今回はVPNの設定。
書籍通りOpenVPNで環境構築。1. セキュリティグループの設定
UDP 1194ポートを解放する。
2. OpenVPNのインストール
ubuntu@chopper:~$ sudo apt-get install -y openvpn
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
liblzo2-2 libpkcs11-helper1
Suggested packages:
easy-rsa
The following NEW packages will be installed:
liblzo2-2 libpkcs11-helper1 openvpn
0 upgraded, 3 newly installed, 0 to remove and 4 not upgraded.
Need to get 469 kB of archives.
After this operation, 1,339 kB of additional disk space will be used.
Get:1 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu/ trusty-updates/main liblzo2-2 amd64 2.06-1.2ubuntu1.1 [46.1 kB]
Get:2 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu/ trusty/main libpkcs11-helper1 amd64 1.11-1 [42.2 kB]
Get:3 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu/ trusty/main openvpn amd64 2.3.2-7ubuntu3 [380 kB]
Fetched 469 kB in 0s (1,027 kB/s)
Preconfiguring packages ...
Selecting previously unselected package liblzo2-2:amd64.
(Reading database ... 51108 files and directories currently installed.)
Preparing to unpack .../liblzo2-2_2.06-1.2ubuntu1.1_amd64.deb ...
Unpacking liblzo2-2:amd64 (2.06-1.2ubuntu1.1) ...
Selecting previously unselected package libpkcs11-helper1:amd64.
Preparing to unpack .../libpkcs11-helper1_1.11-1_amd64.deb ...
Unpacking libpkcs11-helper1:amd64 (1.11-1) ...
Selecting previously unselected package openvpn.
Preparing to unpack .../openvpn_2.3.2-7ubuntu3_amd64.deb ...
Unpacking openvpn (2.3.2-7ubuntu3) ...
Processing triggers for man-db (2.6.7.1-1) ...
Processing triggers for ureadahead (0.100.0-16) ...
Setting up liblzo2-2:amd64 (2.06-1.2ubuntu1.1) ...
Setting up libpkcs11-helper1:amd64 (1.11-1) ...
Setting up openvpn (2.3.2-7ubuntu3) ...
* Restarting virtual private network daemon(s)... * No VPN is running.
Processing triggers for libc-bin (2.19-0ubuntu6) ...
Processing triggers for ureadahead (0.100.0-16) ...
設定に必要なファイルをダウンロード。
ubuntu@chopper:~$ wget https://github.com/OpenVPN/easy-rsa/archive/release/2.x.zip
--2014-08-02 17:09:07-- https://github.com/OpenVPN/easy-rsa/archive/release/2.x.zip
Resolving github.com (github.com)... 192.30.252.130
Connecting to github.com (github.com)|192.30.252.130|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://codeload.github.com/OpenVPN/easy-rsa/zip/release/2.x [following]
--2014-08-02 17:09:08-- https://codeload.github.com/OpenVPN/easy-rsa/zip/release/2.x
Resolving codeload.github.com (codeload.github.com)... 192.30.252.145
Connecting to codeload.github.com (codeload.github.com)|192.30.252.145|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/zip]
Saving to: ‘2.x.zip’
[ <=> ] 47,064 100KB/s in 0.5s
2014-08-02 17:09:09 (100 KB/s) - ‘2.x.zip’ saved [47064]
ubuntu@chopper:~$ ls
2.x.zip
ubuntu@chopper:~$ sudo apt-get install -y unzip
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
zip
The following NEW packages will be installed:
unzip
0 upgraded, 1 newly installed, 0 to remove and 4 not upgraded.
Need to get 193 kB of archives.
After this operation, 390 kB of additional disk space will be used.
Get:1 http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu/ trusty/main unzip amd64 6.0-9ubuntu1 [193 kB]
Fetched 193 kB in 0s (3,367 kB/s)
Selecting previously unselected package unzip.
(Reading database ... 51192 files and directories currently installed.)
Preparing to unpack .../unzip_6.0-9ubuntu1_amd64.deb ...
Unpacking unzip (6.0-9ubuntu1) ...
Processing triggers for mime-support (3.54ubuntu1) ...
Processing triggers for man-db (2.6.7.1-1) ...
Setting up unzip (6.0-9ubuntu1) ...
ubuntu@chopper:~$ unzip -d 2.x 2.x.zip
rootユーザで必要なファイルをコピー
root@chopper:/home/ubuntu# mkdir /etc/openvpn/easy-rsa
root@chopper:/home/ubuntu# ls
2.x 2.x.zip
root@chopper:/home/ubuntu# pwd
/home/ubuntu
root@chopper:/home/ubuntu# cd 2.x
2.x/ 2.x.zip
root@chopper:/home/ubuntu# cd 2.x
root@chopper:/home/ubuntu/2.x# ls
easy-rsa-release-2.x
root@chopper:/home/ubuntu/2.x# cd easy-rsa-release-2.x/
root@chopper:/home/ubuntu/2.x/easy-rsa-release-2.x# ls
configure.ac COPYING COPYRIGHT.GPL distro doc easy-rsa Makefile.am README
root@chopper:/home/ubuntu/2.x/easy-rsa-release-2.x# cd easy-rsa/
root@chopper:/home/ubuntu/2.x/easy-rsa-release-2.x/easy-rsa# ls
2.0 Windows
root@chopper:/home/ubuntu/2.x/easy-rsa-release-2.x/easy-rsa# cd 2.0/
root@chopper:/home/ubuntu/2.x/easy-rsa-release-2.x/easy-rsa/2.0# ls
build-ca build-key-pkcs12 inherit-inter pkitool whichopensslcnf
build-dh build-key-server list-crl revoke-full
build-inter build-req openssl-0.9.6.cnf sign-req
build-key build-req-pass openssl-0.9.8.cnf sign-server-req
build-key-pass clean-all openssl-1.0.0.cnf vars
root@chopper:/home/ubuntu/2.x/easy-rsa-release-2.x/easy-rsa/2.0# cp -r * /etc/openvpn/easy-rsa/
root@chopper:/home/ubuntu# mkdir /etc/openvpn/easy-rsa
root@chopper:/home/ubuntu# ls
2.x 2.x.zip
root@chopper:/home/ubuntu# pwd
/home/ubuntu
root@chopper:/home/ubuntu# cd 2.x
2.x/ 2.x.zip
root@chopper:/home/ubuntu# cd 2.x
root@chopper:/home/ubuntu/2.x# ls
easy-rsa-release-2.x
root@chopper:/home/ubuntu/2.x# cd easy-rsa-release-2.x/
root@chopper:/home/ubuntu/2.x/easy-rsa-release-2.x# ls
configure.ac COPYING COPYRIGHT.GPL distro doc easy-rsa Makefile.am README
root@chopper:/home/ubuntu/2.x/easy-rsa-release-2.x# cd easy-rsa/
root@chopper:/home/ubuntu/2.x/easy-rsa-release-2.x/easy-rsa# ls
2.0 Windows
root@chopper:/home/ubuntu/2.x/easy-rsa-release-2.x/easy-rsa# cd 2.0/
root@chopper:/home/ubuntu/2.x/easy-rsa-release-2.x/easy-rsa/2.0# ls
build-ca build-key-pkcs12 inherit-inter pkitool whichopensslcnf
build-dh build-key-server list-crl revoke-full
build-inter build-req openssl-0.9.6.cnf sign-req
build-key build-req-pass openssl-0.9.8.cnf sign-server-req
build-key-pass clean-all openssl-1.0.0.cnf vars
root@chopper:/home/ubuntu/2.x/easy-rsa-release-2.x/easy-rsa/2.0# cp -r * /etc/openvpn/easy-rsa/
/etc/openvpn/easy-rsa/varsの修正
root@chopper:/etc/openvpn/easy-rsa# diff vars vars.org
64,68c64,68
< export KEY_COUNTRY="JP"
< export KEY_PROVINCE=“XXXXXX-ken"
< export KEY_CITY=“XXXXXXX-shi"
< export KEY_ORG=“XXXXXXX"
< export KEY_EMAIL=“XXXXXXXXXXXXXXXXX"
---
> export KEY_COUNTRY="US"
> export KEY_PROVINCE="CA"
> export KEY_CITY="SanFrancisco"
> export KEY_ORG="Fort-Funston"
> export KEY_EMAIL="me@myhost.mydomain"
CA認証鍵ペア(公開鍵/秘密鍵)の作成
root@chopper:/etc/openvpn/easy-rsa# ./clean-all
root@chopper:/etc/openvpn/easy-rsa# ./build-ca
Generating a 2048 bit RSA private key
..................................................................+++
..............................................................................................+++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [JP]:
State or Province Name (full name) [XXXXXX-ken]:
Locality Name (eg, city) [XXXXXXX-shi]:
Organization Name (eg, company) [XXXXXXX]:
Organizational Unit Name (eg, section) [MyOrganizationalUnit]:.
Common Name (eg, your name or your server's hostname) [XXXXXXX CA]:.
Name [EasyRSA]:XXXXXXXXXXXX
Email Address [XXXXXXXXX@gmail.com]:
作成されたか確認
root@chopper:/etc/openvpn/easy-rsa# ls -la keys
total 20
drwx------ 2 root root 4096 Aug 2 17:20 .
drwxr-xr-x 3 root root 4096 Aug 2 17:19 ..
-rw-r--r-- 1 root root 1639 Aug 2 17:20 ca.crt
-rw------- 1 root root 1704 Aug 2 17:20 ca.key
-rw-r--r-- 1 root root 0 Aug 2 17:19 index.txt
-rw-r--r-- 1 root root 3 Aug 2 17:19 serial
サーバー認証鍵ペア(公開鍵/秘密鍵)の作成
サーバー認証鍵の名前:kizaru
root@chopper:/etc/openvpn/easy-rsa# ./build-key-server kizaru
Generating a 2048 bit RSA private key
..................+++
..................................................................................................................+++
writing new private key to 'kizaru.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [JP]:
State or Province Name (full name) [XXXXXXX-ken]:
Locality Name (eg, city) [XXXXXXX-shi]:
Organization Name (eg, company) [XXXXXXX]:
Organizational Unit Name (eg, section) [MyOrganizationalUnit]:.
Common Name (eg, your name or your server's hostname) [kizaru]:
Name [EasyRSA]:XXXXXXXXXXXXXX
Email Address [XXXXXXXXXXX@gmail.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:.
An optional company name []:.
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'JP'
stateOrProvinceName :PRINTABLE:’XXXXXXXXXXX'
localityName :PRINTABLE:’XXXXXXXXXXX'
organizationName :PRINTABLE:’XXXXXX'
commonName :PRINTABLE:’XXXXXX'
name :PRINTABLE:’XXXXXXXXXXXXXXXXX'
emailAddress :IA5STRING:’XXXXXXXXX@gmail.com'
Certificate is to be certified until Jul 30 08:25:29 2024 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
root@chopper:/etc/openvpn/easy-rsa# ls -la keys
total 56
drwx------ 2 root root 4096 Aug 2 17:25 .
drwxr-xr-x 3 root root 4096 Aug 2 17:19 ..
-rw-r--r-- 1 root root 5410 Aug 2 17:25 01.pem
-rw-r--r-- 1 root root 1639 Aug 2 17:20 ca.crt
-rw------- 1 root root 1704 Aug 2 17:20 ca.key
-rw-r--r-- 1 root root 138 Aug 2 17:25 index.txt
-rw-r--r-- 1 root root 21 Aug 2 17:25 index.txt.attr
-rw-r--r-- 1 root root 0 Aug 2 17:19 index.txt.old
-rw-r--r-- 1 root root 5410 Aug 2 17:25 kizaru.crt
-rw-r--r-- 1 root root 1074 Aug 2 17:25 kizaru.csr
-rw------- 1 root root 1704 Aug 2 17:25 kizaru.key
-rw-r--r-- 1 root root 3 Aug 2 17:25 serial
-rw-r--r-- 1 root root 3 Aug 2 17:19 serial.old
ディフィー・ヘルマン(Diffie Hellman)パラメータを生成
http://ja.wikipedia.org/wiki/ディフィー・ヘルマン鍵共有
root@chopper:/etc/openvpn/easy-rsa# ./build-dh
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
...............................................................................................................................................................................................................................................................................................................+.....................................................................................................................................+...........................................................................................................................................................+............................................+.............................................................................................................................................................+........................................................................+...................................................................+..+..............................................+.................................................................................................................+.........................................+...............................................................................................................................................................+.......................................................................................................................+.........................+........................................................................+............+.+.................................................................................................................................................................................................................................................+......++*++*
root@chopper:/etc/openvpn/easy-rsa# ls -la keys
total 60
drwx------ 2 root root 4096 Aug 2 17:29 .
drwxr-xr-x 3 root root 4096 Aug 2 17:19 ..
-rw-r--r-- 1 root root 5410 Aug 2 17:25 01.pem
-rw-r--r-- 1 root root 1639 Aug 2 17:20 ca.crt
-rw------- 1 root root 1704 Aug 2 17:20 ca.key
-rw-r--r-- 1 root root 424 Aug 2 17:29 dh2048.pem
-rw-r--r-- 1 root root 138 Aug 2 17:25 index.txt
-rw-r--r-- 1 root root 21 Aug 2 17:25 index.txt.attr
-rw-r--r-- 1 root root 0 Aug 2 17:19 index.txt.old
-rw-r--r-- 1 root root 5410 Aug 2 17:25 kizaru.crt
-rw-r--r-- 1 root root 1074 Aug 2 17:25 kizaru.csr
-rw------- 1 root root 1704 Aug 2 17:25 kizaru.key
-rw-r--r-- 1 root root 3 Aug 2 17:25 serial
-rw-r--r-- 1 root root 3 Aug 2 17:19 serial.old
各ファイルを「/etc/openvpn」へコピー
root@chopper:/etc/openvpn/easy-rsa# cd keys
root@chopper:/etc/openvpn/easy-rsa/keys# ls
01.pem ca.key index.txt index.txt.old kizaru.csr serial
ca.crt dh2048.pem index.txt.attr kizaru.crt kizaru.key serial.old
root@chopper:/etc/openvpn/easy-rsa/keys# cp ca.crt kizaru.crt kizaru.key dh2048.pem /etc/openvpn
サーバーコンフィグレーションファイルの設定
root@chopper:/usr/share/doc/openvpn/examples/sample-config-files# cp server.conf.gz /etc/openvpn/
root@chopper:/usr/share/doc/openvpn/examples/sample-config-files# cd /etc/openvpn/
root@chopper:/etc/openvpn# ls
ca.crt dh2048.pem easy-rsa kizaru.crt kizaru.key server.conf.gz update-resolv-conf
root@chopper:/etc/openvpn# gunzip server.conf.gz
root@chopper:/etc/openvpn# ls
ca.crt dh2048.pem easy-rsa kizaru.crt kizaru.key server.conf update-resolv-conf
root@chopper:/etc/openvpn# cp -p server.conf server.conf.org
root@chopper:/etc/openvpn# vi server.conf
root@chopper:/etc/openvpn# diff server.conf server.conf.org
79,80c79,80
< cert kizaru.crt
< key kizaru.key # This file should be kept secret
---
> cert server.crt
> key server.key # This file should be kept secret
87c87
< dh dh2048.pem
---
> dh dh1024.pem
204c204
< client-to-client
---
> ;client-to-client
OpenVPNサーバーの起動&確認
root@chopper:/etc/openvpn# /etc/init.d/openvpn start
* Starting virtual private network daemon(s)... * Autostarting VPN 'server' root@chopper:/etc/openvpn# ifconfig
eth0 Link encap:Ethernet HWaddr 06:91:33:6c:2d:c4
inet addr:XXX.XXX.XXX.XXX Bcast:XXX.XXX.XXX.XXX Mask:255.255.240.0
inet6 addr: XXXX::XXX:XXXX:XXXX:XXXX/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:9001 Metric:1
RX packets:6799 errors:0 dropped:0 overruns:0 frame:0
TX packets:4882 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1156820 (1.1 MB) TX bytes:587391 (587.3 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:XXX.XXX.XXX.XXX P-t-P:XXX.XXX.XXX.XXX Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
サーバー側でクライアントの認証鍵ペアを作成
Mac Book Air 用のペアの名前を「pair_mba」とする。
root@chopper:/etc/openvpn/easy-rsa# ./build-key pair_mba
Generating a 2048 bit RSA private key
........................................................................................................................+++
..........................+++
writing new private key to 'pair_mba.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [JP]:
State or Province Name (full name) [XXXXXX-ken]:
Locality Name (eg, city) [XXXXXXX-shi]:
Organization Name (eg, company) [XXXXXX]:
Organizational Unit Name (eg, section) [MyOrganizationalUnit]:.
Common Name (eg, your name or your server's hostname) [pair_mba]:
Name [EasyRSA]:XXXXXXXXXXX
Email Address [XXXXXXXXXXX@gmail.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:.
An optional company name []:.
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'JP'
stateOrProvinceName :PRINTABLE:’XXXXXXXXXXXX'
localityName :PRINTABLE:’XXXXXXXXXXXX'
organizationName :PRINTABLE:’XXXXXXX'
commonName :T61STRING:’XXXXXXXX'
name :PRINTABLE:’XXXXXXXXXXXXXXX'
emailAddress :IA5STRING:’XXXXXXXXX@gmail.com'
Certificate is to be certified until Jul 30 08:44:22 2024 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
作成したCA公開鍵と各認証鍵ペアを「/home/ubuntu」へコピーし所有者変更
root@chopper:/etc/openvpn/easy-rsa/keys# cp ca.crt pair_mba.crt pair_mba.key ~ubuntu
root@chopper:/etc/openvpn/easy-rsa/keys# cd ~ubuntu/
root@chopper:/home/ubuntu# ls
2.x 2.x.zip ca.crt pair_mba.crt pair_mba.key
root@chopper:/home/ubuntu# chown ubuntu:ubuntu ca.crt pair_mba.*
3. VPNクライアントの導入
書籍ではUbuntuとWindowsで行っていた為、MBAから接続する為に以下サイトを参考
http://blog.suz-lab.com/2012/09/mac108centos63openvpnvpn.html
MBA側にCA公開鍵と各認証鍵ペアをリモートコピー
$ scp -i coby.pem ubuntu@IPアドレス:~ubuntu/ca.crt .
ca.crt 100% 1639 1.6KB/s 00:00
$ scp -i coby.pem ubuntu@IPアドレス:~ubuntu/pair_mba.* .
pair_mba.crt 100% 5295 5.2KB/s 00:00
pair_mba.key 100% 1708 1.7KB/s 00:00
クライアント設定に必要なコンフィグレーションファイルをリモートコピー
$ scp -i coby.pem ubuntu@IPアドレス:/usr/share/doc/openvpn/examples/sample-config-files/client.conf .
client.conf 100% 3427 3.4KB/s 00:00
$ ls
ca.crt coby.pem pair_mba.crt
client.conf junichi.pem pair_mba.key
編集
$ diff client.conf client.conf.org
42c42
< remote IPアドレス
---
> remote my-server-1 1194
89,90c89,90
< cert pair_mba.crt
< key pair_mba.key
---
> cert client.crt
> key client.key
ユーザルートのLibrary/openvpn配下に各ファイルをコピー
$ cp /Users/{ユーザ名}/Documents/develop/AWS/ca.crt .
$ cp /Users/{ユーザ名}/Documents/develop/AWS/pair_mba.* .
$ cp /Users/{ユーザ名}/Documents/develop/AWS/client.conf .
$ ls
ca.crt client.conf pair_mba.crt pair_mba.key
Tunnelblickを起動し接続
クライアント側接続確認
$ ifconfig tun0
tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet XX.X.X.X --> XX.X.X.X netmask 0xffffffff
open (pid 12770)
$ ping -c3 サーバIP
PING サーバIP (サーバIP): 56 data bytes
64 bytes from サーバIP: icmp_seq=0 ttl=64 time=30.420 ms
64 bytes from サーバIP: icmp_seq=1 ttl=64 time=31.279 ms
64 bytes from サーバIP: icmp_seq=2 ttl=64 time=31.343 ms
--- サーバIP ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 30.420/31.014/31.343/0.421 ms
サーバー側接続確認
ubuntu@chopper:~$ ping -c3 IPアドレス
PING IPアドレス (IPアドレス) 56(84) bytes of data.
64 bytes from IPアドレス: icmp_seq=1 ttl=64 time=29.0 ms
64 bytes from IPアドレス: icmp_seq=2 ttl=64 time=29.0 ms
64 bytes from IPアドレス: icmp_seq=3 ttl=64 time=135 ms
--- IPアドレス ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 29.006/64.608/135.766/50.316 ms
VPN経由でsshログイン
$ ssh -i coby.pem ubuntu@IPアドレス
ubuntu@chopper:~$
大丈夫そう^^とりあえず双方で接続はでけた^^
ただ固定IPふってないからインスタンスを再起動する度にクライアント側の設定ファイルを変更しないといけないorz
次回はVPCへ・・・
I like your blog, I read this blog please update more content on hacking, further check it once at AWS Online Training
返信削除