Slide 1
Slide 1 text
ߏஙɾӡ༻ʹ׆༂͢Δ
ίϚϯυϥΠϯπʔϧͱͷ͖߹͍ํ
ϊιϦϡʔγϣϯΞʔΩςΫτ
ੁ ণ
1
201610݄14
Developers.IO
Slide 2
Slide 2 text
ࣗݾհ
ੁ ণʢ͕͢ͷ ·͔ͨ͞ʣ
Ϋϥεϝιουגࣜձࣾ AWS ίϯαϧςΟϯά෦
ΦϖϨʔγϣϯνʔϜʢ௨শΦϖνʔʣ
ւಓࡳຈࢢࡏॅɺࡳຈΦϑΟεۈ
AWS ೝఆࢿ֨
͖ͳ AWS αʔϏεɿRoute 53
2
Slide 3
Slide 3 text
ΦϖνʔͬͯԿʁɾɾɾͷલʹ
ΫϥϝιͰఏڙ͍ͯ͠ΔαʔϏεʹ͍ͭͯ
3
Slide 4
Slide 4 text
ϝϯόʔζαʔϏε
AWS ͷྉ͕ۚ҆͘ͳΔ
͓͢͢Ί
͓͍߹ΘͤରԠ
AWS ʹؔ͢Δ߹ͤͷରԠ
ӡ༻ࢧԉαʔϏε
AWS ΛͬͨΠϯϑϥͷ࡞ۀΛߦ
4
Slide 5
Slide 5 text
Φϖνʔ࡞ۀͷඪ४πʔϧ
Piculet
Roadworker
5
Slide 6
Slide 6 text
Φϖνʔͱͯ͠
࡞ऀͷੁݪ͞ΜʹΛ͚ͯ৸ΒΕͳ͍
6
͜ͷΜʹॅΜͰΔ
Α͘Βͳ͍͚Ͳປ͡Όͳ͍͔Βଟେৎ
Slide 7
Slide 7 text
·ͣ͜ͷೋͭͱͷ͖߹͍ํ
͋͘·Ͱӡ༻ͷࢹ
7
Slide 8
Slide 8 text
Piculet ͬͯԿΛ͢Δπʔϧʁ
ηΩϡϦςΟάϧʔϓΛςΩετͰཧ
8
security_group "ssh only" do
description "ssh only"
ingress do
permission :tcp, 22..22 do
ip_ranges(
"xxx.xxx.xxx.1/32"
)
end
end
egress do
permission :any do
ip_ranges(
"0.0.0.0/0"
)
end
end
end
Slide 9
Slide 9 text
Piculet ͷཧతͳ͍ํ
ॳظߏங࣌
1.ઃఆΛ AWS ͔ΒΤΫεϙʔτ
2.git push ͠ͱ͘
มߋ͕͋ͬͨ
1. git pullɽ
2. ઃఆϑΝΠϧΛमਖ਼
3. dry-run Ͱมߋ͞ΕΔ༰ͷνΣοΫ
4. मਖ਼ͨ͠ϑΝΠϧΛΠϯϙʔτʢAWS өʣ
5. git push
9
Slide 10
Slide 10 text
Φϖνʔ͕ Piculet Λ͏໘
͓٬༷͔Β
͜ͷ IP ͔Β͜ͷ EC2 ʹ SSH ଓͰ͖ΔΑ͏ʹͯ͠Ͷɻ
10
git pull ͨ͠༰ͱ߹Θͳ͍ʂ
Slide 11
Slide 11 text
ݱ࣮తʹ Piculet Λ͓͏
৴͡Δͷݱঢ়ͷઃఆͷΈ
શͳίʔυʹΑΔཧͳͲͳ͍
git pull ͖ͯͨ͠ϑΝΠϧ৴͡ͳ͍
ʮલճͷมߋ͔ΒԿม͑ͯ·ͤΜʯ
ͱ͍͏ݴ༿৴͡ͳ͍
11
Slide 12
Slide 12 text
Piculet Λ͓͏ʢ1ʣ
࡞ۀલʹ AWS ͔ΒΤΫεϙʔτ
12
piculet -p ϓϩϑΝΠϧ໊ -r ap-northeast-1 -e > Groupfile
cp -a Groupfile Groupfile.old
Slide 13
Slide 13 text
Piculet Λ͓͏ʢ1ʣ
Groupfile.old
13
security_group "ssh only" do
description "ssh only"
ingress do
permission :tcp, 22..22 do
ip_ranges(
"xxx.xxx.xxx.1/32"
)
end
end
egress do
permission :any do
ip_ranges(
"0.0.0.0/0"
)
end
end
end
Slide 14
Slide 14 text
Piculet Λ͓͏ʢ2ʣ
Groupfile Λमਖ਼
14
security_group "ssh only" do
description "ssh only"
ingress do
permission :tcp, 22..22 do
ip_ranges(
"xxx.xxx.xxx.1/32",
"xxx.xxx.xxx.11/32"
)
end
end
egress do
permission :any do
ip_ranges(
"0.0.0.0/0"
)
end
end
end
Slide 15
Slide 15 text
Piculet Λ͓͏ʢ3ʣ
dry-run ͰԿ͕มߋ͞ΕΔ͔Λ֬ೝ
݁Ռ
Μɾɾɾʁ
revoke xxx.xxx.xxx.2/32ͬͯͳΜͩʁͲ͔͜Β༙͍ͨʁ
15
piculet -p PowerUser -r ap-northeast-1 -a --dry-run
Apply `Groupfile` to SecurityGroup (dry-run)
Update Permission: vpc-xxxxxxxx > ssh only(ingress) > tcp 22..22 (dry-run)
authorize xxx.xxx.xxx.11/32 (dry-run)
revoke xxx.xxx.xxx.2/32 (dry-run)
No change
Slide 16
Slide 16 text
Piculet Λ͓͏ʢ4ʣ
Γͯ͠dry-run ͰԿ͕มߋ͞ΕΔ͔֬ೝ
16
piculet -p PowerUser -r ap-northeast-1 -a --dry-run
Apply `Groupfile` to SecurityGroup (dry-run)
Update Permission: vpc-xxxxxxxx > ssh only(ingress) > tcp 22..22 (dry-run)
authorize xxx.xxx.xxx.11/32 (dry-run)
No change
Slide 17
Slide 17 text
Piculet Λ͓͏ʢ5ʣ
֬ೝOKɻAWS өͤ͞·͠ΐ͏
AWS ͷөྃʂ
17
piculet -p PowerUser -r ap-northeast-1 -a
Apply `Groupfile` to SecurityGroup
Update Permission: vpc-xxxxxxxx > ssh only(ingress) > tcp 22..22
authorize xxx.xxx.xxx.11/32
Slide 18
Slide 18 text
Piculet Λ͓͏ʢ·ͱΊʣ
ߏஙஈ֊͔Β͏ࣄߟ͑ͳ͍
ςΩετͰͷཧᘳ͡Όແ͍લఏͰ͓͏
աڈͷࣗ͢Β৴͡ͳ͍
৴͡ΒΕΔͷ͜Ε
ɹΤΫεϙʔτͨ͠ઃఆ༰
ɹߋ৽લͷ dry-run Ͱදࣔ͞Εͨมߋ༰
ߋ৽ͨ͠Β git push
18
Slide 19
Slide 19 text
࣍ʹ Roadworker
19
Slide 20
Slide 20 text
Roadworker ͬͯԿ͢Δπʔϧʁ
Route 53 ͷ DNS ϨίʔυΛςΩετͰཧ
20
# Export Route53
hosted_zone "mas_factory.com." do
rrset "web.mas_factory.com.", "A" do
ttl 300
resource_records(
"123.234.11.1"
)
end
end
Slide 21
Slide 21 text
Roadworker ͷཧతͳɾɾɾ
Piculet ͱ͍ํಉ͡ͳͷͰলུʂ
ͦͯ͠σϞ։࢝
21
Slide 22
Slide 22 text
࠷ޙʹ͏Ұ͓ͭ͢͢Ίͷπʔϧ
Kumogata2ɽ
ߏங୲ͷํ͓͢͢Ί
Φϖνʔͱ͍ͯͬͯ͠ΔΘ͚Ͱͳ͍
6݄͘Β͍ͷ JAWS-UG ࡳຈͰΓ·ͨ͠
ࢲ͕ࣾπʔϧͷߏஙʹͬͯ·͢
22
Slide 23
Slide 23 text
Kumogata2 ͬͯԿ͢Δπʔϧʁ
CloudFormation ͷςϯϓϨʔτΛ
Ruby Ͱॻ͚Δ
create ΦϓγϣϯͰελοΫΛ࡞Ͱ͖Δ
23
Slide 24
Slide 24 text
Θͳ͍ཧ༝ͬͯ͋Δʁ
ΫϥϝιͷதͷҰ෦ͷਓ͕ݴ͍·ͨ͠
24
֎෦πʔϧ͔ͩΒɺ৽͍͠Ϧιʔεʹ
ରԠͯ͠ͳ͔ͬͨΓͱ͔͢ΔΑͶw
Slide 25
Slide 25 text
Kumogata2 Λ͓͏
࣮ࡍͲ͏ͳͷʁ
25
Slide 26
Slide 26 text
Kumogata2 Λ͓͏ʢ1ʣ
࠷৽ͷϦιʔεʹରԠ͍ͯ͠ΔࣄΛ
ࠓ͔ΒݟͤͯΔʂ
26
ͱ͍͏ࣄͰ
ALB Λ࡞͢ΔςϯϓϨʔτ
Λ࡞ͬͯΈͨ
Slide 27
Slide 27 text
Kumogata2 Λ͓͏ʢ1ʣ
alb.rb
27
template do
AWSTemplateFormatVersion "2010-09-09"
# ύϥϝʔλ
Parameters do
KeyPair {
Type "AWS::EC2::KeyPair::KeyName"
}
AMIID {
Default "ami-374db956"
Description "Input Amazon Linux Image ID"
Type "AWS::EC2::Image::Id"
}
end
# Ϧιʔε
Resources do
# ωοτϫʔΫ
_include './alb-network.rb'
# ηΩϡϦςΟάϧʔϓ
_include './alb-securitygroup.rb'
# EC2
_include './alb-ec2.rb'
# λʔήοτάϧʔϓ
albTarget do
Type "AWS::ElasticLoadBalancingV2::TargetGroup"
# ϓϩύςΟ
Properties do
Name "tg-web"
Protocol "HTTP"
Port "80"
Slide 28
Slide 28 text
Kumogata2 Λ͓͏ʢ2ʣ
νΣοΫ
kumogata2 validate -r ap-northeast-1 alb.rb
JSON ʹίϯόʔτ
kumogata2 convert -r ap-northeast-1 alb.rb > alb.json
S3 ʹΞοϓϩʔυ
aws s3 cp ./alb.json s3://όέοτ໊/alb.json
28
Slide 29
Slide 29 text
Kumogata2 Λ͓͏ʢ3ʣ
σβΠϯςϯϓϨʔτͰಡΈࠐΜͰΈͨ
29
Slide 30
Slide 30 text
Kumogata2 Λ͓͏ʢ4ʣ
ελοΫΛ࡞ͯ͠Έͨ
30
Slide 31
Slide 31 text
Kumogata2 Λ͓͏ʢ·ͱΊʣ
ςϯϓϨʔτΛ Ruby Ͱ࡞Ͱ͖Δ
͖ͳ͚ͩίϝϯτΛॻ͚·͢
ϑΝΠϧΛࣗ༝ʹׂͰ͖Δ
create ΦϓγϣϯͰελοΫ࡞Ͱ͖Δ
มͨ͠ JSON ΛϚωδϝϯτίϯιʔϧͷ
CFn Ͱ͏
31
Slide 32
Slide 32 text
·ͱΊ
ߏஙʹ Piculet Roadworker Θͳ͍
ɹӡ༻ϑΣʔζ͕࠷దͰ͢
ݱঢ়͕શͯɻςΩετཧΛա৴͠ͳ͍
ɹ͚͕ࣗͩཧɾӡ༻͍ͯ͠ΔΘ͚͡Όͳ͍
πʔϧͷશͯͷػೳΛ͏ඞཁͳ͍
ɹKumogata2 JSON ϑΝΠϧ࡞·Ͱ
ɹࣗͷӡ༻ํ๏ʹ߹Θ͓͍͍ͤͯ͠ॴ͚ͩ͏
32
Slide 33
Slide 33 text
͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠
ϝϯόʔζͷ͓ਃࠐΈ
͓ͪͯ͠·͢
33