ablog

不器用で落着きのない技術者のメモ

Redshift にRedshift-managed VPCE 経由で接続した場合の stl_connection_log.remotehost に接続元ホストの IP アドレスが入るか

結論としてはリモートホストの IP アドレスが入ることを確認した。

通常のエンドポイントと VPCE 経由の両方で接続する

  • 通常のクラスターエンドポイントから接続して、クエリを発行、切断する。
[ec2-user@ip-172-31-0-101 ~]$ curl http://169.254.169.254/latest/meta-data/hostname
ip-172-31-0-101.ap-northeast-1.compute.internal
[ec2-user@ip-172-31-0-101 ~]$ psql "host=redshift-cluster-poc-central.********.ap-northeast-1.redshift.amazonaws.com user=awsuser dbname=dev port=5439"
psql (13.7, server 8.0.2)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
Type "help" for help.

dev=# select now();
              now
-------------------------------
 2024-06-20 02:32:06.687504+00
(1 row)

dev=# \q
  • Redshift-managed VPC endpoint から接続して、クエリを発行、切断する。
[ec2-user@ip-172-17-3-212 ~]$ curl http://169.254.169.254/latest/meta-data/hostname
ip-172-17-3-212.ap-northeast-1.compute.internal
[ec2-user@ip-172-17-3-212 ~]$ psql "host=rs-vpce-poc-central-public-endpoint-kzi2t4cottw7qieudolz.********.ap-northeast-1.redshift.amazonaws.com user=awsuser dbname=dev port=5439"
psql (13.7, server 8.0.2)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
Type "help" for help.

dev=# select now();
              now
-------------------------------
 2024-06-20 02:33:08.027258+00
(1 row)

dev=# \q

STL_CONNECTION_LOG の remotehost 列を確認する。

ev=# select top 10 event,recordtime,remotehost,remoteport,dbname,username,authmethod from STL_CONNECTION_LOG where remotehost not in ('127.0.0.1', '[local]') orderby recordtime desc;
-[ RECORD 1 ]--------------------------------------------------
event      | disconnecting session
recordtime | 2024-06-20 02:33:09.818793
remotehost | ::ffff:172.17.3.212
remoteport | 33218
dbname     | dev
username   | awsuser
authmethod | password
-[ RECORD 2 ]--------------------------------------------------
event      | set application_name
recordtime | 2024-06-20 02:32:50.64765
remotehost | ::ffff:172.17.3.212
remoteport | 33218
dbname     | dev
username   | awsuser
authmethod | password
-[ RECORD 3 ]--------------------------------------------------
event      | initiating session
recordtime | 2024-06-20 02:32:50.647539
remotehost | ::ffff:172.17.3.212
remoteport | 33218
dbname     | dev
username   | awsuser
authmethod | password
-[ RECORD 4 ]--------------------------------------------------
event      | authenticated
recordtime | 2024-06-20 02:32:50.647434
remotehost | ::ffff:172.17.3.212 ★別VPCのEC2から Redshift-managed VPCE 経由接続した場合、接続元 EC2 のプライベートIPが記録されている
remoteport | 33218
dbname     | dev
username   | awsuser
authmethod | password
-[ RECORD 5 ]--------------------------------------------------
event      | disconnecting session
recordtime | 2024-06-20 02:32:12.746419
remotehost | ::ffff:172.31.0.101 ★同一VPC内のEC2から接続した場合、接続元EC2のプライベートIPが記録されている
remoteport | 52836
dbname     | dev
username   | awsuser
authmethod | password
-[ RECORD 6 ]--------------------------------------------------
event      | set application_name
recordtime | 2024-06-20 02:32:02.845983
remotehost | ::ffff:172.31.0.101
remoteport | 52836
dbname     | dev
username   | awsuser
authmethod | password
-[ RECORD 7 ]--------------------------------------------------
event      | initiating session
recordtime | 2024-06-20 02:32:02.84587
remotehost | ::ffff:172.31.0.101
remoteport | 52836
dbname     | dev
username   | awsuser
authmethod | password
-[ RECORD 8 ]--------------------------------------------------
event      | authenticated
recordtime | 2024-06-20 02:32:02.845774
remotehost | ::ffff:172.31.0.101
remoteport | 52836
dbname     | dev
username   | awsuser
authmethod | password
-[ RECORD 9 ]--------------------------------------------------
event      | disconnecting session
recordtime | 2024-06-20 02:31:36.468434
remotehost | ::ffff:172.31.0.101
remoteport | 42932
dbname     | dev
username   | awsuser
authmethod | password
-[ RECORD 10 ]-------------------------------------------------
event      | set application_name
recordtime | 2024-06-20 02:31:31.169609
remotehost | ::ffff:172.31.0.101
remoteport | 42932
dbname     | dev
username   | awsuser
authmethod | password