結論としてはリモートホストの IP アドレスが入ることを確認した。
通常のエンドポイントと VPCE 経由の両方で接続する
- 通常のクラスターエンドポイントから接続して、クエリを発行、切断する。
[ec2-user@ip-172-31-0-101 ~]$ curl http://169.254.169.254/latest/meta-data/hostname ip-172-31-0-101.ap-northeast-1.compute.internal [ec2-user@ip-172-31-0-101 ~]$ psql "host=redshift-cluster-poc-central.********.ap-northeast-1.redshift.amazonaws.com user=awsuser dbname=dev port=5439" psql (13.7, server 8.0.2) SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off) Type "help" for help. dev=# select now(); now ------------------------------- 2024-06-20 02:32:06.687504+00 (1 row) dev=# \q
- Redshift-managed VPC endpoint から接続して、クエリを発行、切断する。
[ec2-user@ip-172-17-3-212 ~]$ curl http://169.254.169.254/latest/meta-data/hostname ip-172-17-3-212.ap-northeast-1.compute.internal [ec2-user@ip-172-17-3-212 ~]$ psql "host=rs-vpce-poc-central-public-endpoint-kzi2t4cottw7qieudolz.********.ap-northeast-1.redshift.amazonaws.com user=awsuser dbname=dev port=5439" psql (13.7, server 8.0.2) SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off) Type "help" for help. dev=# select now(); now ------------------------------- 2024-06-20 02:33:08.027258+00 (1 row) dev=# \q
STL_CONNECTION_LOG の remotehost 列を確認する。
ev=# select top 10 event,recordtime,remotehost,remoteport,dbname,username,authmethod from STL_CONNECTION_LOG where remotehost not in ('127.0.0.1', '[local]') orderby recordtime desc; -[ RECORD 1 ]-------------------------------------------------- event | disconnecting session recordtime | 2024-06-20 02:33:09.818793 remotehost | ::ffff:172.17.3.212 remoteport | 33218 dbname | dev username | awsuser authmethod | password -[ RECORD 2 ]-------------------------------------------------- event | set application_name recordtime | 2024-06-20 02:32:50.64765 remotehost | ::ffff:172.17.3.212 remoteport | 33218 dbname | dev username | awsuser authmethod | password -[ RECORD 3 ]-------------------------------------------------- event | initiating session recordtime | 2024-06-20 02:32:50.647539 remotehost | ::ffff:172.17.3.212 remoteport | 33218 dbname | dev username | awsuser authmethod | password -[ RECORD 4 ]-------------------------------------------------- event | authenticated recordtime | 2024-06-20 02:32:50.647434 remotehost | ::ffff:172.17.3.212 ★別VPCのEC2から Redshift-managed VPCE 経由接続した場合、接続元 EC2 のプライベートIPが記録されている remoteport | 33218 dbname | dev username | awsuser authmethod | password -[ RECORD 5 ]-------------------------------------------------- event | disconnecting session recordtime | 2024-06-20 02:32:12.746419 remotehost | ::ffff:172.31.0.101 ★同一VPC内のEC2から接続した場合、接続元EC2のプライベートIPが記録されている remoteport | 52836 dbname | dev username | awsuser authmethod | password -[ RECORD 6 ]-------------------------------------------------- event | set application_name recordtime | 2024-06-20 02:32:02.845983 remotehost | ::ffff:172.31.0.101 remoteport | 52836 dbname | dev username | awsuser authmethod | password -[ RECORD 7 ]-------------------------------------------------- event | initiating session recordtime | 2024-06-20 02:32:02.84587 remotehost | ::ffff:172.31.0.101 remoteport | 52836 dbname | dev username | awsuser authmethod | password -[ RECORD 8 ]-------------------------------------------------- event | authenticated recordtime | 2024-06-20 02:32:02.845774 remotehost | ::ffff:172.31.0.101 remoteport | 52836 dbname | dev username | awsuser authmethod | password -[ RECORD 9 ]-------------------------------------------------- event | disconnecting session recordtime | 2024-06-20 02:31:36.468434 remotehost | ::ffff:172.31.0.101 remoteport | 42932 dbname | dev username | awsuser authmethod | password -[ RECORD 10 ]------------------------------------------------- event | set application_name recordtime | 2024-06-20 02:31:31.169609 remotehost | ::ffff:172.31.0.101 remoteport | 42932 dbname | dev username | awsuser authmethod | password