vpc 피어링
IAM role
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SecretsManagerAccess",
"Effect": "Allow",
"Action": ["secretsmanager:GetSecretValue"],
"Resource": ["arn:aws:secretsmanager:ap-northeast-2:781729906178:secret:/secret/db-*"]
},
{
"Sid": "KMSDecryptAccess",
"Effect": "Allow",
"Action": ["kms:Decrypt"],
"Resource": ["지한님이_생성한_KMS_CMK_ARN"]
},
{
"Sid": "CloudWatchLogsAccess",
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams"
],
"Resource": [
"arn:aws:logs:ap-northeast-2:781729906178:log-group:/worldpay/user-api*",
"arn:aws:logs:ap-northeast-2:781729906178:log-group:/worldpay/user-api/*:*"
]
}
]
}
Ec2 temp
#!/bin/bash
# 1. 패키지 설치
yum update -y
yum install -y python3 python3-pip amazon-cloudwatch-agent
# 2. 앱 다운로드 (S3 경로 등 지한님의 환경에 맞게 수정)
mkdir -p /home/ec2-user/app
# 예시: aws s3 cp s3://your-bucket/app.py /home/ec2-user/app/main.py
# 현재 지한님의 파일명은 app.py이므로 main.py로 이름을 바꿔 저장하거나 실행 시 파일명을 맞추세요.
# 3. 라이브러리 설치
pip3 install fastapi uvicorn boto3 sqlalchemy pymysql passlib[bcrypt] pydantic[email]
# 4. systemd 서비스 등록 (백그라운드 실행 및 자동 재시작)
cat <<EOF > /etc/systemd/system/worldpay.service
[Unit]
Description=WorldPay User API
After=network.target
[Service]
User=ec2-user
WorkingDirectory=/home/ec2-user/app
# 표준 출력을 로그 파일로 남겨 CloudWatch Agent가 수집하게 함
ExecStart=/bin/bash -c "/usr/local/bin/uvicorn app:app --host 0.0.0.0 --port 8000 >> /home/ec2-user/app/app.log 2>&1"
Restart=always
[Install]
WantedBy=multi-user.target
EOF
# 5. 서비스 시작
systemctl daemon-reload
systemctl enable worldpay
systemctl start worldpay
과제 IAM role
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SecretsManagerAccess",
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:ListSecrets",
"secretsmanager:DescribeSecret"
],
"Resource": [
"arn:aws:secretsmanager:ap-northeast-2:781729906178:secret:rds!cluster-cb882aff-7168-4697-ba7d-024b8ed1f35b-*"
]
},
{
"Sid": "KMSDecryptAccess",
"Effect": "Allow",
"Action": [
"kms:Decrypt",
"kms:DescribeKey"
],
"Resource": [
"arn:aws:kms:ap-northeast-2:781729906178:key/5ff45da6-1f43-42f2-b18a-13d79cdecb88"
]
},
{
"Sid": "CloudWatchLogsAccess",
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams"
],
"Resource": [
"arn:aws:logs:ap-northeast-2:781729906178:log-group:/worldpay/user-api*"
]
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue"
],
"Resource": [
"arn:aws:secretsmanager:ap-northeast-2:781729906178:secret:/secret/db-*"
]
},
{
"Effect": "Allow",
"Action": [
"kms:Decrypt"
],
"Resource": [
"arn:aws:kms:ap-northeast-2:781729906178:key/5ff45da6-1f43-42f2-b18a-13d79cdecb88"
]
}
]
}