{"id":9921,"date":"2017-01-13T01:32:25","date_gmt":"2017-01-12T16:32:25","guid":{"rendered":"http:\/\/www.skyarch.net\/blog\/?p=9921"},"modified":"2017-01-13T01:32:25","modified_gmt":"2017-01-12T16:32:25","slug":"security-group%e3%81%a8%e3%82%a8%e3%83%b3%e3%83%89%e3%83%9d%e3%82%a4%e3%83%b3%e3%83%88%e3%81%ae%e5%90%8d%e5%89%8d%e8%a7%a3%e6%b1%ba","status":"publish","type":"post","link":"https:\/\/www.skyarch.net\/blog\/security-group%e3%81%a8%e3%82%a8%e3%83%b3%e3%83%89%e3%83%9d%e3%82%a4%e3%83%b3%e3%83%88%e3%81%ae%e5%90%8d%e5%89%8d%e8%a7%a3%e6%b1%ba\/","title":{"rendered":"Security Group\u3068\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306e\u540d\u524d\u89e3\u6c7a"},"content":{"rendered":"

\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7\u3067\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7\u3092\u6307\u5b9a\u3059\u308b<\/h3>\n

AWS\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7(\u4ee5\u4e0bSG)\u3067\u3001[\u9001\u4fe1\u5143]\u306bSG\u306eID(sg-\u00d7\u00d7\u00d7\u00d7)\u3092\u6307\u5b9a\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002
\n\u305d\u306e\u5834\u5408\u3001\u305d\u306eSG\u306b\u5c5e\u3057\u3066\u3044\u308bEC2\u304b\u3089\u306e\u63a5\u7d9a\u3092\u8a31\u53ef\u3059\u308b\u3053\u3068\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n

\u4e0b\u8a18\u306e\u3088\u3046\u306bSG\u81ea\u8eab\u3092\u305d\u306eSG\u3067\u8a31\u53ef\u3059\u308b\u3068\u3001\u305d\u306eSG\u306b\u5c5e\u3057\u3066\u3044\u308b\u5168EC2\u9593\u306e\u901a\u4fe1\u304c\u8a31\u53ef\u3055\u308c\u307e\u3059\u3002<\/p>\n\"\"<\/a>\n

\u3053\u306e\u3088\u3046\u306aSG\u304c\u30a2\u30bf\u30c3\u30c1\u3055\u308c\u305fEC2\u3001SERVER-A\u3068SERVER-B\u3067\u691c\u8a3c\u3092\u884c\u3044\u307e\u3059\u3002
\n\u4e0b\u8a18\u306e\u3088\u3046\u306b\u3001\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8IP\u3067\u758e\u901a\u304c\u78ba\u8a8d\u3067\u304d\u307e\u3059\u3002<\/p>\n

[root@SERVER-A<\/span> ~]# ping 172.31.***.*** (SERVER-B\u306e\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8IP)<\/span>\nPING 172.31.***.*** (172.31.***.***) 56(84) bytes of data.\n64 bytes from 172.31.***.***: icmp_seq=1 ttl=255 time=0.903 ms\n64 bytes from 172.31.***.***: icmp_seq=2 ttl=255 time=0.674 ms\n\uff5e<\/pre>\n
[root@SERVER-B<\/span> ~]# ping 172.31.***.*** (SERVER-A\u306e\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8IP)<\/span>\nPING 172.31.***.*** (172.31.***.***) 56(84) bytes of data.\n64 bytes from 172.31.***.***: icmp_seq=1 ttl=255 time=0.821 ms\n64 bytes from 172.31.***.***: icmp_seq=2 ttl=255 time=0.728 ms\n\uff5e<\/pre>\n
\u3057\u304b\u3057\u3001\u30b0\u30ed\u30fc\u30d0\u30ebIP\u306bping\u3092\u6253\u3064\u3068\u758e\u901a\u304c\u53d6\u308c\u306a\u304f\u306a\u308a\u307e\u3059\u3002<\/p>\n
[root@SERVER-A<\/span> ~]# ping -c 4 52.***.***.*** (SERVER-B\u306e\u30b0\u30ed\u30fc\u30d0\u30ebIP)<\/span>\nPING 52.***.***.*** (52.***.***.***) 56(84) bytes of data.\n\n--- 52.0.0.2 ping statistics ---\n4 packets transmitted, 0 received, 100% packet loss, time 2999ms<\/pre>\n
[root@SERVER-B<\/span> ~]# ping -c 4 52.***.***.*** (SERVER-A\u306e\u30b0\u30ed\u30fc\u30d0\u30ebIP)<\/span>\nPING 52.***.***.*** (52.***.***.***) 56(84) bytes of data.\n\n--- 52.0.0.1 ping statistics ---\n4 packets transmitted, 0 received, 100% packet loss, time 3024ms<\/pre>\n
SG\u3092SG\u3067\u8a31\u53ef\u3059\u308b\u65b9\u6cd5\u306f\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5185\u3067\u306e\u307f\u6709\u52b9<\/strong>\u306a\u3088\u3046\u3067\u3059\u3002<\/span><\/span><\/p>\n
\u7591\u554f\uff1a\u5404\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u3078\u306e\u63a5\u7d9a\u306b\u95a2\u3057\u3066<\/h3>\n
\u3057\u304b\u3057\u3001\u305d\u3053\u30671\u3064\u7591\u554f\u304c\u6e67\u304d\u307e\u3057\u305f\u3002<\/p>\n
Beanstalk\u3067EC2\uff0bRDS\uff0bAutoScaling\u3092\u534a\u81ea\u52d5\u69cb\u7bc9\u3057\u307e\u3057\u305f\u3002
\nRDS\u306eSG\u3067\u3001EC2\u306b\u9069\u7528\u3055\u308c\u3066\u3044\u308bSG\u304b\u3089\u306eDB\u30dd\u30fc\u30c8\u304c\u8a31\u53ef\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n\"\"<\/a>\n
RDS\u3078\u306e\u63a5\u7d9a\u624b\u6bb5\u306f\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8(\uff5e\uff5e\uff5e.rds.amazonaws.com)\u3057\u304b\u306a\u304f\u3001
\n\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306fCNAME\u3067\u3042\u308b\u4ee5\u4e0a\u3001DNS\u3067\u540d\u524d\u89e3\u6c7a\u3055\u308c\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n
SG\u3092SG\u3067\u8a31\u53ef\u3059\u308b\u65b9\u6cd5\u306f\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5185\u3067\u306e\u307f\u6709\u52b9<\/strong>\u306a\u306e\u3067
\nDNS\u306b\u554f\u3044\u5408\u308f\u305b\u308b\u70ba\u306b\u30b0\u30ed\u30fc\u30d0\u30eb\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u51fa\u3066\u3057\u307e\u3046\u3068
\nEC2-RDS\u9593\u3067\u901a\u4fe1\u304c\u51fa\u6765\u306a\u304f\u306a\u3063\u3066\u3057\u307e\u3046\u306e\u3067\u306f\u306a\u3044\u3067\u3057\u3087\u3046\u304b\uff1f<\/p>\n
VPC(\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af)\u5185\u3067\u306e\u540d\u524d\u89e3\u6c7a<\/h3>\n
\u3057\u304b\u3057\u5b9f\u969b\u306f\u3001EC2\u304b\u3089RDS\u3078\u306e\u63a5\u7d9a\u304c\u78ba\u8a8d\u3067\u304d\u307e\u3057\u305f\u3002
\n(Beanstalk\u3067\u69cb\u7bc9\u3057\u305f\u306e\u3067\u5f53\u7136\u3068\u3044\u3048\u3070\u5f53\u7136\u3067\u3059\u304c)<\/p>\n
# mysql -h ****.****.****.rds.amazonaws.com -u root -p\nEnter password:\nWelcome to the MySQL monitor.  Commands end with ; or \\g.\nYour MySQL connection id is 373\nServer version: 5.6.27-log MySQL Community Server (GPL)\n\nCopyright (c) 2000, 2016, Oracle and\/or its affiliates. All rights reserved.\n\nOracle is a registered trademark of Oracle Corporation and\/or its\naffiliates. Other names may be trademarks of their respective\nowners.\n\nType 'help;' or '\\h' for help. Type '\\c' to clear the current input statement.\n\nmysql><\/pre>\n
\u3069\u3046\u3084\u3089\u3001\u540c\u4e00\u306eVPC\u5185\u3067\u3042\u308c\u3070\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306f
\n\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5185\u3067\u540d\u524d\u89e3\u6c7a\u3055\u308c\u308b\u3088\u3046\u3067\u3059\u3002
\n\u4e0b\u8a18dig\u306f\u3001RDS\u3068\u540c\u4e00\u306eBeanstalk\u74b0\u5883(\u540c\u4e00\u306eVPC\u5185)\u306eEC2\u304b\u3089\u5b9f\u884c\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n
# dig ****.****.****.rds.amazonaws.com\n\uff5e\n;; ANSWER SECTION:\n****.****.****.rds.amazonaws.com. 5 IN CNAME ec2-52-***-***-***.ap-northeast-1.compute.amazonaws.com.\nec2-52-***-***-***.ap-northeast-1.compute.amazonaws.com. 20 IN A 172.31.***.***<\/strong><\/span>\n\uff5e<\/pre>\n
\u4ed6\u306eVPC\u306eEC2\u304b\u3089dig\u3059\u308b\u3068\u30b0\u30ed\u30fc\u30d0\u30ebIP\u3092\u5f15\u3063\u5f35\u3063\u3066\u304d\u307e\u3059\u3002<\/p>\n
# dig ****.****.****.rds.amazonaws.com\n \uff5e \n;; ANSWER SECTION: \n****.****.****.rds.amazonaws.com. 5 IN CNAME ec2-52-***-***-***.ap-northeast-1.compute.amazonaws.com. \nec2-52-***-***-***.ap-northeast-1.compute.amazonaws.com. 50 IN A 52.***.***.***<\/strong><\/span> \n\uff5e<\/pre>\n
\u3053\u306eVPC\u5185\u3067\u306e\u540d\u524d\u89e3\u6c7a\u306fVPC\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u52d5\u4f5c\u3067\u3001
\n\u4e0b\u8a18\u306e\u3088\u3046\u306bVPC\u306e\u30b3\u30f3\u30d1\u30cd\u304b\u3089\u8a2d\u5b9a\u3092\u5909\u66f4\u3059\u308b\u3053\u3068\u304c\u51fa\u6765\u307e\u3059\u3002<\/p>\n\"\"<\/a>\n
\u307e\u3068\u3081<\/h3>\n
\u2460SG\u3092SG\u3067\u8a31\u53ef\u3059\u308b\u65b9\u6cd5\u306f\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5185\u3067\u306e\u307f\u6709\u52b9\u3067\u3042\u308b<\/strong>
\n \u2461RDS\u306a\u3069\u306e\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306f\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u3001\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af(\u540c\u4e00\u306eVPC)\u5185\u3067\u540d\u524d\u89e3\u6c7a\u3055\u308c\u308b<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"
\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7\u3067\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7\u3092\u6307\u5b9a\u3059\u308b AWS\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7(\u4ee5\u4e0bSG)\u3067\u3001[\u9001\u4fe1\u5143]\u306bSG\u306eID(sg-\u00d7\u00d7\u00d7\u00d7)\u3092\u6307\u5b9a\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002 \u305d\u306e\u5834\u5408\u3001\u305d\u306eSG\u306b\u5c5e\u3057\u3066\u3044\u308bEC2\u304b\u3089\u306e\u63a5\u7d9a\u3092\u8a31\u53ef\u3059…<\/p>\n","protected":false},"author":60,"featured_media":3771,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_locale":"ja","_original_post":"9921","footnotes":""},"categories":[20],"tags":[],"class_list":{"0":"post-9921","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-aws","8":"ja"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts\/9921","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/users\/60"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/comments?post=9921"}],"version-history":[{"count":31,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts\/9921\/revisions"}],"predecessor-version":[{"id":9956,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts\/9921\/revisions\/9956"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/media\/3771"}],"wp:attachment":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/media?parent=9921"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/categories?post=9921"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/tags?post=9921"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}