Last active
November 5, 2023 04:08
-
-
Save takat0-h0rikosh1/325ec475e9f28add5d016522a3ebaf6f to your computer and use it in GitHub Desktop.
serverless-bastion-files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM amazonlinux:2 | |
WORKDIR /app | |
COPY entrypoint.sh /app | |
RUN chmod -R +x /app | |
RUN rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022 \ | |
&& yum install -y \ | |
sudo \ | |
unzip \ | |
mysql-community-client \ | |
mysql-community-server \ | |
https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm \ | |
&& curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \ | |
&& unzip awscliv2.zip \ | |
&& ./aws/install \ | |
&& rm -rf ./aws ./awscliv2.zip | |
ENTRYPOINT ["/bin/bash", "/app/entrypoint.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
# 古いインスタンスをセッションマネージャーの登録から外す | |
INSTANCE_IDS=$(aws ssm describe-instance-information --query "InstanceInformationList[?Name=='my-bastion'].InstanceId" --output text) | |
for id in $INSTANCE_IDS; do | |
echo "Deregister managed instance $id..." | |
aws ssm deregister-managed-instance --instance-id $id | |
done | |
# 期限切れのアクティベーションを削除する | |
ACTIVATION_IDS=$(aws ssm describe-activations --filters FilterKey=DefaultInstanceName,FilterValues=my-bastion --query "ActivationList[*].ActivationId" --output text) | |
for id in $ACTIVATION_IDS; do | |
echo "Deleting expired activation $id..." | |
aws ssm delete-activation --activation-id $id | |
done | |
# 新設するインスタンス用のアクティベーション作成 | |
ACTIVATE_PARAMETERS=$(aws ssm create-activation \ | |
--default-instance-name "my-bastion" \ | |
--description "my-bastion" \ | |
--iam-role "ssm-service-role" \ | |
--region "ap-northeast-1") | |
export ACTIVATE_CODE=$(echo $ACTIVATE_PARAMETERS | jq -r .ActivationCode) | |
export ACTIVATE_ID=$(echo $ACTIVATE_PARAMETERS | jq -r .ActivationId) | |
# SSM Agent の立ち上げ | |
amazon-ssm-agent -register -code "${ACTIVATE_CODE}" -id "${ACTIVATE_ID}" -region "ap-northeast-1" -y | |
amazon-ssm-agent |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"family": "serverless-bastion", | |
"taskRoleArn": "arn:aws:iam::1234567890123:role/serverless-bastion-ecs-task", | |
"executionRoleArn": "arn:aws:iam::1234567890123:role/serverless-bastion-task-execution", | |
"containerDefinitions": [ | |
{ | |
"name": "serverless-bastion", | |
"image": "1234567890123.dkr.ecr.ap-northeast-1.amazonaws.com/serverless-bastion:latest", | |
"cpu": 0, | |
"portMappings": [], | |
"essential": true, | |
"environment": [], | |
"mountPoints": [], | |
"volumesFrom": [], | |
"logConfiguration": { | |
"logDriver": "awslogs", | |
"options": { | |
"awslogs-create-group": "true", | |
"awslogs-group": "/aws/ecs/serverless-bastion", | |
"awslogs-region": "ap-northeast-1", | |
"awslogs-stream-prefix": "ecs" | |
} | |
} | |
} | |
], | |
"networkMode": "awsvpc", | |
"requiresCompatibilities": [ | |
"FARGATE" | |
], | |
"cpu": "512", | |
"memory": "1024", | |
"runtimePlatform": { | |
"cpuArchitecture": "X86_64", | |
"operatingSystemFamily": "LINUX" | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Action": [ | |
"ssm:CreateActivation", | |
"iam:PassRole", | |
"ssm:DeleteActivation", | |
"ssm:DescribeInstanceInformation", | |
"ssm:DescribeActivations", | |
"ssm:DeregisterManagedInstance" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment