いまさら聞けないAWS

Transcript

1. By maki tokumura ͍·͞Βฉ͚ͳ͍AWS

2. ಙଜ ਅथ ͱ͘ΉΒ · ͖ ICTιϦϡʔγϣϯ Ϋϥ΢υετϥΫνϟʔνʔϜ ˌtimes_tokumura AWS৮Γ͸͡Ίͯ8ϲ݄໨

3. ࠓ೔ͷ໨త AWSͷ༻ޠʢαʔϏεʣ Λͬ͘͟Γ஌Ζ͏ʂ

4. ࠓ೔ͷ࿩͸ ͋͘·ͰAWS΁ͷಋೖ ͨͩ͘͠ɺৄ͘͠ɺ஌Γ͍ͨ࣌͸ͪ͜Β AWSαʔϏεผࢿྉ https://aws.amazon.com/jp/aws-jp-introduction/aws-jp-webinar-service-cut/

5. αʔϏεج൫ɺ ωοτϫʔΫ·ΘΓ

6. Regions AWSͷ஍Ҭͷ۠੾Γ 20Ҏ্ͷ஍Ҭʹ෼͔Ε͍ͯΔ ೔ຊʹ͸̎ͭ͋Δ Ϧʔδϣϯίʔυ ໊લ BQOPSUIFBTU ΞδΞύγϑΟοΫ
   ౦ژ BQOPSUIFBTU

   ΞδΞύγϑΟοΫ
   େࡕ

7. Ϧʔδϣϯ͸׬શʹ෼཭͞Ε͍ͯͯ ͦΕͧΕಠཱ͍ͯ͠Δ us-east-2 ถࠃ౦෦ (ΦϋΠΦ) ap-northeast-1 ΞδΞύγϑΟοΫ (౦ژ) eu-west-3 Ԥभ

   (ύϦ)

8. Ͳ͔͜ͷϦʔδϣϯͰো֐͕ىͬͯ͜΋େৎ෉ →ϚϧνϦʔδϣϯରԠ us-east-2 ถࠃ౦෦ (ΦϋΠΦ) ap-northeast-1 ΞδΞύγϑΟοΫ (౦ژ) eu-west-3 Ԥभ

   (ύϦ) ো֐ൃੜ ❌
   ͭͳ͕Βͳ͍ ✅
   େৎ෉Ͱ͢ʂ ✅
   େৎ෉Ͱ͢ʂ

9. AZ(Availability Zone) ̍Ϧʔδϣϯͷ಺Ͱͷ͞Βʹখ͞ͳ۠੾Γ ̍AZ͸̍ͭҎ্ͷσʔληϯλʔͰߏங ౦ژϦʔδϣϯ͸3ͭͷAZ͕͋Δ ɾap-northeast-1-a ɾap-northeast-1-c ɾap-northeast-1-d

10. AZ΋׬શʹ෼཭͞Ε͍ͯͯ Ϧʔδϣϯ಺ͰͦΕͧΕ͕ಠཱ͍ͯ͠Δ ap-northeast-1 ΞδΞύγϑΟοΫ (౦ژ) ap-northeast-1-a ap-northeast-1-c ap-northeast-1-d Region

11. Ͳ͔͜ͷAZͰো֐͕ىͬͯ͜΋େৎ෉ →ϚϧνAZରԠ ap-northeast-1 ΞδΞύγϑΟοΫ (౦ژ) ap-northeast-1-a ap-northeast-1-c ap-northeast-1-d Region ো֐ൃੜ

    ❌
    ͭͳ͕Βͳ͍ ✅
    େৎ෉Ͱ͢ʂ ✅
    େৎ෉Ͱ͢ʂ

12. Ͳ͔͜Ͱো֐͕ىͬͨ͜ͱͯ͠΋ γεςϜ͕μ΢ϯ͠ͳ͍ՄೳੑΛ ߴΊΔʢ୯Ұো֐఺Λͳ͘͢ʣ →ߴՄ༻ੑΛ࣮ݱ͢Δ

13. VPC (Virtual Private Cloud) AWS্ʹ࡞੒Ͱ͖Δ ϓϥΠϕʔτԾ૝ωοτϫʔΫۭؒ ಛఆͷωοτϫʔΫͷശͷΑ͏ͳ΋ͷ ͜ͷശͷதʹEC2΍DB΍ECS͕ ஔ͍ͯ͋ΔΠϝʔδ

14. ηΩϡϦςΟ

15. IAM (Identity and Access Management) AWSͷαʔϏεͰʮೝূʯͱʮೝՄʯͷ ઃఆΛߦ͏͜ͱ͕Ͱ͖ΔαʔϏε ΞΧ΢ϯτ΍ͦͷݖݶ؅ཧ͍ͯ͠Δ ೝূ ɿ

    ૬ख͕୭ʢԿʣͳͷ͔֬ೝ͢Δ͜ͱ ೝՄ ɿϦιʔε΁ͷΞΫηεݖݶΛ༩͑Δ͜ͱ

16. IAMϢʔβʔ ਓʢϢʔβʔʣʹ༩͑ΒΕΔID Ϣʔβʔ໊ͱύεϫʔυ͕෇༩͞Εɺ AWSΞΧ΢ϯτʹϩάΠϯ͢Δࡍʹ ඞཁͱͳΔ ̍ͭͷAWSΞΧ΢ϯτͷதʹෳ਺ͷϢʔ βʔΛ࡞Δ͜ͱ͕Ͱ͖Δ

17. ↓͜Ε

18. IAMϙϦγʔ ʮAWSͷԿʹରͯ͠ʯ ʮͲͷΑ͏ͳૢ࡞Λʯ ʮͰ͖ΔʢͰ͖ͳ͍ʣʯ ͱ͍͏ݖݶΛఆΊͨ΋ͷ IAMϢʔβʔɾIAMϩʔϧʢޙड़ʣʹ ඥ͚ͮͯ࢖͏

19. S3ReadOnlyʢݟΔ͚ͩʣΛڐՄ͢ΔϙϦγʔ

20. S3ʹϑϧΞΫηεΛڐՄ͢ΔϙϦγʔ

21. IAMϩʔϧ ໾ׂΛఆ͍ٛͯ͠Δ΋ͷ IAMϙϦγʔΛଋͶͯɺ֓೦తͳ໊લΛ ෇͚Δ͜ͱ͕Ͱ͖Δ IAMϢʔβʔͱࣅͯΔ͕ɺ IAMϩʔϧ͸࢖༻͢Δଆ͕ਓʹݶΒͳ͍

22. ʮITEM-APIʯ ϩʔϧΛ࡞੒͠ ʮAmazonS3FullAccessʯϙϦγʔ Λඥ͚ͮΔɺΈ͍ͨͳ͜ͱΛ͠·͢ ITEM-API ECS S3 ϑΝΠϧΛPUTɾGET͍ͨ͠

23. IAM·ͱΊ ɾIAMϙϦγʔ Ͱ͖Δ͜ͱ/Ͱ͖ͳ͍͜ͱ Λఆٛ͠ɺ Ϣʔβʔ΍ϩʔϧʹඥ͚ͮͯ࢖͏ ɾIAMϢʔβʔ ϙϦγʔΛඥ෇͚ͯɺϢʔβʔ͕Ͱ͖Δ͜ͱΛఆٛ͢Δ ɾIAMϩʔϧ ϙϦγʔΛඥ෇͚ͯɺ ୭͔/AWSͷαʔϏε

    ͕Ͱ͖Δ͜ͱΛఆٛ͢Δ

24. ίϯϐϡʔςΟϯά

25. EC2 (Elastic Compute Cloud) OSΛ৐ͤͨԾ૝؀ڥΛΫϥ΢υ্ʹ࡞੒ Ͱ͖ΔαʔϏε ༻్ʹԊͬͯOSɾεϖοΫʢCPU΍ϝϞ ϦʣΛબͼࣗಈతʹαʔόʔͷ্ཱͪ͛ ͔ΒΠϯετʔϧ·Ͱͯ͘͠ΕΔ

26. ECS (Elastic Container Service) DokerίϯςφΞϓϦέʔγϣϯΛAWS ্Ͱಈ͔ͯ͘͠ΕΔαʔϏε ίϯςφͷ࣮ߦɺอޢɺεέʔϧΛAWS ଆͰ΍ͬͯ͘ΕΔͷͰ࢖͏ଆ͕ҙࣝ͢Δ ͜ͱ͕͘͢ͳͯ͘͢Ή

27. EC2΍ECSͷ͍͍ͱ͜Ζ ɾ؆୯ͳεϖοΫมߋ ɾ৑௕Խ͕؆୯ ɹˠ஄ྗੑ͕͋Δ ɾैྔ՝ۚʹΑΔίετϝϦοτ

28. ELB(Elastic Load Balancer) ELBʹ͸ɺ3ͭͷϩʔυόϥϯαʔ͕͋ Γɺ༻్ʹ߹Θͤͯબ୒Ͱ͖Δɻ ɾCLB (Classic Load Balancer) ɾNLB

    (Network Load Balancer) ɾALB (Application Load Balancer)

29. ALBͰͰ͖Δ͜ͱ ͦͷᶃෛՙ͕෼ࢄͰ͖Δ ALB ECS ECS

30. ALBͰͰ͖Δ͜ͱ ͦͷᶄURLͰৼΓ෼͚ઌΛઃఆͰ͖Δ API༻ALB AAA-api ECS https://ʓʓ.com/AAA/… https://ʓʓ.com/BBB/… BBB-api ECS ※ύεϕʔεɺϗετϕʔεɺHTTPϔομϕʔε΍ΫΤϦจࣈϕʔε…৭ʑͳنଇͰઃఆͰ͖·͢

31. ALBͰͰ͖Δ͜ͱ ͦͷᶅτϥϑΟοΫͷ੍ݶ͕Ͱ͖Δ ALB ※VPCͷར༻͕લఏͰ͢ ✅
    ΞΫηε0, ❌
    ΞΫηε/( ECS

32. ετϨʔδ΍DB

33. S3 (Simple Storage Service) Ϋϥ΢υܕͷΦϒδΣΫτετϨʔδ ྨࣅαʔϏεɿDropBoxɾOneDrive ετϨʔδʢ༰ྔʣ͕ࣗಈతʹ֦ுɾॖ খ͞ΕΔɻࣄલʹਖ਼֬ͳ༰ྔΛܭࢉͨ͠ Γɺ༨෼ʹϦιʔεΛ֬อ͓ͯ͘͠ඞཁ͕ ͳ͍

34. S3ͷ͍͍ͱ͜Ζ ͦͷᶃϥΠϑαΠΫϧ ࢦఆͨ͠ظ͕ؒܦաͨ͠΋ͷΛ࡟আ͠ ͨΓɺΑΓ௿Ձ֨ͳετϨʔδʹҠಈ ͨ͠ΓͰ͖Δ ྫɿ90೔ܦաͨ͠ϩάϑΝΠϧ͸࡟আ

35. S3ͷ͍͍ͱ͜Ζ ͦͷᶄόʔδϣχϯά ΦϒδΣΫτ͝ͱʹੈ୅؅ཧΛ༗ޮʹ ͢Δ͜ͱͰ͖Δ ྫɿޡͬͯಉ͡ϑΝΠϧ໊Ͱ্ॻ͖ͯ͠͠·ͬ ͯ΋ɺલͷόʔδϣϯʹ໭͢͜ͱ͕Ͱ͖Δ

36. S3ͷ͍͍ͱ͜Ζ ͦͷᶅϩάه࿥ ΦϒδΣΫτʹର͢ΔϩάΛ࢒͢͜ͱ ͕Ͱ͖Δ ྫɿ୭͕͜ͷϑΝΠϧΛ࡟আ͔ͨ͠ʁมߋͨ͠ ͔ʁΛḷΔ͜ͱ͕Ͱ͖Δ

37. S3ͷ͍͍ͱ͜Ζ ͦͷᶆΞΫηεݖݶ ઃఆ͞ΕͨϢʔβʔͷΈૢ࡞ΛڐՄ͢ ΔͳͲɺࡉ͔͘ΞΫηεݖݶΛઃఆͰ ͖Δ ྫɿΞΧ΢ϯτA͸ΞοϓϩʔυͷΈՄೳ ɹɹΞΧ΢ϯτB͸μ΢ϯϩʔυͷΈՄೳ

38. S3ͷ͍͍ͱ͜Ζ ͦͷᶇ҉߸Խ ΦϒδΣΫτΛ҉߸Խ͓ͯ͘͜͠ͱ͕ Ͱ͖Δ αʔόʔαΠυɺΫϥΠΞϯταΠυ ͦΕͧΕͷ҉߸ԽʹରԠ

39. RDS (Relation Database Service) σʔλϕʔεͷΠϯετʔϧ΍όοΫ ΞοϓͳͲͷઃఆΛ͠ͳͯ͘΋ɺσʔλ ϕʔε͕ར༻Ͱ͖ΔαʔϏε 6ͭͷRDBMS͔Βબ୒Մೳ Amazon AuroraɾPostgre

    SQLɾMySQL MariaσʔλϕʔεɾOracleɾSQL Server

40. RDSͷ͍͍ͱ͜Ζ ɾϚϧνAZʹΑΔՄ༻ੑ ɾιϑτ΢ΣΞͷࣗಈύον࡞ۀ ɾΦʔτεέʔϦϯά ɾϦʔυϨϓϦΧ ɹɹˠಡΈࠐΈઐ༻ͷσʔλϕʔε ɹɹಉ͡σʔλ͕ෳ਺ଘࡏ͢ΔͨΊσʔλͷ҆શੑ͕ߴ·Δ ɹɹ·ͨɺDBʹ͔͔ΔෛՙΛ෼ࢄͤ͞Δ͜ͱ͕Ͱ͖Δ

41. ͓ΘΓʹ Ϋϥ΢υͷ͜ͱɾAWSͷ͜ͱ ஌͓͍ͬͯͯଛ͸ͳ͍ʂ Ұॹʹษڧ͍͖ͯ͠·͠ΐ͏