awscliでVPCのDHCP Options Setの設定をする
VPCにはDHCP Options Setという機能があり、DHCPで設定される設定をカスタマイズ出来ます。
今回はawscliでの設定方法と、カスタマイズされた設定の確認をしたいと思います。
環境構築
VPCの作成
$ aws ec2 create-vpc --cidr-block 10.0.0.0/16 --instance-tenancy default --region ap-northeast-1
{
"Vpc": {
"InstanceTenancy": "default",
"State": "pending",
"VpcId": "vpc-aa4958c8",
"CidrBlock": "10.0.0.0/16",
"DhcpOptionsId": "dopt-03c5a56a"
}
}VPCのDNS SupportとDNS Hostnamesを有効にします。
$ aws ec2 modify-vpc-attribute --vpc-id vpc-aa4958c8 --enable-dns-support "{\"Value\":true}" --region ap-northeast-1
{
"return": "true"
}
$ aws ec2 modify-vpc-attribute --vpc-id vpc-aa4958c8 --enable-dns-hostnames "{\"Value\":true}" --region ap-northeast-1
{
"return": "true"
}VPC Subnetを作成します。
$ aws ec2 create-subnet --cidr-block 10.0.0.0/24 --vpc-id vpc-aa4958c8 --availability-zone ap-northeast-1a --region ap-northeast-1
{
"Subnet": {
"VpcId": "vpc-aa4958c8",
"CidrBlock": "10.0.0.0/24",
"State": "pending",
"AvailabilityZone": "ap-northeast-1a",
"SubnetId": "subnet-e71f1685",
"AvailableIpAddressCount": 251
}
}カスタマイズしたDHCP Options Setを作成し、VPCに割り当てます
$ aws ec2 create-dhcp-options --dhcp-configuration \
"Key=domain-name,Values=okochang.com" \
"Key=domain-name-servers,Values=8.8.8.8,8.8.4.4" \
"Key=ntp-servers,Values=210.173.160.27" \
--region ap-northeast-1
{
"DhcpOptions": {
"DhcpConfigurations": [
{
"Values": [
"210.173.160.27"
],
"Key": "ntp-servers"
},
{
"Values": [
"okochang.com"
],
"Key": "domain-name"
},
{
"Values": [
"8.8.4.4",
"8.8.8.8"
],
"Key": "domain-name-servers"
}
],
"DhcpOptionsId": "dopt-8bf1f9e9"
}
}
$ aws ec2 associate-dhcp-options --vpc-id vpc-aa4958c8 --dhcp-options-id dopt-8bf1f9e9 --region ap-northeast-1
{
"return": "true"
}Internet Gatewayを作成し、VPCに割り当てます
$ aws ec2 create-internet-gateway --region ap-northeast-1
{
"InternetGateway": {
"Tags": [],
"InternetGatewayId": "igw-d6796cb4",
"Attachments": []
}
}
$ aws ec2 attach-internet-gateway --vpc-id vpc-aa4958c8 --internet-gateway-id igw-d6796cb4 --region ap-northeast-1
{
"return": "true"
}Route Tableを作成し、VPCに割り当て、Internet Gatewayにルーティングをします。
$ aws ec2 create-route-table --vpc-id vpc-aa4958c8 --region ap-northeast-1
{
"RouteTable": {
"Associations": [],
"RouteTableId": "rtb-545b4b36",
"VpcId": "vpc-aa4958c8",
"PropagatingVgws": [],
"Tags": [],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "10.0.0.0/16",
"State": "active"
}
]
}
}
$ aws ec2 associate-route-table --subnet-id subnet-e71f1685 --route-table-id rtb-545b4b36 --region ap-northeast-1
{
"AssociationId": "rtbassoc-950010f7"
}
$ aws ec2 create-route --route-table-id rtb-545b4b36 --destination-cidr-block 0.0.0.0/0 --gateway-id igw-d6796cb4 --region ap-northeast-1
{
"return": "true"
}Security Groupに作成し、ルールを追加します
$ aws ec2 create-security-group --group-name okochang-group --description "test security group" --vpc-id vpc-aa4958c8 --region ap-northeast-1
{
"return": "true",
"GroupId": "sg-654c5007"
}
$ aws ec2 authorize-security-group-ingress --group-id sg-654c5007 --cidr 0.0.0.0/0 --protocol tcp --port 22 --region ap-northeast-1
{
"return": "true"
}接続用のSSHキーを作成します
$ aws ec2 create-key-pair --key-name okochang-key --region ap-northeast-1
{
"KeyMaterial": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIqr00==中略==JRGHg2o6kls0w==\n-----END RSA PRIVATE KEY-----",
"KeyName": "okochang-key",
"KeyFingerprint": "11:aa:22:bb:33:cc:44:dd:55:ee:66:ff:77:gg:88:hh:99:ii:10:jj"
}動作確認用のインスタンスを起動します
$ aws ec2 run-instances \
--image-id ami-0d13700c \
--key-name okochang-key \
--security-group-ids sg-654c5007 \
--instance-type t1.micro \
--subnet-id subnet-e71f1685 \
--disable-api-termination \
--instance-initiated-shutdown-behavior stop \
--private-ip-address 10.0.0.10 \
--associate-public-ip-address --region ap-northeast-1
{
"OwnerId": "12345678910",
"ReservationId": "r-f48d4cf1",
"Groups": [],
"Instances": [
{
"Monitoring": {
"State": "disabled"
},
"PublicDnsName": null,
"KernelId": "aki-176bf516",
"State": {
"Code": 0,
"Name": "pending"
},
"EbsOptimized": false,
"LaunchTime": "2014-01-25T12:58:08.000Z",
"PrivateIpAddress": "10.0.0.10",
"ProductCodes": [],
"VpcId": "vpc-aa4958c8",
"StateTransitionReason": null,
"InstanceId": "i-eaae01ef",
"ImageId": "ami-0d13700c",
"PrivateDnsName": "ip-10-0-0-10.ap-northeast-1.compute.internal",
"KeyName": "okochang-key",
"SecurityGroups": [
{
"GroupName": "okochang-group",
"GroupId": "sg-654c5007"
}
],
"ClientToken": null,
"SubnetId": "subnet-e71f1685",
"InstanceType": "t1.micro",
"NetworkInterfaces": [
{
"Status": "in-use",
"SourceDestCheck": true,
"VpcId": "vpc-aa4958c8",
"Description": null,
"NetworkInterfaceId": "eni-e9beaa8b",
"PrivateIpAddresses": [
{
"PrivateDnsName": "ip-10-0-0-10.ap-northeast-1.compute.internal",
"Primary": true,
"PrivateIpAddress": "10.0.0.10"
}
],
"PrivateDnsName": "ip-10-0-0-10.ap-northeast-1.compute.internal",
"Attachment": {
"Status": "attaching",
"DeviceIndex": 0,
"DeleteOnTermination": true,
"AttachmentId": "eni-attach-41085c44",
"AttachTime": "2014-01-25T12:58:08.000Z"
},
"Groups": [
{
"GroupName": "okochang-group",
"GroupId": "sg-654c5007"
}
],
"SubnetId": "subnet-e71f1685",
"OwnerId": "12345678910",
"PrivateIpAddress": "10.0.0.10"
}
],
"SourceDestCheck": true,
"Placement": {
"Tenancy": "default",
"GroupName": null,
"AvailabilityZone": "ap-northeast-1a"
},
"Hypervisor": "xen",
"BlockDeviceMappings": [],
"Architecture": "x86_64",
"StateReason": {
"Message": "pending",
"Code": "pending"
},
"RootDeviceName": "/dev/sda1",
"VirtualizationType": "paravirtual",
"RootDeviceType": "ebs",
"AmiLaunchIndex": 0
}
]
}
動作確認
resolv.confやntp.confを見るとDHCP Option Setで指定した値が/sbin/dhclient-scriptスクリプトによって設定されたことが分かります。
$ cat /etc/resolv.conf ; generated by /sbin/dhclient-script search okochang.com nameserver 8.8.4.4 nameserver 8.8.8.8 $ tail -3 /etc/ntp.conf interface listen eth0 interface ignore ipv6 server 210.173.160.27 # added by /sbin/dhclient-script
