Pro Yearly is on sale from $80 to $50! »

ブログサービスのHTTPS化を支えたAWSで作るピタゴラスイッチ / The construction of large scale TLS certificates management system with AWS

3f4be9784f765877f444bc839de29888?s=47 aereal
September 08, 2018

ブログサービスのHTTPS化を支えたAWSで作るピタゴラスイッチ / The construction of large scale TLS certificates management system with AWS

talked at builderscon tokyo 2018

3f4be9784f765877f444bc839de29888?s=128

aereal

September 08, 2018
Tweet

Transcript

  1. ϒϩάαʔϏεͷ
 HTTPSԽΛࢧ͑ͨ
 AWSͰ࡞ΔϐλΰϥεΠον id:aereal

  2. staff.hatenablog.com/entry/2018/06/13/160000 ಠࣗυϝΠϯͰӡ༻͞Ε͍ͯΔϒϩά͕ɺ HTTPSͰ഑৴Ͱ͖ΔΑ͏ʹͳΓ·ͨ͠

  3. None
  4. ࿩͢͜ͱ • ͸ͯͳϒϩάͷৗ࣌HTTPS഑৴ͷղઆ • എܠͱཁٻ • ࣮૷ͷ঺հ • ্هࣄྫΛݩʹෳࡶͳόον =

    ϐλΰϥεΠονߏஙͷ
 ΤοηϯεΛߟ͑ͯΈΔ
  5. ࣗݾ঺հ • id:aereal • GitHub: aereal • Twitter: aereal •

    ϒϩά౷߹νʔϜ
 ΞϓϦέʔγϣϯΤϯδχΞ
 ςοΫϦʔυ
  6. എܠ ͸ͯͳϒϩάͷৗ࣌HTTPS഑৴ͷղઆ

  7. • ͸ͯͳϒϩάPro (༗ྉϓϥϯ) ʹਃ͠ࠐΉͱ
 ಠࣗυϝΠϯͰࣗ෼ͷϒϩάΛ഑৴Ͱ͖Δ • ݱࡏɺສ୯ҐͷಠࣗυϝΠϯ͕ొ࿥ɾར༻͞Ε͍ͯΔ • ͜ΕΒͷಠࣗυϝΠϯͰ΋ৗ࣌HTTPS഑৴͍ͨ͠

  8. Let's Encrypt • ISRG = Internet Security Research Group͕ఏڙ͢Δ
 ϓϩάϥϚϒϧʹΞΫηεՄೳͳೝূہ

    (CA) • ͜Ε·ͰTLSূ໌ॻΛൃߦ͢Δʹ͸
 ͦͦ͜͜ͷֹۚͱख͕ؒඞཁ͕ͩͬͨɺͦΕΛม͑ͨCA • LEͷొ৔ʹΑΓTLSূ໌ॻͷେྔൃߦ͕ݱ࣮తʹͳͬͨ
  9. developer.hatenastaff.com/entry/2018/06/04/140000 ͸ͯͳϒϩάͷHTTPSԽ࣮ࢪʹ൐͍, Let's Encrypt΁ͷد෇Λ࣮ࢪ͠·ͨ͠
 - Hatena Developer Blog

  10. • LEͷొ৔͸࿕ใ͕ͩ͜Ε͚ͩͰ͸଍Γͳ͍ • ສ୯ҐͷTLSূ໌ॻΛ؅ཧ͢Δઓज़ɾઓུ͕͚͍ܽͯΔ • ഑৴ͱൃߦʹେ͖͘෼͚ͯΈΔ

  11. ཁ݅ͷݕ౼: ഑৴ ͸ͯͳϒϩάͷৗ࣌HTTPS഑৴ͷղઆ

  12. HTTPS഑৴: ͓͞Β͍ • ͸ͯͳϒϩάͰ͸ສ୯ҐͷಠࣗυϝΠϯ͕ར༻͞Ε͍ͯΔ • ҰൠతͳWebαΠτӡ༻ͷײ֮ͩͱφʔόε͗͢Δ • ສ୯Ґͷূ໌ॻΛҰ౓ʹಡΈࠐΉͱ
 proxyͷϝϞϦ࢖༻ྔ͕ஶ͘͠૿Ճ͢Δ •

    proxyͷ࠶ىಈʹ΋͕͔͔࣌ؒΔ
  13. SAN? • = Subject Alternative Names
 1ͭͷূ໌ॻʹෳ਺υϝΠϯΛඥ෇͚Δ֦ு • ݁࿦͔Βݴ͏ͱ͸ͯͳϒϩάͷέʔεͰ͸೉͍͠ •

    LEͰSANΛར༻͢Δ৔߹ɺACME challenge͸dns-01ͷΈ ར༻Ͱ͖Δ (ݱࡏ) • DNSઃఆ͸֤ϢʔβʔʹҕͶΒΕΔͷͰࣗಈԽͰ͖ͳ͍
  14. ACME? • ACME: Automated Certificate Management Environment • ূ໌ॻൃߦͳͲͷ࡞ۀΛ
 ࣗಈԽ͢ΔϓϩτίϧΛ·ͱΊͨ࢓༷

    • ACME challenge: υϝΠϯͷॴ༗ݖݶΛ֬ೝ͢Δํ๏ • Google AnalyticsͷΞϨΈ͍ͨͳ΍ͭ • LE͕ࡦఆɾ࠾༻͍ͯ͠Δ
  15. ACME challenge? • dns-01: υϝΠϯͷTXTϨίʔυʹϫϯλΠϜτʔΫϯΛॻ ͖ࠐΉ • http-01: CAͷϦΫΤετʹର͠ॴఆͷϨεϙϯεΛฦ͢ •

    ྫ: /.well-known/TOKEN • (ଞʹ΋͍Ζ͍Ζ)
  16. HTTPS഑৴: ͓͞Β͍ (࠶) • ͸ͯͳϒϩάͰ͸ສ୯ҐͷಠࣗυϝΠϯ͕ར༻͞Ε͍ͯΔ • ҰൠతͳWebαΠτӡ༻ͷײ֮ͩͱφʔόε͗͢Δ • ສ୯Ґͷূ໌ॻΛҰ౓ʹಡΈࠐΉͱ
 proxyͷϝϞϦ࢖༻ྔ͕ஶ͘͠૿Ճ͢Δ

    • proxyͷ࠶ىಈʹ΋͕͔͔࣌ؒΔ
  17. HTTPS഑৴: ํ਑ • ϦΫΤετຖʹ౎౓ূ໌ॻΛબ୒ɾಡΈࠐΉ • ϝϞϦ࢖༻ྔͷ૿Ճ΍࠶ىಈ࣌ؒͷѱԽΛ཈͑Δ • ෳ਺୆proxyʹରԠ͢ΔͨΊσʔλετΞʹূ໌ॻΛอଘ • ͔͠΋ϨΠςϯγΛѱԽͤͣ͞ʹ࣮ݱ͢Δ

    • ϩʔΧϧΩϟογϡ
  18. ཁ݅ͷݕ౼:ൃߦ ͸ͯͳϒϩάͷৗ࣌HTTPS഑৴ͷղઆ

  19. ূ໌ॻൃߦ • Ұ؏ੑɾ໢ཏੑ͕ٻΊΒΕΔ • ൃߦʹࣦഊ͠ଓ͚Δͱϒϩά͕ӾཡͰ͖ͳ͘ͳΔ • ແޮͳυϝΠϯΛ์ஔͯ͠΋͍͚ͳ͍ • ཁٻ͸ߴ͍͕ෆ࣮֬ੑ͸ߴ͍ •

    ূ໌ॻΛߋ৽͢ΔࡍɺυϝΠϯ਺ʹର͠εέʔϧ͢Δ͜ͱ
  20. ແޮͳυϝΠϯͷ࡟আ • ແޮͳυϝΠϯ = ඞͣACME challengeʹࣦഊ͢Δ • LEʹ͸ΞΧ΢ϯτ * time

    window͝ͱʹࣦഊͷ্ݶ͕͋Δ • ์ஔ͢ΔͱඞͣAPI limitʹ͋ͨͬͯ͠·͏ • ࣦഊͨ͠υϝΠϯ͸ඞͣ࡟আ
  21. ূ໌ॻൃߦ: ෆ࣮֬ੑ • υϝΠϯͷ༗ޮੑ͸มΘΓ͏Δ • ՝ۚऴྃ • DNSϨίʔυҟৗ • ֎෦API

    = LEͱͷ౷߹ • API Limit • ద੾ͳϦτϥΠͱΤϥʔϦΧόϦ͕ඞਢ
  22. ূ໌ॻൃߦ: εέʔϥϏϦςΟ • ର৅υϝΠϯ਺ͷ૿Ճʹର͠εέʔϧ͢Δ࢓૊Έʹ͍ͨ͠ • SELECT * FROM custom_domain WHERE

    id > ?
 Έ͍ͨͳΫΤϦ͸ආ͚͍ͨ • υϝΠϯ਺͕૿͑Δͱϖʔδϯά͕ඞཁ • ࣮ߦ్தͰࣦഊͨ͠ΒɺϦτϥΠΩϡʔʹೖΕ௚͢Α͏ ͳ޻෉ΛڽΒ͞ͳ͍ͱ͍͚ͳ͘ͳΔ
  23. γεςϜͷཁ݅: ·ͱΊ • ϦΫΤετຖʹূ໌ॻΛऔಘɾ࢖༻ • Ͱ͖Δ͚ͩ௿ϨΠςϯγͰ • Τϥʔ଱ੑ͕ߴ͍ • ࣦഊͨ͠Βऔಘର৅ͷυϝΠϯ͔Β֎͢

    • ֎෦API௨৴ͷΤϥʔΛద੾ʹॲཧͰ͖Δ • υϝΠϯ਺ͷ૿Ճʹεέʔϧ͢Δ
  24. γεςϜͷ঺հ ͸ͯͳϒϩάͷৗ࣌HTTPS഑৴ͷղઆ

  25. cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set

    Get ഑৴
  26. ഑৴γεςϜ • ngx_mruby: ূ໌ॻಡΈࠐΈ࣌ʹmrubyͷίʔυΛ࣮ߦ • cache gateway΁HTTP GET͢Δ͚ͩ • https://github.com/matsumotory/ngx_mruby

    • cache gateway (Go): HTTP GET͢Δͱূ໌ॻΛฦ͢ • DynamoDB: ূ໌ॻΛอଘ͢ΔσʔλετΞ
  27. cache gateway • AWS (DynamoDB) APIݺͼग़͠ΛHTTP APIʹม͑Δ • mrubyʹ͸AWS SDK͕ͳ͍

    • ಉډ͢Δmemcachedʹ΋ಡΈॻ͖͠ɺ
 DynamoDB΁ͷΞΫηεΛͰ͖Δ͚ͩݮΒ͢
  28. cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set

    Get ഑৴
  29. cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set

    Get ഑৴
  30. cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set

    Get ഑৴
  31. cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set

    Get ഑৴
  32. cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set

    Get ഑৴
  33. ഑৴γεςϜ • ngx_mrubyΛ࢖ͬͯϦΫΤετຖʹূ໌ॻΛऔಘͰ͖ͨ • proxyʹಉډͨ͠memcachedΛ࢖͏͜ͱͰ
 DynamoDB΁ͷϦΫΤετΛݮΒ͠ϨΠςϯγΛԼ͛ͨ

  34. cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP

    ࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
  35. ূ໌ॻൃߦγεςϜ • cert-updater-state: AWS StepFunctions; ֤LambdaΛىಈ • Τϥʔ಺༰ʹԠͨ͡ϦΧόϦɾϦτϥΠ (ޙड़) •

    cert-updater-function: AWS Lambda; ূ໌ॻΛൃߦɺ DynamoDB΁ॻ͖ࠐΈ • cert-update-notifier: Lambda; ੒൱Λ͸ͯͳϒϩά΁௨஌
  36. None
  37. None
  38. cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP

    ࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
  39. cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP

    ࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
  40. cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP

    ࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
  41. cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP

    ࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
  42. cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP

    ࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
  43. cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP

    ࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
  44. AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,

    "MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],
  45. AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,

    "MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],
  46. AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,

    "MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],
  47. AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,

    "MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],
  48. ূ໌ॻൃߦγεςϜ • AWS StepFunctionsΛ࢖ͬͯద੾ͳΤϥʔॲཧΛ࣮ݱ • Ϧιʔε্ݶʹୡ͢ΔͳͲ
 ҟৗऴྃͨ࣌͠͸ଈ࠲ʹ݁ՌΛ௨஌ • APIݺͼग़ࣦ͠ഊͳͲϦτϥΠՄೳͳ࣌͸ϦτϥΠ

  49. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)
  50. ূ໌ॻൃߦ: ߋ৽ • DynamoDBͷTTL Trigger͕Lambdaܦ༝ͰSFnΛىಈ • cert-reissue-confirmer: ͸ͯͳϒϩάʹυϝΠϯ༗ޮੑΛ໰ ͍߹Θͤͯɺߋ৽͢Δඞཁ͕͋Δ͔Λޙଓʹ఻͑Δ •

    cert-cleanup-function: ແޮͳυϝΠϯΛDynamoDB͔Βফ ͢
  51. cert-lifecycle-store
 (DynamoDB) Domain: ex1.example.com ExpiresAt: 2018-05-23T02:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T03:00:00

    Domain: ex2.example.com ExpiresAt: 2018-05-23T04:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00
  52. cert-lifecycle-store
 (DynamoDB) Domain: ex2.example.com ExpiresAt: 2018-05-23T03:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T04:00:00

    Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00
  53. cert-lifecycle-store
 (DynamoDB) Domain: ex2.example.com ExpiresAt: 2018-05-23T04:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00

  54. cert-lifecycle-store
 (DynamoDB) Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00

  55. cert-lifecycle-store
 (DynamoDB)

  56. publish SELECT * FROM ... ࣮ߦ

  57. Τϥʔॲཧ͕؆ܿʹ • όονॲཧͩͱ: औಘͨ͠ෳ਺ͷυϝΠϯΛϧʔϓͰॲཧ • = ॲཧ୯Ґ͕ෳ਺υϝΠϯʹͳΔ • Ұ෦ͷυϝΠϯ͕ࣦഊͨ࣌͠ɺόονॲཧશମͷ
 εςʔλε͸Ͳ͏͢Δ?

    ੒ޭ? ࣦഊ? • pub/subͩͱ: Ҿ਺ͱͯ͠౉ͬͨυϝΠϯ1ͭΛॲཧ͢Δ • = ॲཧ୯Ґ͕υϝΠϯ1ͭʹͳΔ
  58. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)
  59. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)
  60. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)
  61. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)
  62. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)
  63. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)
  64. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)
  65. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)
  66. cert-reissue-state "Determine next state": { "Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢", "Type": "Choice", "Choices":

    [ { "Variable": "$.UpdateRequired", "BooleanEquals": true, "Next": "Call reissue of certificate" }, { "Variable": "$.UpdateRequired", "BooleanEquals": false, "Next": "Clean up of certificate" } ] },
  67. cert-reissue-state "Determine next state": { "Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢", "Type": "Choice", "Choices":

    [ { "Variable": "$.UpdateRequired", "BooleanEquals": true, "Next": "Call reissue of certificate" }, { "Variable": "$.UpdateRequired", "BooleanEquals": false, "Next": "Clean up of certificate" } ] },
  68. cert-reissue-state "Determine next state": { "Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢", "Type": "Choice", "Choices":

    [ { "Variable": "$.UpdateRequired", "BooleanEquals": true, "Next": "Call reissue of certificate" }, { "Variable": "$.UpdateRequired", "BooleanEquals": false, "Next": "Clean up of certificate" } ] },
  69. ূ໌ॻߋ৽γεςϜ • σʔλϑϩʔΛpub/subͰγϯϓϧʹ • ॳճൃߦ΋ߋ৽࣌΋DynamoDBͷI/O͚͕ͩൃੜ͢Δ • DynamoDB TTL TriggerΛ׆༻ •

    ঢ়ଶ = σʔλΛதԝʹू໿
  70. ࠶ܝ: ഑৴γεςϜ • ngx_mrubyΛ࢖ͬͯϦΫΤετຖʹূ໌ॻΛऔಘͰ͖ͨ • proxyʹಉډͨ͠memcachedΛ࢖͏͜ͱͰ
 DynamoDB΁ͷϦΫΤετΛݮΒ͠ϨΠςϯγΛԼ͛ͨ

  71. ࠶ܝ: ূ໌ॻൃߦγεςϜ • AWS StepFunctionsΛ࢖ͬͯద੾ͳΤϥʔॲཧΛͰ͖ͨ • Ϧιʔε্ݶʹୡ͢ΔͳͲ
 ҟৗऴྃͨ࣌͠͸ଈ࠲ʹ݁ՌΛ௨஌ • APIݺͼग़ࣦ͠ഊͳͲϦτϥΠՄೳͳ࣌͸ϦτϥΠ

  72. ߟ࡯ ϐλΰϥεΠονͷ࡞Γํ

  73. ڊେͳόονͷ೉͠͞ • ࣮ߦεςοϓશ༰Λ೺Ѳ͢Δ͜ͱͷ೉͠͞ • શମͰεςοϓ͕͜Ε͚ͩ͋Δ • Ͳ͜ͷεςοϓͰࣦഊͨ͠ͷ͔ • ॲཧ୯Ґ͕େ͖͘ͳΓ͕ͪ •

    ඞવͱ࣮ߦ࣌ؒ΋௕Ҿ͖͕ͪ • Ұ෦͚ࣦͩഊͨ࣌͠ɺ࣮ߦͷঢ়ଶ͸੒ޭ? ࣦഊ?
  74. ΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ ͷϐλΰϥεΠον • ϫʔΫϑϩʔΤϯδϯͷಋೖ • ࣮ߦεςοϓશ༰Λ೺Ѳ͠΍͘͢ • ͦΕͱߴ౓ʹ౷߹͞Εͨόον࣮ߦ؀ڥ͕͋Δͱͳ͓Α͍ • pub/subϞσϧͰର৅σʔλͷ૿Ճʹର͠εέʔϧͤ͞Δ

    • ॲཧ͢Δσʔλ୯ҐΛෳ਺ˠ1ͭ΁ • ͍ͭͰʹσʔλετΞ΁ঢ়ଶ͕ڽू͞ΕΔ
  75. ෼ׂ౷࣏ • খ͞ͳؔ਺΍ΫϥεΛ࡞ΓɺͦΕΒΛ૊Έ߹ΘͤΔ͜ͱΛ ීஈ͔Βҙࣝͯ͠΍͍ͬͯΔ͸ͣ • ʹ΋ؔΘΒͣόον͕ڊେʹͳΓ͕ͪͳͷ͸ͳͥͳͷ͔? • ύϑΥʔϚϯε • ߹੒Մೳ

    (composable) Ͱ͸ͳ͍
  76. ෼ׂ౷࣏ • খ͞ͳؔ਺΍ΫϥεΛ࡞ΓɺͦΕΒΛ૊Έ߹ΘͤΔ͜ͱΛ ීஈ͔Βҙࣝͯ͠΍͍ͬͯΔ͸ͣ • ʹ΋ؔΘΒͣόον͕ڊେʹͳΓ͕ͪͳͷ͸ͳͥͳͷ͔? • ύϑΥʔϚϯε • ߹੒Մೳ

    (composable) Ͱ͸ͳ͍
  77. ߹੒ՄೳΛࢧ͑Δٕज़ • 2ͭͷεςοϓͷ௚ྻ࣮ߦΛೋ߲ԋࢉͱΈͳͯ͠ΈΔ • operand: ੹೚ൣғ͕খ͍͜͞ͱ • operator: ༷ʑͳ๏ଇΛຬͨ͢͜ͱ •

    ݁߹ଇɺ෼഑ଇ
  78. ہॴঢ়ଶΛ࣋ͨͳ͍ • ঢ়ଶ = มߋՄೳͳσʔλ • άϩʔόϧʹͨͩ1ͭͷঢ়ଶΛ࣋ͭ͜ͱ͕େࣄ • Ճ͑ͯঢ়ଶΛมߋ͢Δཁૉ͕୯ҰͰ͋Δ͜ͱ

  79. άϩʔόϧม਺? • άϩʔόϧม਺͸ѱͱ͍͏ߟ͑ํͱ൓͠ͳ͍͔?
 → ͠ͳ͍ • ঢ়ଶΛมߋ͢Δཁૉ͕୯ҰͳΒɺ
 ֤࣮ߦεςοϓ͸ঢ়ଶΛड͚औͬͯ৽ͨͳσʔλΛฦ͢
 ؔ਺ͱΈͳͤΔ

  80. // ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "domain": "www.example.com", "endpoint": "https://...." } // ͋Δόονͷೖྗ

    { "domain": "www.example.com" }
  81. // ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "domain": "www.example.com", "endpoint": "https://...." } // ͋Δόονͷೖྗ

    { "domain": "www.example.com" } άϩʔόϧঢ়ଶΛҾ਺΁ม׵͢Δ
 (όον͔Βͷมߋ͸ෆՄ)
  82. // ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "updateRequired": true, "domain": "www.example.com", "endpoint": "https://...." }

    // ͋Δόονͷग़ྗ { "updateRequired": true }
  83. // ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "updateRequired": true, "domain": "www.example.com", "endpoint": "https://...." }

    // ͋Δόονͷग़ྗ { "updateRequired": true } όονͷग़ྗΛάϩʔόϧͳঢ়ଶ΁ม׵
 (౰વɺग़ྗ͸ޙ͔ΒมߋෆՄ)
  84. όονॲཧͷ߹੒ • operand: ֤εςοϓ • operator: ϫʔΫϑϩʔΤϯδϯ

  85. όονॲཧͷ߹੒ • operand: ֤εςοϓ; AWS Lambda • operator: ϫʔΫϑϩʔΤϯδϯ; AWS

    StepFunctions
  86. ΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ͷ ϐλΰϥεΠον@͸ͯͳϒϩά • ϫʔΫϑϩʔΤϯδϯ: AWS StepFunctions • ……ͱͦΕΒ͔Β࣮ߦ͞ΕΔAWS Lambda •

    pub/sub: DynamoDB TTL Trigger
  87. ࠶: ΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ ͷϐλΰϥεΠον • ϫʔΫϑϩʔΤϯδϯͷಋೖ • ࣮ߦεςοϓશ༰Λ೺Ѳ͠΍͘͢ • ͦΕͱߴ౓ʹ౷߹͞Εͨόον࣮ߦ؀ڥ͕͋Δͱͳ͓Α͍ •

    pub/subϞσϧͰର৅σʔλͷ૿Ճʹର͠εέʔϧͤ͞Δ • ॲཧ͢Δσʔλ୯ҐΛෳ਺ˠ1ͭ΁ • ͍ͭͰʹσʔλετΞ΁ঢ়ଶ͕ڽू͞ΕΔ
  88. ·ͱΊ

  89. ·ͱΊ • ιϑτ΢ΣΞߏஙҰൠͷݪଇ͕࢖͑Δ • άϩʔόϧͳঢ়ଶΛ࣋ͨͳ͍ɾม͑ͳ͍ɾ࣋ͪࠐ·ͤͳ͍ • ॲཧ୯ҐΛͰ͖Δ͚ͩখ͘͞ɺࣦഊΛ೺Ѳ͠΍͘͢ • ͜ΕΒΛ࣮ݱ͢ΔͨΊͷҰྫͱͯ͠ •

    ϫʔΫϑϩʔΤϯδϯ: AWS StepFunctions • pub/subΛαϙʔτ͢ΔσʔλετΞ: DynamoDB
  90. ׬