インフラしくじり先生 / Failure story for infrastructure

Transcript

1. ωοτϫʔΫઃܭ Ξϯνύλʔϯ ΠϯϑϥɾωοτϫʔΫΤϯδχΞษڧձ Vol1

2. ωοτϫʔΫઃܭ Ξϯνύλʔϯ ωοτϫʔΫ͘͠͡Γઌੜ ΠϯϑϥɾωοτϫʔΫΤϯδχΞษڧձ Vol1

3. ࣗݾ঺հ Takashi Kaga QA (5೥) ɹˠɹαʔόαΠυ (3೥) ɹˠɹΠϯϑϥ (5೥) ※͍·͜͜

   ɹɹ TAKA_0411 ɹɹ kaga.takashi ɹɹ taka1111

4. iOSDC 2016 - 2019 ελοϑ (ࡱӨ୲౰)

5. PHPerKaigi 2018 - 2019 ελοϑ (ࡱӨ୲౰)

6. ͋͐͡Μͩ ɾVPCʹ͍ͭͯ ɾϕετϓϥΫςΟε ɾωοτϫʔΫ͘͠͡Γઌੜ ɾ·ͱΊ

7. ͋͐͡Μͩ ɾVPCʹ͍ͭͯ ɾϕετϓϥΫςΟε ɾωοτϫʔΫ͘͠͡Γઌੜ ɾ·ͱΊ

8. VPCͱSubnet Virtual Private Cloud (VPC) ͸ɺAWS ΞΧ΢ϯτઐ༻ͷԾ૝ωοτϫʔΫͰ͢ɻ VPC ͸ɺAWS Ϋϥ΢υͷଞͷԾ૝ωοτϫʔΫ͔Β࿦ཧతʹ੾Γ཭͞Ε͓ͯ

   ΓɺAWS ͷϦιʔεʢྫ͑͹ Amazon EC2 ΠϯελϯεʣΛ VPC ಺ʹىಈͰ ͖·͢ɻVPC ͷ IP ΞυϨεൣғΛࢦఆͯ͠ɺαϒωοτΛ௥Ճ͠ɺηΩϡϦ ςΟάϧʔϓΛؔ࿈෇͚ͯɺϧʔτςʔϒϧΛઃఆͰ͖·͢ɻ https://docs.aws.amazon.com/ja_jp/vpc/latest/userguide/what-is-amazon- vpc.html αϒωοτ͸ɺVPC ͷ IP ΞυϨεͷൣғͰ͢ɻAWS Ϧιʔε͸ɺࢦఆͨ͠αϒ ωοτ಺ʹىಈͰ͖·͢ɻΠϯλʔωοτʹ઀ଓ͢Δඞཁ͕͋ΔϦιʔεʹ͸ύ ϒϦοΫαϒωοτΛɺΠϯλʔωοτʹ઀ଓ͠ͳ͍Ϧιʔεʹ͸ϓϥΠϕʔτ αϒωοτΛ࢖༻͍ͯͩ͘͠͞ɻύϒϦοΫαϒωοτͱϓϥΠϕʔταϒωο τͷৄࡉʹ͍ͭͯ͸ɺʮVPC ͱαϒωοτͷجຊʯΛࢀর͍ͯͩ͘͠͞ɻ

9. ͜͜ʹ3ͭͷߏ੒ਤ͕͋Γ·͢
 (؆ུ൛)

10. ͦͷ̍ɿVPCͰ੾ͬͨ΋ͷ

11. ͦͷ̎ɿSubnetͰ੾ͬͨ΋ͷ

12. ͦͷ̏ɿdefaultߏ੒

13. ωοτϫʔΫͷઃܭ͸ Ͳ͏͋Δ΂͖͔

14. ɹɹ࿦ཧతͳ୯ҐͰ ɹɹ෼ׂ͢Δͱྑ͍ͷͰ͸

15. ࿦ཧతͳ୯Ґͱ͸ ɾ؀ڥ (Environment) ୯Ґ ɹɾdevelopment, staging, production ɹɾઌఔͷͦͷ̍, ͦͷ2ͷߏ੒ਤ ɾఏڙ͢ΔαʔϏε୯Ґ

    ɾ૊৫୯Ґ

16. ͋͐͡Μͩ ɾVPCʹ͍ͭͯ ɾϕετϓϥΫςΟε ɾωοτϫʔΫ͘͠͡Γઌੜ ɾ·ͱΊ

17. ϕετϓϥΫςΟε ɾAWSͷެࣜυΩϡϝϯτʹ ɹ͋Δఔ౓هࡌ͞Ε͍ͯΔ ɾBlack Belt ΦϯϥΠϯηϛφʔͷ ɹεϥΠυΛࢀߟʹ͢Δ ɾVPC΢ΟβʔυΛ׆༻͢Δ

18. https://docs.aws.amazon.com/ja_jp/quickstart/latest/vpc/architecture.html Amazon VPC Λ࢖༻ͨ͠Ϟδϡʔϧࣜͷ εέʔϥϒϧͳԾ૝ωοτϫʔΫΞʔΩςΫνϟͷߏங

19. https://www.slideshare.net/AmazonWebServicesJapan/20190313-aws- black-belt-online-seminar-amazon-vpc-basic 20190313 AWS Black Belt Online Seminar Amazon VPC

    Basic

20. VPC΢Οβʔυ

21. ͋͐͡Μͩ ɾVPCʹ͍ͭͯ ɾϕετϓϥΫςΟε ɾωοτϫʔΫ͘͠͡Γઌੜ ɾ·ͱΊ

22. ͱ͋ΔαʔϏε

23. ͱ͋ΔαʔϏε

24. ͱ͋ΔαʔϏεͷωοτϫʔΫ ɾ1 VPC (σϑΥϧτ) ɾ2 Subnet (σϑΥϧτ) ɾෳࡶͳSecurity Group ɾՔಇதͷෳ਺ͷαʔϏε

25. ͱ͋Δઃఆมߋґཔ ʮS3 EndpointΛ௥Ճ͍ͨ͠ʯ

26. ͱ͋Δઃఆมߋ S3 Endpointͱ͸ ɾVPC಺͔ΒS3ʹΞΫηε͢ΔͨΊͷΤϯυϙΠϯτ ɾVPCͷSubnet (Route Table) ʹઃఆ͢Δ ɾઃఆ͢ΔͱPrivate IPܦ༝ͰͷΞΫηεͱͳΔ

    ɾϦʔδϣϯະࢦఆͩͱ௨৴Ͱ͖ͳ͍৔߹͕͋Δ

27. S3 Endpoint Πϝʔδ https://www.slideshare.net/AmazonWebServicesJapan/20190313-aws- black-belt-online-seminar-amazon-vpc-basic/75

28. ͱ͋Δઃఆมߋ Θͨ͠ʮςετ؀ڥແ͍ͳʯ Θͨ͠ʮผSubnetͰҰࣜ࡞Δ͔ʁʯ Θͨ͠ʮɾɾɾʯ Θͨ͠ʮઃఆνΣοΫ͠Α͏ɾɾɾʯ

29. ͱ͋Δઃఆมߋ Θͨ͠ʮS3पΓͷઃఆ֬ೝϤγʂʯ Θͨ͠ʮSecurity Groupͷ֬ೝϤγʂʯ Θͨ͠ʮιʔείʔυͷgrepϤγʂʯ Θͨ͠ʮS3 EndpointΛ௥Ճͬͱʯ ɹ

30. ͱ͋Δઃఆมߋ αʔϏεͷ؅ཧը໘͔Β S3ʹΞΫηεͰ͖ͳ͘ͳͬͨ (ඵ଎ͰઃఆΛ໭ͨ͠)

31. ͱ͋Δઃఆมߋ S3 Endpointͱ͸ ɾVPC಺͔ΒS3ʹΞΫηε͢ΔͨΊͷΤϯυϙΠϯτ ɾVPCͷSubnet (Route Table) ʹઃఆ͢Δ ɾઃఆ͢ΔͱPrivate IPܦ༝ͰͷΞΫηεͱͳΔ

    ɾϦʔδϣϯະࢦఆͩͱ௨৴Ͱ͖ͳ͍৔߹͕͋Δ ɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹ͓લ͔ͩͬͨɾɾɾ

32. ൓ল (1) ɾυΩϡϝϯτΛ͔ͬ͠ΓಡΜͰ͓͘΂͖ͩͬͨ ඞͣ AWS ίϚϯυϥΠϯΠϯλʔϑΣʔε (AWS CLI) Λߏ੒͠ɺσϑΥ ϧτͷ

    AWS ϦʔδϣϯΛઃఆ͍ͯͩ͘͠͞ɻσϑΥϧτͷϦʔδϣϯ໊ Λࢦఆ͢Δʹ͸ɺaws configure ίϚϯυΛ࢖༻͠·͢ɻ σϑΥϧτͷϦʔδϣϯΛࢦఆ͠ͳ͍৔߹΍ɺσϑΥϧτͷϦʔδϣϯ Λ্ॻ͖͢Δ৔߹͸ɺඞ֤ͣ AWS CLI ίϚϯυͰ --region ΦϓγϣϯΛ ઃఆ͠·͢ɻ https://aws.amazon.com/jp/premiumsupport/knowledge-center/connect-s3- vpc-endpoint/

33. ൓ল (2) ɾςετ༻ͷ؀ڥΛ࡞ͬͯࢼ͢΂͖ͩͬͨ ɹɾ్தͰఘΊͯ͠·ͬͨ ɹɾ·ΔͬͱҰࣜ࡞Δͷ͸ݫ͍͠ ɹɹɾWeb,DB,Cache,S3,etc… ɾίʔυԽʢ͠ͳ͍͞ʣ ɹɾͦ͏ͩͳʢਖ਼࿦ʣ

34. ͋͐͡Μͩ ɾVPCʹ͍ͭͯ ɾϕετϓϥΫςΟε ɾωοτϫʔΫ͘͠͡Γઌੜ ɾ·ͱΊ

35. ͜ͷωοτϫʔΫͷ Կ͕μϝͩͬͨͷ͔

36. ·ͱΊ ɾdefaultͷVPC, defaultͷSubnetͱ͸ͭ·Γ ɹˠɹdev / stg / prod͕ಉҰωοτϫʔΫ ɹˠɹLB /

    Web / DB͕ಉҰϨΠϠʔ ɹˠɹSecurity GroupཔΈͷίϯτϩʔϧ

37. ·ͱΊ ɾdev / stg / prod͕ಉҰωοτϫʔΫ ɹઃఆมߋ͕ଞͷ؀ڥʹӨڹ͠΍͍͢ ɹɹˠɹಛఆ؀ڥ͚ͩͷςετ͕͠ʹ͍͘ ɹηΩϡϦςΟతʹΑΖ͘͠ͳ͍ ɹɹˠɹͲ͔͜৵ೖ͞ΕͨΒશ෦ࢮ

38. ·ͱΊ ɾLB / Web / DB͕ಉҰϨΠϠʔ ɹ௚઀Πϯλʔωοτͱ௨৴Ͱ͖ͯ͠·͏ ɹɹˠɹΠϯλʔωοτ͔Βͷ઀఺ΛߜΔ 
 ɹηΩϡϦςΟతʹΑΖ͘͠ͳ͍

    ɹɹˠɹͲ͔͜৵ೖ͞ΕͨΒશ෦ࢮ

39. ·ͱΊ ɾSecurity GroupཔΈͷίϯτϩʔϧ ΊͪΌͪ͘ΌͭΒ͍

40. ͜ͷωοτϫʔΫ͸ Կ͕ྑ͔ͬͨͷ͔

41. ·ͱΊ ɾͱΓ͋͑ͣಈ͘ ɹɾωοτϫʔΫʹৄ͍͠ਓ͕͍ͳͯ͘΋ ɹɹ͋Δఔ౓ͷ΋ͷΛಈ͔͢͜ͱ͕Ͱ͖Δ ɾαʔϏε(Ձ஋ΛఏڙͰ͖Δ΋ͷ)ʹ஫ྗͰ͖Δ ɹɾʮࠓͲ͏ͯ͠΋ಈ͘΋ͷΛఏڙ͍ͨ͠ʯ ɹɾ͔͜͠͠ͷߟ͑͸ෛ࠴Λ࢈Ή☠ ɹɹɾͩͬͨΒPaaSΛݕ౼͢Δ

42. ωοτϫʔΫ΋αϘΒͣ ͪΌΜͱઃܭ͠·͠ΐ͏

43. ͓ΘΓ