AWS 클립

포괄적 인 AWS CLI는 EC2, S3, Lambda 등 아마존 웹 서비스 인프라 관리 및 워크플로우를 명령합니다.

설치 및 구성

| | Command | Description | | | --- | --- | | | aws configure | Configure AWS credentials and region | | | | aws configure list | Show current configuration | | | | aws configure set region us-west-2 | Set default region | | | | aws configure set output json | Set output format | | | | aws sts get-caller-identity | Verify current identity | | | | aws configure list-profiles | List all configured profiles | | | | aws configure --profile myprofile | Configure named profile | |

EC2 (Elastic 컴퓨팅 클라우드)

Instance 관리

| | Command | Description | | | --- | --- | | | aws ec2 describe-instances | List all instances | | | | aws ec2 run-instances --image-id ami-12345 --instance-type t2.micro | Launch instance | | | | aws ec2 start-instances --instance-ids i-1234567890abcdef0 | Start instance | | | | aws ec2 stop-instances --instance-ids i-1234567890abcdef0 | Stop instance | | | | aws ec2 terminate-instances --instance-ids i-1234567890abcdef0 | Terminate instance | | | | aws ec2 reboot-instances --instance-ids i-1234567890abcdef0 | Reboot instance | |

보안 그룹

| | Command | Description | | | --- | --- | | | aws ec2 describe-security-groups | List security groups | | | | aws ec2 create-security-group --group-name MySecurityGroup --description "My security group" | Create security group | | | | aws ec2 authorize-security-group-ingress --group-id sg-12345 --protocol tcp --port 80 --cidr 0.0.0.0/0 | Add inbound rule | | | | aws ec2 revoke-security-group-ingress --group-id sg-12345 --protocol tcp --port 80 --cidr 0.0.0.0/0 | Remove inbound rule | |

키 쌍

| | Command | Description | | | --- | --- | | | aws ec2 describe-key-pairs | List key pairs | | | | aws ec2 create-key-pair --key-name MyKeyPair --query 'KeyMaterial' --output text > MyKeyPair.pem | Create key pair | | | | aws ec2 delete-key-pair --key-name MyKeyPair | Delete key pair | |

S3 (간단한 저장 서비스)

물통 가동

| | Command | Description | | | --- | --- | | | aws s3 ls | List all buckets | | | | aws s3 mb s3://my-bucket | Create bucket | | | | aws s3 rb s3://my-bucket | Remove empty bucket | | | | aws s3 rb s3://my-bucket --force | Remove bucket and all contents | | | | aws s3 ls s3://my-bucket | List objects in bucket | | | | aws s3 ls s3://my-bucket --recursive | List all objects recursively | |

파일 작업

| | Command | Description | | | --- | --- | | | aws s3 cp file.txt s3://my-bucket/ | Upload file | | | | aws s3 cp s3://my-bucket/file.txt . | Download file | | | | aws s3 sync ./local-folder s3://my-bucket/ | Sync local folder to S3 | | | | aws s3 sync s3://my-bucket/ ./local-folder | Sync S3 to local folder | | | | aws s3 rm s3://my-bucket/file.txt | Delete file | | | | aws s3 rm s3://my-bucket/ --recursive | Delete all files in bucket | |

고급 S3 작업

| | Command | Description | | | --- | --- | | | aws s3api get-bucket-versioning --bucket my-bucket | Check versioning status | | | | aws s3api put-bucket-versioning --bucket my-bucket --versioning-configuration Status=Enabled | Enable versioning | | | | aws s3api get-bucket-encryption --bucket my-bucket | Check encryption | | | | aws s3api put-bucket-encryption --bucket my-bucket --server-side-encryption-configuration file://encryption.json | Enable encryption | |

스낵 바

기능 관리

| | Command | Description | | | --- | --- | | | aws lambda list-functions | List all functions | | | | aws lambda create-function --function-name my-function --runtime python3.9 --role arn:aws:iam::123456789012:role/lambda-role --handler lambda_function.lambda_handler --zip-file fileb://function.zip | Create function | | | | aws lambda update-function-code --function-name my-function --zip-file fileb://function.zip | Update function code | | | | aws lambda invoke --function-name my-function output.txt | Invoke function | | | | aws lambda delete-function --function-name my-function | Delete function | |

기능 구성

| | Command | Description | | | --- | --- | | | aws lambda get-function --function-name my-function | Get function details | | | | aws lambda update-function-configuration --function-name my-function --timeout 30 | Update timeout | | | | aws lambda update-function-configuration --function-name my-function --memory-size 256 | Update memory | | | | aws lambda put-function-event-invoke-config --function-name my-function --maximum-retry-attempts 1 | Configure retries | |

IAM (Identity 및 Access Management)

사용자 관리

| | Command | Description | | | --- | --- | | | aws iam list-users | List all users | | | | aws iam create-user --user-name myuser | Create user | | | | aws iam delete-user --user-name myuser | Delete user | | | | aws iam get-user --user-name myuser | Get user details | | | | aws iam create-access-key --user-name myuser | Create access key | | | | aws iam delete-access-key --user-name myuser --access-key-id AKIAIOSFODNN7EXAMPLE | Delete access key | |

역할 관리

| | Command | Description | | | --- | --- | | | aws iam list-roles | List all roles | | | | aws iam create-role --role-name MyRole --assume-role-policy-document file://trust-policy.json | Create role | | | | aws iam attach-role-policy --role-name MyRole --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess | Attach policy to role | | | | aws iam detach-role-policy --role-name MyRole --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess | Detach policy from role | |

정책 관리

| | Command | Description | | | --- | --- | | | aws iam list-policies | List all policies | | | | aws iam create-policy --policy-name MyPolicy --policy-document file://policy.json | Create policy | | | | aws iam delete-policy --policy-arn arn:aws:iam::123456789012:policy/MyPolicy | Delete policy | | | | aws iam get-policy --policy-arn arn:aws:iam::123456789012:policy/MyPolicy | Get policy details | |

구름 형성

스택 관리

| | Command | Description | | | --- | --- | | | aws cloudformation list-stacks | List all stacks | | | | aws cloudformation create-stack --stack-name my-stack --template-body file://template.yaml | Create stack | | | | aws cloudformation update-stack --stack-name my-stack --template-body file://template.yaml | Update stack | | | | aws cloudformation delete-stack --stack-name my-stack | Delete stack | | | | aws cloudformation describe-stacks --stack-name my-stack | Get stack details | | | | aws cloudformation describe-stack-events --stack-name my-stack | Get stack events | |

템플릿 작업

| | Command | Description | | | --- | --- | | | aws cloudformation validate-template --template-body file://template.yaml | Validate template | | | | aws cloudformation estimate-template-cost --template-body file://template.yaml | Estimate costs | | | | aws cloudformation get-template --stack-name my-stack | Get stack template | |

RDS (관련 데이터베이스 서비스)

Database Instance 관리

| | Command | Description | | | --- | --- | | | aws rds describe-db-instances | List all DB instances | | | | aws rds create-db-instance --db-instance-identifier mydb --db-instance-class db.t3.micro --engine mysql --master-username admin --master-user-password mypassword --allocated-storage 20 | Create DB instance | | | | aws rds start-db-instance --db-instance-identifier mydb | Start DB instance | | | | aws rds stop-db-instance --db-instance-identifier mydb | Stop DB instance | | | | aws rds delete-db-instance --db-instance-identifier mydb --skip-final-snapshot | Delete DB instance | |

데이터베이스 Snapshots

| | Command | Description | | | --- | --- | | | aws rds describe-db-snapshots | List all snapshots | | | | aws rds create-db-snapshot --db-instance-identifier mydb --db-snapshot-identifier mydb-snapshot | Create snapshot | | | | aws rds restore-db-instance-from-db-snapshot --db-instance-identifier mydb-restored --db-snapshot-identifier mydb-snapshot | Restore from snapshot | | | | aws rds delete-db-snapshot --db-snapshot-identifier mydb-snapshot | Delete snapshot | |

VPC(Virtual Private Cloud)

모형: VPC 회사연혁

| | Command | Description | | | --- | --- | | | aws ec2 describe-vpcs | List all VPCs | | | | aws ec2 create-vpc --cidr-block 10.0.0.0/16 | Create VPC | | | | aws ec2 delete-vpc --vpc-id vpc-12345678 | Delete VPC | | | | aws ec2 describe-subnets | List all subnets | | | | aws ec2 create-subnet --vpc-id vpc-12345678 --cidr-block 10.0.1.0/24 | Create subnet | |

노선표

| | Command | Description | | | --- | --- | | | aws ec2 describe-route-tables | List route tables | | | | aws ec2 create-route-table --vpc-id vpc-12345678 | Create route table | | | | aws ec2 create-route --route-table-id rtb-12345678 --destination-cidr-block 0.0.0.0/0 --gateway-id igw-12345678 | Add route | | | | aws ec2 associate-route-table --subnet-id subnet-12345678 --route-table-id rtb-12345678 | Associate route table | |

클라우드워치

미터 및 경보

| | Command | Description | | | --- | --- | | | aws cloudwatch list-metrics | List all metrics | | | | aws cloudwatch get-metric-statistics --namespace AWS/EC2 --metric-name CPUUtilization --dimensions Name=InstanceId,Value=i-1234567890abcdef0 --statistics Average --start-time 2023-01-01T00:00:00Z --end-time 2023-01-02T00:00:00Z --period 3600 | Get metric statistics | | | | aws cloudwatch describe-alarms | List all alarms | | | | aws cloudwatch put-metric-alarm --alarm-name cpu-mon --alarm-description "Alarm when CPU exceeds 70%" --metric-name CPUUtilization --namespace AWS/EC2 --statistic Average --period 300 --threshold 70.0 --comparison-operator GreaterThanThreshold | Create alarm | |

| | Command | Description | | | --- | --- | | | aws logs describe-log-groups | List log groups | | | | aws logs create-log-group --log-group-name my-log-group | Create log group | | | | aws logs describe-log-streams --log-group-name my-log-group | List log streams | | | | aws logs get-log-events --log-group-name my-log-group --log-stream-name my-log-stream | Get log events | |

최고의 연습

계정 관리

** IAM 역할 사용 **: EC2 인스턴스에 액세스 키에 Prefer IAM 역할
Least Privilege: 최소 필요한 권한 부여
MFA: 민감한 작업을 위한 다중 요인 인증
명세 Rotate Keys : 일반적으로 액세스 키와 암호를 회전

비용 최적화

** 리소스 태그**: 비용 추적을위한 모든 리소스
** 비행 조정 **: 모니터 및 사용 기반 인스턴스 크기를 조정
Reserved Instances: 예측 가능한 워크로드에 대한 예약된 인스턴스 사용
명세 Spot Instances: 잘못된 작업 부하에 대한 스팟 인스턴스 사용

회사연혁

CloudFormation: reproducible 배포에 대한 코드로 인프라 사용
AWS CLI 스크립트: 쉘 스크립트를 가진 Automate 반복 작업
AWS SDK: 애플리케이션 통합을 위한 AWS SDK 사용
명세 CI/CD: AWS CLI를 연속 통합 파이프라인으로 통합