https://docs.aws.amazon.com/ja_jp/AmazonCloudFront/latest/DeveloperGuide/add-origin-custom-headers.html
https://docs.aws.amazon.com/ja_jp/AmazonCloudFront/latest/DeveloperGuide/restrict-access-to-load-balancer.html
https://www.yamamanx.com/cloudfront-customeheader-alb/
-- 1. コマンド等のインストール
-- 1.1 aws cli version 2 インストール
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
aws --version
-- 1.2 jqインストール
sudo yum -y install jq
-- 2. EC2インスタンス作成
-- ap-northeast-1a
vim a.sh
#!/bin/bash
yum -y update
yum -y install httpd
systemctl start httpd
systemctl enable httpd
echo $(hostname) > /var/www/html/index.html
aws ec2 run-instances \
--image-id ami-0404778e217f54308 \
--instance-type t3.nano \
--key-name key1 \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=instance01}]' \
--subnet-id subnet-11111111111111111 \
--user-data file://a.sh
aws ec2 describe-instances
-- 3. ロードバランサーの作成
aws elbv2 create-load-balancer \
--name alb01 \
--subnets subnet-11111111111111111 subnet-22222222222222222 \
--security-groups sg-33333333333333333
aws elbv2 describe-load-balancers
aws elbv2 describe-load-balancers| jq -r .LoadBalancers.LoadBalancerArn
aws elbv2 create-target-group \
--name target01 \
--protocol HTTP \
--port 80 \
--vpc-id vpc-44444444444444444 \
--ip-address-type ipv4 \
--target-type instance
aws elbv2 describe-target-groups
aws elbv2 describe-target-groups| jq -r .TargetGroups.TargetGroupArn
aws elbv2 describe-target-group-attributes \
--target-group-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:targetgroup/target01/555555555555555
aws elbv2 register-targets \
--target-group-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:targetgroup/target01/555555555555555 \
--targets Id=i-00000000000000000
aws elbv2 describe-target-health \
--target-group-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:targetgroup/target01/555555555555555
-- 4. リスナーの作成
aws elbv2 create-listener \
--load-balancer-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:loadbalancer/app/alb01/6666666666666666 \
--protocol HTTP \
--port 80 \
--default-actions Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:targetgroup/target01/555555555555555
aws elbv2 describe-listeners \
--load-balancer-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:loadbalancer/app/alb01/6666666666666666
aws elbv2 describe-listeners \
--load-balancer-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:loadbalancer/app/alb01/6666666666666666 | jq -r .Listeners[].ListenerArn
-- 5. ディストリビューションの作成
aws cloudfront create-distribution \
--origin-domain-name alb01-00000000.ap-northeast-1.elb.amazonaws.com
aws cloudfront list-distributions
aws cloudfront get-distribution \
--id AAAAAAAAAAAAAA
aws cloudfront get-distribution-config \
--id AAAAAAAAAAAAAA
-- 6. カスタムヘッダーの追加
aws cloudfront get-distribution \
--id AAAAAAAAAAAAAA
aws cloudfront get-distribution-config \
--id AAAAAAAAAAAAAA
aws cloudfront get-distribution-config \
--id AAAAAAAAAAAAAA | jq -r .DistributionConfig > distribution.json
Origins -> Items -> CustomHeaders を下記のように修正
"CustomHeaders": {
"Quantity": 1,
"Items": [
{
"HeaderName": "X-HOGE",
"HeaderValue": "header01"
}
]
},
aws cloudfront get-distribution-config \
--id AAAAAAAAAAAAAA | jq -r .ETag
aws cloudfront update-distribution \
--id AAAAAAAAAAAAAA \
--if-match DDDDDDDDDDDDD \
--distribution-config file://distribution.json
-- 7. リスナールール追加
aws elbv2 describe-rules \
--listener-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:listener/app/alb01/6666666666666666/7777777777777777
aws elbv2 create-rule \
--listener-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:listener/app/alb01/6666666666666666/7777777777777777 \
--conditions '[
{
"Field": "http-header",
"HttpHeaderConfig": {
"HttpHeaderName": "X-HOGE",
"Values": [
"header01"
]
}
}
]' \
--priority 1 \
--actions ' [
{
"Type": "forward",
"TargetGroupArn": "arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:targetgroup/target01/555555555555555",
"Order": 1,
"ForwardConfig": {
"TargetGroups": [
{
"TargetGroupArn": "arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:targetgroup/target01/555555555555555",
"Weight": 1
}
],
"TargetGroupStickinessConfig": {
"Enabled": false
}
}
}
]'
aws elbv2 describe-listeners \
--load-balancer-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:loadbalancer/app/alb01/6666666666666666
aws elbv2 modify-listener \
--listener-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:listener/app/alb01/6666666666666666/7777777777777777 \
--default-actions ' [
{
"Type": "fixed-response",
"Order": 1,
"FixedResponseConfig": {
"MessageBody": "Access denied!!!",
"StatusCode": "403",
"ContentType": "text/plain"
}
}
]'
-- 8. 動作確認
curl -v -X GET https://xxxxxxxxxxxxxx.cloudfront.net/index.html
→ 200
curl -v -X GET http://alb01-00000000.ap-northeast-1.elb.amazonaws.com/index.html
→ 403 Forbidden
curl -v -X GET -H 'X-HOGE:header01' http://alb01-00000000.ap-northeast-1.elb.amazonaws.com/index.html
→ 200
-- 9. クリーンアップ
-- ディストリビューションの無効化
aws cloudfront get-distribution \
--id AAAAAAAAAAAAAA
aws cloudfront get-distribution-config \
--id AAAAAAAAAAAAAA
※ distribution.jsonはget-distribution-configコマンドのDistributionConfigから取得し、Enabledをfalseに変更する
aws cloudfront get-distribution-config \
--id AAAAAAAAAAAAAA | jq -r .DistributionConfig > distribution.json
sed -i 's/"Enabled": true/"Enabled": false/' distribution.json
aws cloudfront get-distribution-config \
--id AAAAAAAAAAAAAA | jq -r .ETag
aws cloudfront update-distribution \
--id AAAAAAAAAAAAAA \
--if-match BBBBBBBBBBBBBB \
--distribution-config file://distribution.json
※ if-matchにはETagの値をセット
無効化されるまで待つ
-- ディストリビューションの削除
aws cloudfront get-distribution \
--id AAAAAAAAAAAAAA
aws cloudfront get-distribution-config \
--id AAAAAAAAAAAAAA
aws cloudfront get-distribution-config \
--id AAAAAAAAAAAAAA | jq -r .ETag
aws cloudfront delete-distribution \
--id AAAAAAAAAAAAAA \
--if-match CCCCCCCCCCCCCC
aws cloudfront list-distributions
-- リスナーの削除
aws elbv2 describe-listeners \
--load-balancer-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:loadbalancer/app/alb01/6666666666666666
aws elbv2 delete-listener \
--listener-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:listener/app/alb01/6666666666666666/7777777777777777
-- ターゲットグループの削除
aws elbv2 describe-target-groups
aws elbv2 deregister-targets \
--target-group-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:targetgroup/target01/555555555555555 \
--targets Id=i-00000000000000000
aws elbv2 delete-target-group \
--target-group-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:targetgroup/target01/555555555555555
-- ロードバランサーの削除
aws elbv2 describe-load-balancers
aws elbv2 delete-load-balancer \
--load-balancer-arn arn:aws:elasticloadbalancing:ap-northeast-1:999999999999:loadbalancer/app/alb01/6666666666666666
-- EC2インスタンスの削除
aws ec2 describe-instances
aws ec2 terminate-instances --instance-ids i-00000000000000000
