cli.s3.amazonaws.com/awscli-bundle.zip
Installation-Windows

12. Installation-Linux
$ wget http://s3.amazon.com/aws-cli/awscli-bundle.zip
$ unzip awscli-bundle.zip
$ ./install
$ ~/.local/lib/aws/bin/aws --version
Pip
$ pip install –upgrade awscli

13. Configuration

14. 2016 ⓒ BESPIN GLOBAL
Credential Configuration
IAM Role Environment Config File: ~/.aws/config
Automatic
AWS_ACCESS_KEY_ID aws_access_key_id
AWS_SECRET_ACCESS_KEY Aws_secret_access_key

15. IAM Role 할당
Automatic

16. 2016 ⓒ BESPIN GLOBAL
IAM Role 할당 - Automatic
• EC2 생성 시 미리 생성한 Role을 할당하면 Access
Key/Secret Key가 필요 없다.
• 나중엔 Role 적용 못한다.

17. Environment
Access Key와 Secret Key 생성

18. 1
2

19. 3
4

20. 5

21. Configuration files
~/.aws/credentials
All AWS SDK
Only Contains
~/.aws/config
Use Only CLI
Can Contains

22. 2016 ⓒ BESPIN GLOBAL
AWS access key ID [**ABCD]:
AWS secret access key [****************EFGH]:
Default region name [ap-northeast-2]:
Default output format [json]:
$ aws configure

23. 2016 ⓒ BESPIN GLOBAL
AWS access key ID [**ABCD]:
AWS secret access key [****************EFGH]:
Default region name [ap-northeast-2]:
Default output format [json]:
$ aws configure
/list /get /set

24. 2016 ⓒ BESPIN GLOBAL
그럼
AWS CLI 명령어를
실행해 봅니다.
!!!

25. 2016 ⓒ BESPIN GLOBAL
$ aws help
http://docs.aws.amazon.com/cli/latest/ref
erence/ec2/describe-instances.html

26. 2016 ⓒ BESPIN GLOBAL
help 명령어 사용
• aws service operation help
• aws service help
• aws help

27. 2016 ⓒ BESPIN GLOBAL
{
“Reservations”: []
}
$ aws ec2 describe-instances

28. 2016 ⓒ BESPIN GLOBAL
$ aws ec2 describe-instances
Service
(Command)
Operation
(Subcommand)

29. 2016 ⓒ BESPIN GLOBAL
$ aws ec2 describe-instances

30. 2016 ⓒ BESPIN GLOBAL
Programmatic processing
Integrate with JSON tools
JSON TABLE TEXT
Interactive browsing
Easier to visually parse
Piping to text tools
Easy to parse
Output Format

31. 2016 ⓒ BESPIN GLOBAL
{
“Places”: [
{
“City”: “Seattle”,
“State”: “WA”
},
{
“City”: “Las Vegas”,
“State”: “NV”
}
]
}
JSON TABLE TEXT
--------------------------
|SomeOperationName|
+-----------------------+
|| Places
|+----------------------+|
||City | State ||
|+----------------------+|
||Seattle | WA
||Las Vegas | NV ||
|+----------------------+|
PLACES Seattle WA
PLACES Las Vegas NV
Output Format

32. 2016 ⓒ BESPIN GLOBAL
$ aws ec2 describe-regions

33. 2016 ⓒ BESPIN GLOBAL
$ {
"Regions": [
{
"Endpoint": "ec2.ap-south-1.amazonaws.com",
"RegionName": "ap-south-1"
},
{
"Endpoint": "ec2.eu-west-1.amazonaws.com",
"RegionName": "eu-west-1"
},
{
"Endpoint": "ec2.ap-southeast-1.amazonaws.com",
"RegionName": "ap-southeast-1"
},
{
"Endpoint": "ec2.ap-southeast-2.amazonaws.com",
"RegionName": "ap-southeast-2"
},
Output JSON

34. 2016 ⓒ BESPIN GLOBAL
----------------------------------------------------------
| DescribeRegions |
+--------------------------------------------------------+
|| Regions ||
|+-----------------------------------+------------------+|
|| Endpoint | RegionName ||
|+-----------------------------------+------------------+|
|| ec2.ap-south-1.amazonaws.com | ap-south-1 ||
|| ec2.eu-west-1.amazonaws.com | eu-west-1 ||
|| ec2.ap-southeast-1.amazonaws.com | ap-southeast-1 ||
|| ec2.ap-southeast-2.amazonaws.com | ap-southeast-2 ||
|| ec2.eu-central-1.amazonaws.com | eu-central-1 ||
|| ec2.ap-northeast-2.amazonaws.com | ap-northeast-2 ||
|| ec2.ap-northeast-1.amazonaws.com | ap-northeast-1 ||
|| ec2.us-east-1.amazonaws.com | us-east-1 ||
|| ec2.sa-east-1.amazonaws.com | sa-east-1 ||
|| ec2.us-west-1.amazonaws.com | us-west-1 ||
|| ec2.us-west-2.amazonaws.com | us-west-2 ||
|+-----------------------------------+------------------+|
Output Table

35. 2016 ⓒ BESPIN GLOBAL
REGIONS ec2.ap-south-1.amazonaws.com ap-south-1
REGIONS ec2.eu-west-1.amazonaws.com eu-west-1
REGIONS ec2.ap-southeast-1.amazonaws.com ap-southeast-1
REGIONS ec2.ap-southeast-2.amazonaws.com ap-southeast-2
REGIONS ec2.eu-central-1.amazonaws.com eu-central-1
REGIONS ec2.ap-northeast-2.amazonaws.com ap-northeast-2
REGIONS ec2.ap-northeast-1.amazonaws.com ap-northeast-1
REGIONS ec2.us-east-1.amazonaws.com us-east-1
REGIONS ec2.sa-east-1.amazonaws.com sa-east-1
REGIONS ec2.us-west-1.amazonaws.com us-west-1
REGIONS ec2.us-west-2.amazonaws.com us-west-2
Output Text

36. 2016 ⓒ BESPIN GLOBAL
$ aws ec2 describe-instances

37. 2016 ⓒ BESPIN GLOBAL
{
"Reservations": [
{
"OwnerId": "321653183891",
"ReservationId": "r-58bf2a87",
"Groups": [],
"Instances": [
{
"Monitoring": {
"State": "disabled"
},
"PublicDnsName": "ec2-52-65-186-23.ap-southeast-
2.compute.amazonaws.com",
"State": {
"Code": 16,
"Name": "running"
},
Output JSON

38. 2016 ⓒ BESPIN GLOBAL
-----------------------------------------------------------------------------------------
| DescribeInstances |
+---------------------------------------------------------------------------------------+
|| Reservations ||
|+-------------------------------------------+-----------------------------------------+|
|| OwnerId | 321653183891 ||
|| ReservationId | r-58bf2a87 ||
|+-------------------------------------------+-----------------------------------------+|
||| Instances |||
||+------------------------+----------------------------------------------------------+||
||| AmiLaunchIndex | 0 |||
||| Architecture | x86_64 |||
||| ClientToken | gBjjZ1473066131341 |||
||| EbsOptimized | False |||
||| Hypervisor | xen |||
||| ImageId | ami-dc361ebf |||
||| InstanceId | i-fad124e1 |||
||| InstanceType | t2.micro |||
||| KeyName | bespin-Syney-Inchulshin |||
||| LaunchTime | 2016-09-07T07:29:43.000Z |||
||| PrivateDnsName | ip-172-31-11-196.ap-southeast-2.compute.internal |||
||| PrivateIpAddress | 172.31.11.196 |||
Output Table

39. 2016 ⓒ BESPIN GLOBAL
RESERVATIONS 321653183891 r-58bf2a87
INSTANCES 0 x86_64 gBjjZ1473066131341 False xen ami-dc361ebf i-
fad124e1 t2.micro bespin-Syney-Inchulshin 2016-09-07T07:29:43.000Z ip-172-31-11-
196.ap-southeast-2.compute.internal 172.31.11.196 ec2-52-65-186-23.ap-southeast-
2.compute.amazonaws.com 52.65.186.23/dev/xvda ebs True subnet-
4a0b492f hvm vpc-e2fb6087
BLOCKDEVICEMAPPINGS /dev/xvda
EBS 2016-09-05T09:02:12.000Z True attached vol-47e084c8
IAMINSTANCEPROFILE arn:aws:iam::321653183891:instance-profile/InchulShin
AIPAJV7QAA3BLN54LK536
MONITORING disabled
NETWORKINTERFACES Primary network interface 02:2f:9b:e1:4b:bb eni-
d2dc8cab 321653183891 ip-172-31-11-196.ap-southeast-2.compute.internal
172.31.11.196 True in-use subnet-4a0b492f vpc-e2fb6087
Output Text

40. 2016 ⓒ BESPIN GLOBAL
Query
Data Query Result
{"foo": "bar"}
{"foo": {"bar": "baz"}}
{"foo": [0, 1]}
{"bar": 1, "baz": 2}
{"a": 1, "b": 2, "c": 3}
{"a": 1, "b": 2, "c": 3}
[{"a": 1}, {"a": 2},
{"a": 3}, {"a": 4}]
foo
foo.bar
foo[1]
foo or bar
[a, b]
{a: a, other: b}
[*].a
"bar"
baz
1
1
[1, 2]
{"a": 1, "other": 2}
[1, 2, 3, 4]

41. 2016 ⓒ BESPIN GLOBAL
$ aws ec2 describe-instances
--query Reservations[*].Instances[*]
.[InstanceId,State.Name]
[
[
[
"i-fad124e1",
"running"
]
],
[
[
"i-b7a7da18",
"running"
]
],
[
[
"i-ef34766d",
"terminated"
]
]
]
------------------------------
| DescribeInstances |
+-------------+--------------+
| i-fad124e1 | running |
| i-b7a7da18 | running |
| i-ef34766d | terminated |
+-------------+--------------+
i-fad124e1 running
i-b7a7da18 running
i-ef34766d terminated
JSON TABLE TEXT

42. 2016 ⓒ BESPIN GLOBAL
aws ec2 describe-instances --query
'Reservations[*].Instances[*].{ID:Instanc
eId, State:State.Name}'
[
[
{
"State": "running",
"ID": "i-fad124e1"
}
],
[
{
"State": "running",
"ID": "i-b7a7da18"
}
],
[
{
"State": "terminated",
"ID": "i-ef34766d"
}
]
]
------------------------------
| DescribeInstances |
+-------------+--------------+
| ID | State |
+-------------+--------------+
| i-fad124e1 | running |
| i-b7a7da18 | running |
| i-ef34766d | terminated |
+-------------+--------------+
i-fad124e1 running
i-b7a7da18 running
i-ef34766d terminated
JSON TABLE TEXT

43. 2016 ⓒ BESPIN GLOBAL
Demo

44. 2016 ⓒ BESPIN GLOBAL
One Liner Script

45. 2016 ⓒ BESPIN GLOBAL
AWS CLI One Liner
첫번째 시나리오
- 나는 AWS 관리자이다. AWS CLI 를 활용하여 IAM
관련된 정보를 알아보고자 한다.
- 다음과 같이 AWS CLI 명령어는 알고 있다. 그러나
IAM User가 많아서 한번 실행으로 작업하고 싶다.
$ aws iam list-users –query Users[].[UserName]
$ aws iam delete-user –user-name <username>
$ aws iam list-access-keys --user-name <username>

46. 2016 ⓒ BESPIN GLOBAL
AWS CLI One Liner – 반복 순환 (2)
$ for name in (aws iam list-users
--query “Users[].[UserName]” --output text);
do
aws iam list-access-keys --user-name “$name”
--query
AccessKeyMetadata[*].[UserName,AccessKeyId]
--output text
; done

47. 2016 ⓒ BESPIN GLOBAL
AWS CLI One Liner – 반복 순환 (3)
$ for name in (aws iam list-users
--query Users[].[UserName] --output text);
do
aws iam list-access-keys --user-name $name
--output text | awk ‘{print “ID : “,$5”,”
“ACCESS :”,$2}’
; done

48. 2016 ⓒ BESPIN GLOBAL
AWS CLI One Liner
두번쨰 시나리오
- 나는 AWS 관리자이다. AWS CLI 를 활용하여 IAM
관련된 정보를 알아보고자 한다.
- 다음과 같이 AWS CLI 명령어는 알고 있다. 그러나
IAM User가 많아서 한번 실행으로 작업하고 싶다.
- 반복 순환문(
$ aws iam list-users –query Users[].[UserName] --
output text

49. 2016 ⓒ BESPIN GLOBAL
AWS CLI One Liner - xargs
$ aws iam list-users --query
Users[].[UserName] --output text
| xargs –I {} –P 10
aws iam list-access-keys --user-name “{}”
--output text

50. 2016 ⓒ BESPIN GLOBAL
•For Or While 반복 순환문을 사용하면 좋다.
•Xargs를 사용한다면, -I {} 같이 사용
•xargs -P N 은 병렬 실행하여 사용
•“[UserName]” 은 “.UserName” 에서 output을
각각 새로운 Line을 얻는다
AWS CLI One Liner

51. 2016 ⓒ BESPIN GLOBAL
$ aws ec2 describe-instances --query
'Reservations[*].Instances[*].[State.Name,
InstanceId]' --output text |
> grep stopped |
> awk '{print $2}' |
> while read line;
> do aws ec2 modify-instance-attribute -
-instance-id $line --instance-type
'{"Value": "m1.medium"}';
> done
Example - AWS CLI One Liner

52. 2016 ⓒ BESPIN GLOBAL
N Liner Script

53. 2016 ⓒ BESPIN GLOBAL
#!/bin/bash
#Create a new user and create a new profile.
aws iam create-‐user -‐-‐user-‐name reinvent-‐user
credentials=$(aws iam create-‐access-‐key -‐-‐user-‐name reinvent-‐user
-‐query 'AccessKey.[AccessKeyId,SecretAccessKey]‘
-‐output text)
access_key_id=$(echo $credentials | cut ‐d‘ ‘ ‐f 1)
secret_access_key=$(echo $credentials | cut ‐d‘ ‘ ‐f 2)
aws configure set profile.reinvent.aws_access_key_id "$access_key_id"
aws configure set profile.reinvent.secret_access_key "$secret_access_key"
Example 1 - create-new-user.sh

54. Waiters - EC2 상태 값

55. #!/bin/bash
instance_id=$(aws ec2 run-instances --image-id ami-12345
--query Reservations[].Instances[].InstanceId
--output text)
instance_state=$(aws ec2 describe-instances --instance-ids $instance_id
--query 'Reservations[].Instances[].State.Name')
while [ "$instance_state“ != "running“ ]
do
sleep 1
instance_state=$(aws ec2 describe-instances --instance-‐ids $instance_id
--query 'Reservations[].Instances[].State.Name')
done
Example 2 - ec2-instance-running.sh

56. 2016 ⓒ BESPIN GLOBAL
WE ARE HIRING!!!
• KOREA
• CHINA
• JAPAN
• USA
PLEASE JOIN US

57. Thank you