Amazon FSx for NetApp ONTAPファイルシステムにEC2 Instance Connect Endpoint経由でSSH接続してみた
EC2 Instance Connect Endpointを使用すれば任意のIPアドレスに対してSSHとRDP接続できる
2024.11.02FSxNファイルシステムに接続するための踏み台サーバーを用意したくない
こんにちは、のんピ(@non____97)です。
皆さんはAmazon FSx for NetApp ONTAP(以降FSxN)ファイルシステムに接続するための踏み台サーバーを用意したくないなと思ったことはありますか? 私はあります。
今まで必要になったタイミングでAmazon Linux 2023の踏み台を起動していましたが、コストもかかりますし、何より面倒です。
ふと、EC2 Instance Connect(以降EIC)のAWS CLIコマンドリファレンスを眺めていいると、open-tunnelにてEC2インスタンスIDを示す--instance-idが必須オプションではないことを確認しました。
open-tunnel
[--instance-id <value>]
[--instance-connect-endpoint-id <value>]
[--instance-connect-endpoint-dns-name <value>]
[--private-ip-address <value>]
[--remote-port <value>]
[--local-port <value>]
[--max-tunnel-duration <value>]
[--max-websocket-connections <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]
open-tunnelの説明書きにもOpens a websocket tunnel to the specified EC2 Instance or private ip.とEC2インスタンス以外にもプライベートIPアドレスに接続できることが紹介されています。
であれば、FSxNファイルシステムに対してEIC Endpoint経由でアクセスできそうです。
実際にEIC Endpoint経由で接続できるか試してみました。
やってみた
検証環境
検証環境は以下のとおりです。
EC2 Instance Connect Endpointのセキュリティグループは、FSxNファイルシステムのセキュリティグループからTCP/22で許可されているものを選択しています。
EC2 Instance Connect Endpoint経由でFSxNファイルシステムに接続 (管理エンドポイント)
それでは早速EIC Endpoint経由でFSxNファイルシステムに接続しましょう。
EIC Endpoint経由で接続する際のAWS CLIのコマンドのフォーマットは以下のとおりです。
aws ec2-instance-connect open-tunnel \
--instance-connect-endpoint-id "<EIC EndpointのID>" \
--private-ip-address "<FSxNファイルシステムのIPアドレス>" \
--local-port "<ローカルポート>" \
--remote-port 22
こちらのコマンドを実行することで指定したローカルポートとFSxNファイルシステムのTCP/22との間にWebsocketのトンネルが開かれます。
接続先のIPアドレスをAWSマネジメントコンソールから確認しておきましょう。
管理エンドポイントのIPアドレス10.0.8.166のようですね。また、クラスター間エンドポイントのIPアドレス10.0.8.229と10.0.8.62でもFSxNファイルシステムにSSHで接続することは可能です。こちらは後ほど試します。
なお、FSxNファイルシステムのVPC外でDNS名を名前解決することはできません。
> dig management.fs-0e64a4f5386f74c87.fsx.us-east-1.amazonaws.com +short
> dig intercluster.fs-0e64a4f5386f74c87.fsx.us-east-1.amazonaws.com +short
実際にEC2 Instance Connect Endpoint経由でSSHしてみます。
まず、Websocketのトンネルを開きます。
> aws ec2-instance-connect open-tunnel \
--instance-connect-endpoint-id "eice-04e217ce6969ff225" \
--private-ip-address "10.0.8.166" \
--local-port "22222" \
--remote-port 22
Listening for connections on port 22222.
続いて、localhostのTCP/22222にSSHでアクセスします。
> ssh fsxadmin@localhost -p 22222
The authenticity of host '[localhost]:22222 ([127.0.0.1]:22222)' can't be established.
ED25519 key fingerprint is SHA256:nyePts9ZGyOQHQ7c/3ucUBmMXHpZlr09DKpbEiLqGGc.
This host key is known by the following other names/addresses:
~/.ssh/known_hosts:102: [localhost]:55522
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[localhost]:22222' (ED25519) to the list of known hosts.
(fsxadmin@localhost) Password:
Last login time: 10/25/2024 05:50:39
FsxId0e64a4f5386f74c87::> whoami
(security login whoami)
User: fsxadmin
Role: fsxadmin
FsxId0e64a4f5386f74c87::> version
NetApp Release 9.14.1P7: Thu Aug 01 03:07:44 UTC 2024
接続でき、問題なくコマンドを叩くことができました。
ちなみに接続したタイミングで、Websocketのトンネルを開いているターミナル側では以下のようなログが記録されていました。
[1] Accepted new tcp connection, opening websocket tunnel.
使用感としては若干タイプ時にラグがあるなと感じます。
EC2 Instance Connect Endpoint経由でFSxNファイルシステムに接続 (クラスター間エンドポイント)
せっかくなのでクラスター間エンドポイントのIPアドレスを指定した場合も接続できるかどうかも確認します。
裏側を見てみたい気分でもあるのでデバッグモードでWebsocketのトンネルを開きます。
> aws ec2-instance-connect open-tunnel \
--instance-connect-endpoint-id "eice-04e217ce6969ff225" \
--private-ip-address "10.0.8.229" \
--local-port "22222" \
--remote-port 22 \
--debug
2024-10-26 18:27:24,764 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/2.17.14 Python/3.11.9 Darwin/23.6.0 source/arm64
2024-10-26 18:27:24,765 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['ec2-instance-connect', 'open-tunnel', '--instance-connect-endpoint-id', 'eice-04e217ce6969ff225', '--private-ip-address', '10.0.8.229', '--local-port', '22222', '--remote-port', '22', '--debug']
2024-10-26 18:27:24,777 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_s3 at 0x10a6e3240>
2024-10-26 18:27:24,777 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_ddb at 0x10a3ee7a0>
2024-10-26 18:27:24,777 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method BasicCommand.add_command of <class 'awscli.customizations.configure.configure.ConfigureCommand'>>
2024-10-26 18:27:24,777 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function change_name at 0x10a367240>
2024-10-26 18:27:24,777 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function change_name at 0x10a390900>
2024-10-26 18:27:24,777 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function alias_opsworks_cm at 0x10a6f32e0>
2024-10-26 18:27:24,777 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_history_commands at 0x10a451800>
2024-10-26 18:27:24,777 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method BasicCommand.add_command of <class 'awscli.customizations.devcommands.CLIDevCommand'>>
2024-10-26 18:27:24,777 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_waiters at 0x10a6f22a0>
2024-10-26 18:27:24,777 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method AliasSubCommandInjector.on_building_command_table of <awscli.alias.AliasSubCommandInjector object at 0x10a7cd710>>
2024-10-26 18:27:24,777 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /opt/homebrew/Cellar/awscli/2.17.14/libexec/lib/python3.11/site-packages/awscli/data/cli.json
2024-10-26 18:27:24,778 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_types at 0x10a62d1c0>
2024-10-26 18:27:24,778 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function no_sign_request at 0x10a62d4e0>
2024-10-26 18:27:24,778 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_verify_ssl at 0x10a62d440>
2024-10-26 18:27:24,778 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_cli_read_timeout at 0x10a62d620>
2024-10-26 18:27:24,778 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_cli_connect_timeout at 0x10a62d580>
2024-10-26 18:27:24,778 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <built-in method update of dict object at 0x10a7c6800>
2024-10-26 18:27:24,779 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/2.17.14 Python/3.11.9 Darwin/23.6.0 source/arm64
2024-10-26 18:27:24,779 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['ec2-instance-connect', 'open-tunnel', '--instance-connect-endpoint-id', 'eice-04e217ce6969ff225', '--private-ip-address', '10.0.8.229', '--local-port', '22222', '--remote-port', '22', '--debug']
2024-10-26 18:27:24,779 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_timestamp_parser at 0x10a6e3c40>
2024-10-26 18:27:24,779 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function register_uri_param_handler at 0x109d8be20>
2024-10-26 18:27:24,779 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_binary_formatter at 0x10a77fb00>
2024-10-26 18:27:24,779 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function no_pager_handler at 0x109a83100>
2024-10-26 18:27:24,779 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_assume_role_provider_cache at 0x109d8fce0>
2024-10-26 18:27:24,780 - MainThread - botocore.utils - DEBUG - IMDS ENDPOINT: http://169.254.169.254/
2024-10-26 18:27:24,798 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function attach_history_handler at 0x10a450fe0>
2024-10-26 18:27:24,798 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_json_file_cache at 0x10a3e2840>
2024-10-26 18:27:24,810 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /opt/homebrew/Cellar/awscli/2.17.14/libexec/lib/python3.11/site-packages/awscli/botocore/data/ec2-instance-connect/2018-04-02/service-2.json
2024-10-26 18:27:24,810 - MainThread - botocore.hooks - DEBUG - Event building-command-table.ec2-instance-connect: calling handler <function inject_commands at 0x109a96b60>
2024-10-26 18:27:24,810 - MainThread - botocore.hooks - DEBUG - Event building-command-table.ec2-instance-connect: calling handler <function add_waiters at 0x10a6f22a0>
2024-10-26 18:27:24,821 - MainThread - botocore.hooks - DEBUG - Event building-command-table.ec2-instance-connect: calling handler <bound method AliasSubCommandInjector.on_building_command_table of <awscli.alias.AliasSubCommandInjector object at 0x10a7cd710>>
2024-10-26 18:27:24,822 - MainThread - botocore.hooks - DEBUG - Event building-command-table.ec2-instance-connect_open-tunnel: calling handler <function add_waiters at 0x10a6f22a0>
2024-10-26 18:27:24,822 - MainThread - botocore.hooks - DEBUG - Event building-command-table.ec2-instance-connect_open-tunnel: calling handler <bound method AliasSubCommandInjector.on_building_command_table of <awscli.alias.AliasSubCommandInjector object at 0x10a7cd710>>
2024-10-26 18:27:24,822 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.open-tunnel.instance-id: calling handler <awscli.paramfile.URIArgumentHandler object at 0x10a907890>
2024-10-26 18:27:24,822 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.open-tunnel.instance-connect-endpoint-id: calling handler <awscli.paramfile.URIArgumentHandler object at 0x10a907890>
2024-10-26 18:27:24,822 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.custom.open-tunnel: calling handler <awscli.argprocess.ParamShorthandParser object at 0x109abc410>
2024-10-26 18:27:24,822 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.open-tunnel.instance-connect-endpoint-dns-name: calling handler <awscli.paramfile.URIArgumentHandler object at 0x10a907890>
2024-10-26 18:27:24,822 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.open-tunnel.private-ip-address: calling handler <awscli.paramfile.URIArgumentHandler object at 0x10a907890>
2024-10-26 18:27:24,822 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.custom.open-tunnel: calling handler <awscli.argprocess.ParamShorthandParser object at 0x109abc410>
2024-10-26 18:27:24,822 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.open-tunnel.remote-port: calling handler <awscli.paramfile.URIArgumentHandler object at 0x10a907890>
2024-10-26 18:27:24,822 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.custom.open-tunnel: calling handler <awscli.argprocess.ParamShorthandParser object at 0x109abc410>
2024-10-26 18:27:24,822 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.open-tunnel.local-port: calling handler <awscli.paramfile.URIArgumentHandler object at 0x10a907890>
2024-10-26 18:27:24,822 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.custom.open-tunnel: calling handler <awscli.argprocess.ParamShorthandParser object at 0x109abc410>
2024-10-26 18:27:24,822 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.open-tunnel.max-tunnel-duration: calling handler <awscli.paramfile.URIArgumentHandler object at 0x10a907890>
2024-10-26 18:27:24,822 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.open-tunnel.max-websocket-connections: calling handler <awscli.paramfile.URIArgumentHandler object at 0x10a907890>
2024-10-26 18:27:24,822 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.custom.open-tunnel: calling handler <awscli.argprocess.ParamShorthandParser object at 0x109abc410>
2024-10-26 18:27:24,822 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: env
2024-10-26 18:27:24,822 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role
2024-10-26 18:27:24,822 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role-with-web-identity
2024-10-26 18:27:24,822 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: sso
2024-10-26 18:27:24,822 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: shared-credentials-file
2024-10-26 18:27:24,823 - MainThread - botocore.credentials - INFO - Found credentials in shared credentials file: ~/.aws/credentials
2024-10-26 18:27:24,823 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /opt/homebrew/Cellar/awscli/2.17.14/libexec/lib/python3.11/site-packages/awscli/botocore/data/endpoints.json
2024-10-26 18:27:24,829 - MainThread - botocore.hooks - DEBUG - Event choose-service-name: calling handler <function handle_service_name_alias at 0x1089d3ba0>
2024-10-26 18:27:24,831 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /opt/homebrew/Cellar/awscli/2.17.14/libexec/lib/python3.11/site-packages/awscli/botocore/data/ec2/2016-11-15/service-2.json
2024-10-26 18:27:24,859 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /opt/homebrew/Cellar/awscli/2.17.14/libexec/lib/python3.11/site-packages/awscli/botocore/data/ec2/2016-11-15/endpoint-rule-set-1.json
2024-10-26 18:27:24,860 - MainThread - botocore.loaders - DEBUG - Loading JSON file: /opt/homebrew/Cellar/awscli/2.17.14/libexec/lib/python3.11/site-packages/awscli/botocore/data/partitions.json
2024-10-26 18:27:24,865 - MainThread - botocore.hooks - DEBUG - Event creating-client-class.ec2: calling handler <function add_generate_presigned_url at 0x1088eb060>
2024-10-26 18:27:24,865 - MainThread - botocore.configprovider - DEBUG - Looking for endpoint for ec2 via: environment_service
2024-10-26 18:27:24,865 - MainThread - botocore.configprovider - DEBUG - Looking for endpoint for ec2 via: environment_global
2024-10-26 18:27:24,865 - MainThread - botocore.configprovider - DEBUG - Looking for endpoint for ec2 via: config_service
2024-10-26 18:27:24,865 - MainThread - botocore.configprovider - DEBUG - Looking for endpoint for ec2 via: config_global
2024-10-26 18:27:24,865 - MainThread - botocore.configprovider - DEBUG - No configured endpoint found.
2024-10-26 18:27:24,866 - MainThread - botocore.endpoint - DEBUG - Setting ec2 timeout as (60, 60)
2024-10-26 18:27:24,867 - MainThread - botocore.hooks - DEBUG - Event provide-client-params.ec2.DescribeInstanceConnectEndpoints: calling handler <function base64_decode_input_blobs at 0x10a77fba0>
2024-10-26 18:27:24,867 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.ec2.DescribeInstanceConnectEndpoints: calling handler <bound method ParameterAlias.alias_parameter_in_call of <botocore.handlers.ParameterAlias object at 0x1089fe090>>
2024-10-26 18:27:24,867 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.ec2.DescribeInstanceConnectEndpoints: calling handler <function generate_idempotent_uuid at 0x1089fa020>
2024-10-26 18:27:24,867 - MainThread - botocore.regions - DEBUG - Calling endpoint provider with parameters: {'Region': 'us-east-1', 'UseDualStack': False, 'UseFIPS': False}
2024-10-26 18:27:24,867 - MainThread - botocore.regions - DEBUG - Endpoint provider result: https://ec2.us-east-1.amazonaws.com
2024-10-26 18:27:24,867 - MainThread - botocore.hooks - DEBUG - Event before-call.ec2.DescribeInstanceConnectEndpoints: calling handler <function inject_api_version_header_if_needed at 0x1089fbb00>
2024-10-26 18:27:24,867 - MainThread - botocore.endpoint - DEBUG - Making request for OperationModel(name=DescribeInstanceConnectEndpoints) with params: {'url_path': '/', 'query_string': '', 'method': 'POST', 'headers': {'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8', 'User-Agent': 'aws-cli/2.17.14 md/awscrt#0.20.11 ua/2.0 os/macos#23.6.0 md/arch#arm64 lang/python#3.11.9 md/pyimpl#CPython cfg/retry-mode#standard md/installer#source md/prompt#off md/command#ec2-instance-connect.open-tunnel'}, 'body': {'Action': 'DescribeInstanceConnectEndpoints', 'Version': '2016-11-15', 'Filter.1.Name': 'state', 'Filter.1.Value.1': 'create-complete', 'InstanceConnectEndpointId.1': 'eice-04e217ce6969ff225'}, 'url': 'https://ec2.us-east-1.amazonaws.com/', 'context': {'client_region': 'us-east-1', 'client_config': <botocore.config.Config object at 0x10b8909d0>, 'has_streaming_input': False, 'auth_type': None}}
2024-10-26 18:27:24,867 - MainThread - botocore.hooks - DEBUG - Event request-created.ec2.DescribeInstanceConnectEndpoints: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x10b893ed0>>
2024-10-26 18:27:24,867 - MainThread - botocore.hooks - DEBUG - Event choose-signer.ec2.DescribeInstanceConnectEndpoints: calling handler <function set_operation_specific_signer at 0x1089f9ee0>
2024-10-26 18:27:24,868 - MainThread - botocore.credentials - DEBUG - Credentials for role retrieved from cache.
2024-10-26 18:27:24,868 - MainThread - botocore.credentials - DEBUG - Retrieved credentials will expire at: 2024-10-26 10:18:03+00:00
2024-10-26 18:27:24,868 - MainThread - botocore.auth - DEBUG - Calculating signature using v4 auth.
2024-10-26 18:27:24,868 - MainThread - botocore.auth - DEBUG - CanonicalRequest:
POST
/
content-type:application/x-www-form-urlencoded; charset=utf-8
host:ec2.us-east-1.amazonaws.com
x-amz-date:20241026T092724Z
x-amz-security-token:<セキュリティトークン>
content-type;host;x-amz-date;x-amz-security-token
587d64696a7c0525e50fd5d1d70e8637bd96baaaf36efe8b75398a2331f40591
2024-10-26 18:27:24,868 - MainThread - botocore.auth - DEBUG - StringToSign:
AWS4-HMAC-SHA256
20241026T092724Z
20241026/us-east-1/ec2/aws4_request
179ad65f3e680258233381bfb6811c68669bcb6434fedcde18fa0c7733bc8642
2024-10-26 18:27:24,868 - MainThread - botocore.auth - DEBUG - Signature:
d75fb858d3453725cf0e0d2aad7ee5e332810d5784901c2f2e084eb7c15ea0d2
2024-10-26 18:27:24,868 - MainThread - botocore.endpoint - DEBUG - Sending http request: <AWSPreparedRequest stream_output=False, method=POST, url=https://ec2.us-east-1.amazonaws.com/, headers={'Content-Type': b'application/x-www-form-urlencoded; charset=utf-8', 'User-Agent': b'aws-cli/2.17.14 md/awscrt#0.20.11 ua/2.0 os/macos#23.6.0 md/arch#arm64 lang/python#3.11.9 md/pyimpl#CPython cfg/retry-mode#standard md/installer#source md/prompt#off md/command#ec2-instance-connect.open-tunnel', 'X-Amz-Date': b'20241026T092724Z', 'X-Amz-Security-Token': b'<セキュリティトークン>', 'Authorization': b'AWS4-HMAC-SHA256 Credential=<アクセスキー>/20241026/us-east-1/ec2/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-security-token, Signature=d75fb858d3453725cf0e0d2aad7ee5e332810d5784901c2f2e084eb7c15ea0d2', 'Content-Length': '162'}>
2024-10-26 18:27:24,868 - MainThread - botocore.httpsession - DEBUG - Certificate path: /opt/homebrew/Cellar/awscli/2.17.14/libexec/lib/python3.11/site-packages/awscli/botocore/cacert.pem
2024-10-26 18:27:24,869 - MainThread - urllib3.connectionpool - DEBUG - Starting new HTTPS connection (1): ec2.us-east-1.amazonaws.com:443
2024-10-26 18:27:25,814 - MainThread - urllib3.connectionpool - DEBUG - https://ec2.us-east-1.amazonaws.com:443 "POST / HTTP/1.1" 200 None
2024-10-26 18:27:25,816 - MainThread - botocore.parsers - DEBUG - Response headers: {'x-amzn-RequestId': 'd3359ce4-d080-41b9-bb90-978da0f6d080', 'Cache-Control': 'no-cache, no-store', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains', 'vary': 'accept-encoding', 'Content-Type': 'text/xml;charset=UTF-8', 'Transfer-Encoding': 'chunked', 'Date': 'Sat, 26 Oct 2024 09:27:24 GMT', 'Server': 'AmazonEC2'}
2024-10-26 18:27:25,816 - MainThread - botocore.parsers - DEBUG - Response body:
b'<?xml version="1.0" encoding="UTF-8"?>\n<DescribeInstanceConnectEndpointsResponse xmlns="http://ec2.amazonaws.com/doc/2016-11-15/"><requestId>d3359ce4-d080-41b9-bb90-978da0f6d080</requestId><instanceConnectEndpointSet><item><availabilityZone>us-east-1a</availabilityZone><createdAt>2024-10-25T05:44:09.000Z</createdAt><dnsName>eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com</dnsName><fipsDnsName>eice-04e217ce6969ff225.b67b86ba.fips.ec2-instance-connect-endpoint.us-east-1.amazonaws.com</fipsDnsName><instanceConnectEndpointArn>arn:aws:ec2:us-east-1:<AWSアカウントID>:instance-connect-endpoint/eice-04e217ce6969ff225</instanceConnectEndpointArn><instanceConnectEndpointId>eice-04e217ce6969ff225</instanceConnectEndpointId><networkInterfaceIdSet><item>eni-0fb745bff82d78618</item></networkInterfaceIdSet><ownerId><AWSアカウントID></ownerId><preserveClientIp>false</preserveClientIp><securityGroupIdSet><item>sg-03730d9e2b49e7cbc</item></securityGroupIdSet><state>create-complete</state><stateMessage/><subnetId>subnet-0ddc1cafa116ba0dd</subnetId><tagSet/><vpcId>vpc-043c0858ea33e8ec2</vpcId></item></instanceConnectEndpointSet></DescribeInstanceConnectEndpointsResponse>'
2024-10-26 18:27:25,818 - MainThread - botocore.hooks - DEBUG - Event needs-retry.ec2.DescribeInstanceConnectEndpoints: calling handler <bound method RetryHandler.needs_retry of <botocore.retries.standard.RetryHandler object at 0x10b8f4bd0>>
2024-10-26 18:27:25,818 - MainThread - botocore.retries.standard - DEBUG - Not retrying request.
2024-10-26 18:27:25,818 - MainThread - botocore.hooks - DEBUG - Event after-call.ec2.DescribeInstanceConnectEndpoints: calling handler <bound method RetryQuotaChecker.release_retry_quota of <botocore.retries.standard.RetryQuotaChecker object at 0x10b893cd0>>
2024-10-26 18:27:25,818 - MainThread - awscli.customizations.ec2instanceconnect.opentunnel - DEBUG - Using endpoint dns: eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com
Listening for connections on port 22222.
この状態でlocalhostのTCP/22222にSSHでアクセスします。
> ssh fsxadmin@localhost -p 22222
(fsxadmin@localhost) Password:
Last login time: 10/26/2024 09:20:13
FsxId0e64a4f5386f74c87::>
はい、接続できました。
Websocketのトンネルを開いているターミナル側では以下のようなログが記録されていました。
[1] Accepted new tcp connection, opening websocket tunnel.
2024-10-26 18:28:04,116 - MainThread - botocore.hooks - DEBUG - Event choose-signer.ec2-instance-connect.openTunnel: calling handler <function set_operation_specific_signer at 0x1089f9ee0>
2024-10-26 18:28:04,117 - MainThread - botocore.auth - DEBUG - Calculating signature using v4 auth.
2024-10-26 18:28:04,117 - MainThread - botocore.auth - DEBUG - CanonicalRequest:
GET
/openTunnel
X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=<アクセスキー>%2F20241026%2Fus-east-1%2Fec2-instance-connect%2Faws4_request&X-Amz-Date=20241026T092804Z&X-Amz-Expires=60&X-Amz-Security-Token=<セキュリティトークン>&X-Amz-SignedHeaders=host&instanceConnectEndpointId=eice-04e217ce6969ff225&privateIpAddress=10.0.8.229&remotePort=22
host:eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com
host
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
2024-10-26 18:28:04,117 - MainThread - botocore.auth - DEBUG - StringToSign:
AWS4-HMAC-SHA256
20241026T092804Z
20241026/us-east-1/ec2-instance-connect/aws4_request
8fd2854753645f69fa795f08c0628dc61c23c37a4f3be91435f5ebc6c9a82e5c
2024-10-26 18:28:04,117 - MainThread - botocore.auth - DEBUG - Signature:
e42a7713eeb236be4d41b31f68405b660d7053e23805fb41c306461fa0df012b
[INFO] [2024-10-26T09:28:04Z] [00000001fff4cf40] [event-loop] - id=0x600001754190: Initializing edge-triggered kqueue
[INFO] [2024-10-26T09:28:04Z] [00000001fff4cf40] [event-loop] - id=0x600001754190: starting event-loop thread.
[INFO] [2024-10-26T09:28:04Z] [00000001fff4cf40] [event-loop] - id=0x600001754140: Initializing edge-triggered kqueue
[INFO] [2024-10-26T09:28:04Z] [00000001fff4cf40] [event-loop] - id=0x600001754140: starting event-loop thread.
[INFO] [2024-10-26T09:28:04Z] [000000016b2f3000] [event-loop] - id=0x600001754190: main loop started
[INFO] [2024-10-26T09:28:04Z] [00000001fff4cf40] [event-loop] - id=0x6000017542d0: Initializing edge-triggered kqueue
[INFO] [2024-10-26T09:28:04Z] [000000016b2f3000] [event-loop] - id=0x600001754190: default timeout 100s, and max events to process per tick 100
[INFO] [2024-10-26T09:28:04Z] [00000001fff4cf40] [event-loop] - id=0x6000017542d0: starting event-loop thread.
[INFO] [2024-10-26T09:28:04Z] [00000001fff4cf40] [event-loop] - id=0x600001754280: Initializing edge-triggered kqueue
[INFO] [2024-10-26T09:28:04Z] [000000016b40b000] [event-loop] - id=0x6000017542d0: main loop started
[INFO] [2024-10-26T09:28:04Z] [00000001fff4cf40] [event-loop] - id=0x600001754280: starting event-loop thread.
[INFO] [2024-10-26T09:28:04Z] [000000016b37f000] [event-loop] - id=0x600001754140: main loop started
[INFO] [2024-10-26T09:28:04Z] [000000016b40b000] [event-loop] - id=0x6000017542d0: default timeout 100s, and max events to process per tick 100
[INFO] [2024-10-26T09:28:04Z] [00000001fff4cf40] [event-loop] - id=0x600001754230: Initializing edge-triggered kqueue
[INFO] [2024-10-26T09:28:04Z] [00000001fff4cf40] [event-loop] - id=0x600001754230: starting event-loop thread.
[INFO] [2024-10-26T09:28:04Z] [000000016b497000] [event-loop] - id=0x600001754280: main loop started
[INFO] [2024-10-26T09:28:04Z] [000000016b37f000] [event-loop] - id=0x600001754140: default timeout 100s, and max events to process per tick 100
[INFO] [2024-10-26T09:28:04Z] [000000016b497000] [event-loop] - id=0x600001754280: default timeout 100s, and max events to process per tick 100
[INFO] [2024-10-26T09:28:04Z] [000000016b523000] [event-loop] - id=0x600001754230: main loop started
[INFO] [2024-10-26T09:28:04Z] [00000001fff4cf40] [dns] - id=0x600000158240: Initializing default host resolver with 16 max host entries.
[INFO] [2024-10-26T09:28:04Z] [000000016b523000] [event-loop] - id=0x600001754230: default timeout 100s, and max events to process per tick 100
[INFO] [2024-10-26T09:28:04Z] [00000001fff4cf40] [channel-bootstrap] - id=0x600001f48fc0: Initializing client bootstrap with event-loop group 0x600001050660
[DEBUG] [2024-10-26T09:28:04Z] [00000001fff4cf40] [channel-bootstrap] - id=0x600001f48fc0: acquiring bootstrap reference
[DEBUG] [2024-10-26T09:28:04Z] [00000001fff4cf40] [dns] - id=0x600000158240: Host resolution requested for eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com
[DEBUG] [2024-10-26T09:28:04Z] [00000001fff4cf40] [dns] - id=0x600000158240: No cached entries found for eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com starting new resolver thread.
[DEBUG] [2024-10-26T09:28:04Z] [000000016b5af000] [dns] - static: resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com
[DEBUG] [2024-10-26T09:28:04Z] [000000016b5af000] [dns] - static: resolved record: 34.236.93.117
[DEBUG] [2024-10-26T09:28:04Z] [000000016b5af000] [dns] - static: resolved record: 54.227.118.71
[DEBUG] [2024-10-26T09:28:04Z] [000000016b5af000] [dns] - static: resolved record: 3.232.117.217
[DEBUG] [2024-10-26T09:28:04Z] [000000016b5af000] [dns] - static, resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com successful, returned 3 addresses
[DEBUG] [2024-10-26T09:28:04Z] [000000016b5af000] [dns] - static: new address resolved 34.236.93.117 for host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com caching
[DEBUG] [2024-10-26T09:28:04Z] [000000016b5af000] [dns] - static: new address resolved 54.227.118.71 for host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com caching
[DEBUG] [2024-10-26T09:28:04Z] [000000016b5af000] [dns] - static: new address resolved 3.232.117.217 for host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com caching
[DEBUG] [2024-10-26T09:28:04Z] [000000016b5af000] [dns] - static, invoking resolution callback for host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com with 1 addresses
[DEBUG] [2024-10-26T09:28:04Z] [000000016b523000] [socket] - id=0x10fe4c8e0 fd=25: initializing with domain 0 and type 0
[DEBUG] [2024-10-26T09:28:04Z] [000000016b523000] [socket] - id=0x10fe4c8e0 fd=25: setting socket options to: keep-alive 0, keep idle 0, keep-alive interval 0, keep-alive probe count 0.
[DEBUG] [2024-10-26T09:28:04Z] [000000016b523000] [socket] - id=0x10fe4c8e0 fd=25: beginning connect.
[DEBUG] [2024-10-26T09:28:04Z] [000000016b523000] [socket] - id=0x10fe4c8e0 fd=25: connecting to endpoint 34.236.93.117:443.
[INFO] [2024-10-26T09:28:04Z] [000000016b523000] [socket] - id=0x10fe4c8e0 fd=25: connection success
[DEBUG] [2024-10-26T09:28:04Z] [000000016b523000] [socket] - id=0x10fe4c8e0 fd=25: assigning to event loop 0x600001754230
[DEBUG] [2024-10-26T09:28:04Z] [000000016b523000] [channel-bootstrap] - id=0x600001f48fc0: client connection on socket 0x10fe4c8e0 completed with error 0.
[DEBUG] [2024-10-26T09:28:04Z] [000000016b523000] [channel] - id=0x10a545e30: Beginning creation and setup of new channel.
[DEBUG] [2024-10-26T09:28:04Z] [000000016b523000] [channel] - id=0x10a545e30: setup complete, notifying caller.
[DEBUG] [2024-10-26T09:28:04Z] [000000016b523000] [channel] - id=0x10a545e30: no message pool is currently stored in the event-loop local storage, adding 0x600000540780 with max message size 16384, message count 4, with 4 small blocks of 128 bytes.
[DEBUG] [2024-10-26T09:28:04Z] [000000016b523000] [channel-bootstrap] - id=0x600001f48fc0: channel 0x10a545e30 setup succeeded: bootstrapping.
[DEBUG] [2024-10-26T09:28:04Z] [000000016b523000] [socket-handler] - id=0x1411770e0: Socket handler created with max_read_size of 16384
[DEBUG] [2024-10-26T09:28:04Z] [000000016b523000] [tls-handler] - id=0x10a546140: negotiation succeeded
[DEBUG] [2024-10-26T09:28:04Z] [000000016b523000] [tls-handler] - id=0x10a546140: Remote Server Name: eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com
[DEBUG] [2024-10-26T09:28:04Z] [000000016b523000] [channel-bootstrap] - id=0x600001f48fc0: tls negotiation result 0 on channel 0x10a545e30
[INFO] [2024-10-26T09:28:04Z] [000000016b523000] [http-connection] - id=0x104f10240: HTTP/1.1 client connection established.
[DEBUG] [2024-10-26T09:28:04Z] [000000016b523000] [http-stream] - id=0x104f11f50: Created client request on connection=0x104f10240: GET /openTunnel?instanceConnectEndpointId=eice-04e217ce6969ff225&remotePort=22&privateIpAddress=10.0.8.229&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=<アクセスキー>%2F20241026%2Fus-east-1%2Fec2-instance-connect%2Faws4_request&X-Amz-Date=20241026T092804Z&X-Amz-Expires=60&X-Amz-SignedHeaders=host&X-Amz-Security-Token=<セキュリティトークン>&X-Amz-Signature=e42a7713eeb236be4d41b31f68405b660d7053e23805fb41c306461fa0df012b HTTP/1.1
[DEBUG] [2024-10-26T09:28:05Z] [000000016b5af000] [dns] - static: resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com
[DEBUG] [2024-10-26T09:28:05Z] [000000016b523000] [websocket] - id=0x10600fa00: Websocket client connection established.
2024-10-26 18:28:05,136 - Dummy-1 - awscli.customizations.ec2instanceconnect.websocket - DEBUG - OpenTunnel RequestId: c6031802-0565-4ef2-8485-d27af28f4860
[DEBUG] [2024-10-26T09:28:05Z] [000000016b5af000] [dns] - static: resolved record: 54.227.118.71
[DEBUG] [2024-10-26T09:28:05Z] [000000016b5af000] [dns] - static: resolved record: 3.232.117.217
[DEBUG] [2024-10-26T09:28:05Z] [000000016b5af000] [dns] - static: resolved record: 34.236.93.117
[DEBUG] [2024-10-26T09:28:05Z] [000000016b5af000] [dns] - static, resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com successful, returned 3 addresses
[DEBUG] [2024-10-26T09:28:05Z] [000000016c647000] [websocket] - id=0x10600fa00: Enqueuing outgoing frame with opcode=2(binary) length=21 fin=T
[DEBUG] [2024-10-26T09:28:05Z] [000000016c647000] [websocket] - id=0x10600fa00: Enqueuing outgoing frame with opcode=2(binary) length=1536 fin=T
[DEBUG] [2024-10-26T09:28:05Z] [000000016c647000] [websocket] - id=0x10600fa00: Enqueuing outgoing frame with opcode=2(binary) length=48 fin=T
[DEBUG] [2024-10-26T09:28:05Z] [000000016c647000] [websocket] - id=0x10600fa00: Enqueuing outgoing frame with opcode=2(binary) length=16 fin=T
[DEBUG] [2024-10-26T09:28:05Z] [000000016c647000] [websocket] - id=0x10600fa00: Enqueuing outgoing frame with opcode=2(binary) length=44 fin=T
[DEBUG] [2024-10-26T09:28:05Z] [000000016c647000] [websocket] - id=0x10600fa00: Enqueuing outgoing frame with opcode=2(binary) length=60 fin=T
[DEBUG] [2024-10-26T09:28:06Z] [000000016c647000] [websocket] - id=0x10600fa00: Enqueuing outgoing frame with opcode=2(binary) length=92 fin=T
[DEBUG] [2024-10-26T09:28:06Z] [000000016b5af000] [dns] - static: resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com
[DEBUG] [2024-10-26T09:28:06Z] [000000016b5af000] [dns] - static: resolved record: 54.227.118.71
[DEBUG] [2024-10-26T09:28:06Z] [000000016b5af000] [dns] - static: resolved record: 3.232.117.217
[DEBUG] [2024-10-26T09:28:06Z] [000000016b5af000] [dns] - static: resolved record: 34.236.93.117
[DEBUG] [2024-10-26T09:28:06Z] [000000016b5af000] [dns] - static, resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com successful, returned 3 addresses
[DEBUG] [2024-10-26T09:28:07Z] [000000016b5af000] [dns] - static: resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com
[DEBUG] [2024-10-26T09:28:07Z] [000000016b5af000] [dns] - static: resolved record: 54.227.118.71
[DEBUG] [2024-10-26T09:28:07Z] [000000016b5af000] [dns] - static: resolved record: 3.232.117.217
[DEBUG] [2024-10-26T09:28:07Z] [000000016b5af000] [dns] - static: resolved record: 34.236.93.117
[DEBUG] [2024-10-26T09:28:07Z] [000000016b5af000] [dns] - static, resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com successful, returned 3 addresses
[DEBUG] [2024-10-26T09:28:08Z] [000000016b5af000] [dns] - static: resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com
[DEBUG] [2024-10-26T09:28:08Z] [000000016b5af000] [dns] - static: resolved record: 54.227.118.71
[DEBUG] [2024-10-26T09:28:08Z] [000000016b5af000] [dns] - static: resolved record: 3.232.117.217
[DEBUG] [2024-10-26T09:28:08Z] [000000016b5af000] [dns] - static: resolved record: 34.236.93.117
[DEBUG] [2024-10-26T09:28:08Z] [000000016b5af000] [dns] - static, resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com successful, returned 3 addresses
[DEBUG] [2024-10-26T09:28:09Z] [000000016b5af000] [dns] - static: resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com
[DEBUG] [2024-10-26T09:28:09Z] [000000016b5af000] [dns] - static: resolved record: 54.227.118.71
[DEBUG] [2024-10-26T09:28:09Z] [000000016b5af000] [dns] - static: resolved record: 3.232.117.217
[DEBUG] [2024-10-26T09:28:09Z] [000000016b5af000] [dns] - static: resolved record: 34.236.93.117
[DEBUG] [2024-10-26T09:28:09Z] [000000016b5af000] [dns] - static, resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com successful, returned 3 addresses
[DEBUG] [2024-10-26T09:28:10Z] [000000016b5af000] [dns] - static: resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com
[DEBUG] [2024-10-26T09:28:10Z] [000000016b5af000] [dns] - static: resolved record: 54.227.118.71
[DEBUG] [2024-10-26T09:28:10Z] [000000016b5af000] [dns] - static: resolved record: 3.232.117.217
[DEBUG] [2024-10-26T09:28:10Z] [000000016b5af000] [dns] - static: resolved record: 34.236.93.117
[DEBUG] [2024-10-26T09:28:10Z] [000000016b5af000] [dns] - static, resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com successful, returned 3 addresses
[DEBUG] [2024-10-26T09:28:11Z] [000000016b5af000] [dns] - static: resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com
[DEBUG] [2024-10-26T09:28:11Z] [000000016b5af000] [dns] - static: resolved record: 54.227.118.71
[DEBUG] [2024-10-26T09:28:11Z] [000000016b5af000] [dns] - static: resolved record: 3.232.117.217
[DEBUG] [2024-10-26T09:28:11Z] [000000016b5af000] [dns] - static: resolved record: 34.236.93.117
[DEBUG] [2024-10-26T09:28:11Z] [000000016b5af000] [dns] - static, resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com successful, returned 3 addresses
[DEBUG] [2024-10-26T09:28:12Z] [000000016b5af000] [dns] - static: resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com
[DEBUG] [2024-10-26T09:28:12Z] [000000016b5af000] [dns] - static: resolved record: 54.227.118.71
[DEBUG] [2024-10-26T09:28:12Z] [000000016b5af000] [dns] - static: resolved record: 3.232.117.217
[DEBUG] [2024-10-26T09:28:12Z] [000000016b5af000] [dns] - static: resolved record: 34.236.93.117
[DEBUG] [2024-10-26T09:28:12Z] [000000016b5af000] [dns] - static, resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com successful, returned 3 addresses
[DEBUG] [2024-10-26T09:28:13Z] [000000016b5af000] [dns] - static: resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com
[DEBUG] [2024-10-26T09:28:13Z] [000000016b5af000] [dns] - static: resolved record: 54.227.118.71
[DEBUG] [2024-10-26T09:28:13Z] [000000016b5af000] [dns] - static: resolved record: 3.232.117.217
[DEBUG] [2024-10-26T09:28:13Z] [000000016b5af000] [dns] - static: resolved record: 34.236.93.117
[DEBUG] [2024-10-26T09:28:13Z] [000000016b5af000] [dns] - static, resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com successful, returned 3 addresses
[DEBUG] [2024-10-26T09:28:13Z] [000000016c647000] [websocket] - id=0x10600fa00: Enqueuing outgoing frame with opcode=2(binary) length=76 fin=T
[DEBUG] [2024-10-26T09:28:13Z] [000000016c647000] [websocket] - id=0x10600fa00: Enqueuing outgoing frame with opcode=2(binary) length=76 fin=T
[DEBUG] [2024-10-26T09:28:13Z] [000000016c647000] [websocket] - id=0x10600fa00: Enqueuing outgoing frame with opcode=2(binary) length=104 fin=T
[DEBUG] [2024-10-26T09:28:13Z] [000000016c647000] [websocket] - id=0x10600fa00: Enqueuing outgoing frame with opcode=2(binary) length=572 fin=T
[DEBUG] [2024-10-26T09:28:14Z] [000000016b5af000] [dns] - static: resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com
[DEBUG] [2024-10-26T09:28:14Z] [000000016b5af000] [dns] - static: resolved record: 54.227.118.71
[DEBUG] [2024-10-26T09:28:14Z] [000000016b5af000] [dns] - static: resolved record: 3.232.117.217
[DEBUG] [2024-10-26T09:28:14Z] [000000016b5af000] [dns] - static: resolved record: 34.236.93.117
[DEBUG] [2024-10-26T09:28:14Z] [000000016b5af000] [dns] - static, resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com successful, returned 3 addresses
[DEBUG] [2024-10-26T09:28:15Z] [000000016b5af000] [dns] - static: resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com
[DEBUG] [2024-10-26T09:28:15Z] [000000016b5af000] [dns] - static: resolved record: 54.227.118.71
[DEBUG] [2024-10-26T09:28:15Z] [000000016b5af000] [dns] - static: resolved record: 3.232.117.217
[DEBUG] [2024-10-26T09:28:15Z] [000000016b5af000] [dns] - static: resolved record: 34.236.93.117
[DEBUG] [2024-10-26T09:28:15Z] [000000016b5af000] [dns] - static, resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com successful, returned 3 addresses
[DEBUG] [2024-10-26T09:28:16Z] [000000016b5af000] [dns] - static: resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com
.
.
(中略)
.
.
[DEBUG] [2024-10-26T09:28:33Z] [000000016b5af000] [dns] - static: resolved record: 54.227.118.71
[DEBUG] [2024-10-26T09:28:33Z] [000000016b5af000] [dns] - static: resolved record: 3.232.117.217
[DEBUG] [2024-10-26T09:28:33Z] [000000016b5af000] [dns] - static: resolved record: 34.236.93.117
[DEBUG] [2024-10-26T09:28:33Z] [000000016b5af000] [dns] - static, resolving host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com successful, returned 3 addresses
[DEBUG] [2024-10-26T09:28:34Z] [000000016b5af000] [dns] - static: Either no requests have been made for an address for eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com for the duration of the ttl, or this thread is being forcibly shutdown. Killing thread.
[DEBUG] [2024-10-26T09:28:34Z] [000000016b5af000] [dns] - static: purging address 34.236.93.117 for host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com from the cache due to cache eviction or shutdown
[DEBUG] [2024-10-26T09:28:34Z] [000000016b5af000] [dns] - static: purging address 3.232.117.217 for host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com from the cache due to cache eviction or shutdown
[DEBUG] [2024-10-26T09:28:34Z] [000000016b5af000] [dns] - static: purging address 54.227.118.71 for host eice-04e217ce6969ff225.b67b86ba.ec2-instance-connect-endpoint.us-east-1.amazonaws.com from the cache due to cache eviction or shutdown
ログ内にもwebsocketという文字列を確認できますね。
また、SSHしているターミナルで何かキーボードでタイプする度に以下ログが出力されていました。
[DEBUG] [2024-10-26T09:28:49Z] [000000016c647000] [websocket] - id=0x10600fa00: Enqueuing outgoing frame with opcode=2(binary) length=28 fin=T
EC2 Instance Connect Endpointを使用すれば任意のIPアドレスに対してSSHとRDP接続できる
Amazon FSx for NetApp ONTAPファイルシステムにEC2 Instance Connect Endpoint経由で接続してみました。
詳細なログの記載は省略しますが、SVMの管理IPアドレスに対しても接続することができました。
EC2 Instance Connect Endpointを使用すれば任意のIPアドレスに対してSSHできることが分かりました。FSxNファイルシステムやSVMに対してサクッとONTAP CLIで操作したい場合はEIC Endpointで接続する形で十分かなと思います。
この記事が誰かの助けになれば幸いです。
以上、AWS事業本部 コンサルティング部の のんピ(@non____97)でした!
