CloudFront use cases - noteの事例 -

Transcript

1. ෱Ҫ
   ྽ @fukuiretu 2019.06.12 OPUF
   FOHJOFFS
   NFFUVQ
    $MPVE'SPOU VTF
   DBTFT OPUFͷࣄྫ

2. ࣗݾ঺հ Engineer Full Remote Worker piece of cake, inc. 
   ೖࣾ

   ੨৿ݝ߂લࢢࡏॅ 3VCZ
   PO
   3BJMT /VYUKT "84 @r82 @fukuiretu @fukuiretu ෱Ҫ
   ྽

3. ΞδΣϯμ OPUFͷΠϯϑϥߏ੒ $'Λར༻͢ΔϝϦοτʗσϝϦοτ 5JQT ·ͱΊ

4. ΞδΣϯμ OPUFͷΠϯϑϥߏ੒ $'Λར༻͢ΔϝϦοτʗσϝϦοτ 5JQT ·ͱΊ

5. OPUFͷΠϯϑϥߏ੒ $MPVE'SPOUͰ"OHVMBS
   /VYUΛ੾Γସ͑

6. ΞδΣϯμ OPUFͷΠϯϑϥߏ੒ $'Λར༻͢ΔϝϦοτʗσϝϦοτ 5JQT ·ͱΊ

7. $MPVE'SPOU $' ͱ͸ "84͕ఏڙ͢Δߴ଎ɾߴύϑΥʔϚϯεͳ ίϯςϯπ഑৴αʔϏε $%/ ΞηοτͷΩϟογϡ༻్Ҏ֎ʹ΋࢖͑Δʂ

8. ύεϕʔεͷϦόʔεϓϩΩγ ! $'Λར༻͢ΔϝϦοτ

9. Multi Origin &MBTUJD#FBOTUBML "1*
   (BUFXBZ "-# 4 etc… $'Λར༻͢ΔϝϦοτ

10. ύεຖʹΩϟογϡઃఆ͕Մೳ ElasticBeanstalk path /login /recommend ALB ͳ͠ ͳ͠ /aseets/images/* ࣌ؒ

    S3 origin cache $'Λར༻͢ΔϝϦοτ Cache Behavior

11. ҎԼͷϫΠϧυΧʔυͷΈར༻Մೳ ΋͘͠͸ͦΕҎ্ͷจࣈྻ จࣈ ॊೈͳਖ਼نදݱ͸࢖͑ͳ͍ͷͰ63-ઃܭ͸৻ॏʹʂ ύεύλʔϯͷ஫ҙ఺ ! $'Λར༻͢ΔϝϦοτ

12. $'Λར༻͢ΔϝϦοτ ηΩϡϦςΟରࡦ !

13. 1$*%44ରԠ #05ରࡦ %%P4؇࿨ 944ରࡦ 42-Jରࡦ https://aws.amazon.com/jp/waf/ $'Λར༻͢ΔϝϦοτ "84
    8"'ʢ΢ΣϒΞϓϦέʔγϣϯϑΝΠΞ΢Υʔϧʣ AWS WAF

14. ແྉͰ࢖͑Δʢ΋Εͳ͘෇͍ͯ͘Δʣ %%P4؇࿨ https://aws.amazon.com/jp/shield/ $'Λར༻͢ΔϝϦοτ "84
    4IJFMEʢϚωʔδυܕͷ
    %%P4
    อޢʣ AWS Shield Standard

15. $'Λར༻͢ΔϝϦοτ "-#ͷલஈʹஔ͘͜ͱͰϨεϙϯε޲্ !

16. $'Λར༻͢ΔϝϦοτ Secured API Acceleration with Engineers from Amazon CloudFront and

    Slack https://www.slideshare.net/AmazonWebServices/secured-api-acceleration-with-engineers-from-amazon-cloudfront-and-slack 4MBDLࣾͷࣄྫ

17. $'Λར༻͢ΔϝϦοτ DSA %ZOBNJD
    4JUF
    "DDFMFSBUJPO
    Τοδϩέʔγϣϯ ΦϦδϯ ωοτϫʔΫ࠷దԽ ϨΠςϯγ͕௿͘ͳΔ
    
    Ϩεϙϯε͕଎͘ͳΔ ˞Τοδϩέʔγϣϯ
    
    ΦϦδϯؒͷڑ཭͕͍ۙ৔߹͸ޮՌ͕ബ͍

18. $'Λར༻͢ΔϝϦοτ ৄ͘͠͸ͦͷͬͭ͞Μͷϒϩάʹͯ $MPVE'SPOUΛ͔·͢ͱΩϟογϡͳ͠ͷ"1*ίʔϧͰ΋଎͘ͳΔΑ͏ͩ http://blog.livedoor.jp/sonots/archives/48002650.html

19. ίετ ·ͣ͸؆қݟੵπʔϧͰ͓ݟੵΓΛʂ Πϯλʔωοτ΁ͷσʔλసૹྔ )551ϝιουͷϦΫΤετ ΦϦδϯ΁ͷσʔλసૹྔ https://calculator.s3.amazonaws.com/index.html?lng=ja_JP FUDʜ $'Λར༻͢ΔσϝϦοτ

20. $MPVE'SPOU
    #FIBWJPS ϧʔςΟϯάͷࢄࡏԽ /VYUKT
    WVFSPVUFS "OHVMBS+4
    VJSPVUFS 3VCZ
    PO
    3BJMT
    SPVUFSSC New

    $'Λར༻͢ΔσϝϦοτ

21. ΞδΣϯμ OPUFͷΠϯϑϥߏ੒ $'Λར༻͢ΔϝϦοτʗσϝϦοτ 5JQT ·ͱΊ

22. 5JQT ΫϥΠΞϯτ*1ͷऔಘ !

23. 3BJMTͰ*1Λऔಘ͢Δϝιου 5JQT ActionDispatch::Request .remote_ip ActionDispatch::Request .ip 53645&%
    *1 ΞυϨεͷ֦ுੑ )551@$-*&/5@*1 ΛՃຯ

    ☓ ̋ ̋ ☓ "DUJPO%JTQBUDI3FRVFTUJQ ͸ Λར༻

24. 5JQT ͷར༻έʔε 3BDL
    NJEESFXBSF (SBQF "QQMJDBUJPO$POUSPMMFS SFRVFTUJQͷ࣮ମ͸3BDL3FVRFTUJQ "DUJPO%JTQBUDI3FRVFTUJQΛར༻͢Δ͜ͱͰ౷Ұ 3BDL3FVRFTU (SBQF3FRVFTU "DUJPO%JTQBUDI3FRVFTU

    3BDL
    NJEESFXBSF

25. $MPVE'SPOUͷ*1͕औΕΔ $'ͷ*1
    
    ֎෦*1ͱͯ͠൑அ 5JQT ݪҼ ൃੜͨ͠໰୊

26. 5JQT 3BDL3FVRFTUʹϞϯΩʔύον $'ͷ*1ϨϯδΛ53645&%
    *1ΞυϨεʹ௥Ճ ରॲ

27. ΛΦʔόʔϥΠυ ͠ɺˢͰੜ੒ͨ͠ 53645&%ͳ*1܈ Λར༻ trusted_proxy? $MBTTϩʔυ࣌ʹ $'ͷ*1ϨϯδΛ ੜ੒͢Δ ˢͰੜ੒ͨ͠$'ͷ *1ϨϯδΛؚΊɺ

    MPDBMܥ΍JOUBSOBM ܥͷ*1Λ߹Θͤͯ ఆٛ 5JQT

28. 3BDL3FRVFTUJQ $MPVE'SPOUͷ*1ΞυϨεൣғ 3BDL3FRVFTUJQ $MPVE'SPOUͷ*1ΞυϨεൣғ ࢀߟࢿྉ https://github.com/rack/rack/blob/master/lib/rack/ request.rb#L267-L277 https://docs.aws.amazon.com/ja_jp/AmazonCloudFront/latest/ DeveloperGuide/LocationsOfEdgeServers.html 5JQT

29. 5JQT ϝϯςφϯεϖʔδͷදࣔ !

30. Ϟνϕʔγϣϯ ιʔϦʔαʔόʔͷ༻ҙ΋໘౗ /HJOYͷDPOpHมߋ͸໘౗ -BNCEB!&EHFͰ୅ସ 5JQT

31. -BNCEB!&EHFͱ͸ ᶃViewer Request ᶄ0SJHJO Request ᶅ0SJHJO Response ᶆ7JFXFS Response Ϣʔβʔ

    $' ΦϦδϯ $MPVE'SPOU্ͰҎԼͷ͍ͣΕ͔ͷΠϕϯτΛ ϑοΫͯ͠-BNCEBΛ࣮ߦ͢ΔαʔϏε 5JQT

32. ΞΫηεڐՄ*1΍ϝϯςφ ϯε։࢝࣌ؒͳͲಈతʹม ߋ͍ͨ͠஋͸4ʹKTPOͱ ͯ͠഑ஔ͠ಡΈࠐΈ εςʔλεͰɺ ೚ҙͷ)5.-
    #PEZΛฦ͢ ʢ7JFXFS
    3FRVFTUʹઃఆʣ 5JQT

33. -BNCEBಉ༷ʹεϩοτϦϯά͕ൃੜ 5JQT ؀ڥม਺ͷར༻ෆՄ ಈ࡞ͨ͠ΤοδϩέʔγϣϯʹΑͬͯϩά ग़ྗ͞ΕΔϦʔδϣϯ͕ܾ·Δ όʔδχΞϦʔδϣϯʹ഑ஔ -BNCEB!&EHFͷ஫ҙ఺

34. ࢀߟࢿྉ 5JQT "84
    -BNCEB!&EHFͷϩά͸Ͳ͜ʁ $MPVE'SPOU
    -BNCEB!&EHF
    Ͱͷ
    "84
    -BNCEB
    ͷ࢖༻ https://dev.classmethod.jp/cloud/aws/where-is-the-lambda- edge-log/ https://docs.aws.amazon.com/ja_jp/lambda/latest/dg/lambda-edge.html

35. ΞδΣϯμ OPUFͷΠϯϑϥߏ੒ $'Λར༻͢ΔϝϦοτʗσϝϦοτ 5JQT ·ͱΊ

36. ·ͱΊ ΫϥΠΞϯτ*1ΛऔΓ͍ͨͱ͖͸ཁ஫ҙ $'ʹݶΒͣϓϩΩγΛհͯ͠ଟஈʹͳΔ৔߹ -BNCEB!&EHFศར ίετ໰୊͕ΫϦΞͰ͖ΔͳΒಋೖ͢΂͖ ੒໿͕ଟ͍ͷͰτϨʔυΦϑΛԡ͑Δ

37. ͋Γ͕ͱ͏͍͟͝·ͨ͠