Upgrade to Pro — share decks privately, control downloads, hide ads and more …

インフラしくじり先生 / Failure story for infrastructure

6e910ea53b24d30c3fb5cf6ae0e313f5?s=47 Kaga
August 02, 2019

インフラしくじり先生 / Failure story for infrastructure

インフラ・ネットワークエンジニア勉強会 Vol.1の資料です。
https://istyle.connpass.com/event/133989/

## 参考資料
- Amazon VPC とは?
https://docs.aws.amazon.com/ja_jp/vpc/latest/userguide/what-is-amazon-vpc.html

- AWS でのモジュール式 Amazon VPC アーキテクチャ
https://docs.aws.amazon.com/ja_jp/quickstart/latest/vpc/architecture.html

- 20190313 AWS Black Belt Online Seminar Amazon VPC Basic
https://www.slideshare.net/AmazonWebServicesJapan/20190313-aws-black-belt-online-seminar-amazon-vpc-basic

6e910ea53b24d30c3fb5cf6ae0e313f5?s=128

Kaga

August 02, 2019
Tweet

Transcript

  1. ωοτϫʔΫઃܭ Ξϯνύλʔϯ ΠϯϑϥɾωοτϫʔΫΤϯδχΞษڧձ Vol1

  2. ωοτϫʔΫઃܭ Ξϯνύλʔϯ ωοτϫʔΫ͘͠͡Γઌੜ ΠϯϑϥɾωοτϫʔΫΤϯδχΞษڧձ Vol1

  3. ࣗݾ঺հ Takashi Kaga QA (5೥) ɹˠɹαʔόαΠυ (3೥) ɹˠɹΠϯϑϥ (5೥) ※͍·͜͜

    ɹɹ TAKA_0411 ɹɹ kaga.takashi ɹɹ taka1111
  4. iOSDC 2016 - 2019 ελοϑ (ࡱӨ୲౰)

  5. PHPerKaigi 2018 - 2019 ελοϑ (ࡱӨ୲౰)

  6. ͋͐͡Μͩ ɾVPCʹ͍ͭͯ ɾϕετϓϥΫςΟε ɾωοτϫʔΫ͘͠͡Γઌੜ ɾ·ͱΊ

  7. ͋͐͡Μͩ ɾVPCʹ͍ͭͯ ɾϕετϓϥΫςΟε ɾωοτϫʔΫ͘͠͡Γઌੜ ɾ·ͱΊ

  8. VPCͱSubnet Virtual Private Cloud (VPC) ͸ɺAWS ΞΧ΢ϯτઐ༻ͷԾ૝ωοτϫʔΫͰ͢ɻ VPC ͸ɺAWS Ϋϥ΢υͷଞͷԾ૝ωοτϫʔΫ͔Β࿦ཧతʹ੾Γ཭͞Ε͓ͯ

    ΓɺAWS ͷϦιʔεʢྫ͑͹ Amazon EC2 ΠϯελϯεʣΛ VPC ಺ʹىಈͰ ͖·͢ɻVPC ͷ IP ΞυϨεൣғΛࢦఆͯ͠ɺαϒωοτΛ௥Ճ͠ɺηΩϡϦ ςΟάϧʔϓΛؔ࿈෇͚ͯɺϧʔτςʔϒϧΛઃఆͰ͖·͢ɻ https://docs.aws.amazon.com/ja_jp/vpc/latest/userguide/what-is-amazon- vpc.html αϒωοτ͸ɺVPC ͷ IP ΞυϨεͷൣғͰ͢ɻAWS Ϧιʔε͸ɺࢦఆͨ͠αϒ ωοτ಺ʹىಈͰ͖·͢ɻΠϯλʔωοτʹ઀ଓ͢Δඞཁ͕͋ΔϦιʔεʹ͸ύ ϒϦοΫαϒωοτΛɺΠϯλʔωοτʹ઀ଓ͠ͳ͍Ϧιʔεʹ͸ϓϥΠϕʔτ αϒωοτΛ࢖༻͍ͯͩ͘͠͞ɻύϒϦοΫαϒωοτͱϓϥΠϕʔταϒωο τͷৄࡉʹ͍ͭͯ͸ɺʮVPC ͱαϒωοτͷجຊʯΛࢀর͍ͯͩ͘͠͞ɻ
  9. ͜͜ʹ3ͭͷߏ੒ਤ͕͋Γ·͢
 (؆ུ൛)

  10. ͦͷ̍ɿVPCͰ੾ͬͨ΋ͷ

  11. ͦͷ̎ɿSubnetͰ੾ͬͨ΋ͷ

  12. ͦͷ̏ɿdefaultߏ੒

  13. ωοτϫʔΫͷઃܭ͸ Ͳ͏͋Δ΂͖͔

  14. ɹɹ࿦ཧతͳ୯ҐͰ ɹɹ෼ׂ͢Δͱྑ͍ͷͰ͸

  15. ࿦ཧతͳ୯Ґͱ͸ ɾ؀ڥ (Environment) ୯Ґ ɹɾdevelopment, staging, production ɹɾઌఔͷͦͷ̍, ͦͷ2ͷߏ੒ਤ ɾఏڙ͢ΔαʔϏε୯Ґ

    ɾ૊৫୯Ґ
  16. ͋͐͡Μͩ ɾVPCʹ͍ͭͯ ɾϕετϓϥΫςΟε ɾωοτϫʔΫ͘͠͡Γઌੜ ɾ·ͱΊ

  17. ϕετϓϥΫςΟε ɾAWSͷެࣜυΩϡϝϯτʹ ɹ͋Δఔ౓هࡌ͞Ε͍ͯΔ ɾBlack Belt ΦϯϥΠϯηϛφʔͷ ɹεϥΠυΛࢀߟʹ͢Δ ɾVPC΢ΟβʔυΛ׆༻͢Δ

  18. https://docs.aws.amazon.com/ja_jp/quickstart/latest/vpc/architecture.html Amazon VPC Λ࢖༻ͨ͠Ϟδϡʔϧࣜͷ εέʔϥϒϧͳԾ૝ωοτϫʔΫΞʔΩςΫνϟͷߏங

  19. https://www.slideshare.net/AmazonWebServicesJapan/20190313-aws- black-belt-online-seminar-amazon-vpc-basic 20190313 AWS Black Belt Online Seminar Amazon VPC

    Basic
  20. VPC΢Οβʔυ

  21. ͋͐͡Μͩ ɾVPCʹ͍ͭͯ ɾϕετϓϥΫςΟε ɾωοτϫʔΫ͘͠͡Γઌੜ ɾ·ͱΊ

  22. ͱ͋ΔαʔϏε

  23. ͱ͋ΔαʔϏε

  24. ͱ͋ΔαʔϏεͷωοτϫʔΫ ɾ1 VPC (σϑΥϧτ) ɾ2 Subnet (σϑΥϧτ) ɾෳࡶͳSecurity Group ɾՔಇதͷෳ਺ͷαʔϏε

  25. ͱ͋Δઃఆมߋґཔ ʮS3 EndpointΛ௥Ճ͍ͨ͠ʯ

  26. ͱ͋Δઃఆมߋ S3 Endpointͱ͸ ɾVPC಺͔ΒS3ʹΞΫηε͢ΔͨΊͷΤϯυϙΠϯτ ɾVPCͷSubnet (Route Table) ʹઃఆ͢Δ ɾઃఆ͢ΔͱPrivate IPܦ༝ͰͷΞΫηεͱͳΔ

    ɾϦʔδϣϯະࢦఆͩͱ௨৴Ͱ͖ͳ͍৔߹͕͋Δ
  27. S3 Endpoint Πϝʔδ https://www.slideshare.net/AmazonWebServicesJapan/20190313-aws- black-belt-online-seminar-amazon-vpc-basic/75

  28. ͱ͋Δઃఆมߋ Θͨ͠ʮςετ؀ڥແ͍ͳʯ Θͨ͠ʮผSubnetͰҰࣜ࡞Δ͔ʁʯ Θͨ͠ʮɾɾɾʯ Θͨ͠ʮઃఆνΣοΫ͠Α͏ɾɾɾʯ

  29. ͱ͋Δઃఆมߋ Θͨ͠ʮS3पΓͷઃఆ֬ೝϤγʂʯ Θͨ͠ʮSecurity Groupͷ֬ೝϤγʂʯ Θͨ͠ʮιʔείʔυͷgrepϤγʂʯ Θͨ͠ʮS3 EndpointΛ௥Ճͬͱʯ ɹ

  30. ͱ͋Δઃఆมߋ αʔϏεͷ؅ཧը໘͔Β S3ʹΞΫηεͰ͖ͳ͘ͳͬͨ (ඵ଎ͰઃఆΛ໭ͨ͠)

  31. ͱ͋Δઃఆมߋ S3 Endpointͱ͸ ɾVPC಺͔ΒS3ʹΞΫηε͢ΔͨΊͷΤϯυϙΠϯτ ɾVPCͷSubnet (Route Table) ʹઃఆ͢Δ ɾઃఆ͢ΔͱPrivate IPܦ༝ͰͷΞΫηεͱͳΔ

    ɾϦʔδϣϯະࢦఆͩͱ௨৴Ͱ͖ͳ͍৔߹͕͋Δ ɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹ͓લ͔ͩͬͨɾɾɾ
  32. ൓ল (1) ɾυΩϡϝϯτΛ͔ͬ͠ΓಡΜͰ͓͘΂͖ͩͬͨ ඞͣ AWS ίϚϯυϥΠϯΠϯλʔϑΣʔε (AWS CLI) Λߏ੒͠ɺσϑΥ ϧτͷ

    AWS ϦʔδϣϯΛઃఆ͍ͯͩ͘͠͞ɻσϑΥϧτͷϦʔδϣϯ໊ Λࢦఆ͢Δʹ͸ɺaws configure ίϚϯυΛ࢖༻͠·͢ɻ σϑΥϧτͷϦʔδϣϯΛࢦఆ͠ͳ͍৔߹΍ɺσϑΥϧτͷϦʔδϣϯ Λ্ॻ͖͢Δ৔߹͸ɺඞ֤ͣ AWS CLI ίϚϯυͰ --region ΦϓγϣϯΛ ઃఆ͠·͢ɻ https://aws.amazon.com/jp/premiumsupport/knowledge-center/connect-s3- vpc-endpoint/
  33. ൓ল (2) ɾςετ༻ͷ؀ڥΛ࡞ͬͯࢼ͢΂͖ͩͬͨ ɹɾ్தͰఘΊͯ͠·ͬͨ ɹɾ·ΔͬͱҰࣜ࡞Δͷ͸ݫ͍͠ ɹɹɾWeb,DB,Cache,S3,etc… ɾίʔυԽʢ͠ͳ͍͞ʣ ɹɾͦ͏ͩͳʢਖ਼࿦ʣ

  34. ͋͐͡Μͩ ɾVPCʹ͍ͭͯ ɾϕετϓϥΫςΟε ɾωοτϫʔΫ͘͠͡Γઌੜ ɾ·ͱΊ

  35. ͜ͷωοτϫʔΫͷ Կ͕μϝͩͬͨͷ͔

  36. ·ͱΊ ɾdefaultͷVPC, defaultͷSubnetͱ͸ͭ·Γ ɹˠɹdev / stg / prod͕ಉҰωοτϫʔΫ ɹˠɹLB /

    Web / DB͕ಉҰϨΠϠʔ ɹˠɹSecurity GroupཔΈͷίϯτϩʔϧ
  37. ·ͱΊ ɾdev / stg / prod͕ಉҰωοτϫʔΫ ɹઃఆมߋ͕ଞͷ؀ڥʹӨڹ͠΍͍͢ ɹɹˠɹಛఆ؀ڥ͚ͩͷςετ͕͠ʹ͍͘ ɹηΩϡϦςΟతʹΑΖ͘͠ͳ͍ ɹɹˠɹͲ͔͜৵ೖ͞ΕͨΒશ෦ࢮ

  38. ·ͱΊ ɾLB / Web / DB͕ಉҰϨΠϠʔ ɹ௚઀Πϯλʔωοτͱ௨৴Ͱ͖ͯ͠·͏ ɹɹˠɹΠϯλʔωοτ͔Βͷ઀఺ΛߜΔ 
 ɹηΩϡϦςΟతʹΑΖ͘͠ͳ͍

    ɹɹˠɹͲ͔͜৵ೖ͞ΕͨΒશ෦ࢮ
  39. ·ͱΊ ɾSecurity GroupཔΈͷίϯτϩʔϧ ΊͪΌͪ͘ΌͭΒ͍

  40. ͜ͷωοτϫʔΫ͸ Կ͕ྑ͔ͬͨͷ͔

  41. ·ͱΊ ɾͱΓ͋͑ͣಈ͘ ɹɾωοτϫʔΫʹৄ͍͠ਓ͕͍ͳͯ͘΋ ɹɹ͋Δఔ౓ͷ΋ͷΛಈ͔͢͜ͱ͕Ͱ͖Δ ɾαʔϏε(Ձ஋ΛఏڙͰ͖Δ΋ͷ)ʹ஫ྗͰ͖Δ ɹɾʮࠓͲ͏ͯ͠΋ಈ͘΋ͷΛఏڙ͍ͨ͠ʯ ɹɾ͔͜͠͠ͷߟ͑͸ෛ࠴Λ࢈Ή☠ ɹɹɾͩͬͨΒPaaSΛݕ౼͢Δ

  42. ωοτϫʔΫ΋αϘΒͣ ͪΌΜͱઃܭ͠·͠ΐ͏

  43. ͓ΘΓ