Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
20220523_akibaaws-online-08-s3
Search
h-ashisan
May 27, 2022
Technology
0
830
20220523_akibaaws-online-08-s3
h-ashisan
May 27, 2022
Tweet
Share
More Decks by h-ashisan
See All by h-ashisan
Tokyo_reInforce_2025_recap_iam_access_analyzer
hiashisan
0
160
OpsJAWS34_CloudTrailLake_for_Organizations
hiashisan
0
370
Classmethod_regrowth_2024_tokyo_security_identity_governance_summary
hiashisan
0
1.4k
2024/11/29_失敗談から学ぶ! エンジニア向けre:Invent攻略アンチパターン集
hiashisan
0
600
20241015 Toranomon Tech Hub#1 Service Catalog使ってみた
hiashisan
0
520
Practical-AWS-Security-measures-you-can-implement-now
hiashisan
0
640
20240724_cm_odyssey_hibiyatech
hiashisan
0
430
[2024最新版]AWS Control Towerを使ったセキュアなマルチアカウント環境の作り方
hiashisan
0
1.1k
クラウド利用者の「責任」をどう果たす?AWSセキュリティ対策のススメ #AWSSummit
hiashisan
0
680
Other Decks in Technology
See All in Technology
OPENLOGI Company Profile for engineer
hr01
1
33k
ハッカソン by 生成AIハッカソンvol.05
1ftseabass
PRO
0
160
無意味な開発生産性の議論から抜け出すための予兆検知とお金とAI
i35_267
2
7.7k
Delegating the chores of authenticating users to Keycloak
ahus1
0
130
自律的なスケーリング手法FASTにおけるVPoEとしてのアカウンタビリティ / dev-productivity-con-2025
yoshikiiida
1
9.2k
OpenHands🤲にContributeしてみた
kotauchisunsun
1
510
事業成長の裏側:エンジニア組織と開発生産性の進化 / 20250703 Rinto Ikenoue
shift_evolve
PRO
2
12k
KubeCon + CloudNativeCon Japan 2025 に行ってきた! & containerd の新機能紹介
honahuku
0
120
使いたいMCPサーバーはWeb APIをラップして自分で作る #QiitaBash
bengo4com
0
1.5k
Lazy application authentication with Tailscale
bluehatbrit
0
140
ビズリーチが挑む メトリクスを活用した技術的負債の解消 / dev-productivity-con2025
visional_engineering_and_design
2
4.2k
Flutter向けPDFビューア、pdfrxのpdfium WASM対応について
espresso3389
0
110
Featured
See All Featured
Writing Fast Ruby
sferik
628
62k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.9k
Building a Modern Day E-commerce SEO Strategy
aleyda
42
7.4k
A Modern Web Designer's Workflow
chriscoyier
694
190k
Build The Right Thing And Hit Your Dates
maggiecrowley
36
2.8k
Designing for Performance
lara
610
69k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.8k
How to Ace a Technical Interview
jacobian
277
23k
GraphQLとの向き合い方2022年版
quramy
49
14k
Producing Creativity
orderedlist
PRO
346
40k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
32
2.4k
Transcript
Amazon S3ͷ࢝Ίํ ",*#""840/-*/&"84ɺ͡Ί·ͨ͠ฤ )JSPBLJ"TIJ[BXB ʙS3ͷ֓ཁͱΞΫηεɾετϨʔδཧʹֶ͍ͭͯ΅͏ʙ
ࣗݾհ Ἑত / (͋͟͠ΘͻΖ͖͋) ॴଐ AWSࣄۀ෦ίϯαϧςΟϯά෦ Twitter @ashi_ssan ೖࣾ
2021/09/01 ڵຯ͕͋ΔαʔϏε AWS WAF AWS DataSync
ॕɾʰAWSͷࣝਤʱൃץʂ
ʰ"84ͷࣝਤʱ͏ಡΈ·͔ͨ͠ʁ ߪೖϖʔδϦϯΫɿhttps://www.amazon.co.jp/dp/B09X9JVR7Q
ʰ"84ͷࣝਤʱͷ࣍ "NB[POΑΓ
ʰ"84ͷࣝਤʱͷ࣍ "NB[POΑΓ ͜ͷষʹؚ·ΕΔ "NB[PO4ʹ͍ͭͯ ͠·͢ʂʂʂ
ࠓ͢͜ͱ • Amazon S3ͱʁ • S3ͷػೳ • ΞΫηεཧɾετϨʔδཧ •
·ͱΊ
ఆࢹௌऀ • ͜Ε͔ΒAWSΛֶΜͰߦ͖͍ͨํ • Amazon S3ʹֶ͍ͭͯͼ͍ͨํ • Amazon S3Λطʹ͍ͬͯΔ͕ͲΜͳઃఆΛͨ͠Β
ྑ͍͔Θ͔Βͳ͍ํ
ࠓͤͳ͍͜ͱ • S3Ҏ֎ͷAWSϦιʔεʹ͍ͭͯ • ࠓऔΓѻΘͳ͍S3ͷػೳ • ػೳͯ͢Λཏͨ͠༰Ͱ͋Γ·ͤΜ • S3Λར༻ͨ͠۩ମతͳϢʔεέʔε
• AWSར༻ྉۚʹ͍ͭͯ
Amazon S3ͱʁ
"NB[PO4ͱʁ • S3 = ”Amazon Simple Storage Service” •
ҎԼͷಛΛ࣋ͭΦϒδΣΫτετϨʔδαʔϏε • ֦ுੑ • ٱੑ • ηΩϡϦςΟ • ύϑΥʔϚϯε
ΦϒδΣΫτετϨʔδͱʁ Ҿ༻ɿhttps://www.softbank.jp/biz/blog/business/articles/202007/storage-difference/
ΦϒδΣΫτετϨʔδͱʁ Ҿ༻ɿhttps://www.softbank.jp/biz/blog/business/articles/202007/storage-difference/
4ͷߏཁૉ • όέοτ • S3ʹอଘ͞ΕΔΦϒδΣΫτίϯςφ • ΦϒδΣΫτ • S3ʹอଘ͞ΕΔجຊΤϯςΟςΟ
• Ωʔ • όέοτʹҰҙͷΦϒδΣΫτࣝผࢠ • ΦϒδΣΫτΩʔ = Prefix + ΦϒδΣΫτ໊
4ͷߏཁૉ
4ͷٱੑɾՄ༻ੑ • ٱੑɿ99.999999999% <௨শɿΠϨϒϯφΠϯ> • ͭ·Γ… σʔλΛফࣦ͢ΔՄೳੑ΄΅θϩ • Մ༻ੑɿ99.99%(S3
Standardͷ߹) • ͭ·Γ…ɹαʔϏεఀࢭ࣌ؒؒ1࣌ؒఔ (52.6)
4ͷٱੑɾՄ༻ੑ Ҿ༻ɿhttps://d1.awsstatic.com/webinars/jp/pdf/services/20190220_AWS-BlackBelt_S3_Glacier.pdf
4ͷσʔλ߹ੑϞσϧ • ڧྗͳ߹ੑ • ΦϒδΣΫτͷPUT(৽نొɺߋ৽),DELETE(আ)ʹؔ͢Δॻ͖ࠐΈޙಡ ΈऔΓͷ “ڧྗͳ߹ੑ” ͕࠾༻͞Ε͍ͯΔ
4ͷσʔλ߹ੑϞσϧ Ҿ༻ɿhttps://dev.classmethod.jp/articles/ update-amazon-s3-strong-read-after-write- consistency/ • ڧ͍߹ੑ2020ͷre:invent Ͱαϙʔτ͞Ε·ͨ͠ • ݹ͍ॻ੶ɾใͩͱʮ݁Ռ߹
ੑʯͱ͋Δͣɺཁҙ • ࠷৽ͷΞοϓσʔτͷใΛ͍ ·͠ΐ͏
S3ͷػೳ
4ͷػೳ • ΞΫηεཧ • IAMɺACL(ΞΫηείϯτϩʔϧϦετ)ɺόέοτϙϦγʔɺϒϩοΫύϒ ϦοΫΞΫηε etc… • ετϨʔδཧ
• σϑΥϧτ҉߸ԽɺόʔδϣχϯάɺετϨʔδΫϥεɺϥΠϑαΠΫϧϙϦ γʔ etc… • ͦͷଞ • ΞΫηεϩάɺCloudTrailϩάɺCloudWatchϝτϦΫε • S3 Storage LensɺS3ετϨʔδΫϥεੳ • etc…
4ͷػೳ • ΞΫηεཧ • IAMɺACL(ΞΫηείϯτϩʔϧϦετ)ɺόέοτϙϦγʔɺϒϩοΫύϒ ϦοΫΞΫηε etc… • ετϨʔδཧ
• σϑΥϧτ҉߸ԽɺόʔδϣχϯάɺετϨʔδΫϥεɺϥΠϑαΠΫϧϙϦ γʔ etc… • ͦͷଞ • ΞΫηεϩάɺCloudTrailϩάɺCloudWatchϝτϦΫε • S3 Storage LensɺS3ετϨʔδΫϥεੳ • etc… ࠓ͢ͱ͜Ζ
ΞΫηεཧ
લஔ͖ ͳͥΞΫηεཧ͕ඞཁͳͷ͔ʁ • S3REST API(HTTPS)ͰΞΫηεՄೳͰ͢ • ྫ) • ౦ژϦʔδϣϯʹ͋Δόέοτ໊
”akiba-aws-bucket” ͷΦϒδΣ ΫτΩʔ”object/blog.jpg”ʹΞΫηε͢Δ߹… • URLྫɿhttps://{όέοτ໊}.s3.{Ϧʔδϣϯ໊}/{Prefix}/{ΦϒδΣΫτ໊}
લஔ͖ ͳͥΞΫηεཧ͕ඞཁͳͷ͔ʁ • S3REST API(HTTPS)ͰΞΫηεՄೳͰ͢ • ྫ) • ౦ژϦʔδϣϯʹ͋Δόέοτ໊
”akiba-aws-bucket” ͷΦϒδΣ ΫτΩʔ”object/blog.jpg”ʹΞΫηε͢Δ߹… • URLྫɿhttps://{όέοτ໊}.s3.{Ϧʔδϣϯ໊}/{Prefix}/{ΦϒδΣΫτ໊} ʲఏىʳ ͜ͷ63-ΛΒΕͨΒ୭ͰΞΫηε Ͱ͖ͯ͠·͏ͷͰʁʁʁ
ΞΫηεཧ֓ཁ • ϢʔβʔϙϦγʔ • όέοτϙϦγʔ • ACL(ΞΫηείϯτϩʔϧϦετ) • ϒϩοΫύϒϦοΫΞΫηε
ϢʔβʔϙϦγʔ • ʮAWSʹ͓͍ͯ͜ͷϢʔβʔԿ͕Ͱ͖Δͷ͔ʁʯΛ ࢦఆ͢ΔIAMͷΞΠσϯςΟςΟϕʔεϙϦγʔ
όέοτϙϦγʔ • ʮ͜ͷS3όέοτʹ୭͕ΞΫηεͰ͖Δͷ͔ʁʯ Λࢦఆ͢ΔIAMͷϦιʔεϕʔεϙϦγʔ
"$- ΞΫηείϯτϩʔϧϦετ • ʮ͜ͷS3όέοτ/S3ΦϒδΣΫτʹΞΫηεͰ͖Δ ଞͷAWSΞΧϯτʯΛࢦఆ͢ΔIAMͷϦιʔεϕʔ εϙϦγʔ
"$- ΞΫηείϯτϩʔϧϦετʲΞοϓσʔτʳ Ҿ༻ɿhttps://dev.classmethod.jp/articles/s3- bucket-owner-enforced/ • ACL2021ͷre:inventͰɹ ແޮԽͰ͖ΔΑ͏ʹͳΓ·ͨ͠ • ʰͪΐͬͱACLࣺͯͯ͘Δʱ
όέοτϙϦγʔPS"$-ʁ • όέοτϙϦγʔͱͲͪΒΛ͏͔બ͢Δ • جຊతͳߟ͑ͱͯ͠ɺόέοτϙϦγʔΛ༻ɺACL ແޮʹ͢Δ͖ • ACLAWSΞΧϯτ୯Ґͷ੍ޚͷΈ •
όέοτϙϦγʔIAMϦιʔε୯ҐͰͷ੍ޚ͕Մ ೳ
ϒϩοΫύϒϦοΫΞΫηε • S3όέοτʹઃఆ͢Δ͜ͱͰύϒϦοΫެ։Λࢭ Ͱ͖Δػೳ • ύϒϦοΫΞΫηε͕ෆཁͳόέοτʹඞਢͷઃఆ • ΞΧϯτ୯Ґɺόέοτ୯Ґͷઃఆ͕͋Δ
4ͷΞΫηεཧɺԿͨ͠Β͍͍ͷʁ • ϢʔβʔϙϦγʔ • όέοτϙϦγʔ • ACL(ΞΫηείϯτϩʔϧϙϦγʔ) • ϒϩοΫύϒϦοΫΞΫηε
4ͷΞΫηεཧɺԿͨ͠Β͍͍ͷʁ • ϢʔβʔϙϦγʔ • ར༻͢Δ → લఏͱͯ͠IAMϢʔβʔͰਖ਼͘͠ݖݶཧΛ͠Α͏ • όέοτϙϦγʔ
• ར༻͢Δ → S3ʹ͍ͭͯΞΫηεڐՄ͢ΔϦιʔεͷཧΛ͠Α͏ • ACL(ΞΫηείϯτϩʔϧϙϦγʔ) • جຊతʹແޮͰOK • ϒϩοΫύϒϦοΫΞΫηε • ༗ޮԽ → ύϒϦοΫެ։͕ෆཁͳ߹ඞਢ
ࢀߟ *".ʹ͍ͭͯͬͱΓ͍ͨํ͚ͷهࣄ Ҿ༻ɿhttps://dev.classmethod.jp/articles/re-introduction-2022-aws-iam/
ࢀߟ "$-ʹ͍ͭͯͬͱΓ͍ͨํ͚ͷهࣄ Ҿ༻ɿhttps://dev.classmethod.jp/articles/amazon-s3-acl-basics/
ετϨʔδཧ
લஔ͖ ͳͥετϨʔδͷཧΛ͢Δͷ͔ʁ • ҰൠతͳετϨʔδͰ͋Ε… • σʔλͷ૿Ճରࡦ → ݶΒΕͨετϨʔδαΠζ •
σʔλͷόοΫΞοϓ → ϋʔυোɺϥϯαϜΣΞରࡦ • S3ͷ߹ಉ͡Α͏ʹରࡦ͕ඞਢ • σʔλͷ૿Ճରࡦ → ॊೈͳετϨʔδαΠζ • → ैྔ՝ۚΛ͑ΔͨΊͷରࡦ͕ඞཁ • σʔλͷόοΫΞοϓ → S3ͷٱੑɾՄ༻ੑ • → ޡૢ࡞ɺվ͟Μରࡦඞཁ
ετϨʔδཧ֓ཁ • σϑΥϧτ҉߸Խ • όʔδϣχϯά • ετϨʔδΫϥε • ϥΠϑαΠΫϧϙϦγʔ
σϑΥϧτ҉߸Խ Ҿ༻ɿhttps://d1.awsstatic.com/webinars/jp/pdf/services/20190220_AWS-BlackBelt_S3_Glacier.pdf
ࢀߟ 4ͷ҉߸Խʹ͍ͭͯ Ҿ༻ɿhttps://dev.classmethod.jp/articles/lim-s3-sse-2021/
όʔδϣχϯά • ୯ҰͷΦϒδΣΫτͷෳόʔδϣϯΛอ࣋Ͱ͖ΔΑ ͏ʹ͢ΔΦϓγϣϯ • ૢ࡞ϛεʹΑΔআ͔Βͷ෮چɺσʔλͷվ͟ΜରࡦʹͳΔ • ্ॻ͖ͷ߹৽نόʔδϣϯͷΦϒδΣΫτɺআ ͷ߹আϚʔΧʔ͕࡞͞ΕΔ
όʔδϣχϯά Ҿ༻ɿhttps://dev.classmethod.jp/articles/3minutes-s3-versioning-lifecycle/
ετϨʔδΫϥε • ༻్ʹԠͯ͡ΦϒδΣΫτΛ֨ೲ͢ΔS3ͷॴΛ͍͚Δ͜ ͱ͕Ͱ͖·͢ Ҿ༻ɿhttps://docs.aws.amazon.com/ja_jp/AmazonS3/latest/userguide/storage-class-intro.html
ετϨʔδΫϥε • ͲͷΫϥεʹ͖͔͢ʁɺΞΫηεස࠷খอଘ ظؒʹΑܾͬͯ·Δ • ྫʣ • 1ϲ݄ʹ1ճΞΫηε͢ΔΞϓϦέʔγϣϯϩά =
Standard-IA • ୯ҐͰΞΫηε͞Εͳ͍ࠪϩά = Glacier Deep Archive • ࣄલʹԿʹ͖͔͢Θ͔Βͳ͍߹ޙ͔Βઃఆ͢Δ͜ͱ Մೳ • Ұ୴ͯ͢StandardͰอଘ͓͖ͯ͠ɺS3 Storage Lensͷੳ݁Ռʹ ΑͬͯΫϥεΛܾΊΔɺͱ͍͏ઓུ
ετϨʔδΫϥεʲ44UPSBHF-FOTʳ • ༗ޮԽ͢ΔͱS3ͷར༻ঢ় گ͕μογϡϘʔυԽ͞Ε ·͢ Ҿ༻ɿhttps://dev.classmethod.jp/articles/ amazon-s3-storage-lens/
ετϨʔδΫϥεʲ*OUFMMJHFOU5JFSJOHʳ • ΞΫηεසʹԠͯ͡3ͭͷΞΫηε֊ʹࣗಈతʹ ΦϒδΣΫτΛอଘ͢ΔΫϥε • ߴස/ස/Πϯελϯτ • ΦϓτΠϯͰΑΓ͍සͷΞΫηε֊Λར༻Մೳ •
ΞʔΧΠϒ/σΟʔϓΞʔΧΠϒ • ޙड़͢ΔϥΠϑϧαΠΫϧϙϦγʔΛଂͨ͠ετ ϨʔδΫϥεͱ͍͏Πϝʔδ
ετϨʔδΫϥεʲ*OUFMMJHFOU5JFSJOHʳ • গ͠ݹ͍ਤͰ͕͢͜ͷΑ͏ͳΠϝʔδ Ҿ༻ɿhttps://dev.classmethod.jp/articles/amazon-s3-intelligent-tiering-further-automating-cost-savings-for-short-lived-and-small-objects/ ݱࡏ ΠϯελϯτΞΫηε֊ ͕Ճ͞Ε͍ͯΔ
ϥΠϑαΠΫϧϙϦγʔ • όέοτͷΦϒδΣΫτʹରͯ͠ɺετϨʔδΫϥ εͷมߋআॲཧΛࣗಈԽ͢ΔΦϓγϣϯ
ϥΠϑαΠΫϧϙϦγʔʲΞοϓσʔτʳ • 2021/11ʹൃද͞ΕͨΞοϓσʔτʹ ͯɺόʔδϣϯΛࢦఆͨ͠ϥΠϑα ΠΫϧཧ͕Մೳʹ • ඇݱߦόʔδϣϯͰͳ͘ͳͬͨΛࢦఆ ͯ͠আɺετϨʔδΫϥεҠಈ͕Մೳʹ •
ྫ) ඇݱߦόʔδϣϯͱͳͬͯ2ܦͬͨΒআ Ҿ༻ɿhttps://dev.classmethod.jp/articles/ s3-lifecyclerule-add-object-version/
4ͷετϨʔδཧɺԿͨ͠Β͍͍ͷʁ • σϑΥϧτ҉߸Խ • όʔδϣχϯά • ετϨʔδΫϥε • ϥΠϑαΠΫϧϙϦγʔ
4ͷετϨʔδཧɺԿͨ͠Β͍͍ͷʁ • σϑΥϧτ҉߸Խ • ༗ޮԽ → جຊαʔόʔαΠυɺSSE-S3(҉߸ԽϙϦγʔ͕ͳ͍߹) • όʔδϣχϯά
• ༗ޮԽ → ޡૢ࡞ࢭɺվ͟Μࢭͷ؍ͰઃఆΛ͓͢͢Ί • ετϨʔδΫϥε • جຊతʹStandardɺ༻్ཧํ͕ܾ·͍ͬͯΕ֤ετϨʔδΫ ϥεΛબ͢Δ • ϥΠϑαΠΫϧϙϦγʔ • ઃఆ͢Δ → దͳετϨʔδΫϥεͷҠಈɺෆཁʹͳͬͨΦϒδΣΫ τͷআͷࣗಈԽ͕Մೳ
·ͱΊ
શମͷ·ͱΊ • S3ͱ • ֦ுੑɾٱੑɾηΩϡϦςΟػೳΛͭΦϒδΣΫτετϨʔδ • ͘͢͝ݎ࿚Ͱɺڧྗͳσʔλ߹ੑΛ͍࣋ͬͯΔɻ • ΞΫηεཧ
• ϢʔβϙϦγʔɺόέοτϙϦγʔΛར༻͠Α͏(ACLແޮ) • ෆཁͳύϒϦοΫΞΫηεϒϩοΫ͠Α͏ • ετϨʔδཧ • σϑΥϧτ҉߸ԽɺόʔδϣχϯάɺϥΠϑαΠΫϧϙϦγʔΛར༻͠ Α͏ • ετϨʔδΫϥεStandardͰOK
None