ブログサービスのHTTPS化を支えたAWSで作るピタゴラスイッチ / The construction of large scale TLS certificates management system with AWS

Transcript

1. ϒϩάαʔϏεͷ
 HTTPSԽΛࢧ͑ͨ
 AWSͰ࡞ΔϐλΰϥεΠον id:aereal

2. staff.hatenablog.com/entry/2018/06/13/160000 ಠࣗυϝΠϯͰӡ༻͞Ε͍ͯΔϒϩά͕ɺ HTTPSͰ഑৴Ͱ͖ΔΑ͏ʹͳΓ·ͨ͠

3. None

4. ࿩͢͜ͱ • ͸ͯͳϒϩάͷৗ࣌HTTPS഑৴ͷղઆ • എܠͱཁٻ • ࣮૷ͷ঺հ • ্هࣄྫΛݩʹෳࡶͳόον =

   ϐλΰϥεΠονߏஙͷ
 ΤοηϯεΛߟ͑ͯΈΔ

5. ࣗݾ঺հ • id:aereal • GitHub: aereal • Twitter: aereal •

   ϒϩά౷߹νʔϜ
 ΞϓϦέʔγϣϯΤϯδχΞ
 ςοΫϦʔυ

6. എܠ ͸ͯͳϒϩάͷৗ࣌HTTPS഑৴ͷղઆ

7. • ͸ͯͳϒϩάPro (༗ྉϓϥϯ) ʹਃ͠ࠐΉͱ
 ಠࣗυϝΠϯͰࣗ෼ͷϒϩάΛ഑৴Ͱ͖Δ • ݱࡏɺສ୯ҐͷಠࣗυϝΠϯ͕ొ࿥ɾར༻͞Ε͍ͯΔ • ͜ΕΒͷಠࣗυϝΠϯͰ΋ৗ࣌HTTPS഑৴͍ͨ͠

8. Let's Encrypt • ISRG = Internet Security Research Group͕ఏڙ͢Δ
 ϓϩάϥϚϒϧʹΞΫηεՄೳͳೝূہ

   (CA) • ͜Ε·ͰTLSূ໌ॻΛൃߦ͢Δʹ͸
 ͦͦ͜͜ͷֹۚͱख͕ؒඞཁ͕ͩͬͨɺͦΕΛม͑ͨCA • LEͷొ৔ʹΑΓTLSূ໌ॻͷେྔൃߦ͕ݱ࣮తʹͳͬͨ

9. developer.hatenastaff.com/entry/2018/06/04/140000 ͸ͯͳϒϩάͷHTTPSԽ࣮ࢪʹ൐͍, Let's Encrypt΁ͷد෇Λ࣮ࢪ͠·ͨ͠
 - Hatena Developer Blog

10. • LEͷొ৔͸࿕ใ͕ͩ͜Ε͚ͩͰ͸଍Γͳ͍ • ສ୯ҐͷTLSূ໌ॻΛ؅ཧ͢Δઓज़ɾઓུ͕͚͍ܽͯΔ • ഑৴ͱൃߦʹେ͖͘෼͚ͯΈΔ

11. ཁ݅ͷݕ౼: ഑৴ ͸ͯͳϒϩάͷৗ࣌HTTPS഑৴ͷղઆ

12. HTTPS഑৴: ͓͞Β͍ • ͸ͯͳϒϩάͰ͸ສ୯ҐͷಠࣗυϝΠϯ͕ར༻͞Ε͍ͯΔ • ҰൠతͳWebαΠτӡ༻ͷײ֮ͩͱφʔόε͗͢Δ • ສ୯Ґͷূ໌ॻΛҰ౓ʹಡΈࠐΉͱ
 proxyͷϝϞϦ࢖༻ྔ͕ஶ͘͠૿Ճ͢Δ •

    proxyͷ࠶ىಈʹ΋͕͔͔࣌ؒΔ

13. SAN? • = Subject Alternative Names
 1ͭͷূ໌ॻʹෳ਺υϝΠϯΛඥ෇͚Δ֦ு • ݁࿦͔Βݴ͏ͱ͸ͯͳϒϩάͷέʔεͰ͸೉͍͠ •

    LEͰSANΛར༻͢Δ৔߹ɺACME challenge͸dns-01ͷΈ ར༻Ͱ͖Δ (ݱࡏ) • DNSઃఆ͸֤ϢʔβʔʹҕͶΒΕΔͷͰࣗಈԽͰ͖ͳ͍

14. ACME? • ACME: Automated Certificate Management Environment • ূ໌ॻൃߦͳͲͷ࡞ۀΛ
 ࣗಈԽ͢ΔϓϩτίϧΛ·ͱΊͨ࢓༷

    • ACME challenge: υϝΠϯͷॴ༗ݖݶΛ֬ೝ͢Δํ๏ • Google AnalyticsͷΞϨΈ͍ͨͳ΍ͭ • LE͕ࡦఆɾ࠾༻͍ͯ͠Δ

15. ACME challenge? • dns-01: υϝΠϯͷTXTϨίʔυʹϫϯλΠϜτʔΫϯΛॻ ͖ࠐΉ • http-01: CAͷϦΫΤετʹର͠ॴఆͷϨεϙϯεΛฦ͢ •

    ྫ: /.well-known/TOKEN • (ଞʹ΋͍Ζ͍Ζ)

16. HTTPS഑৴: ͓͞Β͍ (࠶) • ͸ͯͳϒϩάͰ͸ສ୯ҐͷಠࣗυϝΠϯ͕ར༻͞Ε͍ͯΔ • ҰൠతͳWebαΠτӡ༻ͷײ֮ͩͱφʔόε͗͢Δ • ສ୯Ґͷূ໌ॻΛҰ౓ʹಡΈࠐΉͱ
 proxyͷϝϞϦ࢖༻ྔ͕ஶ͘͠૿Ճ͢Δ

    • proxyͷ࠶ىಈʹ΋͕͔͔࣌ؒΔ

17. HTTPS഑৴: ํ਑ • ϦΫΤετຖʹ౎౓ূ໌ॻΛબ୒ɾಡΈࠐΉ • ϝϞϦ࢖༻ྔͷ૿Ճ΍࠶ىಈ࣌ؒͷѱԽΛ཈͑Δ • ෳ਺୆proxyʹରԠ͢ΔͨΊσʔλετΞʹূ໌ॻΛอଘ • ͔͠΋ϨΠςϯγΛѱԽͤͣ͞ʹ࣮ݱ͢Δ

    • ϩʔΧϧΩϟογϡ

18. ཁ݅ͷݕ౼:ൃߦ ͸ͯͳϒϩάͷৗ࣌HTTPS഑৴ͷղઆ

19. ূ໌ॻൃߦ • Ұ؏ੑɾ໢ཏੑ͕ٻΊΒΕΔ • ൃߦʹࣦഊ͠ଓ͚Δͱϒϩά͕ӾཡͰ͖ͳ͘ͳΔ • ແޮͳυϝΠϯΛ์ஔͯ͠΋͍͚ͳ͍ • ཁٻ͸ߴ͍͕ෆ࣮֬ੑ͸ߴ͍ •

    ূ໌ॻΛߋ৽͢ΔࡍɺυϝΠϯ਺ʹର͠εέʔϧ͢Δ͜ͱ

20. ແޮͳυϝΠϯͷ࡟আ • ແޮͳυϝΠϯ = ඞͣACME challengeʹࣦഊ͢Δ • LEʹ͸ΞΧ΢ϯτ * time

    window͝ͱʹࣦഊͷ্ݶ͕͋Δ • ์ஔ͢ΔͱඞͣAPI limitʹ͋ͨͬͯ͠·͏ • ࣦഊͨ͠υϝΠϯ͸ඞͣ࡟আ

21. ূ໌ॻൃߦ: ෆ࣮֬ੑ • υϝΠϯͷ༗ޮੑ͸มΘΓ͏Δ • ՝ۚऴྃ • DNSϨίʔυҟৗ • ֎෦API

    = LEͱͷ౷߹ • API Limit • ద੾ͳϦτϥΠͱΤϥʔϦΧόϦ͕ඞਢ

22. ূ໌ॻൃߦ: εέʔϥϏϦςΟ • ର৅υϝΠϯ਺ͷ૿Ճʹର͠εέʔϧ͢Δ࢓૊Έʹ͍ͨ͠ • SELECT * FROM custom_domain WHERE

    id > ?
 Έ͍ͨͳΫΤϦ͸ආ͚͍ͨ • υϝΠϯ਺͕૿͑Δͱϖʔδϯά͕ඞཁ • ࣮ߦ్தͰࣦഊͨ͠ΒɺϦτϥΠΩϡʔʹೖΕ௚͢Α͏ ͳ޻෉ΛڽΒ͞ͳ͍ͱ͍͚ͳ͘ͳΔ

23. γεςϜͷཁ݅: ·ͱΊ • ϦΫΤετຖʹূ໌ॻΛऔಘɾ࢖༻ • Ͱ͖Δ͚ͩ௿ϨΠςϯγͰ • Τϥʔ଱ੑ͕ߴ͍ • ࣦഊͨ͠Βऔಘର৅ͷυϝΠϯ͔Β֎͢

    • ֎෦API௨৴ͷΤϥʔΛద੾ʹॲཧͰ͖Δ • υϝΠϯ਺ͷ૿Ճʹεέʔϧ͢Δ

24. γεςϜͷ঺հ ͸ͯͳϒϩάͷৗ࣌HTTPS഑৴ͷղઆ

25. cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set

    Get ഑৴

26. ഑৴γεςϜ • ngx_mruby: ূ໌ॻಡΈࠐΈ࣌ʹmrubyͷίʔυΛ࣮ߦ • cache gateway΁HTTP GET͢Δ͚ͩ • https://github.com/matsumotory/ngx_mruby

    • cache gateway (Go): HTTP GET͢Δͱূ໌ॻΛฦ͢ • DynamoDB: ূ໌ॻΛอଘ͢ΔσʔλετΞ

27. cache gateway • AWS (DynamoDB) APIݺͼग़͠ΛHTTP APIʹม͑Δ • mrubyʹ͸AWS SDK͕ͳ͍

    • ಉډ͢Δmemcachedʹ΋ಡΈॻ͖͠ɺ
 DynamoDB΁ͷΞΫηεΛͰ͖Δ͚ͩݮΒ͢

28. cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set

    Get ഑৴

29. cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set

    Get ഑৴

30. cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set

    Get ഑৴

31. cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set

    Get ഑৴

32. cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set

    Get ഑৴

33. ഑৴γεςϜ • ngx_mrubyΛ࢖ͬͯϦΫΤετຖʹূ໌ॻΛऔಘͰ͖ͨ • proxyʹಉډͨ͠memcachedΛ࢖͏͜ͱͰ
 DynamoDB΁ͷϦΫΤετΛݮΒ͠ϨΠςϯγΛԼ͛ͨ

34. cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP

    ࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ

35. ূ໌ॻൃߦγεςϜ • cert-updater-state: AWS StepFunctions; ֤LambdaΛىಈ • Τϥʔ಺༰ʹԠͨ͡ϦΧόϦɾϦτϥΠ (ޙड़) •

    cert-updater-function: AWS Lambda; ূ໌ॻΛൃߦɺ DynamoDB΁ॻ͖ࠐΈ • cert-update-notifier: Lambda; ੒൱Λ͸ͯͳϒϩά΁௨஌
36. None
37. None

38. cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP

    ࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ

39. cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP

    ࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ

40. cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP

    ࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ

41. cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP

    ࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ

42. cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP

    ࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ

43. cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP

    ࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ

44. AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,

    "MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],

45. AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,

    "MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],

46. AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,

    "MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],

47. AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,

    "MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],

48. ূ໌ॻൃߦγεςϜ • AWS StepFunctionsΛ࢖ͬͯద੾ͳΤϥʔॲཧΛ࣮ݱ • Ϧιʔε্ݶʹୡ͢ΔͳͲ
 ҟৗऴྃͨ࣌͠͸ଈ࠲ʹ݁ՌΛ௨஌ • APIݺͼग़ࣦ͠ഊͳͲϦτϥΠՄೳͳ࣌͸ϦτϥΠ

49. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)

50. ূ໌ॻൃߦ: ߋ৽ • DynamoDBͷTTL Trigger͕Lambdaܦ༝ͰSFnΛىಈ • cert-reissue-confirmer: ͸ͯͳϒϩάʹυϝΠϯ༗ޮੑΛ໰ ͍߹Θͤͯɺߋ৽͢Δඞཁ͕͋Δ͔Λޙଓʹ఻͑Δ •

    cert-cleanup-function: ແޮͳυϝΠϯΛDynamoDB͔Βফ ͢

51. cert-lifecycle-store
 (DynamoDB) Domain: ex1.example.com ExpiresAt: 2018-05-23T02:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T03:00:00

    Domain: ex2.example.com ExpiresAt: 2018-05-23T04:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00

52. cert-lifecycle-store
 (DynamoDB) Domain: ex2.example.com ExpiresAt: 2018-05-23T03:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T04:00:00

    Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00

53. cert-lifecycle-store
 (DynamoDB) Domain: ex2.example.com ExpiresAt: 2018-05-23T04:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00

54. cert-lifecycle-store
 (DynamoDB) Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00

55. cert-lifecycle-store
 (DynamoDB)

56. publish SELECT * FROM ... ࣮ߦ

57. Τϥʔॲཧ͕؆ܿʹ • όονॲཧͩͱ: औಘͨ͠ෳ਺ͷυϝΠϯΛϧʔϓͰॲཧ • = ॲཧ୯Ґ͕ෳ਺υϝΠϯʹͳΔ • Ұ෦ͷυϝΠϯ͕ࣦഊͨ࣌͠ɺόονॲཧશମͷ
 εςʔλε͸Ͳ͏͢Δ?

    ੒ޭ? ࣦഊ? • pub/subͩͱ: Ҿ਺ͱͯ͠౉ͬͨυϝΠϯ1ͭΛॲཧ͢Δ • = ॲཧ୯Ґ͕υϝΠϯ1ͭʹͳΔ

58. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)

59. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)

60. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)

61. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)

62. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)

63. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)

64. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)

65. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)

66. cert-reissue-state "Determine next state": { "Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢", "Type": "Choice", "Choices":

    [ { "Variable": "$.UpdateRequired", "BooleanEquals": true, "Next": "Call reissue of certificate" }, { "Variable": "$.UpdateRequired", "BooleanEquals": false, "Next": "Clean up of certificate" } ] },

67. cert-reissue-state "Determine next state": { "Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢", "Type": "Choice", "Choices":

    [ { "Variable": "$.UpdateRequired", "BooleanEquals": true, "Next": "Call reissue of certificate" }, { "Variable": "$.UpdateRequired", "BooleanEquals": false, "Next": "Clean up of certificate" } ] },

68. cert-reissue-state "Determine next state": { "Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢", "Type": "Choice", "Choices":

    [ { "Variable": "$.UpdateRequired", "BooleanEquals": true, "Next": "Call reissue of certificate" }, { "Variable": "$.UpdateRequired", "BooleanEquals": false, "Next": "Clean up of certificate" } ] },

69. ূ໌ॻߋ৽γεςϜ • σʔλϑϩʔΛpub/subͰγϯϓϧʹ • ॳճൃߦ΋ߋ৽࣌΋DynamoDBͷI/O͚͕ͩൃੜ͢Δ • DynamoDB TTL TriggerΛ׆༻ •

    ঢ়ଶ = σʔλΛதԝʹू໿

70. ࠶ܝ: ഑৴γεςϜ • ngx_mrubyΛ࢖ͬͯϦΫΤετຖʹূ໌ॻΛऔಘͰ͖ͨ • proxyʹಉډͨ͠memcachedΛ࢖͏͜ͱͰ
 DynamoDB΁ͷϦΫΤετΛݮΒ͠ϨΠςϯγΛԼ͛ͨ

71. ࠶ܝ: ূ໌ॻൃߦγεςϜ • AWS StepFunctionsΛ࢖ͬͯద੾ͳΤϥʔॲཧΛͰ͖ͨ • Ϧιʔε্ݶʹୡ͢ΔͳͲ
 ҟৗऴྃͨ࣌͠͸ଈ࠲ʹ݁ՌΛ௨஌ • APIݺͼग़ࣦ͠ഊͳͲϦτϥΠՄೳͳ࣌͸ϦτϥΠ

72. ߟ࡯ ϐλΰϥεΠονͷ࡞Γํ

73. ڊେͳόονͷ೉͠͞ • ࣮ߦεςοϓશ༰Λ೺Ѳ͢Δ͜ͱͷ೉͠͞ • શମͰεςοϓ͕͜Ε͚ͩ͋Δ • Ͳ͜ͷεςοϓͰࣦഊͨ͠ͷ͔ • ॲཧ୯Ґ͕େ͖͘ͳΓ͕ͪ •

    ඞવͱ࣮ߦ࣌ؒ΋௕Ҿ͖͕ͪ • Ұ෦͚ࣦͩഊͨ࣌͠ɺ࣮ߦͷঢ়ଶ͸੒ޭ? ࣦഊ?

74. ΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ ͷϐλΰϥεΠον • ϫʔΫϑϩʔΤϯδϯͷಋೖ • ࣮ߦεςοϓશ༰Λ೺Ѳ͠΍͘͢ • ͦΕͱߴ౓ʹ౷߹͞Εͨόον࣮ߦ؀ڥ͕͋Δͱͳ͓Α͍ • pub/subϞσϧͰର৅σʔλͷ૿Ճʹର͠εέʔϧͤ͞Δ

    • ॲཧ͢Δσʔλ୯ҐΛෳ਺ˠ1ͭ΁ • ͍ͭͰʹσʔλετΞ΁ঢ়ଶ͕ڽू͞ΕΔ

75. ෼ׂ౷࣏ • খ͞ͳؔ਺΍ΫϥεΛ࡞ΓɺͦΕΒΛ૊Έ߹ΘͤΔ͜ͱΛ ීஈ͔Βҙࣝͯ͠΍͍ͬͯΔ͸ͣ • ʹ΋ؔΘΒͣόον͕ڊେʹͳΓ͕ͪͳͷ͸ͳͥͳͷ͔? • ύϑΥʔϚϯε • ߹੒Մೳ

    (composable) Ͱ͸ͳ͍

76. ෼ׂ౷࣏ • খ͞ͳؔ਺΍ΫϥεΛ࡞ΓɺͦΕΒΛ૊Έ߹ΘͤΔ͜ͱΛ ීஈ͔Βҙࣝͯ͠΍͍ͬͯΔ͸ͣ • ʹ΋ؔΘΒͣόον͕ڊେʹͳΓ͕ͪͳͷ͸ͳͥͳͷ͔? • ύϑΥʔϚϯε • ߹੒Մೳ

    (composable) Ͱ͸ͳ͍

77. ߹੒ՄೳΛࢧ͑Δٕज़ • 2ͭͷεςοϓͷ௚ྻ࣮ߦΛೋ߲ԋࢉͱΈͳͯ͠ΈΔ • operand: ੹೚ൣғ͕খ͍͜͞ͱ • operator: ༷ʑͳ๏ଇΛຬͨ͢͜ͱ •

    ݁߹ଇɺ෼഑ଇ

78. ہॴঢ়ଶΛ࣋ͨͳ͍ • ঢ়ଶ = มߋՄೳͳσʔλ • άϩʔόϧʹͨͩ1ͭͷঢ়ଶΛ࣋ͭ͜ͱ͕େࣄ • Ճ͑ͯঢ়ଶΛมߋ͢Δཁૉ͕୯ҰͰ͋Δ͜ͱ

79. άϩʔόϧม਺? • άϩʔόϧม਺͸ѱͱ͍͏ߟ͑ํͱ൓͠ͳ͍͔?
 → ͠ͳ͍ • ঢ়ଶΛมߋ͢Δཁૉ͕୯ҰͳΒɺ
 ֤࣮ߦεςοϓ͸ঢ়ଶΛड͚औͬͯ৽ͨͳσʔλΛฦ͢
 ؔ਺ͱΈͳͤΔ

80. // ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "domain": "www.example.com", "endpoint": "https://...." } // ͋Δόονͷೖྗ

    { "domain": "www.example.com" }

81. // ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "domain": "www.example.com", "endpoint": "https://...." } // ͋Δόονͷೖྗ

    { "domain": "www.example.com" } άϩʔόϧঢ়ଶΛҾ਺΁ม׵͢Δ
 (όον͔Βͷมߋ͸ෆՄ)

82. // ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "updateRequired": true, "domain": "www.example.com", "endpoint": "https://...." }

    // ͋Δόονͷग़ྗ { "updateRequired": true }

83. // ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "updateRequired": true, "domain": "www.example.com", "endpoint": "https://...." }

    // ͋Δόονͷग़ྗ { "updateRequired": true } όονͷग़ྗΛάϩʔόϧͳঢ়ଶ΁ม׵
 (౰વɺग़ྗ͸ޙ͔ΒมߋෆՄ)

84. όονॲཧͷ߹੒ • operand: ֤εςοϓ • operator: ϫʔΫϑϩʔΤϯδϯ

85. όονॲཧͷ߹੒ • operand: ֤εςοϓ; AWS Lambda • operator: ϫʔΫϑϩʔΤϯδϯ; AWS

    StepFunctions

86. ΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ͷ ϐλΰϥεΠον@͸ͯͳϒϩά • ϫʔΫϑϩʔΤϯδϯ: AWS StepFunctions • ……ͱͦΕΒ͔Β࣮ߦ͞ΕΔAWS Lambda •

    pub/sub: DynamoDB TTL Trigger

87. ࠶: ΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ ͷϐλΰϥεΠον • ϫʔΫϑϩʔΤϯδϯͷಋೖ • ࣮ߦεςοϓશ༰Λ೺Ѳ͠΍͘͢ • ͦΕͱߴ౓ʹ౷߹͞Εͨόον࣮ߦ؀ڥ͕͋Δͱͳ͓Α͍ •

    pub/subϞσϧͰର৅σʔλͷ૿Ճʹର͠εέʔϧͤ͞Δ • ॲཧ͢Δσʔλ୯ҐΛෳ਺ˠ1ͭ΁ • ͍ͭͰʹσʔλετΞ΁ঢ়ଶ͕ڽू͞ΕΔ

88. ·ͱΊ

89. ·ͱΊ • ιϑτ΢ΣΞߏஙҰൠͷݪଇ͕࢖͑Δ • άϩʔόϧͳঢ়ଶΛ࣋ͨͳ͍ɾม͑ͳ͍ɾ࣋ͪࠐ·ͤͳ͍ • ॲཧ୯ҐΛͰ͖Δ͚ͩখ͘͞ɺࣦഊΛ೺Ѳ͠΍͘͢ • ͜ΕΒΛ࣮ݱ͢ΔͨΊͷҰྫͱͯ͠ •

    ϫʔΫϑϩʔΤϯδϯ: AWS StepFunctions • pub/subΛαϙʔτ͢ΔσʔλετΞ: DynamoDB

90. ׬