aws waf sql注入_适用于快速SQL Server Always On部署的AWS启动向导

aws waf sql注入

SQL Server Always On is a high-availability and disaster recovery solution. We can use multiple secondary replicas for configuring database backups, redirect read requests to offload primary instance load.

SQL Server Always On是一种高可用性和灾难恢复解决方案。 我们可以使用多个辅助副本来配置数据库备份，重定向读取请求以减轻主要实例的负载。

For on-premises infrastructure, you can follow articles here, AlwaysOn Availability Groups, and configure SQL Server always-on functionality.

对于本地基础结构，您可以按照此处的文章AlwaysOn可用性组进行配置，并配置SQL Server永远在线功能。

In the AWS cloud, the overall logic remains the same; however, you need to use AWS resources to deploy Virtual machine, networking component, domain controller, failover clustering configurations. It is a multi-level task to build SQL Server Always On from scratch. You might face difficulty in deploying these solutions, and you might forget a few steps in the configuration.

在AWS云中，总体逻辑保持不变； 但是，您需要使用AWS资源来部署虚拟机，网络组件，域控制器，故障转移群集配置。 从头开始构建SQL Server Always On是一项多级任务。 您可能会在部署这些解决方案时遇到困难，并且可能会忘记配置中的几个步骤。

Looking at these issues, Amazon provided an AWS Launch Wizard to deploy, configure SQL Server Always on in a single step. It also follows the best practices for AWS database solutions. It improves productivity, reduces the time, and less human intervention eliminates error chances as well. AWS Launch Wizard requires specific inputs such as the number of nodes, their compute capacity, connectivity. It also gives you a monthly estimate for using all resources deployed by the launch wizards. You can make instant changes in the resources based on their cost and approve configuration for AWS to deploy them automatically. It also works as a CloudFormation template that you can reuse to deploy resources anytime later.

着眼于这些问题，Amazon提供了一个AWS启动向导 ，可在一个步骤中部署，配置SQL Server Always On。 它还遵循AWS数据库解决方案的最佳实践。 它提高了生产率，减少了时间，并且更少的人工干预也消除了错误机会。 AWS Launch Wizard需要特定输入，例如节点数，它们的计算能力，连接性。 它还为您提供了使用启动向导部署的所有资源的每月预算。 您可以根据资源的成本对资源进行即时更改，并批准配置以供AWS自动部署。 它还可用作CloudFormation模板，您可以在以后随时重用以部署资源。

要求 (Requirements)

• AWS launch wizard uses the Windows server 2019/2016/2002 R2 operating system for underlying resources
  AWS启动向导将Windows Server 2019/2016/2002 R2操作系统用于基础资源
• We can deploy Microsoft SQL Server 2019/2017/2016 versions
  我们可以部署Microsoft SQL Server 2019/2017/2016版本

Let’s explore the configuration of the SQL Server always on using AWS Launch wizard.

让我们始终使用AWS Launch Wizard探索SQL Server的配置。

适用于SQL Server的AWS Launch Wizard配置始终保持开启 (AWS Launch Wizard configuration for SQL Server Always On)

You can use the following two ways to open the AWS launch wizard.

您可以使用以下两种方式打开AWS启动向导。

• Search for Launch Wizard in the AWS services, as shown below
  在AWS服务中搜索启动向导，如下所示

• Alternatively, if we try to create a new EC2 instance and search for SQL related Amazon Machine Image(AMI), it gives you a hyperlink for AWS Launch Wizard

  另外，如果我们尝试创建一个新的EC2实例并搜索与SQL相关的Amazon Machine Image（AMI），它将为您提供AWS Launch Wizard的超链接。

  

In the welcome page, we get deployments options – MS SQL Server and SAP.

在欢迎页面中，我们获得了部署选项-MS SQL Server和SAP。

Click on the Create Deployment.

单击创建部署。

步骤1：选择应用程序 (Step 1: Choose application)

Select Microsoft SQL Server Always On.

选择“ Microsoft SQL Server始终打开”。

Scroll down, and you can see a default IAM role AmazonEC2RoleForLaunchWizard. AWS wizard uses this role permissions to deploy various AWS services on the user’s behalf. This IAM role uses AmazonSSMManagedInstanceCore and AmazonEC2RolePolicyForLaunchWizard IAM policies.

向下滚动，您可以看到默认的IAM角色AmazonEC2RoleForLaunchWizard。 AWS向导使用此角色权限代表用户部署各种AWS服务。 该IAM角色使用AmazonSSMManagedInstanceCore和AmazonEC2RolePolicyForLaunchWizard IAM策略。

You can click on the documentation link to get more information on this role.

您可以单击文档链接以获取有关此角色的更多信息。

步骤2：配置应用程序设置 (Step 2: Configure application settings)

部署名称 (Deployment name)

On the next page, specify a name for the deployment. You can use a maximum of 10 characters in the deployment name.

在下一页上，为部署指定名称。 部署名称中最多可以使用10个字符。

We must use alphanumeric characters for the deployment. You get the following error message in case of an invalid deployment name.

我们必须使用字母数字字符进行部署。 如果部署名称无效，则会收到以下错误消息。

I specify the deployment name – SQLShack. You can configure notifications using the Simple Notification Service(SNS), but it is an optional configuration. We can skip this step or click on the Create New SNS Topic for the notification settings.

我指定部署名称– SQLShack。 您可以使用简单通知服务（SNS）配置通知，但这是可选配置。 我们可以跳过此步骤，或单击“ 创建新的SNS主题”进行通知设置。

配置应用程序设置 (Configure application settings)

连接性 (Connectivity)

In the next part, we can create a new key pair or choose an existing key pair. Click on the Create new key pair name for new credentials. We use this key pair to connect with the AWS EC2 instances.

在下一部分中，我们可以创建一个新的密钥对或选择一个现有的密钥对。 单击“创建新密钥对名称”以获得新凭据。 我们使用此密钥对连接AWS EC2实例。

It takes you to the EC2 key pairs section. You can see the existing key pairs in your account. Click on Create key pair.

它带您到EC2密钥对部分。 您可以在帐户中看到现有的密钥对。 单击创建密钥对。

Specify a key pair name and file format. You should save the generated key pairs to a secure and safe location.

指定密钥对名称和文件格式。 您应该将生成的密钥对保存到安全的位置。

虚拟私有云（VPC） (Virtual Private Cloud (VPC))

AWS uses virtual private cloud (VPC) to define the networking components such as subnets, IP ranges. Your AWS resources become part of the VPC to communicate with each other. You can use the existing VPC or create a new VPC using this AWS Launch wizard.

AWS使用虚拟私有云（VPC）定义网络组件，例如子网，IP范围。 您的AWS资源成为VPC的一部分，可以彼此通信。 您可以使用现有的VPC或使用此AWS Launch向导创建新的VPC。

Select the VPC from the drop-down and its associated public subnet. You should be careful in the VPC and subnet configurations else it might end up in having communication issues between multiple AWS services. VPC must consist of one public and two private subnets.

从下拉列表及其关联的公共子网中选择VPC。 您在VPC和子网配置中应格外小心，否则最终可能会导致多个AWS服务之间出现通信问题。 VPC必须包含一个公共子网和两个私有子网。

Scroll down and select availability zones and their private subnets. If you use more than two nodes in always-on, you need to specify private subnets accordingly.

向下滚动并选择可用性区域及其专用子网。 如果始终在线使用两个以上的节点，则需要相应地指定专用子网。

Also, put a check on the public subnet has been set up. Each of the selected private subnets has outbound connectivity enabled.

此外，请检查已建立的公共子网。 每个选定的专用子网都启用了出站连接。

In the Remote Desktop Gateway access, select option Custom IP from the drop-down and specify a CIDR(Classless Inter-Domain Routing) block.

在“远程桌面网关”访问中，从下拉列表中选择选项“自定义IP”，然后指定CIDR（无类域间路由）块。

AWS托管的Microsoft Active Directory (AWS managed Microsoft Active directory)

We must join EC2 instances in an active directory domain for SQL Server always on. You get two options here.

我们必须在活动目录域中加入EC2实例，以使SQL Server始终处于打开状态。 您在这里有两个选择。

• Connect to existing active directory
  连接到现有的活动目录
• Create and connect to new AWS managed Microsoft AD
  创建并连接到新的AWS托管Microsoft AD

If you have used the VPC option Create new Virtual Private Cloud (VPC), then we must use the second option – Create and connect to new AWS managed Microsoft AD.

如果您使用了VPC选项创建新的虚拟私有云（VPC） ，那么我们必须使用第二个选项– 创建并连接到新的AWS托管Microsoft AD 。

If you select the option to create a new AWS managed Microsoft AD, specify the password for the default administrator user and required a fully qualified DNS name for the active directory.

如果您选择创建新的AWS管理的Microsoft AD的选项，请为默认管理员用户指定密码，并为活动目录要求完全限定的DNS名称。

We require a service account to run the SQL Services. In the new AWS managed Active directory, select to create a new SQL Server Service account.

我们需要一个服务帐户来运行SQL Services。 在新的AWS托管Active Directory中，选择以创建一个新SQL Server Service帐户。

Enter the required username for the service account. This account gets local admin and sysadmin fixed server role on each AG nodes. You should securely store the account credentials.

输入服务帐户所需的用户名。 此帐户在每个AG节点上获得本地管理员和sysadmin固定服务器角色。 您应该安全地存储帐户凭据。

SQL Server安装类型 (SQL Server install type)

In this part, we can choose from the below options.

在这一部分中，我们可以从以下选项中进行选择。

• Use Amazon machine image (AMI): it includes a license for both Windows and SQL Server 使用Amazon机器映像（AMI）：它包括Windows和SQL Server的许可证
• Custom AMI: AWS also gives the option to bring your SQL license and build a custom AMI 自定义AMI ：AWS还提供了携带SQL许可证并构建自定义AMI的选项

We do not have any custom AMI, so select the option – Use license included AMI and select the AMI from the drop-down.

我们没有任何自定义AMI，因此请选择选项–使用包含许可证的AMI，然后从下拉列表中选择AMI。

AWS launch wizard provides flexibility to configure additional settings and customize server names, cluster name, availability group name.

AWS启动向导提供了配置其他设置和自定义服务器名称，集群名称，可用性组名称的灵活性。

• Nodes. You can specify primary and secondary SQL node names. You can specify up to 5 secondary SQL nodes

  节点 。 您可以指定主要和辅助SQL节点名称。 您最多可以指定5个辅助SQL节点

  

• Witness node: We should add a quorum witness to improve fault tolerance for failover clusters. It is an optional requirement. Let’s add a file share quorum witness 见证节点：我们应该添加一个法定见证人，以提高故障转移群集的容错能力。 这是一项可选要求。 让我们添加一个文件共享仲裁见证人
• Additionally, specify the database, availability group, SQL Listener, and cluster name. If you do not specify any resource name, AWS automatically assigns the names as per their standard
  此外，指定数据库，可用性组，SQL Listener和群集名称。 如果您未指定任何资源名称，则AWS将根据其标准自动分配名称。

Step 3: Define the infrastructure requirement for SQL Server Always On resources

步骤3：定义SQL Server Always On资源的基础结构要求

存储与计算 (Storage and Compute)

In the third step, we need to define the infrastructure requirements for your AWS resources. We can either use the AWS recommended resources or define the resources as per our requirement.

在第三步中，我们需要为您的AWS资源定义基础架构要求。 我们可以使用AWS推荐的资源，也可以根据需要定义资源。

In the AWS recommended resources as well, you can customize the infrastructure.

同样，在AWS建议的资源中，您可以自定义基础架构。

• Instance cores:- Select the number of CPU cores for EC2 instances. By default, it uses 4 cores 实例核心数：-选择EC2实例的CPU核心数。 默认情况下，它使用4个核心
• Network performance:-You can choose preferred network speed in Gbps. Its default value is 10Gbps 网络性能：-您可以选择首选网络速度（以Gbps为单位）。 默认值为10Gbps
• Memory(GB): It is the amount of RAM for the EC2 instances. It uses 4 GB by default 内存（GB）：这是EC2实例的RAM量。 默认情况下使用4 GB
• Storage and performance: We can select the storage type for the data, logs, and TempDB volumes. By default, it uses solid-state disk ( SSD) for high performance 存储和性能：我们可以为数据，日志和TempDB卷选择存储类型。 默认情况下，它使用固态磁盘（SSD）以获得高性能
• SQL Server throughput: You should have estimates for the approximate throughput for your SQL instance. Select the required throughput from the drop-down SQL Server吞吐量：您应该对SQL实例的近似吞吐量进行估算。 从下拉列表中选择所需的吞吐量

驱动器号和卷大小 (Drive letters and Volume Size)

AWS launch wizard gives recommendations for the drive letters and the volume size for root drive, log, data, and backup drive. You cannot change the drive letter for the root drive, but you can make changes for other drive letters and their sizes.

AWS启动向导提供了有关驱动器号以及根驱动器，日志，数据和备份驱动器的卷大小的建议。 您不能更改根驱动器的驱动器号，但是可以更改其他驱动器号及其大小。

查看AWS资源的估计价格 (View Estimated price for AWS resources)

If you scroll down on this page, you get an estimate for all resources AWS launch wizard deployment. It gives estimation for the resources monthly; however, the actual bill would depend upon the usage(pay as you go model).

如果您在此页面上向下滚动，则可以估算出AWS启动向导部署的所有资源。 它每月估算资源； 但是，实际账单将取决于使用情况（按使用量付费）。

Once you reviewed the AWS resource estimation, click Next, and review the overall configurations. You can go back in case any changes are required.

查看AWS资源估算后，单击下一步，然后查看整体配置。 如果需要任何更改，您可以返回。

Before deployment, you required to accept that AWS will deploy the resources on your behalf. It again shows the estimated monthly cost for your configuration.

部署之前，您需要接受AWS代表您部署资源。 它再次显示您的配置的估计每月费用。

Click on Deploy, and it starts resource deployment.

单击部署，它开始资源部署。

You can click on the deployment name and see progress messages.

您可以单击部署名称并查看进度消息。

It takes approx.2 hours for AWS to deploy all resources. At a high-level, it deploys the following resources:

AWS部署所有资源大约需要2个小时。 在较高级别上，它部署以下资源：

• Create an AWS managed active directory
  创建一个AWS托管活动目录
• Deploys AWS EC2 instances with specified storage type, size and join them in the AD domain
  部署具有指定存储类型，大小的AWS EC2实例，并将其加入AD域
• Configure failover clustering
  配置故障转移群集
• Install SQL Server on each EC2 instance
  在每个EC2实例上安装SQL Server
• Enables SQL Server always on feature
  启用S​​QL Server常开功能
• Add secondary replica and Availability group
  添加辅助副本和可用性组
• Configure SQL listener
  配置SQL侦听器

结论 (Conclusion)

AWS Launch Wizard is a promising solution to deploy SQL Server always on solutions easily in the AWS cloud. It deploys all required resources using a quick and user-friendly interface sequentially. You do not require to deploy resources individually and configure AG replica. It is quick, easy to use, single interface for all deployments.

AWS Launch Wizard是一种很有前途的解决方案，可以始终在AWS云中轻松地始终在解决方案上部署SQL Server。 它依次使用快速且用户友好的界面来部署所有必需的资源。 您不需要单独部署资源和配置AG副本。 快速，易于使用的单一界面可用于所有部署。

翻译自: https://www.sqlshack.com/aws-launch-wizard-for-quick-sql-server-always-on-deployments/

aws waf sql注入