Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
20220523_akibaaws-online-08-s3
Search
h-ashisan
May 27, 2022
Technology
0
830
20220523_akibaaws-online-08-s3
h-ashisan
May 27, 2022
Tweet
Share
More Decks by h-ashisan
See All by h-ashisan
Tokyo_reInforce_2025_recap_iam_access_analyzer
hiashisan
0
170
OpsJAWS34_CloudTrailLake_for_Organizations
hiashisan
0
370
Classmethod_regrowth_2024_tokyo_security_identity_governance_summary
hiashisan
0
1.4k
2024/11/29_失敗談から学ぶ! エンジニア向けre:Invent攻略アンチパターン集
hiashisan
0
610
20241015 Toranomon Tech Hub#1 Service Catalog使ってみた
hiashisan
0
530
Practical-AWS-Security-measures-you-can-implement-now
hiashisan
0
640
20240724_cm_odyssey_hibiyatech
hiashisan
0
430
[2024最新版]AWS Control Towerを使ったセキュアなマルチアカウント環境の作り方
hiashisan
0
1.1k
クラウド利用者の「責任」をどう果たす?AWSセキュリティ対策のススメ #AWSSummit
hiashisan
0
680
Other Decks in Technology
See All in Technology
KubeCon + CloudNativeCon Japan 2025 Recap
ren510dev
1
360
ゼロからはじめる採用広報
yutadayo
0
180
怖くない!はじめてのClaude Code
shinya337
0
370
Delta airlines Customer®️ USA Contact Numbers: Complete 2025 Support Guide
deltahelp
0
140
B2C&B2B&社内向けサービスを抱える開発組織におけるサービス価値を最大化するイニシアチブ管理
belongadmin
1
5.7k
第4回Snowflake 金融ユーザー会 Snowflake summit recap
tamaoki
0
210
Witchcraft for Memory
pocke
1
750
2025-07-06 QGIS初級ハンズオン「はじめてのQGIS」
kou_kita
0
150
自律的なスケーリング手法FASTにおけるVPoEとしてのアカウンタビリティ / dev-productivity-con-2025
yoshikiiida
1
14k
Understanding_Thread_Tuning_for_Inference_Servers_of_Deep_Models.pdf
lycorptech_jp
PRO
0
160
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
26k
5min GuardDuty Extended Threat Detection EKS
takakuni
0
190
Featured
See All Featured
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
810
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
Building Applications with DynamoDB
mza
95
6.5k
Designing for humans not robots
tammielis
253
25k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
229
22k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.4k
Six Lessons from altMBA
skipperchong
28
3.9k
Gamification - CAS2011
davidbonilla
81
5.3k
Producing Creativity
orderedlist
PRO
346
40k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
VelocityConf: Rendering Performance Case Studies
addyosmani
332
24k
Side Projects
sachag
455
42k
Transcript
Amazon S3ͷ࢝Ίํ ",*#""840/-*/&"84ɺ͡Ί·ͨ͠ฤ )JSPBLJ"TIJ[BXB ʙS3ͷ֓ཁͱΞΫηεɾετϨʔδཧʹֶ͍ͭͯ΅͏ʙ
ࣗݾհ Ἑত / (͋͟͠ΘͻΖ͖͋) ॴଐ AWSࣄۀ෦ίϯαϧςΟϯά෦ Twitter @ashi_ssan ೖࣾ
2021/09/01 ڵຯ͕͋ΔαʔϏε AWS WAF AWS DataSync
ॕɾʰAWSͷࣝਤʱൃץʂ
ʰ"84ͷࣝਤʱ͏ಡΈ·͔ͨ͠ʁ ߪೖϖʔδϦϯΫɿhttps://www.amazon.co.jp/dp/B09X9JVR7Q
ʰ"84ͷࣝਤʱͷ࣍ "NB[POΑΓ
ʰ"84ͷࣝਤʱͷ࣍ "NB[POΑΓ ͜ͷষʹؚ·ΕΔ "NB[PO4ʹ͍ͭͯ ͠·͢ʂʂʂ
ࠓ͢͜ͱ • Amazon S3ͱʁ • S3ͷػೳ • ΞΫηεཧɾετϨʔδཧ •
·ͱΊ
ఆࢹௌऀ • ͜Ε͔ΒAWSΛֶΜͰߦ͖͍ͨํ • Amazon S3ʹֶ͍ͭͯͼ͍ͨํ • Amazon S3Λطʹ͍ͬͯΔ͕ͲΜͳઃఆΛͨ͠Β
ྑ͍͔Θ͔Βͳ͍ํ
ࠓͤͳ͍͜ͱ • S3Ҏ֎ͷAWSϦιʔεʹ͍ͭͯ • ࠓऔΓѻΘͳ͍S3ͷػೳ • ػೳͯ͢Λཏͨ͠༰Ͱ͋Γ·ͤΜ • S3Λར༻ͨ͠۩ମతͳϢʔεέʔε
• AWSར༻ྉۚʹ͍ͭͯ
Amazon S3ͱʁ
"NB[PO4ͱʁ • S3 = ”Amazon Simple Storage Service” •
ҎԼͷಛΛ࣋ͭΦϒδΣΫτετϨʔδαʔϏε • ֦ுੑ • ٱੑ • ηΩϡϦςΟ • ύϑΥʔϚϯε
ΦϒδΣΫτετϨʔδͱʁ Ҿ༻ɿhttps://www.softbank.jp/biz/blog/business/articles/202007/storage-difference/
ΦϒδΣΫτετϨʔδͱʁ Ҿ༻ɿhttps://www.softbank.jp/biz/blog/business/articles/202007/storage-difference/
4ͷߏཁૉ • όέοτ • S3ʹอଘ͞ΕΔΦϒδΣΫτίϯςφ • ΦϒδΣΫτ • S3ʹอଘ͞ΕΔجຊΤϯςΟςΟ
• Ωʔ • όέοτʹҰҙͷΦϒδΣΫτࣝผࢠ • ΦϒδΣΫτΩʔ = Prefix + ΦϒδΣΫτ໊
4ͷߏཁૉ
4ͷٱੑɾՄ༻ੑ • ٱੑɿ99.999999999% <௨শɿΠϨϒϯφΠϯ> • ͭ·Γ… σʔλΛফࣦ͢ΔՄೳੑ΄΅θϩ • Մ༻ੑɿ99.99%(S3
Standardͷ߹) • ͭ·Γ…ɹαʔϏεఀࢭ࣌ؒؒ1࣌ؒఔ (52.6)
4ͷٱੑɾՄ༻ੑ Ҿ༻ɿhttps://d1.awsstatic.com/webinars/jp/pdf/services/20190220_AWS-BlackBelt_S3_Glacier.pdf
4ͷσʔλ߹ੑϞσϧ • ڧྗͳ߹ੑ • ΦϒδΣΫτͷPUT(৽نొɺߋ৽),DELETE(আ)ʹؔ͢Δॻ͖ࠐΈޙಡ ΈऔΓͷ “ڧྗͳ߹ੑ” ͕࠾༻͞Ε͍ͯΔ
4ͷσʔλ߹ੑϞσϧ Ҿ༻ɿhttps://dev.classmethod.jp/articles/ update-amazon-s3-strong-read-after-write- consistency/ • ڧ͍߹ੑ2020ͷre:invent Ͱαϙʔτ͞Ε·ͨ͠ • ݹ͍ॻ੶ɾใͩͱʮ݁Ռ߹
ੑʯͱ͋Δͣɺཁҙ • ࠷৽ͷΞοϓσʔτͷใΛ͍ ·͠ΐ͏
S3ͷػೳ
4ͷػೳ • ΞΫηεཧ • IAMɺACL(ΞΫηείϯτϩʔϧϦετ)ɺόέοτϙϦγʔɺϒϩοΫύϒ ϦοΫΞΫηε etc… • ετϨʔδཧ
• σϑΥϧτ҉߸ԽɺόʔδϣχϯάɺετϨʔδΫϥεɺϥΠϑαΠΫϧϙϦ γʔ etc… • ͦͷଞ • ΞΫηεϩάɺCloudTrailϩάɺCloudWatchϝτϦΫε • S3 Storage LensɺS3ετϨʔδΫϥεੳ • etc…
4ͷػೳ • ΞΫηεཧ • IAMɺACL(ΞΫηείϯτϩʔϧϦετ)ɺόέοτϙϦγʔɺϒϩοΫύϒ ϦοΫΞΫηε etc… • ετϨʔδཧ
• σϑΥϧτ҉߸ԽɺόʔδϣχϯάɺετϨʔδΫϥεɺϥΠϑαΠΫϧϙϦ γʔ etc… • ͦͷଞ • ΞΫηεϩάɺCloudTrailϩάɺCloudWatchϝτϦΫε • S3 Storage LensɺS3ετϨʔδΫϥεੳ • etc… ࠓ͢ͱ͜Ζ
ΞΫηεཧ
લஔ͖ ͳͥΞΫηεཧ͕ඞཁͳͷ͔ʁ • S3REST API(HTTPS)ͰΞΫηεՄೳͰ͢ • ྫ) • ౦ژϦʔδϣϯʹ͋Δόέοτ໊
”akiba-aws-bucket” ͷΦϒδΣ ΫτΩʔ”object/blog.jpg”ʹΞΫηε͢Δ߹… • URLྫɿhttps://{όέοτ໊}.s3.{Ϧʔδϣϯ໊}/{Prefix}/{ΦϒδΣΫτ໊}
લஔ͖ ͳͥΞΫηεཧ͕ඞཁͳͷ͔ʁ • S3REST API(HTTPS)ͰΞΫηεՄೳͰ͢ • ྫ) • ౦ژϦʔδϣϯʹ͋Δόέοτ໊
”akiba-aws-bucket” ͷΦϒδΣ ΫτΩʔ”object/blog.jpg”ʹΞΫηε͢Δ߹… • URLྫɿhttps://{όέοτ໊}.s3.{Ϧʔδϣϯ໊}/{Prefix}/{ΦϒδΣΫτ໊} ʲఏىʳ ͜ͷ63-ΛΒΕͨΒ୭ͰΞΫηε Ͱ͖ͯ͠·͏ͷͰʁʁʁ
ΞΫηεཧ֓ཁ • ϢʔβʔϙϦγʔ • όέοτϙϦγʔ • ACL(ΞΫηείϯτϩʔϧϦετ) • ϒϩοΫύϒϦοΫΞΫηε
ϢʔβʔϙϦγʔ • ʮAWSʹ͓͍ͯ͜ͷϢʔβʔԿ͕Ͱ͖Δͷ͔ʁʯΛ ࢦఆ͢ΔIAMͷΞΠσϯςΟςΟϕʔεϙϦγʔ
όέοτϙϦγʔ • ʮ͜ͷS3όέοτʹ୭͕ΞΫηεͰ͖Δͷ͔ʁʯ Λࢦఆ͢ΔIAMͷϦιʔεϕʔεϙϦγʔ
"$- ΞΫηείϯτϩʔϧϦετ • ʮ͜ͷS3όέοτ/S3ΦϒδΣΫτʹΞΫηεͰ͖Δ ଞͷAWSΞΧϯτʯΛࢦఆ͢ΔIAMͷϦιʔεϕʔ εϙϦγʔ
"$- ΞΫηείϯτϩʔϧϦετʲΞοϓσʔτʳ Ҿ༻ɿhttps://dev.classmethod.jp/articles/s3- bucket-owner-enforced/ • ACL2021ͷre:inventͰɹ ແޮԽͰ͖ΔΑ͏ʹͳΓ·ͨ͠ • ʰͪΐͬͱACLࣺͯͯ͘Δʱ
όέοτϙϦγʔPS"$-ʁ • όέοτϙϦγʔͱͲͪΒΛ͏͔બ͢Δ • جຊతͳߟ͑ͱͯ͠ɺόέοτϙϦγʔΛ༻ɺACL ແޮʹ͢Δ͖ • ACLAWSΞΧϯτ୯Ґͷ੍ޚͷΈ •
όέοτϙϦγʔIAMϦιʔε୯ҐͰͷ੍ޚ͕Մ ೳ
ϒϩοΫύϒϦοΫΞΫηε • S3όέοτʹઃఆ͢Δ͜ͱͰύϒϦοΫެ։Λࢭ Ͱ͖Δػೳ • ύϒϦοΫΞΫηε͕ෆཁͳόέοτʹඞਢͷઃఆ • ΞΧϯτ୯Ґɺόέοτ୯Ґͷઃఆ͕͋Δ
4ͷΞΫηεཧɺԿͨ͠Β͍͍ͷʁ • ϢʔβʔϙϦγʔ • όέοτϙϦγʔ • ACL(ΞΫηείϯτϩʔϧϙϦγʔ) • ϒϩοΫύϒϦοΫΞΫηε
4ͷΞΫηεཧɺԿͨ͠Β͍͍ͷʁ • ϢʔβʔϙϦγʔ • ར༻͢Δ → લఏͱͯ͠IAMϢʔβʔͰਖ਼͘͠ݖݶཧΛ͠Α͏ • όέοτϙϦγʔ
• ར༻͢Δ → S3ʹ͍ͭͯΞΫηεڐՄ͢ΔϦιʔεͷཧΛ͠Α͏ • ACL(ΞΫηείϯτϩʔϧϙϦγʔ) • جຊతʹແޮͰOK • ϒϩοΫύϒϦοΫΞΫηε • ༗ޮԽ → ύϒϦοΫެ։͕ෆཁͳ߹ඞਢ
ࢀߟ *".ʹ͍ͭͯͬͱΓ͍ͨํ͚ͷهࣄ Ҿ༻ɿhttps://dev.classmethod.jp/articles/re-introduction-2022-aws-iam/
ࢀߟ "$-ʹ͍ͭͯͬͱΓ͍ͨํ͚ͷهࣄ Ҿ༻ɿhttps://dev.classmethod.jp/articles/amazon-s3-acl-basics/
ετϨʔδཧ
લஔ͖ ͳͥετϨʔδͷཧΛ͢Δͷ͔ʁ • ҰൠతͳετϨʔδͰ͋Ε… • σʔλͷ૿Ճରࡦ → ݶΒΕͨετϨʔδαΠζ •
σʔλͷόοΫΞοϓ → ϋʔυোɺϥϯαϜΣΞରࡦ • S3ͷ߹ಉ͡Α͏ʹରࡦ͕ඞਢ • σʔλͷ૿Ճରࡦ → ॊೈͳετϨʔδαΠζ • → ैྔ՝ۚΛ͑ΔͨΊͷରࡦ͕ඞཁ • σʔλͷόοΫΞοϓ → S3ͷٱੑɾՄ༻ੑ • → ޡૢ࡞ɺվ͟Μରࡦඞཁ
ετϨʔδཧ֓ཁ • σϑΥϧτ҉߸Խ • όʔδϣχϯά • ετϨʔδΫϥε • ϥΠϑαΠΫϧϙϦγʔ
σϑΥϧτ҉߸Խ Ҿ༻ɿhttps://d1.awsstatic.com/webinars/jp/pdf/services/20190220_AWS-BlackBelt_S3_Glacier.pdf
ࢀߟ 4ͷ҉߸Խʹ͍ͭͯ Ҿ༻ɿhttps://dev.classmethod.jp/articles/lim-s3-sse-2021/
όʔδϣχϯά • ୯ҰͷΦϒδΣΫτͷෳόʔδϣϯΛอ࣋Ͱ͖ΔΑ ͏ʹ͢ΔΦϓγϣϯ • ૢ࡞ϛεʹΑΔআ͔Βͷ෮چɺσʔλͷվ͟ΜରࡦʹͳΔ • ্ॻ͖ͷ߹৽نόʔδϣϯͷΦϒδΣΫτɺআ ͷ߹আϚʔΧʔ͕࡞͞ΕΔ
όʔδϣχϯά Ҿ༻ɿhttps://dev.classmethod.jp/articles/3minutes-s3-versioning-lifecycle/
ετϨʔδΫϥε • ༻్ʹԠͯ͡ΦϒδΣΫτΛ֨ೲ͢ΔS3ͷॴΛ͍͚Δ͜ ͱ͕Ͱ͖·͢ Ҿ༻ɿhttps://docs.aws.amazon.com/ja_jp/AmazonS3/latest/userguide/storage-class-intro.html
ετϨʔδΫϥε • ͲͷΫϥεʹ͖͔͢ʁɺΞΫηεස࠷খอଘ ظؒʹΑܾͬͯ·Δ • ྫʣ • 1ϲ݄ʹ1ճΞΫηε͢ΔΞϓϦέʔγϣϯϩά =
Standard-IA • ୯ҐͰΞΫηε͞Εͳ͍ࠪϩά = Glacier Deep Archive • ࣄલʹԿʹ͖͔͢Θ͔Βͳ͍߹ޙ͔Βઃఆ͢Δ͜ͱ Մೳ • Ұ୴ͯ͢StandardͰอଘ͓͖ͯ͠ɺS3 Storage Lensͷੳ݁Ռʹ ΑͬͯΫϥεΛܾΊΔɺͱ͍͏ઓུ
ετϨʔδΫϥεʲ44UPSBHF-FOTʳ • ༗ޮԽ͢ΔͱS3ͷར༻ঢ় گ͕μογϡϘʔυԽ͞Ε ·͢ Ҿ༻ɿhttps://dev.classmethod.jp/articles/ amazon-s3-storage-lens/
ετϨʔδΫϥεʲ*OUFMMJHFOU5JFSJOHʳ • ΞΫηεසʹԠͯ͡3ͭͷΞΫηε֊ʹࣗಈతʹ ΦϒδΣΫτΛอଘ͢ΔΫϥε • ߴස/ස/Πϯελϯτ • ΦϓτΠϯͰΑΓ͍සͷΞΫηε֊Λར༻Մೳ •
ΞʔΧΠϒ/σΟʔϓΞʔΧΠϒ • ޙड़͢ΔϥΠϑϧαΠΫϧϙϦγʔΛଂͨ͠ετ ϨʔδΫϥεͱ͍͏Πϝʔδ
ετϨʔδΫϥεʲ*OUFMMJHFOU5JFSJOHʳ • গ͠ݹ͍ਤͰ͕͢͜ͷΑ͏ͳΠϝʔδ Ҿ༻ɿhttps://dev.classmethod.jp/articles/amazon-s3-intelligent-tiering-further-automating-cost-savings-for-short-lived-and-small-objects/ ݱࡏ ΠϯελϯτΞΫηε֊ ͕Ճ͞Ε͍ͯΔ
ϥΠϑαΠΫϧϙϦγʔ • όέοτͷΦϒδΣΫτʹରͯ͠ɺετϨʔδΫϥ εͷมߋআॲཧΛࣗಈԽ͢ΔΦϓγϣϯ
ϥΠϑαΠΫϧϙϦγʔʲΞοϓσʔτʳ • 2021/11ʹൃද͞ΕͨΞοϓσʔτʹ ͯɺόʔδϣϯΛࢦఆͨ͠ϥΠϑα ΠΫϧཧ͕Մೳʹ • ඇݱߦόʔδϣϯͰͳ͘ͳͬͨΛࢦఆ ͯ͠আɺετϨʔδΫϥεҠಈ͕Մೳʹ •
ྫ) ඇݱߦόʔδϣϯͱͳͬͯ2ܦͬͨΒআ Ҿ༻ɿhttps://dev.classmethod.jp/articles/ s3-lifecyclerule-add-object-version/
4ͷετϨʔδཧɺԿͨ͠Β͍͍ͷʁ • σϑΥϧτ҉߸Խ • όʔδϣχϯά • ετϨʔδΫϥε • ϥΠϑαΠΫϧϙϦγʔ
4ͷετϨʔδཧɺԿͨ͠Β͍͍ͷʁ • σϑΥϧτ҉߸Խ • ༗ޮԽ → جຊαʔόʔαΠυɺSSE-S3(҉߸ԽϙϦγʔ͕ͳ͍߹) • όʔδϣχϯά
• ༗ޮԽ → ޡૢ࡞ࢭɺվ͟Μࢭͷ؍ͰઃఆΛ͓͢͢Ί • ετϨʔδΫϥε • جຊతʹStandardɺ༻్ཧํ͕ܾ·͍ͬͯΕ֤ετϨʔδΫ ϥεΛબ͢Δ • ϥΠϑαΠΫϧϙϦγʔ • ઃఆ͢Δ → దͳετϨʔδΫϥεͷҠಈɺෆཁʹͳͬͨΦϒδΣΫ τͷআͷࣗಈԽ͕Մೳ
·ͱΊ
શମͷ·ͱΊ • S3ͱ • ֦ுੑɾٱੑɾηΩϡϦςΟػೳΛͭΦϒδΣΫτετϨʔδ • ͘͢͝ݎ࿚Ͱɺڧྗͳσʔλ߹ੑΛ͍࣋ͬͯΔɻ • ΞΫηεཧ
• ϢʔβϙϦγʔɺόέοτϙϦγʔΛར༻͠Α͏(ACLແޮ) • ෆཁͳύϒϦοΫΞΫηεϒϩοΫ͠Α͏ • ετϨʔδཧ • σϑΥϧτ҉߸ԽɺόʔδϣχϯάɺϥΠϑαΠΫϧϙϦγʔΛར༻͠ Α͏ • ετϨʔδΫϥεStandardͰOK
None