AWSの研修環境構築のためにAWS CDKとAmplify Console使った話 / jaws sonic 2020

Transcript

1. AWSͷݚम؀ڥߏஙͷͨΊʹ AWS CDKͱAmplify Console ࢖ͬͨ࿩ Hiroshi Kasahara (JAWS-UG Niigata) JAWS

   SONIC 2020 & MIDNIGHT JAWS 2020 2020/09/12 Sat. 21:00

2. • ৽ׁࢢࡏॅ • ஍ݩSIerۈ຿ͷΤϯδχΞ • ޷͖ͳݴޠ: • ίϛϡχςΟ: • JAWS-UG

   ৽ׁ • JaSST Niigata ࣮ߦҕһձ • ASTER ਖ਼ձһ • etc. Hiroshi Kasahara @kasacchiful @kasacchiful 2

3. JAWS-UG Niigata • 2018೥11݄ʹ্ཱͪ͛ • ৽ׁݝ಺ʹ3ͭ͋Δࢧ෦ͷ1ͭ • ৽ׁͱ͍͑͹ɺञ • ࠙਌ձ͕ʮʹ͍͕ͨञͷਞʯͷ࣌΋

   • ΦϑϥΠϯ։࠵ͷࡍʹ͸ɺ͓͍͍͓͠ञ ͱ͓৯ࣄΛᅂΈʹɺͥͻ৽ׁ΁͓ӽ͘͠ ͍ͩ͞ 3

4. ࿩͢͜ͱ • ࣾ಺ͷݚम؀ڥΛߏங͢ΔͨΊʹɺAWS CDKͱAWS Amplify ConsoleΛ࢖͍·ͨ͠ • AWS CDKͱAWS Amplify

   Consoleͷબఆཧ༝ • AWS CDKͱAWS Amplify Consoleͷݸਓత࢖༻ײ 4

5. ࿩͞ͳ͍͜ͱ • AWS CDKͷৄࡉ • AWS Amplify Consoleͷৄࡉ • ࣮ࡍॻ͍ͨίʔυͷઆ໌

   5

6. ΍ͬͨ͜ͱ • ݚमͰ࢖༻͢ΔIAMϢʔβ΍VPCͳͲͷॳظઃఆ • AWS CDKͰఆٛ • ݚमͰ࢖༻͢ΔϋϯζΦϯࢿྉ • docsifyΛ࢖༻ͯ͠هड़͠ɺAmplify

   ConsoleͰՔಇ 6

7. എܠ • ࠓ೥ɺࣾ಺ͷAWSݚमΛ೚͞Ε·ͨ͠ • ΄ͱΜͲͷࣾһ͸AWS৮ͬͨ͜ͱ͕ͳ͍ • ʮAWSͱ͸Կ͔ʯΛ஻ͬͨޙʹʮϋϯζΦϯʯ͕ඞཁͩͳ • ʮϋϯζΦϯʯͲ͏΍ͬͯ΍Ζ͏͔ͳʁ 7

8. ϋϯζΦϯͷ಺༰ • 2019೥ʹʮJAWS-UG৽ׁʯͱ ʮJAWS-UG৽ׁݝʯͰ࣮ࢪͨ͠ɺ EC2ͱS3ͷϋϯζΦϯΛݩʹߏ੒ɻ • ๯಄30෼આ໌ͷޙɺ2࣌ؒ൒Ͱ WordPressαΠτߏங·ͰҰ௨ΓͰ͖ ΔΑ͏ʹɻ •

   ૣ͘ऴΘͬͨਓ޲͚ʹΦϓγϣϯϋϯ ζΦϯΛ༻ҙɻ 1. Amazon EC2 • ΠϯελϯεىಈɺΠϯελϯελΠϓมߋɺ Πϯελϯε࡟আ 2. Amazon S3 • όέοτ࡞੒ɺΦϒδΣΫτอଘɺόέοτ࡟ আɺެ։ઃఆɺ੩తWebαΠτϗεςΟϯά 3. WordPressαΠτߏங • Marketplace AMIΛ࢖༻ͯ͠Πϯελϯεىಈɺ ը૾ϑΝΠϧΛS3ʹอଘͯ͠഑৴ 4. Φϓγϣϯ • WordPressͷMySQLσʔλΛRDSʹҠߦ • ALBͰෛՙ෼ࢄ • ΦʔτεέʔϦϯάઃఆ 8

9. ϋϯζΦϯ؀ڥ • ࢀՃऀຖͷAWSΞΧ΢ϯτ͸ແ͍ɻ • ϋϯζΦϯ༻ͷAWSΞΧ΢ϯτ1ͭʹ ରͯ͠ɺࢀՃऀ෼ͷIAMϢʔβ΍VPC ͳͲΛ༻ҙɻ • AWSϚωδϝϯτίϯιʔϧͰૢ࡞ •

   EC2΁ͷϩάΠϯ͸Systems Manager ͷηογϣϯϚωδϟʔͰ࣮ࢪ 9

10. ϋϯζΦϯ؀ڥ 10 WordPressͷEC2ΠϯελϯεΛىಈͤ͞ ͯɺը૾ϑΝΠϧΛS3ʹอଘɾ഑৴Ͱ͖Δ ·ͰΛ໨ඪʹϋϯζΦϯ࣮ࢪ ΦϓγϣϯϋϯζΦϯ·Ͱ࣮ࢪ͢Δͱɺ͜͜ ·ͰͰ͖Δ

11. ϋϯζΦϯ࣮ࢪ͢Δʹ͋ͨͬͯͷ՝୊ (1) 1. ࣾ಺ͷωοτϫʔΫ؀ڥͰ͸ɺEC2ʹϩάΠϯͰ͖ͳ͍ • ձࣾ͸ϦϞʔτϫʔΫͰ͸ͳ͘ɺΈͳ͞ΜΦϑΟεϫʔΫ • Ϛωδϝϯτίϯιʔϧ͸৮ΕΔ͕ɺSSH/RDP͚ͩͰͳ͘SSMηογϣ ϯϚωδϟʔ΋ϒϩοΫ͞ΕΔ 2.

    ޿͍ձٞࣨͰ΋ɺͨ͘͞ΜͷਓΛೖΕͨ͘ͳ͍ • ࣮ࡍͷϋϯζΦϯࢀՃऀ͸ߜΓ͍ͨ • Ͱ΋ɺͨ͘͞ΜͷਓʹࢀՃͯ͠΄͍͠δϨϯϚ 11

12. ϋϯζΦϯ࣮ࢪ͢Δʹ͋ͨͬͯͷ՝୊ (2) 3. ϋϯζΦϯͷॳظઃఆ͸ɺࢀՃਓ਺ʹԠͯ͡ਝ଎ʹ࡞Γ͍ͨ • 3࣌ؒͷ௕ஸ৔ͳͷͰɺ࣌ؒΛ֬อ͔ͯ͠ΒࢀՃਃࠐʹͳΔ͸ͣ • ͭ·Γɺ։࠵௚લʹ૿͑ΔՄೳੑେ 4. ։࠵ޙʹ෮श͢ΔͨΊͷ؀ڥΛ༩͍͑ͯ͋͛ͨ

    • श͏ΑΓ׳ΕΖ • ܁Γฦ͠AWSΛ৮ͬͨํ͕਎ʹ෇͘ • Ͱ΋ࣾ಺ωοτϫʔΫ͔ΒAWS৮Δͷ͸೉͍͠ 12

13. ՝୊΁ͷରԠ (1) 1. ࣾ಺ͷωοτϫʔΫ؀ڥͰ͸ɺEC2ʹϩάΠϯͰ͖ͳ͍ • ձ৔ʹϋϯζΦϯઐ༻ΞΫηεϙΠϯτ͕͋ΔͷͰɺҰ࣌తʹ༗ޮԽ͢ Δ 2. ޿͍ձٞࣨͰ΋ɺͨ͘͞ΜͷਓΛೖΕͨ͘ͳ͍ •

    ΦϯϥΠϯͰࢹௌͰ͖ΔΑ͏ʹ͢Δ (ฐࣾͰ͸ɺMicrosoft Teams) • ϋϯζΦϯ࣌ؒଳͰ͸ɺࢲͷϋϯζΦϯ಺༰ͷϥΠϒߏஙΛ഑৴ • ձ৔಺ࢀՃऀ޲͚ͷϋϯζΦϯαϙʔτ͸ɺผͷਓʹ͓೚ͤͨ͠ 13

14. ՝୊΁ͷରԠ (2) 3. ϋϯζΦϯͷॳظઃఆ͸ɺࢀՃਓ਺ʹԠͯ͡ਝ଎ʹ࡞Γ͍ͨ • AWS CDKͰઃఆͰ͖ΔΑ͏ʹͨ͠ (ࣾ಺NW͔ΒCDKίϚϯυͰΞΫηεͰ͖ͨ) 4. ։࠵ޙʹ෮श͢ΔͨΊͷ؀ڥΛ༩͍͑ͯ͋͛ͨ

    • ϋϯζΦϯࢿྉΛAWS Amplify ConsoleͰެ։͠ɺࣗ୐Ͱ෮शͰ͖ΔΑ͏ʹͨ͠ • ॳظઃఆ͸CDKͰग़ྗͨ͠CloudFormationςϯϓϨʔτͰઃఆͰ͖ΔΑ͏ʹͨ͠ • ࢲͷϋϯζΦϯϥΠϒߏங഑৴ಈը͸ɺ࿥ը͢ΔͱࣗಈతʹMicrosoft Streamsʹ อଘ͞ΕΔͷͰɺࣗ୐ͰϥΠϒߏஙಈըΛݟͳ͕ΒߏஙͰ͖ΔΑ͏ʹͨ͠ 14

15. AWS CDK 15

16. AWS CDK • AWSͷϦιʔεΛϓϩάϥϛϯάݴޠͰఆٛͯ͠ϓϩϏδϣχϯά • CloudFormationͷϥούʔ 16

17. ͳͥAWS CDKΛ࢖ͬͨͷ͔ʁ ಉ͡ઃఆΛ܁Γฦ͠࡞Γ͍ͨ • CloudFormationΛॻ͘ͷ͸(ݸਓతʹ)πϥΠ • CDKͰϧʔϓͤ͞Ε͹OKͩ͠ɺ(ݸਓతʹ)௚ײతʹ͔͚Δ ීஈ࢖͍׳Ε͍ͯΔϓϩάϥϛϯάݴޠͷίʔυͰॻ͚Δ/ಡΊΔ҆৺ײ • CloudFormationͷYAML/JSONϑΝΠϧΑΓɺCDKͷPythonίʔυͷํ͕ɺ(ݸਓతʹ)ಡΈ

    ΍͍͢ CloudFormationςϯϓϨʔτ΋ग़ྗͰ͖Δ • ࣗݾֶश࣌ʹɺݸਓͷAWSΞΧ΢ϯτͰॳظઃఆΛ࠶ݱͰ͖Δ 17 ͜ΕͰࢀՃਓ਺෼ɺ ҰؾʹVPCͳͲͷॳظઃఆ͕Ͱ͖Δʂ

18. αʔϏεͷ੍ݶʹؾΛ͚ͭΔ AWSͷ֤छαʔϏεͷ੍ݶΛ֬ೝ͓ͯ͘͜͠ͱɻ ࠓճ্ݶ؇࿨ͷਃ੥Λͨ͠΋ͷ • 1Ϧʔδϣϯ͋ͨΓͷVPCͷ਺ • 1Ϧʔδϣϯ͋ͨΓͷΠϯλʔωοτήʔτ΢ΣΠͷ਺ 18

19. αʔϏεΫΥʔλ ʮࢲͷαʔϏεΫΥʔλʯ͔Βɺ্ݶ؇࿨ͷਃ੥Ͱ͖·͢ɻ • ʮطଘͰಈ͍͍ͯΔ΋ͷͷ਺ʯΛؚΊΔ͜ͱΛ๨Ε͕ͪͳͷͰɺؾΛ͚͓ͭͯ͜͏ • ྫ: σϑΥϧτVPC • VPCͷ਺Λʮ10ʯ࡞Γ͍͔ͨΒʮ10ʯͰਃ੥͢ΔͱɺσϑΥϧτVPC෼ΛؚΊ ͯͳ͍ͷͰɺVPC1ͭ࡞Εͳ͍

    ਃ੥ͨ͠ཌ೔͘Β͍ʹ͸ɺ্ݶ؇࿨͕൓ө͞Ε·ͨ͠ɻ 19

20. CDKͰઃఆͨ͠΋ͷ ࢀՃऀ͋ͨΓ • VPC: 1ͭ • Πϯλʔωοτήʔτ΢ΣΠ: 1ͭ (VPCʹΞλον) •

    αϒωοτ: 4ͭ • publicαϒωοτ͸ɺIGW΁ͷϧʔςΟϯά௥ Ճ • ηΩϡϦςΟάϧʔϓ: 2ͭ (web ͱ db) • IAMϢʔβ • ڞ௨ͷIAMάϧʔϓʹ௥Ճ 20 ࢀՃऀڞ௨ • IAMάϧʔϓ • ֤छϙϦγʔΛΞλον • IAMϩʔϧ • EC2ʹʮAmazonEC2RoleforSSMʯͱ ʮAmazonS3FullAccessʯΛڐՄ͢ΔͨΊ • ΠϯελϯεϓϩϑΝΠϧͷ࡞੒Λ๨Εͣʹ ࠓճ͸PythonͰॻ͖·ͨ͠

21. ߏஙྫ (IAMϢʔβͱIAMάϧʔϓ) # IAM Group iam_group = iam.Group(self, "HandsonGroup", group_name

    = "HandsonGroup", managed_policies = [ iam.ManagedPolicy.from_aws_managed_policy_name("AmazonS3FullAccess"), ] ) # IAM Users cnt = 10 for i in range(1, cnt + 1): iam_user = iam.User(self, f"handson-seminar-iamuser-{i}", user_name = f"handson-seminar-iamuser-{i}", groups = [iam_group], ) 21

22. ࣗݾֶश༻ͷॳظ؀ڥઃఆCFNςϯϓϨʔτ cdk synth ͷίϚϯυͰɺCloudFormationςϯϓϨʔτΛग़ྗͰ͖Δɻ 22 $ cdk synth handson-stack >

    cfn-template-handson.yml

23. AWS CDKͷ࢖༻ײ • ͍ͭ΋ͷϓϩάϥϛϯάݴޠͰॻ͚Δ҆৺ײ (ݸਓతʹ) • ݁ߏলུͯ͠هड़Ͱ͖Δ • ϋϯζΦϯͰࢿྉʹهड़͢Δඞཁ͕͋ͬͨͷͰVPC໊͸ࢦఆ͕ͨ͠ɺ CloudFormationςϯϓϨʔτΑΓهड़ྔ͕ݮͬͨ

    • ݟ௚͕͠ϥΫ • ࠔͬͨͱ͖͸ɺAPIϦϑΝϨϯε΍ઌۦऀͷTypeScriptίʔυ౳Λࢀর • ݴޠ͸ҟͳͬͯ΋ɺΫϥε΍ϝιου͕ڞ௨Խ͞Ε͍ͯΔ 23

24. AWS Amplify Console 24

25. AWS Amplify Console • ੩తWebϗεςΟϯάαʔϏε • Ϗϧυ&σϓϩΠ͢ΔͨΊͷɺγϯϓϧͳCI/CDػೳ͋Γ • AmplifyΛߏ੒͢Δཁૉͷ1ͭ •

    ࠓճ͸Amplify ConsoleͷΈ࢖͍ͬͯ·͢ 25

26. Amplify Consoleͷಋೖ 1. Deployͷ”GET STARTED”Λબ୒ 2. GitϦϙδτϦαʔϏεΛબ୒ 3. ϦϙδτϦͱϒϥϯνΛબ୒ 4.

    ϏϧυઃఆΛ௥Ճ 5. อଘͯ͠σϓϩΠ!!!

27. ͳͥAmplify ConsoleΛ࢖ͬͨͷ͔ʁ (1) ࣗ୐͔ΒͰ΋ࣗݾֶशͰ෮श͍ͤͯ͋͛ͨ͞ • Amplify ConsoleͰࢿྉΛWebͰެ։͢Ε͹OK • ύεϫʔυอޢ(Basicೝূ)΋Ͱ͖Δ •

    VPC౳ͷॳظઃఆ΋ɺCDKͰ࡞੒ͨ͠CloudFormationςϯϓ ϨʔτΛࢿྉαΠτ͔Βμ΢ϯϩʔυͯ͠࢖༻ͯ͠΋Β͑͹OK 27

28. ͳͥAmplify ConsoleΛ࢖ͬͨͷ͔ʁ (2) σϓϩΠ·ͰͷखॱΛϥΫʹ͍ͨ͠ • ࠓ·ͰͷJAWS-UG৽ׁͰ΍ͬͯͨ͜ͱ • ฤू࣌: MarkdownͰॻ͘ →

    masterϒϥϯνʹϚʔδ → GitHubʹpush • Ϗϧυ&σϓϩΠ࣌: MarkdownΛHTMLʹม׵͢Δ → S3ʹઃஔ͢Δ • ࠓճ΍ͬͨ͜ͱ • ฤू࣌: MarkdownͰॻ͘ → masterϒϥϯνʹϚʔδ → GitHubʹpush • pushͨ͠ޙ͸ɺAmplify Console͕ࣗಈతʹϏϧυ & σϓϩΠͯ͘͠ΕΔ 28 ࢿྉ࡞Δͷ͸ࢲ1ਓ͚͔ͩͩΒɺ ༨ܭͳखॱΛ౿·ͳ͍Α͏ʹ͍ͨ͠

29. Ϗϧυ & σϓϩΠ ϑϩʔ 29

30. υΩϡϝϯταΠτΛdocsifyͰ VueϕʔεͷυΩϡϝϯταΠτΛ͓खܰʹ • Single Page Application • Ϗϧυෆཁ • MarkdownϑΝΠϧͷ··ઃஔͰ͖Δ

    • JAWS-UG৽ׁͷϋϯζΦϯࢿྉ(Markdown)͕ͦͷ··࢖͑Δ • Ͱ΋ϚωδϝϯτίϯιʔϧͷUIมߋ͕݁ߏ͋ͬͨͷͰɺॻ͖௚͢෦෼͸ଟ͔ͬͨ • ֤छϗεςΟϯάαʔϏε΁ͷσϓϩΠखॱ͕υΩϡϝϯτʹ༻ҙ • Amplify Console΁͸ɺ͜ͷσϓϩΠखॱͷ௨Γʹ࣮ࢪ͠·ͨ͠ 30 IUUQTEPDTJGZKTPSH

31. version: 0.1 frontend: phases: build: commands: - "sed -i -e

    \"s/routerMode: 'hash',/routerMode: 'history',/g\" ./docs/index.html" artifacts: baseDirectory: /docs files: - '**/*' cache: paths: [] docsifyͷυΩϡϝϯτʹ ै͑͹OKɻ • ϦϙδτϦϧʔτʹஔ͘ amplify.yml͸ӈͷΑ͏ ʹͯ͠ɺϏϧυ࣌ʹ routerModeΛ”history” ʹॻ͖׵͍͑ͯΔɻ Amplify Console΁ͷσϓϩΠઃఆ

32. ΤϯτϦϙΠϯτͷindex.htmlʹdocsifyͷઃఆΛॻ͖ɺ ֤ϖʔδ͸MarkdownͰॻ͖·͢ɻ

33. ࣮ࡍͷϋϯζΦϯςΩετ͸͜Μͳײ͡

34. ςΩετͱϚωδϝϯτίϯιʔϧฒ΂ͯ ϋϯζΦϯͷ໛༷Λ࣮ԋ & ࣾ಺ʹϥΠϒ഑৴͠·ͨ͠

35. AWS Amplify Consoleͷ࢖༻ײ • Ϗϧυ & σϓϩΠͷख͕͔ؒͳΓল͚ͨ • ॳظઃఆ͸ҙ֎ͱ؆୯ͩͬͨ •

    (docsifyͷσϓϩΠखॱʹै͚ͬͨͩͰ͸͋Δ͕…) • Amplify SDK΍Amplify CLI࢖Θͳͯ͘΋ɺ·ͣ͸Amplify Consoleͩ ͚Ͱ΋ࢼͯ͠ΈΔՁ஋͸͋Δ 35

36. ·ͱΊ 36

37. ·ͱΊ • ࣾ಺ͷݚम؀ڥΛߏங͢ΔͨΊʹɺAWS CDKͱAWS Amplify ConsoleΛ࢖͍·ͨ͠ • AWS CDKͰϋϯζΦϯͷॳظ؀ڥߏஙɻϓϩάϥϛϯάݴޠͰॻ͚ Δ҆৺ײɻهड़͕݁ߏলུͰ͖ͯɺίʔυશମ͕εοΩϦɻ

    • AWS Amplify ConsoleͰϋϯζΦϯςΩεταΠτͷϏϧυ&σϓϩ ΠলྗԽɻҙ֎ͱ؆୯ɻා͘ͳ͍ɻ 37

38. https://jawsug-niigata.connpass.com 38

39. ࢀߟ • ϋϯζΦϯͷϕʔε: • JAWS-UG ৽ׁ #2 - S3 ϋϯζΦϯ

    • https://jawsug-niigata.connpass.com/event/114694/ • JAWS-UG ৽ׁ #4 - EC2 / Lightsail ϋϯζΦϯ • https://jawsug-niigata.connpass.com/event/126558/ • JAWS-UG ৽ׁݝ ॳ৺ऀ޲͚ϋϯζΦϯ • https://nds.connpass.com/event/133878/ 39