SQL Server Always On Failover Cluster Instanceの共有ストレージにAmazon FSx for NetApp ONTAPを使ってみた
私はMulti-AZ構成のブロックストレージを使えるFSx for ONTAPが大好きです
HAクラスターはロマン
こんにちは、のんピ(@non____97)です。
皆さんはHAクラスターにロマンを感じますか? 私は感じます。
以前、RHELのHigh Availability Add-Onでクラスターを構成しましたが、その時も興奮してしまいました。
そんな折、AWS Launch Wizard が Amazon FSx for NetApp ONTAP を使用した SQL Server のデプロイのサポートをしたとアナウンスがありました。
AWS Launch Wizard が Amazon FSx for NetApp ONTAP を使用した SQL Server のデプロイのサポートを開始
以下記事やAWS公式ブログでも紹介されていますが、SQL Server Always On Failover Cluster Instance (以降FCI)の構築の道のりは結構長いです。
これがLaunch Wizardで簡単にデプロイできるとなると非常に嬉しいですね。
実際に試してみたので紹介します。
Alywas On FCI自体の詳細については以下Microsoftのドキュメントをご覧ください。
Launch Wizardアプリケーションの作成
早速Launch WizardでSQL Server FCIを構築していきます。
Launch WizardのコンソールからChoose applicationをクリックします。
SQL Serverを選択して、Create deploymentをクリックします。
使用するIAMロールAmazonEC2RoleForLaunchWizardの確認をしてNextをクリックします。
AmazonEC2RoleForLaunchWizardにはマネージドポリシーのAmazonSSMManagedInstanceCoreとAmazonEC2RolePolicyForLaunchWizardがアタッチされていました。
以降各種設定を行います。
Always On Failover Cluster Instanceを選択し、共有ストレージとして、Amazon FSx for NetApp ONTAPを選択します。
デプロイ名やSNS、CloudWatch Logs、AWS Service Catalogの設定をします。
接続周りの設定をします。今回はVPCも一緒に作成してもらいます。
ADの設定をします。
SQL Serverの設定をします。AMIはSQL Server Standardが含まれるAMIにしました。
次にEC2インスタンスやFSx for ONTAPなどワークロードのスペックを設定します。
インスタンスタイプはc6a.xlargeにして、ストレージサイズは下限の1024GBにしました。LUNのサイズはストレージサイズに応じて自動で設定されます。
設定した値に問題ないことを確認して、Deployをクリックします。
デプロイが始まると、StatusがIn Progressになりました。
設定値も確認できます。
3時間ほど待つと、StatusがCompletedになりました。
SNSの設定をしたので、完了したタイミングで以下のメッセージのメールが飛んできました。
{
"applicationId": "SQLHAFCIONTAP",
"applicationName": "FCI",
"applicationStatus": "COMPLETED",
"serviceName": "AWS Launch Wizard",
"statusMessage": "Application provisioned successfully.",
"saveDeploymentStatus": "Successfully saved deployment to Service Catalog. Product Id is prod-uw37w7iivusci",
"timeStamp": "2022-08-02T02:48:24.962Z"
}
AWS Service Catalog用に指定したS3バケットを確認すると、CloudFormationのテンプレートや設定用のスクリプトが保存されていました。
> tree
.
└── FCI
├── FCI-1659408433983
│ ├── FCI-SQLHAFCIONTAP-template.json
│ └── sql
│ ├── DSC.zip
│ ├── DSC.zip.sig
│ ├── Installer
│ │ ├── WMF51.zip
│ │ ├── WMF51.zip.sig
│ │ ├── powershell.zip
│ │ ├── powershell.zip.sig
│ │ ├── sqlspcu.zip
│ │ └── sqlspcu.zip.sig
│ ├── modules
│ │ ├── AWSLaunchWizardForCFN.zip
│ │ ├── AWSLaunchWizardForCFN.zip.sig
│ │ ├── AWSLaunchWizardForSSM.zip
│ │ ├── AWSLaunchWizardForSSM.zip.sig
│ │ ├── AmznFailoverCluster.zip
│ │ └── AmznFailoverCluster.zip.sig
│ ├── scripts
│ │ ├── Unzip-Archive.ps1
│ │ ├── Verify-Signature.ps1
│ │ ├── common.zip
│ │ ├── common.zip.sig
│ │ ├── sqlfci.zip
│ │ ├── sqlfci.zip.sig
│ │ ├── sqlha.zip
│ │ ├── sqlha.zip.sig
│ │ ├── sqlontap.zip
│ │ └── sqlontap.zip.sig
│ └── templates
│ ├── ad.template
│ ├── adfci.template
│ ├── aws-vpc.template
│ ├── rdgw-domain-fci.template
│ ├── rdgw-domain.template
│ ├── sql-windows-fci-ontap.template
│ ├── sql-windows-fci.template
│ ├── sql-windows-single-node.template
│ ├── sql.template
│ └── sqlha-master.template
└── LaunchWizard-TestObject
7 directories, 36 files
作成されたAWSリソースの確認
CloudFormationスタック
Launch Wizardによる各種リソースのデプロイが完了したので、デプロイされたリソースを確認していきます。
まず、CloudFormationのスタックを確認します。
スタック一覧を確認するとスタックが4つ作成され、その内3つはネストされたスタックでした。
それぞれVPC、AD、SQL Server周りとスタックが分かれているようです。
VPCのスタックで作成されたリソースは以下の通りです。特に珍しいリソースは定義されていないようですね。
ADのスタックで作成されたリソースは以下の通りです。Managed Microsoft ADのみ作成したようです。
SQL Server周りのスタックで作成されたリソースは以下の通りです。SQL ServerのEC2インスタンスや、FSx for ONTAP、各種認証情報用のSecrets Managerなどが作成されました。
VPC
作成されたVPCを確認します。
$ vpc_id=vpc-0026585a9c8fcb68b
$ aws ec2 describe-vpcs \
--vpc-ids "$vpc_id"
{
"Vpcs": [
{
"CidrBlock": "10.0.0.0/16",
"DhcpOptionsId": "dopt-0562e91403a120f09",
"State": "available",
"VpcId": "vpc-0026585a9c8fcb68b",
"OwnerId": "<AWSアカウントID>",
"InstanceTenancy": "default",
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-0229a3ac07d0f8ab0",
"CidrBlock": "10.0.0.0/16",
"CidrBlockState": {
"State": "associated"
}
}
],
"IsDefault": false,
"Tags": [
{
"Key": "SourceTemplate",
"Value": "AWSLaunchWizard"
},
{
"Key": "aws:cloudformation:stack-name",
"Value": "LaunchWizard-FCI-VPCStack-343HLM475QMN"
},
{
"Key": "aws:cloudformation:stack-id",
"Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-VPCStack-343HLM475QMN/48612860-11f5-11ed-b9ff-0a0c71e6a93f"
},
{
"Key": "LaunchWizardResourceGroupID",
"Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
},
{
"Key": "LaunchWizardApplicationType",
"Value": "SQL_SERVER"
},
{
"Key": "aws:cloudformation:logical-id",
"Value": "VPC"
},
{
"Key": "Name",
"Value": "FCI-VPC"
}
]
}
]
}
VPCのCIDRが10.0.0.0/16と贅沢な割り当て方をしています。Direct ConnectやVPCピアリングなどで他のネットワークと接続する場合は重複しないように気をつける必要がありますね。
DHCP Option Sets
DHCP Option Setsの確認をします。
$ aws ec2 describe-dhcp-options \
--dhcp-options-ids dopt-0562e91403a120f09
{
"DhcpOptions": [
{
"DhcpConfigurations": [
{
"Key": "domain-name",
"Values": [
{
"Value": "ec2.internal"
}
]
},
{
"Key": "domain-name-servers",
"Values": [
{
"Value": "AmazonProvidedDNS"
}
]
}
],
"DhcpOptionsId": "dopt-0562e91403a120f09",
"OwnerId": "<AWSアカウントID>",
"Tags": [
{
"Key": "LaunchWizardApplicationType",
"Value": "SQL_SERVER"
},
{
"Key": "aws:cloudformation:logical-id",
"Value": "DHCPOptions"
},
{
"Key": "LaunchWizardResourceGroupID",
"Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
},
{
"Key": "aws:cloudformation:stack-id",
"Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-VPCStack-343HLM475QMN/48612860-11f5-11ed-b9ff-0a0c71e6a93f"
},
{
"Key": "SourceTemplate",
"Value": "AWSLaunchWizard"
},
{
"Key": "aws:cloudformation:stack-name",
"Value": "LaunchWizard-FCI-VPCStack-343HLM475QMN"
}
]
}
]
}
ドメイン名やDNSサーバーはManaged Microsoft ADに設定したドメイン名やドメインコントローラーのIPアドレスに設定されていないので注意が必要です。
Subnet
サブネットの確認をします。
長過ぎたので折りたたみます。
Subnet (折りたたみ)
$ aws ec2 describe-subnets \
--filters Name=vpc-id,Values="$vpc_id"
{
"Subnets": [
{
"AvailabilityZone": "us-east-1a",
"AvailabilityZoneId": "use1-az6",
"AvailableIpAddressCount": 4085,
"CidrBlock": "10.0.0.0/20",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"MapCustomerOwnedIpOnLaunch": false,
"State": "available",
"SubnetId": "subnet-0c5d66ec1307e28fc",
"VpcId": "vpc-0026585a9c8fcb68b",
"OwnerId": "<AWSアカウントID>",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"Tags": [
{
"Key": "LaunchWizardApplicationType",
"Value": "SQL_SERVER"
},
{
"Key": "aws:cloudformation:logical-id",
"Value": "PrivateSubnet1"
},
{
"Key": "aws:cloudformation:stack-name",
"Value": "LaunchWizard-FCI-VPCStack-343HLM475QMN"
},
{
"Key": "Name",
"Value": "Private subnet 1"
},
{
"Key": "aws:cloudformation:stack-id",
"Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-VPCStack-343HLM475QMN/48612860-11f5-11ed-b9ff-0a0c71e6a93f"
},
{
"Key": "LaunchWizardResourceGroupID",
"Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
},
{
"Key": "SourceTemplate",
"Value": "AWSLaunchWizard"
}
],
"SubnetArn": "arn:aws:ec2:us-east-1:<AWSアカウントID>:subnet/subnet-0c5d66ec1307e28fc",
"EnableDns64": false,
"Ipv6Native": false,
"PrivateDnsNameOptionsOnLaunch": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": false,
"EnableResourceNameDnsAAAARecord": false
}
},
{
"AvailabilityZone": "us-east-1a",
"AvailabilityZoneId": "use1-az6",
"AvailableIpAddressCount": 4090,
"CidrBlock": "10.0.128.0/20",
"DefaultForAz": false,
"MapPublicIpOnLaunch": true,
"MapCustomerOwnedIpOnLaunch": false,
"State": "available",
"SubnetId": "subnet-0ab094df0b881a9d7",
"VpcId": "vpc-0026585a9c8fcb68b",
"OwnerId": "<AWSアカウントID>",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"Tags": [
{
"Key": "LaunchWizardApplicationType",
"Value": "SQL_SERVER"
},
{
"Key": "aws:cloudformation:stack-id",
"Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-VPCStack-343HLM475QMN/48612860-11f5-11ed-b9ff-0a0c71e6a93f"
},
{
"Key": "aws:cloudformation:logical-id",
"Value": "PublicSubnet1"
},
{
"Key": "aws:cloudformation:stack-name",
"Value": "LaunchWizard-FCI-VPCStack-343HLM475QMN"
},
{
"Key": "SourceTemplate",
"Value": "AWSLaunchWizard"
},
{
"Key": "Name",
"Value": "Public subnet 1"
},
{
"Key": "LaunchWizardResourceGroupID",
"Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
}
],
"SubnetArn": "arn:aws:ec2:us-east-1:<AWSアカウントID>:subnet/subnet-0ab094df0b881a9d7",
"EnableDns64": false,
"Ipv6Native": false,
"PrivateDnsNameOptionsOnLaunch": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": false,
"EnableResourceNameDnsAAAARecord": false
}
},
{
"AvailabilityZone": "us-east-1b",
"AvailabilityZoneId": "use1-az1",
"AvailableIpAddressCount": 4085,
"CidrBlock": "10.0.16.0/20",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"MapCustomerOwnedIpOnLaunch": false,
"State": "available",
"SubnetId": "subnet-0295427b95b9c2831",
"VpcId": "vpc-0026585a9c8fcb68b",
"OwnerId": "<AWSアカウントID>",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"Tags": [
{
"Key": "Name",
"Value": "Private subnet 2"
},
{
"Key": "aws:cloudformation:stack-id",
"Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-VPCStack-343HLM475QMN/48612860-11f5-11ed-b9ff-0a0c71e6a93f"
},
{
"Key": "LaunchWizardApplicationType",
"Value": "SQL_SERVER"
},
{
"Key": "aws:cloudformation:logical-id",
"Value": "PrivateSubnet2"
},
{
"Key": "aws:cloudformation:stack-name",
"Value": "LaunchWizard-FCI-VPCStack-343HLM475QMN"
},
{
"Key": "SourceTemplate",
"Value": "AWSLaunchWizard"
},
{
"Key": "LaunchWizardResourceGroupID",
"Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
}
],
"SubnetArn": "arn:aws:ec2:us-east-1:<AWSアカウントID>:subnet/subnet-0295427b95b9c2831",
"EnableDns64": false,
"Ipv6Native": false,
"PrivateDnsNameOptionsOnLaunch": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": false,
"EnableResourceNameDnsAAAARecord": false
}
}
]
}
1つのパブリックサブネットと2つのプライベートサブネットが作成されていました。
Route Table
ルートテーブルの確認をします。
長過ぎたので折りたたみます。
Route Table (折りたたみ)
$ aws ec2 describe-route-tables \
--filters Name=vpc-id,Values="$vpc_id"
{
"RouteTables": [
{
"Associations": [
{
"Main": false,
"RouteTableAssociationId": "rtbassoc-0e16a6a7c4009801c",
"RouteTableId": "rtb-0d2a1d1762e52e2d9",
"SubnetId": "subnet-0ab094df0b881a9d7",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-0d2a1d1762e52e2d9",
"Routes": [
{
"DestinationCidrBlock": "10.0.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": "igw-08f2b1ebb6a28f7b9",
"Origin": "CreateRoute",
"State": "active"
}
],
"Tags": [
{
"Key": "LaunchWizardApplicationType",
"Value": "SQL_SERVER"
},
{
"Key": "aws:cloudformation:stack-id",
"Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-VPCStack-343HLM475QMN/48612860-11f5-11ed-b9ff-0a0c71e6a93f"
},
{
"Key": "aws:cloudformation:logical-id",
"Value": "PublicSubnetRouteTable"
},
{
"Key": "Name",
"Value": "Public Subnets"
},
{
"Key": "LaunchWizardResourceGroupID",
"Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
},
{
"Key": "Network",
"Value": "Public"
},
{
"Key": "aws:cloudformation:stack-name",
"Value": "LaunchWizard-FCI-VPCStack-343HLM475QMN"
},
{
"Key": "SourceTemplate",
"Value": "AWSLaunchWizard"
}
],
"VpcId": "vpc-0026585a9c8fcb68b",
"OwnerId": "<AWSアカウントID>"
},
{
"Associations": [
{
"Main": false,
"RouteTableAssociationId": "rtbassoc-0be3430bd40aeb726",
"RouteTableId": "rtb-0addf80e74e9feeb4",
"SubnetId": "subnet-0295427b95b9c2831",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-0addf80e74e9feeb4",
"Routes": [
{
"DestinationCidrBlock": "198.19.255.122/32",
"InstanceOwnerId": "292200246037",
"NetworkInterfaceId": "eni-002e2f11517086ffe",
"Origin": "CreateRoute",
"State": "active"
},
{
"DestinationCidrBlock": "198.19.255.243/32",
"InstanceOwnerId": "292200246037",
"NetworkInterfaceId": "eni-002e2f11517086ffe",
"Origin": "CreateRoute",
"State": "active"
},
{
"DestinationCidrBlock": "10.0.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": "nat-0bee2e42c06780463",
"Origin": "CreateRoute",
"State": "active"
}
],
"Tags": [
{
"Key": "AmazonFSx",
"Value": "ManagedByAmazonFSx"
},
{
"Key": "LaunchWizardApplicationType",
"Value": "SQL_SERVER"
},
{
"Key": "LaunchWizardResourceGroupID",
"Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
},
{
"Key": "Name",
"Value": "Private subnet 2"
},
{
"Key": "aws:cloudformation:logical-id",
"Value": "PrivateSubnet2RouteTable"
},
{
"Key": "Network",
"Value": "Private"
},
{
"Key": "aws:cloudformation:stack-name",
"Value": "LaunchWizard-FCI-VPCStack-343HLM475QMN"
},
{
"Key": "SourceTemplate",
"Value": "AWSLaunchWizard"
},
{
"Key": "aws:cloudformation:stack-id",
"Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-VPCStack-343HLM475QMN/48612860-11f5-11ed-b9ff-0a0c71e6a93f"
}
],
"VpcId": "vpc-0026585a9c8fcb68b",
"OwnerId": "<AWSアカウントID>"
},
{
"Associations": [
{
"Main": true,
"RouteTableAssociationId": "rtbassoc-0531a1af82b30bdf4",
"RouteTableId": "rtb-087120833d909da7f",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-087120833d909da7f",
"Routes": [
{
"DestinationCidrBlock": "10.0.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
}
],
"Tags": [],
"VpcId": "vpc-0026585a9c8fcb68b",
"OwnerId": "<AWSアカウントID>"
},
{
"Associations": [
{
"Main": false,
"RouteTableAssociationId": "rtbassoc-0d732eaed5fe873a1",
"RouteTableId": "rtb-0e4987a1c063dce77",
"SubnetId": "subnet-0c5d66ec1307e28fc",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-0e4987a1c063dce77",
"Routes": [
{
"DestinationCidrBlock": "198.19.255.122/32",
"InstanceOwnerId": "292200246037",
"NetworkInterfaceId": "eni-002e2f11517086ffe",
"Origin": "CreateRoute",
"State": "active"
},
{
"DestinationCidrBlock": "198.19.255.243/32",
"InstanceOwnerId": "292200246037",
"NetworkInterfaceId": "eni-002e2f11517086ffe",
"Origin": "CreateRoute",
"State": "active"
},
{
"DestinationCidrBlock": "10.0.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": "nat-0bee2e42c06780463",
"Origin": "CreateRoute",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "Private subnet 1"
},
{
"Key": "AmazonFSx",
"Value": "ManagedByAmazonFSx"
},
{
"Key": "aws:cloudformation:stack-id",
"Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-VPCStack-343HLM475QMN/48612860-11f5-11ed-b9ff-0a0c71e6a93f"
},
{
"Key": "aws:cloudformation:logical-id",
"Value": "PrivateSubnet1RouteTable"
},
{
"Key": "Network",
"Value": "Private"
},
{
"Key": "aws:cloudformation:stack-name",
"Value": "LaunchWizard-FCI-VPCStack-343HLM475QMN"
},
{
"Key": "SourceTemplate",
"Value": "AWSLaunchWizard"
},
{
"Key": "LaunchWizardApplicationType",
"Value": "SQL_SERVER"
},
{
"Key": "LaunchWizardResourceGroupID",
"Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
}
],
"VpcId": "vpc-0026585a9c8fcb68b",
"OwnerId": "<AWSアカウントID>"
}
]
}
FSx for ONTAPがMulti-AZでデプロイされているので、フローティングIPアドレスの198.19.255.122/32と198.19.255.243/32へのルートがプライベートサブネット用のルートテーブルに設定されています。
FSx for ONTAPのフローティングIPアドレスの詳細は以下記事をご覧ください。
NAT Gateway
NAT Gatewayの確認をします。
$ aws ec2 describe-nat-gateways \
--filter Name=vpc-id,Values="$vpc_id"
{
"NatGateways": [
{
"CreateTime": "2022-08-01T23:55:43+00:00",
"NatGatewayAddresses": [
{
"AllocationId": "eipalloc-0aaba9137c9515749",
"NetworkInterfaceId": "eni-02fb16669c36b88dc",
"PrivateIp": "10.0.129.213",
"PublicIp": "35.175.79.97"
}
],
"NatGatewayId": "nat-0bee2e42c06780463",
"State": "available",
"SubnetId": "subnet-0ab094df0b881a9d7",
"VpcId": "vpc-0026585a9c8fcb68b",
"Tags": [
{
"Key": "aws:cloudformation:stack-name",
"Value": "LaunchWizard-FCI-VPCStack-343HLM475QMN"
},
{
"Key": "SourceTemplate",
"Value": "AWSLaunchWizard"
},
{
"Key": "aws:cloudformation:logical-id",
"Value": "NATGateway"
},
{
"Key": "aws:cloudformation:stack-id",
"Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-VPCStack-343HLM475QMN/48612860-11f5-11ed-b9ff-0a0c71e6a93f"
},
{
"Key": "LaunchWizardApplicationType",
"Value": "SQL_SERVER"
},
{
"Key": "LaunchWizardResourceGroupID",
"Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
}
],
"ConnectivityType": "public"
}
]
}
NAT Gatewayは一つだけのようですね。
Network ACL
Network ACLの確認をします。
$ aws ec2 describe-network-acls \
--filters Name=vpc-id,Values="$vpc_id"
{
"NetworkAcls": [
{
"Associations": [
{
"NetworkAclAssociationId": "aclassoc-0f5a669ca68114468",
"NetworkAclId": "acl-08a3ec67869c0c6ea",
"SubnetId": "subnet-0ab094df0b881a9d7"
},
{
"NetworkAclAssociationId": "aclassoc-08ad047dcf75f5c33",
"NetworkAclId": "acl-08a3ec67869c0c6ea",
"SubnetId": "subnet-0295427b95b9c2831"
},
{
"NetworkAclAssociationId": "aclassoc-04243d929bbb93d75",
"NetworkAclId": "acl-08a3ec67869c0c6ea",
"SubnetId": "subnet-0c5d66ec1307e28fc"
}
],
"Entries": [
{
"CidrBlock": "0.0.0.0/0",
"Egress": true,
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": 100
},
{
"CidrBlock": "0.0.0.0/0",
"Egress": true,
"Protocol": "-1",
"RuleAction": "deny",
"RuleNumber": 32767
},
{
"CidrBlock": "0.0.0.0/0",
"Egress": false,
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": 100
},
{
"CidrBlock": "0.0.0.0/0",
"Egress": false,
"Protocol": "-1",
"RuleAction": "deny",
"RuleNumber": 32767
}
],
"IsDefault": true,
"NetworkAclId": "acl-08a3ec67869c0c6ea",
"Tags": [],
"VpcId": "vpc-0026585a9c8fcb68b",
"OwnerId": "<AWSアカウントID>"
}
]
}
デフォルトのエントリしかないですね。
Security Group
セキュリティグループの確認をします。
長過ぎたので折りたたみます。
Security Group (折りたたみ)
$ aws ec2 describe-security-groups \
--filters Name=vpc-id,Values="$vpc_id"
{
"SecurityGroups": [
{
"Description": "AWS created security group for d-9067b20bbb directory controllers",
"GroupName": "d-9067b20bbb_controllers",
"IpPermissions": [
{
"FromPort": 138,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 138,
"UserIdGroupPairs": []
},
{
"FromPort": 445,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 445,
"UserIdGroupPairs": []
},
{
"FromPort": 464,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 464,
"UserIdGroupPairs": []
},
{
"FromPort": 464,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 464,
"UserIdGroupPairs": []
},
{
"FromPort": 389,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 389,
"UserIdGroupPairs": []
},
{
"FromPort": 53,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 53,
"UserIdGroupPairs": []
},
{
"FromPort": 389,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 389,
"UserIdGroupPairs": []
},
{
"FromPort": -1,
"IpProtocol": "icmp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": -1,
"UserIdGroupPairs": []
},
{
"FromPort": 445,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 445,
"UserIdGroupPairs": []
},
{
"FromPort": 123,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 123,
"UserIdGroupPairs": []
},
{
"FromPort": 88,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 88,
"UserIdGroupPairs": []
},
{
"FromPort": 3268,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 3269,
"UserIdGroupPairs": []
},
{
"FromPort": 1024,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 65535,
"UserIdGroupPairs": []
},
{
"IpProtocol": "-1",
"IpRanges": [],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": [
{
"GroupId": "sg-0be8d48e27b84bec5",
"UserId": "<AWSアカウントID>"
}
]
},
{
"FromPort": 135,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 135,
"UserIdGroupPairs": []
},
{
"FromPort": 636,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 636,
"UserIdGroupPairs": []
},
{
"FromPort": 53,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 53,
"UserIdGroupPairs": []
},
{
"FromPort": 88,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 88,
"UserIdGroupPairs": []
}
],
"OwnerId": "<AWSアカウントID>",
"GroupId": "sg-0be8d48e27b84bec5",
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": [
{
"GroupId": "sg-0be8d48e27b84bec5",
"UserId": "<AWSアカウントID>"
}
]
}
],
"VpcId": "vpc-0026585a9c8fcb68b"
},
{
"Description": "default VPC security group",
"GroupName": "default",
"IpPermissions": [
{
"IpProtocol": "-1",
"IpRanges": [],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": [
{
"GroupId": "sg-037672e4889ecde77",
"UserId": "<AWSアカウントID>"
}
]
}
],
"OwnerId": "<AWSアカウントID>",
"GroupId": "sg-037672e4889ecde77",
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": []
}
],
"VpcId": "vpc-0026585a9c8fcb68b"
},
{
"Description": "Domain Members",
"GroupName": "LaunchWizard-FCI-DomainMemberSG-1DZJHDJ2EMHI8",
"IpPermissions": [
{
"FromPort": 49152,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/20"
},
{
"CidrIp": "10.0.16.0/20"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 65535,
"UserIdGroupPairs": []
},
{
"FromPort": 49152,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.16.0/20"
},
{
"CidrIp": "10.0.0.0/20"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 65535,
"UserIdGroupPairs": []
},
{
"FromPort": 53,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/20"
},
{
"CidrIp": "10.0.16.0/20"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 53,
"UserIdGroupPairs": []
},
{
"FromPort": 53,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/20"
},
{
"CidrIp": "10.0.16.0/20"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 53,
"UserIdGroupPairs": []
},
{
"FromPort": 3389,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.128.0/20"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 3389,
"UserIdGroupPairs": []
},
{
"FromPort": 5985,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/20"
},
{
"CidrIp": "10.0.16.0/20"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 5985,
"UserIdGroupPairs": []
}
],
"OwnerId": "<AWSアカウントID>",
"GroupId": "sg-0663eab51822ea215",
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": []
}
],
"Tags": [
{
"Key": "LaunchWizardApplicationType",
"Value": "SQL_SERVER"
},
{
"Key": "LaunchWizardResourceGroupID",
"Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
},
{
"Key": "SourceTemplate",
"Value": "AWSLaunchWizard"
},
{
"Key": "aws:cloudformation:logical-id",
"Value": "DomainMemberSG"
},
{
"Key": "aws:cloudformation:stack-id",
"Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI/42bc4d90-11f5-11ed-ab07-12e318d2f413"
},
{
"Key": "aws:cloudformation:stack-name",
"Value": "LaunchWizard-FCI"
}
],
"VpcId": "vpc-0026585a9c8fcb68b"
},
{
"Description": "Allow access to the Workload instances",
"GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-WorkloadSecurityGroup-1MVLVWDH2MJ4E",
"IpPermissions": [
{
"FromPort": 464,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "10.0.5.1/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 464,
"UserIdGroupPairs": []
},
{
"FromPort": 464,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.5.1/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 464,
"UserIdGroupPairs": []
},
{
"FromPort": 49152,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.5.1/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 65535,
"UserIdGroupPairs": []
},
{
"FromPort": 53,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "10.0.5.1/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 53,
"UserIdGroupPairs": []
},
{
"FromPort": 389,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "10.0.5.1/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 389,
"UserIdGroupPairs": []
},
{
"FromPort": 389,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.5.1/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 389,
"UserIdGroupPairs": []
},
{
"FromPort": 123,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "10.0.5.1/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 123,
"UserIdGroupPairs": []
},
{
"FromPort": 445,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.5.1/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 445,
"UserIdGroupPairs": []
},
{
"FromPort": 9389,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.5.1/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 9389,
"UserIdGroupPairs": []
},
{
"FromPort": 5985,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.5.1/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 5985,
"UserIdGroupPairs": []
},
{
"FromPort": 88,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.5.1/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 88,
"UserIdGroupPairs": []
},
{
"FromPort": 3268,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.5.1/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 3269,
"UserIdGroupPairs": []
},
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": []
},
{
"FromPort": 135,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.5.1/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 135,
"UserIdGroupPairs": []
},
{
"FromPort": 636,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.5.1/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 636,
"UserIdGroupPairs": []
},
{
"FromPort": 53,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.5.1/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 53,
"UserIdGroupPairs": []
},
{
"FromPort": 88,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "10.0.5.1/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 88,
"UserIdGroupPairs": []
}
],
"OwnerId": "<AWSアカウントID>",
"GroupId": "sg-08ed0f378bd607afd",
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": []
}
],
"Tags": [
{
"Key": "LaunchWizardApplicationType",
"Value": "SQL_SERVER"
},
{
"Key": "LaunchWizardResourceGroupID",
"Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
},
{
"Key": "SourceTemplate",
"Value": "AWSLaunchWizard"
},
{
"Key": "aws:cloudformation:logical-id",
"Value": "WorkloadSecurityGroup"
},
{
"Key": "aws:cloudformation:stack-name",
"Value": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L"
},
{
"Key": "aws:cloudformation:stack-id",
"Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L/71df7700-11fa-11ed-a605-0a33f5a9182b"
}
],
"VpcId": "vpc-0026585a9c8fcb68b"
},
{
"Description": "Allow access to the Workload instances",
"GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-ONTAPSecurityGroup-1HFXYPO5I6G0M",
"IpPermissions": [
{
"FromPort": 135,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 135,
"UserIdGroupPairs": []
},
{
"FromPort": 4045,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 4045,
"UserIdGroupPairs": []
},
{
"FromPort": 3260,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 3260,
"UserIdGroupPairs": []
},
{
"FromPort": 11105,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 11105,
"UserIdGroupPairs": []
},
{
"FromPort": 4046,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 4046,
"UserIdGroupPairs": []
},
{
"FromPort": -1,
"IpProtocol": "icmp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": -1,
"UserIdGroupPairs": []
},
{
"FromPort": 4049,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 4049,
"UserIdGroupPairs": []
},
{
"FromPort": 2049,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 2049,
"UserIdGroupPairs": []
},
{
"FromPort": 635,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 635,
"UserIdGroupPairs": []
},
{
"FromPort": 635,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 635,
"UserIdGroupPairs": []
},
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": []
},
{
"FromPort": 11104,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 11104,
"UserIdGroupPairs": []
},
{
"FromPort": 139,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 139,
"UserIdGroupPairs": []
},
{
"FromPort": 139,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 139,
"UserIdGroupPairs": []
},
{
"FromPort": 135,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 135,
"UserIdGroupPairs": []
},
{
"FromPort": 749,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 749,
"UserIdGroupPairs": []
},
{
"FromPort": 443,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 443,
"UserIdGroupPairs": []
},
{
"FromPort": 161,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 162,
"UserIdGroupPairs": []
},
{
"FromPort": 4046,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 4046,
"UserIdGroupPairs": []
},
{
"FromPort": 4045,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 4045,
"UserIdGroupPairs": []
},
{
"FromPort": 161,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 162,
"UserIdGroupPairs": []
},
{
"FromPort": 137,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 137,
"UserIdGroupPairs": []
},
{
"FromPort": 22,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 22,
"UserIdGroupPairs": []
},
{
"FromPort": 10000,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 10000,
"UserIdGroupPairs": []
},
{
"FromPort": 2049,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 2049,
"UserIdGroupPairs": []
},
{
"FromPort": 111,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 111,
"UserIdGroupPairs": []
},
{
"FromPort": 111,
"IpProtocol": "udp",
"IpRanges": [
{
"CidrIp": "10.0.0.0/16"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 111,
"UserIdGroupPairs": []
}
],
"OwnerId": "<AWSアカウントID>",
"GroupId": "sg-05fc73637d21895ea",
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": []
}
],
"Tags": [
{
"Key": "aws:cloudformation:stack-name",
"Value": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L"
},
{
"Key": "LaunchWizardResourceGroupID",
"Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
},
{
"Key": "aws:cloudformation:stack-id",
"Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L/71df7700-11fa-11ed-a605-0a33f5a9182b"
},
{
"Key": "LaunchWizardApplicationType",
"Value": "SQL_SERVER"
},
{
"Key": "aws:cloudformation:logical-id",
"Value": "ONTAPSecurityGroup"
},
{
"Key": "SourceTemplate",
"Value": "AWSLaunchWizard"
}
],
"VpcId": "vpc-0026585a9c8fcb68b"
}
]
}
以下5つのセキュリティグループが作成されていました。
- VPCのデフォルトのセキュリティグループ
- Managed Microsoft AD用のセキュリティグループ
- Managed Microsoft ADのメンバー用のセキュリティグループ
- SQL Server用のセキュリティグループ
- FSx for ONTAP用のセキュリティグループ
Secrets Manager
Secrets Managerの確認をします。
$ aws secretsmanager list-secrets
{
"SecretList": [
{
"ARN": "arn:aws:secretsmanager:us-east-1:<AWSアカウントID>:secret:LaunchWizard-FCI-SQLServiceAccount-8Asppf",
"Name": "LaunchWizard-FCI-SQLServiceAccount",
"Description": "Secure string with name LaunchWizard-FCI-SQLServiceAccount",
"LastChangedDate": "2022-08-01T23:53:38.402000+00:00",
"Tags": [
{
"Key": "LaunchWizardResourceGroupID",
"Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
},
{
"Key": "LaunchWizardApplicationType",
"Value": "SQL_SERVER"
}
],
"SecretVersionsToStages": {
"e0558b6c-4112-4e12-8aaf-73d433771d8c": [
"AWSCURRENT"
]
},
"CreatedDate": "2022-08-01T23:53:38.266000+00:00"
},
{
"ARN": "arn:aws:secretsmanager:us-east-1:<AWSアカウントID>:secret:LaunchWizard-FCI-DomainAdmin-UDkgVM",
"Name": "LaunchWizard-FCI-DomainAdmin",
"Description": "Secure string with name LaunchWizard-FCI-DomainAdmin",
"LastChangedDate": "2022-08-01T23:53:38.540000+00:00",
"LastAccessedDate": "2022-08-01T00:00:00+00:00",
"Tags": [
{
"Key": "LaunchWizardResourceGroupID",
"Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
},
{
"Key": "LaunchWizardApplicationType",
"Value": "SQL_SERVER"
}
],
"SecretVersionsToStages": {
"c1500b20-c486-4c1e-981c-94324e2a21da": [
"AWSCURRENT"
]
},
"CreatedDate": "2022-08-01T23:53:38.428000+00:00"
},
{
"ARN": "arn:aws:secretsmanager:us-east-1:<AWSアカウントID>:secret:LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-fsxadmin-tRUbem",
"Name": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-fsxadmin",
"Description": "Administrator Password for AD",
"LastChangedDate": "2022-08-02T00:31:46.929000+00:00",
"LastAccessedDate": "2022-08-02T00:00:00+00:00",
"Tags": [
{
"Key": "aws:cloudformation:stack-name",
"Value": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L"
},
{
"Key": "aws:cloudformation:stack-id",
"Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L/71df7700-11fa-11ed-a605-0a33f5a9182b"
},
{
"Key": "LaunchWizardResourceGroupID",
"Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
},
{
"Key": "LaunchWizardApplicationType",
"Value": "SQL_SERVER"
},
{
"Key": "SourceTemplate",
"Value": "AWSLaunchWizard"
},
{
"Key": "aws:cloudformation:logical-id",
"Value": "FSXAdmin"
}
],
"SecretVersionsToStages": {
"ee20e8b9-119c-49c7-8c63-6e7cbace6b51": [
"AWSCURRENT"
]
},
"CreatedDate": "2022-08-02T00:31:40.695000+00:00"
}
]
}
以下の3つシークレットが作成されています。
- SQL Server用
- ドメインのAdminユーザー用
- FSx for ONTAPファイルサーバー用
各シークレットのポリシーは以下の通りです。
$ aws secretsmanager list-secrets \
--query 'SecretList[].[ARN]' \
--output text \
| while read secret_id; do
aws secretsmanager get-resource-policy \
--secret-id "$secret_id"
done
{
"ARN": "arn:aws:secretsmanager:us-east-1:<AWSアカウントID>:secret:LaunchWizard-FCI-SQLServiceAccount-8Asppf",
"Name": "LaunchWizard-FCI-SQLServiceAccount",
"ResourcePolicy": "{\n \"Version\" : \"2012-10-17\",\n \"Statement\" : [ {\n \"Effect\" : \"Allow\",\n \"Principal\" : {\n \"AWS\" : \"arn:aws:iam::<AWSアカウントID>:role/service-role/AmazonEC2RoleForLaunchWizard\"\n },\n \"Action\" : [ \"secretsmanager:GetSecretValue\", \"secretsmanager:CreateSecret\", \"secretsmanager:GetRandomPassword\" ],\n \"Resource\" : \"*\"\n } ]\n}"
}
{
"ARN": "arn:aws:secretsmanager:us-east-1:<AWSアカウントID>:secret:LaunchWizard-FCI-DomainAdmin-UDkgVM",
"Name": "LaunchWizard-FCI-DomainAdmin",
"ResourcePolicy": "{\n \"Version\" : \"2012-10-17\",\n \"Statement\" : [ {\n \"Effect\" : \"Allow\",\n \"Principal\" : {\n \"AWS\" : \"arn:aws:iam::<AWSアカウントID>:role/service-role/AmazonEC2RoleForLaunchWizard\"\n },\n \"Action\" : [ \"secretsmanager:GetSecretValue\", \"secretsmanager:CreateSecret\", \"secretsmanager:GetRandomPassword\" ],\n \"Resource\" : \"*\"\n } ]\n}"
}
{
"ARN": "arn:aws:secretsmanager:us-east-1:<AWSアカウントID>:secret:LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-fsxadmin-tRUbem",
"Name": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-fsxadmin",
"ResourcePolicy": "{\n \"Version\" : \"2012-10-17\",\n \"Statement\" : [ {\n \"Effect\" : \"Allow\",\n \"Principal\" : {\n \"AWS\" : \"arn:aws:iam::<AWSアカウントID>:role/service-role/AmazonEC2RoleForLaunchWizard\"\n },\n \"Action\" : [ \"secretsmanager:GetSecretValue\", \"secretsmanager:CreateSecret\", \"secretsmanager:GetRandomPassword\" ],\n \"Resource\" : \"*\"\n } ]\n}"
}
IAMロールAmazonEC2RoleForLaunchWizardからであればシークレットの取得ができるようです。
EC2インスタンス
EC2インスタンスの確認をします。
長過ぎたので折りたたみます。
EC2インスタンス (折りたたみ)
$ aws ec2 describe-instances \
--filters Name=vpc-id,Values="$vpc_id"
{
"Reservations": [
{
"Groups": [],
"Instances": [
{
"AmiLaunchIndex": 0,
"ImageId": "ami-098ff43402367aedd",
"InstanceId": "i-0491369ded364f11d",
"InstanceType": "c6a.xlarge",
"KeyName": "<キーペア名>",
"LaunchTime": "2022-08-02T01:06:55+00:00",
"Monitoring": {
"State": "disabled"
},
"Placement": {
"AvailabilityZone": "us-east-1b",
"GroupName": "",
"Tenancy": "default"
},
"Platform": "windows",
"PrivateDnsName": "ip-10-0-28-119.ec2.internal",
"PrivateIpAddress": "10.0.28.119",
"ProductCodes": [],
"PublicDnsName": "",
"State": {
"Code": 16,
"Name": "running"
},
"StateTransitionReason": "",
"SubnetId": "subnet-0295427b95b9c2831",
"VpcId": "vpc-0026585a9c8fcb68b",
"Architecture": "x86_64",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"AttachTime": "2022-08-02T01:06:55+00:00",
"DeleteOnTermination": true,
"Status": "attached",
"VolumeId": "vol-07a2a69f8f9875a1c"
}
}
],
"ClientToken": "Launc-SqlFS-1L0PGXULXQ9GQ",
"EbsOptimized": false,
"EnaSupport": true,
"Hypervisor": "xen",
"IamInstanceProfile": {
"Arn": "arn:aws:iam::<AWSアカウントID>:instance-profile/LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-LaunchWizardSqlFSxProfile-CMCoWiMGLsWh",
"Id": "AIPA6KUFAVPURVYIUWMMA"
},
"NetworkInterfaces": [
{
"Attachment": {
"AttachTime": "2022-08-02T01:06:55+00:00",
"AttachmentId": "eni-attach-0110ac5164f0a8ddb",
"DeleteOnTermination": false,
"DeviceIndex": 0,
"Status": "attached",
"NetworkCardIndex": 0
},
"Description": "",
"Groups": [
{
"GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-WorkloadSecurityGroup-1MVLVWDH2MJ4E",
"GroupId": "sg-08ed0f378bd607afd"
},
{
"GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-ONTAPSecurityGroup-1HFXYPO5I6G0M",
"GroupId": "sg-05fc73637d21895ea"
}
],
"Ipv6Addresses": [],
"MacAddress": "02:f1:48:45:74:43",
"NetworkInterfaceId": "eni-068c3dd415558a96e",
"OwnerId": "<AWSアカウントID>",
"PrivateDnsName": "ip-10-0-28-119.ec2.internal",
"PrivateIpAddress": "10.0.28.119",
"PrivateIpAddresses": [
{
"Primary": true,
"PrivateDnsName": "ip-10-0-28-119.ec2.internal",
"PrivateIpAddress": "10.0.28.119"
},
{
"Primary": false,
"PrivateDnsName": "ip-10-0-30-89.ec2.internal",
"PrivateIpAddress": "10.0.30.89"
},
{
"Primary": false,
"PrivateDnsName": "ip-10-0-19-202.ec2.internal",
"PrivateIpAddress": "10.0.19.202"
}
],
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "subnet-0295427b95b9c2831",
"VpcId": "vpc-0026585a9c8fcb68b",
"InterfaceType": "interface"
}
],
"RootDeviceName": "/dev/sda1",
"RootDeviceType": "ebs",
"SecurityGroups": [
{
"GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-WorkloadSecurityGroup-1MVLVWDH2MJ4E",
"GroupId": "sg-08ed0f378bd607afd"
},
{
"GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-ONTAPSecurityGroup-1HFXYPO5I6G0M",
"GroupId": "sg-05fc73637d21895ea"
}
],
"SourceDestCheck": true,
"Tags": [
{
"Key": "FCIName",
"Value": "FCIsbC8sKn4EGPM"
},
{
"Key": "SourceTemplate",
"Value": "AWSLaunchWizard"
},
{
"Key": "aws:cloudformation:logical-id",
"Value": "SqlFSxInstanceMAD2"
},
{
"Key": "LaunchWizardApplicationType",
"Value": "SQL_SERVER"
},
{
"Key": "aws:cloudformation:stack-name",
"Value": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L"
},
{
"Key": "aws:cloudformation:stack-id",
"Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L/71df7700-11fa-11ed-a605-0a33f5a9182b"
},
{
"Key": "Name",
"Value": "FCIVAmSWhwgL9V1"
},
{
"Key": "FCIRole",
"Value": "Secondary"
},
{
"Key": "LaunchWizardResourceGroupID",
"Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
}
],
"VirtualizationType": "hvm",
"CpuOptions": {
"CoreCount": 2,
"ThreadsPerCore": 2
},
"CapacityReservationSpecification": {
"CapacityReservationPreference": "open"
},
"HibernationOptions": {
"Configured": false
},
"MetadataOptions": {
"State": "applied",
"HttpTokens": "optional",
"HttpPutResponseHopLimit": 1,
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "disabled",
"InstanceMetadataTags": "disabled"
},
"EnclaveOptions": {
"Enabled": false
},
"PlatformDetails": "Windows with SQL Server Standard",
"UsageOperation": "RunInstances:0006",
"UsageOperationUpdateTime": "2022-08-02T01:06:55+00:00",
"PrivateDnsNameOptions": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": false,
"EnableResourceNameDnsAAAARecord": false
},
"MaintenanceOptions": {
"AutoRecovery": "default"
}
}
],
"OwnerId": "<AWSアカウントID>",
"RequesterId": "043234062703",
"ReservationId": "r-02d6cd70a73ced814"
},
{
"Groups": [],
"Instances": [
{
"AmiLaunchIndex": 0,
"ImageId": "ami-098ff43402367aedd",
"InstanceId": "i-00afa45a1823f9f38",
"InstanceType": "c6a.xlarge",
"KeyName": "<キーペア名>",
"LaunchTime": "2022-08-02T01:06:57+00:00",
"Monitoring": {
"State": "disabled"
},
"Placement": {
"AvailabilityZone": "us-east-1a",
"GroupName": "",
"Tenancy": "default"
},
"Platform": "windows",
"PrivateDnsName": "ip-10-0-1-211.ec2.internal",
"PrivateIpAddress": "10.0.1.211",
"ProductCodes": [],
"PublicDnsName": "",
"State": {
"Code": 16,
"Name": "running"
},
"StateTransitionReason": "",
"SubnetId": "subnet-0c5d66ec1307e28fc",
"VpcId": "vpc-0026585a9c8fcb68b",
"Architecture": "x86_64",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"AttachTime": "2022-08-02T01:06:57+00:00",
"DeleteOnTermination": true,
"Status": "attached",
"VolumeId": "vol-072bdc83a5cea8168"
}
}
],
"ClientToken": "Launc-SqlFS-MR9P9VX263WQ",
"EbsOptimized": false,
"EnaSupport": true,
"Hypervisor": "xen",
"IamInstanceProfile": {
"Arn": "arn:aws:iam::<AWSアカウントID>:instance-profile/LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-LaunchWizardSqlFSxProfile-CMCoWiMGLsWh",
"Id": "AIPA6KUFAVPURVYIUWMMA"
},
"NetworkInterfaces": [
{
"Attachment": {
"AttachTime": "2022-08-02T01:06:57+00:00",
"AttachmentId": "eni-attach-08efd4b9ead5568f3",
"DeleteOnTermination": false,
"DeviceIndex": 0,
"Status": "attached",
"NetworkCardIndex": 0
},
"Description": "",
"Groups": [
{
"GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-WorkloadSecurityGroup-1MVLVWDH2MJ4E",
"GroupId": "sg-08ed0f378bd607afd"
},
{
"GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-ONTAPSecurityGroup-1HFXYPO5I6G0M",
"GroupId": "sg-05fc73637d21895ea"
}
],
"Ipv6Addresses": [],
"MacAddress": "0e:18:d6:76:8b:99",
"NetworkInterfaceId": "eni-01311aeda9a2351f1",
"OwnerId": "<AWSアカウントID>",
"PrivateDnsName": "ip-10-0-1-211.ec2.internal",
"PrivateIpAddress": "10.0.1.211",
"PrivateIpAddresses": [
{
"Primary": true,
"PrivateDnsName": "ip-10-0-1-211.ec2.internal",
"PrivateIpAddress": "10.0.1.211"
},
{
"Primary": false,
"PrivateDnsName": "ip-10-0-12-104.ec2.internal",
"PrivateIpAddress": "10.0.12.104"
},
{
"Primary": false,
"PrivateDnsName": "ip-10-0-15-79.ec2.internal",
"PrivateIpAddress": "10.0.15.79"
}
],
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "subnet-0c5d66ec1307e28fc",
"VpcId": "vpc-0026585a9c8fcb68b",
"InterfaceType": "interface"
}
],
"RootDeviceName": "/dev/sda1",
"RootDeviceType": "ebs",
"SecurityGroups": [
{
"GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-WorkloadSecurityGroup-1MVLVWDH2MJ4E",
"GroupId": "sg-08ed0f378bd607afd"
},
{
"GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-ONTAPSecurityGroup-1HFXYPO5I6G0M",
"GroupId": "sg-05fc73637d21895ea"
}
],
"SourceDestCheck": true,
"Tags": [
{
"Key": "Name",
"Value": "FCIV9arshUSNpXy"
},
{
"Key": "aws:cloudformation:stack-name",
"Value": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L"
},
{
"Key": "FCIName",
"Value": "FCIsbC8sKn4EGPM"
},
{
"Key": "FCIRole",
"Value": "Primary"
},
{
"Key": "LaunchWizardResourceGroupID",
"Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
},
{
"Key": "aws:cloudformation:stack-id",
"Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L/71df7700-11fa-11ed-a605-0a33f5a9182b"
},
{
"Key": "LaunchWizardApplicationType",
"Value": "SQL_SERVER"
},
{
"Key": "SourceTemplate",
"Value": "AWSLaunchWizard"
},
{
"Key": "aws:cloudformation:logical-id",
"Value": "SqlFSxInstanceMAD1"
}
],
"VirtualizationType": "hvm",
"CpuOptions": {
"CoreCount": 2,
"ThreadsPerCore": 2
},
"CapacityReservationSpecification": {
"CapacityReservationPreference": "open"
},
"HibernationOptions": {
"Configured": false
},
"MetadataOptions": {
"State": "applied",
"HttpTokens": "optional",
"HttpPutResponseHopLimit": 1,
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "disabled",
"InstanceMetadataTags": "disabled"
},
"EnclaveOptions": {
"Enabled": false
},
"PlatformDetails": "Windows with SQL Server Standard",
"UsageOperation": "RunInstances:0006",
"UsageOperationUpdateTime": "2022-08-02T01:06:57+00:00",
"PrivateDnsNameOptions": {
"HostnameType": "ip-name",
"EnableResourceNameDnsARecord": false,
"EnableResourceNameDnsAAAARecord": false
},
"MaintenanceOptions": {
"AutoRecovery": "default"
}
}
],
"OwnerId": "<AWSアカウントID>",
"RequesterId": "043234062703",
"ReservationId": "r-01b3945c0ab8cf908"
}
]
}
SQL Server用のEC2インスタンスが2台作成されています。
各EC2インスタンスには、WSFCのクラスターのコアリソース用IPアドレスとSQL Serverのリスナー用IPアドレスが割り当てられています。
ENI
ENIの確認をします。
ENI (折りたたみ)
$ aws ec2 describe-network-interfaces \
--filters Name=vpc-id,Values="$vpc_id"
{
"NetworkInterfaces": [
{
"Association": {
"AllocationId": "eipalloc-0aaba9137c9515749",
"AssociationId": "eipassoc-0fda087adcb81ee68",
"IpOwnerId": "<AWSアカウントID>",
"PublicDnsName": "ec2-35-175-79-97.compute-1.amazonaws.com",
"PublicIp": "35.175.79.97"
},
"Attachment": {
"AttachmentId": "ela-attach-0d48b5ef0bc2557b9",
"DeleteOnTermination": false,
"DeviceIndex": 1,
"InstanceOwnerId": "amazon-aws",
"Status": "attached"
},
"AvailabilityZone": "us-east-1a",
"Description": "Interface for NAT Gateway nat-0bee2e42c06780463",
"Groups": [],
"InterfaceType": "nat_gateway",
"Ipv6Addresses": [],
"MacAddress": "0e:85:ab:26:d8:d5",
"NetworkInterfaceId": "eni-02fb16669c36b88dc",
"OwnerId": "<AWSアカウントID>",
"PrivateDnsName": "ip-10-0-129-213.ec2.internal",
"PrivateIpAddress": "10.0.129.213",
"PrivateIpAddresses": [
{
"Association": {
"AllocationId": "eipalloc-0aaba9137c9515749",
"AssociationId": "eipassoc-0fda087adcb81ee68",
"IpOwnerId": "<AWSアカウントID>",
"PublicDnsName": "ec2-35-175-79-97.compute-1.amazonaws.com",
"PublicIp": "35.175.79.97"
},
"Primary": true,
"PrivateDnsName": "ip-10-0-129-213.ec2.internal",
"PrivateIpAddress": "10.0.129.213"
}
],
"RequesterId": "130541447523",
"RequesterManaged": true,
"SourceDestCheck": false,
"Status": "in-use",
"SubnetId": "subnet-0ab094df0b881a9d7",
"TagSet": [],
"VpcId": "vpc-0026585a9c8fcb68b"
},
{
"Attachment": {
"AttachTime": "2022-08-01T23:59:04+00:00",
"AttachmentId": "eni-attach-05f2ae028b67d2ca6",
"DeleteOnTermination": false,
"DeviceIndex": 1,
"NetworkCardIndex": 0,
"InstanceOwnerId": "803884302965",
"Status": "attached"
},
"AvailabilityZone": "us-east-1a",
"Description": "AWS created network interface for directory d-9067b20bbb",
"Groups": [
{
"GroupName": "d-9067b20bbb_controllers",
"GroupId": "sg-0be8d48e27b84bec5"
}
],
"InterfaceType": "interface",
"Ipv6Addresses": [],
"MacAddress": "0e:76:cc:b8:d2:0d",
"NetworkInterfaceId": "eni-070c1b613fd7da608",
"OwnerId": "<AWSアカウントID>",
"PrivateDnsName": "ip-10-0-5-1.ec2.internal",
"PrivateIpAddress": "10.0.5.1",
"PrivateIpAddresses": [
{
"Primary": true,
"PrivateDnsName": "ip-10-0-5-1.ec2.internal",
"PrivateIpAddress": "10.0.5.1"
}
],
"RequesterId": "803884302965",
"RequesterManaged": true,
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "subnet-0c5d66ec1307e28fc",
"TagSet": [],
"VpcId": "vpc-0026585a9c8fcb68b"
},
{
"Attachment": {
"AttachTime": "2022-08-02T01:06:57+00:00",
"AttachmentId": "eni-attach-08efd4b9ead5568f3",
"DeleteOnTermination": false,
"DeviceIndex": 0,
"NetworkCardIndex": 0,
"InstanceId": "i-00afa45a1823f9f38",
"InstanceOwnerId": "<AWSアカウントID>",
"Status": "attached"
},
"AvailabilityZone": "us-east-1a",
"Description": "",
"Groups": [
{
"GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-WorkloadSecurityGroup-1MVLVWDH2MJ4E",
"GroupId": "sg-08ed0f378bd607afd"
},
{
"GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-ONTAPSecurityGroup-1HFXYPO5I6G0M",
"GroupId": "sg-05fc73637d21895ea"
}
],
"InterfaceType": "interface",
"Ipv6Addresses": [],
"MacAddress": "0e:18:d6:76:8b:99",
"NetworkInterfaceId": "eni-01311aeda9a2351f1",
"OwnerId": "<AWSアカウントID>",
"PrivateDnsName": "ip-10-0-1-211.ec2.internal",
"PrivateIpAddress": "10.0.1.211",
"PrivateIpAddresses": [
{
"Primary": true,
"PrivateDnsName": "ip-10-0-1-211.ec2.internal",
"PrivateIpAddress": "10.0.1.211"
},
{
"Primary": false,
"PrivateDnsName": "ip-10-0-12-104.ec2.internal",
"PrivateIpAddress": "10.0.12.104"
},
{
"Primary": false,
"PrivateDnsName": "ip-10-0-15-79.ec2.internal",
"PrivateIpAddress": "10.0.15.79"
}
],
"RequesterId": "043234062703",
"RequesterManaged": false,
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "subnet-0c5d66ec1307e28fc",
"TagSet": [
{
"Key": "LaunchWizardResourceGroupID",
"Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
},
{
"Key": "SourceTemplate",
"Value": "AWSLaunchWizard"
},
{
"Key": "aws:cloudformation:logical-id",
"Value": "NetworkInterface1"
},
{
"Key": "Name",
"Value": "FCIV9arshUSNpXy"
},
{
"Key": "LaunchWizardApplicationType",
"Value": "SQL_SERVER"
},
{
"Key": "aws:cloudformation:stack-id",
"Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L/71df7700-11fa-11ed-a605-0a33f5a9182b"
},
{
"Key": "aws:cloudformation:stack-name",
"Value": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L"
}
],
"VpcId": "vpc-0026585a9c8fcb68b"
},
{
"Attachment": {
"AttachTime": "2022-08-02T00:45:10+00:00",
"AttachmentId": "eni-attach-04f20373f77aabf16",
"DeleteOnTermination": false,
"DeviceIndex": 3,
"NetworkCardIndex": 0,
"InstanceOwnerId": "292200246037",
"Status": "attached"
},
"AvailabilityZone": "us-east-1a",
"Description": "[Do not detach or untag] Amazon FSx network interface for fs-0b8f145a32d809221",
"Groups": [
{
"GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-ONTAPSecurityGroup-1HFXYPO5I6G0M",
"GroupId": "sg-05fc73637d21895ea"
}
],
"InterfaceType": "interface",
"Ipv6Addresses": [],
"MacAddress": "0e:33:63:45:df:07",
"NetworkInterfaceId": "eni-002e2f11517086ffe",
"OwnerId": "<AWSアカウントID>",
"PrivateDnsName": "ip-10-0-3-248.ec2.internal",
"PrivateIpAddress": "10.0.3.248",
"PrivateIpAddresses": [
{
"Primary": true,
"PrivateDnsName": "ip-10-0-3-248.ec2.internal",
"PrivateIpAddress": "10.0.3.248"
},
{
"Primary": false,
"PrivateDnsName": "ip-10-0-9-95.ec2.internal",
"PrivateIpAddress": "10.0.9.95"
},
{
"Primary": false,
"PrivateDnsName": "ip-10-0-1-243.ec2.internal",
"PrivateIpAddress": "10.0.1.243"
}
],
"RequesterId": "470192892696",
"RequesterManaged": false,
"SourceDestCheck": false,
"Status": "in-use",
"SubnetId": "subnet-0c5d66ec1307e28fc",
"TagSet": [
{
"Key": "AmazonFSx.FileSystemId",
"Value": "fs-0b8f145a32d809221"
}
],
"VpcId": "vpc-0026585a9c8fcb68b"
},
{
"Attachment": {
"AttachTime": "2022-08-02T00:45:11+00:00",
"AttachmentId": "eni-attach-00152b308f725c8a9",
"DeleteOnTermination": false,
"DeviceIndex": 3,
"NetworkCardIndex": 0,
"InstanceOwnerId": "292200246037",
"Status": "attached"
},
"AvailabilityZone": "us-east-1b",
"Description": "[Do not detach or untag] Amazon FSx network interface for fs-0b8f145a32d809221",
"Groups": [
{
"GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-ONTAPSecurityGroup-1HFXYPO5I6G0M",
"GroupId": "sg-05fc73637d21895ea"
}
],
"InterfaceType": "interface",
"Ipv6Addresses": [],
"MacAddress": "02:b5:0b:4c:dd:c3",
"NetworkInterfaceId": "eni-0a4ba65000f04ea41",
"OwnerId": "<AWSアカウントID>",
"PrivateDnsName": "ip-10-0-19-19.ec2.internal",
"PrivateIpAddress": "10.0.19.19",
"PrivateIpAddresses": [
{
"Primary": true,
"PrivateDnsName": "ip-10-0-19-19.ec2.internal",
"PrivateIpAddress": "10.0.19.19"
},
{
"Primary": false,
"PrivateDnsName": "ip-10-0-21-15.ec2.internal",
"PrivateIpAddress": "10.0.21.15"
},
{
"Primary": false,
"PrivateDnsName": "ip-10-0-19-34.ec2.internal",
"PrivateIpAddress": "10.0.19.34"
}
],
"RequesterId": "470192892696",
"RequesterManaged": false,
"SourceDestCheck": false,
"Status": "in-use",
"SubnetId": "subnet-0295427b95b9c2831",
"TagSet": [
{
"Key": "AmazonFSx.FileSystemId",
"Value": "fs-0b8f145a32d809221"
}
],
"VpcId": "vpc-0026585a9c8fcb68b"
},
{
"Attachment": {
"AttachTime": "2022-08-02T01:06:55+00:00",
"AttachmentId": "eni-attach-0110ac5164f0a8ddb",
"DeleteOnTermination": false,
"DeviceIndex": 0,
"NetworkCardIndex": 0,
"InstanceId": "i-0491369ded364f11d",
"InstanceOwnerId": "<AWSアカウントID>",
"Status": "attached"
},
"AvailabilityZone": "us-east-1b",
"Description": "",
"Groups": [
{
"GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-WorkloadSecurityGroup-1MVLVWDH2MJ4E",
"GroupId": "sg-08ed0f378bd607afd"
},
{
"GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-ONTAPSecurityGroup-1HFXYPO5I6G0M",
"GroupId": "sg-05fc73637d21895ea"
}
],
"InterfaceType": "interface",
"Ipv6Addresses": [],
"MacAddress": "02:f1:48:45:74:43",
"NetworkInterfaceId": "eni-068c3dd415558a96e",
"OwnerId": "<AWSアカウントID>",
"PrivateDnsName": "ip-10-0-28-119.ec2.internal",
"PrivateIpAddress": "10.0.28.119",
"PrivateIpAddresses": [
{
"Primary": true,
"PrivateDnsName": "ip-10-0-28-119.ec2.internal",
"PrivateIpAddress": "10.0.28.119"
},
{
"Primary": false,
"PrivateDnsName": "ip-10-0-30-89.ec2.internal",
"PrivateIpAddress": "10.0.30.89"
},
{
"Primary": false,
"PrivateDnsName": "ip-10-0-19-202.ec2.internal",
"PrivateIpAddress": "10.0.19.202"
}
],
"RequesterId": "043234062703",
"RequesterManaged": false,
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "subnet-0295427b95b9c2831",
"TagSet": [
{
"Key": "aws:cloudformation:stack-name",
"Value": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L"
},
{
"Key": "LaunchWizardApplicationType",
"Value": "SQL_SERVER"
},
{
"Key": "aws:cloudformation:logical-id",
"Value": "NetworkInterface2"
},
{
"Key": "SourceTemplate",
"Value": "AWSLaunchWizard"
},
{
"Key": "Name",
"Value": "FCIVAmSWhwgL9V1"
},
{
"Key": "LaunchWizardResourceGroupID",
"Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
},
{
"Key": "aws:cloudformation:stack-id",
"Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L/71df7700-11fa-11ed-a605-0a33f5a9182b"
}
],
"VpcId": "vpc-0026585a9c8fcb68b"
},
{
"Attachment": {
"AttachTime": "2022-08-01T23:59:06+00:00",
"AttachmentId": "eni-attach-0024053b7c9aff02d",
"DeleteOnTermination": false,
"DeviceIndex": 1,
"NetworkCardIndex": 0,
"InstanceOwnerId": "803884302965",
"Status": "attached"
},
"AvailabilityZone": "us-east-1b",
"Description": "AWS created network interface for directory d-9067b20bbb",
"Groups": [
{
"GroupName": "d-9067b20bbb_controllers",
"GroupId": "sg-0be8d48e27b84bec5"
}
],
"InterfaceType": "interface",
"Ipv6Addresses": [],
"MacAddress": "02:30:ca:a6:4f:01",
"NetworkInterfaceId": "eni-00d6f4a41c771305d",
"OwnerId": "<AWSアカウントID>",
"PrivateDnsName": "ip-10-0-16-116.ec2.internal",
"PrivateIpAddress": "10.0.16.116",
"PrivateIpAddresses": [
{
"Primary": true,
"PrivateDnsName": "ip-10-0-16-116.ec2.internal",
"PrivateIpAddress": "10.0.16.116"
}
],
"RequesterId": "803884302965",
"RequesterManaged": true,
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "subnet-0295427b95b9c2831",
"TagSet": [],
"VpcId": "vpc-0026585a9c8fcb68b"
}
]
}
FSx for ONTAPのENIにIPアドレスが3つ付いていてニヤニヤしちゃいますね。
FSx for ONTAPファイルシステム
FSx for ONTAPファイルシステムの確認をします。
$ aws fsx describe-file-systems
{
"FileSystems": [
{
"OwnerId": "<AWSアカウントID>",
"CreationTime": "2022-08-02T01:01:38.633000+00:00",
"FileSystemId": "fs-0b8f145a32d809221",
"FileSystemType": "ONTAP",
"Lifecycle": "AVAILABLE",
"StorageCapacity": 1024,
"StorageType": "SSD",
"VpcId": "vpc-0026585a9c8fcb68b",
"SubnetIds": [
"subnet-0c5d66ec1307e28fc",
"subnet-0295427b95b9c2831"
],
"NetworkInterfaceIds": [
"eni-002e2f11517086ffe",
"eni-0a4ba65000f04ea41"
],
"KmsKeyId": "arn:aws:kms:us-east-1:<AWSアカウントID>:key/365ae19c-8016-4963-9afd-05f703509254",
"ResourceARN": "arn:aws:fsx:us-east-1:<AWSアカウントID>:file-system/fs-0b8f145a32d809221",
"Tags": [
{
"Key": "aws:cloudformation:stack-name",
"Value": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L"
},
{
"Key": "aws:cloudformation:stack-id",
"Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L/71df7700-11fa-11ed-a605-0a33f5a9182b"
},
{
"Key": "LaunchWizardApplicationType",
"Value": "SQL_SERVER"
},
{
"Key": "LaunchWizardResourceGroupID",
"Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
},
{
"Key": "SourceTemplate",
"Value": "AWSLaunchWizard"
},
{
"Key": "aws:cloudformation:logical-id",
"Value": "FSxONTAPFileSystemMAD"
},
{
"Key": "Name",
"Value": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L"
}
],
"OntapConfiguration": {
"DeploymentType": "MULTI_AZ_1",
"EndpointIpAddressRange": "198.19.255.0/24",
"Endpoints": {
"Intercluster": {
"DNSName": "intercluster.fs-0b8f145a32d809221.fsx.us-east-1.amazonaws.com",
"IpAddresses": [
"10.0.3.248",
"10.0.19.19"
]
},
"Management": {
"DNSName": "management.fs-0b8f145a32d809221.fsx.us-east-1.amazonaws.com",
"IpAddresses": [
"198.19.255.122"
]
}
},
"DiskIopsConfiguration": {
"Mode": "AUTOMATIC",
"Iops": 3072
},
"PreferredSubnetId": "subnet-0c5d66ec1307e28fc",
"RouteTableIds": [
"rtb-0e4987a1c063dce77",
"rtb-0addf80e74e9feeb4"
],
"ThroughputCapacity": 128,
"WeeklyMaintenanceStartTime": "4:16:30"
}
}
]
}
ストレージサイズは下限の1024GBになってますね。
FSx for ONTAP SVM
FSx for ONTAPのSVMの確認をします。
$ aws fsx describe-storage-virtual-machines
{
"StorageVirtualMachines": [
{
"CreationTime": "2022-08-02T01:02:29.698000+00:00",
"Endpoints": {
"Iscsi": {
"DNSName": "iscsi.svm-026266713b1afd873.fs-0b8f145a32d809221.fsx.us-east-1.amazonaws.com",
"IpAddresses": [
"10.0.1.243",
"10.0.19.34"
]
},
"Management": {
"DNSName": "svm-026266713b1afd873.fs-0b8f145a32d809221.fsx.us-east-1.amazonaws.com",
"IpAddresses": [
"198.19.255.243"
]
},
"Nfs": {
"DNSName": "svm-026266713b1afd873.fs-0b8f145a32d809221.fsx.us-east-1.amazonaws.com",
"IpAddresses": [
"198.19.255.243"
]
}
},
"FileSystemId": "fs-0b8f145a32d809221",
"Lifecycle": "CREATED",
"Name": "sql-svm01",
"ResourceARN": "arn:aws:fsx:us-east-1:<AWSアカウントID>:storage-virtual-machine/fs-0b8f145a32d809221/svm-026266713b1afd873",
"StorageVirtualMachineId": "svm-026266713b1afd873",
"Subtype": "DEFAULT",
"UUID": "e81aae27-11fe-11ed-a23a-25f39db72949"
}
]
}
ドメイン周りの情報が設定されていないので、SMBは使っていなさそうです。
FSx for ONTAPボリューム
FSx for ONTAPのボリュームの確認をします。
$ aws fsx describe-volumes
{
"Volumes": [
{
"CreationTime": "2022-08-02T01:03:33+00:00",
"FileSystemId": "fs-0b8f145a32d809221",
"Lifecycle": "CREATED",
"Name": "sql_svm01_root",
"OntapConfiguration": {
"FlexCacheEndpointType": "NONE",
"JunctionPath": "/",
"SecurityStyle": "NTFS",
"SizeInMegabytes": 1024,
"StorageEfficiencyEnabled": false,
"StorageVirtualMachineId": "svm-026266713b1afd873",
"StorageVirtualMachineRoot": true,
"TieringPolicy": {
"Name": "NONE"
},
"UUID": "ee16a43e-11fe-11ed-a23a-25f39db72949",
"OntapVolumeType": "RW"
},
"ResourceARN": "arn:aws:fsx:us-east-1:<AWSアカウントID>:volume/fs-0b8f145a32d809221/fsvol-0d99e7568fe0c91ce",
"VolumeId": "fsvol-0d99e7568fe0c91ce",
"VolumeType": "ONTAP"
},
{
"CreationTime": "2022-08-02T01:05:44.390000+00:00",
"FileSystemId": "fs-0b8f145a32d809221",
"Lifecycle": "CREATED",
"Name": "SQLCluster01",
"OntapConfiguration": {
"FlexCacheEndpointType": "NONE",
"JunctionPath": "/volume11",
"SecurityStyle": "UNIX",
"SizeInMegabytes": 891290,
"StorageEfficiencyEnabled": false,
"StorageVirtualMachineId": "svm-026266713b1afd873",
"StorageVirtualMachineRoot": false,
"TieringPolicy": {
"Name": "NONE"
},
"UUID": "3e10b547-11ff-11ed-a23a-25f39db72949",
"OntapVolumeType": "RW"
},
"ResourceARN": "arn:aws:fsx:us-east-1:<AWSアカウントID>:volume/fs-0b8f145a32d809221/fsvol-0d313b887f24fac7d",
"VolumeId": "fsvol-0d313b887f24fac7d",
"VolumeType": "ONTAP"
}
]
}
SVMのルートボリュームの他に891,290MBのボリュームが一つ作成されていました。一つのボリューム内にSQL Serverのデータ用やログ用と複数のLUNを作成していそうです。
Managed Microsoft AD
Managed Microsoft ADの確認をします。
$ aws ds describe-directories
{
"DirectoryDescriptions": [
{
"DirectoryId": "d-9067b20bbb",
"Name": "corp.non-97.net",
"ShortName": "corp",
"Size": "Large",
"Edition": "Enterprise",
"Alias": "d-9067b20bbb",
"AccessUrl": "d-9067b20bbb.awsapps.com",
"DnsIpAddrs": [
"10.0.5.1",
"10.0.16.116"
],
"Stage": "Active",
"LaunchTime": "2022-08-01T23:58:13.883000+00:00",
"StageLastUpdatedDateTime": "2022-08-02T00:29:08.817000+00:00",
"Type": "MicrosoftAD",
"VpcSettings": {
"VpcId": "vpc-0026585a9c8fcb68b",
"SubnetIds": [
"subnet-0c5d66ec1307e28fc",
"subnet-0295427b95b9c2831"
],
"SecurityGroupId": "sg-0be8d48e27b84bec5",
"AvailabilityZones": [
"us-east-1a",
"us-east-1b"
]
},
"SsoEnabled": false,
"DesiredNumberOfDomainControllers": 2,
"RegionsInfo": {
"PrimaryRegion": "us-east-1",
"AdditionalRegions": []
}
}
]
}
Enterprise Editionのようです。
ドメインコントローラーの情報は以下の通りです。
$ aws ds describe-domain-controllers \
--directory-id d-9067b20bbb
{
"DomainControllers": [
{
"DirectoryId": "d-9067b20bbb",
"DomainControllerId": "dc-906729bad2",
"DnsIpAddr": "10.0.5.1",
"VpcId": "vpc-0026585a9c8fcb68b",
"SubnetId": "subnet-0c5d66ec1307e28fc",
"AvailabilityZone": "us-east-1a",
"Status": "Active",
"LaunchTime": "2022-08-01T23:58:13.936000+00:00",
"StatusLastUpdatedDateTime": "2022-08-02T00:29:08.754000+00:00"
},
{
"DirectoryId": "d-9067b20bbb",
"DomainControllerId": "dc-906729bad3",
"DnsIpAddr": "10.0.16.116",
"VpcId": "vpc-0026585a9c8fcb68b",
"SubnetId": "subnet-0295427b95b9c2831",
"AvailabilityZone": "us-east-1b",
"Status": "Active",
"LaunchTime": "2022-08-01T23:58:13.955000+00:00",
"StatusLastUpdatedDateTime": "2022-08-02T00:29:08.788000+00:00"
}
]
}
Windows周りの設定の確認
役割と機能
次にWindows周りの設定の確認をします。
まずは役割と機能です。
> Get-WindowsFeature | Where-object {$_.Installed -eq $True}
Display Name Name Install State
------------ ---- -------------
[X] File and Storage Services FileAndStorage-Services Installed
[X] File and iSCSI Services File-Services Installed
[X] File Server FS-FileServer Installed
[X] Storage Services Storage-Services Installed
[X] .NET Framework 4.7 Features NET-Framework-45-Fea... Installed
[X] .NET Framework 4.7 NET-Framework-45-Core Installed
[X] WCF Services NET-WCF-Services45 Installed
[X] TCP Port Sharing NET-WCF-TCP-PortShar... Installed
[X] Failover Clustering Failover-Clustering Installed
[X] Multipath I/O Multipath-IO Installed
[X] Remote Server Administration Tools RSAT Installed
[X] Feature Administration Tools RSAT-Feature-Tools Installed
[X] Failover Clustering Tools RSAT-Clustering Installed
[X] Failover Cluster Management Tools RSAT-Clustering-Mgmt Installed
[X] Failover Cluster Module for Windows ... RSAT-Clustering-Powe... Installed
[X] Failover Cluster Command Interface RSAT-Clustering-CmdI... Installed
[X] Role Administration Tools RSAT-Role-Tools Installed
[X] AD DS and AD LDS Tools RSAT-AD-Tools Installed
[X] Active Directory module for Windows ... RSAT-AD-PowerShell Installed
[X] DNS Server Tools RSAT-DNS-Server Installed
[X] System Data Archiver System-DataArchiver Installed
[X] Windows Defender Antivirus Windows-Defender Installed
[X] Windows PowerShell PowerShellRoot Installed
[X] Windows PowerShell 5.1 PowerShell Installed
[X] Windows PowerShell ISE PowerShell-ISE Installed
[X] WoW64 Support WoW64-Support Installed
[X] XPS Viewer XPS-Viewer Installed
ADの管理ツールが足りなかったので、PowerShellでインストールします。
> Install-WindowsFeature -Name RSAT-ADDS
Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
True No Success {Active Directory Administrative Center, A...
#
> Get-WindowsFeature | Where-object {$_.Installed -eq $True}
Display Name Name Install State
------------ ---- -------------
[X] File and Storage Services FileAndStorage-Services Installed
[X] File and iSCSI Services File-Services Installed
[X] File Server FS-FileServer Installed
[X] Storage Services Storage-Services Installed
[X] .NET Framework 4.7 Features NET-Framework-45-Fea... Installed
[X] .NET Framework 4.7 NET-Framework-45-Core Installed
[X] WCF Services NET-WCF-Services45 Installed
[X] TCP Port Sharing NET-WCF-TCP-PortShar... Installed
[X] Failover Clustering Failover-Clustering Installed
[X] Multipath I/O Multipath-IO Installed
[X] Remote Server Administration Tools RSAT Installed
[X] Feature Administration Tools RSAT-Feature-Tools Installed
[X] Failover Clustering Tools RSAT-Clustering Installed
[X] Failover Cluster Management Tools RSAT-Clustering-Mgmt Installed
[X] Failover Cluster Module for Windows ... RSAT-Clustering-Powe... Installed
[X] Failover Cluster Command Interface RSAT-Clustering-CmdI... Installed
[X] Role Administration Tools RSAT-Role-Tools Installed
[X] AD DS and AD LDS Tools RSAT-AD-Tools Installed
[X] Active Directory module for Windows ... RSAT-AD-PowerShell Installed
[X] AD DS Tools RSAT-ADDS Installed
[X] Active Directory Administrative ... RSAT-AD-AdminCenter Installed
[X] AD DS Snap-Ins and Command-Line ... RSAT-ADDS-Tools Installed
[X] DNS Server Tools RSAT-DNS-Server Installed
[X] System Data Archiver System-DataArchiver Installed
[X] Windows Defender Antivirus Windows-Defender Installed
[X] Windows PowerShell PowerShellRoot Installed
[X] Windows PowerShell 5.1 PowerShell Installed
[X] Windows PowerShell ISE PowerShell-ISE Installed
[X] WoW64 Support WoW64-Support Installed
[X] XPS Viewer
ドライブ一覧
各EC2インスタンスのドライブ一覧を確認します。
EC2インスタンスFCIV9arshUSNpXyのドライブ一覧は以下の通りです。
> Get-PSDrive Name Used (GB) Free (GB) Provider Root CurrentLocation ---- --------- --------- -------- ---- --------------- Alias Alias C 37.46 62.54 FileSystem C:\ Windows\system32 Cert Certificate \ Env Environment Function Function HKCU Registry HKEY_CURRENT_USER HKLM Registry HKEY_LOCAL_MACHINE Variable Variable WSMan WSMan
Cドライブしかありません。
EC2インスタンスFCIVAmSWhwgL9V1のドライブ一覧は以下の通りです。
> Get-PSDrive Name Used (GB) Free (GB) Provider Root CurrentLocation ---- --------- --------- -------- ---- --------------- Alias Alias C 33.79 66.20 FileSystem C:\ Windows\system32 Cert Certificate \ Env Environment Function Function HKCU Registry HKEY_CURRENT_USER HKLM Registry HKEY_LOCAL_MACHINE L 0.11 79.87 FileSystem L:\ Q 0.04 0.94 FileSystem Q:\ S 0.25 398.73 FileSystem S:\ Variable Variable WSMan WSMan
こちらのEC2インスタンスではLドライブやQドライブ、Sドライブの確認ができました。
どうやらFCIVAmSWhwgL9V1がアクティブなノードなようです。
ドメイン内のコンピューターオブジェクト
ドメイン内のコンピューターオブジェクトを確認します。
PS C:\Users\admin> Get-ADComputer -Filter * DistinguishedName : CN=WIN-RA95CDF2PMG,OU=Domain Controllers,DC=corp,DC=non-97,DC=net DNSHostName : WIN-RA95CDF2PMG.corp.non-97.net Enabled : True Name : WIN-RA95CDF2PMG ObjectClass : computer ObjectGUID : 98ca9ee8-9d68-420d-98b8-615fd00153de SamAccountName : WIN-RA95CDF2PMG$ SID : S-1-5-21-514741421-2750270180-1483028601-1009 UserPrincipalName : DistinguishedName : CN=WIN-VCE7PVFB6AN,OU=Domain Controllers,DC=corp,DC=non-97,DC=net DNSHostName : WIN-VCE7PVFB6AN.corp.non-97.net Enabled : True Name : WIN-VCE7PVFB6AN ObjectClass : computer ObjectGUID : ecadc55e-a4b0-40ff-b140-f17022a91475 SamAccountName : WIN-VCE7PVFB6AN$ SID : S-1-5-21-514741421-2750270180-1483028601-1112 UserPrincipalName : DistinguishedName : CN=FCIVAMSWHWGL9V1,OU=Computers,OU=corp,DC=corp,DC=non-97,DC=net DNSHostName : FCIVAmSWhwgL9V1.corp.non-97.net Enabled : True Name : FCIVAMSWHWGL9V1 ObjectClass : computer ObjectGUID : 5cb84c24-23be-4be5-b7c9-91bfd2b20a92 SamAccountName : FCIVAMSWHWGL9V1$ SID : S-1-5-21-514741421-2750270180-1483028601-1143 UserPrincipalName : DistinguishedName : CN=FCIV9ARSHUSNPXY,OU=Computers,OU=corp,DC=corp,DC=non-97,DC=net DNSHostName : FCIV9arshUSNpXy.corp.non-97.net Enabled : True Name : FCIV9ARSHUSNPXY ObjectClass : computer ObjectGUID : f1216129-fc71-413f-ab0c-075b18ef4ed3 SamAccountName : FCIV9ARSHUSNPXY$ SID : S-1-5-21-514741421-2750270180-1483028601-1610 UserPrincipalName : DistinguishedName : CN=FCILZxZ47FrpFiE,OU=Computers,OU=corp,DC=corp,DC=non-97,DC=net DNSHostName : FCILZxZ47FrpFiE.corp.non-97.net Enabled : True Name : FCILZxZ47FrpFiE ObjectClass : computer ObjectGUID : 41c11a66-ecf3-4e41-a1fb-9b20e9b6311f SamAccountName : FCILZxZ47FrpFiE$ SID : S-1-5-21-514741421-2750270180-1483028601-1145 UserPrincipalName : DistinguishedName : CN=FCIsbC8sKn4EGPM,OU=Computers,OU=corp,DC=corp,DC=non-97,DC=net DNSHostName : FCIsbC8sKn4EGPM.corp.non-97.net Enabled : True Name : FCIsbC8sKn4EGPM ObjectClass : computer ObjectGUID : ad703545-4890-495f-8a72-0e86be6a8b07 SamAccountName : FCIsbC8sKn4EGPM$ SID : S-1-5-21-514741421-2750270180-1483028601-1146 UserPrincipalName :
ドメインコントローラー(WIN-RA95CDF2PMG,WIN-VCE7PVFB6AN)とEC2インスタンス(FCIVAmSWhwgL9V1,FCIV9arshUSNpXy)、クラスターで使うオブジェクト(FCILZxZ47FrpFiE,FCIsbC8sKn4EGPM)が作成されていました。
ドメイン内のユーザーオブジェクト
ドメイン内のユーザーオブジェクトの確認をします。
PS C:\Users\admin> Get-ADUser -Filter * DistinguishedName : CN=Administrator,OU=AWS Reserved,DC=corp,DC=non-97,DC=net Enabled : True GivenName : Name : Administrator ObjectClass : user ObjectGUID : c54cbf8b-60b5-457b-a5e6-91fcc7c13c5c SamAccountName : Administrator SID : S-1-5-21-514741421-2750270180-1483028601-500 Surname : UserPrincipalName : administrator@corp.non-97.net DistinguishedName : CN=Guest,CN=Users,DC=corp,DC=non-97,DC=net Enabled : False GivenName : Name : Guest ObjectClass : user ObjectGUID : a4814600-6cb4-4cbd-bf36-385bcb67df4c SamAccountName : Guest SID : S-1-5-21-514741421-2750270180-1483028601-501 Surname : UserPrincipalName : DistinguishedName : CN=krbtgt,CN=Users,DC=corp,DC=non-97,DC=net Enabled : False GivenName : Name : krbtgt ObjectClass : user ObjectGUID : 90ac0678-ef0d-4679-a351-81a2e0b32020 SamAccountName : krbtgt SID : S-1-5-21-514741421-2750270180-1483028601-502 Surname : UserPrincipalName : DistinguishedName : CN=Admin,OU=Users,OU=corp,DC=corp,DC=non-97,DC=net Enabled : True GivenName : Name : Admin ObjectClass : user ObjectGUID : 33b1883d-55a5-4f4e-ab6c-f1ed135111a3 SamAccountName : Admin SID : S-1-5-21-514741421-2750270180-1483028601-1113 Surname : UserPrincipalName : admin@corp.non-97.net DistinguishedName : CN=sqladmin,OU=Users,OU=corp,DC=corp,DC=non-97,DC=net Enabled : True GivenName : Name : sqladmin ObjectClass : user ObjectGUID : 151cb348-f7fd-4b69-96d6-1d3470aff2ba SamAccountName : sqladmin SID : S-1-5-21-514741421-2750270180-1483028601-1144 Surname : UserPrincipalName : sqladmin@corp.non-97.net
OU=Users,OU=corp,DC=corp,DC=non-97,DC=netにAdminとsqladminが作成されていました。
DNS
DNSのレコードを確認します。
前方参照ゾーンは以下の通りです。
逆引き参照ゾーンは以下の通りです。
iSCSI
FCIV9arshUSNpXyのiSCSIの確認をしてみます。
# iSCSIターゲット
> Get-IscsiTarget
IsConnected NodeAddress PSComputerName
----------- ----------- --------------
True iqn.1992-08.com.netapp:sn.e81aae2711fe11eda23a25f39db72949:vs.3
# iSCSIターゲットポータル
> Get-IscsiTargetPortal
InitiatorInstanceName : ROOT\ISCSIPRT\0000_0
InitiatorPortalAddress : 10.0.1.211
IsDataDigest : False
IsHeaderDigest : False
TargetPortalAddress : 10.0.1.243
TargetPortalPortNumber : 3260
PSComputerName :
InitiatorInstanceName : ROOT\ISCSIPRT\0000_0
InitiatorPortalAddress : 10.0.1.211
IsDataDigest : False
IsHeaderDigest : False
TargetPortalAddress : 10.0.19.34
TargetPortalPortNumber : 3260
PSComputerName :
# iSCSIコネクション
> Get-IscsiConnection
ConnectionIdentifier : ffffb60f3ca8b010-0
InitiatorAddress : 10.0.1.211
InitiatorPortNumber : 2242
TargetAddress : 10.0.19.34
TargetPortNumber : 3260
PSComputerName :
ConnectionIdentifier : ffffb60f3ca8b010-1
InitiatorAddress : 10.0.1.211
InitiatorPortNumber : 2498
TargetAddress : 10.0.1.243
TargetPortNumber : 3260
PSComputerName :
ConnectionIdentifier : ffffb60f3ca8b010-2
InitiatorAddress : 10.0.1.211
InitiatorPortNumber : 2754
TargetAddress : 10.0.19.34
TargetPortNumber : 3260
PSComputerName :
ConnectionIdentifier : ffffb60f3ca8b010-3
InitiatorAddress : 10.0.1.211
InitiatorPortNumber : 3010
TargetAddress : 10.0.1.243
TargetPortNumber : 3260
PSComputerName :
ConnectionIdentifier : ffffb60f3ca8b010-4
InitiatorAddress : 10.0.1.211
InitiatorPortNumber : 3266
TargetAddress : 10.0.1.243
TargetPortNumber : 3260
PSComputerName :
# iSCSIセッション
> Get-IscsiSession
AuthenticationType : NONE
InitiatorInstanceName : ROOT\ISCSIPRT\0000_0
InitiatorNodeAddress : iqn.1991-05.com.microsoft:fciv9arshusnpxy
InitiatorPortalAddress : 10.0.1.211
InitiatorSideIdentifier : 40000137000a
IsConnected : True
IsDataDigest : False
IsDiscovered : True
IsHeaderDigest : False
IsPersistent : True
NumberOfConnections : 1
SessionIdentifier : ffffb60f3ca8b010-4000013700000001
TargetNodeAddress : iqn.1992-08.com.netapp:sn.e81aae2711fe11eda23a25f39db72949:vs.3
TargetSideIdentifier : 0200
PSComputerName :
AuthenticationType : NONE
InitiatorInstanceName : ROOT\ISCSIPRT\0000_0
InitiatorNodeAddress : iqn.1991-05.com.microsoft:fciv9arshusnpxy
InitiatorPortalAddress : 10.0.1.211
InitiatorSideIdentifier : 400001370005
IsConnected : True
IsDataDigest : False
IsDiscovered : True
IsHeaderDigest : False
IsPersistent : True
NumberOfConnections : 1
SessionIdentifier : ffffb60f3ca8b010-4000013700000002
TargetNodeAddress : iqn.1992-08.com.netapp:sn.e81aae2711fe11eda23a25f39db72949:vs.3
TargetSideIdentifier : 0300
PSComputerName :
AuthenticationType : NONE
InitiatorInstanceName : ROOT\ISCSIPRT\0000_0
InitiatorNodeAddress : iqn.1991-05.com.microsoft:fciv9arshusnpxy
InitiatorPortalAddress : 10.0.1.211
InitiatorSideIdentifier : 400001370006
IsConnected : True
IsDataDigest : False
IsDiscovered : True
IsHeaderDigest : False
IsPersistent : True
NumberOfConnections : 1
SessionIdentifier : ffffb60f3ca8b010-4000013700000003
TargetNodeAddress : iqn.1992-08.com.netapp:sn.e81aae2711fe11eda23a25f39db72949:vs.3
TargetSideIdentifier : 0100
PSComputerName :
AuthenticationType : NONE
InitiatorInstanceName : ROOT\ISCSIPRT\0000_0
InitiatorNodeAddress : iqn.1991-05.com.microsoft:fciv9arshusnpxy
InitiatorPortalAddress : 10.0.1.211
InitiatorSideIdentifier : 400001370008
IsConnected : True
IsDataDigest : False
IsDiscovered : True
IsHeaderDigest : False
IsPersistent : True
NumberOfConnections : 1
SessionIdentifier : ffffb60f3ca8b010-4000013700000004
TargetNodeAddress : iqn.1992-08.com.netapp:sn.e81aae2711fe11eda23a25f39db72949:vs.3
TargetSideIdentifier : 0200
PSComputerName :
AuthenticationType : NONE
InitiatorInstanceName : ROOT\ISCSIPRT\0000_0
InitiatorNodeAddress : iqn.1991-05.com.microsoft:fciv9arshusnpxy
InitiatorPortalAddress : 10.0.1.211
InitiatorSideIdentifier : 400001370001
IsConnected : True
IsDataDigest : False
IsDiscovered : True
IsHeaderDigest : False
IsPersistent : True
NumberOfConnections : 1
SessionIdentifier : ffffb60f3ca8b010-4000013700000005
TargetNodeAddress : iqn.1992-08.com.netapp:sn.e81aae2711fe11eda23a25f39db72949:vs.3
TargetSideIdentifier : 0100
PSComputerName :
FSx for ONTAPの各AZのENIに計5つコネクションとセッションが張られいました。
Failover Cluster
Failoverクラスターの各種情報を確認してみます。
長過ぎたので折りたたみます。
Failover Cluster (折りたたみ)
# クラスター
> Get-Cluster | Format-List -Property *
AddEvictDelay : 60
AdministrativeAccessPoint : ActiveDirectoryAndDns
AutoAssignNodeSite : 0
AutoBalancerMode : 2
AutoBalancerLevel : 1
BackupInProgress : 0
BlockCacheSize : 1024
DetectedCloudPlatform : None
DetectManagedEvents : 1
DetectManagedEventsThreshold : 60
ClusSvcHangTimeout : 135
ClusSvcRegroupStageTimeout : 15
ClusSvcRegroupTickInMilliseconds : 300
ClusterEnforcedAntiAffinity : 0
ClusterFunctionalLevel : 10
ClusterUpgradeVersion : 3
ClusterGroupWaitDelay : 120
ClusterLogLevel : 3
ClusterLogSize : 1536
CrossSiteDelay : 1000
CrossSiteThreshold : 20
CrossSubnetDelay : 1000
CrossSubnetThreshold : 20
CsvBalancer : 1
DatabaseReadWriteMode : 0
DefaultNetworkRole : 3
Description :
Domain : corp.non-97.net
DrainOnShutdown : 1
DumpPolicy : 1376850201
DynamicQuorum : 1
EnableSharedVolumes : Enabled
FixQuorum : 0
GroupDependencyTimeout : 600
HangRecoveryAction : 6
Id : 63197947-8cf4-4e3f-aeaf-5c5e6b2ade74
IgnorePersistentStateOnStartup : 0
LogResourceControls : 0
LowerQuorumPriorityNodeId : 0
MessageBufferLength : 50
MinimumNeverPreemptPriority : 3000
MinimumPreemptorPriority : 1
Name : FCILZxZ47FrpFiE
NetftIPSecEnabled : 1
PlacementOptions : 0
PlumbAllCrossSubnetRoutes : 0
PreferredSite :
PreventQuorum : 0
QuarantineDuration : 7200
QuarantineThreshold : 3
QuorumArbitrationTimeMax : 20
RecentEventsResetTime : 8/2/2022 1:47:28 AM
RequestReplyTimeout : 60
ResiliencyDefaultPeriod : 240
ResiliencyLevel : AlwaysIsolate
RouteHistoryLength : 40
S2DBusTypes : 0
S2DCacheBehavior : Default
S2DCacheDesiredState : Enabled
S2DCacheMetadataReserveBytes : 34359738368
S2DCachePageSizeKBytes : 16
S2DEnabled : 0
S2DIOLatencyThreshold : 10000
S2DOptimizations : 0
SameSubnetDelay : 1000
SameSubnetThreshold : 20
SecurityLevel : 1
SecurityLevelForStorage : 0
SharedVolumeCompatibleFilters : {}
SharedVolumeIncompatibleFilters : {}
SharedVolumeSecurityDescriptor : {1, 0, 4, 128...}
SharedVolumesRoot : C:\ClusterStorage
SharedVolumeVssWriterOperationTimeout : 1800
ShutdownTimeoutInMinutes : 20
UseClientAccessNetworksForSharedVolumes : 2
WitnessDatabaseWriteTimeout : 300
WitnessDynamicWeight : 1
WitnessRestartInterval : 15
EnabledEventLogs : {Microsoft-Windows-Hyper-V-VmSwitch-Diagnostic,4,0xFFFFFFFD,
Microsoft-Windows-SMBDirect/Debug,4, Microsoft-Windows-SMBServer/Analytic,
Microsoft-Windows-Kernel-LiveDump/Analytic}
# クラスターグループ
> Get-ClusterGroup | Format-List -Property *
AntiAffinityClassNames : {}
AutoFailbackType : 0
ColdStartSetting : 0
Cluster : FCILZxZ47FrpFiE
DefaultOwner : 4294967295
Description :
GroupType : AvailableStorage
FailoverPeriod : 6
FailoverThreshold : 0
FailbackWindowEnd : 4294967295
FailbackWindowStart : 4294967295
FaultDomain : 0
IsCoreGroup : True
Name : Available Storage
OwnerNode : FCIVAmSWhwgL9V1
PersistentState : 0
PlacementOptions : 0
PreferredSite : {}
Priority : 1000
ResiliencyPeriod : 0
State : Online
StatusInformation : 0
UpdateDomain : 0
Id : d4aa5161-65d8-4615-9e55-c3a7c183f8bc
AntiAffinityClassNames : {}
AutoFailbackType : 0
ColdStartSetting : 0
Cluster : FCILZxZ47FrpFiE
DefaultOwner : 4294967295
Description :
GroupType : Cluster
FailoverPeriod : 6
FailoverThreshold : 4294967295
FailbackWindowEnd : 4294967295
FailbackWindowStart : 4294967295
FaultDomain : 0
IsCoreGroup : True
Name : Cluster Group
OwnerNode : FCIVAmSWhwgL9V1
PersistentState : 1
PlacementOptions : 0
PreferredSite : {}
Priority : 13000
ResiliencyPeriod : 0
State : Online
StatusInformation : 0
UpdateDomain : 0
Id : 3c207c5c-14b4-49ad-bfc7-ebfdc8ac9f50
AntiAffinityClassNames : {}
AutoFailbackType : 0
ColdStartSetting : 0
Cluster : FCILZxZ47FrpFiE
DefaultOwner : 4294967295
Description :
GroupType : Unknown
FailoverPeriod : 6
FailoverThreshold : 4294967295
FailbackWindowEnd : 4294967295
FailbackWindowStart : 4294967295
FaultDomain : 0
IsCoreGroup : False
Name : SQL Server (MSSQLSERVER)
OwnerNode : FCIVAmSWhwgL9V1
PersistentState : 1
PlacementOptions : 0
PreferredSite : {}
Priority : 2000
ResiliencyPeriod : 0
State : Online
StatusInformation : 0
UpdateDomain : 0
Id : 957781e8-ec3e-439b-b53c-689de792bb33
# クラスターネットワーク
> Get-ClusterNetwork | Format-List -Property *
Address : 10.0.0.0
AddressMask : 255.255.240.0
AutoMetric : True
Cluster : FCILZxZ47FrpFiE
Description :
Id : 693dc632-5a99-460a-80c5-eeda7149a9e0
Ipv4Addresses : {10.0.0.0}
Ipv4PrefixLengths : {20}
Ipv6Addresses : {}
Ipv6PrefixLengths : {}
Metric : 70000
Name : Cluster Network 1
Role : ClusterAndClient
State : Up
Address : 10.0.16.0
AddressMask : 255.255.240.0
AutoMetric : True
Cluster : FCILZxZ47FrpFiE
Description :
Id : 472d74c9-f2ca-431e-a2c8-99fbd29a29c4
Ipv4Addresses : {10.0.16.0}
Ipv4PrefixLengths : {20}
Ipv6Addresses : {}
Ipv6PrefixLengths : {}
Metric : 70001
Name : Cluster Network 2
Role : ClusterAndClient
State : Up
# クラスターネットワークのインターフェースの情報
> Get-ClusterNetworkInterface | Format-List -Property *
Adapter : Amazon Elastic Network Adapter
AdapterId : 5C52BE26-75B9-4268-9742-A0E5D4CAA259
Address : 10.0.1.211
Cluster : FCILZxZ47FrpFiE
Description :
DhcpEnabled : 1
Id : 36b27c36-80ff-4a43-99e0-d11415371129
Ipv4Addresses : {10.0.1.211}
Ipv6Addresses : {}
Name : FCIV9arshUSNpXy - Ethernet 2
Network : Cluster Network 1
Node : FCIV9arshUSNpXy
State : Up
Adapter : Amazon Elastic Network Adapter
AdapterId : 5FB5D3ED-4538-4EDA-90A6-7CC655740C8A
Address : 10.0.28.119
Cluster : FCILZxZ47FrpFiE
Description :
DhcpEnabled : 1
Id : a5e99887-6aaa-4e19-b818-46b87b566362
Ipv4Addresses : {10.0.28.119}
Ipv6Addresses : {}
Name : FCIVAmSWhwgL9V1 - Ethernet 2
Network : Cluster Network 2
Node : FCIVAmSWhwgL9V1
State : Up
# クラスターノード
> Get-ClusterNode | Format-List -Property *
BuildNumber : 17763
Cluster : FCILZxZ47FrpFiE
CSDVersion :
Description :
DrainStatus : NotInitiated
DrainTarget : 4294967295
DynamicWeight : 1
Id : 1
MajorVersion : 10
MinorVersion : 0
Name : FCIV9arshUSNpXy
NeedsPreventQuorum : 0
NodeHighestVersion : 655363
NodeInstanceID : 00000000-0000-0000-0000-000000000001
NodeLowestVersion : 655363
NodeName : FCIV9arshUSNpXy
NodeWeight : 1
FaultDomain : {Site:, Rack:, Chassis:}
Model : c6a.xlarge
Manufacturer : Amazon EC2
SerialNumber : ec2a2313-52f2-3f58-0dbe-7af5ca13bba1
State : Up
StatusInformation : Normal
Type : Node
DetectedCloudPlatform : None
BuildNumber : 17763
Cluster : FCILZxZ47FrpFiE
CSDVersion :
Description :
DrainStatus : NotInitiated
DrainTarget : 4294967295
DynamicWeight : 1
Id : 2
MajorVersion : 10
MinorVersion : 0
Name : FCIVAmSWhwgL9V1
NeedsPreventQuorum : 0
NodeHighestVersion : 655363
NodeInstanceID : 00000000-0000-0000-0000-000000000002
NodeLowestVersion : 655363
NodeName : FCIVAmSWhwgL9V1
NodeWeight : 1
FaultDomain : {Site:, Rack:, Chassis:}
Model : c6a.xlarge
Manufacturer : Amazon EC2
SerialNumber : ec2ae3cd-2759-3826-1894-1053d03a8b73
State : Up
StatusInformation : Normal
Type : Node
DetectedCloudPlatform : None
# クラスターのクォーラム
> Get-ClusterQuorum | Format-List -Property *
Cluster : FCILZxZ47FrpFiE
QuorumResource : Quorum
QuorumType : Majority
# クラスターリソース
> Get-ClusterResource
Name State OwnerGroup ResourceType
---- ----- ---------- ------------
Cluster IP Address Offline Cluster Group IP Address
Cluster Name Online Cluster Group Network Name
IP Address 10.0.30.89 Online Cluster Group IP Address
Quorum Online Cluster Group Physical Disk
SQL IP Address 1 (FCIsbC8sKn4EGPM) Online SQL Server (MSSQLSERVER) IP Address
SQL IP Address 2 (FCIsbC8sKn4EGPM) Offline SQL Server (MSSQLSERVER) IP Address
SQL Network Name (FCIsbC8sKn4EGPM) Online SQL Server (MSSQLSERVER) Network Name
SQL Server Online SQL Server (MSSQLSERVER) SQL Server
SQL Server Agent Online SQL Server (MSSQLSERVER) SQL Server Agent
SQL Server CEIP (MSSQLSERVER) Online SQL Server (MSSQLSERVER) Generic Service
SQL-DATA Online SQL Server (MSSQLSERVER) Physical Disk
SQL-LOG Online Available Storage Physical Disk
# クラスターリソースの詳細
> Get-ClusterResource | Format-List -Property *
Characteristics : 0
Cluster : FCILZxZ47FrpFiE
DeadlockTimeout : 300000
Description :
Id : d833a189-7e0d-47db-a446-cd0bd0b7e530
IsCoreResource : False
EmbeddedFailureAction : 2
IsAlivePollInterval : 4294967295
IsNetworkClassResource : True
IsStorageClassResource : False
LastOperationStatusCode : 8589934592
LooksAlivePollInterval : 4294967295
MaintenanceMode : False
MonitorProcessId : 4804
Name : Cluster IP Address
OwnerGroup : Cluster Group
OwnerNode : FCIVAmSWhwgL9V1
PendingTimeout : 180000
PersistentState : 1
ResourceSpecificData1 : 0
ResourceSpecificData2 : 0
ResourceSpecificStatus :
ResourceType : IP Address
RestartAction : 2
RestartDelay : 500
RestartPeriod : 600000
RestartThreshold : 1
RetryPeriodOnFailure : 600000
SeparateMonitor : False
State : Offline
StatusInformation : 0
Characteristics : 0
Cluster : FCILZxZ47FrpFiE
DeadlockTimeout : 300000
Description :
Id : af06d7ee-4078-48ee-98f0-9ef2cb32c7f6
IsCoreResource : True
EmbeddedFailureAction : 2
IsAlivePollInterval : 4294967295
IsNetworkClassResource : False
IsStorageClassResource : False
LastOperationStatusCode : 0
LooksAlivePollInterval : 4294967295
MaintenanceMode : False
MonitorProcessId : 6980
Name : Cluster Name
OwnerGroup : Cluster Group
OwnerNode : FCIVAmSWhwgL9V1
PendingTimeout : 180000
PersistentState : 1
ResourceSpecificData1 : 0
ResourceSpecificData2 : 0
ResourceSpecificStatus :
ResourceType : Network Name
RestartAction : 2
RestartDelay : 500
RestartPeriod : 600000
RestartThreshold : 1
RetryPeriodOnFailure : 600000
SeparateMonitor : False
State : Online
StatusInformation : 0
Characteristics : 0
Cluster : FCILZxZ47FrpFiE
DeadlockTimeout : 300000
Description :
Id : 40d283f0-2942-4bc9-bc7f-557e495cb9eb
IsCoreResource : False
EmbeddedFailureAction : 2
IsAlivePollInterval : 4294967295
IsNetworkClassResource : True
IsStorageClassResource : False
LastOperationStatusCode : 0
LooksAlivePollInterval : 4294967295
MaintenanceMode : False
MonitorProcessId : 4804
Name : IP Address 10.0.30.89
OwnerGroup : Cluster Group
OwnerNode : FCIVAmSWhwgL9V1
PendingTimeout : 180000
PersistentState : 1
ResourceSpecificData1 : 0
ResourceSpecificData2 : 0
ResourceSpecificStatus :
ResourceType : IP Address
RestartAction : 2
RestartDelay : 500
RestartPeriod : 600000
RestartThreshold : 1
RetryPeriodOnFailure : 600000
SeparateMonitor : False
State : Online
StatusInformation : 0
Characteristics : Quorum, BroadcastDelete, MonitorReattach
Cluster : FCILZxZ47FrpFiE
DeadlockTimeout : 300000
Description :
Id : bc462e65-b3c3-4ad9-99e1-d8cb8dbe3c22
IsCoreResource : True
EmbeddedFailureAction : 2
IsAlivePollInterval : 4294967295
IsNetworkClassResource : False
IsStorageClassResource : True
LastOperationStatusCode : 0
LooksAlivePollInterval : 4294967295
MaintenanceMode : False
MonitorProcessId : 5312
Name : Quorum
OwnerGroup : Cluster Group
OwnerNode : FCIVAmSWhwgL9V1
PendingTimeout : 180000
PersistentState : 1
ResourceSpecificData1 : 0
ResourceSpecificData2 : 0
ResourceSpecificStatus :
ResourceType : Physical Disk
RestartAction : 2
RestartDelay : 500
RestartPeriod : 600000
RestartThreshold : 1
RetryPeriodOnFailure : 600000
SeparateMonitor : False
State : Online
StatusInformation : 0
Characteristics : 0
Cluster : FCILZxZ47FrpFiE
DeadlockTimeout : 300000
Description :
Id : d43851d5-bed5-41ba-8602-8706e6223ca6
IsCoreResource : False
EmbeddedFailureAction : 2
IsAlivePollInterval : 4294967295
IsNetworkClassResource : True
IsStorageClassResource : False
LastOperationStatusCode : 0
LooksAlivePollInterval : 4294967295
MaintenanceMode : False
MonitorProcessId : 4804
Name : SQL IP Address 1 (FCIsbC8sKn4EGPM)
OwnerGroup : SQL Server (MSSQLSERVER)
OwnerNode : FCIVAmSWhwgL9V1
PendingTimeout : 180000
PersistentState : 1
ResourceSpecificData1 : 0
ResourceSpecificData2 : 0
ResourceSpecificStatus :
ResourceType : IP Address
RestartAction : 2
RestartDelay : 500
RestartPeriod : 600000
RestartThreshold : 1
RetryPeriodOnFailure : 600000
SeparateMonitor : False
State : Online
StatusInformation : 0
Characteristics : 0
Cluster : FCILZxZ47FrpFiE
DeadlockTimeout : 300000
Description :
Id : 51e36d6b-a4d2-44ff-87cc-7224be1d28b1
IsCoreResource : False
EmbeddedFailureAction : 2
IsAlivePollInterval : 4294967295
IsNetworkClassResource : True
IsStorageClassResource : False
LastOperationStatusCode : 8589934592
LooksAlivePollInterval : 4294967295
MaintenanceMode : False
MonitorProcessId : 4804
Name : SQL IP Address 2 (FCIsbC8sKn4EGPM)
OwnerGroup : SQL Server (MSSQLSERVER)
OwnerNode : FCIVAmSWhwgL9V1
PendingTimeout : 180000
PersistentState : 1
ResourceSpecificData1 : 0
ResourceSpecificData2 : 0
ResourceSpecificStatus :
ResourceType : IP Address
RestartAction : 2
RestartDelay : 500
RestartPeriod : 600000
RestartThreshold : 1
RetryPeriodOnFailure : 600000
SeparateMonitor : False
State : Offline
StatusInformation : 0
Characteristics : 0
Cluster : FCILZxZ47FrpFiE
DeadlockTimeout : 300000
Description :
Id : 6a81a3e2-3a0c-4c22-8738-f57638e4d253
IsCoreResource : False
EmbeddedFailureAction : 2
IsAlivePollInterval : 4294967295
IsNetworkClassResource : False
IsStorageClassResource : False
LastOperationStatusCode : 0
LooksAlivePollInterval : 4294967295
MaintenanceMode : False
MonitorProcessId : 6980
Name : SQL Network Name (FCIsbC8sKn4EGPM)
OwnerGroup : SQL Server (MSSQLSERVER)
OwnerNode : FCIVAmSWhwgL9V1
PendingTimeout : 180000
PersistentState : 1
ResourceSpecificData1 : 0
ResourceSpecificData2 : 0
ResourceSpecificStatus :
ResourceType : Network Name
RestartAction : 2
RestartDelay : 500
RestartPeriod : 600000
RestartThreshold : 1
RetryPeriodOnFailure : 600000
SeparateMonitor : False
State : Online
StatusInformation : 0
Characteristics : 0
Cluster : FCILZxZ47FrpFiE
DeadlockTimeout : 300000
Description :
Id : f69ce2d8-2a10-46e3-9d51-6902e68b0f51
IsCoreResource : False
EmbeddedFailureAction : 2
IsAlivePollInterval : 4294967295
IsNetworkClassResource : False
IsStorageClassResource : False
LastOperationStatusCode : 0
LooksAlivePollInterval : 4294967295
MaintenanceMode : False
MonitorProcessId : 7044
Name : SQL Server
OwnerGroup : SQL Server (MSSQLSERVER)
OwnerNode : FCIVAmSWhwgL9V1
PendingTimeout : 180000
PersistentState : 1
ResourceSpecificData1 : 0
ResourceSpecificData2 : 0
ResourceSpecificStatus :
ResourceType : SQL Server
RestartAction : 2
RestartDelay : 500
RestartPeriod : 600000
RestartThreshold : 1
RetryPeriodOnFailure : 600000
SeparateMonitor : True
State : Online
StatusInformation : 0
Characteristics : 0
Cluster : FCILZxZ47FrpFiE
DeadlockTimeout : 300000
Description :
Id : ea7840f5-b1c6-4225-89f4-4c46e46398bd
IsCoreResource : False
EmbeddedFailureAction : 2
IsAlivePollInterval : 4294967295
IsNetworkClassResource : False
IsStorageClassResource : False
LastOperationStatusCode : 0
LooksAlivePollInterval : 4294967295
MaintenanceMode : False
MonitorProcessId : 7104
Name : SQL Server Agent
OwnerGroup : SQL Server (MSSQLSERVER)
OwnerNode : FCIVAmSWhwgL9V1
PendingTimeout : 180000
PersistentState : 1
ResourceSpecificData1 : 0
ResourceSpecificData2 : 0
ResourceSpecificStatus :
ResourceType : SQL Server Agent
RestartAction : 2
RestartDelay : 500
RestartPeriod : 600000
RestartThreshold : 1
RetryPeriodOnFailure : 600000
SeparateMonitor : True
State : Online
StatusInformation : 0
Characteristics : 0
Cluster : FCILZxZ47FrpFiE
DeadlockTimeout : 300000
Description :
Id : 3793a1e7-a444-4c1e-863e-e3367a1cf6c3
IsCoreResource : False
EmbeddedFailureAction : 2
IsAlivePollInterval : 4294967295
IsNetworkClassResource : False
IsStorageClassResource : False
LastOperationStatusCode : 0
LooksAlivePollInterval : 4294967295
MaintenanceMode : False
MonitorProcessId : 7152
Name : SQL Server CEIP (MSSQLSERVER)
OwnerGroup : SQL Server (MSSQLSERVER)
OwnerNode : FCIVAmSWhwgL9V1
PendingTimeout : 180000
PersistentState : 1
ResourceSpecificData1 : 0
ResourceSpecificData2 : 0
ResourceSpecificStatus :
ResourceType : Generic Service
RestartAction : 1
RestartDelay : 500
RestartPeriod : 600000
RestartThreshold : 1
RetryPeriodOnFailure : 600000
SeparateMonitor : True
State : Online
StatusInformation : 0
Characteristics : Quorum, BroadcastDelete, MonitorReattach
Cluster : FCILZxZ47FrpFiE
DeadlockTimeout : 300000
Description :
Id : b44c2c90-6c77-4bcb-bedc-946a02f542a2
IsCoreResource : False
EmbeddedFailureAction : 2
IsAlivePollInterval : 4294967295
IsNetworkClassResource : False
IsStorageClassResource : True
LastOperationStatusCode : 0
LooksAlivePollInterval : 4294967295
MaintenanceMode : False
MonitorProcessId : 5312
Name : SQL-DATA
OwnerGroup : SQL Server (MSSQLSERVER)
OwnerNode : FCIVAmSWhwgL9V1
PendingTimeout : 180000
PersistentState : 1
ResourceSpecificData1 : 0
ResourceSpecificData2 : 0
ResourceSpecificStatus :
ResourceType : Physical Disk
RestartAction : 2
RestartDelay : 500
RestartPeriod : 600000
RestartThreshold : 1
RetryPeriodOnFailure : 600000
SeparateMonitor : False
State : Online
StatusInformation : 0
Characteristics : Quorum, BroadcastDelete, MonitorReattach
Cluster : FCILZxZ47FrpFiE
DeadlockTimeout : 300000
Description :
Id : 3437974f-6e0f-4a03-abee-6ea46b98694e
IsCoreResource : False
EmbeddedFailureAction : 2
IsAlivePollInterval : 4294967295
IsNetworkClassResource : False
IsStorageClassResource : True
LastOperationStatusCode : 0
LooksAlivePollInterval : 4294967295
MaintenanceMode : False
MonitorProcessId : 5312
Name : SQL-LOG
OwnerGroup : Available Storage
OwnerNode : FCIVAmSWhwgL9V1
PendingTimeout : 180000
PersistentState : 1
ResourceSpecificData1 : 0
ResourceSpecificData2 : 0
ResourceSpecificStatus :
ResourceType : Physical Disk
RestartAction : 2
RestartDelay : 500
RestartPeriod : 600000
RestartThreshold : 1
RetryPeriodOnFailure : 600000
SeparateMonitor : False
State : Online
StatusInformation : 0
PowerShellからだけだと味気ないので、Failover Cluster Managerからも確認してみます。
Current Host ServerがFCIVAmSWhwgL9V1で、IPアドレスは10.0.30.89がアップになっています。
実際に、Cluster名のFCILZxZ47FrpFiEを名前解決すると10.0.30.89が返ってきました。
> nslookup FCILZxZ47FrpFiE Server: win-ra95cdf2pmg.corp.non-97.net Address: 10.0.5.1 Name: FCILZxZ47FrpFiE.corp.non-97.net Address: 10.0.30.89
クラスターのロールのサマリーとリソースは以下の通りです。
サマリー
リソース
クラスターで使用している3つのディスクも確認できますね。
FSx for ONTAPのiSCSI LUN周りの確認
FSx for ONTAPのiSCSI LUN周りの確認もしておきましょう。
確認はSSHでFSx for ONTAPファイルサーバーに接続して、ONTAP CLIから行います。
> ssh fsxadmin@198.19.255.122 The authenticity of host '198.19.255.122 (198.19.255.122)' can't be established. ECDSA key fingerprint is SHA256:gmPG1WE2KdHrSl6RQhOkogsi34U72utI4QeUxkNMteQ. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '198.19.255.122' (ECDSA) to the list of known hosts. Password: This is your first recorded login. Unsuccessful login attempts since last login: 1
接続後、LUNの一覧を確認します。
FsxId0b8f145a32d809221::> lun show
Vserver Path State Mapped Type Size
--------- ------------------------------- ------- -------- -------- --------
sql-svm01 /vol/SQLCluster01/quorum online mapped windows_2008 1GB
sql-svm01 /vol/SQLCluster01/sqldata online mapped windows_2008
399GB
sql-svm01 /vol/SQLCluster01/sqllog online mapped windows_2008 80GB
3 entries were displayed.
# LUNの詳細の確認
FsxId0b8f145a32d809221::> lun show -instance
Vserver Name: sql-svm01
LUN Path: /vol/SQLCluster01/quorum
Volume Name: SQLCluster01
Qtree Name: ""
LUN Name: quorum
LUN Size: 1GB
OS Type: windows_2008
Space Reservation: enabled
Serial Number: lWB1i]TJrfue
Serial Number (Hex): 6c574231695d544a72667565
Comment:
Space Reservations Honored: false
Space Allocation: disabled
State: online
LUN UUID: c9f26fcd-be6a-4888-b5d6-9a736227d0e8
Mapped: mapped
Physical Size of Logical Block: 512B
Device Legacy ID: -
Device Binary ID: -
Device Text ID: -
Read Only: false
Fenced Due to Restore: false
Used Size: 43.17MB
Maximum Resize Size: 15.97TB
Creation Time: 8/2/2022 01:39:25
Class: regular
Node Hosting the LUN: FsxId0b8f145a32d809221-01
QoS Policy Group: -
QoS Adaptive Policy Group: -
Caching Policy Name: -
Clone: false
Clone Autodelete Enabled: false
Inconsistent Import: false
Application: -
ZRTO Volume consensus: -
Vserver Name: sql-svm01
LUN Path: /vol/SQLCluster01/sqldata
Volume Name: SQLCluster01
Qtree Name: ""
LUN Name: sqldata
LUN Size: 399GB
OS Type: windows_2008
Space Reservation: enabled
Serial Number: lWB1i]TJrfuc
Serial Number (Hex): 6c574231695d544a72667563
Comment:
Space Reservations Honored: false
Space Allocation: disabled
State: online
LUN UUID: dda00503-363f-4cf3-b450-06ef6475cbd8
Mapped: mapped
Physical Size of Logical Block: 512B
Device Legacy ID: -
Device Binary ID: -
Device Text ID: -
Read Only: false
Fenced Due to Restore: false
Used Size: 197.2MB
Maximum Resize Size: 15.97TB
Creation Time: 8/2/2022 01:39:10
Class: regular
Node Hosting the LUN: FsxId0b8f145a32d809221-01
QoS Policy Group: -
QoS Adaptive Policy Group: -
Caching Policy Name: -
Clone: false
Clone Autodelete Enabled: false
Inconsistent Import: false
Application: -
ZRTO Volume consensus: -
Vserver Name: sql-svm01
LUN Path: /vol/SQLCluster01/sqllog
Volume Name: SQLCluster01
Qtree Name: ""
LUN Name: sqllog
LUN Size: 80GB
OS Type: windows_2008
Space Reservation: enabled
Serial Number: lWB1i]TJrfud
Serial Number (Hex): 6c574231695d544a72667564
Comment:
Space Reservations Honored: false
Space Allocation: disabled
State: online
LUN UUID: 55882dab-f3b1-4afc-bd72-b493e255ea77
Mapped: mapped
Physical Size of Logical Block: 512B
Device Legacy ID: -
Device Binary ID: -
Device Text ID: -
Read Only: false
Fenced Due to Restore: false
Used Size: 86.14MB
Maximum Resize Size: 15.97TB
Creation Time: 8/2/2022 01:39:18
Class: regular
Node Hosting the LUN: FsxId0b8f145a32d809221-01
QoS Policy Group: -
QoS Adaptive Policy Group: -
Caching Policy Name: -
Clone: false
Clone Autodelete Enabled: false
Inconsistent Import: false
Application: -
ZRTO Volume consensus: -
3 entries were displayed.
ニヤニヤしちゃいますね。
次にイニシエーターグループを確認します。
FsxId0b8f145a32d809221::> lun igroup show
Vserver Igroup Protocol OS Type Initiators
--------- ------------ -------- -------- ------------------------------------
sql-svm01 SQLigroup iscsi windows iqn.1991-05.com.microsoft:fciv9arshusnpxy
iqn.1991-05.com.microsoft:fcivamswhwgl9v1
# イニシエーターグループの詳細
FsxId0b8f145a32d809221::> lun igroup show -instance
Vserver Name: sql-svm01
Igroup Name: SQLigroup
Protocol: iscsi
OS Type: windows
Portset Binding Igroup: -
Igroup UUID: e46fc3f9-1203-11ed-a23a-25f39db72949
ALUA: true
Initiators: iqn.1991-05.com.microsoft:fciv9arshusnpxy (logged in)
iqn.1991-05.com.microsoft:fcivamswhwgl9v1 (logged in)
イニシエーターが2つあり、それぞれ接続していることが分かります。
最後にLUNとイニシエーターグループのマッピングを確認します。
FsxId0b8f145a32d809221::> lun mapping show
Vserver Path Igroup LUN ID Protocol
---------- ---------------------------------------- ------- ------ --------
sql-svm01 /vol/SQLCluster01/quorum SQLigroup 2 iscsi
sql-svm01 /vol/SQLCluster01/sqldata SQLigroup 0 iscsi
sql-svm01 /vol/SQLCluster01/sqllog SQLigroup 1 iscsi
3 entries were displayed.
# マッピングの詳細
FsxId0b8f145a32d809221::> lun mapping show -instance
Vserver Name: sql-svm01
LUN Path: /vol/SQLCluster01/quorum
Volume Name: SQLCluster01
Qtree Name: ""
LUN Name: quorum
Igroup Name: SQLigroup
Igroup OS Type: windows
Igroup Protocol Type: iscsi
LUN ID: 2
Portset Binding Igroup: -
ALUA: true
Initiators: iqn.1991-05.com.microsoft:fciv9arshusnpxy,
iqn.1991-05.com.microsoft:fcivamswhwgl9v1
LUN Node: FsxId0b8f145a32d809221-01
Reporting Nodes: FsxId0b8f145a32d809221-01, FsxId0b8f145a32d809221-02
Vserver Name: sql-svm01
LUN Path: /vol/SQLCluster01/sqldata
Volume Name: SQLCluster01
Qtree Name: ""
LUN Name: sqldata
Igroup Name: SQLigroup
Igroup OS Type: windows
Igroup Protocol Type: iscsi
LUN ID: 0
Portset Binding Igroup: -
ALUA: true
Initiators: iqn.1991-05.com.microsoft:fciv9arshusnpxy,
iqn.1991-05.com.microsoft:fcivamswhwgl9v1
LUN Node: FsxId0b8f145a32d809221-01
Reporting Nodes: FsxId0b8f145a32d809221-01, FsxId0b8f145a32d809221-02
Vserver Name: sql-svm01
LUN Path: /vol/SQLCluster01/sqllog
Volume Name: SQLCluster01
Qtree Name: ""
LUN Name: sqllog
Igroup Name: SQLigroup
Igroup OS Type: windows
Igroup Protocol Type: iscsi
LUN ID: 1
Portset Binding Igroup: -
ALUA: true
Initiators: iqn.1991-05.com.microsoft:fciv9arshusnpxy,
iqn.1991-05.com.microsoft:fcivamswhwgl9v1
LUN Node: FsxId0b8f145a32d809221-01
Reporting Nodes: FsxId0b8f145a32d809221-01, FsxId0b8f145a32d809221-02
3 entries were displayed.
DBとテーブルの作成
フェイルオーバーさせる前に、DBとテーブルを作成しておきます。
SQL Server Management Studio (SSMS)で、SQL Serverに接続します。
Object ExplorerのDatabase上で右クリックしてNew Databaseをクリックします。
DB名を入力してOKをクリックします。
DBを作成したら次にテーブルの作成です。
作成したDBのTable上で右クリックしてTableをクリックします。
カラムとテーブル名を指定してOKをクリックします。
Object Explorerに作成したテーブルのカラムが確認できました。
フェイルオーバー
マネージメントコンソールからCurrent Host ServerであるEC2インスタンスFCIVAmSWhwgL9V1を停止させます。
停止させると、数秒でCurrent Host ServerがFCIV9arshUSNpXyに変わり、IPアドレスは10.0.12.104`がアップになりました。
Cluster名のFCILZxZ47FrpFiEを名前解決すると10.0.12.104が帰ってきました。
> nslookup FCILZxZ47FrpFiE Server: corp.non-97.net Address: 10.0.5.1 Name: FCILZxZ47FrpFiE.corp.non-97.net Address: 10.0.12.104
アクティブノードになったFCIV9arshUSNpXyのドライブ一覧を確認すると、LドライブやQドライブ、Sドライブの確認できるようになりました。
> Get-PSDrive Name Used (GB) Free (GB) Provider Root CurrentLocation ---- --------- --------- -------- ---- --------------- Alias Alias C 36.77 63.23 FileSystem C:\ Users\admin Cert Certificate \ Env Environment Function Function HKCU Registry HKEY_CURRENT_USER HKLM Registry HKEY_LOCAL_MACHINE L 0.11 79.87 FileSystem L:\ Q 0.04 0.94 FileSystem Q:\ S 0.28 398.70 FileSystem S:\ Variable Variable WSMan WSMan
Failover Cluster Manager上ではFCIVAmSWhwgL9V1停止されていることを確認できます。
SSMSでSQL Serverに接続すると、作成していたDBやテーブルを確認できました。
これは便利。
私はMulti-AZ構成のブロックストレージを使えるFSx for ONTAPが大好きです
SQL Server Always On Failover Cluster Instanceの共有ストレージにAmazon FSx for NetApp ONTAPを使ってみました。
Launch Wizardを使えば3時間でクラスターの実装ができるのはかなりありがたいですね。
共有ストレージが単一障害点にならないのはMulti-AZ構成のブロックストレージを使えるFSx for ONTAPあってのものです。私はそんなFSx for ONTAPが大好きです
この記事が誰かの助けになれば幸いです。
以上、AWS事業本部 コンサルティング部の のんピ(@non____97)でした!
![[アップデート] EBSスナップショットとAMIのゴミ箱保持ルールの適用対象をタグで制御できるようになりました](https://images.ctfassets.net/ct0aopd36mqt/wp-thumbnail-bac3d29aa65f45576f73094798087ee5/039ad6f8a7d8f18da47986d21c447f48/amazon-ec2)
