概要
当エントリーでは、以下エントリーで構築したNutanix Clusters on AWS(以後NCA) 環境をAWSインフラ視点で眺めていきながら自分の為のメモも兼ねて情報を残します。
前提
GUI(画面キャプチャ)では限界があるので、今回はAWS CloudShellからAWS CLIを利用して確認していきます。
既に削除済みの検証環境となっているので一意のID等は伏せずに掲載します。 AWSアカウント情報のみコマンド結果から XXX といった形に手動で置き換えていますのでご了承ください。
今回は、弊社の福島がAWS CLIの素晴らしいblogをたくさん執筆していますのでこちらのエントリーを参考にして思考停止気味にコピー&ペーストで情報を取得していきます。
これらのblogにあるサンプルだとNameタグにスペースが混在したりすると上手く動作しないものがあるので、
NCAで自動的に割り当てられる以下のような特殊なNameタグは、NCA-XXXXXXXXX
と置き換えています。
(それ以外にもNutanixは タグに半角スペースが混在するケースが多く一部描画が乱れている場合があります)
Nutanix Cluster - Node XXXXXXXXX - DO NOT STOP OR TERMINATE - STOPPING THIS INSTANCE CAN CAUSE DATA LOSS
NCAの構成図
まず、以下条件で構築されたNCAの構成を Cloudviz.io で可視化したところ以下のような構成となっています。
- My Nutanix経由で新規VPCを作成
- i3.metal * 3台構成
- Prismへインターネット(IGW)経由でアクセス許可
右のVPCはデフォルトなので無視してOKです。
続けて、環境の詳細を見ていきます。
ネットワーク関連
VPC CIDR
今回は、VPC CIDR 10.1.0.0/16
で新規作成の指定をしました。
[cloudshell-user@ip-10-0-118-211 tmp]$ echo "VPCID NameTag CIDR[1] CIDR[2] CIDR[3]" > /tmp/awscli.tmp;\ > aws ec2 describe-vpcs --query "Vpcs[].[Tags[?Key=='Name'] | [0].Value,VpcId,CidrBlockAssociationSet[0].CidrBlock,CidrBlockAssociationSet[1].CidrBlock,CidrBlockAssociationSet[2].CidrBlock]" --output text >> /tmp/awscli.tmp;\ > column -t /tmp/awscli.tmp;\ > rm /tmp/awscli.tmp VPCID NameTag CIDR[1] CIDR[2] CIDR[3] Nutanix Cluster 30F1CAD044D4 vpc-045b8dd064f950e73 10.1.0.0/16 None None None vpc-3e468158 172.31.0.0/16 None None [cloudshell-user@ip-10-0-118-211 tmp]$
Subnet一覧
今回は 10.1.128.0/24 と 10.1.129.0/24 で作成されました。 第2オクテットの選定仕様は定かではないですが /24が暗黙の設定のようです。
[cloudshell-user@ip-10-0-118-211 tmp]$ echo "VpcId CidrBlock AvailableIpAddressCount SubnetId AvailabilityZone MapPublicIpOnLaunch State OwnerId" > /tmp/awscli.tmp; aws ec2 describe-subnets --query "Subnets[].[VpcId,CidrBlock,AvailableIpAddressCount,SubnetId,AvailabilityZone,MapPublicIpOnLaunch,State,OwnerId]" --output text | sort >> /tmp/awscli.tmp ; column -t /tmp/awscli.tmp;rm /tmp/awscli.tmp VpcId CidrBlock AvailableIpAddressCount SubnetId AvailabilityZone MapPublicIpOnLaunch State OwnerId vpc-045b8dd064f950e73 10.1.128.0/24 242 subnet-0ddd78c267692b50a ap-northeast-1a False available XXXXXXXXXXXX vpc-045b8dd064f950e73 10.1.129.0/24 249 subnet-06af1388a7e45f664 ap-northeast-1a False available XXXXXXXXXXXX vpc-3e468158 172.31.0.0/20 4091 subnet-5c807206 ap-northeast-1c True available XXXXXXXXXXXX vpc-3e468158 172.31.16.0/20 4091 subnet-c7f47fec ap-northeast-1d True available XXXXXXXXXXXX vpc-3e468158 172.31.32.0/20 4091 subnet-6be36323 ap-northeast-1a True available XXXXXXXXXXXX [cloudshell-user@ip-10-0-118-211 tmp]$
Route Table
[cloudshell-user@ip-10-0-118-211 tmp]$ echo "SubnetId RouteTableId Main" > /tmp/awscli.tmp;aws ec2 describe-route-tables --query "RouteTables[].Associations[].[SubnetId,RouteTableId,Main]" --output text | sort >> /tmp/awscli.tmp ;column -t /tmp/awscli.tmp;rm /tmp/awscli.tmp SubnetId RouteTableId Main None rtb-0c945559c8b5509c8 True None rtb-e33f6085 True subnet-06af1388a7e45f664 rtb-074fa01d74d3367bb False subnet-0ddd78c267692b50a rtb-0c945559c8b5509c8 False [cloudshell-user@ip-10-0-118-211 tmp]$
Public SubnetにアタッチされているRTB
[cloudshell-user@ip-10-0-118-211 tmp]$ aws ec2 describe-route-tables --route-table-ids rtb-074fa01d74d3367bb --output table -------------------------------------------------------------------------------------------------- | DescribeRouteTables | +------------------------------------------------------------------------------------------------+ || RouteTables || |+---------------------+-----------------------------------+------------------------------------+| || OwnerId | RouteTableId | VpcId || |+---------------------+-----------------------------------+------------------------------------+| || XXXXXXXXXXXX | rtb-074fa01d74d3367bb | vpc-045b8dd064f950e73 || |+---------------------+-----------------------------------+------------------------------------+| ||| Associations ||| ||+------+------------------------------+-------------------------+----------------------------+|| ||| Main | RouteTableAssociationId | RouteTableId | SubnetId ||| ||+------+------------------------------+-------------------------+----------------------------+|| |||False | rtbassoc-049ace2a930df2bec | rtb-074fa01d74d3367bb | subnet-06af1388a7e45f664 ||| ||+------+------------------------------+-------------------------+----------------------------+|| |||| AssociationState |||| |||+----------------------------------+-------------------------------------------------------+||| |||| State | associated |||| |||+----------------------------------+-------------------------------------------------------+||| ||| Routes ||| ||+--------------------------+-----------------------------+-----------------------+-----------+|| ||| DestinationCidrBlock | GatewayId | Origin | State ||| ||+--------------------------+-----------------------------+-----------------------+-----------+|| ||| 10.1.0.0/16 | local | CreateRouteTable | active ||| ||| 0.0.0.0/0 | igw-0e3373cc52c930562 | CreateRoute | active ||| ||+--------------------------+-----------------------------+-----------------------+-----------+|| ||| Tags ||| ||+----------------------------------+---------------------------------------------------------+|| ||| Key | Value ||| ||+----------------------------------+---------------------------------------------------------+|| ||| Name | Nutanix Cluster 30F1CAD044D4 ||| ||| nutanix:clusters:cluster-uuid | 0005cebd-e65d-3ac7-3add-30f1cad044d4 ||| ||| nutanix:clusters:owner | nutanix-clusters ||| ||| nutanix:clusters:cluster-id | w5ZWVDB35nz1Mbkd ||| ||| nutanix:clusters:gateway | https://gateway-external-api.console.nutanix.com ||| ||+----------------------------------+---------------------------------------------------------+|| [cloudshell-user@ip-10-0-118-211 tmp]$
Private Subnet (EC2ベアメタルインスタンスが格納)にアタッチされているRTB
[cloudshell-user@ip-10-0-118-211 tmp]$ aws ec2 describe-route-tables --route-table-ids rtb-0c945559c8b5509c8 --output table -------------------------------------------------------------------------------------------------- | DescribeRouteTables | +------------------------------------------------------------------------------------------------+ || RouteTables || |+---------------------+-----------------------------------+------------------------------------+| || OwnerId | RouteTableId | VpcId || |+---------------------+-----------------------------------+------------------------------------+| || XXXXXXXXXXXX | rtb-0c945559c8b5509c8 | vpc-045b8dd064f950e73 || |+---------------------+-----------------------------------+------------------------------------+| ||| Associations ||| ||+------+------------------------------+-------------------------+----------------------------+|| ||| Main | RouteTableAssociationId | RouteTableId | SubnetId ||| ||+------+------------------------------+-------------------------+----------------------------+|| |||False | rtbassoc-0011068b86e489dfd | rtb-0c945559c8b5509c8 | subnet-0ddd78c267692b50a ||| ||+------+------------------------------+-------------------------+----------------------------+|| |||| AssociationState |||| |||+----------------------------------+-------------------------------------------------------+||| |||| State | associated |||| |||+----------------------------------+-------------------------------------------------------+||| ||| Associations ||| ||+--------+-------------------------------------+------------------------------+--------------+|| ||| Main | RouteTableAssociationId | RouteTableId | SubnetId ||| ||+--------+-------------------------------------+------------------------------+--------------+|| ||| True | rtbassoc-06e0d6250dd59337c | rtb-0c945559c8b5509c8 | ||| ||+--------+-------------------------------------+------------------------------+--------------+|| |||| AssociationState |||| |||+----------------------------------+-------------------------------------------------------+||| |||| State | associated |||| |||+----------------------------------+-------------------------------------------------------+||| ||| Routes ||| ||+-----------------------+------------+-------------------------+-------------------+---------+|| ||| DestinationCidrBlock | GatewayId | NatGatewayId | Origin | State ||| ||+-----------------------+------------+-------------------------+-------------------+---------+|| ||| 10.1.0.0/16 | local | | CreateRouteTable | active ||| ||| 0.0.0.0/0 | | nat-0a095e506a7d07477 | CreateRoute | active ||| ||+-----------------------+------------+-------------------------+-------------------+---------+|| [cloudshell-user@ip-10-0-118-211 tmp]$
Internet Gateway一覧
VPCに作成
[cloudshell-user@ip-10-0-118-211 tmp]$ aws ec2 describe-internet-gateways --query "InternetGateways[].{InternetGatewayId:InternetGatewayId,VpcId:Attachments[0].VpcId}" --output table ---------------------------------------------------- | DescribeInternetGateways | +------------------------+-------------------------+ | InternetGatewayId | VpcId | +------------------------+-------------------------+ | igw-00b87a67 | vpc-3e468158 | | igw-0e3373cc52c930562 | vpc-045b8dd064f950e73 | +------------------------+-------------------------+ [cloudshell-user@ip-10-0-118-211 tmp]$
NAT Gateway一覧
Public Subnetに1つ作成
[cloudshell-user@ip-10-0-118-211 tmp]$ aws ec2 describe-nat-gateways --query "NatGateways[].{NatGatewayId:NatGatewayId,VpcId:VpcId,SubnetId:SubnetId,NetworkInterfaceId:NatGatewayAddresses[0].NetworkInterfaceId}" --output table --------------------------------------------------------------------------------------------------------- | DescribeNatGateways | +-----------------------+------------------------+----------------------------+-------------------------+ | NatGatewayId | NetworkInterfaceId | SubnetId | VpcId | +-----------------------+------------------------+----------------------------+-------------------------+ | nat-0a095e506a7d07477| eni-0a3af115b18eddf0a | subnet-06af1388a7e45f664 | vpc-045b8dd064f950e73 | +-----------------------+------------------------+----------------------------+-------------------------+ [cloudshell-user@ip-10-0-118-211 tmp]$
Elastic Network Interface(ENI)一覧
各Subnet内でランダム割り当ての模様
[cloudshell-user@ip-10-0-118-211 tmp]$ aws ec2 describe-network-interfaces --query "NetworkInterfaces[].[InterfaceType,NetworkInterfaceId,PrivateIpAddress,Description]" --output text interface eni-064a631a5d04ac21a 10.1.128.132 interface eni-031468a1f1b80c33f 10.1.128.137 interface eni-071f541679941a5e0 10.1.128.239 network_load_balancer eni-07f6c21020e8fb4e7 10.1.129.146 ELB net/Nutanix-Cluster-30F1CAD044D4/014274dc2b556553 nat_gateway eni-0a3af115b18eddf0a 10.1.129.189 Interface for NAT Gateway nat-0a095e506a7d07477 interface eni-010202a07a766ec7e 10.1.128.123 [cloudshell-user@ip-10-0-118-211 tmp]$
Security Group(SG)一覧
Internal Management用、User Management用、UVM用として計3つ作成
[cloudshell-user@ip-10-0-118-211 tmp]$ echo "| GroupName | GroupId | VpcId | Description" > /tmp/awscli.tmp; aws ec2 describe-security-groups --query "SecurityGroups[].[GroupName,GroupId,VpcId,Description]" --output table | grep sg- >> /tmp/awscli.tmp ; column -s \| -t /tmp/awscli.tmp;rm /tmp/awscli.tmp GroupName GroupId VpcId Description Nutanix Cluster 30F1CAD044D4 Internal Management sg-014adea3906ab2fad vpc-045b8dd064f950e73 Internal management security group Nutanix Cluster 30F1CAD044D4 User Management sg-02194b4d35c81e260 vpc-045b8dd064f950e73 Security group for management interfaces Nutanix Cluster 30F1CAD044D4 UVM sg-04dbca9bf71cefcdb vpc-045b8dd064f950e73 UVM security group default sg-0c530b3ef9329f7fd vpc-045b8dd064f950e73 default VPC security group default sg-adafbee9 vpc-3e468158 default VPC security group [cloudshell-user@ip-10-0-118-211 tmp]$
SGルール一覧
許可する内容によってVPC全体、Subnet、単体(/32)を使い分けつつ必要な内容を細かく制御している内容が確認できます。
[cloudshell-user@ip-10-0-118-211 tmp]$ echo "SecurityGroupRuleId GroupId IsEgress IpProtocol FromPort ToPort CidrIpv4 SourceGroupId PeeringStatus VpcId VpcPeeringConnectionId" > /tmp/awscli.tmp ;\ > aws ec2 describe-security-group-rules \ > --query "SecurityGroupRules[].\ > [SecurityGroupRuleId,\ > GroupId,\ > IsEgress,\ > IpProtocol,\ > FromPort,\ > ToPort,\ > CidrIpv4,\ > ReferencedGroupInfo.GroupId,\ > ReferencedGroupInfo.PeeringStatus,\ > ReferencedGroupInfo.VpcId,\ > ReferencedGroupInfo.VpcPeeringConnectionId]" \ > --output text >> /tmp/awscli.tmp ;\ > column -t /tmp/awscli.tmp ;\ > rm /tmp/awscli.tmp SecurityGroupRuleId GroupId IsEgress IpProtocol FromPort ToPort CidrIpv4 SourceGroupId PeeringStatus VpcId VpcPeeringConnectionId sgr-03588d870b6ec347c sg-02194b4d35c81e260 False udp 123 123 10.1.0.0/16 None None None None sgr-005bffcca948bbb1f sg-02194b4d35c81e260 False tcp 22 22 10.1.0.0/16 None None None None sgr-06942c092c50f2d6b sg-02194b4d35c81e260 False tcp 2049 2049 10.1.0.0/16 None None None None sgr-052ef339da723339e sg-02194b4d35c81e260 False tcp 2020 2020 None sg-04dbca9bf71cefcdb None None None sgr-038223c70f3567aa2 sg-02194b4d35c81e260 False udp 123 123 203.0.113.0/24 None None None None sgr-0bb1de43eaea65550 sg-02194b4d35c81e260 False tcp 8443 8443 10.1.0.0/16 None None None None sgr-02105f21b341fceb7 sg-04dbca9bf71cefcdb False tcp 7 7 None sg-02194b4d35c81e260 None None None sgr-02b51f254b0d66bc2 sg-02194b4d35c81e260 False tcp 111 111 203.0.113.0/24 None None None None sgr-08c38acb43afbb315 sg-02194b4d35c81e260 False tcp 3205 3205 10.1.0.0/16 None None None None sgr-04b8202c90b20cfd9 sg-02194b4d35c81e260 False tcp 2009 2009 None sg-04dbca9bf71cefcdb None None None sgr-0b53d7e32b05646c3 sg-04dbca9bf71cefcdb False tcp 2100 2100 None sg-02194b4d35c81e260 None None None sgr-0bd3f7d5cf8a2d501 sg-04dbca9bf71cefcdb False tcp 7501 7501 None sg-02194b4d35c81e260 None None None sgr-09449053a997b0177 sg-02194b4d35c81e260 False tcp 3260 3260 None sg-04dbca9bf71cefcdb None None None sgr-01d7b1fb6b8a633ab sg-04dbca9bf71cefcdb False -1 -1 -1 None sg-04dbca9bf71cefcdb None None None sgr-0b1319fc4a5f6f2e0 sg-014adea3906ab2fad False -1 -1 -1 None sg-014adea3906ab2fad None None None sgr-02d9825c86f6da9d7 sg-02194b4d35c81e260 False udp 111 111 203.0.113.0/24 None None None None sgr-0f874c0823c97cd56 sg-02194b4d35c81e260 False tcp 9440 9440 None sg-04dbca9bf71cefcdb None None None sgr-0c02126bd0114aa4d sg-02194b4d35c81e260 False tcp 8443 8443 None sg-04dbca9bf71cefcdb None None None sgr-017d522e7629e49aa sg-adafbee9 True -1 -1 -1 0.0.0.0/0 None None None None sgr-02bb64a75c5a0951b sg-02194b4d35c81e260 False tcp 111 111 None sg-04dbca9bf71cefcdb None None None sgr-08ce0376a8aba7d3b sg-02194b4d35c81e260 False tcp 3205 3205 203.0.113.0/24 None None None None sgr-0d770c7331e106fb4 sg-02194b4d35c81e260 False tcp 2074 2074 None sg-04dbca9bf71cefcdb None None None sgr-043edcc55bc3fcaab sg-02194b4d35c81e260 False tcp 2009 2009 10.1.0.0/16 None None None None sgr-08fcb0ba6c607d581 sg-02194b4d35c81e260 False tcp 3260 3260 10.1.0.0/16 None None None None sgr-0f8689a59e101e652 sg-02194b4d35c81e260 False icmp 8 0 None sg-04dbca9bf71cefcdb None None None sgr-051d65a57c89c6581 sg-02194b4d35c81e260 False tcp 2020 2020 203.0.113.0/24 None None None None sgr-0aa00fae9bd6d948d sg-02194b4d35c81e260 False tcp 7501 7501 203.0.113.0/24 None None None None sgr-0a827766e6dd513c7 sg-02194b4d35c81e260 False tcp 7501 7501 10.1.0.0/16 None None None None sgr-0a1f0b492e91a78ef sg-04dbca9bf71cefcdb False tcp 2090 2090 None sg-02194b4d35c81e260 None None None sgr-08ee83ae2c241a81a sg-adafbee9 False -1 -1 -1 None sg-adafbee9 None None None sgr-03ced9818f203a819 sg-04dbca9bf71cefcdb False tcp 22 22 None sg-02194b4d35c81e260 None None None sgr-026254f64d8e8bfae sg-02194b4d35c81e260 False tcp 111 111 10.1.0.0/16 None None None None sgr-0456bbc573906ae69 sg-02194b4d35c81e260 True -1 -1 -1 0.0.0.0/0 None None None None sgr-069ac1ce8d8769949 sg-02194b4d35c81e260 False tcp 2049 2049 203.0.113.0/24 None None None None sgr-0eb8cfef8284b1412 sg-02194b4d35c81e260 False tcp 2090 2090 None sg-04dbca9bf71cefcdb None None None sgr-0c211d1c892040187 sg-02194b4d35c81e260 False tcp 2073 2073 None sg-04dbca9bf71cefcdb None None None sgr-0bdb367756a3ca0fb sg-04dbca9bf71cefcdb False tcp 7502 7502 None sg-02194b4d35c81e260 None None None sgr-0f2f73a56878f8013 sg-0c530b3ef9329f7fd True -1 -1 -1 0.0.0.0/0 None None None None sgr-03f32953eb9dc96de sg-02194b4d35c81e260 False udp 123 123 None sg-04dbca9bf71cefcdb None None None sgr-02486577f071f4c71 sg-02194b4d35c81e260 False tcp 80 80 None sg-04dbca9bf71cefcdb None None None sgr-02c795d78036b1924 sg-02194b4d35c81e260 False udp 111 111 10.1.0.0/16 None None None None sgr-00ea9f98dedd0e69b sg-02194b4d35c81e260 False tcp 80 80 10.1.0.0/16 None None None None sgr-0e678bd3397792834 sg-0c530b3ef9329f7fd False -1 -1 -1 None sg-0c530b3ef9329f7fd None None None sgr-0b55688ecf3edce45 sg-04dbca9bf71cefcdb False tcp 3000 3000 None sg-02194b4d35c81e260 None None None sgr-08ec35846e879c05c sg-02194b4d35c81e260 False tcp 3205 3205 None sg-04dbca9bf71cefcdb None None None sgr-0f06bc10d0b1106a5 sg-04dbca9bf71cefcdb False icmp 8 0 None sg-02194b4d35c81e260 None None None sgr-0857781dd5777e9cd sg-02194b4d35c81e260 False udp 2049 2049 None sg-04dbca9bf71cefcdb None None None sgr-0e6da53d8dcdc9664 sg-04dbca9bf71cefcdb False icmp 0 0 None sg-02194b4d35c81e260 None None None sgr-074d00265546398c3 sg-02194b4d35c81e260 False udp 2049 2049 10.1.0.0/16 None None None None sgr-0f763e5ffd38e7021 sg-02194b4d35c81e260 False icmp 0 0 None sg-04dbca9bf71cefcdb None None None sgr-0d9c3908d112235e4 sg-02194b4d35c81e260 False tcp 2030 2030 None sg-04dbca9bf71cefcdb None None None sgr-0df3888440cc11e9c sg-02194b4d35c81e260 False tcp 2036 2036 None sg-04dbca9bf71cefcdb None None None sgr-03184fb9ebc4433e1 sg-02194b4d35c81e260 False udp 111 111 None sg-04dbca9bf71cefcdb None None None sgr-021b4e97a86ed61f5 sg-02194b4d35c81e260 False tcp 80 80 203.0.113.0/24 None None None None sgr-0bef46ad51e25b5bc sg-02194b4d35c81e260 False tcp 8443 8443 203.0.113.0/24 None None None None sgr-0f6ef92ba5072b3cf sg-02194b4d35c81e260 False tcp 5000 5000 None sg-04dbca9bf71cefcdb None None None sgr-02fefebf7bcd54b84 sg-014adea3906ab2fad True -1 -1 -1 0.0.0.0/0 None None None None sgr-04c86937c943ccccb sg-02194b4d35c81e260 False tcp 2020 2020 10.1.0.0/16 None None None None sgr-04ac49ca83f9270fc sg-02194b4d35c81e260 False tcp 2009 2009 203.0.113.0/24 None None None None sgr-0edaf57f940a18aeb sg-02194b4d35c81e260 False tcp 9440 9440 10.1.129.146/32 None None None None sgr-0df666a4b77978236 sg-04dbca9bf71cefcdb False tcp 29092 29092 None sg-02194b4d35c81e260 None None None sgr-00aaf2faf275a53dc sg-02194b4d35c81e260 False tcp 22 22 None sg-04dbca9bf71cefcdb None None None sgr-04229295ab5f14e25 sg-04dbca9bf71cefcdb True -1 -1 -1 0.0.0.0/0 None None None None sgr-0093fdae5404c01ec sg-02194b4d35c81e260 False tcp 22 22 203.0.113.0/24 None None None None sgr-078734caf09a9bde7 sg-02194b4d35c81e260 False udp 2049 2049 203.0.113.0/24 None None None None sgr-078e4070c90d4a149 sg-04dbca9bf71cefcdb False tcp 443 443 None sg-02194b4d35c81e260 None None None sgr-096debaa98db0684f sg-04dbca9bf71cefcdb False tcp 2027 2027 None sg-02194b4d35c81e260 None None None sgr-0b7fa3c5f0ef67ccb sg-02194b4d35c81e260 False tcp 7501 7501 None sg-04dbca9bf71cefcdb None None None sgr-0906e2475abef0fa1 sg-02194b4d35c81e260 False tcp 3260 3260 203.0.113.0/24 None None None None sgr-0db70c8189342b991 sg-04dbca9bf71cefcdb False tcp 9440 9440 None sg-02194b4d35c81e260 None None None sgr-06d42705ddc951495 sg-02194b4d35c81e260 False tcp 2049 2049 None sg-04dbca9bf71cefcdb None None None sgr-05352d79be07c4212 sg-04dbca9bf71cefcdb False udp 123 123 None sg-02194b4d35c81e260 None None None [cloudshell-user@ip-10-0-118-211 tmp]$
(参考) 構築時にManagement Serviceを Restricted で 例示用IPアドレス 203.0.113.0/24 を指定してみたところ、以下内容がSGのルールとして追加されていました。
[cloudshell-user@ip-10-0-118-211 tmp]$ echo "SecurityGroupRuleId GroupId IsEgress IpProtocol FromPort ToPort CidrIpv4 SourceGroupId PeeringStatus VpcId VpcPeeringConnectionId" > /tmp/awscli.tmp ;aws ec2 describe-security-group-rules --query "SecurityGroupRules[].\ [SecurityGroupRuleId,\ GroupId,\ IsEgress,\ IpProtocol,\ FromPort,\ ToPort,\ CidrIpv4,\ ReferencedGroupInfo.GroupId,\ ReferencedGroupInfo.PeeringStatus,\ ReferencedGroupInfo.VpcId,\ ReferencedGroupInfo.VpcPeeringConnectionId]" --output text |grep 203.0.113.0 >> /tmp/awscli.tmp ;column -t /tmp/awscli.tmp ;rm /tmp/awscli.tmp SecurityGroupRuleId GroupId IsEgress IpProtocol FromPort ToPort CidrIpv4 SourceGroupId PeeringStatus VpcId VpcPeeringConnectionId sgr-038223c70f3567aa2 sg-02194b4d35c81e260 False udp 123 123 203.0.113.0/24 None None None None sgr-02b51f254b0d66bc2 sg-02194b4d35c81e260 False tcp 111 111 203.0.113.0/24 None None None None sgr-02d9825c86f6da9d7 sg-02194b4d35c81e260 False udp 111 111 203.0.113.0/24 None None None None sgr-08ce0376a8aba7d3b sg-02194b4d35c81e260 False tcp 3205 3205 203.0.113.0/24 None None None None sgr-051d65a57c89c6581 sg-02194b4d35c81e260 False tcp 2020 2020 203.0.113.0/24 None None None None sgr-0aa00fae9bd6d948d sg-02194b4d35c81e260 False tcp 7501 7501 203.0.113.0/24 None None None None sgr-069ac1ce8d8769949 sg-02194b4d35c81e260 False tcp 2049 2049 203.0.113.0/24 None None None None sgr-021b4e97a86ed61f5 sg-02194b4d35c81e260 False tcp 80 80 203.0.113.0/24 None None None None sgr-0bef46ad51e25b5bc sg-02194b4d35c81e260 False tcp 8443 8443 203.0.113.0/24 None None None None sgr-04ac49ca83f9270fc sg-02194b4d35c81e260 False tcp 2009 2009 203.0.113.0/24 None None None None sgr-0093fdae5404c01ec sg-02194b4d35c81e260 False tcp 22 22 203.0.113.0/24 None None None None sgr-078734caf09a9bde7 sg-02194b4d35c81e260 False udp 2049 2049 203.0.113.0/24 None None None None sgr-0906e2475abef0fa1 sg-02194b4d35c81e260 False tcp 3260 3260 203.0.113.0/24 None None None None [cloudshell-user@ip-10-0-118-211 tmp]$
Amazon EC2関連
インスタンス詳細一覧
3台が同じPlacement Groupに所属している事が判ります。
※ blogのコマンド例にはないPlacement Groupを手動追加しています
[cloudshell-user@ip-10-0-118-211 tmp]$ echo "NameTag InstanceId ImageId InstanceType CoreCount ThreadsPerCore KeyName AvailabilityZone PlacementGroupName Name VpcId SubnetId Architecture EbsOptimized EnaSupport Hypervisor SourceDestCheck VirtualizationType Monitoring.State Hibernation" > /tmp/awscli.tmp;\ > aws ec2 describe-instances --query "Reservations[].Instances[].[Tags[?Key=='Name'] | [0].Value,InstanceId,ImageId,InstanceType,CpuOptions.CoreCount,CpuOptions.ThreadsPerCore,KeyName,Placement.AvailabilityZone,Placement.GroupName,State.Name,VpcId,SubnetId,Architecture,EbsOptimized,EnaSupport,Hypervisor,SourceDestCheck,VirtualizationType,Monitoring.State,HibernationOptions.Configured]" --output text | sort >> /tmp/awscli.tmp;\ > column -t /tmp/awscli.tmp;\ > rm /tmp/awscli.tmp NameTag InstanceId ImageId InstanceType CoreCount ThreadsPerCore KeyName AvailabilityZone PlacementGroupName Name VpcId SubnetId Architecture EbsOptimized EnaSupport Hypervisor SourceDestCheck VirtualizationType Monitoring.State Hibernation NCA-70B5855C771F i-014cdc8e3395bb424 ami-04fc99afc02e89ed0 i3.metal 36 2 nutanix-key ap-northeast-1a nutanix-cluster-0005cebd-e65d-3ac7-3add-30f1cad044d4-pg-i3.metal running vpc-045b8dd064f950e73 subnet-0ddd78c267692b50a x86_64 False True xen False hvm disabled False NCA-7881EA5FEC06 i-0990a517942d646ee ami-04fc99afc02e89ed0 i3.metal 36 2 nutanix-key ap-northeast-1a nutanix-cluster-0005cebd-e65d-3ac7-3add-30f1cad044d4-pg-i3.metal running vpc-045b8dd064f950e73 subnet-0ddd78c267692b50a x86_64 False True xen False hvm disabled False NCA-E878E341FBBC i-042db6a04e904535e ami-04fc99afc02e89ed0 i3.metal 36 2 nutanix-key ap-northeast-1a nutanix-cluster-0005cebd-e65d-3ac7-3add-30f1cad044d4-pg-i3.metal running vpc-045b8dd064f950e73 subnet-0ddd78c267692b50a x86_64 False True xen False hvm disabled False [cloudshell-user@ip-10-0-118-211 tmp]$
インスタンスプロファイル一覧
[cloudshell-user@ip-10-0-118-211 tmp]$ echo "InstanceId NameTag IamInstanceProfile" > /tmp/awscli.tmp;\ > aws ec2 describe-iam-instance-profile-associations --query "IamInstanceProfileAssociations[].[InstanceId,IamInstanceProfile.Arn]" --output text | sort > /tmp/awscli-tag-jonn1.tmp;\ > aws ec2 describe-tags --filters "Name=key,Values=Name" "Name=resource-type,Values=instance" --query "Tags[].[ResourceId,Value]" --output text | sort > /tmp/awscli-tag-jonn2.tmp;\ > join /tmp/awscli-tag-jonn2.tmp /tmp/awscli-tag-jonn1.tmp >> /tmp/awscli.tmp ;\ > join -v 1 /tmp/awscli-tag-jonn1.tmp /tmp/awscli-tag-jonn2.tmp | sed 's/arn/ None arn/g' | sort >> /tmp/awscli.tmp ;\ > column -t /tmp/awscli.tmp;\ > rm /tmp/awscli.tmp /tmp/awscli-tag-jonn1.tmp /tmp/awscli-tag-jonn2.tmp InstanceId NameTag IamInstanceProfile i-014cdc8e3395bb424 NCA-70B5855C771F arn:aws:iam::XXXXXXXXXXXX:instance-profile/Nutanix-Clusters-High-Cluster-Role-Prod i-042db6a04e904535e NCA-E878E341FBBC arn:aws:iam::XXXXXXXXXXXX:instance-profile/Nutanix-Clusters-High-Cluster-Role-Prod i-0990a517942d646ee NCA-7881EA5FEC06 arn:aws:iam::XXXXXXXXXXXX:instance-profile/Nutanix-Clusters-High-Cluster-Role-Prod [cloudshell-user@ip-10-0-118-211 tmp]$
ENIアタッチ情報
[cloudshell-user@ip-10-0-118-211 tmp]$ echo "NameTag InstanceId VpcId SubnetId PublicIP PrimaryENI PrimaryPrivateIpAddress SeconderyENI SseconderyPrivateIpAddress" > /tmp/awscli.tmp;\ > aws ec2 describe-instances --query "Reservations[].Instances[].[Tags[?Key=='Name'] | [0].Value,InstanceId,VpcId,SubnetId,\ > NetworkInterfaces[0].Association.PublicIp,\ > NetworkInterfaces[0].NetworkInterfaceId,NetworkInterfaces[0].PrivateIpAddresses[0].PrivateIpAddress,\ > NetworkInterfaces[1].NetworkInterfaceId,NetworkInterfaces[1].PrivateIpAddresses[0].PrivateIpAddress]" \ > --output text | sort >>/tmp/awscli.tmp;\ > column -t /tmp/awscli.tmp;\ > rm /tmp/awscli.tmp NameTag InstanceId VpcId SubnetId PublicIP PrimaryENI PrimaryPrivateIpAddress SeconderyENI SseconderyPrivateIpAddress NCA-70B5855C771F i-014cdc8e3395bb424 vpc-045b8dd064f950e73 subnet-0ddd78c267692b50a None eni-031468a1f1b80c33f 10.1.128.137 None None NCA-7881EA5FEC06 i-0990a517942d646ee vpc-045b8dd064f950e73 subnet-0ddd78c267692b50a None eni-064a631a5d04ac21a 10.1.128.132 None None NCA-E878E341FBBC i-042db6a04e904535e vpc-045b8dd064f950e73 subnet-0ddd78c267692b50a None eni-071f541679941a5e0 10.1.128.239 None None [cloudshell-user@ip-10-0-118-211 tmp]$
Elastic Block Store (EBS)ボリュームアタッチ情報
[cloudshell-user@ip-10-0-118-211 tmp]$ echo "NameTag InstanceId DeviceName[1] DeleteOnTermination[1] VolumeId[1] DeviceName[2] DeleteOnTermination[2] VolumeId[2] DeviceName[3] DeleteOnTermination[3] VolumeId[3]" > /tmp/awscli.tmp;\ > aws ec2 describe-instances --query "Reservations[].Instances[].[Tags[?Key=='Name'] | [0].Value,InstanceId,BlockDeviceMappings[0].DeviceName,BlockDeviceMappings[0].Ebs.DeleteOnTermination,BlockDeviceMappings[0].Ebs.VolumeId,BlockDeviceMappings[1].DeviceName,BlockDeviceMappings[1].Ebs.DeleteOnTermination,BlockDeviceMappings[1].Ebs.VolumeId,BlockDeviceMappings[2].DeviceName,BlockDeviceMappings[2].Ebs.DeleteOnTermination,BlockDeviceMappings[2].Ebs.VolumeId]" --output text | sort >> /tmp/awscli.tmp;\ > column -t /tmp/awscli.tmp;\ > rm /tmp/awscli.tmp NameTag InstanceId DeviceName[1] DeleteOnTermination[1] VolumeId[1] DeviceName[2] DeleteOnTermination[2] VolumeId[2] DeviceName[3] DeleteOnTermination[3] VolumeId[3] NCA-70B5855C771F i-014cdc8e3395bb424 /dev/sda1 True vol-0a1dd875e681a3a13 /dev/sdb True vol-0a07774a5bdd0d394 None None None NCA-7881EA5FEC06 i-0990a517942d646ee /dev/sda1 True vol-068bc35c56ee2b6ac /dev/sdb True vol-089821abc76a376c7 None None None NCA-E878E341FBBC i-042db6a04e904535e /dev/sda1 True vol-0507ffe911fb0e0cb /dev/sdb True vol-000d6472e94a5266e None None None [cloudshell-user@ip-10-0-118-211 tmp]$
EBSボリューム詳細
/dev/sda1 で 100GiB(gp3) , /dev/sdb で150GiB(gp2)がアタッチ
[cloudshell-user@ip-10-0-118-211 tmp]$ echo "InstanceId NameTag VolumeId AvailabilityZone Encrypted State Size Iops VolumeType" > /tmp/awscli.tmp;\ > aws ec2 describe-volumes --query "Volumes[].[Tags[?Key=='Name'] | [0].Value,Attachments[0].InstanceId,VolumeId,AvailabilityZone,Encrypted,Size,State,Iops,VolumeType]" --output text | sort >> /tmp/awscli.tmp;\ > column -t /tmp/awscli.tmp;\ > rm /tmp/awscli.tmp InstanceId NameTag VolumeId AvailabilityZone Encrypted State Size Iops VolumeType None i-014cdc8e3395bb424 vol-0a07774a5bdd0d394 ap-northeast-1a False 150 in-use 450 gp2 None i-014cdc8e3395bb424 vol-0a1dd875e681a3a13 ap-northeast-1a False 100 in-use 3000 gp3 None i-042db6a04e904535e vol-000d6472e94a5266e ap-northeast-1a False 150 in-use 450 gp2 None i-042db6a04e904535e vol-0507ffe911fb0e0cb ap-northeast-1a False 100 in-use 3000 gp3 None i-0990a517942d646ee vol-068bc35c56ee2b6ac ap-northeast-1a False 100 in-use 3000 gp3 None i-0990a517942d646ee vol-089821abc76a376c7 ap-northeast-1a False 150 in-use 450 gp2 [cloudshell-user@ip-10-0-118-211 tmp]$
EC2インスタンスのタグ情報
Nutanixのものと判別可能な内容が多数
[cloudshell-user@ip-10-0-118-211 tmp]$ echo "InstanceId \ > Tag-Key[1] Tag-Value[1] \ > Tag-Key[2] Tag-Value[2] \ > Tag-Key[3] Tag-Value[3] \ > Tag-Key[4] Tag-Value[4] \ > Tag-Key[5] Tag-Value[5] \ > Tag-Key[6] Tag-Value[6] \ > Tag-Key[7] Tag-Value[7] \ > Tag-Key[8] Tag-Value[8] \ > Tag-Key[9] Tag-Value[9] \ > Tag-Key[10] Tag-Value[10]" > /tmp/awscli.tmp;\ > aws ec2 describe-instances --query "Reservations[].Instances[].\ > [InstanceId,\ > Tags[0].Key,Tags[0].Value,\ > Tags[1].Key,Tags[1].Value,\ > Tags[2].Key,Tags[2].Value,\ > Tags[3].Key,Tags[3].Value,\ > Tags[4].Key,Tags[4].Value,\ > Tags[5].Key,Tags[5].Value,\ > Tags[6].Key,Tags[6].Value,\ > Tags[7].Key,Tags[7].Value,\ > Tags[8].Key,Tags[8].Value,\ > Tags[9].Key,Tags[9].Value]" --output text >> /tmp/awscli.tmp;\ > column -t /tmp/awscli.tmp;\ > rm /tmp/awscli.tmp InstanceId Tag-Key[1] Tag-Value[1] Tag-Key[2] Tag-Value[2] Tag-Key[3] Tag-Value[3] Tag-Key[4] Tag-Value[4] Tag-Key[5] Tag-Value[5] Tag-Key[6] Tag-Value[6] Tag-Key[7] Tag-Value[7] Tag-Key[8] Tag-Value[8] Tag-Key[9] Tag-Value[9] Tag-Key[10] Tag-Value[10] i-014cdc8e3395bb424 nutanix:clusters:owner nutanix-clusters Name NCA-70B5855C771F nutanix:clusters:cluster-uuid 0005cebd-e65d-3ac7-3add-30f1cad044d4 nutanix:clusters:gateway https://gateway-external-api.console.nutanix.com nutanix:clusters:cluster-id w5ZWVDB35nz1Mbkd nutanix:clusters:node-uuid fad827cf-ce15-45a7-9c93-70b5855c771f EbsOptimized False nutanix:clusters:node-id 63VYwPRkgjDgOpQn None None None None i-042db6a04e904535e EbsOptimized False nutanix:clusters:gateway https://gateway-external-api.console.nutanix.com Name NCA-E878E341FBBC nutanix:clusters:owner nutanix-clusters nutanix:clusters:node-id x9XOvew6OgzGZ7Y8 nutanix:clusters:cluster-id w5ZWVDB35nz1Mbkd nutanix:clusters:node-uuid 1293f9fc-e3cb-490e-a08f-e878e341fbbc nutanix:clusters:cluster-uuid 0005cebd-e65d-3ac7-3add-30f1cad044d4 None None None None i-0990a517942d646ee nutanix:clusters:gateway https://gateway-external-api.console.nutanix.com EbsOptimized False nutanix:clusters:node-id G1KqyD6dgOeAw0Jg nutanix:clusters:owner nutanix-clusters nutanix:clusters:cluster-uuid 0005cebd-e65d-3ac7-3add-30f1cad044d4 nutanix:clusters:cluster-id w5ZWVDB35nz1Mbkd Name NCA-7881EA5FEC06 nutanix:clusters:node-uuid 159b11e6-8b76-4da5-8bd1-7881ea5fec06 None None None None [cloudshell-user@ip-10-0-118-211 tmp]$
Elastic Load Balancing(ELB)関連
基本情報
Publicサブネットに1つNLBが作成 (PrismへのPublic接続を許可した為)
[cloudshell-user@ip-10-0-118-211 tmp]$ echo "LoadBalancerName Scheme DNSName VpcId AvailabilityZone[1] SubnetId[1] AvailabilityZones[2] SubnetId[2]" > /tmp/awscli.tmp;\ > aws elbv2 describe-load-balancers --query "LoadBalancers[].[LoadBalancerName,Scheme,DNSName,VpcId,AvailabilityZones[0].ZoneName,AvailabilityZones[0].SubnetId,AvailabilityZones[1].ZoneName,AvailabilityZones[1].SubnetId]" --output text >> /tmp/awscli.tmp;\ > column -t /tmp/awscli.tmp;\ > rm /tmp/awscli.tmp LoadBalancerName Scheme DNSName VpcId AvailabilityZone[1] SubnetId[1] AvailabilityZones[2] SubnetId[2] Nutanix-Cluster-30F1CAD044D4 internet-facing Nutanix-Cluster-30F1CAD044D4-014274dc2b556553.elb.ap-northeast-1.amazonaws.com vpc-045b8dd064f950e73 ap-northeast-1a subnet-06af1388a7e45f664 None None [cloudshell-user@ip-10-0-118-211 tmp]$
リスナー設定
TCP:9440(Prismへのアクセスで利用) でListen
[cloudshell-user@ip-10-0-118-211 tmp]$ echo "LoadBalancerArn Port Protcol CertificateArn" > /tmp/awscli.tmp;\ > for elb_arn in $(aws elbv2 describe-load-balancers --query "LoadBalancers[].LoadBalancerArn" --output text) > do > aws elbv2 describe-listeners --load-balancer-arn $elb_arn --query "Listeners[].[LoadBalancerArn,Port,Protocol,Certificates[0].CertificateArn]" --output text >> /tmp/awscli.tmp > done;\ > column -t /tmp/awscli.tmp;\ > rm /tmp/awscli.tmp LoadBalancerArn Port Protcol CertificateArn arn:aws:elasticloadbalancing:ap-northeast-1:XXXXXXXXXXXX:loadbalancer/net/Nutanix-Cluster-30F1CAD044D4/014274dc2b556553 9440 TCP None [cloudshell-user@ip-10-0-118-211 tmp]$
Target groups設定
ヘルスチェックは HTTPS
[cloudshell-user@ip-10-0-118-211 tmp]$ echo "TargetGroupName Protocol Port VpcId HealthProtocol HealthPort HealthEnabled HealthInterval HealthTimeout HealthyCount UnhealthyCount HealthCheckPath TargetType HttpCode" > /tmp/awscli.tmp;\ > aws elbv2 describe-target-groups --query "TargetGroups[].[TargetGroupName,Protocol,Port,VpcId,HealthCheckProtocol,HealthCheckPort,HealthCheckEnabled,HealthCheckIntervalSeconds,HealthCheckTimeoutSeconds,HealthyThresholdCount,UnhealthyThresholdCount,HealthCheckPath,TargetType,Matcher.HttpCode]" --output text >> /tmp/awscli.tmp;\ > column -t /tmp/awscli.tmp;\ > rm /tmp/awscli.tmp TargetGroupName Protocol Port VpcId HealthProtocol HealthPort HealthEnabled HealthInterval HealthTimeout HealthyCount UnhealthyCount HealthCheckPath TargetType HttpCode Nutanix-Cluster-30F1CAD044D4 TCP 9440 vpc-045b8dd064f950e73 HTTPS traffic-port True 30 10 5 5 /console/ ip 200-399 [cloudshell-user@ip-10-0-118-211 tmp]$
ELB属性
ELBのログ取得やらクロスゾーンロードバランシングは無効
[cloudshell-user@ip-10-0-118-211 tmp]$ echo "LoadBalancer,Item,Value" > /tmp/awscli.tmp;\ > for elb_arn in $(aws elbv2 describe-load-balancers --query "LoadBalancers[].LoadBalancerArn" --output text) > do > elb_arn_esc=$(echo ${elb_arn#*/} | sed 's/\//\\\//g') > aws elbv2 describe-load-balancer-attributes --load-balancer-arn $elb_arn --query "Attributes[]" --output text | sed -e s/^/$elb_arn_esc,/g -e 's/\t/,/g' >> /tmp/awscli.tmp > done;\ > column -s, -t /tmp/awscli.tmp;\ > rm /tmp/awscli.tmp LoadBalancer Item Value net/Nutanix-Cluster-30F1CAD044D4/014274dc2b556553 access_logs.s3.enabled false net/Nutanix-Cluster-30F1CAD044D4/014274dc2b556553 access_logs.s3.prefix net/Nutanix-Cluster-30F1CAD044D4/014274dc2b556553 deletion_protection.enabled false net/Nutanix-Cluster-30F1CAD044D4/014274dc2b556553 access_logs.s3.bucket net/Nutanix-Cluster-30F1CAD044D4/014274dc2b556553 load_balancing.cross_zone.enabled false [cloudshell-user@ip-10-0-118-211 tmp]$
ターゲットグループ属性
スティッキーセッションは無効
[cloudshell-user@ip-10-0-118-211 tmp]$ echo "TargetGroup,Item,Value" > /tmp/awscli.tmp;\ > for target_group_arn in $(aws elbv2 describe-target-groups --query "TargetGroups[].TargetGroupArn" --output text) > do > target_group_arn_esc=$(echo ${target_group_arn#*/} | sed 's/\//\\\//g') > aws elbv2 describe-target-group-attributes --target-group-arn ${target_group_arn} --query "Attributes[]" --output text | sed -e s/^/$target_group_arn_esc,/g -e 's/\t/,/g' >> /tmp/awscli.tmp > done;\ > column -s, -t /tmp/awscli.tmp;\ > rm /tmp/awscli.tmp TargetGroup Item Value Nutanix-Cluster-30F1CAD044D4/d630d6ba4e4a3ad0 proxy_protocol_v2.enabled false Nutanix-Cluster-30F1CAD044D4/d630d6ba4e4a3ad0 preserve_client_ip.enabled false Nutanix-Cluster-30F1CAD044D4/d630d6ba4e4a3ad0 stickiness.enabled false Nutanix-Cluster-30F1CAD044D4/d630d6ba4e4a3ad0 deregistration_delay.timeout_seconds 300 Nutanix-Cluster-30F1CAD044D4/d630d6ba4e4a3ad0 stickiness.type source_ip Nutanix-Cluster-30F1CAD044D4/d630d6ba4e4a3ad0 deregistration_delay.connection_termination.enabled false [cloudshell-user@ip-10-0-118-211 tmp]$
ヘルスチェック設定の確認
[cloudshell-user@ip-10-0-118-211 tmp]$ echo "TargetGroup,Target,TargetPort,HealthCheckPort,State,Reason,Description" > /tmp/awscli.tmp;\ > for target_group_arn in $(aws elbv2 describe-target-groups --query "TargetGroups[].TargetGroupArn" --output text) > do > target_group_arn_esc=$(echo ${target_group_arn#*/} | sed 's/\//\\\//g') > aws elbv2 describe-target-health --target-group-arn ${target_group_arn} --query "TargetHealthDescriptions[].[Target.Id,Target.Port,HealthCheckPort,TargetHealth.State,TargetHealth.Reason,TargetHealth.Description]" --output text | sed -e s/^/$target_group_arn_esc,/g -e 's/\t/,/g' >> /tmp/awscli.tmp > done;\ > column -s, -t /tmp/awscli.tmp;\ > rm /tmp/awscli.tmp TargetGroup Target TargetPort HealthCheckPort State Reason Description Nutanix-Cluster-30F1CAD044D4/d630d6ba4e4a3ad0 10.1.128.211 9440 9440 healthy None None Nutanix-Cluster-30F1CAD044D4/d630d6ba4e4a3ad0 10.1.128.162 9440 9440 healthy None None Nutanix-Cluster-30F1CAD044D4/d630d6ba4e4a3ad0 10.1.128.51 9440 9440 healthy None None [cloudshell-user@ip-10-0-118-211 tmp]$
NLBタグ
[cloudshell-user@ip-10-0-118-211 tmp]$ echo "LoadBalancer,Key[1],Value[1],Key[2],Value[2],Key[3],Value[3],Key[4],Value[4],Key[5],Value[5],Key[6],Value[6],Key[7],Value[7],Key[8],Value[8],Key[9],Value[9],Key[10],Value[10]" > /tmp/awscli.tmp [cloudshell-user@ip-10-0-118-211 tmp]$ for elb_arn in $(aws elbv2 describe-load-balancers --query "LoadBalancers[].LoadBalancerArn" --output text) > do > elb_arn_esc=$(echo ${elb_arn#*/} | sed 's/\//\\\//g') > aws elbv2 describe-tags --resource-arns ${elb_arn} --query "TagDescriptions[].[ > Tags[0].Key,Tags[0].Value,\ > Tags[1].Key,Tags[1].Value,\ > Tags[2].Key,Tags[2].Value,\ > Tags[3].Key,Tags[3].Value,\ > Tags[4].Key,Tags[4].Value,\ > Tags[5].Key,Tags[5].Value,\ > Tags[6].Key,Tags[6].Value,\ > Tags[7].Key,Tags[7].Value,\ > Tags[8].Key,Tags[8].Value,\ > Tags[9].Key,Tags[9].Value]" --output text | sed -e s/^/$elb_arn_esc,/g -e 's/\t/,/g' >> /tmp/awscli.tmp > done;\ > column -s, -t /tmp/awscli.tmp;\ > rm /tmp/awscli.tmp LoadBalancer Key[1] Value[1] Key[2] Value[2] Key[3] Value[3] Key[4] Value[4] Key[5] Value[5] Key[6] Value[6] Key[7] Value[7] Key[8] Value[8] Key[9] Value[9] Key[10] Value[10] net/Nutanix-Cluster-30F1CAD044D4/014274dc2b556553 nutanix:clusters:owner nutanix-clusters nutanix:clusters:cluster-id w5ZWVDB35nz1Mbkd nutanix:clusters:cluster-uuid 0005cebd-e65d-3ac7-3add-30f1cad044d4 Name Nutanix Cluster 30F1CAD044D4 nutanix:clusters:gateway https://gateway-external-api.console.nutanix.com None None None None None None None None None None [cloudshell-user@ip-10-0-118-211 tmp]$
まとめ
構築したNCA環境をAWSインフラ視点で軽く眺めてみました。
情報取得してNCA環境を削除し、blogを執筆中に気がついたのですが、デフォルトVPCを削除した状態でやるべきでした(懺悔