Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
ブログサービスのHTTPS化を支えたAWSで作るピタゴラスイッチ / The construction of large scale TLS certificates management system with AWS
Search
aereal
September 08, 2018
Programming
3
400k
ブログサービスのHTTPS化を支えたAWSで作るピタゴラスイッチ / The construction of large scale TLS certificates management system with AWS
talked at builderscon tokyo 2018
aereal
September 08, 2018
Tweet
Share
More Decks by aereal
See All by aereal
How to send distibuted traces to Datadog using build own OpenTelemetry-Lambda distribution
aereal
3
150
好きな技術《コト》で、 生きていく技術 / life with what you like
aereal
5
1.8k
qron: Cloud Native Cron Alternativeの今
aereal
2
1.7k
自動作曲入門 / introduction to programatic music composition
aereal
1
530k
はてなブログ タグとCDK / The epic of AWS CDK and Hatena Blog Tag
aereal
3
200k
はてなブログ タグの技術選択 / The technical details of Hatena Blog Tag
aereal
3
200k
AWSではてなブログの常時HTTPS配信をバーンとやる話 / The Epic of migration from HTTP to HTTPS on Hatena Blog with AWS
aereal
14
17k
ScalaとPerlでMicroservices in production / Building microservices with Perl and Scala in production
aereal
0
5.3k
Scalaで自動作曲の練習 / A study of automatic composition in Scala
aereal
1
390k
Other Decks in Programming
See All in Programming
Architectures with Lightweight Stores: New Rules and Options
manfredsteyer
PRO
0
100
Polarsの成長: v0.14からv1.0までの変遷と今後の展望
zerebom
1
350
生成AIをkintoneに連携してみた
hideg
0
230
AHC035解説
terryu16
0
710
さきがけから振り返るアーキテクチャ刷新 / Reflecting on the Architectural Renewal from the Vanguard
nrslib
2
770
CSC307 Lecture 10
javiergs
PRO
0
310
Play Billing Library 7.0.0 変更点まとめ@potatotips#88
kako351
0
160
[After Kotlin Fest 2024 LT Night @ Sansan] もっともっとKotlinを好きになる!K2 Compiler Pluginで遊んでみよう!
kitakkun
2
260
入社1ヶ月でここまでやった!Findy Toolsインフラ支援の最適化
rvirus0817
6
1.4k
はしめてのプログラミングとロボット制御
watawatavoltage
0
290
開発部に不満を持っていたCSがエンジニアにジョブチェンしてわかった「勝手に諦めない」ことの大切さ
sakuraikotone
28
16k
Android開発者のための Kotlin Multiplatform入門
ntaro
0
190
Featured
See All Featured
Designing Dashboards & Data Visualisations in Web Apps
destraynor
226
52k
Building Flexible Design Systems
yeseniaperezcruz
323
37k
GitHub's CSS Performance
jonrohan
1026
450k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
277
13k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
35
6.3k
Designing with Data
zakiwarfel
96
5k
Stop Working from a Prison Cell
hatefulcrawdad
266
20k
Navigating Team Friction
lara
181
13k
How STYLIGHT went responsive
nonsquared
93
5k
Code Review Best Practice
trishagee
58
16k
Designing for humans not robots
tammielis
247
25k
The Art of Programming - Codeland 2020
erikaheidi
48
13k
Transcript
ϒϩάαʔϏεͷ HTTPSԽΛࢧ͑ͨ AWSͰ࡞ΔϐλΰϥεΠον id:aereal
staff.hatenablog.com/entry/2018/06/13/160000 ಠࣗυϝΠϯͰӡ༻͞Ε͍ͯΔϒϩά͕ɺ HTTPSͰ৴Ͱ͖ΔΑ͏ʹͳΓ·ͨ͠
None
͢͜ͱ • ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ • എܠͱཁٻ • ࣮ͷհ • ্هࣄྫΛݩʹෳࡶͳόον =
ϐλΰϥεΠονߏஙͷ ΤοηϯεΛߟ͑ͯΈΔ
ࣗݾհ • id:aereal • GitHub: aereal • Twitter: aereal •
ϒϩά౷߹νʔϜ ΞϓϦέʔγϣϯΤϯδχΞ ςοΫϦʔυ
എܠ ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ
• ͯͳϒϩάPro (༗ྉϓϥϯ) ʹਃ͠ࠐΉͱ ಠࣗυϝΠϯͰࣗͷϒϩάΛ৴Ͱ͖Δ • ݱࡏɺສ୯ҐͷಠࣗυϝΠϯ͕ొɾར༻͞Ε͍ͯΔ • ͜ΕΒͷಠࣗυϝΠϯͰৗ࣌HTTPS৴͍ͨ͠
Let's Encrypt • ISRG = Internet Security Research Group͕ఏڙ͢Δ ϓϩάϥϚϒϧʹΞΫηεՄೳͳೝূہ
(CA) • ͜Ε·ͰTLSূ໌ॻΛൃߦ͢Δʹ ͦͦ͜͜ͷֹۚͱख͕ؒඞཁ͕ͩͬͨɺͦΕΛม͑ͨCA • LEͷొʹΑΓTLSূ໌ॻͷେྔൃߦ͕ݱ࣮తʹͳͬͨ
developer.hatenastaff.com/entry/2018/06/04/140000 ͯͳϒϩάͷHTTPSԽ࣮ࢪʹ͍, Let's EncryptͷدΛ࣮ࢪ͠·ͨ͠ - Hatena Developer Blog
• LEͷొ࿕ใ͕ͩ͜Ε͚ͩͰΓͳ͍ • ສ୯ҐͷTLSূ໌ॻΛཧ͢Δઓज़ɾઓུ͕͚͍ܽͯΔ • ৴ͱൃߦʹେ͖͚ͯ͘ΈΔ
ཁ݅ͷݕ౼: ৴ ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ
HTTPS৴: ͓͞Β͍ • ͯͳϒϩάͰສ୯ҐͷಠࣗυϝΠϯ͕ར༻͞Ε͍ͯΔ • ҰൠతͳWebαΠτӡ༻ͷײ֮ͩͱφʔόε͗͢Δ • ສ୯Ґͷূ໌ॻΛҰʹಡΈࠐΉͱ proxyͷϝϞϦ༻ྔ͕ஶ͘͠૿Ճ͢Δ •
proxyͷ࠶ىಈʹ͕͔͔࣌ؒΔ
SAN? • = Subject Alternative Names 1ͭͷূ໌ॻʹෳυϝΠϯΛඥ͚Δ֦ு • ͔݁Βݴ͏ͱͯͳϒϩάͷέʔεͰ͍͠ •
LEͰSANΛར༻͢Δ߹ɺACME challengedns-01ͷΈ ར༻Ͱ͖Δ (ݱࡏ) • DNSઃఆ֤ϢʔβʔʹҕͶΒΕΔͷͰࣗಈԽͰ͖ͳ͍
ACME? • ACME: Automated Certificate Management Environment • ূ໌ॻൃߦͳͲͷ࡞ۀΛ ࣗಈԽ͢ΔϓϩτίϧΛ·ͱΊ༷ͨ
• ACME challenge: υϝΠϯͷॴ༗ݖݶΛ֬ೝ͢Δํ๏ • Google AnalyticsͷΞϨΈ͍ͨͳͭ • LE͕ࡦఆɾ࠾༻͍ͯ͠Δ
ACME challenge? • dns-01: υϝΠϯͷTXTϨίʔυʹϫϯλΠϜτʔΫϯΛॻ ͖ࠐΉ • http-01: CAͷϦΫΤετʹର͠ॴఆͷϨεϙϯεΛฦ͢ •
ྫ: /.well-known/TOKEN • (ଞʹ͍Ζ͍Ζ)
HTTPS৴: ͓͞Β͍ (࠶) • ͯͳϒϩάͰສ୯ҐͷಠࣗυϝΠϯ͕ར༻͞Ε͍ͯΔ • ҰൠతͳWebαΠτӡ༻ͷײ֮ͩͱφʔόε͗͢Δ • ສ୯Ґͷূ໌ॻΛҰʹಡΈࠐΉͱ proxyͷϝϞϦ༻ྔ͕ஶ͘͠૿Ճ͢Δ
• proxyͷ࠶ىಈʹ͕͔͔࣌ؒΔ
HTTPS৴: ํ • ϦΫΤετຖʹূ໌ॻΛબɾಡΈࠐΉ • ϝϞϦ༻ྔͷ૿Ճ࠶ىಈ࣌ؒͷѱԽΛ͑Δ • ෳproxyʹରԠ͢ΔͨΊσʔλετΞʹূ໌ॻΛอଘ • ͔͠ϨΠςϯγΛѱԽͤͣ͞ʹ࣮ݱ͢Δ
• ϩʔΧϧΩϟογϡ
ཁ݅ͷݕ౼:ൃߦ ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ
ূ໌ॻൃߦ • Ұ؏ੑɾཏੑ͕ٻΊΒΕΔ • ൃߦʹࣦഊ͠ଓ͚Δͱϒϩά͕ӾཡͰ͖ͳ͘ͳΔ • ແޮͳυϝΠϯΛ์ஔ͍͚ͯ͠ͳ͍ • ཁٻߴ͍͕ෆ࣮֬ੑߴ͍ •
ূ໌ॻΛߋ৽͢ΔࡍɺυϝΠϯʹର͠εέʔϧ͢Δ͜ͱ
ແޮͳυϝΠϯͷআ • ແޮͳυϝΠϯ = ඞͣACME challengeʹࣦഊ͢Δ • LEʹΞΧϯτ * time
window͝ͱʹࣦഊͷ্ݶ͕͋Δ • ์ஔ͢ΔͱඞͣAPI limitʹ͋ͨͬͯ͠·͏ • ࣦഊͨ͠υϝΠϯඞͣআ
ূ໌ॻൃߦ: ෆ࣮֬ੑ • υϝΠϯͷ༗ޮੑมΘΓ͏Δ • ՝ۚऴྃ • DNSϨίʔυҟৗ • ֎෦API
= LEͱͷ౷߹ • API Limit • దͳϦτϥΠͱΤϥʔϦΧόϦ͕ඞਢ
ূ໌ॻൃߦ: εέʔϥϏϦςΟ • ରυϝΠϯͷ૿Ճʹର͠εέʔϧ͢ΔΈʹ͍ͨ͠ • SELECT * FROM custom_domain WHERE
id > ? Έ͍ͨͳΫΤϦආ͚͍ͨ • υϝΠϯ͕૿͑Δͱϖʔδϯά͕ඞཁ • ࣮ߦ్தͰࣦഊͨ͠ΒɺϦτϥΠΩϡʔʹೖΕ͢Α͏ ͳΛڽΒ͞ͳ͍ͱ͍͚ͳ͘ͳΔ
γεςϜͷཁ݅: ·ͱΊ • ϦΫΤετຖʹূ໌ॻΛऔಘɾ༻ • Ͱ͖Δ͚ͩϨΠςϯγͰ • Τϥʔੑ͕ߴ͍ • ࣦഊͨ͠ΒऔಘରͷυϝΠϯ͔Β֎͢
• ֎෦API௨৴ͷΤϥʔΛదʹॲཧͰ͖Δ • υϝΠϯͷ૿Ճʹεέʔϧ͢Δ
γεςϜͷհ ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
৴γεςϜ • ngx_mruby: ূ໌ॻಡΈࠐΈ࣌ʹmrubyͷίʔυΛ࣮ߦ • cache gatewayHTTP GET͢Δ͚ͩ • https://github.com/matsumotory/ngx_mruby
• cache gateway (Go): HTTP GET͢Δͱূ໌ॻΛฦ͢ • DynamoDB: ূ໌ॻΛอଘ͢ΔσʔλετΞ
cache gateway • AWS (DynamoDB) APIݺͼग़͠ΛHTTP APIʹม͑Δ • mrubyʹAWS SDK͕ͳ͍
• ಉډ͢ΔmemcachedʹಡΈॻ͖͠ɺ DynamoDBͷΞΫηεΛͰ͖Δ͚ͩݮΒ͢
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
৴γεςϜ • ngx_mrubyΛͬͯϦΫΤετຖʹূ໌ॻΛऔಘͰ͖ͨ • proxyʹಉډͨ͠memcachedΛ͏͜ͱͰ DynamoDBͷϦΫΤετΛݮΒ͠ϨΠςϯγΛԼ͛ͨ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
ূ໌ॻൃߦγεςϜ • cert-updater-state: AWS StepFunctions; ֤LambdaΛىಈ • Τϥʔ༰ʹԠͨ͡ϦΧόϦɾϦτϥΠ (ޙड़) •
cert-updater-function: AWS Lambda; ূ໌ॻΛൃߦɺ DynamoDBॻ͖ࠐΈ • cert-update-notifier: Lambda; ൱Λͯͳϒϩά௨
None
None
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,
"MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],
AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,
"MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],
AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,
"MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],
AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,
"MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],
ূ໌ॻൃߦγεςϜ • AWS StepFunctionsΛͬͯదͳΤϥʔॲཧΛ࣮ݱ • Ϧιʔε্ݶʹୡ͢ΔͳͲ ҟৗऴྃͨ࣌͠ଈ࠲ʹ݁ՌΛ௨ • APIݺͼग़ࣦ͠ഊͳͲϦτϥΠՄೳͳ࣌ϦτϥΠ
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
ূ໌ॻൃߦ: ߋ৽ • DynamoDBͷTTL Trigger͕Lambdaܦ༝ͰSFnΛىಈ • cert-reissue-confirmer: ͯͳϒϩάʹυϝΠϯ༗ޮੑΛ ͍߹Θͤͯɺߋ৽͢Δඞཁ͕͋Δ͔Λޙଓʹ͑Δ •
cert-cleanup-function: ແޮͳυϝΠϯΛDynamoDB͔Βফ ͢
cert-lifecycle-store (DynamoDB) Domain: ex1.example.com ExpiresAt: 2018-05-23T02:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T03:00:00
Domain: ex2.example.com ExpiresAt: 2018-05-23T04:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00
cert-lifecycle-store (DynamoDB) Domain: ex2.example.com ExpiresAt: 2018-05-23T03:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T04:00:00
Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00
cert-lifecycle-store (DynamoDB) Domain: ex2.example.com ExpiresAt: 2018-05-23T04:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00
cert-lifecycle-store (DynamoDB) Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00
cert-lifecycle-store (DynamoDB)
publish SELECT * FROM ... ࣮ߦ
Τϥʔॲཧ͕؆ܿʹ • όονॲཧͩͱ: औಘͨ͠ෳͷυϝΠϯΛϧʔϓͰॲཧ • = ॲཧ୯Ґ͕ෳυϝΠϯʹͳΔ • Ұ෦ͷυϝΠϯ͕ࣦഊͨ࣌͠ɺόονॲཧશମͷ εςʔλεͲ͏͢Δ?
ޭ? ࣦഊ? • pub/subͩͱ: Ҿͱͯͬͨ͠υϝΠϯ1ͭΛॲཧ͢Δ • = ॲཧ୯Ґ͕υϝΠϯ1ͭʹͳΔ
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state "Determine next state": { "Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢", "Type": "Choice", "Choices":
[ { "Variable": "$.UpdateRequired", "BooleanEquals": true, "Next": "Call reissue of certificate" }, { "Variable": "$.UpdateRequired", "BooleanEquals": false, "Next": "Clean up of certificate" } ] },
cert-reissue-state "Determine next state": { "Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢", "Type": "Choice", "Choices":
[ { "Variable": "$.UpdateRequired", "BooleanEquals": true, "Next": "Call reissue of certificate" }, { "Variable": "$.UpdateRequired", "BooleanEquals": false, "Next": "Clean up of certificate" } ] },
cert-reissue-state "Determine next state": { "Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢", "Type": "Choice", "Choices":
[ { "Variable": "$.UpdateRequired", "BooleanEquals": true, "Next": "Call reissue of certificate" }, { "Variable": "$.UpdateRequired", "BooleanEquals": false, "Next": "Clean up of certificate" } ] },
ূ໌ॻߋ৽γεςϜ • σʔλϑϩʔΛpub/subͰγϯϓϧʹ • ॳճൃߦߋ৽࣌DynamoDBͷI/O͚͕ͩൃੜ͢Δ • DynamoDB TTL TriggerΛ׆༻ •
ঢ়ଶ = σʔλΛதԝʹू
࠶ܝ: ৴γεςϜ • ngx_mrubyΛͬͯϦΫΤετຖʹূ໌ॻΛऔಘͰ͖ͨ • proxyʹಉډͨ͠memcachedΛ͏͜ͱͰ DynamoDBͷϦΫΤετΛݮΒ͠ϨΠςϯγΛԼ͛ͨ
࠶ܝ: ূ໌ॻൃߦγεςϜ • AWS StepFunctionsΛͬͯదͳΤϥʔॲཧΛͰ͖ͨ • Ϧιʔε্ݶʹୡ͢ΔͳͲ ҟৗऴྃͨ࣌͠ଈ࠲ʹ݁ՌΛ௨ • APIݺͼग़ࣦ͠ഊͳͲϦτϥΠՄೳͳ࣌ϦτϥΠ
ߟ ϐλΰϥεΠονͷ࡞Γํ
ڊେͳόονͷ͠͞ • ࣮ߦεςοϓશ༰ΛѲ͢Δ͜ͱͷ͠͞ • શମͰεςοϓ͕͜Ε͚ͩ͋Δ • Ͳ͜ͷεςοϓͰࣦഊͨ͠ͷ͔ • ॲཧ୯Ґ͕େ͖͘ͳΓ͕ͪ •
ඞવͱ࣮ߦ࣌ؒҾ͖͕ͪ • Ұ෦͚ࣦͩഊͨ࣌͠ɺ࣮ߦͷঢ়ଶޭ? ࣦഊ?
΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ ͷϐλΰϥεΠον • ϫʔΫϑϩʔΤϯδϯͷಋೖ • ࣮ߦεςοϓશ༰ΛѲ͘͢͠ • ͦΕͱߴʹ౷߹͞Εͨόον࣮ߦڥ͕͋Δͱͳ͓Α͍ • pub/subϞσϧͰରσʔλͷ૿Ճʹର͠εέʔϧͤ͞Δ
• ॲཧ͢Δσʔλ୯ҐΛෳˠ1ͭ • ͍ͭͰʹσʔλετΞঢ়ଶ͕ڽू͞ΕΔ
ׂ౷࣏ • খ͞ͳؔΫϥεΛ࡞ΓɺͦΕΒΛΈ߹ΘͤΔ͜ͱΛ ීஈ͔Βҙ͍ࣝͯͬͯ͠Δͣ • ʹؔΘΒͣόον͕ڊେʹͳΓ͕ͪͳͷͳͥͳͷ͔? • ύϑΥʔϚϯε • ߹Մೳ
(composable) Ͱͳ͍
ׂ౷࣏ • খ͞ͳؔΫϥεΛ࡞ΓɺͦΕΒΛΈ߹ΘͤΔ͜ͱΛ ීஈ͔Βҙ͍ࣝͯͬͯ͠Δͣ • ʹؔΘΒͣόον͕ڊେʹͳΓ͕ͪͳͷͳͥͳͷ͔? • ύϑΥʔϚϯε • ߹Մೳ
(composable) Ͱͳ͍
߹ՄೳΛࢧ͑Δٕज़ • 2ͭͷεςοϓͷྻ࣮ߦΛೋ߲ԋࢉͱΈͳͯ͠ΈΔ • operand: ൣғ͕খ͍͜͞ͱ • operator: ༷ʑͳ๏ଇΛຬͨ͢͜ͱ •
݁߹ଇɺଇ
ہॴঢ়ଶΛ࣋ͨͳ͍ • ঢ়ଶ = มߋՄೳͳσʔλ • άϩʔόϧʹͨͩ1ͭͷঢ়ଶΛ࣋ͭ͜ͱ͕େࣄ • Ճ͑ͯঢ়ଶΛมߋ͢Δཁૉ͕୯ҰͰ͋Δ͜ͱ
άϩʔόϧม? • άϩʔόϧมѱͱ͍͏ߟ͑ํͱ͠ͳ͍͔? → ͠ͳ͍ • ঢ়ଶΛมߋ͢Δཁૉ͕୯ҰͳΒɺ ֤࣮ߦεςοϓঢ়ଶΛड͚औͬͯ৽ͨͳσʔλΛฦ͢ ؔͱΈͳͤΔ
// ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "domain": "www.example.com", "endpoint": "https://...." } // ͋Δόονͷೖྗ
{ "domain": "www.example.com" }
// ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "domain": "www.example.com", "endpoint": "https://...." } // ͋Δόονͷೖྗ
{ "domain": "www.example.com" } άϩʔόϧঢ়ଶΛҾม͢Δ (όον͔ΒͷมߋෆՄ)
// ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "updateRequired": true, "domain": "www.example.com", "endpoint": "https://...." }
// ͋Δόονͷग़ྗ { "updateRequired": true }
// ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "updateRequired": true, "domain": "www.example.com", "endpoint": "https://...." }
// ͋Δόονͷग़ྗ { "updateRequired": true } όονͷग़ྗΛάϩʔόϧͳঢ়ଶม (વɺग़ྗޙ͔ΒมߋෆՄ)
όονॲཧͷ߹ • operand: ֤εςοϓ • operator: ϫʔΫϑϩʔΤϯδϯ
όονॲཧͷ߹ • operand: ֤εςοϓ; AWS Lambda • operator: ϫʔΫϑϩʔΤϯδϯ; AWS
StepFunctions
΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ͷ ϐλΰϥεΠον@ͯͳϒϩά • ϫʔΫϑϩʔΤϯδϯ: AWS StepFunctions • ……ͱͦΕΒ͔Β࣮ߦ͞ΕΔAWS Lambda •
pub/sub: DynamoDB TTL Trigger
࠶: ΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ ͷϐλΰϥεΠον • ϫʔΫϑϩʔΤϯδϯͷಋೖ • ࣮ߦεςοϓશ༰ΛѲ͘͢͠ • ͦΕͱߴʹ౷߹͞Εͨόον࣮ߦڥ͕͋Δͱͳ͓Α͍ •
pub/subϞσϧͰରσʔλͷ૿Ճʹର͠εέʔϧͤ͞Δ • ॲཧ͢Δσʔλ୯ҐΛෳˠ1ͭ • ͍ͭͰʹσʔλετΞঢ়ଶ͕ڽू͞ΕΔ
·ͱΊ
·ͱΊ • ιϑτΣΞߏஙҰൠͷݪଇ͕͑Δ • άϩʔόϧͳঢ়ଶΛ࣋ͨͳ͍ɾม͑ͳ͍ɾ࣋ͪࠐ·ͤͳ͍ • ॲཧ୯ҐΛͰ͖Δ͚ͩখ͘͞ɺࣦഊΛѲ͘͢͠ • ͜ΕΒΛ࣮ݱ͢ΔͨΊͷҰྫͱͯ͠ •
ϫʔΫϑϩʔΤϯδϯ: AWS StepFunctions • pub/subΛαϙʔτ͢ΔσʔλετΞ: DynamoDB