ec2_api_toolsはEC2をコマンドラインで管理するためのツールです。 使用するためにはx509証明書等の準備が必要なためその辺りの手順をまとめてみました。 ■環境情報 ・Operating system: Amazon Linux等 ・ec2_api_tools: 1.5.4.0 2012-05-01
■秘密鍵作成 [root@tanyao-aws02 ~]# mkdir -p /opt/ec2-api-tools/X.509/user01 [root@tanyao-aws02 ~]# cd /opt/ec2-api-tools/X.509/user01 [root@tanyao-aws02 user01]# openssl genrsa -out iam.key 2048 Generating RSA private key, 2048 bit long modulus ......................................................................................+++ ..........................................+++ e is 65537 (0x10001) [root@tanyao-aws02 user01]# ■秘密鍵からCSR (Certificate Signing Request: 証明書署名要求)を作成 [root@tanyao-aws02 user01]# openssl req -new -key iam.key -out iam.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]: State or Province Name (full name) [Berkshire]: Locality Name (eg, city) [Newbury]: Organization Name (eg, company) [My Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [root@tanyao-aws02 user01]# ※何も入力せずすべてEnter ■証明書作成 [root@tanyao-aws02 user01]# openssl x509 -req -in iam.csr -signkey iam.key -out iam.pem Signature ok subject=/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd Getting Private key [root@tanyao-aws02 user01]# ll total 12 -rw-r--r-- 1 root root 968 May 02 16:09 iam.csr -rw-r--r-- 1 root root 1675 May 02 16:08 iam.key -rw-r--r-- 1 root root 1127 May 02 16:10 iam.pem [root@tanyao-aws02 user01]# cat iam.pem -----BEGIN CERTIFICATE----- MIIDFDCCAfwCCQDhPLbzkt2PyDAN6kouoroshi0BAQUFADBMMQswCQYDVQQGEwJH QjESMBAGA1UECBMJQmVya3NoaXJlMRAwDgYDVQQHEwdOZXdidXJ5MRcwFQYDVQQK (中略) MbxkzKVcxBtQf20dtHh/lEpdep5gO8PrZXTpGGb90q2fhg6wZYakDpvw0jyMxVjz bcCVZLs6obbstrBIErhRn5qas443rjF52 -----END CERTIFICATE----- [root@tanyao-aws02 user01]# ■証明書登録 IAM > Users > ユーザ選択 > Security Credentials > Signing Certificates Certificate ID: NAGW***********ZTCOYEQD7GETW2VEC76 ■秘密鍵と証明書のファイル名にCertificate IDを使用すれば管理しやすい [root@tanyao-aws02 user01]# mv iam.csr csr-NAGW***********ZTCOYEQD7GETW2VEC76.pem [root@tanyao-aws02 user01]# mv iam.key pk-NAGW***********ZTCOYEQD7GETW2VEC76.pem [root@tanyao-aws02 user01]# mv iam.pem cert-NAGW***********ZTCOYEQD7GETW2VEC76.pem ■Amazon EC2 API Tools準備 ⇒JDKインストール [root@tanyao-aws02 ~]# yum install java-1.6.0-openjdk [root@tanyao-aws02 ~]# java -version java version "1.6.0_22" OpenJDK Runtime Environment (IcedTea6 1.10.6) (rhel-1.25.1.10.6.el5_8-x86_64) OpenJDK 64-Bit Server VM (build 20.0-b11, mixed mode) [root@tanyao-aws02 ~]# ⇒Amazon EC2 API Tools取得 [root@tanyao-aws02 ~]# cd /opt/installer/ [root@tanyao-aws02 installer]# wget http://s3.amazonaws.com/ec2-downloads/ec2-api-tools.zip (中略) 2012-05-02 19:50:38 (1.89 MB/s) - `ec2-api-tools.zip' saved [13926491/13926491] [root@tanyao-aws02 installer]# ⇒解凍&配置 [root@tanyao-aws02 installer]# unzip ec2-api-tools.zip [root@tanyao-aws02 installer]# cp -pr ec2-api-tools-1.5.4.0/* /opt/ec2-api-tools/ [root@tanyao-aws02 installer]# ll /opt/ec2-api-tools/ total 100 drwxr-xr-x 2 root root 32768 May 02 03:35 bin drwxr-xr-x 2 root root 4096 May 02 03:35 lib -rw-r--r-- 1 root root 4852 May 02 01:59 license.txt -rw-r--r-- 1 root root 539 May 02 01:59 notice.txt -rw-r--r-- 1 root root 46468 May 02 01:59 THIRDPARTYLICENSE.TXT drwxr-xr-x 3 root root 4096 May 02 19:45 X.509 [root@tanyao-aws02 installer]# ⇒環境変数設定 [root@tanyao-aws02 ~]# export JAVA_HOME=/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre [root@tanyao-aws02 ~]# export EC2_HOME=/opt/ec2-api-tools [root@tanyao-aws02 ~]# export PATH=$PATH:$EC2_HOME/bin [root@tanyao-aws02 ~]# export EC2_PRIVATE_KEY=$EC2_HOME/X.509/user01/pk-NAGW***********ZTCOYEQD7GETW2VEC76.pem [root@tanyao-aws02 ~]# export EC2_CERT=$EC2_HOME/X.509/user01/cert-NAGW***********ZTCOYEQD7GETW2VEC76.pem [root@tanyao-aws02 ~]# ec2ver 1.5.4.0 2012-05-01 [root@tanyao-aws02 ~]# ec2-describe-regions REGION eu-west-1 ec2.eu-west-1.amazonaws.com REGION sa-east-1 ec2.sa-east-1.amazonaws.com REGION us-east-1 ec2.us-east-1.amazonaws.com REGION ap-northeast-1 ec2.ap-northeast-1.amazonaws.com REGION us-west-2 ec2.us-west-2.amazonaws.com REGION us-west-1 ec2.us-west-1.amazonaws.com REGION ap-southeast-1 ec2.ap-southeast-1.amazonaws.com [root@tanyao-aws02 ~]#
0 件のコメント:
コメントを投稿