その接続先情報はどこに

Transcript

1. ͦͷ઀ଓઌ৘ใ͸Ͳ͜ʹ גࣜձࣾGunosy ඿஍྄ี

2. ͓·͑ͩΕ • @aibou (͸·͡ Γΐ͏͚͢) • ʮ͍͋΅͏͞Μͬͯຊ໊ͳΜͰ͚ͨͬ͠ʁʯ • GunosyαʔϏεͷΠϯϑϥશൠ୲౰(AWSྺ1೥ͪΐ͍) •

   Java(Spring Boot), Ruby, Chef • झຯɿεϙʔπ؍ઓ ⚾Ϟʔλʔεϙʔπ • ࡢ೔DAZNొ࿥͠·ͨ͠ɻڵຯ͋Δਓ͸࠙਌ձͰͥͻ • Ԍ্ྺ͋Γ

3. AWS Lambda ࢖͍ͬͯΔํʹ࣭໰Ͱ͢

4. ൿີͳ৘ใͲ͜ʹॻ͍ͯ·͔͢ʁ ʢDB઀ଓ৘ใ౳ʣ

5. AWSίϯιʔϧͷΤσΟλʹ ίʔυ௚ॻ͖

6. Jenkins౳ͷࣗલϏϧυαʔό ͰύϥϝʔλԽ

7. ΦϯϓϨϦϙδτϦ(GHE, svn) ͔ͩΒϋʔυίʔυ

8. GunosyͰ͸AWS KMSΛ࢖ͬͯ ઀ଓઌ৘ใΛ҉߸Խ͍ͯ͠·͢ -BNCEB࢖͏࣌͸ɺͰ͢ɻ
   ීஈ͸0QTXPSLTͷ$VTUPN+TPOʹॻ͍ͯ·͢

9. ࠓ೔͸ͦͷ͓࿩Λ͠·͢

10. ͋ͬɾɾɾ IUUQEFWDMBTTNFUIPEKQDMPVEEFDSZQUTFOTJUJWFEBUBXJUILNTPOMBNCEBJOWPDBUJPO

11. GunosyͰ͸AWS KMSΛ࢖ͬͯ ઀ଓઌ৘ใ͕ೖͬͨϑΝΠϧΛ ؙ͝ͱ҉߸Խ͍ͯ͠·͢

12. ྲྀΕతͳ JBN6QEBUF'VODUJPO$PEF
    JBN1VCMJTI7FSTJPO LNT%FDSZQU DPOOFDU JBN&ODSZQU UFTU
    
    [JQQJOH

13. ConfigϑΝΠϧͷαϯϓϧ { "DATABASES": { "master": { "HOST": "", "PORT": "",

    "NAME": "", "USER": "", "PASSWORD": "" } } } γϯϓϧʂ
    ΋ͪΖΜ%#Ҏ֎ͷઃఆ΋هࡌͯͨ͠Γ͠·͢

14. Lambda্Ͱͷσίʔυ ʢPythonʣ kms = boto3.client('kms') with open(encrypted_json_path) as f: _settings

    = json.loads( kms.decrypt(CiphertextBlob=f.read())['Plaintext'] ) DATABASES = _settings.get("DATABASES") or {} # DATABASES['master']['HOST'] # DATABASES['master']['USER'] IPHF@@JOJU@@QZ
    ʹॻ͍͓͚ͯ͹
    JNQPSU
    IPHF
    Ͱ࢖͑Δͷ΋˓

15. ࠔͬͨ͜ͱ ɾݖݶͷ෷͍ग़͠ ɾઃఆߋ৽͕ΊΜͲ͍͘͞ ɾݱঢ়Ͳ͏͍͏ઃఆʹͳͬͯΔ͔Θ͔Βͳ͍ ͜ͷล͸ɹɹɹΛ࢖͑͹ղܾͰ͖ͦ͏

16. ཪϫβ lambda functionͷ descriptionʹઃఆΛຒΊΔʂ

17. function description

18. Description͔Βऔಘ ʢPythonʣ import boto3 import json def lambda_handler(event, context): configuration

    = boto3.client('lambda').get_function_configuration( FunctionName=context.function_name ) json_conf = json.loads(configuration['Description']) return json_conf['name']

19. ࠷ޙʹ AWS Lambda Ruby Φωγϟεʂ