SQL Server Always On Failover Cluster Instanceの共有ストレージにAmazon FSx for NetApp ONTAPを使ってみた

私はMulti-AZ構成のブロックストレージを使えるFSx for ONTAPが大好きです
2022.08.05

この記事は公開されてから1年以上経過しています。情報が古い可能性がありますので、ご注意ください。

HAクラスターはロマン

こんにちは、のんピ(@non____97)です。

皆さんはHAクラスターにロマンを感じますか? 私は感じます。

以前、RHELのHigh Availability Add-Onでクラスターを構成しましたが、その時も興奮してしまいました。

そんな折、AWS Launch Wizard が Amazon FSx for NetApp ONTAP を使用した SQL Server のデプロイのサポートをしたとアナウンスがありました。

AWS Launch Wizard が Amazon FSx for NetApp ONTAP を使用した SQL Server のデプロイのサポートを開始

以下記事やAWS公式ブログでも紹介されていますが、SQL Server Always On Failover Cluster Instance (以降FCI)の構築の道のりは結構長いです。

これがLaunch Wizardで簡単にデプロイできるとなると非常に嬉しいですね。

実際に試してみたので紹介します。

Alywas On FCI自体の詳細については以下Microsoftのドキュメントをご覧ください。

Launch Wizardアプリケーションの作成

早速Launch WizardでSQL Server FCIを構築していきます。

Launch WizardのコンソールからChoose applicationをクリックします。

Choose application

SQL Serverを選択して、Create deploymentをクリックします。

Create deployment

使用するIAMロールAmazonEC2RoleForLaunchWizardの確認をしてNextをクリックします。

Review Permissions

AmazonEC2RoleForLaunchWizardにはマネージドポリシーのAmazonSSMManagedInstanceCoreAmazonEC2RolePolicyForLaunchWizardがアタッチされていました。

以降各種設定を行います。

Always On Failover Cluster Instanceを選択し、共有ストレージとして、Amazon FSx for NetApp ONTAPを選択します。

Deployment model

デプロイ名やSNS、CloudWatch Logs、AWS Service Catalogの設定をします。

General

接続周りの設定をします。今回はVPCも一緒に作成してもらいます。

Connectivity

ADの設定をします。

Active Directory

SQL Serverの設定をします。AMIはSQL Server Standardが含まれるAMIにしました。

SQL Server

次にEC2インスタンスやFSx for ONTAPなどワークロードのスペックを設定します。

インスタンスタイプはc6a.xlargeにして、ストレージサイズは下限の1024GBにしました。LUNのサイズはストレージサイズに応じて自動で設定されます。

Storage and compute and Estimated on-demand cost to deploy additional resources

設定した値に問題ないことを確認して、Deployをクリックします。

Review and deploy

デプロイが始まると、StatusがIn Progressになりました。

FCIの確認_Deployment events

設定値も確認できます。

FCIの確認_Configuration summary

3時間ほど待つと、StatusがCompletedになりました。

Completed

SNSの設定をしたので、完了したタイミングで以下のメッセージのメールが飛んできました。

{
  "applicationId": "SQLHAFCIONTAP",
  "applicationName": "FCI",
  "applicationStatus": "COMPLETED",
  "serviceName": "AWS Launch Wizard",
  "statusMessage": "Application provisioned successfully.",
  "saveDeploymentStatus": "Successfully saved deployment to Service Catalog. Product Id is prod-uw37w7iivusci",
  "timeStamp": "2022-08-02T02:48:24.962Z"
}

AWS Service Catalog用に指定したS3バケットを確認すると、CloudFormationのテンプレートや設定用のスクリプトが保存されていました。

> tree
.
└── FCI
    ├── FCI-1659408433983
    │   ├── FCI-SQLHAFCIONTAP-template.json
    │   └── sql
    │       ├── DSC.zip
    │       ├── DSC.zip.sig
    │       ├── Installer
    │       │   ├── WMF51.zip
    │       │   ├── WMF51.zip.sig
    │       │   ├── powershell.zip
    │       │   ├── powershell.zip.sig
    │       │   ├── sqlspcu.zip
    │       │   └── sqlspcu.zip.sig
    │       ├── modules
    │       │   ├── AWSLaunchWizardForCFN.zip
    │       │   ├── AWSLaunchWizardForCFN.zip.sig
    │       │   ├── AWSLaunchWizardForSSM.zip
    │       │   ├── AWSLaunchWizardForSSM.zip.sig
    │       │   ├── AmznFailoverCluster.zip
    │       │   └── AmznFailoverCluster.zip.sig
    │       ├── scripts
    │       │   ├── Unzip-Archive.ps1
    │       │   ├── Verify-Signature.ps1
    │       │   ├── common.zip
    │       │   ├── common.zip.sig
    │       │   ├── sqlfci.zip
    │       │   ├── sqlfci.zip.sig
    │       │   ├── sqlha.zip
    │       │   ├── sqlha.zip.sig
    │       │   ├── sqlontap.zip
    │       │   └── sqlontap.zip.sig
    │       └── templates
    │           ├── ad.template
    │           ├── adfci.template
    │           ├── aws-vpc.template
    │           ├── rdgw-domain-fci.template
    │           ├── rdgw-domain.template
    │           ├── sql-windows-fci-ontap.template
    │           ├── sql-windows-fci.template
    │           ├── sql-windows-single-node.template
    │           ├── sql.template
    │           └── sqlha-master.template
    └── LaunchWizard-TestObject

7 directories, 36 files

作成されたAWSリソースの確認

CloudFormationスタック

Launch Wizardによる各種リソースのデプロイが完了したので、デプロイされたリソースを確認していきます。

まず、CloudFormationのスタックを確認します。

スタック一覧を確認するとスタックが4つ作成され、その内3つはネストされたスタックでした。

LaunchWizard-FCI

それぞれVPC、AD、SQL Server周りとスタックが分かれているようです。

VPCのスタックで作成されたリソースは以下の通りです。特に珍しいリソースは定義されていないようですね。

LaunchWizard-FCI-VPCStack-343HLM475QMN

ADのスタックで作成されたリソースは以下の通りです。Managed Microsoft ADのみ作成したようです。

LaunchWizard-FCI-ADStack-1DBE3UTHXEUDO

SQL Server周りのスタックで作成されたリソースは以下の通りです。SQL ServerのEC2インスタンスや、FSx for ONTAP、各種認証情報用のSecrets Managerなどが作成されました。

LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L

VPC

作成されたVPCを確認します。

$ vpc_id=vpc-0026585a9c8fcb68b

$ aws ec2 describe-vpcs \
    --vpc-ids "$vpc_id"
{
    "Vpcs": [
        {
            "CidrBlock": "10.0.0.0/16",
            "DhcpOptionsId": "dopt-0562e91403a120f09",
            "State": "available",
            "VpcId": "vpc-0026585a9c8fcb68b",
            "OwnerId": "<AWSアカウントID>",
            "InstanceTenancy": "default",
            "CidrBlockAssociationSet": [
                {
                    "AssociationId": "vpc-cidr-assoc-0229a3ac07d0f8ab0",
                    "CidrBlock": "10.0.0.0/16",
                    "CidrBlockState": {
                        "State": "associated"
                    }
                }
            ],
            "IsDefault": false,
            "Tags": [
                {
                    "Key": "SourceTemplate",
                    "Value": "AWSLaunchWizard"
                },
                {
                    "Key": "aws:cloudformation:stack-name",
                    "Value": "LaunchWizard-FCI-VPCStack-343HLM475QMN"
                },
                {
                    "Key": "aws:cloudformation:stack-id",
                    "Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-VPCStack-343HLM475QMN/48612860-11f5-11ed-b9ff-0a0c71e6a93f"
                },
                {
                    "Key": "LaunchWizardResourceGroupID",
                    "Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
                },
                {
                    "Key": "LaunchWizardApplicationType",
                    "Value": "SQL_SERVER"
                },
                {
                    "Key": "aws:cloudformation:logical-id",
                    "Value": "VPC"
                },
                {
                    "Key": "Name",
                    "Value": "FCI-VPC"
                }
            ]
        }
    ]
}

VPCのCIDRが10.0.0.0/16と贅沢な割り当て方をしています。Direct ConnectやVPCピアリングなどで他のネットワークと接続する場合は重複しないように気をつける必要がありますね。

DHCP Option Sets

DHCP Option Setsの確認をします。

$ aws ec2 describe-dhcp-options \
    --dhcp-options-ids dopt-0562e91403a120f09
{
    "DhcpOptions": [
        {
            "DhcpConfigurations": [
                {
                    "Key": "domain-name",
                    "Values": [
                        {
                            "Value": "ec2.internal"
                        }
                    ]
                },
                {
                    "Key": "domain-name-servers",
                    "Values": [
                        {
                            "Value": "AmazonProvidedDNS"
                        }
                    ]
                }
            ],
            "DhcpOptionsId": "dopt-0562e91403a120f09",
            "OwnerId": "<AWSアカウントID>",
            "Tags": [
                {
                    "Key": "LaunchWizardApplicationType",
                    "Value": "SQL_SERVER"
                },
                {
                    "Key": "aws:cloudformation:logical-id",
                    "Value": "DHCPOptions"
                },
                {
                    "Key": "LaunchWizardResourceGroupID",
                    "Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
                },
                {
                    "Key": "aws:cloudformation:stack-id",
                    "Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-VPCStack-343HLM475QMN/48612860-11f5-11ed-b9ff-0a0c71e6a93f"
                },
                {
                    "Key": "SourceTemplate",
                    "Value": "AWSLaunchWizard"
                },
                {
                    "Key": "aws:cloudformation:stack-name",
                    "Value": "LaunchWizard-FCI-VPCStack-343HLM475QMN"
                }
            ]
        }
    ]
}

ドメイン名やDNSサーバーはManaged Microsoft ADに設定したドメイン名やドメインコントローラーのIPアドレスに設定されていないので注意が必要です。

Subnet

サブネットの確認をします。

長過ぎたので折りたたみます。

Subnet (折りたたみ)
$ aws ec2 describe-subnets \
    --filters Name=vpc-id,Values="$vpc_id"
{
    "Subnets": [
        {
            "AvailabilityZone": "us-east-1a",
            "AvailabilityZoneId": "use1-az6",
            "AvailableIpAddressCount": 4085,
            "CidrBlock": "10.0.0.0/20",
            "DefaultForAz": false,
            "MapPublicIpOnLaunch": false,
            "MapCustomerOwnedIpOnLaunch": false,
            "State": "available",
            "SubnetId": "subnet-0c5d66ec1307e28fc",
            "VpcId": "vpc-0026585a9c8fcb68b",
            "OwnerId": "<AWSアカウントID>",
            "AssignIpv6AddressOnCreation": false,
            "Ipv6CidrBlockAssociationSet": [],
            "Tags": [
                {
                    "Key": "LaunchWizardApplicationType",
                    "Value": "SQL_SERVER"
                },
                {
                    "Key": "aws:cloudformation:logical-id",
                    "Value": "PrivateSubnet1"
                },
                {
                    "Key": "aws:cloudformation:stack-name",
                    "Value": "LaunchWizard-FCI-VPCStack-343HLM475QMN"
                },
                {
                    "Key": "Name",
                    "Value": "Private subnet 1"
                },
                {
                    "Key": "aws:cloudformation:stack-id",
                    "Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-VPCStack-343HLM475QMN/48612860-11f5-11ed-b9ff-0a0c71e6a93f"
                },
                {
                    "Key": "LaunchWizardResourceGroupID",
                    "Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
                },
                {
                    "Key": "SourceTemplate",
                    "Value": "AWSLaunchWizard"
                }
            ],
            "SubnetArn": "arn:aws:ec2:us-east-1:<AWSアカウントID>:subnet/subnet-0c5d66ec1307e28fc",
            "EnableDns64": false,
            "Ipv6Native": false,
            "PrivateDnsNameOptionsOnLaunch": {
                "HostnameType": "ip-name",
                "EnableResourceNameDnsARecord": false,
                "EnableResourceNameDnsAAAARecord": false
            }
        },
        {
            "AvailabilityZone": "us-east-1a",
            "AvailabilityZoneId": "use1-az6",
            "AvailableIpAddressCount": 4090,
            "CidrBlock": "10.0.128.0/20",
            "DefaultForAz": false,
            "MapPublicIpOnLaunch": true,
            "MapCustomerOwnedIpOnLaunch": false,
            "State": "available",
            "SubnetId": "subnet-0ab094df0b881a9d7",
            "VpcId": "vpc-0026585a9c8fcb68b",
            "OwnerId": "<AWSアカウントID>",
            "AssignIpv6AddressOnCreation": false,
            "Ipv6CidrBlockAssociationSet": [],
            "Tags": [
                {
                    "Key": "LaunchWizardApplicationType",
                    "Value": "SQL_SERVER"
                },
                {
                    "Key": "aws:cloudformation:stack-id",
                    "Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-VPCStack-343HLM475QMN/48612860-11f5-11ed-b9ff-0a0c71e6a93f"
                },
                {
                    "Key": "aws:cloudformation:logical-id",
                    "Value": "PublicSubnet1"
                },
                {
                    "Key": "aws:cloudformation:stack-name",
                    "Value": "LaunchWizard-FCI-VPCStack-343HLM475QMN"
                },
                {
                    "Key": "SourceTemplate",
                    "Value": "AWSLaunchWizard"
                },
                {
                    "Key": "Name",
                    "Value": "Public subnet 1"
                },
                {
                    "Key": "LaunchWizardResourceGroupID",
                    "Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
                }
            ],
            "SubnetArn": "arn:aws:ec2:us-east-1:<AWSアカウントID>:subnet/subnet-0ab094df0b881a9d7",
            "EnableDns64": false,
            "Ipv6Native": false,
            "PrivateDnsNameOptionsOnLaunch": {
                "HostnameType": "ip-name",
                "EnableResourceNameDnsARecord": false,
                "EnableResourceNameDnsAAAARecord": false
            }
        },
        {
            "AvailabilityZone": "us-east-1b",
            "AvailabilityZoneId": "use1-az1",
            "AvailableIpAddressCount": 4085,
            "CidrBlock": "10.0.16.0/20",
            "DefaultForAz": false,
            "MapPublicIpOnLaunch": false,
            "MapCustomerOwnedIpOnLaunch": false,
            "State": "available",
            "SubnetId": "subnet-0295427b95b9c2831",
            "VpcId": "vpc-0026585a9c8fcb68b",
            "OwnerId": "<AWSアカウントID>",
            "AssignIpv6AddressOnCreation": false,
            "Ipv6CidrBlockAssociationSet": [],
            "Tags": [
                {
                    "Key": "Name",
                    "Value": "Private subnet 2"
                },
                {
                    "Key": "aws:cloudformation:stack-id",
                    "Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-VPCStack-343HLM475QMN/48612860-11f5-11ed-b9ff-0a0c71e6a93f"
                },
                {
                    "Key": "LaunchWizardApplicationType",
                    "Value": "SQL_SERVER"
                },
                {
                    "Key": "aws:cloudformation:logical-id",
                    "Value": "PrivateSubnet2"
                },
                {
                    "Key": "aws:cloudformation:stack-name",
                    "Value": "LaunchWizard-FCI-VPCStack-343HLM475QMN"
                },
                {
                    "Key": "SourceTemplate",
                    "Value": "AWSLaunchWizard"
                },
                {
                    "Key": "LaunchWizardResourceGroupID",
                    "Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
                }
            ],
            "SubnetArn": "arn:aws:ec2:us-east-1:<AWSアカウントID>:subnet/subnet-0295427b95b9c2831",
            "EnableDns64": false,
            "Ipv6Native": false,
            "PrivateDnsNameOptionsOnLaunch": {
                "HostnameType": "ip-name",
                "EnableResourceNameDnsARecord": false,
                "EnableResourceNameDnsAAAARecord": false
            }
        }
    ]
}

1つのパブリックサブネットと2つのプライベートサブネットが作成されていました。

Route Table

ルートテーブルの確認をします。

長過ぎたので折りたたみます。

Route Table (折りたたみ)
$ aws ec2 describe-route-tables \
    --filters Name=vpc-id,Values="$vpc_id"
{
    "RouteTables": [
        {
            "Associations": [
                {
                    "Main": false,
                    "RouteTableAssociationId": "rtbassoc-0e16a6a7c4009801c",
                    "RouteTableId": "rtb-0d2a1d1762e52e2d9",
                    "SubnetId": "subnet-0ab094df0b881a9d7",
                    "AssociationState": {
                        "State": "associated"
                    }
                }
            ],
            "PropagatingVgws": [],
            "RouteTableId": "rtb-0d2a1d1762e52e2d9",
            "Routes": [
                {
                    "DestinationCidrBlock": "10.0.0.0/16",
                    "GatewayId": "local",
                    "Origin": "CreateRouteTable",
                    "State": "active"
                },
                {
                    "DestinationCidrBlock": "0.0.0.0/0",
                    "GatewayId": "igw-08f2b1ebb6a28f7b9",
                    "Origin": "CreateRoute",
                    "State": "active"
                }
            ],
            "Tags": [
                {
                    "Key": "LaunchWizardApplicationType",
                    "Value": "SQL_SERVER"
                },
                {
                    "Key": "aws:cloudformation:stack-id",
                    "Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-VPCStack-343HLM475QMN/48612860-11f5-11ed-b9ff-0a0c71e6a93f"
                },
                {
                    "Key": "aws:cloudformation:logical-id",
                    "Value": "PublicSubnetRouteTable"
                },
                {
                    "Key": "Name",
                    "Value": "Public Subnets"
                },
                {
                    "Key": "LaunchWizardResourceGroupID",
                    "Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
                },
                {
                    "Key": "Network",
                    "Value": "Public"
                },
                {
                    "Key": "aws:cloudformation:stack-name",
                    "Value": "LaunchWizard-FCI-VPCStack-343HLM475QMN"
                },
                {
                    "Key": "SourceTemplate",
                    "Value": "AWSLaunchWizard"
                }
            ],
            "VpcId": "vpc-0026585a9c8fcb68b",
            "OwnerId": "<AWSアカウントID>"
        },
        {
            "Associations": [
                {
                    "Main": false,
                    "RouteTableAssociationId": "rtbassoc-0be3430bd40aeb726",
                    "RouteTableId": "rtb-0addf80e74e9feeb4",
                    "SubnetId": "subnet-0295427b95b9c2831",
                    "AssociationState": {
                        "State": "associated"
                    }
                }
            ],
            "PropagatingVgws": [],
            "RouteTableId": "rtb-0addf80e74e9feeb4",
            "Routes": [
                {
                    "DestinationCidrBlock": "198.19.255.122/32",
                    "InstanceOwnerId": "292200246037",
                    "NetworkInterfaceId": "eni-002e2f11517086ffe",
                    "Origin": "CreateRoute",
                    "State": "active"
                },
                {
                    "DestinationCidrBlock": "198.19.255.243/32",
                    "InstanceOwnerId": "292200246037",
                    "NetworkInterfaceId": "eni-002e2f11517086ffe",
                    "Origin": "CreateRoute",
                    "State": "active"
                },
                {
                    "DestinationCidrBlock": "10.0.0.0/16",
                    "GatewayId": "local",
                    "Origin": "CreateRouteTable",
                    "State": "active"
                },
                {
                    "DestinationCidrBlock": "0.0.0.0/0",
                    "NatGatewayId": "nat-0bee2e42c06780463",
                    "Origin": "CreateRoute",
                    "State": "active"
                }
            ],
            "Tags": [
                {
                    "Key": "AmazonFSx",
                    "Value": "ManagedByAmazonFSx"
                },
                {
                    "Key": "LaunchWizardApplicationType",
                    "Value": "SQL_SERVER"
                },
                {
                    "Key": "LaunchWizardResourceGroupID",
                    "Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
                },
                {
                    "Key": "Name",
                    "Value": "Private subnet 2"
                },
                {
                    "Key": "aws:cloudformation:logical-id",
                    "Value": "PrivateSubnet2RouteTable"
                },
                {
                    "Key": "Network",
                    "Value": "Private"
                },
                {
                    "Key": "aws:cloudformation:stack-name",
                    "Value": "LaunchWizard-FCI-VPCStack-343HLM475QMN"
                },
                {
                    "Key": "SourceTemplate",
                    "Value": "AWSLaunchWizard"
                },
                {
                    "Key": "aws:cloudformation:stack-id",
                    "Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-VPCStack-343HLM475QMN/48612860-11f5-11ed-b9ff-0a0c71e6a93f"
                }
            ],
            "VpcId": "vpc-0026585a9c8fcb68b",
            "OwnerId": "<AWSアカウントID>"
        },
        {
            "Associations": [
                {
                    "Main": true,
                    "RouteTableAssociationId": "rtbassoc-0531a1af82b30bdf4",
                    "RouteTableId": "rtb-087120833d909da7f",
                    "AssociationState": {
                        "State": "associated"
                    }
                }
            ],
            "PropagatingVgws": [],
            "RouteTableId": "rtb-087120833d909da7f",
            "Routes": [
                {
                    "DestinationCidrBlock": "10.0.0.0/16",
                    "GatewayId": "local",
                    "Origin": "CreateRouteTable",
                    "State": "active"
                }
            ],
            "Tags": [],
            "VpcId": "vpc-0026585a9c8fcb68b",
            "OwnerId": "<AWSアカウントID>"
        },
        {
            "Associations": [
                {
                    "Main": false,
                    "RouteTableAssociationId": "rtbassoc-0d732eaed5fe873a1",
                    "RouteTableId": "rtb-0e4987a1c063dce77",
                    "SubnetId": "subnet-0c5d66ec1307e28fc",
                    "AssociationState": {
                        "State": "associated"
                    }
                }
            ],
            "PropagatingVgws": [],
            "RouteTableId": "rtb-0e4987a1c063dce77",
            "Routes": [
                {
                    "DestinationCidrBlock": "198.19.255.122/32",
                    "InstanceOwnerId": "292200246037",
                    "NetworkInterfaceId": "eni-002e2f11517086ffe",
                    "Origin": "CreateRoute",
                    "State": "active"
                },
                {
                    "DestinationCidrBlock": "198.19.255.243/32",
                    "InstanceOwnerId": "292200246037",
                    "NetworkInterfaceId": "eni-002e2f11517086ffe",
                    "Origin": "CreateRoute",
                    "State": "active"
                },
                {
                    "DestinationCidrBlock": "10.0.0.0/16",
                    "GatewayId": "local",
                    "Origin": "CreateRouteTable",
                    "State": "active"
                },
                {
                    "DestinationCidrBlock": "0.0.0.0/0",
                    "NatGatewayId": "nat-0bee2e42c06780463",
                    "Origin": "CreateRoute",
                    "State": "active"
                }
            ],
            "Tags": [
                {
                    "Key": "Name",
                    "Value": "Private subnet 1"
                },
                {
                    "Key": "AmazonFSx",
                    "Value": "ManagedByAmazonFSx"
                },
                {
                    "Key": "aws:cloudformation:stack-id",
                    "Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-VPCStack-343HLM475QMN/48612860-11f5-11ed-b9ff-0a0c71e6a93f"
                },
                {
                    "Key": "aws:cloudformation:logical-id",
                    "Value": "PrivateSubnet1RouteTable"
                },
                {
                    "Key": "Network",
                    "Value": "Private"
                },
                {
                    "Key": "aws:cloudformation:stack-name",
                    "Value": "LaunchWizard-FCI-VPCStack-343HLM475QMN"
                },
                {
                    "Key": "SourceTemplate",
                    "Value": "AWSLaunchWizard"
                },
                {
                    "Key": "LaunchWizardApplicationType",
                    "Value": "SQL_SERVER"
                },
                {
                    "Key": "LaunchWizardResourceGroupID",
                    "Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
                }
            ],
            "VpcId": "vpc-0026585a9c8fcb68b",
            "OwnerId": "<AWSアカウントID>"
        }
    ]
}

FSx for ONTAPがMulti-AZでデプロイされているので、フローティングIPアドレスの198.19.255.122/32198.19.255.243/32へのルートがプライベートサブネット用のルートテーブルに設定されています。

FSx for ONTAPのフローティングIPアドレスの詳細は以下記事をご覧ください。

NAT Gateway

NAT Gatewayの確認をします。

$ aws ec2 describe-nat-gateways \
    --filter Name=vpc-id,Values="$vpc_id"
{
    "NatGateways": [
        {
            "CreateTime": "2022-08-01T23:55:43+00:00",
            "NatGatewayAddresses": [
                {
                    "AllocationId": "eipalloc-0aaba9137c9515749",
                    "NetworkInterfaceId": "eni-02fb16669c36b88dc",
                    "PrivateIp": "10.0.129.213",
                    "PublicIp": "35.175.79.97"
                }
            ],
            "NatGatewayId": "nat-0bee2e42c06780463",
            "State": "available",
            "SubnetId": "subnet-0ab094df0b881a9d7",
            "VpcId": "vpc-0026585a9c8fcb68b",
            "Tags": [
                {
                    "Key": "aws:cloudformation:stack-name",
                    "Value": "LaunchWizard-FCI-VPCStack-343HLM475QMN"
                },
                {
                    "Key": "SourceTemplate",
                    "Value": "AWSLaunchWizard"
                },
                {
                    "Key": "aws:cloudformation:logical-id",
                    "Value": "NATGateway"
                },
                {
                    "Key": "aws:cloudformation:stack-id",
                    "Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-VPCStack-343HLM475QMN/48612860-11f5-11ed-b9ff-0a0c71e6a93f"
                },
                {
                    "Key": "LaunchWizardApplicationType",
                    "Value": "SQL_SERVER"
                },
                {
                    "Key": "LaunchWizardResourceGroupID",
                    "Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
                }
            ],
            "ConnectivityType": "public"
        }
    ]
}

NAT Gatewayは一つだけのようですね。

Network ACL

Network ACLの確認をします。

$ aws ec2 describe-network-acls \
    --filters Name=vpc-id,Values="$vpc_id"
{
    "NetworkAcls": [
        {
            "Associations": [
                {
                    "NetworkAclAssociationId": "aclassoc-0f5a669ca68114468",
                    "NetworkAclId": "acl-08a3ec67869c0c6ea",
                    "SubnetId": "subnet-0ab094df0b881a9d7"
                },
                {
                    "NetworkAclAssociationId": "aclassoc-08ad047dcf75f5c33",
                    "NetworkAclId": "acl-08a3ec67869c0c6ea",
                    "SubnetId": "subnet-0295427b95b9c2831"
                },
                {
                    "NetworkAclAssociationId": "aclassoc-04243d929bbb93d75",
                    "NetworkAclId": "acl-08a3ec67869c0c6ea",
                    "SubnetId": "subnet-0c5d66ec1307e28fc"
                }
            ],
            "Entries": [
                {
                    "CidrBlock": "0.0.0.0/0",
                    "Egress": true,
                    "Protocol": "-1",
                    "RuleAction": "allow",
                    "RuleNumber": 100
                },
                {
                    "CidrBlock": "0.0.0.0/0",
                    "Egress": true,
                    "Protocol": "-1",
                    "RuleAction": "deny",
                    "RuleNumber": 32767
                },
                {
                    "CidrBlock": "0.0.0.0/0",
                    "Egress": false,
                    "Protocol": "-1",
                    "RuleAction": "allow",
                    "RuleNumber": 100
                },
                {
                    "CidrBlock": "0.0.0.0/0",
                    "Egress": false,
                    "Protocol": "-1",
                    "RuleAction": "deny",
                    "RuleNumber": 32767
                }
            ],
            "IsDefault": true,
            "NetworkAclId": "acl-08a3ec67869c0c6ea",
            "Tags": [],
            "VpcId": "vpc-0026585a9c8fcb68b",
            "OwnerId": "<AWSアカウントID>"
        }
    ]
}

デフォルトのエントリしかないですね。

Security Group

セキュリティグループの確認をします。

長過ぎたので折りたたみます。

Security Group (折りたたみ)
$ aws ec2 describe-security-groups \
      --filters Name=vpc-id,Values="$vpc_id"
{
    "SecurityGroups": [
        {
            "Description": "AWS created security group for d-9067b20bbb directory controllers",
            "GroupName": "d-9067b20bbb_controllers",
            "IpPermissions": [
                {
                    "FromPort": 138,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 138,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 445,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 445,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 464,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 464,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 464,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 464,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 389,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 389,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 53,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 53,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 389,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 389,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": -1,
                    "IpProtocol": "icmp",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": -1,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 445,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 445,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 123,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 123,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 88,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 88,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 3268,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 3269,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 1024,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 65535,
                    "UserIdGroupPairs": []
                },
                {
                    "IpProtocol": "-1",
                    "IpRanges": [],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "UserIdGroupPairs": [
                        {
                            "GroupId": "sg-0be8d48e27b84bec5",
                            "UserId": "<AWSアカウントID>"
                        }
                    ]
                },
                {
                    "FromPort": 135,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 135,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 636,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 636,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 53,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 53,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 88,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 88,
                    "UserIdGroupPairs": []
                }
            ],
            "OwnerId": "<AWSアカウントID>",
            "GroupId": "sg-0be8d48e27b84bec5",
            "IpPermissionsEgress": [
                {
                    "IpProtocol": "-1",
                    "IpRanges": [],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "UserIdGroupPairs": [
                        {
                            "GroupId": "sg-0be8d48e27b84bec5",
                            "UserId": "<AWSアカウントID>"
                        }
                    ]
                }
            ],
            "VpcId": "vpc-0026585a9c8fcb68b"
        },
        {
            "Description": "default VPC security group",
            "GroupName": "default",
            "IpPermissions": [
                {
                    "IpProtocol": "-1",
                    "IpRanges": [],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "UserIdGroupPairs": [
                        {
                            "GroupId": "sg-037672e4889ecde77",
                            "UserId": "<AWSアカウントID>"
                        }
                    ]
                }
            ],
            "OwnerId": "<AWSアカウントID>",
            "GroupId": "sg-037672e4889ecde77",
            "IpPermissionsEgress": [
                {
                    "IpProtocol": "-1",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "UserIdGroupPairs": []
                }
            ],
            "VpcId": "vpc-0026585a9c8fcb68b"
        },
        {
            "Description": "Domain Members",
            "GroupName": "LaunchWizard-FCI-DomainMemberSG-1DZJHDJ2EMHI8",
            "IpPermissions": [
                {
                    "FromPort": 49152,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/20"
                        },
                        {
                            "CidrIp": "10.0.16.0/20"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 65535,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 49152,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.16.0/20"
                        },
                        {
                            "CidrIp": "10.0.0.0/20"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 65535,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 53,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/20"
                        },
                        {
                            "CidrIp": "10.0.16.0/20"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 53,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 53,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/20"
                        },
                        {
                            "CidrIp": "10.0.16.0/20"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 53,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 3389,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.128.0/20"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 3389,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 5985,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/20"
                        },
                        {
                            "CidrIp": "10.0.16.0/20"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 5985,
                    "UserIdGroupPairs": []
                }
            ],
            "OwnerId": "<AWSアカウントID>",
            "GroupId": "sg-0663eab51822ea215",
            "IpPermissionsEgress": [
                {
                    "IpProtocol": "-1",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "UserIdGroupPairs": []
                }
            ],
            "Tags": [
                {
                    "Key": "LaunchWizardApplicationType",
                    "Value": "SQL_SERVER"
                },
                {
                    "Key": "LaunchWizardResourceGroupID",
                    "Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
                },
                {
                    "Key": "SourceTemplate",
                    "Value": "AWSLaunchWizard"
                },
                {
                    "Key": "aws:cloudformation:logical-id",
                    "Value": "DomainMemberSG"
                },
                {
                    "Key": "aws:cloudformation:stack-id",
                    "Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI/42bc4d90-11f5-11ed-ab07-12e318d2f413"
                },
                {
                    "Key": "aws:cloudformation:stack-name",
                    "Value": "LaunchWizard-FCI"
                }
            ],
            "VpcId": "vpc-0026585a9c8fcb68b"
        },
        {
            "Description": "Allow access to the Workload instances",
            "GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-WorkloadSecurityGroup-1MVLVWDH2MJ4E",
            "IpPermissions": [
                {
                    "FromPort": 464,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.5.1/32"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 464,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 464,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.5.1/32"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 464,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 49152,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.5.1/32"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 65535,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 53,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.5.1/32"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 53,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 389,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.5.1/32"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 389,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 389,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.5.1/32"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 389,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 123,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.5.1/32"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 123,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 445,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.5.1/32"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 445,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 9389,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.5.1/32"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 9389,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 5985,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.5.1/32"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 5985,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 88,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.5.1/32"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 88,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 3268,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.5.1/32"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 3269,
                    "UserIdGroupPairs": []
                },
                {
                    "IpProtocol": "-1",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 135,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.5.1/32"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 135,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 636,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.5.1/32"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 636,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 53,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.5.1/32"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 53,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 88,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.5.1/32"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 88,
                    "UserIdGroupPairs": []
                }
            ],
            "OwnerId": "<AWSアカウントID>",
            "GroupId": "sg-08ed0f378bd607afd",
            "IpPermissionsEgress": [
                {
                    "IpProtocol": "-1",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "UserIdGroupPairs": []
                }
            ],
            "Tags": [
                {
                    "Key": "LaunchWizardApplicationType",
                    "Value": "SQL_SERVER"
                },
                {
                    "Key": "LaunchWizardResourceGroupID",
                    "Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
                },
                {
                    "Key": "SourceTemplate",
                    "Value": "AWSLaunchWizard"
                },
                {
                    "Key": "aws:cloudformation:logical-id",
                    "Value": "WorkloadSecurityGroup"
                },
                {
                    "Key": "aws:cloudformation:stack-name",
                    "Value": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L"
                },
                {
                    "Key": "aws:cloudformation:stack-id",
                    "Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L/71df7700-11fa-11ed-a605-0a33f5a9182b"
                }
            ],
            "VpcId": "vpc-0026585a9c8fcb68b"
        },
        {
            "Description": "Allow access to the Workload instances",
            "GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-ONTAPSecurityGroup-1HFXYPO5I6G0M",
            "IpPermissions": [
                {
                    "FromPort": 135,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 135,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 4045,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 4045,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 3260,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 3260,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 11105,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 11105,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 4046,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 4046,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": -1,
                    "IpProtocol": "icmp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": -1,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 4049,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 4049,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 2049,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 2049,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 635,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 635,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 635,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 635,
                    "UserIdGroupPairs": []
                },
                {
                    "IpProtocol": "-1",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 11104,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 11104,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 139,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 139,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 139,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 139,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 135,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 135,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 749,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 749,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 443,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 443,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 161,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 162,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 4046,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 4046,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 4045,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 4045,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 161,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 162,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 137,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 137,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 22,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 22,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 10000,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 10000,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 2049,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 2049,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 111,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 111,
                    "UserIdGroupPairs": []
                },
                {
                    "FromPort": 111,
                    "IpProtocol": "udp",
                    "IpRanges": [
                        {
                            "CidrIp": "10.0.0.0/16"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 111,
                    "UserIdGroupPairs": []
                }
            ],
            "OwnerId": "<AWSアカウントID>",
            "GroupId": "sg-05fc73637d21895ea",
            "IpPermissionsEgress": [
                {
                    "IpProtocol": "-1",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "UserIdGroupPairs": []
                }
            ],
            "Tags": [
                {
                    "Key": "aws:cloudformation:stack-name",
                    "Value": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L"
                },
                {
                    "Key": "LaunchWizardResourceGroupID",
                    "Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
                },
                {
                    "Key": "aws:cloudformation:stack-id",
                    "Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L/71df7700-11fa-11ed-a605-0a33f5a9182b"
                },
                {
                    "Key": "LaunchWizardApplicationType",
                    "Value": "SQL_SERVER"
                },
                {
                    "Key": "aws:cloudformation:logical-id",
                    "Value": "ONTAPSecurityGroup"
                },
                {
                    "Key": "SourceTemplate",
                    "Value": "AWSLaunchWizard"
                }
            ],
            "VpcId": "vpc-0026585a9c8fcb68b"
        }
    ]
}

以下5つのセキュリティグループが作成されていました。

  1. VPCのデフォルトのセキュリティグループ
  2. Managed Microsoft AD用のセキュリティグループ
  3. Managed Microsoft ADのメンバー用のセキュリティグループ
  4. SQL Server用のセキュリティグループ
  5. FSx for ONTAP用のセキュリティグループ

Secrets Manager

Secrets Managerの確認をします。

$ aws secretsmanager list-secrets
{
    "SecretList": [
        {
            "ARN": "arn:aws:secretsmanager:us-east-1:<AWSアカウントID>:secret:LaunchWizard-FCI-SQLServiceAccount-8Asppf",
            "Name": "LaunchWizard-FCI-SQLServiceAccount",
            "Description": "Secure string with name LaunchWizard-FCI-SQLServiceAccount",
            "LastChangedDate": "2022-08-01T23:53:38.402000+00:00",
            "Tags": [
                {
                    "Key": "LaunchWizardResourceGroupID",
                    "Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
                },
                {
                    "Key": "LaunchWizardApplicationType",
                    "Value": "SQL_SERVER"
                }
            ],
            "SecretVersionsToStages": {
                "e0558b6c-4112-4e12-8aaf-73d433771d8c": [
                    "AWSCURRENT"
                ]
            },
            "CreatedDate": "2022-08-01T23:53:38.266000+00:00"
        },
        {
            "ARN": "arn:aws:secretsmanager:us-east-1:<AWSアカウントID>:secret:LaunchWizard-FCI-DomainAdmin-UDkgVM",
            "Name": "LaunchWizard-FCI-DomainAdmin",
            "Description": "Secure string with name LaunchWizard-FCI-DomainAdmin",
            "LastChangedDate": "2022-08-01T23:53:38.540000+00:00",
            "LastAccessedDate": "2022-08-01T00:00:00+00:00",
            "Tags": [
                {
                    "Key": "LaunchWizardResourceGroupID",
                    "Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
                },
                {
                    "Key": "LaunchWizardApplicationType",
                    "Value": "SQL_SERVER"
                }
            ],
            "SecretVersionsToStages": {
                "c1500b20-c486-4c1e-981c-94324e2a21da": [
                    "AWSCURRENT"
                ]
            },
            "CreatedDate": "2022-08-01T23:53:38.428000+00:00"
        },
        {
            "ARN": "arn:aws:secretsmanager:us-east-1:<AWSアカウントID>:secret:LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-fsxadmin-tRUbem",
            "Name": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-fsxadmin",
            "Description": "Administrator Password for AD",
            "LastChangedDate": "2022-08-02T00:31:46.929000+00:00",
            "LastAccessedDate": "2022-08-02T00:00:00+00:00",
            "Tags": [
                {
                    "Key": "aws:cloudformation:stack-name",
                    "Value": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L"
                },
                {
                    "Key": "aws:cloudformation:stack-id",
                    "Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L/71df7700-11fa-11ed-a605-0a33f5a9182b"
                },
                {
                    "Key": "LaunchWizardResourceGroupID",
                    "Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
                },
                {
                    "Key": "LaunchWizardApplicationType",
                    "Value": "SQL_SERVER"
                },
                {
                    "Key": "SourceTemplate",
                    "Value": "AWSLaunchWizard"
                },
                {
                    "Key": "aws:cloudformation:logical-id",
                    "Value": "FSXAdmin"
                }
            ],
            "SecretVersionsToStages": {
                "ee20e8b9-119c-49c7-8c63-6e7cbace6b51": [
                    "AWSCURRENT"
                ]
            },
            "CreatedDate": "2022-08-02T00:31:40.695000+00:00"
        }
    ]
}

以下の3つシークレットが作成されています。

  1. SQL Server用
  2. ドメインのAdminユーザー用
  3. FSx for ONTAPファイルサーバー用

各シークレットのポリシーは以下の通りです。

$ aws secretsmanager list-secrets \
    --query 'SecretList[].[ARN]' \
    --output text \
  | while read secret_id; do
      aws secretsmanager get-resource-policy \
          --secret-id "$secret_id"
    done
{
    "ARN": "arn:aws:secretsmanager:us-east-1:<AWSアカウントID>:secret:LaunchWizard-FCI-SQLServiceAccount-8Asppf",
    "Name": "LaunchWizard-FCI-SQLServiceAccount",
    "ResourcePolicy": "{\n  \"Version\" : \"2012-10-17\",\n  \"Statement\" : [ {\n    \"Effect\" : \"Allow\",\n    \"Principal\" : {\n      \"AWS\" : \"arn:aws:iam::<AWSアカウントID>:role/service-role/AmazonEC2RoleForLaunchWizard\"\n    },\n    \"Action\" : [ \"secretsmanager:GetSecretValue\", \"secretsmanager:CreateSecret\", \"secretsmanager:GetRandomPassword\" ],\n    \"Resource\" : \"*\"\n  } ]\n}"
}
{
    "ARN": "arn:aws:secretsmanager:us-east-1:<AWSアカウントID>:secret:LaunchWizard-FCI-DomainAdmin-UDkgVM",
    "Name": "LaunchWizard-FCI-DomainAdmin",
    "ResourcePolicy": "{\n  \"Version\" : \"2012-10-17\",\n  \"Statement\" : [ {\n    \"Effect\" : \"Allow\",\n    \"Principal\" : {\n      \"AWS\" : \"arn:aws:iam::<AWSアカウントID>:role/service-role/AmazonEC2RoleForLaunchWizard\"\n    },\n    \"Action\" : [ \"secretsmanager:GetSecretValue\", \"secretsmanager:CreateSecret\", \"secretsmanager:GetRandomPassword\" ],\n    \"Resource\" : \"*\"\n  } ]\n}"
}
{
    "ARN": "arn:aws:secretsmanager:us-east-1:<AWSアカウントID>:secret:LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-fsxadmin-tRUbem",
    "Name": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-fsxadmin",
    "ResourcePolicy": "{\n  \"Version\" : \"2012-10-17\",\n  \"Statement\" : [ {\n    \"Effect\" : \"Allow\",\n    \"Principal\" : {\n      \"AWS\" : \"arn:aws:iam::<AWSアカウントID>:role/service-role/AmazonEC2RoleForLaunchWizard\"\n    },\n    \"Action\" : [ \"secretsmanager:GetSecretValue\", \"secretsmanager:CreateSecret\", \"secretsmanager:GetRandomPassword\" ],\n    \"Resource\" : \"*\"\n  } ]\n}"
}

IAMロールAmazonEC2RoleForLaunchWizardからであればシークレットの取得ができるようです。

EC2インスタンス

EC2インスタンスの確認をします。

長過ぎたので折りたたみます。

EC2インスタンス (折りたたみ)
$ aws ec2 describe-instances \
    --filters Name=vpc-id,Values="$vpc_id"
{
    "Reservations": [
        {
            "Groups": [],
            "Instances": [
                {
                    "AmiLaunchIndex": 0,
                    "ImageId": "ami-098ff43402367aedd",
                    "InstanceId": "i-0491369ded364f11d",
                    "InstanceType": "c6a.xlarge",
                    "KeyName": "<キーペア名>",
                    "LaunchTime": "2022-08-02T01:06:55+00:00",
                    "Monitoring": {
                        "State": "disabled"
                    },
                    "Placement": {
                        "AvailabilityZone": "us-east-1b",
                        "GroupName": "",
                        "Tenancy": "default"
                    },
                    "Platform": "windows",
                    "PrivateDnsName": "ip-10-0-28-119.ec2.internal",
                    "PrivateIpAddress": "10.0.28.119",
                    "ProductCodes": [],
                    "PublicDnsName": "",
                    "State": {
                        "Code": 16,
                        "Name": "running"
                    },
                    "StateTransitionReason": "",
                    "SubnetId": "subnet-0295427b95b9c2831",
                    "VpcId": "vpc-0026585a9c8fcb68b",
                    "Architecture": "x86_64",
                    "BlockDeviceMappings": [
                        {
                            "DeviceName": "/dev/sda1",
                            "Ebs": {
                                "AttachTime": "2022-08-02T01:06:55+00:00",
                                "DeleteOnTermination": true,
                                "Status": "attached",
                                "VolumeId": "vol-07a2a69f8f9875a1c"
                            }
                        }
                    ],
                    "ClientToken": "Launc-SqlFS-1L0PGXULXQ9GQ",
                    "EbsOptimized": false,
                    "EnaSupport": true,
                    "Hypervisor": "xen",
                    "IamInstanceProfile": {
                        "Arn": "arn:aws:iam::<AWSアカウントID>:instance-profile/LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-LaunchWizardSqlFSxProfile-CMCoWiMGLsWh",
                        "Id": "AIPA6KUFAVPURVYIUWMMA"
                    },
                    "NetworkInterfaces": [
                        {
                            "Attachment": {
                                "AttachTime": "2022-08-02T01:06:55+00:00",
                                "AttachmentId": "eni-attach-0110ac5164f0a8ddb",
                                "DeleteOnTermination": false,
                                "DeviceIndex": 0,
                                "Status": "attached",
                                "NetworkCardIndex": 0
                            },
                            "Description": "",
                            "Groups": [
                                {
                                    "GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-WorkloadSecurityGroup-1MVLVWDH2MJ4E",
                                    "GroupId": "sg-08ed0f378bd607afd"
                                },
                                {
                                    "GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-ONTAPSecurityGroup-1HFXYPO5I6G0M",
                                    "GroupId": "sg-05fc73637d21895ea"
                                }
                            ],
                            "Ipv6Addresses": [],
                            "MacAddress": "02:f1:48:45:74:43",
                            "NetworkInterfaceId": "eni-068c3dd415558a96e",
                            "OwnerId": "<AWSアカウントID>",
                            "PrivateDnsName": "ip-10-0-28-119.ec2.internal",
                            "PrivateIpAddress": "10.0.28.119",
                            "PrivateIpAddresses": [
                                {
                                    "Primary": true,
                                    "PrivateDnsName": "ip-10-0-28-119.ec2.internal",
                                    "PrivateIpAddress": "10.0.28.119"
                                },
                                {
                                    "Primary": false,
                                    "PrivateDnsName": "ip-10-0-30-89.ec2.internal",
                                    "PrivateIpAddress": "10.0.30.89"
                                },
                                {
                                    "Primary": false,
                                    "PrivateDnsName": "ip-10-0-19-202.ec2.internal",
                                    "PrivateIpAddress": "10.0.19.202"
                                }
                            ],
                            "SourceDestCheck": true,
                            "Status": "in-use",
                            "SubnetId": "subnet-0295427b95b9c2831",
                            "VpcId": "vpc-0026585a9c8fcb68b",
                            "InterfaceType": "interface"
                        }
                    ],
                    "RootDeviceName": "/dev/sda1",
                    "RootDeviceType": "ebs",
                    "SecurityGroups": [
                        {
                            "GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-WorkloadSecurityGroup-1MVLVWDH2MJ4E",
                            "GroupId": "sg-08ed0f378bd607afd"
                        },
                        {
                            "GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-ONTAPSecurityGroup-1HFXYPO5I6G0M",
                            "GroupId": "sg-05fc73637d21895ea"
                        }
                    ],
                    "SourceDestCheck": true,
                    "Tags": [
                        {
                            "Key": "FCIName",
                            "Value": "FCIsbC8sKn4EGPM"
                        },
                        {
                            "Key": "SourceTemplate",
                            "Value": "AWSLaunchWizard"
                        },
                        {
                            "Key": "aws:cloudformation:logical-id",
                            "Value": "SqlFSxInstanceMAD2"
                        },
                        {
                            "Key": "LaunchWizardApplicationType",
                            "Value": "SQL_SERVER"
                        },
                        {
                            "Key": "aws:cloudformation:stack-name",
                            "Value": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L"
                        },
                        {
                            "Key": "aws:cloudformation:stack-id",
                            "Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L/71df7700-11fa-11ed-a605-0a33f5a9182b"
                        },
                        {
                            "Key": "Name",
                            "Value": "FCIVAmSWhwgL9V1"
                        },
                        {
                            "Key": "FCIRole",
                            "Value": "Secondary"
                        },
                        {
                            "Key": "LaunchWizardResourceGroupID",
                            "Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
                        }
                    ],
                    "VirtualizationType": "hvm",
                    "CpuOptions": {
                        "CoreCount": 2,
                        "ThreadsPerCore": 2
                    },
                    "CapacityReservationSpecification": {
                        "CapacityReservationPreference": "open"
                    },
                    "HibernationOptions": {
                        "Configured": false
                    },
                    "MetadataOptions": {
                        "State": "applied",
                        "HttpTokens": "optional",
                        "HttpPutResponseHopLimit": 1,
                        "HttpEndpoint": "enabled",
                        "HttpProtocolIpv6": "disabled",
                        "InstanceMetadataTags": "disabled"
                    },
                    "EnclaveOptions": {
                        "Enabled": false
                    },
                    "PlatformDetails": "Windows with SQL Server Standard",
                    "UsageOperation": "RunInstances:0006",
                    "UsageOperationUpdateTime": "2022-08-02T01:06:55+00:00",
                    "PrivateDnsNameOptions": {
                        "HostnameType": "ip-name",
                        "EnableResourceNameDnsARecord": false,
                        "EnableResourceNameDnsAAAARecord": false
                    },
                    "MaintenanceOptions": {
                        "AutoRecovery": "default"
                    }
                }
            ],
            "OwnerId": "<AWSアカウントID>",
            "RequesterId": "043234062703",
            "ReservationId": "r-02d6cd70a73ced814"
        },
        {
            "Groups": [],
            "Instances": [
                {
                    "AmiLaunchIndex": 0,
                    "ImageId": "ami-098ff43402367aedd",
                    "InstanceId": "i-00afa45a1823f9f38",
                    "InstanceType": "c6a.xlarge",
                    "KeyName": "<キーペア名>",
                    "LaunchTime": "2022-08-02T01:06:57+00:00",
                    "Monitoring": {
                        "State": "disabled"
                    },
                    "Placement": {
                        "AvailabilityZone": "us-east-1a",
                        "GroupName": "",
                        "Tenancy": "default"
                    },
                    "Platform": "windows",
                    "PrivateDnsName": "ip-10-0-1-211.ec2.internal",
                    "PrivateIpAddress": "10.0.1.211",
                    "ProductCodes": [],
                    "PublicDnsName": "",
                    "State": {
                        "Code": 16,
                        "Name": "running"
                    },
                    "StateTransitionReason": "",
                    "SubnetId": "subnet-0c5d66ec1307e28fc",
                    "VpcId": "vpc-0026585a9c8fcb68b",
                    "Architecture": "x86_64",
                    "BlockDeviceMappings": [
                        {
                            "DeviceName": "/dev/sda1",
                            "Ebs": {
                                "AttachTime": "2022-08-02T01:06:57+00:00",
                                "DeleteOnTermination": true,
                                "Status": "attached",
                                "VolumeId": "vol-072bdc83a5cea8168"
                            }
                        }
                    ],
                    "ClientToken": "Launc-SqlFS-MR9P9VX263WQ",
                    "EbsOptimized": false,
                    "EnaSupport": true,
                    "Hypervisor": "xen",
                    "IamInstanceProfile": {
                        "Arn": "arn:aws:iam::<AWSアカウントID>:instance-profile/LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-LaunchWizardSqlFSxProfile-CMCoWiMGLsWh",
                        "Id": "AIPA6KUFAVPURVYIUWMMA"
                    },
                    "NetworkInterfaces": [
                        {
                            "Attachment": {
                                "AttachTime": "2022-08-02T01:06:57+00:00",
                                "AttachmentId": "eni-attach-08efd4b9ead5568f3",
                                "DeleteOnTermination": false,
                                "DeviceIndex": 0,
                                "Status": "attached",
                                "NetworkCardIndex": 0
                            },
                            "Description": "",
                            "Groups": [
                                {
                                    "GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-WorkloadSecurityGroup-1MVLVWDH2MJ4E",
                                    "GroupId": "sg-08ed0f378bd607afd"
                                },
                                {
                                    "GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-ONTAPSecurityGroup-1HFXYPO5I6G0M",
                                    "GroupId": "sg-05fc73637d21895ea"
                                }
                            ],
                            "Ipv6Addresses": [],
                            "MacAddress": "0e:18:d6:76:8b:99",
                            "NetworkInterfaceId": "eni-01311aeda9a2351f1",
                            "OwnerId": "<AWSアカウントID>",
                            "PrivateDnsName": "ip-10-0-1-211.ec2.internal",
                            "PrivateIpAddress": "10.0.1.211",
                            "PrivateIpAddresses": [
                                {
                                    "Primary": true,
                                    "PrivateDnsName": "ip-10-0-1-211.ec2.internal",
                                    "PrivateIpAddress": "10.0.1.211"
                                },
                                {
                                    "Primary": false,
                                    "PrivateDnsName": "ip-10-0-12-104.ec2.internal",
                                    "PrivateIpAddress": "10.0.12.104"
                                },
                                {
                                    "Primary": false,
                                    "PrivateDnsName": "ip-10-0-15-79.ec2.internal",
                                    "PrivateIpAddress": "10.0.15.79"
                                }
                            ],
                            "SourceDestCheck": true,
                            "Status": "in-use",
                            "SubnetId": "subnet-0c5d66ec1307e28fc",
                            "VpcId": "vpc-0026585a9c8fcb68b",
                            "InterfaceType": "interface"
                        }
                    ],
                    "RootDeviceName": "/dev/sda1",
                    "RootDeviceType": "ebs",
                    "SecurityGroups": [
                        {
                            "GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-WorkloadSecurityGroup-1MVLVWDH2MJ4E",
                            "GroupId": "sg-08ed0f378bd607afd"
                        },
                        {
                            "GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-ONTAPSecurityGroup-1HFXYPO5I6G0M",
                            "GroupId": "sg-05fc73637d21895ea"
                        }
                    ],
                    "SourceDestCheck": true,
                    "Tags": [
                        {
                            "Key": "Name",
                            "Value": "FCIV9arshUSNpXy"
                        },
                        {
                            "Key": "aws:cloudformation:stack-name",
                            "Value": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L"
                        },
                        {
                            "Key": "FCIName",
                            "Value": "FCIsbC8sKn4EGPM"
                        },
                        {
                            "Key": "FCIRole",
                            "Value": "Primary"
                        },
                        {
                            "Key": "LaunchWizardResourceGroupID",
                            "Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
                        },
                        {
                            "Key": "aws:cloudformation:stack-id",
                            "Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L/71df7700-11fa-11ed-a605-0a33f5a9182b"
                        },
                        {
                            "Key": "LaunchWizardApplicationType",
                            "Value": "SQL_SERVER"
                        },
                        {
                            "Key": "SourceTemplate",
                            "Value": "AWSLaunchWizard"
                        },
                        {
                            "Key": "aws:cloudformation:logical-id",
                            "Value": "SqlFSxInstanceMAD1"
                        }
                    ],
                    "VirtualizationType": "hvm",
                    "CpuOptions": {
                        "CoreCount": 2,
                        "ThreadsPerCore": 2
                    },
                    "CapacityReservationSpecification": {
                        "CapacityReservationPreference": "open"
                    },
                    "HibernationOptions": {
                        "Configured": false
                    },
                    "MetadataOptions": {
                        "State": "applied",
                        "HttpTokens": "optional",
                        "HttpPutResponseHopLimit": 1,
                        "HttpEndpoint": "enabled",
                        "HttpProtocolIpv6": "disabled",
                        "InstanceMetadataTags": "disabled"
                    },
                    "EnclaveOptions": {
                        "Enabled": false
                    },
                    "PlatformDetails": "Windows with SQL Server Standard",
                    "UsageOperation": "RunInstances:0006",
                    "UsageOperationUpdateTime": "2022-08-02T01:06:57+00:00",
                    "PrivateDnsNameOptions": {
                        "HostnameType": "ip-name",
                        "EnableResourceNameDnsARecord": false,
                        "EnableResourceNameDnsAAAARecord": false
                    },
                    "MaintenanceOptions": {
                        "AutoRecovery": "default"
                    }
                }
            ],
            "OwnerId": "<AWSアカウントID>",
            "RequesterId": "043234062703",
            "ReservationId": "r-01b3945c0ab8cf908"
        }
    ]
}

SQL Server用のEC2インスタンスが2台作成されています。

各EC2インスタンスには、WSFCのクラスターのコアリソース用IPアドレスとSQL Serverのリスナー用IPアドレスが割り当てられています。

ENI

ENIの確認をします。

ENI (折りたたみ)
$ aws ec2 describe-network-interfaces \
    --filters Name=vpc-id,Values="$vpc_id"
{
    "NetworkInterfaces": [
        {
            "Association": {
                "AllocationId": "eipalloc-0aaba9137c9515749",
                "AssociationId": "eipassoc-0fda087adcb81ee68",
                "IpOwnerId": "<AWSアカウントID>",
                "PublicDnsName": "ec2-35-175-79-97.compute-1.amazonaws.com",
                "PublicIp": "35.175.79.97"
            },
            "Attachment": {
                "AttachmentId": "ela-attach-0d48b5ef0bc2557b9",
                "DeleteOnTermination": false,
                "DeviceIndex": 1,
                "InstanceOwnerId": "amazon-aws",
                "Status": "attached"
            },
            "AvailabilityZone": "us-east-1a",
            "Description": "Interface for NAT Gateway nat-0bee2e42c06780463",
            "Groups": [],
            "InterfaceType": "nat_gateway",
            "Ipv6Addresses": [],
            "MacAddress": "0e:85:ab:26:d8:d5",
            "NetworkInterfaceId": "eni-02fb16669c36b88dc",
            "OwnerId": "<AWSアカウントID>",
            "PrivateDnsName": "ip-10-0-129-213.ec2.internal",
            "PrivateIpAddress": "10.0.129.213",
            "PrivateIpAddresses": [
                {
                    "Association": {
                        "AllocationId": "eipalloc-0aaba9137c9515749",
                        "AssociationId": "eipassoc-0fda087adcb81ee68",
                        "IpOwnerId": "<AWSアカウントID>",
                        "PublicDnsName": "ec2-35-175-79-97.compute-1.amazonaws.com",
                        "PublicIp": "35.175.79.97"
                    },
                    "Primary": true,
                    "PrivateDnsName": "ip-10-0-129-213.ec2.internal",
                    "PrivateIpAddress": "10.0.129.213"
                }
            ],
            "RequesterId": "130541447523",
            "RequesterManaged": true,
            "SourceDestCheck": false,
            "Status": "in-use",
            "SubnetId": "subnet-0ab094df0b881a9d7",
            "TagSet": [],
            "VpcId": "vpc-0026585a9c8fcb68b"
        },
        {
            "Attachment": {
                "AttachTime": "2022-08-01T23:59:04+00:00",
                "AttachmentId": "eni-attach-05f2ae028b67d2ca6",
                "DeleteOnTermination": false,
                "DeviceIndex": 1,
                "NetworkCardIndex": 0,
                "InstanceOwnerId": "803884302965",
                "Status": "attached"
            },
            "AvailabilityZone": "us-east-1a",
            "Description": "AWS created network interface for directory d-9067b20bbb",
            "Groups": [
                {
                    "GroupName": "d-9067b20bbb_controllers",
                    "GroupId": "sg-0be8d48e27b84bec5"
                }
            ],
            "InterfaceType": "interface",
            "Ipv6Addresses": [],
            "MacAddress": "0e:76:cc:b8:d2:0d",
            "NetworkInterfaceId": "eni-070c1b613fd7da608",
            "OwnerId": "<AWSアカウントID>",
            "PrivateDnsName": "ip-10-0-5-1.ec2.internal",
            "PrivateIpAddress": "10.0.5.1",
            "PrivateIpAddresses": [
                {
                    "Primary": true,
                    "PrivateDnsName": "ip-10-0-5-1.ec2.internal",
                    "PrivateIpAddress": "10.0.5.1"
                }
            ],
            "RequesterId": "803884302965",
            "RequesterManaged": true,
            "SourceDestCheck": true,
            "Status": "in-use",
            "SubnetId": "subnet-0c5d66ec1307e28fc",
            "TagSet": [],
            "VpcId": "vpc-0026585a9c8fcb68b"
        },
        {
            "Attachment": {
                "AttachTime": "2022-08-02T01:06:57+00:00",
                "AttachmentId": "eni-attach-08efd4b9ead5568f3",
                "DeleteOnTermination": false,
                "DeviceIndex": 0,
                "NetworkCardIndex": 0,
                "InstanceId": "i-00afa45a1823f9f38",
                "InstanceOwnerId": "<AWSアカウントID>",
                "Status": "attached"
            },
            "AvailabilityZone": "us-east-1a",
            "Description": "",
            "Groups": [
                {
                    "GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-WorkloadSecurityGroup-1MVLVWDH2MJ4E",
                    "GroupId": "sg-08ed0f378bd607afd"
                },
                {
                    "GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-ONTAPSecurityGroup-1HFXYPO5I6G0M",
                    "GroupId": "sg-05fc73637d21895ea"
                }
            ],
            "InterfaceType": "interface",
            "Ipv6Addresses": [],
            "MacAddress": "0e:18:d6:76:8b:99",
            "NetworkInterfaceId": "eni-01311aeda9a2351f1",
            "OwnerId": "<AWSアカウントID>",
            "PrivateDnsName": "ip-10-0-1-211.ec2.internal",
            "PrivateIpAddress": "10.0.1.211",
            "PrivateIpAddresses": [
                {
                    "Primary": true,
                    "PrivateDnsName": "ip-10-0-1-211.ec2.internal",
                    "PrivateIpAddress": "10.0.1.211"
                },
                {
                    "Primary": false,
                    "PrivateDnsName": "ip-10-0-12-104.ec2.internal",
                    "PrivateIpAddress": "10.0.12.104"
                },
                {
                    "Primary": false,
                    "PrivateDnsName": "ip-10-0-15-79.ec2.internal",
                    "PrivateIpAddress": "10.0.15.79"
                }
            ],
            "RequesterId": "043234062703",
            "RequesterManaged": false,
            "SourceDestCheck": true,
            "Status": "in-use",
            "SubnetId": "subnet-0c5d66ec1307e28fc",
            "TagSet": [
                {
                    "Key": "LaunchWizardResourceGroupID",
                    "Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
                },
                {
                    "Key": "SourceTemplate",
                    "Value": "AWSLaunchWizard"
                },
                {
                    "Key": "aws:cloudformation:logical-id",
                    "Value": "NetworkInterface1"
                },
                {
                    "Key": "Name",
                    "Value": "FCIV9arshUSNpXy"
                },
                {
                    "Key": "LaunchWizardApplicationType",
                    "Value": "SQL_SERVER"
                },
                {
                    "Key": "aws:cloudformation:stack-id",
                    "Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L/71df7700-11fa-11ed-a605-0a33f5a9182b"
                },
                {
                    "Key": "aws:cloudformation:stack-name",
                    "Value": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L"
                }
            ],
            "VpcId": "vpc-0026585a9c8fcb68b"
        },
        {
            "Attachment": {
                "AttachTime": "2022-08-02T00:45:10+00:00",
                "AttachmentId": "eni-attach-04f20373f77aabf16",
                "DeleteOnTermination": false,
                "DeviceIndex": 3,
                "NetworkCardIndex": 0,
                "InstanceOwnerId": "292200246037",
                "Status": "attached"
            },
            "AvailabilityZone": "us-east-1a",
            "Description": "[Do not detach or untag] Amazon FSx network interface for fs-0b8f145a32d809221",
            "Groups": [
                {
                    "GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-ONTAPSecurityGroup-1HFXYPO5I6G0M",
                    "GroupId": "sg-05fc73637d21895ea"
                }
            ],
            "InterfaceType": "interface",
            "Ipv6Addresses": [],
            "MacAddress": "0e:33:63:45:df:07",
            "NetworkInterfaceId": "eni-002e2f11517086ffe",
            "OwnerId": "<AWSアカウントID>",
            "PrivateDnsName": "ip-10-0-3-248.ec2.internal",
            "PrivateIpAddress": "10.0.3.248",
            "PrivateIpAddresses": [
                {
                    "Primary": true,
                    "PrivateDnsName": "ip-10-0-3-248.ec2.internal",
                    "PrivateIpAddress": "10.0.3.248"
                },
                {
                    "Primary": false,
                    "PrivateDnsName": "ip-10-0-9-95.ec2.internal",
                    "PrivateIpAddress": "10.0.9.95"
                },
                {
                    "Primary": false,
                    "PrivateDnsName": "ip-10-0-1-243.ec2.internal",
                    "PrivateIpAddress": "10.0.1.243"
                }
            ],
            "RequesterId": "470192892696",
            "RequesterManaged": false,
            "SourceDestCheck": false,
            "Status": "in-use",
            "SubnetId": "subnet-0c5d66ec1307e28fc",
            "TagSet": [
                {
                    "Key": "AmazonFSx.FileSystemId",
                    "Value": "fs-0b8f145a32d809221"
                }
            ],
            "VpcId": "vpc-0026585a9c8fcb68b"
        },
        {
            "Attachment": {
                "AttachTime": "2022-08-02T00:45:11+00:00",
                "AttachmentId": "eni-attach-00152b308f725c8a9",
                "DeleteOnTermination": false,
                "DeviceIndex": 3,
                "NetworkCardIndex": 0,
                "InstanceOwnerId": "292200246037",
                "Status": "attached"
            },
            "AvailabilityZone": "us-east-1b",
            "Description": "[Do not detach or untag] Amazon FSx network interface for fs-0b8f145a32d809221",
            "Groups": [
                {
                    "GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-ONTAPSecurityGroup-1HFXYPO5I6G0M",
                    "GroupId": "sg-05fc73637d21895ea"
                }
            ],
            "InterfaceType": "interface",
            "Ipv6Addresses": [],
            "MacAddress": "02:b5:0b:4c:dd:c3",
            "NetworkInterfaceId": "eni-0a4ba65000f04ea41",
            "OwnerId": "<AWSアカウントID>",
            "PrivateDnsName": "ip-10-0-19-19.ec2.internal",
            "PrivateIpAddress": "10.0.19.19",
            "PrivateIpAddresses": [
                {
                    "Primary": true,
                    "PrivateDnsName": "ip-10-0-19-19.ec2.internal",
                    "PrivateIpAddress": "10.0.19.19"
                },
                {
                    "Primary": false,
                    "PrivateDnsName": "ip-10-0-21-15.ec2.internal",
                    "PrivateIpAddress": "10.0.21.15"
                },
                {
                    "Primary": false,
                    "PrivateDnsName": "ip-10-0-19-34.ec2.internal",
                    "PrivateIpAddress": "10.0.19.34"
                }
            ],
            "RequesterId": "470192892696",
            "RequesterManaged": false,
            "SourceDestCheck": false,
            "Status": "in-use",
            "SubnetId": "subnet-0295427b95b9c2831",
            "TagSet": [
                {
                    "Key": "AmazonFSx.FileSystemId",
                    "Value": "fs-0b8f145a32d809221"
                }
            ],
            "VpcId": "vpc-0026585a9c8fcb68b"
        },
        {
            "Attachment": {
                "AttachTime": "2022-08-02T01:06:55+00:00",
                "AttachmentId": "eni-attach-0110ac5164f0a8ddb",
                "DeleteOnTermination": false,
                "DeviceIndex": 0,
                "NetworkCardIndex": 0,
                "InstanceId": "i-0491369ded364f11d",
                "InstanceOwnerId": "<AWSアカウントID>",
                "Status": "attached"
            },
            "AvailabilityZone": "us-east-1b",
            "Description": "",
            "Groups": [
                {
                    "GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-WorkloadSecurityGroup-1MVLVWDH2MJ4E",
                    "GroupId": "sg-08ed0f378bd607afd"
                },
                {
                    "GroupName": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L-ONTAPSecurityGroup-1HFXYPO5I6G0M",
                    "GroupId": "sg-05fc73637d21895ea"
                }
            ],
            "InterfaceType": "interface",
            "Ipv6Addresses": [],
            "MacAddress": "02:f1:48:45:74:43",
            "NetworkInterfaceId": "eni-068c3dd415558a96e",
            "OwnerId": "<AWSアカウントID>",
            "PrivateDnsName": "ip-10-0-28-119.ec2.internal",
            "PrivateIpAddress": "10.0.28.119",
            "PrivateIpAddresses": [
                {
                    "Primary": true,
                    "PrivateDnsName": "ip-10-0-28-119.ec2.internal",
                    "PrivateIpAddress": "10.0.28.119"
                },
                {
                    "Primary": false,
                    "PrivateDnsName": "ip-10-0-30-89.ec2.internal",
                    "PrivateIpAddress": "10.0.30.89"
                },
                {
                    "Primary": false,
                    "PrivateDnsName": "ip-10-0-19-202.ec2.internal",
                    "PrivateIpAddress": "10.0.19.202"
                }
            ],
            "RequesterId": "043234062703",
            "RequesterManaged": false,
            "SourceDestCheck": true,
            "Status": "in-use",
            "SubnetId": "subnet-0295427b95b9c2831",
            "TagSet": [
                {
                    "Key": "aws:cloudformation:stack-name",
                    "Value": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L"
                },
                {
                    "Key": "LaunchWizardApplicationType",
                    "Value": "SQL_SERVER"
                },
                {
                    "Key": "aws:cloudformation:logical-id",
                    "Value": "NetworkInterface2"
                },
                {
                    "Key": "SourceTemplate",
                    "Value": "AWSLaunchWizard"
                },
                {
                    "Key": "Name",
                    "Value": "FCIVAmSWhwgL9V1"
                },
                {
                    "Key": "LaunchWizardResourceGroupID",
                    "Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
                },
                {
                    "Key": "aws:cloudformation:stack-id",
                    "Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L/71df7700-11fa-11ed-a605-0a33f5a9182b"
                }
            ],
            "VpcId": "vpc-0026585a9c8fcb68b"
        },
        {
            "Attachment": {
                "AttachTime": "2022-08-01T23:59:06+00:00",
                "AttachmentId": "eni-attach-0024053b7c9aff02d",
                "DeleteOnTermination": false,
                "DeviceIndex": 1,
                "NetworkCardIndex": 0,
                "InstanceOwnerId": "803884302965",
                "Status": "attached"
            },
            "AvailabilityZone": "us-east-1b",
            "Description": "AWS created network interface for directory d-9067b20bbb",
            "Groups": [
                {
                    "GroupName": "d-9067b20bbb_controllers",
                    "GroupId": "sg-0be8d48e27b84bec5"
                }
            ],
            "InterfaceType": "interface",
            "Ipv6Addresses": [],
            "MacAddress": "02:30:ca:a6:4f:01",
            "NetworkInterfaceId": "eni-00d6f4a41c771305d",
            "OwnerId": "<AWSアカウントID>",
            "PrivateDnsName": "ip-10-0-16-116.ec2.internal",
            "PrivateIpAddress": "10.0.16.116",
            "PrivateIpAddresses": [
                {
                    "Primary": true,
                    "PrivateDnsName": "ip-10-0-16-116.ec2.internal",
                    "PrivateIpAddress": "10.0.16.116"
                }
            ],
            "RequesterId": "803884302965",
            "RequesterManaged": true,
            "SourceDestCheck": true,
            "Status": "in-use",
            "SubnetId": "subnet-0295427b95b9c2831",
            "TagSet": [],
            "VpcId": "vpc-0026585a9c8fcb68b"
        }
    ]
}

FSx for ONTAPのENIにIPアドレスが3つ付いていてニヤニヤしちゃいますね。

FSx for ONTAPファイルシステム

FSx for ONTAPファイルシステムの確認をします。

$ aws fsx describe-file-systems
{
    "FileSystems": [
        {
            "OwnerId": "<AWSアカウントID>",
            "CreationTime": "2022-08-02T01:01:38.633000+00:00",
            "FileSystemId": "fs-0b8f145a32d809221",
            "FileSystemType": "ONTAP",
            "Lifecycle": "AVAILABLE",
            "StorageCapacity": 1024,
            "StorageType": "SSD",
            "VpcId": "vpc-0026585a9c8fcb68b",
            "SubnetIds": [
                "subnet-0c5d66ec1307e28fc",
                "subnet-0295427b95b9c2831"
            ],
            "NetworkInterfaceIds": [
                "eni-002e2f11517086ffe",
                "eni-0a4ba65000f04ea41"
            ],
            "KmsKeyId": "arn:aws:kms:us-east-1:<AWSアカウントID>:key/365ae19c-8016-4963-9afd-05f703509254",
            "ResourceARN": "arn:aws:fsx:us-east-1:<AWSアカウントID>:file-system/fs-0b8f145a32d809221",
            "Tags": [
                {
                    "Key": "aws:cloudformation:stack-name",
                    "Value": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L"
                },
                {
                    "Key": "aws:cloudformation:stack-id",
                    "Value": "arn:aws:cloudformation:us-east-1:<AWSアカウントID>:stack/LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L/71df7700-11fa-11ed-a605-0a33f5a9182b"
                },
                {
                    "Key": "LaunchWizardApplicationType",
                    "Value": "SQL_SERVER"
                },
                {
                    "Key": "LaunchWizardResourceGroupID",
                    "Value": "7a872dce-5b69-4868-9571-0c125f87d5bd"
                },
                {
                    "Key": "SourceTemplate",
                    "Value": "AWSLaunchWizard"
                },
                {
                    "Key": "aws:cloudformation:logical-id",
                    "Value": "FSxONTAPFileSystemMAD"
                },
                {
                    "Key": "Name",
                    "Value": "LaunchWizard-FCI-SQLServerONTAPStack-ZUY7J0VRYC5L"
                }
            ],
            "OntapConfiguration": {
                "DeploymentType": "MULTI_AZ_1",
                "EndpointIpAddressRange": "198.19.255.0/24",
                "Endpoints": {
                    "Intercluster": {
                        "DNSName": "intercluster.fs-0b8f145a32d809221.fsx.us-east-1.amazonaws.com",
                        "IpAddresses": [
                            "10.0.3.248",
                            "10.0.19.19"
                        ]
                    },
                    "Management": {
                        "DNSName": "management.fs-0b8f145a32d809221.fsx.us-east-1.amazonaws.com",
                        "IpAddresses": [
                            "198.19.255.122"
                        ]
                    }
                },
                "DiskIopsConfiguration": {
                    "Mode": "AUTOMATIC",
                    "Iops": 3072
                },
                "PreferredSubnetId": "subnet-0c5d66ec1307e28fc",
                "RouteTableIds": [
                    "rtb-0e4987a1c063dce77",
                    "rtb-0addf80e74e9feeb4"
                ],
                "ThroughputCapacity": 128,
                "WeeklyMaintenanceStartTime": "4:16:30"
            }
        }
    ]
}

ストレージサイズは下限の1024GBになってますね。

FSx for ONTAP SVM

FSx for ONTAPのSVMの確認をします。

$ aws fsx describe-storage-virtual-machines
{
    "StorageVirtualMachines": [
        {
            "CreationTime": "2022-08-02T01:02:29.698000+00:00",
            "Endpoints": {
                "Iscsi": {
                    "DNSName": "iscsi.svm-026266713b1afd873.fs-0b8f145a32d809221.fsx.us-east-1.amazonaws.com",
                    "IpAddresses": [
                        "10.0.1.243",
                        "10.0.19.34"
                    ]
                },
                "Management": {
                    "DNSName": "svm-026266713b1afd873.fs-0b8f145a32d809221.fsx.us-east-1.amazonaws.com",
                    "IpAddresses": [
                        "198.19.255.243"
                    ]
                },
                "Nfs": {
                    "DNSName": "svm-026266713b1afd873.fs-0b8f145a32d809221.fsx.us-east-1.amazonaws.com",
                    "IpAddresses": [
                        "198.19.255.243"
                    ]
                }
            },
            "FileSystemId": "fs-0b8f145a32d809221",
            "Lifecycle": "CREATED",
            "Name": "sql-svm01",
            "ResourceARN": "arn:aws:fsx:us-east-1:<AWSアカウントID>:storage-virtual-machine/fs-0b8f145a32d809221/svm-026266713b1afd873",
            "StorageVirtualMachineId": "svm-026266713b1afd873",
            "Subtype": "DEFAULT",
            "UUID": "e81aae27-11fe-11ed-a23a-25f39db72949"
        }
    ]
}

ドメイン周りの情報が設定されていないので、SMBは使っていなさそうです。

FSx for ONTAPボリューム

FSx for ONTAPのボリュームの確認をします。

$ aws fsx describe-volumes
{
    "Volumes": [
        {
            "CreationTime": "2022-08-02T01:03:33+00:00",
            "FileSystemId": "fs-0b8f145a32d809221",
            "Lifecycle": "CREATED",
            "Name": "sql_svm01_root",
            "OntapConfiguration": {
                "FlexCacheEndpointType": "NONE",
                "JunctionPath": "/",
                "SecurityStyle": "NTFS",
                "SizeInMegabytes": 1024,
                "StorageEfficiencyEnabled": false,
                "StorageVirtualMachineId": "svm-026266713b1afd873",
                "StorageVirtualMachineRoot": true,
                "TieringPolicy": {
                    "Name": "NONE"
                },
                "UUID": "ee16a43e-11fe-11ed-a23a-25f39db72949",
                "OntapVolumeType": "RW"
            },
            "ResourceARN": "arn:aws:fsx:us-east-1:<AWSアカウントID>:volume/fs-0b8f145a32d809221/fsvol-0d99e7568fe0c91ce",
            "VolumeId": "fsvol-0d99e7568fe0c91ce",
            "VolumeType": "ONTAP"
        },
        {
            "CreationTime": "2022-08-02T01:05:44.390000+00:00",
            "FileSystemId": "fs-0b8f145a32d809221",
            "Lifecycle": "CREATED",
            "Name": "SQLCluster01",
            "OntapConfiguration": {
                "FlexCacheEndpointType": "NONE",
                "JunctionPath": "/volume11",
                "SecurityStyle": "UNIX",
                "SizeInMegabytes": 891290,
                "StorageEfficiencyEnabled": false,
                "StorageVirtualMachineId": "svm-026266713b1afd873",
                "StorageVirtualMachineRoot": false,
                "TieringPolicy": {
                    "Name": "NONE"
                },
                "UUID": "3e10b547-11ff-11ed-a23a-25f39db72949",
                "OntapVolumeType": "RW"
            },
            "ResourceARN": "arn:aws:fsx:us-east-1:<AWSアカウントID>:volume/fs-0b8f145a32d809221/fsvol-0d313b887f24fac7d",
            "VolumeId": "fsvol-0d313b887f24fac7d",
            "VolumeType": "ONTAP"
        }
    ]
}

SVMのルートボリュームの他に891,290MBのボリュームが一つ作成されていました。一つのボリューム内にSQL Serverのデータ用やログ用と複数のLUNを作成していそうです。

Managed Microsoft AD

Managed Microsoft ADの確認をします。

$ aws ds describe-directories
{
    "DirectoryDescriptions": [
        {
            "DirectoryId": "d-9067b20bbb",
            "Name": "corp.non-97.net",
            "ShortName": "corp",
            "Size": "Large",
            "Edition": "Enterprise",
            "Alias": "d-9067b20bbb",
            "AccessUrl": "d-9067b20bbb.awsapps.com",
            "DnsIpAddrs": [
                "10.0.5.1",
                "10.0.16.116"
            ],
            "Stage": "Active",
            "LaunchTime": "2022-08-01T23:58:13.883000+00:00",
            "StageLastUpdatedDateTime": "2022-08-02T00:29:08.817000+00:00",
            "Type": "MicrosoftAD",
            "VpcSettings": {
                "VpcId": "vpc-0026585a9c8fcb68b",
                "SubnetIds": [
                    "subnet-0c5d66ec1307e28fc",
                    "subnet-0295427b95b9c2831"
                ],
                "SecurityGroupId": "sg-0be8d48e27b84bec5",
                "AvailabilityZones": [
                    "us-east-1a",
                    "us-east-1b"
                ]
            },
            "SsoEnabled": false,
            "DesiredNumberOfDomainControllers": 2,
            "RegionsInfo": {
                "PrimaryRegion": "us-east-1",
                "AdditionalRegions": []
            }
        }
    ]
}

Enterprise Editionのようです。

ドメインコントローラーの情報は以下の通りです。

$ aws ds describe-domain-controllers \
    --directory-id d-9067b20bbb
{
    "DomainControllers": [
        {
            "DirectoryId": "d-9067b20bbb",
            "DomainControllerId": "dc-906729bad2",
            "DnsIpAddr": "10.0.5.1",
            "VpcId": "vpc-0026585a9c8fcb68b",
            "SubnetId": "subnet-0c5d66ec1307e28fc",
            "AvailabilityZone": "us-east-1a",
            "Status": "Active",
            "LaunchTime": "2022-08-01T23:58:13.936000+00:00",
            "StatusLastUpdatedDateTime": "2022-08-02T00:29:08.754000+00:00"
        },
        {
            "DirectoryId": "d-9067b20bbb",
            "DomainControllerId": "dc-906729bad3",
            "DnsIpAddr": "10.0.16.116",
            "VpcId": "vpc-0026585a9c8fcb68b",
            "SubnetId": "subnet-0295427b95b9c2831",
            "AvailabilityZone": "us-east-1b",
            "Status": "Active",
            "LaunchTime": "2022-08-01T23:58:13.955000+00:00",
            "StatusLastUpdatedDateTime": "2022-08-02T00:29:08.788000+00:00"
        }
    ]
}

Windows周りの設定の確認

役割と機能

次にWindows周りの設定の確認をします。

まずは役割と機能です。

> Get-WindowsFeature | Where-object {$_.Installed -eq $True}

Display Name                                            Name                       Install State
------------                                            ----                       -------------
[X] File and Storage Services                           FileAndStorage-Services        Installed
    [X] File and iSCSI Services                         File-Services                  Installed
        [X] File Server                                 FS-FileServer                  Installed
    [X] Storage Services                                Storage-Services               Installed
[X] .NET Framework 4.7 Features                         NET-Framework-45-Fea...        Installed
    [X] .NET Framework 4.7                              NET-Framework-45-Core          Installed
    [X] WCF Services                                    NET-WCF-Services45             Installed
        [X] TCP Port Sharing                            NET-WCF-TCP-PortShar...        Installed
[X] Failover Clustering                                 Failover-Clustering            Installed
[X] Multipath I/O                                       Multipath-IO                   Installed
[X] Remote Server Administration Tools                  RSAT                           Installed
    [X] Feature Administration Tools                    RSAT-Feature-Tools             Installed
        [X] Failover Clustering Tools                   RSAT-Clustering                Installed
            [X] Failover Cluster Management Tools       RSAT-Clustering-Mgmt           Installed
            [X] Failover Cluster Module for Windows ... RSAT-Clustering-Powe...        Installed
            [X] Failover Cluster Command Interface      RSAT-Clustering-CmdI...        Installed
    [X] Role Administration Tools                       RSAT-Role-Tools                Installed
        [X] AD DS and AD LDS Tools                      RSAT-AD-Tools                  Installed
            [X] Active Directory module for Windows ... RSAT-AD-PowerShell             Installed
        [X] DNS Server Tools                            RSAT-DNS-Server                Installed
[X] System Data Archiver                                System-DataArchiver            Installed
[X] Windows Defender Antivirus                          Windows-Defender               Installed
[X] Windows PowerShell                                  PowerShellRoot                 Installed
    [X] Windows PowerShell 5.1                          PowerShell                     Installed
    [X] Windows PowerShell ISE                          PowerShell-ISE                 Installed
[X] WoW64 Support                                       WoW64-Support                  Installed
[X] XPS Viewer                                          XPS-Viewer                     Installed

ADの管理ツールが足りなかったので、PowerShellでインストールします。

> Install-WindowsFeature -Name RSAT-ADDS

Success Restart Needed Exit Code      Feature Result
------- -------------- ---------      --------------
True    No             Success        {Active Directory Administrative Center, A...

# 
> Get-WindowsFeature | Where-object {$_.Installed -eq $True}

Display Name                                            Name                       Install State
------------                                            ----                       -------------
[X] File and Storage Services                           FileAndStorage-Services        Installed
    [X] File and iSCSI Services                         File-Services                  Installed
        [X] File Server                                 FS-FileServer                  Installed
    [X] Storage Services                                Storage-Services               Installed
[X] .NET Framework 4.7 Features                         NET-Framework-45-Fea...        Installed
    [X] .NET Framework 4.7                              NET-Framework-45-Core          Installed
    [X] WCF Services                                    NET-WCF-Services45             Installed
        [X] TCP Port Sharing                            NET-WCF-TCP-PortShar...        Installed
[X] Failover Clustering                                 Failover-Clustering            Installed
[X] Multipath I/O                                       Multipath-IO                   Installed
[X] Remote Server Administration Tools                  RSAT                           Installed
    [X] Feature Administration Tools                    RSAT-Feature-Tools             Installed
        [X] Failover Clustering Tools                   RSAT-Clustering                Installed
            [X] Failover Cluster Management Tools       RSAT-Clustering-Mgmt           Installed
            [X] Failover Cluster Module for Windows ... RSAT-Clustering-Powe...        Installed
            [X] Failover Cluster Command Interface      RSAT-Clustering-CmdI...        Installed
    [X] Role Administration Tools                       RSAT-Role-Tools                Installed
        [X] AD DS and AD LDS Tools                      RSAT-AD-Tools                  Installed
            [X] Active Directory module for Windows ... RSAT-AD-PowerShell             Installed
            [X] AD DS Tools                             RSAT-ADDS                      Installed
                [X] Active Directory Administrative ... RSAT-AD-AdminCenter            Installed
                [X] AD DS Snap-Ins and Command-Line ... RSAT-ADDS-Tools                Installed
        [X] DNS Server Tools                            RSAT-DNS-Server                Installed
[X] System Data Archiver                                System-DataArchiver            Installed
[X] Windows Defender Antivirus                          Windows-Defender               Installed
[X] Windows PowerShell                                  PowerShellRoot                 Installed
    [X] Windows PowerShell 5.1                          PowerShell                     Installed
    [X] Windows PowerShell ISE                          PowerShell-ISE                 Installed
[X] WoW64 Support                                       WoW64-Support                  Installed
[X] XPS Viewer

ドライブ一覧

各EC2インスタンスのドライブ一覧を確認します。

EC2インスタンスFCIV9arshUSNpXyのドライブ一覧は以下の通りです。

> Get-PSDrive

Name           Used (GB)     Free (GB) Provider      Root                                                                                                    CurrentLocation
----           ---------     --------- --------      ----                                                                                                    ---------------
Alias                                  Alias
C                  37.46         62.54 FileSystem    C:\                                                                                                    Windows\system32
Cert                                   Certificate   \
Env                                    Environment
Function                               Function
HKCU                                   Registry      HKEY_CURRENT_USER
HKLM                                   Registry      HKEY_LOCAL_MACHINE
Variable                               Variable
WSMan                                  WSMan

Cドライブしかありません。

EC2インスタンスFCIVAmSWhwgL9V1のドライブ一覧は以下の通りです。

> Get-PSDrive

Name           Used (GB)     Free (GB) Provider      Root                                                                                                    CurrentLocation
----           ---------     --------- --------      ----                                                                                                    ---------------
Alias                                  Alias
C                  33.79         66.20 FileSystem    C:\                                                                                                    Windows\system32
Cert                                   Certificate   \
Env                                    Environment
Function                               Function
HKCU                                   Registry      HKEY_CURRENT_USER
HKLM                                   Registry      HKEY_LOCAL_MACHINE
L                   0.11         79.87 FileSystem    L:\
Q                   0.04          0.94 FileSystem    Q:\
S                   0.25        398.73 FileSystem    S:\
Variable                               Variable
WSMan                                  WSMan

こちらのEC2インスタンスではLドライブやQドライブ、Sドライブの確認ができました。

どうやらFCIVAmSWhwgL9V1がアクティブなノードなようです。

ドメイン内のコンピューターオブジェクト

ドメイン内のコンピューターオブジェクトを確認します。

PS C:\Users\admin>  Get-ADComputer -Filter *

DistinguishedName : CN=WIN-RA95CDF2PMG,OU=Domain Controllers,DC=corp,DC=non-97,DC=net
DNSHostName       : WIN-RA95CDF2PMG.corp.non-97.net
Enabled           : True
Name              : WIN-RA95CDF2PMG
ObjectClass       : computer
ObjectGUID        : 98ca9ee8-9d68-420d-98b8-615fd00153de
SamAccountName    : WIN-RA95CDF2PMG$
SID               : S-1-5-21-514741421-2750270180-1483028601-1009
UserPrincipalName :

DistinguishedName : CN=WIN-VCE7PVFB6AN,OU=Domain Controllers,DC=corp,DC=non-97,DC=net
DNSHostName       : WIN-VCE7PVFB6AN.corp.non-97.net
Enabled           : True
Name              : WIN-VCE7PVFB6AN
ObjectClass       : computer
ObjectGUID        : ecadc55e-a4b0-40ff-b140-f17022a91475
SamAccountName    : WIN-VCE7PVFB6AN$
SID               : S-1-5-21-514741421-2750270180-1483028601-1112
UserPrincipalName :

DistinguishedName : CN=FCIVAMSWHWGL9V1,OU=Computers,OU=corp,DC=corp,DC=non-97,DC=net
DNSHostName       : FCIVAmSWhwgL9V1.corp.non-97.net
Enabled           : True
Name              : FCIVAMSWHWGL9V1
ObjectClass       : computer
ObjectGUID        : 5cb84c24-23be-4be5-b7c9-91bfd2b20a92
SamAccountName    : FCIVAMSWHWGL9V1$
SID               : S-1-5-21-514741421-2750270180-1483028601-1143
UserPrincipalName :

DistinguishedName : CN=FCIV9ARSHUSNPXY,OU=Computers,OU=corp,DC=corp,DC=non-97,DC=net
DNSHostName       : FCIV9arshUSNpXy.corp.non-97.net
Enabled           : True
Name              : FCIV9ARSHUSNPXY
ObjectClass       : computer
ObjectGUID        : f1216129-fc71-413f-ab0c-075b18ef4ed3
SamAccountName    : FCIV9ARSHUSNPXY$
SID               : S-1-5-21-514741421-2750270180-1483028601-1610
UserPrincipalName :

DistinguishedName : CN=FCILZxZ47FrpFiE,OU=Computers,OU=corp,DC=corp,DC=non-97,DC=net
DNSHostName       : FCILZxZ47FrpFiE.corp.non-97.net
Enabled           : True
Name              : FCILZxZ47FrpFiE
ObjectClass       : computer
ObjectGUID        : 41c11a66-ecf3-4e41-a1fb-9b20e9b6311f
SamAccountName    : FCILZxZ47FrpFiE$
SID               : S-1-5-21-514741421-2750270180-1483028601-1145
UserPrincipalName :

DistinguishedName : CN=FCIsbC8sKn4EGPM,OU=Computers,OU=corp,DC=corp,DC=non-97,DC=net
DNSHostName       : FCIsbC8sKn4EGPM.corp.non-97.net
Enabled           : True
Name              : FCIsbC8sKn4EGPM
ObjectClass       : computer
ObjectGUID        : ad703545-4890-495f-8a72-0e86be6a8b07
SamAccountName    : FCIsbC8sKn4EGPM$
SID               : S-1-5-21-514741421-2750270180-1483028601-1146
UserPrincipalName :

ドメインコントローラー(WIN-RA95CDF2PMG,WIN-VCE7PVFB6AN)とEC2インスタンス(FCIVAmSWhwgL9V1,FCIV9arshUSNpXy)、クラスターで使うオブジェクト(FCILZxZ47FrpFiE,FCIsbC8sKn4EGPM)が作成されていました。

ドメイン内のユーザーオブジェクト

ドメイン内のユーザーオブジェクトの確認をします。

PS C:\Users\admin> Get-ADUser -Filter *

DistinguishedName : CN=Administrator,OU=AWS Reserved,DC=corp,DC=non-97,DC=net
Enabled           : True
GivenName         :
Name              : Administrator
ObjectClass       : user
ObjectGUID        : c54cbf8b-60b5-457b-a5e6-91fcc7c13c5c
SamAccountName    : Administrator
SID               : S-1-5-21-514741421-2750270180-1483028601-500
Surname           :
UserPrincipalName : administrator@corp.non-97.net

DistinguishedName : CN=Guest,CN=Users,DC=corp,DC=non-97,DC=net
Enabled           : False
GivenName         :
Name              : Guest
ObjectClass       : user
ObjectGUID        : a4814600-6cb4-4cbd-bf36-385bcb67df4c
SamAccountName    : Guest
SID               : S-1-5-21-514741421-2750270180-1483028601-501
Surname           :
UserPrincipalName :

DistinguishedName : CN=krbtgt,CN=Users,DC=corp,DC=non-97,DC=net
Enabled           : False
GivenName         :
Name              : krbtgt
ObjectClass       : user
ObjectGUID        : 90ac0678-ef0d-4679-a351-81a2e0b32020
SamAccountName    : krbtgt
SID               : S-1-5-21-514741421-2750270180-1483028601-502
Surname           :
UserPrincipalName :

DistinguishedName : CN=Admin,OU=Users,OU=corp,DC=corp,DC=non-97,DC=net
Enabled           : True
GivenName         :
Name              : Admin
ObjectClass       : user
ObjectGUID        : 33b1883d-55a5-4f4e-ab6c-f1ed135111a3
SamAccountName    : Admin
SID               : S-1-5-21-514741421-2750270180-1483028601-1113
Surname           :
UserPrincipalName : admin@corp.non-97.net

DistinguishedName : CN=sqladmin,OU=Users,OU=corp,DC=corp,DC=non-97,DC=net
Enabled           : True
GivenName         :
Name              : sqladmin
ObjectClass       : user
ObjectGUID        : 151cb348-f7fd-4b69-96d6-1d3470aff2ba
SamAccountName    : sqladmin
SID               : S-1-5-21-514741421-2750270180-1483028601-1144
Surname           :
UserPrincipalName : sqladmin@corp.non-97.net

OU=Users,OU=corp,DC=corp,DC=non-97,DC=netにAdminとsqladminが作成されていました。

DNS

DNSのレコードを確認します。

前方参照ゾーンは以下の通りです。

DNS_foward

逆引き参照ゾーンは以下の通りです。

DNS_reverse

iSCSI

FCIV9arshUSNpXyのiSCSIの確認をしてみます。

# iSCSIターゲット
> Get-IscsiTarget

IsConnected NodeAddress                                                     PSComputerName
----------- -----------                                                     --------------
       True iqn.1992-08.com.netapp:sn.e81aae2711fe11eda23a25f39db72949:vs.3

# iSCSIターゲットポータル
> Get-IscsiTargetPortal

InitiatorInstanceName  : ROOT\ISCSIPRT\0000_0
InitiatorPortalAddress : 10.0.1.211
IsDataDigest           : False
IsHeaderDigest         : False
TargetPortalAddress    : 10.0.1.243
TargetPortalPortNumber : 3260
PSComputerName         :

InitiatorInstanceName  : ROOT\ISCSIPRT\0000_0
InitiatorPortalAddress : 10.0.1.211
IsDataDigest           : False
IsHeaderDigest         : False
TargetPortalAddress    : 10.0.19.34
TargetPortalPortNumber : 3260
PSComputerName         :

# iSCSIコネクション
> Get-IscsiConnection

ConnectionIdentifier : ffffb60f3ca8b010-0
InitiatorAddress     : 10.0.1.211
InitiatorPortNumber  : 2242
TargetAddress        : 10.0.19.34
TargetPortNumber     : 3260
PSComputerName       :

ConnectionIdentifier : ffffb60f3ca8b010-1
InitiatorAddress     : 10.0.1.211
InitiatorPortNumber  : 2498
TargetAddress        : 10.0.1.243
TargetPortNumber     : 3260
PSComputerName       :

ConnectionIdentifier : ffffb60f3ca8b010-2
InitiatorAddress     : 10.0.1.211
InitiatorPortNumber  : 2754
TargetAddress        : 10.0.19.34
TargetPortNumber     : 3260
PSComputerName       :

ConnectionIdentifier : ffffb60f3ca8b010-3
InitiatorAddress     : 10.0.1.211
InitiatorPortNumber  : 3010
TargetAddress        : 10.0.1.243
TargetPortNumber     : 3260
PSComputerName       :

ConnectionIdentifier : ffffb60f3ca8b010-4
InitiatorAddress     : 10.0.1.211
InitiatorPortNumber  : 3266
TargetAddress        : 10.0.1.243
TargetPortNumber     : 3260
PSComputerName       :

# iSCSIセッション
> Get-IscsiSession

AuthenticationType      : NONE
InitiatorInstanceName   : ROOT\ISCSIPRT\0000_0
InitiatorNodeAddress    : iqn.1991-05.com.microsoft:fciv9arshusnpxy
InitiatorPortalAddress  : 10.0.1.211
InitiatorSideIdentifier : 40000137000a
IsConnected             : True
IsDataDigest            : False
IsDiscovered            : True
IsHeaderDigest          : False
IsPersistent            : True
NumberOfConnections     : 1
SessionIdentifier       : ffffb60f3ca8b010-4000013700000001
TargetNodeAddress       : iqn.1992-08.com.netapp:sn.e81aae2711fe11eda23a25f39db72949:vs.3
TargetSideIdentifier    : 0200
PSComputerName          :

AuthenticationType      : NONE
InitiatorInstanceName   : ROOT\ISCSIPRT\0000_0
InitiatorNodeAddress    : iqn.1991-05.com.microsoft:fciv9arshusnpxy
InitiatorPortalAddress  : 10.0.1.211
InitiatorSideIdentifier : 400001370005
IsConnected             : True
IsDataDigest            : False
IsDiscovered            : True
IsHeaderDigest          : False
IsPersistent            : True
NumberOfConnections     : 1
SessionIdentifier       : ffffb60f3ca8b010-4000013700000002
TargetNodeAddress       : iqn.1992-08.com.netapp:sn.e81aae2711fe11eda23a25f39db72949:vs.3
TargetSideIdentifier    : 0300
PSComputerName          :

AuthenticationType      : NONE
InitiatorInstanceName   : ROOT\ISCSIPRT\0000_0
InitiatorNodeAddress    : iqn.1991-05.com.microsoft:fciv9arshusnpxy
InitiatorPortalAddress  : 10.0.1.211
InitiatorSideIdentifier : 400001370006
IsConnected             : True
IsDataDigest            : False
IsDiscovered            : True
IsHeaderDigest          : False
IsPersistent            : True
NumberOfConnections     : 1
SessionIdentifier       : ffffb60f3ca8b010-4000013700000003
TargetNodeAddress       : iqn.1992-08.com.netapp:sn.e81aae2711fe11eda23a25f39db72949:vs.3
TargetSideIdentifier    : 0100
PSComputerName          :

AuthenticationType      : NONE
InitiatorInstanceName   : ROOT\ISCSIPRT\0000_0
InitiatorNodeAddress    : iqn.1991-05.com.microsoft:fciv9arshusnpxy
InitiatorPortalAddress  : 10.0.1.211
InitiatorSideIdentifier : 400001370008
IsConnected             : True
IsDataDigest            : False
IsDiscovered            : True
IsHeaderDigest          : False
IsPersistent            : True
NumberOfConnections     : 1
SessionIdentifier       : ffffb60f3ca8b010-4000013700000004
TargetNodeAddress       : iqn.1992-08.com.netapp:sn.e81aae2711fe11eda23a25f39db72949:vs.3
TargetSideIdentifier    : 0200
PSComputerName          :

AuthenticationType      : NONE
InitiatorInstanceName   : ROOT\ISCSIPRT\0000_0
InitiatorNodeAddress    : iqn.1991-05.com.microsoft:fciv9arshusnpxy
InitiatorPortalAddress  : 10.0.1.211
InitiatorSideIdentifier : 400001370001
IsConnected             : True
IsDataDigest            : False
IsDiscovered            : True
IsHeaderDigest          : False
IsPersistent            : True
NumberOfConnections     : 1
SessionIdentifier       : ffffb60f3ca8b010-4000013700000005
TargetNodeAddress       : iqn.1992-08.com.netapp:sn.e81aae2711fe11eda23a25f39db72949:vs.3
TargetSideIdentifier    : 0100
PSComputerName          :

FSx for ONTAPの各AZのENIに計5つコネクションとセッションが張られいました。

Failover Cluster

Failoverクラスターの各種情報を確認してみます。

長過ぎたので折りたたみます。

Failover Cluster (折りたたみ)
# クラスター
> Get-Cluster | Format-List -Property *

AddEvictDelay                           : 60
AdministrativeAccessPoint               : ActiveDirectoryAndDns
AutoAssignNodeSite                      : 0
AutoBalancerMode                        : 2
AutoBalancerLevel                       : 1
BackupInProgress                        : 0
BlockCacheSize                          : 1024
DetectedCloudPlatform                   : None
DetectManagedEvents                     : 1
DetectManagedEventsThreshold            : 60
ClusSvcHangTimeout                      : 135
ClusSvcRegroupStageTimeout              : 15
ClusSvcRegroupTickInMilliseconds        : 300
ClusterEnforcedAntiAffinity             : 0
ClusterFunctionalLevel                  : 10
ClusterUpgradeVersion                   : 3
ClusterGroupWaitDelay                   : 120
ClusterLogLevel                         : 3
ClusterLogSize                          : 1536
CrossSiteDelay                          : 1000
CrossSiteThreshold                      : 20
CrossSubnetDelay                        : 1000
CrossSubnetThreshold                    : 20
CsvBalancer                             : 1
DatabaseReadWriteMode                   : 0
DefaultNetworkRole                      : 3
Description                             :
Domain                                  : corp.non-97.net
DrainOnShutdown                         : 1
DumpPolicy                              : 1376850201
DynamicQuorum                           : 1
EnableSharedVolumes                     : Enabled
FixQuorum                               : 0
GroupDependencyTimeout                  : 600
HangRecoveryAction                      : 6
Id                                      : 63197947-8cf4-4e3f-aeaf-5c5e6b2ade74
IgnorePersistentStateOnStartup          : 0
LogResourceControls                     : 0
LowerQuorumPriorityNodeId               : 0
MessageBufferLength                     : 50
MinimumNeverPreemptPriority             : 3000
MinimumPreemptorPriority                : 1
Name                                    : FCILZxZ47FrpFiE
NetftIPSecEnabled                       : 1
PlacementOptions                        : 0
PlumbAllCrossSubnetRoutes               : 0
PreferredSite                           :
PreventQuorum                           : 0
QuarantineDuration                      : 7200
QuarantineThreshold                     : 3
QuorumArbitrationTimeMax                : 20
RecentEventsResetTime                   : 8/2/2022 1:47:28 AM
RequestReplyTimeout                     : 60
ResiliencyDefaultPeriod                 : 240
ResiliencyLevel                         : AlwaysIsolate
RouteHistoryLength                      : 40
S2DBusTypes                             : 0
S2DCacheBehavior                        : Default
S2DCacheDesiredState                    : Enabled
S2DCacheMetadataReserveBytes            : 34359738368
S2DCachePageSizeKBytes                  : 16
S2DEnabled                              : 0
S2DIOLatencyThreshold                   : 10000
S2DOptimizations                        : 0
SameSubnetDelay                         : 1000
SameSubnetThreshold                     : 20
SecurityLevel                           : 1
SecurityLevelForStorage                 : 0
SharedVolumeCompatibleFilters           : {}
SharedVolumeIncompatibleFilters         : {}
SharedVolumeSecurityDescriptor          : {1, 0, 4, 128...}
SharedVolumesRoot                       : C:\ClusterStorage
SharedVolumeVssWriterOperationTimeout   : 1800
ShutdownTimeoutInMinutes                : 20
UseClientAccessNetworksForSharedVolumes : 2
WitnessDatabaseWriteTimeout             : 300
WitnessDynamicWeight                    : 1
WitnessRestartInterval                  : 15
EnabledEventLogs                        : {Microsoft-Windows-Hyper-V-VmSwitch-Diagnostic,4,0xFFFFFFFD,
                                          Microsoft-Windows-SMBDirect/Debug,4, Microsoft-Windows-SMBServer/Analytic,
                                          Microsoft-Windows-Kernel-LiveDump/Analytic}

# クラスターグループ
>  Get-ClusterGroup  | Format-List -Property *

AntiAffinityClassNames : {}
AutoFailbackType       : 0
ColdStartSetting       : 0
Cluster                : FCILZxZ47FrpFiE
DefaultOwner           : 4294967295
Description            :
GroupType              : AvailableStorage
FailoverPeriod         : 6
FailoverThreshold      : 0
FailbackWindowEnd      : 4294967295
FailbackWindowStart    : 4294967295
FaultDomain            : 0
IsCoreGroup            : True
Name                   : Available Storage
OwnerNode              : FCIVAmSWhwgL9V1
PersistentState        : 0
PlacementOptions       : 0
PreferredSite          : {}
Priority               : 1000
ResiliencyPeriod       : 0
State                  : Online
StatusInformation      : 0
UpdateDomain           : 0
Id                     : d4aa5161-65d8-4615-9e55-c3a7c183f8bc

AntiAffinityClassNames : {}
AutoFailbackType       : 0
ColdStartSetting       : 0
Cluster                : FCILZxZ47FrpFiE
DefaultOwner           : 4294967295
Description            :
GroupType              : Cluster
FailoverPeriod         : 6
FailoverThreshold      : 4294967295
FailbackWindowEnd      : 4294967295
FailbackWindowStart    : 4294967295
FaultDomain            : 0
IsCoreGroup            : True
Name                   : Cluster Group
OwnerNode              : FCIVAmSWhwgL9V1
PersistentState        : 1
PlacementOptions       : 0
PreferredSite          : {}
Priority               : 13000
ResiliencyPeriod       : 0
State                  : Online
StatusInformation      : 0
UpdateDomain           : 0
Id                     : 3c207c5c-14b4-49ad-bfc7-ebfdc8ac9f50

AntiAffinityClassNames : {}
AutoFailbackType       : 0
ColdStartSetting       : 0
Cluster                : FCILZxZ47FrpFiE
DefaultOwner           : 4294967295
Description            :
GroupType              : Unknown
FailoverPeriod         : 6
FailoverThreshold      : 4294967295
FailbackWindowEnd      : 4294967295
FailbackWindowStart    : 4294967295
FaultDomain            : 0
IsCoreGroup            : False
Name                   : SQL Server (MSSQLSERVER)
OwnerNode              : FCIVAmSWhwgL9V1
PersistentState        : 1
PlacementOptions       : 0
PreferredSite          : {}
Priority               : 2000
ResiliencyPeriod       : 0
State                  : Online
StatusInformation      : 0
UpdateDomain           : 0
Id                     : 957781e8-ec3e-439b-b53c-689de792bb33

# クラスターネットワーク
> Get-ClusterNetwork  | Format-List -Property *

Address           : 10.0.0.0
AddressMask       : 255.255.240.0
AutoMetric        : True
Cluster           : FCILZxZ47FrpFiE
Description       :
Id                : 693dc632-5a99-460a-80c5-eeda7149a9e0
Ipv4Addresses     : {10.0.0.0}
Ipv4PrefixLengths : {20}
Ipv6Addresses     : {}
Ipv6PrefixLengths : {}
Metric            : 70000
Name              : Cluster Network 1
Role              : ClusterAndClient
State             : Up

Address           : 10.0.16.0
AddressMask       : 255.255.240.0
AutoMetric        : True
Cluster           : FCILZxZ47FrpFiE
Description       :
Id                : 472d74c9-f2ca-431e-a2c8-99fbd29a29c4
Ipv4Addresses     : {10.0.16.0}
Ipv4PrefixLengths : {20}
Ipv6Addresses     : {}
Ipv6PrefixLengths : {}
Metric            : 70001
Name              : Cluster Network 2
Role              : ClusterAndClient
State             : Up

# クラスターネットワークのインターフェースの情報
> Get-ClusterNetworkInterface | Format-List -Property *

Adapter       : Amazon Elastic Network Adapter
AdapterId     : 5C52BE26-75B9-4268-9742-A0E5D4CAA259
Address       : 10.0.1.211
Cluster       : FCILZxZ47FrpFiE
Description   :
DhcpEnabled   : 1
Id            : 36b27c36-80ff-4a43-99e0-d11415371129
Ipv4Addresses : {10.0.1.211}
Ipv6Addresses : {}
Name          : FCIV9arshUSNpXy - Ethernet 2
Network       : Cluster Network 1
Node          : FCIV9arshUSNpXy
State         : Up

Adapter       : Amazon Elastic Network Adapter
AdapterId     : 5FB5D3ED-4538-4EDA-90A6-7CC655740C8A
Address       : 10.0.28.119
Cluster       : FCILZxZ47FrpFiE
Description   :
DhcpEnabled   : 1
Id            : a5e99887-6aaa-4e19-b818-46b87b566362
Ipv4Addresses : {10.0.28.119}
Ipv6Addresses : {}
Name          : FCIVAmSWhwgL9V1 - Ethernet 2
Network       : Cluster Network 2
Node          : FCIVAmSWhwgL9V1
State         : Up

# クラスターノード
> Get-ClusterNode  | Format-List -Property *

BuildNumber           : 17763
Cluster               : FCILZxZ47FrpFiE
CSDVersion            :
Description           :
DrainStatus           : NotInitiated
DrainTarget           : 4294967295
DynamicWeight         : 1
Id                    : 1
MajorVersion          : 10
MinorVersion          : 0
Name                  : FCIV9arshUSNpXy
NeedsPreventQuorum    : 0
NodeHighestVersion    : 655363
NodeInstanceID        : 00000000-0000-0000-0000-000000000001
NodeLowestVersion     : 655363
NodeName              : FCIV9arshUSNpXy
NodeWeight            : 1
FaultDomain           : {Site:, Rack:, Chassis:}
Model                 : c6a.xlarge
Manufacturer          : Amazon EC2
SerialNumber          : ec2a2313-52f2-3f58-0dbe-7af5ca13bba1
State                 : Up
StatusInformation     : Normal
Type                  : Node
DetectedCloudPlatform : None

BuildNumber           : 17763
Cluster               : FCILZxZ47FrpFiE
CSDVersion            :
Description           :
DrainStatus           : NotInitiated
DrainTarget           : 4294967295
DynamicWeight         : 1
Id                    : 2
MajorVersion          : 10
MinorVersion          : 0
Name                  : FCIVAmSWhwgL9V1
NeedsPreventQuorum    : 0
NodeHighestVersion    : 655363
NodeInstanceID        : 00000000-0000-0000-0000-000000000002
NodeLowestVersion     : 655363
NodeName              : FCIVAmSWhwgL9V1
NodeWeight            : 1
FaultDomain           : {Site:, Rack:, Chassis:}
Model                 : c6a.xlarge
Manufacturer          : Amazon EC2
SerialNumber          : ec2ae3cd-2759-3826-1894-1053d03a8b73
State                 : Up
StatusInformation     : Normal
Type                  : Node
DetectedCloudPlatform : None

# クラスターのクォーラム
> Get-ClusterQuorum  | Format-List -Property *

Cluster        : FCILZxZ47FrpFiE
QuorumResource : Quorum
QuorumType     : Majority

# クラスターリソース
> Get-ClusterResource

Name                               State   OwnerGroup               ResourceType
----                               -----   ----------               ------------
Cluster IP Address                 Offline Cluster Group            IP Address
Cluster Name                       Online  Cluster Group            Network Name
IP Address 10.0.30.89              Online  Cluster Group            IP Address
Quorum                             Online  Cluster Group            Physical Disk
SQL IP Address 1 (FCIsbC8sKn4EGPM) Online  SQL Server (MSSQLSERVER) IP Address
SQL IP Address 2 (FCIsbC8sKn4EGPM) Offline SQL Server (MSSQLSERVER) IP Address
SQL Network Name (FCIsbC8sKn4EGPM) Online  SQL Server (MSSQLSERVER) Network Name
SQL Server                         Online  SQL Server (MSSQLSERVER) SQL Server
SQL Server Agent                   Online  SQL Server (MSSQLSERVER) SQL Server Agent
SQL Server CEIP (MSSQLSERVER)      Online  SQL Server (MSSQLSERVER) Generic Service
SQL-DATA                           Online  SQL Server (MSSQLSERVER) Physical Disk
SQL-LOG                            Online  Available Storage        Physical Disk

# クラスターリソースの詳細
> Get-ClusterResource | Format-List -Property *

Characteristics         : 0
Cluster                 : FCILZxZ47FrpFiE
DeadlockTimeout         : 300000
Description             :
Id                      : d833a189-7e0d-47db-a446-cd0bd0b7e530
IsCoreResource          : False
EmbeddedFailureAction   : 2
IsAlivePollInterval     : 4294967295
IsNetworkClassResource  : True
IsStorageClassResource  : False
LastOperationStatusCode : 8589934592
LooksAlivePollInterval  : 4294967295
MaintenanceMode         : False
MonitorProcessId        : 4804
Name                    : Cluster IP Address
OwnerGroup              : Cluster Group
OwnerNode               : FCIVAmSWhwgL9V1
PendingTimeout          : 180000
PersistentState         : 1
ResourceSpecificData1   : 0
ResourceSpecificData2   : 0
ResourceSpecificStatus  :
ResourceType            : IP Address
RestartAction           : 2
RestartDelay            : 500
RestartPeriod           : 600000
RestartThreshold        : 1
RetryPeriodOnFailure    : 600000
SeparateMonitor         : False
State                   : Offline
StatusInformation       : 0

Characteristics         : 0
Cluster                 : FCILZxZ47FrpFiE
DeadlockTimeout         : 300000
Description             :
Id                      : af06d7ee-4078-48ee-98f0-9ef2cb32c7f6
IsCoreResource          : True
EmbeddedFailureAction   : 2
IsAlivePollInterval     : 4294967295
IsNetworkClassResource  : False
IsStorageClassResource  : False
LastOperationStatusCode : 0
LooksAlivePollInterval  : 4294967295
MaintenanceMode         : False
MonitorProcessId        : 6980
Name                    : Cluster Name
OwnerGroup              : Cluster Group
OwnerNode               : FCIVAmSWhwgL9V1
PendingTimeout          : 180000
PersistentState         : 1
ResourceSpecificData1   : 0
ResourceSpecificData2   : 0
ResourceSpecificStatus  :
ResourceType            : Network Name
RestartAction           : 2
RestartDelay            : 500
RestartPeriod           : 600000
RestartThreshold        : 1
RetryPeriodOnFailure    : 600000
SeparateMonitor         : False
State                   : Online
StatusInformation       : 0

Characteristics         : 0
Cluster                 : FCILZxZ47FrpFiE
DeadlockTimeout         : 300000
Description             :
Id                      : 40d283f0-2942-4bc9-bc7f-557e495cb9eb
IsCoreResource          : False
EmbeddedFailureAction   : 2
IsAlivePollInterval     : 4294967295
IsNetworkClassResource  : True
IsStorageClassResource  : False
LastOperationStatusCode : 0
LooksAlivePollInterval  : 4294967295
MaintenanceMode         : False
MonitorProcessId        : 4804
Name                    : IP Address 10.0.30.89
OwnerGroup              : Cluster Group
OwnerNode               : FCIVAmSWhwgL9V1
PendingTimeout          : 180000
PersistentState         : 1
ResourceSpecificData1   : 0
ResourceSpecificData2   : 0
ResourceSpecificStatus  :
ResourceType            : IP Address
RestartAction           : 2
RestartDelay            : 500
RestartPeriod           : 600000
RestartThreshold        : 1
RetryPeriodOnFailure    : 600000
SeparateMonitor         : False
State                   : Online
StatusInformation       : 0

Characteristics         : Quorum, BroadcastDelete, MonitorReattach
Cluster                 : FCILZxZ47FrpFiE
DeadlockTimeout         : 300000
Description             :
Id                      : bc462e65-b3c3-4ad9-99e1-d8cb8dbe3c22
IsCoreResource          : True
EmbeddedFailureAction   : 2
IsAlivePollInterval     : 4294967295
IsNetworkClassResource  : False
IsStorageClassResource  : True
LastOperationStatusCode : 0
LooksAlivePollInterval  : 4294967295
MaintenanceMode         : False
MonitorProcessId        : 5312
Name                    : Quorum
OwnerGroup              : Cluster Group
OwnerNode               : FCIVAmSWhwgL9V1
PendingTimeout          : 180000
PersistentState         : 1
ResourceSpecificData1   : 0
ResourceSpecificData2   : 0
ResourceSpecificStatus  :
ResourceType            : Physical Disk
RestartAction           : 2
RestartDelay            : 500
RestartPeriod           : 600000
RestartThreshold        : 1
RetryPeriodOnFailure    : 600000
SeparateMonitor         : False
State                   : Online
StatusInformation       : 0

Characteristics         : 0
Cluster                 : FCILZxZ47FrpFiE
DeadlockTimeout         : 300000
Description             :
Id                      : d43851d5-bed5-41ba-8602-8706e6223ca6
IsCoreResource          : False
EmbeddedFailureAction   : 2
IsAlivePollInterval     : 4294967295
IsNetworkClassResource  : True
IsStorageClassResource  : False
LastOperationStatusCode : 0
LooksAlivePollInterval  : 4294967295
MaintenanceMode         : False
MonitorProcessId        : 4804
Name                    : SQL IP Address 1 (FCIsbC8sKn4EGPM)
OwnerGroup              : SQL Server (MSSQLSERVER)
OwnerNode               : FCIVAmSWhwgL9V1
PendingTimeout          : 180000
PersistentState         : 1
ResourceSpecificData1   : 0
ResourceSpecificData2   : 0
ResourceSpecificStatus  :
ResourceType            : IP Address
RestartAction           : 2
RestartDelay            : 500
RestartPeriod           : 600000
RestartThreshold        : 1
RetryPeriodOnFailure    : 600000
SeparateMonitor         : False
State                   : Online
StatusInformation       : 0

Characteristics         : 0
Cluster                 : FCILZxZ47FrpFiE
DeadlockTimeout         : 300000
Description             :
Id                      : 51e36d6b-a4d2-44ff-87cc-7224be1d28b1
IsCoreResource          : False
EmbeddedFailureAction   : 2
IsAlivePollInterval     : 4294967295
IsNetworkClassResource  : True
IsStorageClassResource  : False
LastOperationStatusCode : 8589934592
LooksAlivePollInterval  : 4294967295
MaintenanceMode         : False
MonitorProcessId        : 4804
Name                    : SQL IP Address 2 (FCIsbC8sKn4EGPM)
OwnerGroup              : SQL Server (MSSQLSERVER)
OwnerNode               : FCIVAmSWhwgL9V1
PendingTimeout          : 180000
PersistentState         : 1
ResourceSpecificData1   : 0
ResourceSpecificData2   : 0
ResourceSpecificStatus  :
ResourceType            : IP Address
RestartAction           : 2
RestartDelay            : 500
RestartPeriod           : 600000
RestartThreshold        : 1
RetryPeriodOnFailure    : 600000
SeparateMonitor         : False
State                   : Offline
StatusInformation       : 0

Characteristics         : 0
Cluster                 : FCILZxZ47FrpFiE
DeadlockTimeout         : 300000
Description             :
Id                      : 6a81a3e2-3a0c-4c22-8738-f57638e4d253
IsCoreResource          : False
EmbeddedFailureAction   : 2
IsAlivePollInterval     : 4294967295
IsNetworkClassResource  : False
IsStorageClassResource  : False
LastOperationStatusCode : 0
LooksAlivePollInterval  : 4294967295
MaintenanceMode         : False
MonitorProcessId        : 6980
Name                    : SQL Network Name (FCIsbC8sKn4EGPM)
OwnerGroup              : SQL Server (MSSQLSERVER)
OwnerNode               : FCIVAmSWhwgL9V1
PendingTimeout          : 180000
PersistentState         : 1
ResourceSpecificData1   : 0
ResourceSpecificData2   : 0
ResourceSpecificStatus  :
ResourceType            : Network Name
RestartAction           : 2
RestartDelay            : 500
RestartPeriod           : 600000
RestartThreshold        : 1
RetryPeriodOnFailure    : 600000
SeparateMonitor         : False
State                   : Online
StatusInformation       : 0

Characteristics         : 0
Cluster                 : FCILZxZ47FrpFiE
DeadlockTimeout         : 300000
Description             :
Id                      : f69ce2d8-2a10-46e3-9d51-6902e68b0f51
IsCoreResource          : False
EmbeddedFailureAction   : 2
IsAlivePollInterval     : 4294967295
IsNetworkClassResource  : False
IsStorageClassResource  : False
LastOperationStatusCode : 0
LooksAlivePollInterval  : 4294967295
MaintenanceMode         : False
MonitorProcessId        : 7044
Name                    : SQL Server
OwnerGroup              : SQL Server (MSSQLSERVER)
OwnerNode               : FCIVAmSWhwgL9V1
PendingTimeout          : 180000
PersistentState         : 1
ResourceSpecificData1   : 0
ResourceSpecificData2   : 0
ResourceSpecificStatus  :
ResourceType            : SQL Server
RestartAction           : 2
RestartDelay            : 500
RestartPeriod           : 600000
RestartThreshold        : 1
RetryPeriodOnFailure    : 600000
SeparateMonitor         : True
State                   : Online
StatusInformation       : 0

Characteristics         : 0
Cluster                 : FCILZxZ47FrpFiE
DeadlockTimeout         : 300000
Description             :
Id                      : ea7840f5-b1c6-4225-89f4-4c46e46398bd
IsCoreResource          : False
EmbeddedFailureAction   : 2
IsAlivePollInterval     : 4294967295
IsNetworkClassResource  : False
IsStorageClassResource  : False
LastOperationStatusCode : 0
LooksAlivePollInterval  : 4294967295
MaintenanceMode         : False
MonitorProcessId        : 7104
Name                    : SQL Server Agent
OwnerGroup              : SQL Server (MSSQLSERVER)
OwnerNode               : FCIVAmSWhwgL9V1
PendingTimeout          : 180000
PersistentState         : 1
ResourceSpecificData1   : 0
ResourceSpecificData2   : 0
ResourceSpecificStatus  :
ResourceType            : SQL Server Agent
RestartAction           : 2
RestartDelay            : 500
RestartPeriod           : 600000
RestartThreshold        : 1
RetryPeriodOnFailure    : 600000
SeparateMonitor         : True
State                   : Online
StatusInformation       : 0

Characteristics         : 0
Cluster                 : FCILZxZ47FrpFiE
DeadlockTimeout         : 300000
Description             :
Id                      : 3793a1e7-a444-4c1e-863e-e3367a1cf6c3
IsCoreResource          : False
EmbeddedFailureAction   : 2
IsAlivePollInterval     : 4294967295
IsNetworkClassResource  : False
IsStorageClassResource  : False
LastOperationStatusCode : 0
LooksAlivePollInterval  : 4294967295
MaintenanceMode         : False
MonitorProcessId        : 7152
Name                    : SQL Server CEIP (MSSQLSERVER)
OwnerGroup              : SQL Server (MSSQLSERVER)
OwnerNode               : FCIVAmSWhwgL9V1
PendingTimeout          : 180000
PersistentState         : 1
ResourceSpecificData1   : 0
ResourceSpecificData2   : 0
ResourceSpecificStatus  :
ResourceType            : Generic Service
RestartAction           : 1
RestartDelay            : 500
RestartPeriod           : 600000
RestartThreshold        : 1
RetryPeriodOnFailure    : 600000
SeparateMonitor         : True
State                   : Online
StatusInformation       : 0

Characteristics         : Quorum, BroadcastDelete, MonitorReattach
Cluster                 : FCILZxZ47FrpFiE
DeadlockTimeout         : 300000
Description             :
Id                      : b44c2c90-6c77-4bcb-bedc-946a02f542a2
IsCoreResource          : False
EmbeddedFailureAction   : 2
IsAlivePollInterval     : 4294967295
IsNetworkClassResource  : False
IsStorageClassResource  : True
LastOperationStatusCode : 0
LooksAlivePollInterval  : 4294967295
MaintenanceMode         : False
MonitorProcessId        : 5312
Name                    : SQL-DATA
OwnerGroup              : SQL Server (MSSQLSERVER)
OwnerNode               : FCIVAmSWhwgL9V1
PendingTimeout          : 180000
PersistentState         : 1
ResourceSpecificData1   : 0
ResourceSpecificData2   : 0
ResourceSpecificStatus  :
ResourceType            : Physical Disk
RestartAction           : 2
RestartDelay            : 500
RestartPeriod           : 600000
RestartThreshold        : 1
RetryPeriodOnFailure    : 600000
SeparateMonitor         : False
State                   : Online
StatusInformation       : 0

Characteristics         : Quorum, BroadcastDelete, MonitorReattach
Cluster                 : FCILZxZ47FrpFiE
DeadlockTimeout         : 300000
Description             :
Id                      : 3437974f-6e0f-4a03-abee-6ea46b98694e
IsCoreResource          : False
EmbeddedFailureAction   : 2
IsAlivePollInterval     : 4294967295
IsNetworkClassResource  : False
IsStorageClassResource  : True
LastOperationStatusCode : 0
LooksAlivePollInterval  : 4294967295
MaintenanceMode         : False
MonitorProcessId        : 5312
Name                    : SQL-LOG
OwnerGroup              : Available Storage
OwnerNode               : FCIVAmSWhwgL9V1
PendingTimeout          : 180000
PersistentState         : 1
ResourceSpecificData1   : 0
ResourceSpecificData2   : 0
ResourceSpecificStatus  :
ResourceType            : Physical Disk
RestartAction           : 2
RestartDelay            : 500
RestartPeriod           : 600000
RestartThreshold        : 1
RetryPeriodOnFailure    : 600000
SeparateMonitor         : False
State                   : Online
StatusInformation       : 0

PowerShellからだけだと味気ないので、Failover Cluster Managerからも確認してみます。

Cluster

Current Host ServerがFCIVAmSWhwgL9V1で、IPアドレスは10.0.30.89がアップになっています。

実際に、Cluster名のFCILZxZ47FrpFiEを名前解決すると10.0.30.89が返ってきました。

> nslookup FCILZxZ47FrpFiE
Server:  win-ra95cdf2pmg.corp.non-97.net
Address:  10.0.5.1

Name:    FCILZxZ47FrpFiE.corp.non-97.net
Address:  10.0.30.89

クラスターのロールのサマリーとリソースは以下の通りです。

サマリー

Cluster_Role

リソース

Cluster_Role_Resources

クラスターで使用している3つのディスクも確認できますね。

Cluster_Disks

FSx for ONTAPのiSCSI LUN周りの確認

FSx for ONTAPのiSCSI LUN周りの確認もしておきましょう。

確認はSSHでFSx for ONTAPファイルサーバーに接続して、ONTAP CLIから行います。

> ssh fsxadmin@198.19.255.122
The authenticity of host '198.19.255.122 (198.19.255.122)' can't be established.
ECDSA key fingerprint is SHA256:gmPG1WE2KdHrSl6RQhOkogsi34U72utI4QeUxkNMteQ.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '198.19.255.122' (ECDSA) to the list of known hosts.
Password:

This is your first recorded login.
Unsuccessful login attempts since last login: 1

接続後、LUNの一覧を確認します。

FsxId0b8f145a32d809221::> lun show
Vserver   Path                            State   Mapped   Type        Size
--------- ------------------------------- ------- -------- -------- --------
sql-svm01 /vol/SQLCluster01/quorum        online  mapped   windows_2008  1GB
sql-svm01 /vol/SQLCluster01/sqldata       online  mapped   windows_2008
                                                                       399GB
sql-svm01 /vol/SQLCluster01/sqllog        online  mapped   windows_2008 80GB
3 entries were displayed.

# LUNの詳細の確認
FsxId0b8f145a32d809221::> lun show -instance

                  Vserver Name: sql-svm01
                      LUN Path: /vol/SQLCluster01/quorum
                   Volume Name: SQLCluster01
                    Qtree Name: ""
                      LUN Name: quorum
                      LUN Size: 1GB
                       OS Type: windows_2008
             Space Reservation: enabled
                 Serial Number: lWB1i]TJrfue
           Serial Number (Hex): 6c574231695d544a72667565
                       Comment:
    Space Reservations Honored: false
              Space Allocation: disabled
                         State: online
                      LUN UUID: c9f26fcd-be6a-4888-b5d6-9a736227d0e8
                        Mapped: mapped
Physical Size of Logical Block: 512B
              Device Legacy ID: -
              Device Binary ID: -
                Device Text ID: -
                     Read Only: false
         Fenced Due to Restore: false
                     Used Size: 43.17MB
           Maximum Resize Size: 15.97TB
                 Creation Time: 8/2/2022 01:39:25
                         Class: regular
          Node Hosting the LUN: FsxId0b8f145a32d809221-01
              QoS Policy Group: -
     QoS Adaptive Policy Group: -
           Caching Policy Name: -
                         Clone: false
      Clone Autodelete Enabled: false
           Inconsistent Import: false
                   Application: -
         ZRTO Volume consensus: -

                  Vserver Name: sql-svm01
                      LUN Path: /vol/SQLCluster01/sqldata
                   Volume Name: SQLCluster01
                    Qtree Name: ""
                      LUN Name: sqldata
                      LUN Size: 399GB
                       OS Type: windows_2008
             Space Reservation: enabled
                 Serial Number: lWB1i]TJrfuc
           Serial Number (Hex): 6c574231695d544a72667563
                       Comment:
    Space Reservations Honored: false
              Space Allocation: disabled
                         State: online
                      LUN UUID: dda00503-363f-4cf3-b450-06ef6475cbd8
                        Mapped: mapped
Physical Size of Logical Block: 512B
              Device Legacy ID: -
              Device Binary ID: -
                Device Text ID: -
                     Read Only: false
         Fenced Due to Restore: false
                     Used Size: 197.2MB
           Maximum Resize Size: 15.97TB
                 Creation Time: 8/2/2022 01:39:10
                         Class: regular
          Node Hosting the LUN: FsxId0b8f145a32d809221-01
              QoS Policy Group: -
     QoS Adaptive Policy Group: -
           Caching Policy Name: -
                         Clone: false
      Clone Autodelete Enabled: false
           Inconsistent Import: false
                   Application: -
         ZRTO Volume consensus: -

                  Vserver Name: sql-svm01
                      LUN Path: /vol/SQLCluster01/sqllog
                   Volume Name: SQLCluster01
                    Qtree Name: ""
                      LUN Name: sqllog
                      LUN Size: 80GB
                       OS Type: windows_2008
             Space Reservation: enabled
                 Serial Number: lWB1i]TJrfud
           Serial Number (Hex): 6c574231695d544a72667564
                       Comment:
    Space Reservations Honored: false
              Space Allocation: disabled
                         State: online
                      LUN UUID: 55882dab-f3b1-4afc-bd72-b493e255ea77
                        Mapped: mapped
Physical Size of Logical Block: 512B
              Device Legacy ID: -
              Device Binary ID: -
                Device Text ID: -
                     Read Only: false
         Fenced Due to Restore: false
                     Used Size: 86.14MB
           Maximum Resize Size: 15.97TB
                 Creation Time: 8/2/2022 01:39:18
                         Class: regular
          Node Hosting the LUN: FsxId0b8f145a32d809221-01
              QoS Policy Group: -
     QoS Adaptive Policy Group: -
           Caching Policy Name: -
                         Clone: false
      Clone Autodelete Enabled: false
           Inconsistent Import: false
                   Application: -
         ZRTO Volume consensus: -
3 entries were displayed.

ニヤニヤしちゃいますね。

次にイニシエーターグループを確認します。

FsxId0b8f145a32d809221::> lun igroup show
Vserver   Igroup       Protocol OS Type  Initiators
--------- ------------ -------- -------- ------------------------------------
sql-svm01 SQLigroup    iscsi    windows  iqn.1991-05.com.microsoft:fciv9arshusnpxy
                                         iqn.1991-05.com.microsoft:fcivamswhwgl9v1

# イニシエーターグループの詳細
FsxId0b8f145a32d809221::> lun igroup show -instance
          Vserver Name: sql-svm01
           Igroup Name: SQLigroup
              Protocol: iscsi
               OS Type: windows
Portset Binding Igroup: -
           Igroup UUID: e46fc3f9-1203-11ed-a23a-25f39db72949
                  ALUA: true
            Initiators: iqn.1991-05.com.microsoft:fciv9arshusnpxy (logged in)
iqn.1991-05.com.microsoft:fcivamswhwgl9v1 (logged in)

イニシエーターが2つあり、それぞれ接続していることが分かります。

最後にLUNとイニシエーターグループのマッピングを確認します。

FsxId0b8f145a32d809221::> lun mapping show
Vserver    Path                                      Igroup   LUN ID  Protocol
---------- ----------------------------------------  -------  ------  --------
sql-svm01  /vol/SQLCluster01/quorum                  SQLigroup     2  iscsi
sql-svm01  /vol/SQLCluster01/sqldata                 SQLigroup     0  iscsi
sql-svm01  /vol/SQLCluster01/sqllog                  SQLigroup     1  iscsi
3 entries were displayed.

# マッピングの詳細
FsxId0b8f145a32d809221::> lun mapping show -instance

          Vserver Name: sql-svm01
              LUN Path: /vol/SQLCluster01/quorum
           Volume Name: SQLCluster01
            Qtree Name: ""
              LUN Name: quorum
           Igroup Name: SQLigroup
        Igroup OS Type: windows
  Igroup Protocol Type: iscsi
                LUN ID: 2
Portset Binding Igroup: -
                  ALUA: true
            Initiators: iqn.1991-05.com.microsoft:fciv9arshusnpxy,
                        iqn.1991-05.com.microsoft:fcivamswhwgl9v1
              LUN Node: FsxId0b8f145a32d809221-01
       Reporting Nodes: FsxId0b8f145a32d809221-01, FsxId0b8f145a32d809221-02

          Vserver Name: sql-svm01
              LUN Path: /vol/SQLCluster01/sqldata
           Volume Name: SQLCluster01
            Qtree Name: ""
              LUN Name: sqldata
           Igroup Name: SQLigroup
        Igroup OS Type: windows
  Igroup Protocol Type: iscsi
                LUN ID: 0
Portset Binding Igroup: -
                  ALUA: true
            Initiators: iqn.1991-05.com.microsoft:fciv9arshusnpxy,
                        iqn.1991-05.com.microsoft:fcivamswhwgl9v1
              LUN Node: FsxId0b8f145a32d809221-01
       Reporting Nodes: FsxId0b8f145a32d809221-01, FsxId0b8f145a32d809221-02

          Vserver Name: sql-svm01
              LUN Path: /vol/SQLCluster01/sqllog
           Volume Name: SQLCluster01
            Qtree Name: ""
              LUN Name: sqllog
           Igroup Name: SQLigroup
        Igroup OS Type: windows
  Igroup Protocol Type: iscsi
                LUN ID: 1
Portset Binding Igroup: -
                  ALUA: true
            Initiators: iqn.1991-05.com.microsoft:fciv9arshusnpxy,
                        iqn.1991-05.com.microsoft:fcivamswhwgl9v1
              LUN Node: FsxId0b8f145a32d809221-01
       Reporting Nodes: FsxId0b8f145a32d809221-01, FsxId0b8f145a32d809221-02
3 entries were displayed.

DBとテーブルの作成

フェイルオーバーさせる前に、DBとテーブルを作成しておきます。

SQL Server Management Studio (SSMS)で、SQL Serverに接続します。

SSMS

Object ExplorerのDatabase上で右クリックしてNew Databaseをクリックします。

New Database

DB名を入力してOKをクリックします。

Test_DB

DBを作成したら次にテーブルの作成です。

作成したDBのTable上で右クリックしてTableをクリックします。

Table

カラムとテーブル名を指定してOKをクリックします。

NewTable

Object Explorerに作成したテーブルのカラムが確認できました。

Columns

フェイルオーバー

マネージメントコンソールからCurrent Host ServerであるEC2インスタンスFCIVAmSWhwgL9V1を停止させます。

停止させると、数秒でCurrent Host ServerがFCIV9arshUSNpXyに変わり、IPアドレスは10.0.12.104`がアップになりました。

after_failover_core_resource

Cluster名のFCILZxZ47FrpFiEを名前解決すると10.0.12.104が帰ってきました。

> nslookup FCILZxZ47FrpFiE
Server:  corp.non-97.net
Address:  10.0.5.1

Name:    FCILZxZ47FrpFiE.corp.non-97.net
Address:  10.0.12.104

アクティブノードになったFCIV9arshUSNpXyのドライブ一覧を確認すると、LドライブやQドライブ、Sドライブの確認できるようになりました。

> Get-PSDrive

Name           Used (GB)     Free (GB) Provider      Root                                               CurrentLocation
----           ---------     --------- --------      ----                                               ---------------
Alias                                  Alias
C                  36.77         63.23 FileSystem    C:\                                                    Users\admin
Cert                                   Certificate   \
Env                                    Environment
Function                               Function
HKCU                                   Registry      HKEY_CURRENT_USER
HKLM                                   Registry      HKEY_LOCAL_MACHINE
L                   0.11         79.87 FileSystem    L:\
Q                   0.04          0.94 FileSystem    Q:\
S                   0.28        398.70 FileSystem    S:\
Variable                               Variable
WSMan                                  WSMan

Failover Cluster Manager上ではFCIVAmSWhwgL9V1停止されていることを確認できます。

down_node

SSMSでSQL Serverに接続すると、作成していたDBやテーブルを確認できました。

Node2_Table_Columns

これは便利。

私はMulti-AZ構成のブロックストレージを使えるFSx for ONTAPが大好きです

SQL Server Always On Failover Cluster Instanceの共有ストレージにAmazon FSx for NetApp ONTAPを使ってみました。

Launch Wizardを使えば3時間でクラスターの実装ができるのはかなりありがたいですね。

共有ストレージが単一障害点にならないのはMulti-AZ構成のブロックストレージを使えるFSx for ONTAPあってのものです。私はそんなFSx for ONTAPが大好きです

この記事が誰かの助けになれば幸いです。

以上、AWS事業本部 コンサルティング部の のんピ(@non____97)でした!