AWS 클립
포괄적 인 AWS CLI는 EC2, S3, Lambda 등 아마존 웹 서비스 인프라 관리 및 워크플로우를 명령합니다.
설치 및 구성
| Command |
Description |
aws configure |
Configure AWS credentials and region |
aws configure list |
Show current configuration |
aws configure set region us-west-2 |
Set default region |
aws configure set output json |
Set output format |
aws sts get-caller-identity |
Verify current identity |
aws configure list-profiles |
List all configured profiles |
aws configure --profile myprofile |
Configure named profile |
EC2 (Elastic 컴퓨팅 클라우드)
Instance 관리
| Command |
Description |
aws ec2 describe-instances |
List all instances |
aws ec2 run-instances --image-id ami-12345 --instance-type t2.micro |
Launch instance |
aws ec2 start-instances --instance-ids i-1234567890abcdef0 |
Start instance |
aws ec2 stop-instances --instance-ids i-1234567890abcdef0 |
Stop instance |
aws ec2 terminate-instances --instance-ids i-1234567890abcdef0 |
Terminate instance |
aws ec2 reboot-instances --instance-ids i-1234567890abcdef0 |
Reboot instance |
보안 그룹
| Command |
Description |
aws ec2 describe-security-groups |
List security groups |
aws ec2 create-security-group --group-name MySecurityGroup --description "My security group" |
Create security group |
aws ec2 authorize-security-group-ingress --group-id sg-12345 --protocol tcp --port 80 --cidr 0.0.0.0/0 |
Add inbound rule |
aws ec2 revoke-security-group-ingress --group-id sg-12345 --protocol tcp --port 80 --cidr 0.0.0.0/0 |
Remove inbound rule |
키 쌍
| Command |
Description |
aws ec2 describe-key-pairs |
List key pairs |
aws ec2 create-key-pair --key-name MyKeyPair --query 'KeyMaterial' --output text > MyKeyPair.pem |
Create key pair |
aws ec2 delete-key-pair --key-name MyKeyPair |
Delete key pair |
S3 (간단한 저장 서비스)
물통 가동
| Command |
Description |
aws s3 ls |
List all buckets |
aws s3 mb s3://my-bucket |
Create bucket |
aws s3 rb s3://my-bucket |
Remove empty bucket |
aws s3 rb s3://my-bucket --force |
Remove bucket and all contents |
aws s3 ls s3://my-bucket |
List objects in bucket |
aws s3 ls s3://my-bucket --recursive |
List all objects recursively |
파일 작업
| Command |
Description |
aws s3 cp file.txt s3://my-bucket/ |
Upload file |
aws s3 cp s3://my-bucket/file.txt . |
Download file |
aws s3 sync ./local-folder s3://my-bucket/ |
Sync local folder to S3 |
aws s3 sync s3://my-bucket/ ./local-folder |
Sync S3 to local folder |
aws s3 rm s3://my-bucket/file.txt |
Delete file |
aws s3 rm s3://my-bucket/ --recursive |
Delete all files in bucket |
고급 S3 작업
| Command |
Description |
aws s3api get-bucket-versioning --bucket my-bucket |
Check versioning status |
aws s3api put-bucket-versioning --bucket my-bucket --versioning-configuration Status=Enabled |
Enable versioning |
aws s3api get-bucket-encryption --bucket my-bucket |
Check encryption |
aws s3api put-bucket-encryption --bucket my-bucket --server-side-encryption-configuration file://encryption.json |
Enable encryption |
스낵 바
기능 관리
| Command |
Description |
aws lambda list-functions |
List all functions |
aws lambda create-function --function-name my-function --runtime python3.9 --role arn:aws:iam::123456789012:role/lambda-role --handler lambda_function.lambda_handler --zip-file fileb://function.zip |
Create function |
aws lambda update-function-code --function-name my-function --zip-file fileb://function.zip |
Update function code |
aws lambda invoke --function-name my-function output.txt |
Invoke function |
aws lambda delete-function --function-name my-function |
Delete function |
기능 구성
| Command |
Description |
aws lambda get-function --function-name my-function |
Get function details |
aws lambda update-function-configuration --function-name my-function --timeout 30 |
Update timeout |
aws lambda update-function-configuration --function-name my-function --memory-size 256 |
Update memory |
aws lambda put-function-event-invoke-config --function-name my-function --maximum-retry-attempts 1 |
Configure retries |
IAM (Identity 및 Access Management)
사용자 관리
| Command |
Description |
aws iam list-users |
List all users |
aws iam create-user --user-name myuser |
Create user |
aws iam delete-user --user-name myuser |
Delete user |
aws iam get-user --user-name myuser |
Get user details |
aws iam create-access-key --user-name myuser |
Create access key |
aws iam delete-access-key --user-name myuser --access-key-id AKIAIOSFODNN7EXAMPLE |
Delete access key |
역할 관리
| Command |
Description |
aws iam list-roles |
List all roles |
aws iam create-role --role-name MyRole --assume-role-policy-document file://trust-policy.json |
Create role |
aws iam attach-role-policy --role-name MyRole --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess |
Attach policy to role |
aws iam detach-role-policy --role-name MyRole --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess |
Detach policy from role |
정책 관리
| Command |
Description |
aws iam list-policies |
List all policies |
aws iam create-policy --policy-name MyPolicy --policy-document file://policy.json |
Create policy |
aws iam delete-policy --policy-arn arn:aws:iam::123456789012:policy/MyPolicy |
Delete policy |
aws iam get-policy --policy-arn arn:aws:iam::123456789012:policy/MyPolicy |
Get policy details |
구름 형성
스택 관리
| Command |
Description |
aws cloudformation list-stacks |
List all stacks |
aws cloudformation create-stack --stack-name my-stack --template-body file://template.yaml |
Create stack |
aws cloudformation update-stack --stack-name my-stack --template-body file://template.yaml |
Update stack |
aws cloudformation delete-stack --stack-name my-stack |
Delete stack |
aws cloudformation describe-stacks --stack-name my-stack |
Get stack details |
aws cloudformation describe-stack-events --stack-name my-stack |
Get stack events |
템플릿 작업
| Command |
Description |
aws cloudformation validate-template --template-body file://template.yaml |
Validate template |
aws cloudformation estimate-template-cost --template-body file://template.yaml |
Estimate costs |
aws cloudformation get-template --stack-name my-stack |
Get stack template |
RDS (관련 데이터베이스 서비스)
Database Instance 관리
| Command |
Description |
aws rds describe-db-instances |
List all DB instances |
aws rds create-db-instance --db-instance-identifier mydb --db-instance-class db.t3.micro --engine mysql --master-username admin --master-user-password mypassword --allocated-storage 20 |
Create DB instance |
aws rds start-db-instance --db-instance-identifier mydb |
Start DB instance |
aws rds stop-db-instance --db-instance-identifier mydb |
Stop DB instance |
aws rds delete-db-instance --db-instance-identifier mydb --skip-final-snapshot |
Delete DB instance |
데이터베이스 Snapshots
| Command |
Description |
aws rds describe-db-snapshots |
List all snapshots |
aws rds create-db-snapshot --db-instance-identifier mydb --db-snapshot-identifier mydb-snapshot |
Create snapshot |
aws rds restore-db-instance-from-db-snapshot --db-instance-identifier mydb-restored --db-snapshot-identifier mydb-snapshot |
Restore from snapshot |
aws rds delete-db-snapshot --db-snapshot-identifier mydb-snapshot |
Delete snapshot |
VPC(Virtual Private Cloud)
모형: VPC 회사연혁
| Command |
Description |
aws ec2 describe-vpcs |
List all VPCs |
aws ec2 create-vpc --cidr-block 10.0.0.0/16 |
Create VPC |
aws ec2 delete-vpc --vpc-id vpc-12345678 |
Delete VPC |
aws ec2 describe-subnets |
List all subnets |
aws ec2 create-subnet --vpc-id vpc-12345678 --cidr-block 10.0.1.0/24 |
Create subnet |
노선표
| Command |
Description |
aws ec2 describe-route-tables |
List route tables |
aws ec2 create-route-table --vpc-id vpc-12345678 |
Create route table |
aws ec2 create-route --route-table-id rtb-12345678 --destination-cidr-block 0.0.0.0/0 --gateway-id igw-12345678 |
Add route |
aws ec2 associate-route-table --subnet-id subnet-12345678 --route-table-id rtb-12345678 |
Associate route table |
클라우드워치
미터 및 경보
| Command |
Description |
aws cloudwatch list-metrics |
List all metrics |
aws cloudwatch get-metric-statistics --namespace AWS/EC2 --metric-name CPUUtilization --dimensions Name=InstanceId,Value=i-1234567890abcdef0 --statistics Average --start-time 2023-01-01T00:00:00Z --end-time 2023-01-02T00:00:00Z --period 3600 |
Get metric statistics |
aws cloudwatch describe-alarms |
List all alarms |
aws cloudwatch put-metric-alarm --alarm-name cpu-mon --alarm-description "Alarm when CPU exceeds 70%" --metric-name CPUUtilization --namespace AWS/EC2 --statistic Average --period 300 --threshold 70.0 --comparison-operator GreaterThanThreshold |
Create alarm |
로그인
| Command |
Description |
aws logs describe-log-groups |
List log groups |
aws logs create-log-group --log-group-name my-log-group |
Create log group |
aws logs describe-log-streams --log-group-name my-log-group |
List log streams |
aws logs get-log-events --log-group-name my-log-group --log-stream-name my-log-stream |
Get log events |
최고의 연습
계정 관리
- ** IAM 역할 사용 **: EC2 인스턴스에 액세스 키에 Prefer IAM 역할
- Least Privilege: 최소 필요한 권한 부여
- MFA: 민감한 작업을 위한 다중 요인 인증
- 명세 **Rotate Keys **: 일반적으로 액세스 키와 암호를 회전
비용 최적화
- ** 리소스 태그**: 비용 추적을위한 모든 리소스
- ** 비행 조정 **: 모니터 및 사용 기반 인스턴스 크기를 조정
- Reserved Instances: 예측 가능한 워크로드에 대한 예약된 인스턴스 사용
- 명세 Spot Instances: 잘못된 작업 부하에 대한 스팟 인스턴스 사용
회사연혁
- CloudFormation: reproducible 배포에 대한 코드로 인프라 사용
- AWS CLI 스크립트: 쉘 스크립트를 가진 Automate 반복 작업
- AWS SDK: 애플리케이션 통합을 위한 AWS SDK 사용
- 명세 CI/CD: AWS CLI를 연속 통합 파이프라인으로 통합