Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
20220523_akibaaws-online-08-s3
Search
h-ashisan
May 27, 2022
Technology
0
840
20220523_akibaaws-online-08-s3
h-ashisan
May 27, 2022
Tweet
Share
More Decks by h-ashisan
See All by h-ashisan
Tokyo_reInforce_2025_recap_iam_access_analyzer
hiashisan
0
190
OpsJAWS34_CloudTrailLake_for_Organizations
hiashisan
0
390
Classmethod_regrowth_2024_tokyo_security_identity_governance_summary
hiashisan
0
1.4k
2024/11/29_失敗談から学ぶ! エンジニア向けre:Invent攻略アンチパターン集
hiashisan
0
610
20241015 Toranomon Tech Hub#1 Service Catalog使ってみた
hiashisan
0
540
Practical-AWS-Security-measures-you-can-implement-now
hiashisan
0
650
20240724_cm_odyssey_hibiyatech
hiashisan
0
440
[2024最新版]AWS Control Towerを使ったセキュアなマルチアカウント環境の作り方
hiashisan
0
1.2k
クラウド利用者の「責任」をどう果たす?AWSセキュリティ対策のススメ #AWSSummit
hiashisan
0
690
Other Decks in Technology
See All in Technology
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
2.7k
PHPからはじめるコンピュータアーキテクチャ / From Scripts to Silicon: A Journey Through the Layers of Computing
tomzoh
2
130
20250708オープンエンドな探索と知識発見
sakana_ai
PRO
4
1k
Autify Company Deck
autifyhq
2
44k
本当にわかりやすいAIエージェント入門
segavvy
1
460
ビジネス職が分析も担う事業部制組織でのデータ活用の仕組みづくり / Enabling Data Analytics in Business-Led Divisional Organizations
zaimy
1
400
Rethinking Incident Response: Context-Aware AI in Practice
rrreeeyyy
2
940
Maintainer Meetupで「生の声」を聞く ~講演だけじゃないKubeCon
logica0419
0
110
ソフトウェアQAがハードウェアの人になったの
mineo_matsuya
3
200
Amazon SNSサブスクリプションの誤解除を防ぐ
y_sakata
3
190
SRE with AI:実践から学ぶ、運用課題解決と未来への展望
yoshiiryo1
0
320
振り返りTransit Gateway ~VPCをいい感じでつなげるために~
masakiokuda
3
210
Featured
See All Featured
Typedesign – Prime Four
hannesfritz
42
2.7k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Facilitating Awesome Meetings
lara
54
6.5k
Building a Modern Day E-commerce SEO Strategy
aleyda
42
7.4k
For a Future-Friendly Web
brad_frost
179
9.8k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Why Our Code Smells
bkeepers
PRO
337
57k
Gamification - CAS2011
davidbonilla
81
5.4k
Site-Speed That Sticks
csswizardry
10
700
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Transcript
Amazon S3ͷ࢝Ίํ ",*#""840/-*/&"84ɺ͡Ί·ͨ͠ฤ )JSPBLJ"TIJ[BXB ʙS3ͷ֓ཁͱΞΫηεɾετϨʔδཧʹֶ͍ͭͯ΅͏ʙ
ࣗݾհ Ἑত / (͋͟͠ΘͻΖ͖͋) ॴଐ AWSࣄۀ෦ίϯαϧςΟϯά෦ Twitter @ashi_ssan ೖࣾ
2021/09/01 ڵຯ͕͋ΔαʔϏε AWS WAF AWS DataSync
ॕɾʰAWSͷࣝਤʱൃץʂ
ʰ"84ͷࣝਤʱ͏ಡΈ·͔ͨ͠ʁ ߪೖϖʔδϦϯΫɿhttps://www.amazon.co.jp/dp/B09X9JVR7Q
ʰ"84ͷࣝਤʱͷ࣍ "NB[POΑΓ
ʰ"84ͷࣝਤʱͷ࣍ "NB[POΑΓ ͜ͷষʹؚ·ΕΔ "NB[PO4ʹ͍ͭͯ ͠·͢ʂʂʂ
ࠓ͢͜ͱ • Amazon S3ͱʁ • S3ͷػೳ • ΞΫηεཧɾετϨʔδཧ •
·ͱΊ
ఆࢹௌऀ • ͜Ε͔ΒAWSΛֶΜͰߦ͖͍ͨํ • Amazon S3ʹֶ͍ͭͯͼ͍ͨํ • Amazon S3Λطʹ͍ͬͯΔ͕ͲΜͳઃఆΛͨ͠Β
ྑ͍͔Θ͔Βͳ͍ํ
ࠓͤͳ͍͜ͱ • S3Ҏ֎ͷAWSϦιʔεʹ͍ͭͯ • ࠓऔΓѻΘͳ͍S3ͷػೳ • ػೳͯ͢Λཏͨ͠༰Ͱ͋Γ·ͤΜ • S3Λར༻ͨ͠۩ମతͳϢʔεέʔε
• AWSར༻ྉۚʹ͍ͭͯ
Amazon S3ͱʁ
"NB[PO4ͱʁ • S3 = ”Amazon Simple Storage Service” •
ҎԼͷಛΛ࣋ͭΦϒδΣΫτετϨʔδαʔϏε • ֦ுੑ • ٱੑ • ηΩϡϦςΟ • ύϑΥʔϚϯε
ΦϒδΣΫτετϨʔδͱʁ Ҿ༻ɿhttps://www.softbank.jp/biz/blog/business/articles/202007/storage-difference/
ΦϒδΣΫτετϨʔδͱʁ Ҿ༻ɿhttps://www.softbank.jp/biz/blog/business/articles/202007/storage-difference/
4ͷߏཁૉ • όέοτ • S3ʹอଘ͞ΕΔΦϒδΣΫτίϯςφ • ΦϒδΣΫτ • S3ʹอଘ͞ΕΔجຊΤϯςΟςΟ
• Ωʔ • όέοτʹҰҙͷΦϒδΣΫτࣝผࢠ • ΦϒδΣΫτΩʔ = Prefix + ΦϒδΣΫτ໊
4ͷߏཁૉ
4ͷٱੑɾՄ༻ੑ • ٱੑɿ99.999999999% <௨শɿΠϨϒϯφΠϯ> • ͭ·Γ… σʔλΛফࣦ͢ΔՄೳੑ΄΅θϩ • Մ༻ੑɿ99.99%(S3
Standardͷ߹) • ͭ·Γ…ɹαʔϏεఀࢭ࣌ؒؒ1࣌ؒఔ (52.6)
4ͷٱੑɾՄ༻ੑ Ҿ༻ɿhttps://d1.awsstatic.com/webinars/jp/pdf/services/20190220_AWS-BlackBelt_S3_Glacier.pdf
4ͷσʔλ߹ੑϞσϧ • ڧྗͳ߹ੑ • ΦϒδΣΫτͷPUT(৽نొɺߋ৽),DELETE(আ)ʹؔ͢Δॻ͖ࠐΈޙಡ ΈऔΓͷ “ڧྗͳ߹ੑ” ͕࠾༻͞Ε͍ͯΔ
4ͷσʔλ߹ੑϞσϧ Ҿ༻ɿhttps://dev.classmethod.jp/articles/ update-amazon-s3-strong-read-after-write- consistency/ • ڧ͍߹ੑ2020ͷre:invent Ͱαϙʔτ͞Ε·ͨ͠ • ݹ͍ॻ੶ɾใͩͱʮ݁Ռ߹
ੑʯͱ͋Δͣɺཁҙ • ࠷৽ͷΞοϓσʔτͷใΛ͍ ·͠ΐ͏
S3ͷػೳ
4ͷػೳ • ΞΫηεཧ • IAMɺACL(ΞΫηείϯτϩʔϧϦετ)ɺόέοτϙϦγʔɺϒϩοΫύϒ ϦοΫΞΫηε etc… • ετϨʔδཧ
• σϑΥϧτ҉߸ԽɺόʔδϣχϯάɺετϨʔδΫϥεɺϥΠϑαΠΫϧϙϦ γʔ etc… • ͦͷଞ • ΞΫηεϩάɺCloudTrailϩάɺCloudWatchϝτϦΫε • S3 Storage LensɺS3ετϨʔδΫϥεੳ • etc…
4ͷػೳ • ΞΫηεཧ • IAMɺACL(ΞΫηείϯτϩʔϧϦετ)ɺόέοτϙϦγʔɺϒϩοΫύϒ ϦοΫΞΫηε etc… • ετϨʔδཧ
• σϑΥϧτ҉߸ԽɺόʔδϣχϯάɺετϨʔδΫϥεɺϥΠϑαΠΫϧϙϦ γʔ etc… • ͦͷଞ • ΞΫηεϩάɺCloudTrailϩάɺCloudWatchϝτϦΫε • S3 Storage LensɺS3ετϨʔδΫϥεੳ • etc… ࠓ͢ͱ͜Ζ
ΞΫηεཧ
લஔ͖ ͳͥΞΫηεཧ͕ඞཁͳͷ͔ʁ • S3REST API(HTTPS)ͰΞΫηεՄೳͰ͢ • ྫ) • ౦ژϦʔδϣϯʹ͋Δόέοτ໊
”akiba-aws-bucket” ͷΦϒδΣ ΫτΩʔ”object/blog.jpg”ʹΞΫηε͢Δ߹… • URLྫɿhttps://{όέοτ໊}.s3.{Ϧʔδϣϯ໊}/{Prefix}/{ΦϒδΣΫτ໊}
લஔ͖ ͳͥΞΫηεཧ͕ඞཁͳͷ͔ʁ • S3REST API(HTTPS)ͰΞΫηεՄೳͰ͢ • ྫ) • ౦ژϦʔδϣϯʹ͋Δόέοτ໊
”akiba-aws-bucket” ͷΦϒδΣ ΫτΩʔ”object/blog.jpg”ʹΞΫηε͢Δ߹… • URLྫɿhttps://{όέοτ໊}.s3.{Ϧʔδϣϯ໊}/{Prefix}/{ΦϒδΣΫτ໊} ʲఏىʳ ͜ͷ63-ΛΒΕͨΒ୭ͰΞΫηε Ͱ͖ͯ͠·͏ͷͰʁʁʁ
ΞΫηεཧ֓ཁ • ϢʔβʔϙϦγʔ • όέοτϙϦγʔ • ACL(ΞΫηείϯτϩʔϧϦετ) • ϒϩοΫύϒϦοΫΞΫηε
ϢʔβʔϙϦγʔ • ʮAWSʹ͓͍ͯ͜ͷϢʔβʔԿ͕Ͱ͖Δͷ͔ʁʯΛ ࢦఆ͢ΔIAMͷΞΠσϯςΟςΟϕʔεϙϦγʔ
όέοτϙϦγʔ • ʮ͜ͷS3όέοτʹ୭͕ΞΫηεͰ͖Δͷ͔ʁʯ Λࢦఆ͢ΔIAMͷϦιʔεϕʔεϙϦγʔ
"$- ΞΫηείϯτϩʔϧϦετ • ʮ͜ͷS3όέοτ/S3ΦϒδΣΫτʹΞΫηεͰ͖Δ ଞͷAWSΞΧϯτʯΛࢦఆ͢ΔIAMͷϦιʔεϕʔ εϙϦγʔ
"$- ΞΫηείϯτϩʔϧϦετʲΞοϓσʔτʳ Ҿ༻ɿhttps://dev.classmethod.jp/articles/s3- bucket-owner-enforced/ • ACL2021ͷre:inventͰɹ ແޮԽͰ͖ΔΑ͏ʹͳΓ·ͨ͠ • ʰͪΐͬͱACLࣺͯͯ͘Δʱ
όέοτϙϦγʔPS"$-ʁ • όέοτϙϦγʔͱͲͪΒΛ͏͔બ͢Δ • جຊతͳߟ͑ͱͯ͠ɺόέοτϙϦγʔΛ༻ɺACL ແޮʹ͢Δ͖ • ACLAWSΞΧϯτ୯Ґͷ੍ޚͷΈ •
όέοτϙϦγʔIAMϦιʔε୯ҐͰͷ੍ޚ͕Մ ೳ
ϒϩοΫύϒϦοΫΞΫηε • S3όέοτʹઃఆ͢Δ͜ͱͰύϒϦοΫެ։Λࢭ Ͱ͖Δػೳ • ύϒϦοΫΞΫηε͕ෆཁͳόέοτʹඞਢͷઃఆ • ΞΧϯτ୯Ґɺόέοτ୯Ґͷઃఆ͕͋Δ
4ͷΞΫηεཧɺԿͨ͠Β͍͍ͷʁ • ϢʔβʔϙϦγʔ • όέοτϙϦγʔ • ACL(ΞΫηείϯτϩʔϧϙϦγʔ) • ϒϩοΫύϒϦοΫΞΫηε
4ͷΞΫηεཧɺԿͨ͠Β͍͍ͷʁ • ϢʔβʔϙϦγʔ • ར༻͢Δ → લఏͱͯ͠IAMϢʔβʔͰਖ਼͘͠ݖݶཧΛ͠Α͏ • όέοτϙϦγʔ
• ར༻͢Δ → S3ʹ͍ͭͯΞΫηεڐՄ͢ΔϦιʔεͷཧΛ͠Α͏ • ACL(ΞΫηείϯτϩʔϧϙϦγʔ) • جຊతʹແޮͰOK • ϒϩοΫύϒϦοΫΞΫηε • ༗ޮԽ → ύϒϦοΫެ։͕ෆཁͳ߹ඞਢ
ࢀߟ *".ʹ͍ͭͯͬͱΓ͍ͨํ͚ͷهࣄ Ҿ༻ɿhttps://dev.classmethod.jp/articles/re-introduction-2022-aws-iam/
ࢀߟ "$-ʹ͍ͭͯͬͱΓ͍ͨํ͚ͷهࣄ Ҿ༻ɿhttps://dev.classmethod.jp/articles/amazon-s3-acl-basics/
ετϨʔδཧ
લஔ͖ ͳͥετϨʔδͷཧΛ͢Δͷ͔ʁ • ҰൠతͳετϨʔδͰ͋Ε… • σʔλͷ૿Ճରࡦ → ݶΒΕͨετϨʔδαΠζ •
σʔλͷόοΫΞοϓ → ϋʔυোɺϥϯαϜΣΞରࡦ • S3ͷ߹ಉ͡Α͏ʹରࡦ͕ඞਢ • σʔλͷ૿Ճରࡦ → ॊೈͳετϨʔδαΠζ • → ैྔ՝ۚΛ͑ΔͨΊͷରࡦ͕ඞཁ • σʔλͷόοΫΞοϓ → S3ͷٱੑɾՄ༻ੑ • → ޡૢ࡞ɺվ͟Μରࡦඞཁ
ετϨʔδཧ֓ཁ • σϑΥϧτ҉߸Խ • όʔδϣχϯά • ετϨʔδΫϥε • ϥΠϑαΠΫϧϙϦγʔ
σϑΥϧτ҉߸Խ Ҿ༻ɿhttps://d1.awsstatic.com/webinars/jp/pdf/services/20190220_AWS-BlackBelt_S3_Glacier.pdf
ࢀߟ 4ͷ҉߸Խʹ͍ͭͯ Ҿ༻ɿhttps://dev.classmethod.jp/articles/lim-s3-sse-2021/
όʔδϣχϯά • ୯ҰͷΦϒδΣΫτͷෳόʔδϣϯΛอ࣋Ͱ͖ΔΑ ͏ʹ͢ΔΦϓγϣϯ • ૢ࡞ϛεʹΑΔআ͔Βͷ෮چɺσʔλͷվ͟ΜରࡦʹͳΔ • ্ॻ͖ͷ߹৽نόʔδϣϯͷΦϒδΣΫτɺআ ͷ߹আϚʔΧʔ͕࡞͞ΕΔ
όʔδϣχϯά Ҿ༻ɿhttps://dev.classmethod.jp/articles/3minutes-s3-versioning-lifecycle/
ετϨʔδΫϥε • ༻్ʹԠͯ͡ΦϒδΣΫτΛ֨ೲ͢ΔS3ͷॴΛ͍͚Δ͜ ͱ͕Ͱ͖·͢ Ҿ༻ɿhttps://docs.aws.amazon.com/ja_jp/AmazonS3/latest/userguide/storage-class-intro.html
ετϨʔδΫϥε • ͲͷΫϥεʹ͖͔͢ʁɺΞΫηεස࠷খอଘ ظؒʹΑܾͬͯ·Δ • ྫʣ • 1ϲ݄ʹ1ճΞΫηε͢ΔΞϓϦέʔγϣϯϩά =
Standard-IA • ୯ҐͰΞΫηε͞Εͳ͍ࠪϩά = Glacier Deep Archive • ࣄલʹԿʹ͖͔͢Θ͔Βͳ͍߹ޙ͔Βઃఆ͢Δ͜ͱ Մೳ • Ұ୴ͯ͢StandardͰอଘ͓͖ͯ͠ɺS3 Storage Lensͷੳ݁Ռʹ ΑͬͯΫϥεΛܾΊΔɺͱ͍͏ઓུ
ετϨʔδΫϥεʲ44UPSBHF-FOTʳ • ༗ޮԽ͢ΔͱS3ͷར༻ঢ় گ͕μογϡϘʔυԽ͞Ε ·͢ Ҿ༻ɿhttps://dev.classmethod.jp/articles/ amazon-s3-storage-lens/
ετϨʔδΫϥεʲ*OUFMMJHFOU5JFSJOHʳ • ΞΫηεසʹԠͯ͡3ͭͷΞΫηε֊ʹࣗಈతʹ ΦϒδΣΫτΛอଘ͢ΔΫϥε • ߴස/ස/Πϯελϯτ • ΦϓτΠϯͰΑΓ͍සͷΞΫηε֊Λར༻Մೳ •
ΞʔΧΠϒ/σΟʔϓΞʔΧΠϒ • ޙड़͢ΔϥΠϑϧαΠΫϧϙϦγʔΛଂͨ͠ετ ϨʔδΫϥεͱ͍͏Πϝʔδ
ετϨʔδΫϥεʲ*OUFMMJHFOU5JFSJOHʳ • গ͠ݹ͍ਤͰ͕͢͜ͷΑ͏ͳΠϝʔδ Ҿ༻ɿhttps://dev.classmethod.jp/articles/amazon-s3-intelligent-tiering-further-automating-cost-savings-for-short-lived-and-small-objects/ ݱࡏ ΠϯελϯτΞΫηε֊ ͕Ճ͞Ε͍ͯΔ
ϥΠϑαΠΫϧϙϦγʔ • όέοτͷΦϒδΣΫτʹରͯ͠ɺετϨʔδΫϥ εͷมߋআॲཧΛࣗಈԽ͢ΔΦϓγϣϯ
ϥΠϑαΠΫϧϙϦγʔʲΞοϓσʔτʳ • 2021/11ʹൃද͞ΕͨΞοϓσʔτʹ ͯɺόʔδϣϯΛࢦఆͨ͠ϥΠϑα ΠΫϧཧ͕Մೳʹ • ඇݱߦόʔδϣϯͰͳ͘ͳͬͨΛࢦఆ ͯ͠আɺετϨʔδΫϥεҠಈ͕Մೳʹ •
ྫ) ඇݱߦόʔδϣϯͱͳͬͯ2ܦͬͨΒআ Ҿ༻ɿhttps://dev.classmethod.jp/articles/ s3-lifecyclerule-add-object-version/
4ͷετϨʔδཧɺԿͨ͠Β͍͍ͷʁ • σϑΥϧτ҉߸Խ • όʔδϣχϯά • ετϨʔδΫϥε • ϥΠϑαΠΫϧϙϦγʔ
4ͷετϨʔδཧɺԿͨ͠Β͍͍ͷʁ • σϑΥϧτ҉߸Խ • ༗ޮԽ → جຊαʔόʔαΠυɺSSE-S3(҉߸ԽϙϦγʔ͕ͳ͍߹) • όʔδϣχϯά
• ༗ޮԽ → ޡૢ࡞ࢭɺվ͟Μࢭͷ؍ͰઃఆΛ͓͢͢Ί • ετϨʔδΫϥε • جຊతʹStandardɺ༻్ཧํ͕ܾ·͍ͬͯΕ֤ετϨʔδΫ ϥεΛબ͢Δ • ϥΠϑαΠΫϧϙϦγʔ • ઃఆ͢Δ → దͳετϨʔδΫϥεͷҠಈɺෆཁʹͳͬͨΦϒδΣΫ τͷআͷࣗಈԽ͕Մೳ
·ͱΊ
શମͷ·ͱΊ • S3ͱ • ֦ுੑɾٱੑɾηΩϡϦςΟػೳΛͭΦϒδΣΫτετϨʔδ • ͘͢͝ݎ࿚Ͱɺڧྗͳσʔλ߹ੑΛ͍࣋ͬͯΔɻ • ΞΫηεཧ
• ϢʔβϙϦγʔɺόέοτϙϦγʔΛར༻͠Α͏(ACLແޮ) • ෆཁͳύϒϦοΫΞΫηεϒϩοΫ͠Α͏ • ετϨʔδཧ • σϑΥϧτ҉߸ԽɺόʔδϣχϯάɺϥΠϑαΠΫϧϙϦγʔΛར༻͠ Α͏ • ετϨʔδΫϥεStandardͰOK
None