{ALB}アクセスログの作成の有効化

https://docs.aws.amazon.com/ja_jp/elasticloadbalancing/latest/application/load-balancer-access-logs.html

 

-- 1. コマンド等のインストール

-- 1.1 aws cli version 2 インストール

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

aws --version

-- 1.2 jqインストール
sudo yum -y install jq

-- 2. EC2インスタンス作成

各アベイラビリティーゾーンで少なくとも 1 つの EC2 インスタンスを起動します

-- ap-northeast-1a

aws ec2 run-instances \
--image-id ami-0404778e217f54308 \
--instance-type t3.nano \
--key-name key1 \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=instance01}]' \
--instance-market-options '{"MarketType": "spot","SpotOptions": {"SpotInstanceType": "one-time"}}' \
--subnet-id subnet-11111111111111111

-- ap-northeast-1c

aws ec2 run-instances \
--image-id ami-0404778e217f54308 \
--instance-type t3.nano \
--key-name key1 \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=instance02}]' \
--instance-market-options '{"MarketType": "spot","SpotOptions": {"SpotInstanceType": "one-time"}}' \
--subnet-id subnet-22222222222222222

aws ec2 describe-instances

-- 3. Apacheインストール
Apacheウェブサーバーを各 EC2 インスタンスにインストール

sudo yum -y update
sudo yum -y install httpd

sudo systemctl start httpd
sudo systemctl status httpd
sudo systemctl enable httpd

sudo su -

cd /var/www/html
echo $(hostname) > index.html

sudo yum -y install elinks
elinks http://localhost/

 

 

-- 4. ロードバランサーの作成
※internal-ALBを作成

aws elbv2 create-load-balancer \
--name alb01  \
--subnets subnet-11111111111111111  subnet-22222222222222222 \
--security-groups sg-33333333333333333 \
--scheme internal

aws elbv2 describe-load-balancers
aws elbv2 describe-load-balancers| jq -r .LoadBalancers.LoadBalancerArn

 

 

-- 5. ターゲットグループの作成

aws elbv2 create-target-group \
--name target01 \
--protocol HTTP \
--port 80 \
--vpc-id vpc-44444444444444444 \
--ip-address-type ipv4 \
--target-type instance

aws elbv2 describe-target-groups
aws elbv2 describe-target-groups| jq -r .TargetGroups.TargetGroupArn

aws elbv2 describe-target-group-attributes \
--target-group-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:targetgroup/target01/5555555555555555

 

aws elbv2 register-targets \
--target-group-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:targetgroup/target01/5555555555555555  \
--targets Id=i-66666666666666666 Id=i-77777777777777777

aws elbv2 describe-target-health \
--target-group-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:targetgroup/target01/5555555555555555

 

-- 6. リスナーの作成

aws elbv2 create-listener \
--load-balancer-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:loadbalancer/app/alb01/8888888888888888 \
--protocol HTTP \
--port 80  \
--default-actions Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:targetgroup/target01/5555555555555555

aws elbv2 describe-listeners \
--load-balancer-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:loadbalancer/app/alb01/8888888888888888

aws elbv2 describe-listeners \
--load-balancer-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:loadbalancer/app/alb01/8888888888888888 | jq -r .Listeners[].ListenerArn

-- 7. S3 バケットを作成する

aws s3 mb s3://bucket123

aws s3 ls

-- 8. バケットポリシーの作成

vim a.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::582318560864:root"
      },
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::bucket123/test/AWSLogs/999999999999/*"
    }
  ]
}

aws s3api put-bucket-policy \
--bucket bucket123 \
--policy file://a.json

aws s3api get-bucket-policy \
--bucket bucket123

 

-- 9. アクセスログ作成の有効化

aws elbv2 describe-load-balancer-attributes \
--load-balancer-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:loadbalancer/app/alb01/8888888888888888

aws elbv2 modify-load-balancer-attributes \
--load-balancer-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:loadbalancer/app/alb01/8888888888888888 \
--attributes '[
      {
          "Value": "true",
          "Key": "access_logs.s3.enabled"
      },
      {
          "Value": "test",
          "Key": "access_logs.s3.prefix"
      },
      {
          "Value": "bucket123",
          "Key": "access_logs.s3.bucket"
      }
  ]'

 

 

 

-- 10. アクセスログの確認

curl -v -X GET http://internal-alb01-0000000000.ap-northeast-1.elb.amazonaws.com

aws s3 ls s3://bucket123 --recursive

aws s3 cp s3://bucket123/test/AWSLogs/999999999999/elasticloadbalancing/ap-northeast-1/2022/05/05/999999999999_elasticloadbalancing_ap-northeast-1_app.alb01.8888888888888888_20220505T0100Z_172.31.12.34_xxxxxxxx.log.gz -  | gzip -dc 

-- 11. クリーンアップ

 

-- バケットの削除

aws s3 ls
aws s3 rb s3://bucket123  --force

 

-- リスナーの削除

aws elbv2 describe-listeners \
--load-balancer-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:loadbalancer/app/alb01/8888888888888888

aws elbv2 delete-listener \
--listener-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:listener/app/alb01/8888888888888888/aaaaaaaaaaaaaaaa

-- ターゲットグループの削除

aws elbv2 describe-target-groups

aws elbv2 deregister-targets \
--target-group-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:targetgroup/target01/5555555555555555 \
--targets Id=i-66666666666666666 Id=i-77777777777777777

aws elbv2 delete-target-group \
--target-group-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:targetgroup/target01/5555555555555555

 

-- ロードバランサーの削除

aws elbv2 describe-load-balancers

aws elbv2 delete-load-balancer \
--load-balancer-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:loadbalancer/app/alb01/8888888888888888

 

-- EC2インスタンスの削除

aws ec2 describe-instances

aws ec2 terminate-instances --instance-ids i-66666666666666666
aws ec2 terminate-instances --instance-ids i-77777777777777777