Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ブログサービスのHTTPS化を支えたAWSで作るピタゴラスイッチ / The construction of large scale TLS certificates management system with AWS

aereal
September 08, 2018
Programming
3
390k

ブログサービスのHTTPS化を支えたAWSで作るピタゴラスイッチ / The construction of large scale TLS certificates management system with AWS

talked at builderscon tokyo 2018

aereal

September 08, 2018
Tweet

More Decks by aereal

See All by aereal
好きな技術《コト》で、
生きていく技術 / life with what you like
aereal
5
1.5k
qron: Cloud Native Cron Alternativeの今
aereal
2
1.5k
自動作曲入門 / introduction to programatic music composition
aereal
1
530k
はてなブログ タグとCDK / The epic of AWS CDK and Hatena Blog Tag
aereal
3
200k
はてなブログ タグの技術選択 / The technical details of Hatena Blog Tag
aereal
3
190k
AWSではてなブログの常時HTTPS配信をバーンとやる話 / The Epic of migration from HTTP to HTTPS on Hatena Blog with AWS
aereal
14
17k
ScalaとPerlでMicroservices in production / Building microservices with Perl and Scala in production
aereal
0
5.2k
Scalaで自動作曲の練習 / A study of automatic composition in Scala
aereal
1
390k
Goで実装する軽量マークアップ言語パーサー / Gohn: parser written in Go
aereal
3
3.5k

Other Decks in Programming

See All in Programming
単体テストを書かない技術 #phpcon_odawara
o0h
PRO
25
7.8k
FigmaとPHPで作る1ミリたりとも表示崩れしない最強の帳票印刷ソリューション
ttskch
39
18k
Semantic search with Django and pgvector
pauloxnet
0
240
プールにゆこう
irof
2
120
Blue/Greenデプロイの導入による 運用フローの改善
kudoas
1
350
受託開発でGitLab CI を活用していく
xiombatsg
1
270
元気予報
suu_mire0726
0
860
Folding Cheat Sheet #1
philipschwarz
PRO
0
210
코틀린으로 멀티플랫폼 만들기
pangmoo
0
120
1BRC--Nerd Sniping the Java Community
gunnarmorling
0
300
"config" ってなんだ? / What is "config"?
okashoi
0
220
本格ローグライク制作にEbitengineを選んでみた
nagainaganawa
0
290

Featured

See All Featured
Automating Front-end Workflow
addyosmani
1355
200k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
186
16k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
15
1.4k
What’s in a name? Adding method to the madness
productmarketing
PRO
15
2.6k
Unsuck your backbone
ammeep
662
57k
WebSockets: Embracing the real-time Web
robhawkes
59
7k
GitHub's CSS Performance
jonrohan
1023
450k
Adopting Sorbet at Scale
ufuk
67
8.6k
Bootstrapping a Software Product
garrettdimon
PRO
301
110k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
1
3.4k
Web development in the modern age
philhawksworth
202
10k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
5
1.5k

Transcript

  1. ϒϩάαʔϏεͷ
 HTTPSԽΛࢧ͑ͨ
 AWSͰ࡞ΔϐλΰϥεΠον id:aereal

  2. staff.hatenablog.com/entry/2018/06/13/160000 ಠࣗυϝΠϯͰӡ༻͞Ε͍ͯΔϒϩά͕ɺ HTTPSͰ഑৴Ͱ͖ΔΑ͏ʹͳΓ·ͨ͠

  3. None

  4. ࿩͢͜ͱ • ͸ͯͳϒϩάͷৗ࣌HTTPS഑৴ͷղઆ • എܠͱཁٻ • ࣮૷ͷ঺հ • ্هࣄྫΛݩʹෳࡶͳόον =

    ϐλΰϥεΠονߏஙͷ
 ΤοηϯεΛߟ͑ͯΈΔ

  5. ࣗݾ঺հ • id:aereal • GitHub: aereal • Twitter: aereal •

    ϒϩά౷߹νʔϜ
 ΞϓϦέʔγϣϯΤϯδχΞ
 ςοΫϦʔυ

  6. എܠ ͸ͯͳϒϩάͷৗ࣌HTTPS഑৴ͷղઆ

  7. • ͸ͯͳϒϩάPro (༗ྉϓϥϯ) ʹਃ͠ࠐΉͱ
 ಠࣗυϝΠϯͰࣗ෼ͷϒϩάΛ഑৴Ͱ͖Δ • ݱࡏɺສ୯ҐͷಠࣗυϝΠϯ͕ొ࿥ɾར༻͞Ε͍ͯΔ • ͜ΕΒͷಠࣗυϝΠϯͰ΋ৗ࣌HTTPS഑৴͍ͨ͠

  8. Let's Encrypt • ISRG = Internet Security Research Group͕ఏڙ͢Δ
 ϓϩάϥϚϒϧʹΞΫηεՄೳͳೝূہ

    (CA) • ͜Ε·ͰTLSূ໌ॻΛൃߦ͢Δʹ͸
 ͦͦ͜͜ͷֹۚͱख͕ؒඞཁ͕ͩͬͨɺͦΕΛม͑ͨCA • LEͷొ৔ʹΑΓTLSূ໌ॻͷେྔൃߦ͕ݱ࣮తʹͳͬͨ

  9. developer.hatenastaff.com/entry/2018/06/04/140000 ͸ͯͳϒϩάͷHTTPSԽ࣮ࢪʹ൐͍, Let's Encrypt΁ͷد෇Λ࣮ࢪ͠·ͨ͠
 - Hatena Developer Blog

  10. • LEͷొ৔͸࿕ใ͕ͩ͜Ε͚ͩͰ͸଍Γͳ͍ • ສ୯ҐͷTLSূ໌ॻΛ؅ཧ͢Δઓज़ɾઓུ͕͚͍ܽͯΔ • ഑৴ͱൃߦʹେ͖͘෼͚ͯΈΔ

  11. ཁ݅ͷݕ౼: ഑৴ ͸ͯͳϒϩάͷৗ࣌HTTPS഑৴ͷղઆ

  12. HTTPS഑৴: ͓͞Β͍ • ͸ͯͳϒϩάͰ͸ສ୯ҐͷಠࣗυϝΠϯ͕ར༻͞Ε͍ͯΔ • ҰൠతͳWebαΠτӡ༻ͷײ֮ͩͱφʔόε͗͢Δ • ສ୯Ґͷূ໌ॻΛҰ౓ʹಡΈࠐΉͱ
 proxyͷϝϞϦ࢖༻ྔ͕ஶ͘͠૿Ճ͢Δ •

    proxyͷ࠶ىಈʹ΋͕͔͔࣌ؒΔ

  13. SAN? • = Subject Alternative Names
 1ͭͷূ໌ॻʹෳ਺υϝΠϯΛඥ෇͚Δ֦ு • ݁࿦͔Βݴ͏ͱ͸ͯͳϒϩάͷέʔεͰ͸೉͍͠ •

    LEͰSANΛར༻͢Δ৔߹ɺACME challenge͸dns-01ͷΈ ར༻Ͱ͖Δ (ݱࡏ) • DNSઃఆ͸֤ϢʔβʔʹҕͶΒΕΔͷͰࣗಈԽͰ͖ͳ͍

  14. ACME? • ACME: Automated Certificate Management Environment • ূ໌ॻൃߦͳͲͷ࡞ۀΛ
 ࣗಈԽ͢ΔϓϩτίϧΛ·ͱΊͨ࢓༷

    • ACME challenge: υϝΠϯͷॴ༗ݖݶΛ֬ೝ͢Δํ๏ • Google AnalyticsͷΞϨΈ͍ͨͳ΍ͭ • LE͕ࡦఆɾ࠾༻͍ͯ͠Δ

  15. ACME challenge? • dns-01: υϝΠϯͷTXTϨίʔυʹϫϯλΠϜτʔΫϯΛॻ ͖ࠐΉ • http-01: CAͷϦΫΤετʹର͠ॴఆͷϨεϙϯεΛฦ͢ •

    ྫ: /.well-known/TOKEN • (ଞʹ΋͍Ζ͍Ζ)

  16. HTTPS഑৴: ͓͞Β͍ (࠶) • ͸ͯͳϒϩάͰ͸ສ୯ҐͷಠࣗυϝΠϯ͕ར༻͞Ε͍ͯΔ • ҰൠతͳWebαΠτӡ༻ͷײ֮ͩͱφʔόε͗͢Δ • ສ୯Ґͷূ໌ॻΛҰ౓ʹಡΈࠐΉͱ
 proxyͷϝϞϦ࢖༻ྔ͕ஶ͘͠૿Ճ͢Δ

    • proxyͷ࠶ىಈʹ΋͕͔͔࣌ؒΔ

  17. HTTPS഑৴: ํ਑ • ϦΫΤετຖʹ౎౓ূ໌ॻΛબ୒ɾಡΈࠐΉ • ϝϞϦ࢖༻ྔͷ૿Ճ΍࠶ىಈ࣌ؒͷѱԽΛ཈͑Δ • ෳ਺୆proxyʹରԠ͢ΔͨΊσʔλετΞʹূ໌ॻΛอଘ • ͔͠΋ϨΠςϯγΛѱԽͤͣ͞ʹ࣮ݱ͢Δ

    • ϩʔΧϧΩϟογϡ

  18. ཁ݅ͷݕ౼:ൃߦ ͸ͯͳϒϩάͷৗ࣌HTTPS഑৴ͷղઆ

  19. ূ໌ॻൃߦ • Ұ؏ੑɾ໢ཏੑ͕ٻΊΒΕΔ • ൃߦʹࣦഊ͠ଓ͚Δͱϒϩά͕ӾཡͰ͖ͳ͘ͳΔ • ແޮͳυϝΠϯΛ์ஔͯ͠΋͍͚ͳ͍ • ཁٻ͸ߴ͍͕ෆ࣮֬ੑ͸ߴ͍ •

    ূ໌ॻΛߋ৽͢ΔࡍɺυϝΠϯ਺ʹର͠εέʔϧ͢Δ͜ͱ

  20. ແޮͳυϝΠϯͷ࡟আ • ແޮͳυϝΠϯ = ඞͣACME challengeʹࣦഊ͢Δ • LEʹ͸ΞΧ΢ϯτ * time

    window͝ͱʹࣦഊͷ্ݶ͕͋Δ • ์ஔ͢ΔͱඞͣAPI limitʹ͋ͨͬͯ͠·͏ • ࣦഊͨ͠υϝΠϯ͸ඞͣ࡟আ

  21. ূ໌ॻൃߦ: ෆ࣮֬ੑ • υϝΠϯͷ༗ޮੑ͸มΘΓ͏Δ • ՝ۚऴྃ • DNSϨίʔυҟৗ • ֎෦API

    = LEͱͷ౷߹ • API Limit • ద੾ͳϦτϥΠͱΤϥʔϦΧόϦ͕ඞਢ

  22. ূ໌ॻൃߦ: εέʔϥϏϦςΟ • ର৅υϝΠϯ਺ͷ૿Ճʹର͠εέʔϧ͢Δ࢓૊Έʹ͍ͨ͠ • SELECT * FROM custom_domain WHERE

    id > ?
 Έ͍ͨͳΫΤϦ͸ආ͚͍ͨ • υϝΠϯ਺͕૿͑Δͱϖʔδϯά͕ඞཁ • ࣮ߦ్தͰࣦഊͨ͠ΒɺϦτϥΠΩϡʔʹೖΕ௚͢Α͏ ͳ޻෉ΛڽΒ͞ͳ͍ͱ͍͚ͳ͘ͳΔ

  23. γεςϜͷཁ݅: ·ͱΊ • ϦΫΤετຖʹূ໌ॻΛऔಘɾ࢖༻ • Ͱ͖Δ͚ͩ௿ϨΠςϯγͰ • Τϥʔ଱ੑ͕ߴ͍ • ࣦഊͨ͠Βऔಘର৅ͷυϝΠϯ͔Β֎͢

    • ֎෦API௨৴ͷΤϥʔΛద੾ʹॲཧͰ͖Δ • υϝΠϯ਺ͷ૿Ճʹεέʔϧ͢Δ

  24. γεςϜͷ঺հ ͸ͯͳϒϩάͷৗ࣌HTTPS഑৴ͷղઆ

  25. cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set

    Get ഑৴

  26. ഑৴γεςϜ • ngx_mruby: ূ໌ॻಡΈࠐΈ࣌ʹmrubyͷίʔυΛ࣮ߦ • cache gateway΁HTTP GET͢Δ͚ͩ • https://github.com/matsumotory/ngx_mruby

    • cache gateway (Go): HTTP GET͢Δͱূ໌ॻΛฦ͢ • DynamoDB: ূ໌ॻΛอଘ͢ΔσʔλετΞ

  27. cache gateway • AWS (DynamoDB) APIݺͼग़͠ΛHTTP APIʹม͑Δ • mrubyʹ͸AWS SDK͕ͳ͍

    • ಉډ͢Δmemcachedʹ΋ಡΈॻ͖͠ɺ
 DynamoDB΁ͷΞΫηεΛͰ͖Δ͚ͩݮΒ͢

  28. cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set

    Get ഑৴

  29. cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set

    Get ഑৴

  30. cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set

    Get ഑৴

  31. cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set

    Get ഑৴

  32. cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set

    Get ഑৴

  33. ഑৴γεςϜ • ngx_mrubyΛ࢖ͬͯϦΫΤετຖʹূ໌ॻΛऔಘͰ͖ͨ • proxyʹಉډͨ͠memcachedΛ࢖͏͜ͱͰ
 DynamoDB΁ͷϦΫΤετΛݮΒ͠ϨΠςϯγΛԼ͛ͨ

  34. cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP

    ࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ

  35. ূ໌ॻൃߦγεςϜ • cert-updater-state: AWS StepFunctions; ֤LambdaΛىಈ • Τϥʔ಺༰ʹԠͨ͡ϦΧόϦɾϦτϥΠ (ޙड़) •

    cert-updater-function: AWS Lambda; ূ໌ॻΛൃߦɺ DynamoDB΁ॻ͖ࠐΈ • cert-update-notifier: Lambda; ੒൱Λ͸ͯͳϒϩά΁௨஌
  36. None
  37. None

  38. cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP

    ࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ

  39. cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP

    ࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ

  40. cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP

    ࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ

  41. cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP

    ࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ

  42. cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP

    ࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ

  43. cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP

    ࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ

  44. AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,

    "MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],

  45. AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,

    "MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],

  46. AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,

    "MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],

  47. AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,

    "MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],

  48. ূ໌ॻൃߦγεςϜ • AWS StepFunctionsΛ࢖ͬͯద੾ͳΤϥʔॲཧΛ࣮ݱ • Ϧιʔε্ݶʹୡ͢ΔͳͲ
 ҟৗऴྃͨ࣌͠͸ଈ࠲ʹ݁ՌΛ௨஌ • APIݺͼग़ࣦ͠ഊͳͲϦτϥΠՄೳͳ࣌͸ϦτϥΠ

  49. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)

  50. ূ໌ॻൃߦ: ߋ৽ • DynamoDBͷTTL Trigger͕Lambdaܦ༝ͰSFnΛىಈ • cert-reissue-confirmer: ͸ͯͳϒϩάʹυϝΠϯ༗ޮੑΛ໰ ͍߹Θͤͯɺߋ৽͢Δඞཁ͕͋Δ͔Λޙଓʹ఻͑Δ •

    cert-cleanup-function: ແޮͳυϝΠϯΛDynamoDB͔Βফ ͢

  51. cert-lifecycle-store
 (DynamoDB) Domain: ex1.example.com ExpiresAt: 2018-05-23T02:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T03:00:00

    Domain: ex2.example.com ExpiresAt: 2018-05-23T04:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00

  52. cert-lifecycle-store
 (DynamoDB) Domain: ex2.example.com ExpiresAt: 2018-05-23T03:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T04:00:00

    Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00

  53. cert-lifecycle-store
 (DynamoDB) Domain: ex2.example.com ExpiresAt: 2018-05-23T04:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00

  54. cert-lifecycle-store
 (DynamoDB) Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00

  55. cert-lifecycle-store
 (DynamoDB)

  56. publish SELECT * FROM ... ࣮ߦ

  57. Τϥʔॲཧ͕؆ܿʹ • όονॲཧͩͱ: औಘͨ͠ෳ਺ͷυϝΠϯΛϧʔϓͰॲཧ • = ॲཧ୯Ґ͕ෳ਺υϝΠϯʹͳΔ • Ұ෦ͷυϝΠϯ͕ࣦഊͨ࣌͠ɺόονॲཧશମͷ
 εςʔλε͸Ͳ͏͢Δ?

    ੒ޭ? ࣦഊ? • pub/subͩͱ: Ҿ਺ͱͯ͠౉ͬͨυϝΠϯ1ͭΛॲཧ͢Δ • = ॲཧ୯Ґ͕υϝΠϯ1ͭʹͳΔ

  58. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)

  59. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)

  60. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)

  61. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)

  62. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)

  63. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)

  64. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)

  65. cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ

    ࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ
 (ߋ৽)

  66. cert-reissue-state "Determine next state": { "Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢", "Type": "Choice", "Choices":

    [ { "Variable": "$.UpdateRequired", "BooleanEquals": true, "Next": "Call reissue of certificate" }, { "Variable": "$.UpdateRequired", "BooleanEquals": false, "Next": "Clean up of certificate" } ] },

  67. cert-reissue-state "Determine next state": { "Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢", "Type": "Choice", "Choices":

    [ { "Variable": "$.UpdateRequired", "BooleanEquals": true, "Next": "Call reissue of certificate" }, { "Variable": "$.UpdateRequired", "BooleanEquals": false, "Next": "Clean up of certificate" } ] },

  68. cert-reissue-state "Determine next state": { "Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢", "Type": "Choice", "Choices":

    [ { "Variable": "$.UpdateRequired", "BooleanEquals": true, "Next": "Call reissue of certificate" }, { "Variable": "$.UpdateRequired", "BooleanEquals": false, "Next": "Clean up of certificate" } ] },

  69. ূ໌ॻߋ৽γεςϜ • σʔλϑϩʔΛpub/subͰγϯϓϧʹ • ॳճൃߦ΋ߋ৽࣌΋DynamoDBͷI/O͚͕ͩൃੜ͢Δ • DynamoDB TTL TriggerΛ׆༻ •

    ঢ়ଶ = σʔλΛதԝʹू໿

  70. ࠶ܝ: ഑৴γεςϜ • ngx_mrubyΛ࢖ͬͯϦΫΤετຖʹূ໌ॻΛऔಘͰ͖ͨ • proxyʹಉډͨ͠memcachedΛ࢖͏͜ͱͰ
 DynamoDB΁ͷϦΫΤετΛݮΒ͠ϨΠςϯγΛԼ͛ͨ

  71. ࠶ܝ: ূ໌ॻൃߦγεςϜ • AWS StepFunctionsΛ࢖ͬͯద੾ͳΤϥʔॲཧΛͰ͖ͨ • Ϧιʔε্ݶʹୡ͢ΔͳͲ
 ҟৗऴྃͨ࣌͠͸ଈ࠲ʹ݁ՌΛ௨஌ • APIݺͼग़ࣦ͠ഊͳͲϦτϥΠՄೳͳ࣌͸ϦτϥΠ

  72. ߟ࡯ ϐλΰϥεΠονͷ࡞Γํ

  73. ڊେͳόονͷ೉͠͞ • ࣮ߦεςοϓશ༰Λ೺Ѳ͢Δ͜ͱͷ೉͠͞ • શମͰεςοϓ͕͜Ε͚ͩ͋Δ • Ͳ͜ͷεςοϓͰࣦഊͨ͠ͷ͔ • ॲཧ୯Ґ͕େ͖͘ͳΓ͕ͪ •

    ඞવͱ࣮ߦ࣌ؒ΋௕Ҿ͖͕ͪ • Ұ෦͚ࣦͩഊͨ࣌͠ɺ࣮ߦͷঢ়ଶ͸੒ޭ? ࣦഊ?

  74. ΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ ͷϐλΰϥεΠον • ϫʔΫϑϩʔΤϯδϯͷಋೖ • ࣮ߦεςοϓશ༰Λ೺Ѳ͠΍͘͢ • ͦΕͱߴ౓ʹ౷߹͞Εͨόον࣮ߦ؀ڥ͕͋Δͱͳ͓Α͍ • pub/subϞσϧͰର৅σʔλͷ૿Ճʹର͠εέʔϧͤ͞Δ

    • ॲཧ͢Δσʔλ୯ҐΛෳ਺ˠ1ͭ΁ • ͍ͭͰʹσʔλετΞ΁ঢ়ଶ͕ڽू͞ΕΔ

  75. ෼ׂ౷࣏ • খ͞ͳؔ਺΍ΫϥεΛ࡞ΓɺͦΕΒΛ૊Έ߹ΘͤΔ͜ͱΛ ීஈ͔Βҙࣝͯ͠΍͍ͬͯΔ͸ͣ • ʹ΋ؔΘΒͣόον͕ڊେʹͳΓ͕ͪͳͷ͸ͳͥͳͷ͔? • ύϑΥʔϚϯε • ߹੒Մೳ

    (composable) Ͱ͸ͳ͍

  76. ෼ׂ౷࣏ • খ͞ͳؔ਺΍ΫϥεΛ࡞ΓɺͦΕΒΛ૊Έ߹ΘͤΔ͜ͱΛ ීஈ͔Βҙࣝͯ͠΍͍ͬͯΔ͸ͣ • ʹ΋ؔΘΒͣόον͕ڊେʹͳΓ͕ͪͳͷ͸ͳͥͳͷ͔? • ύϑΥʔϚϯε • ߹੒Մೳ

    (composable) Ͱ͸ͳ͍

  77. ߹੒ՄೳΛࢧ͑Δٕज़ • 2ͭͷεςοϓͷ௚ྻ࣮ߦΛೋ߲ԋࢉͱΈͳͯ͠ΈΔ • operand: ੹೚ൣғ͕খ͍͜͞ͱ • operator: ༷ʑͳ๏ଇΛຬͨ͢͜ͱ •

    ݁߹ଇɺ෼഑ଇ

  78. ہॴঢ়ଶΛ࣋ͨͳ͍ • ঢ়ଶ = มߋՄೳͳσʔλ • άϩʔόϧʹͨͩ1ͭͷঢ়ଶΛ࣋ͭ͜ͱ͕େࣄ • Ճ͑ͯঢ়ଶΛมߋ͢Δཁૉ͕୯ҰͰ͋Δ͜ͱ

  79. άϩʔόϧม਺? • άϩʔόϧม਺͸ѱͱ͍͏ߟ͑ํͱ൓͠ͳ͍͔?
 → ͠ͳ͍ • ঢ়ଶΛมߋ͢Δཁૉ͕୯ҰͳΒɺ
 ֤࣮ߦεςοϓ͸ঢ়ଶΛड͚औͬͯ৽ͨͳσʔλΛฦ͢
 ؔ਺ͱΈͳͤΔ

  80. // ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "domain": "www.example.com", "endpoint": "https://...." } // ͋Δόονͷೖྗ

    { "domain": "www.example.com" }

  81. // ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "domain": "www.example.com", "endpoint": "https://...." } // ͋Δόονͷೖྗ

    { "domain": "www.example.com" } άϩʔόϧঢ়ଶΛҾ਺΁ม׵͢Δ
 (όον͔Βͷมߋ͸ෆՄ)

  82. // ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "updateRequired": true, "domain": "www.example.com", "endpoint": "https://...." }

    // ͋Δόονͷग़ྗ { "updateRequired": true }

  83. // ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "updateRequired": true, "domain": "www.example.com", "endpoint": "https://...." }

    // ͋Δόονͷग़ྗ { "updateRequired": true } όονͷग़ྗΛάϩʔόϧͳঢ়ଶ΁ม׵
 (౰વɺग़ྗ͸ޙ͔ΒมߋෆՄ)

  84. όονॲཧͷ߹੒ • operand: ֤εςοϓ • operator: ϫʔΫϑϩʔΤϯδϯ

  85. όονॲཧͷ߹੒ • operand: ֤εςοϓ; AWS Lambda • operator: ϫʔΫϑϩʔΤϯδϯ; AWS

    StepFunctions

  86. ΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ͷ ϐλΰϥεΠον@͸ͯͳϒϩά • ϫʔΫϑϩʔΤϯδϯ: AWS StepFunctions • ……ͱͦΕΒ͔Β࣮ߦ͞ΕΔAWS Lambda •

    pub/sub: DynamoDB TTL Trigger

  87. ࠶: ΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ ͷϐλΰϥεΠον • ϫʔΫϑϩʔΤϯδϯͷಋೖ • ࣮ߦεςοϓશ༰Λ೺Ѳ͠΍͘͢ • ͦΕͱߴ౓ʹ౷߹͞Εͨόον࣮ߦ؀ڥ͕͋Δͱͳ͓Α͍ •

    pub/subϞσϧͰର৅σʔλͷ૿Ճʹର͠εέʔϧͤ͞Δ • ॲཧ͢Δσʔλ୯ҐΛෳ਺ˠ1ͭ΁ • ͍ͭͰʹσʔλετΞ΁ঢ়ଶ͕ڽू͞ΕΔ

  88. ·ͱΊ

  89. ·ͱΊ • ιϑτ΢ΣΞߏஙҰൠͷݪଇ͕࢖͑Δ • άϩʔόϧͳঢ়ଶΛ࣋ͨͳ͍ɾม͑ͳ͍ɾ࣋ͪࠐ·ͤͳ͍ • ॲཧ୯ҐΛͰ͖Δ͚ͩখ͘͞ɺࣦഊΛ೺Ѳ͠΍͘͢ • ͜ΕΒΛ࣮ݱ͢ΔͨΊͷҰྫͱͯ͠ •

    ϫʔΫϑϩʔΤϯδϯ: AWS StepFunctions • pub/subΛαϙʔτ͢ΔσʔλετΞ: DynamoDB

  90. ׬