情シス担当がAWS導入して苦しんだ話 / aws-migration

Transcript

1. ਆށσδλϧɾϥϘ Πϯϑϥษڧձ #1 
 ৘γε୲౰͕ AWSಋೖͯۤ͠͠Μͩ࿩
 2016/07/28 גࣜձࣾ ਆށσδλϧɾϥϘ ࢁຊ

   େ࡞ Daisaku Yamamoto

2. Company

3. i/ B C u C e E T C ONQ

   O Q e C e m M e C L m e C b oWs m b oC Q FS O T C MI t i d d -- AC a d t & &C W i t e u em W r W d W u do d do u - × W d b oW u C t / s B CE T E T W d W sm u C C i Q R Q O L u a d Q u P E um o R ues P C I C e C W - C o C m C r s

4. Who?

5. • ໊લ
 ࢁຊ େ࡞ʢDaisaku Yamamotoʣ • ॴଐ
 גࣜձࣾਆށσδλϧɾϥϘ
 ։ൃ؅ཧ෦ ৘ใγεςϜνʔϜ

   ˍ
 SIRTʢSecurity Incident Response Teamʣ • ΠϯϑϥΤϯδχΞ
 Server (Linux, Windows, etc)
 Network
 Security
 AWS • ڵຯ
 Infrastructure as Code
 Immutable Infrastructure
 Docker
 WEB (Ruby on Rails, Node.js, Ruby, Javascript, Python)
 kintone
 Agility!!!

6. ͓࿩͢͠Δ͜ͱ • AWS ಋೖͷ͖͔͚ͬ • AWS ಋೖͯ͠Έͯ • Ͳ͏΍ͬͯҠߦ͔ͨ͠ •

   ۤ͠Μͩͱ͜Ζ • ࠓޙͷల๬

7. AWS ಋೖͰ ʮۤ͠Μͩʯ࿩

8. ಋೖͷ͖͔͚ͬ

9. VMαʔόӡ༻ͷ໰୊

10. ಋೖͷ͖͔͚ͬ VMαʔόӡ༻ͷ໰୊ • VMϗεταʔόͷϦιʔεރׇ
 ʢϓϥΠϕʔτΫϥ΢υʣ
 ˠ ήετVM਺400΄Ͳ • όοΫΞοϓӡ༻ഁ୼ •

    BCPରࡦ͕ෆे෼

11. ະདྷ΁ͷ౤ࢿ

12. ಋೖͷ͖͔͚ͬ ະདྷ΁ͷ౤ࢿ • ࣾ಺جװαʔό࿝ٺԽʹΑΔߋվ
 ˠ อक੾Ε࿝ମαʔόͷҰ৽ • ӡ༻͕͠ΜͲ͍෺ཧHWΛͳ͍ͨ͘͠
 ˠ αΠδϯάɺαʔόߪೖɺϥοΩϯάɺέʔϒϦϯάɺ


    ɹ ωοτϫʔΫػثઃఆɺిݯ؅ཧʢUPSʣɺ
 ɹ ো֐ൃੜ࣌ରԠɺഇغɾɾɾɾ • Ϋϥ΢υΛ࠷దʹར༻ͨ͠ϏδωεΛՃ଎͍ͤͨ͞
 ˠ ࣗࣾϦιʔε͔ΒऔΓ૊Ή͜ͱͰϊ΢ϋ΢஝ੵ
 ɹ ৽ͨͳՁ஋૑଄

13. AWS ಋೖͯ͠Έͯ

14. ຊ౰ʹ͍Ζ͍Ζָʢ޾ͤʣʹʂ

15. ಋೖͯ͠ಘͨ΋ͷ • Agilityɾɾɾӡ༻଎౓޲্ • AvailabilityɾɾՄ༻ੑ޲্ • SecurityɾɾɾηΩϡϦςΟϨϕϧ޲্ • Immutable Infrastructureɾɾɾ࢖͍ࣺͯͷΠϯϑϥ

    • Infrastructure as Codeɾɾɾߏ੒Λίʔυ؅ཧ
16. None

17. Ͳ͏΍ͬͯҠߦ͔ͨ͠

18. Ҡߦର৅੔ཧ • ήετVMͷ༻్Λ੔ཧ
 ෦໳ʢҊ݅ʣ؅ཧ͔ɺ৘γε؅ཧ͔ • redmineαʔόʢ໿50୆ʣ͔Β • VMϗετͷอक੾Ε͕͍ۙ΋ͷ͔Β

19. ҠߦܭըཱҊ • 2015೥10݄ࠒΑΓ։࢝ • Ҡߦ໨త੔ཧ • ΦϯϓϨͱͷίετൺֱ
 ݮՁঈ٫ɺUPSɺిݯɺόοΫΞοϓɾɾ౳ • Ҡߦํ๏


    VM Import/Export • AWS؀ڥઃܭ
 ΞΧ΢ϯτ؅ཧํ๏ɺωοτϫʔΫʢVPCʣɺηΩϡϦςΟάϧʔϓɺNAT • ޮ཰Խ
 σϑΥϧτ IAM ϙϦγʔɺCloudFormation

20. VM Import/Export

21. VM Import/Export ͷ
 લఏ৚݅

22. લఏ৚݅ɾɾɾ

23. ݱঢ়ߏ੒

24. ݱঢ় AWS ߏ੒ʢ৘γε؅ཧʣ

25. ۤ͠Μͩͱ͜Ζ

26. ΞΧ΢ϯτ؅ཧʢ෼ׂʣํ๏

27. 1 ΞΧ΢ϯτ͔ɺ෼ׂ͔ • ίετ؅ཧΛͲ͏͢Δ͔
 ˠ ՝ۚ͸ AWS ΞΧ΢ϯτ୯Ґ • 1

    ΞΧ΢ϯτͰෳ਺ VPC, αϒωοτ෼ׂ
 ˠ λάͰ෼͚ΒΕΔ͕͚ͭΒΕͳ͍΋ͷ΋͋Δ • ෦໳୯ҐɺҊ݅୯ҐͰΞΧ΢ϯτ෼ׂ
 ˠ ෦໳ΞΧ΢ϯτͱҊ݅ΞΧ΢ϯτΛίϯιϦ

28. Direct Connect Ͱͷ ωοτϫʔΫઃܭ

29. ࣾ಺ NW αϒωοτͷґଘؔ܎ • ηΩϡϦςΟ্ɺࣾ಺ωοτϫʔΫ͸
 ໾ׂ͝ͱʹαϒωοτΛ෼ׂ
 ʢ৘γεɺ؅ཧ෦໳ɺҰൠΫϥΠΞϯτ౳ʣ • ࣾ಺ωοτϫʔΫઃܭ࣌ʹ AWS

    ଆͱͷ
 ௨৴Λߟྀ͍ͯ͠ͳ͔ͬͨʢΘ͔Βͳ͔ͬͨʣ • αϒωοτɺCIDR ୯ҐͰͷ੔ཧ͕ෳࡶ

30. ηΩϡϦςΟઃܭ

31. None

32. ηΩϡϦςΟάϧʔϓͷ੍ݶ • ENI ౰ͨΓͷάϧʔϓ਺͸ 5 • ηΩϡϦςΟάϧʔϓ౰ͨΓɺΠϯό΢ϯυɺ Ξ΢τό΢ϯυϧʔϧ਺͸ͦΕͧΕ 50 "84
    αϙʔτʹ໰͍߹ΘͤΔͱ૿ݮͰ͖·͢

33. ηΩϡϦςΟάϧʔϓͷ੍ݶ • άϧʔϐϯάΛͲ͏͢Δ͔
 ˠ ൚༻తάϧʔϓͱݸผάϧʔϓΛ࡞੒
 ɹʢ઀ଓݩ੍ݶɺαʔϏεɺ໾ׂ୯ҐͳͲʣ
 
 ex.) 
 ɹ৘γεηάϝϯτάϧʔϓʢISMG-sgʣ


    ɹ؅ཧ෦໳άϧʔϓʢKanri-sgʣ
 ɹҰൠΫϥΠΞϯτάϧʔϓʢClient-sgʣ
 ɹΦϑγϣΞάϧʔϓʢOffshore-sgʣ
 ɹWeb άϧʔϓʢWeb-sgʣ
 ɹɾɾɾ

34. ࠓޙͷల๬

35. ࠓޙͷల๬ • redmine αʔόͷίετ࡟ݮࢪࡦ
 ˠ docker ԽʢECSʣ • ίʔϙϨʔταΠτͷ੩తԽ
 ˠ

    S3 Static Web Hosting • αʔόʔϨεΞʔΩςΫνϟ
 ˠ API Gateway + Lambda, Lambda Scheduled Event