© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CDKͰECS on FargateͷCI/CDΛ ࣮ݱ͢Δࡍͷཧ૝ͱݱ࣮ ࠤ౻ ஐथ C - 4 εϖγϟϦετ Ϋϥεϝιουגࣜձࣾ

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. ࣗݾ঺հ ࠤ౻ஐथ Ϋϥεϝιουגࣜձࣾ CXࣄۀຊ෦ Delivery෦ ΞʔΩςΫτνʔϜ ݱࡏɿαʔόʔαΠυ݉ΠϯϑϥશൠͷΞʔΩςΫτ JAWS-UG CDKࢧ෦ ӡӦ ޷͖ͳAWSαʔϏεɿAWS Lambda AWS Cloud Development Kit (CDK) @tmk2154 @tomoki10

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. • AWSαʔϏεͷ͓͞Β͍ • AWS CDK͔Terraform͔ • ίϯςφ • ίϯςφΠϝʔδͷબఆ • ϩά؅ཧ༻αΠυΧʔ • ίϯςφΛσϓϩΠ͢Δ·Ͱͷઃܭ • ίϯςφΠϝʔδΛԿͰϏϧυ͢Δ͔ • λάͷ෇͚ํ • ίϯςφϦϙδτϦͷ؅ཧ • ίϯςφͷσϓϩΠํ๏ ΞδΣϯμ ※Ұ෦CDKͱؔ࿈ബ͍͕ݕ౼ࣄ߲ʹͳΓ΍͍͢಺༰ΛೖΕ͍ͯ·͢

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CDKͱ͸ • ࢖͍׳ΕͨϓϩάϥϛϯάݴޠͰAWSϦιʔεΛϓϩϏδϣχϯάͰ͖ΔπʔϧΩοτ݉AWSͷ αʔϏε • TypeScript/JavaScript, Python, Java, C#, Go Ͱهड़Մೳɻπʔϧ಺෦ͷ։ൃ͸TypeScriptϝΠϯ πʔϧʹԠͨ͡DSL΍yaml/jsonͰͳ͘׳ΕͨݴޠͰΠϯϑϥΛίʔυهड़Ͱ͖Δ • ίʔυิ׬΍ߴ଎σϓϩΠ(hotswap/watch)ͳͲͷ༏Εͨ։ൃମݧʹΑΔΠϯϑϥߏங͕Մೳ AWS Cloud Development Kit (AWS CDK)

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Fargate AWS Fargate ͱ͸ ※ https://dev.classmethod.jp/articles/cmdevio2019-container/#toc-10 • AWS্ͰΠϯελϯε΍Ϋϥελʔ؅ཧͳ͠ʹίϯςφΛ࣮ߦՄೳͳαʔϏε • Amazon EC2Λ࢖͏৔߹ͱൺֱͯ͠ϗετʹରͯ͠ҎԼͷख͕ؒແ͘ͳΔ ※ • ఆظతͳηΩϡϦςΟϝϯςφϯε • ༨৒Ϧιʔεͷࣄલ֬อ • Πϯελϯεଆͷอक؅ཧ • Φʔτεέʔϧઃఆ • ӡ༻্ͷίετΛݮΒ͠։ൃʹूத͠΍͍͢

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon ECS ͱ͸ • AWSϚωʔδυͳίϯςφΦʔέετϨʔγϣϯαʔϏε ※ • ؆୯ͳΦʔτεέʔϧઃఆ • ALB/NLBͱͷ౷߹ • ίϯςφΛAWS IAMͷݖݶͰ؅ཧ • ίϯςφͷηΩϡϦςΟάϧʔϓ؅ཧ • Amazon CloudWatch Metricsͱͷ౷߹ • Amazon CloudWatch Logsͱͷ౷߹ • εέδϡʔϧ࣮ߦʢAmazon EventBridgeͱͷ౷߹ʣ Amazon Elastic Container Service (Amazon ECS) ※ࢀߟ https://dev.classmethod.jp/articles/cmdevio2019-container/#toc-8

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS͕ެ։͍ͯ͠ΔAWS CDKͰͷαϯϓϧ Amazon ECS/AWS Fargateʹඞཁͳߏ੒͕AWS CDKͰίʔυԽ͞ΕಡΉ͜ͱͰ࡞Γํ͕෼͔Δ※ CDK PipelinesΛ࢖͍CI/CDΛߏ੒ͯ͠σϓϩΠ͢Δํ๏͕෼͔ΔɻҎԼ͸ߏ੒ͷࢀߟ֓ཁਤ ※ https://github.com/aws-samples/baseline-environment-on-aws/tree/main/usecases/guest-webapp-sample

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon ECS/AWS Fargateͷ࿩ͳΒ·ͣ͜ͷຊ https://www.amazon.co.jp/AWSίϯςφઃܭɾߏங-ຊ֨-ೖ໳-גࣜձࣾ໺ଜ૯߹ݚڀॴ/dp/4815607656 • Amazon ECS΍AWS FargateΛબఆ͢Δࡍͷج४ ηΩϡϦςΟɺߏஙɺӡ༻ઃܭɺߏஙͷϋϯζΦϯͳͲ ͜Ε͔Β࢝ΊΔ࣌ඞཁͳ৘ใ͕هࡌ • ωοτ্ͷ֤ॴʹ఺ࡏ͍ͯͨ͠ϕετϓϥΫςΟε΍ ϊ΢ϋ΢͕΄΅͜ͷ1࡭ʹڽॖ • ຊ౰ʹࠓݱ৔Ͱඞཁͱ͞Ε͍ͯΔ஌͕ࣝू໿ (ࣗ෼΋Ҋ݅લʹಡΜͰཧղ͕ਂ·ͬͨ෦෼ଟ਺) • AWS্Ͱίϯςφ࢝ΊΔͱͳͬͨΒͱΓ͋͑ͣ ങͬͱ͚ͱݴ͑Δ1࡭

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. ຊൃදͰ࿩͢͜ͱ/໨ඪ AWS CDK + Amazon ECS/AWS Fargateߏ੒΍CI/CDߏஙͷͨΊͷྑ࣭ͳίϯςϯπ͸طʹ͋Δ ͕ͩݱ࣮Ͱ͸໎͏෦෼΋ଟ͍ͷͰ࣮ࡍʹ໎ͬͨ෦෼Λ঺հ͠ߏஙͷ্ͰͷצॴΛ཈͑ʹ͍͘ ࢹௌର৅ऀ • AWS Cloud Development Kit (CDK) Λ࢖ͬͨ͜ͱ͕͋Δ • Amazon ECSɺAWS FargateͳͲAWSͷίϯςφؔ࿈ٕज़ͷجຊ͸೺Ѳ͍ͯ͠Δ • ίϯςφಛ༗ͷΠϝʔδλάͷ؅ཧɺCI/CDͳͲ͸Ͳ͏૊Ί͹ྑ͍͔೰Ή ໨ඪ • Amazon ECS on AWS Fargate ͱAWS CDKͰΞϓϦΛσϓϩΠ/ӡ༻͢Δࡍͷߟྀ఺͕େମ෼͔Δ • ݱঢ়ͷ՝୊ʹ͍ͭͯཧղٕͯ͠ज़બఆͰ͖Δ

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CDK ͔ Terraform ͔ AWS CDKͷར఺ • ίϯςφͷϏϧυपΓ΋AWS CDKͷίʔυ಺ʹؚΊΔ͜ͱͰAWS CDKʹดͯ͡؅ཧ͠΍͍͢ • ൚༻తͳϓϩάϥϛϯάݴޠͰهड़Ͱ͖ɺಠࣗDSLΛ֮͑Δඞཁ͕ͳ͍ • ΑΓએݴతͳهड़͕ՄೳͰϩʔϧͷ؅ཧͳͲ͕͠΍͍͢ AWS CDKͷܽ఺ • AWS CDKʹؚΉϦιʔεΛ੾Γ཭ͤͳ͍ͷͰɺΠϯϑϥͱΞϓϦͷσϓϩΠΛ෼཭͢Δ৔߹ ΠϯϑϥଆͷϦιʔεσϓϩΠ࣌ʹλεΫఆٛΛಉظͤ͞ΔͳͲ޻෉͕ඞཁ • ͔ͳΓ޻෉͢Ε͹Ϧιʔεߋ৽ͱ੾Γ཭͢͜ͱ͸Ͱ͖ΔʢBlue/GreenσϓϩΠͰ঺հʣ

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CDK ͔ Terraform ͔ Terraformͷར఺ • λεΫఆٛͳͲΛignore_changesͰTerraformͷσϓϩΠϥΠϑαΠΫϧ͔Β੾Γ཭ͤΔͷͰ ΞϓϦͷσϓϩΠΛ෼཭͠΍͍͢ • ࠷ॳͷߏ੒ཁૉ͕ൺֱతগͳ͍ͷͰϓϩάϥϜະܦݧऀ͕ଟ͍৔߹͸࢝Ί΍͍͢ Terraformͷܽ఺ • ignore_changesʹઃఆͨ͠λεΫఆٛઃఆͳͲͷॳظઃఆ͕ϑΝΠϧʹ࢒Γݱঢ়ͱҧ͏ઃఆ͕ ࢒Γଓ͚ΔɻTerraform୯ମΛݟ͚ͨͩͰ͸ݱࡏͷλεΫఆٛͷઃఆ͕෼͔Βͳ͍ • ecspressoͳͲผͷσϓϩΠπʔϧͱͷซ༻͕΄΅ඞਢʹͳΔ

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. ίϯςφΠϝʔδͷબఆ ҰൠతͳLinuxσΟετϦϏϡʔγϣϯͷίϯςφΠϝʔδΛ࢖༻͢Δͱ ෆཁͳύοέʔδ͕੬ऑੑݕ஌πʔϧʹҾ͔͔ͬΓɺΞοϓσʔτ΍मਖ਼ͷස౓͕૿͑΍͍͢ Amazon InspectorV2ͷεΩϟϯ݁Ռɿͱ͋ΔΠϝʔδͷlatest൛Λऔಘޙɺ໿3ϲ݄΄Ͳ์ஔͨ͠΋ͷ

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. ίϯςφΠϝʔδͷબఆ ύοέʔδʹΑΔ੬ऑੑ΍੬ऑੑରԠͷෛ୲Λ࠷খԽ͢ΔͨΊɺ࠷௿ݶͷύοέʔδͷΈؚ͕·ΕΔ alpine ΍ slimɺdistroless ͳͲͷΠϝʔδΛબ୒͢Δ͜ͱ͕ྑ͍ͱ͞Ε͍ͯΔ ݱ࣮Ͱͷ஫ҙ఺ • ։ൃதʹঢ়ଶΛௐ΂Δπʔϧ͕ೖ͍ͬͯͳ͍΋ͷ΋͋ΓσόοάͳͲͷखؒ͸͔ͳΓ૿͑Δ • ΠϝʔδαΠζ͸ݮΔ͕ґଘؔ܎ͷղܾ΍μ΢ϯϩʔυʹΑͬͯϏϧυʹ͕͔͔࣌ؒΔ৔߹΋ σόοάͷखؒ΁ͷରࡦʢӈهϒϩά͔ΒҰ෦ൈਮʣɿ • σόοά༻ͷπʔϧʢpsɺvimͳͲʣͷಋೖ • Ұ࣌తʹϕʔεΠϝʔδΛfatͳ΋ͷʹೖΕସ͑ͯ໰୊ͷ੾Γ෼͚ • Docker Execʢdistroless ͳΒshellͷ࣋ͪࠐΈ͔Β࣮ࢪʣ https://iximiuz.com/en/posts/docker-debug-slim-containers/

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. ϩά؅ཧ༻αΠυΧʔ ϩάग़ྗΛ୯ମͰAmazon CloudWatch Logsʹྲྀ͢ͱεέʔϧͨ͠ࡍʹߴֹʹͳΔՄೳੑ͕͋ΔͷͰ Fluentbit/FluentdͳͲͷαΠυΧʔΛ࢖͍ɺϩάग़ྗΛ੾Γସ͑Δ ։ൃ͸σόοά࣌஗ԆճආͷͨΊɺຊ൪͸Τϥʔ௨஌ͷͨΊAmazon CloudWatchͷซ༻΋͋Γ FluentBit Fluentd Amazon ECS Container Sidecar Container Amazon CloudWatch Amazon Kinesis Data Firehose Amazon Simple Storage Service (Amazon S3) Amazon Athena ։ൃ/ӡ༻ऀ σόοά΍Τϥʔ֬ೝ ໰୊ൃੜ࣌ͷΈௐࠪ Dev؀ڥ or ERROR INFO Τϥʔ௨஌

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. ίϯςφΛσϓϩΠ͢Δ·Ͱͷઃܭ ίϯςφΛCI/CD؀ڥ͔ΒσϓϩΠ͢Δ৔߹ɺେ·͔ʹҎԼͷաఔʹͳΔʢԼਤ͸֓ཁྫʣ 1. ίϯςφΠϝʔδͷϏϧυ 2. Πϝʔδ΁ͷλά෇͚ 3. ΠϝʔδΛϨδετϦʹϓογϡ 4. ϨδετϦ͔ΒΠϝʔδΛϓϧ/࣮ߦ Code Repo Amazon ECR Amazon ECS 4.Pull Image 3.Image Push AWS CodePipeline AWS CodeBuild 1.Image Build Event AWS CDK Update 2.Add Tag

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. ίϯςφΛσϓϩΠ͢Δ·Ͱͷઃܭ ίϯςφΛϏϧυͯ͠σϓϩΠ͢Δ·ͰͷաఔΛҎԼͷ߲໨Ͱݕ౼͢Δ 1. ίϯςφΠϝʔδΛԿͰϏϧυ͢Δ͔ 2. Πϝʔδ΁ͷλά෇͚ͷํ๏ 3. ίϯςφϨδετϦͷϦϙδτϦ؅ཧ • ཧ૝తͳίϯςφϨδετϦͷϦϙδτϦ؅ཧ • ݱ࣮Ͱ௚໘͢Δ՝୊ 4. ίϯςφͷσϓϩΠํ๏ • σϓϩΠํ๏ͷछྨʢϩʔϦϯάΞοϓσʔτɺBlue/Green σϓϩΠ) • ཧ૝ͷσϓϩΠํ๏ • ݱ࣮Ͱબ୒ͨ͠σϓϩΠํ๏

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. ίϯςφΠϝʔδΛԿͰϏϧυ͢Δ͔ Amazon ECSͰίϯςφΛσϓϩΠ͢ΔͨΊʹ͸ΠϝʔδͷϏϧυ͕ඞཁ ཧ૝ɿAWS LambdaͷNodeJsFunctionʹࣅͨόϯυϧ/σϓϩΠػೳ͕ඪ४ύοέʔδʹೖ͍ͬͯΔ ݱ࣮ɿඪ४ύοέʔδ͕ඍົʹ࢖͍ͮΒ͍ AWS CDKܦ༝ͰσϓϩΠ͢Δ৔߹ͷύλʔϯͷྫ • aws-ecr-assets/DockerImageAssetΛ࢖͏ํ๏ • Stack.synthesizer.addDockerImageAssetΛ࢖͏ํ๏ • ֎෦ύοέʔδͷcdk-ecr-deploymentΛ࢖͏ํ๏ • ΧελϜϦιʔε͔ΒAWS CodeBuildΛ࢖͏ํ๏ ΞϓϦίʔυͱΠϯϑϥίʔυΛ੾Γ཭͢৔߹ͳͲ͸ผ్CI/CDαʔϏε্Ͱ ௚઀DockerίϚϯυΛ࣮ߦͯ͠Ϗϧυ͢Δํ๏ͳͲ΋͋Δ͕লུ

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. aws-ecr-assets/DockerImageAsset Λ࢖͏ํ๏ AWS CDKͷඪ४ύοέʔδʹؚ·Ε͍ͯΔDockerImageAssetΛར༻͢Δ ར఺ • AWS CDKͷඪ४ύοέʔδͰΠϝʔδͷϏϧυ/ϓογϡ͕׬݁͢Δ ܽ఺ • ϓογϡઌͷAmazon ECRͷϦϙδτϦΛࢦఆͰ͖ͳ͍ͨΊɺࣗಈੜ੒͞Ε໊ͨલʹͳΔ • Πϝʔδλά໊ΛࢦఆͰ͖ͳ͍ͨΊɺιʔεΛτϨʔεͮ͠Β͍ const ecrAssets = new ecr_assets.DockerImageAsset(this, `${id}-DockerImageAsset`, { // Dockerfile΍ιʔε͕͋ΔσΟϨΫτϦΛࢦఆ directory: path.join(__dirname, `../assets/${props.envName}/sample-app`), });

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Stack.synthesizer.addDockerImageAssetΛ࢖͏ํ๏ AWS CDKͷඪ४ύοέʔδʹؚ·Ε͍ͯΔStack.synthesizer.addDockerImageAssetΛར༻͢Δ ར఺ • AWS CDKͷඪ४ύοέʔδͰΠϝʔδͷϏϧυ/ϓογϡ͕׬݁͢Δ ܽ఺ • ࠓ͸ϓογϡઌͷAmazon ECRͷϦϙδτϦΛࢦఆͰ͖ͳ͍ʢิ଍ࢀরʣ • Πϝʔδλά໊ΛࢦఆͰ͖ͳ͍ ิ଍ɿ ੲ͸ϓογϡઌͷϦϙδτϦΛࢦఆͰ͖͕ͨɺDockerAssetsͷѻ͍Λ؆ૉԽ͢Δ࣮૷Ͱ ɹɹɹ ϦϙδτϦ໊ͷࢦఆ͸DeprecatedͱͳΓAWS CDK v2Ͱ͸࢖༻ෆՄͱͳͬͨ ※ ※ https://github.com/aws/aws-cdk/commit/b52b43ddfea0398b3f6e05002bf5b97bc831d1a7 this.synthesizer.addDockerImageAsset({ // Dockerfile΍ιʔε͕͋ΔσΟϨΫτϦΛࢦఆ directoryName: path.join(__dirname, `../assets/${props.envName}/sample-app`), });

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. ֎෦ύοέʔδͷcdk-ecr-deploymentΛ࢖͏ํ๏ ར఺ • ΠϝʔδΛϓογϡ͢ΔઌͷϦϙδτϦ΍Πϝʔδλά໊ΛࢦఆͰ͖Δ • AWS CDK։ൃνʔϜ͕อक͍ͯ͠ΔύοέʔδͰAWS CDKຊମʹऔΓࠐ·ΕΔՄೳੑ΋͋Δ ܽ఺ • ࠷ॳͷผͷϦϙδτϦʹΠϝʔδΛϓογϡͨ͠ޙɺίϐʔ͞ΕΔͷͰ AWS CDK؅ཧͷϦϙδτϦͱࢦఆͷϦϙδτϦͷ2ՕॴʹΠϝʔδ͕Ͱ͖2ഒͷྉ͕͔͔ۚΔ EcrDeployment: https://github.com/cdklabs/cdk-ecr-deployment const ecrAssets = new ecr_assets.DockerImageAsset(this, `${id}-DockerImageAsset`, { directory: path.join(__dirname, `../assets/${props.envName}/sample-app`), }); new ECRDeployment(this, `${id}-DeployDockerImage`, { src: new DockerImageName(ecrAssets.imageUri), dest: new DockerImageName( `${props.env?.account}.dkr.ecr.${props.env?.region}.amazonaws.com/${ecrRepository.repositoryName}:${tagName}` ), })

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. ΧελϜϦιʔε͔ΒAWS CodeBuildΛ࢖͏ํ๏ ΧελϜϦιʔεͷAWS LambdaΛܦ༝͠ AWS CodeBuildΛ࣮ߦͯ͠Ϗϧυ/ϓογϡ ར఺ • AWS CodeBuildͰϏϧυ؀ڥΛৄࡉʹ ઃఆՄೳ • Πϝʔδͷෳ਺ϦϙδτϦอଘ͕ෆཁ • AWS͕ఏڙ͢Δࢀߟ࣮૷͕͋Δ※ ܽ఺ • 2ճ໨Ҏ߱ͷσϓϩΠΛ࣮ߦ͢ΔͨΊ ελοΫͷมߋࠩ෼Λڧ੍తʹ࡞ΔͳͲ ޻෉͕ඞཁ // CI/CDαʔϏε্͔ΒCDKͷCLI࣮ߦ࣌ʹࠓճ෇͚Δλά໊ΛελοΫʹ౉͢ const imageTag = props.imageTag; // ڧ੍σϓϩΠύλʔϯ1 // AwsCustomResourceͰid໊ʹλά໊(imageTag)Λ௥Ճ͠ຖճLambdaΛߋ৽͢Δ const project = new codebuild.Project(this, `${id}-project`, { source: codebuild.Source.s3({ … }); new cr.AwsCustomResource(this, `${id}-startBuilds-${imageTag}`, { … onCreate: sdkcallForStartBuild, onUpdate: sdkcallForStartBuild, }); // ڧ੍σϓϩΠύλʔϯ2 // Lambda͸ผ్࡞ΓɺΧελϜϦιʔεͷpropertiesʹtagNameΛ෇͚Δ const provider = new cr.Provider(this, "Provider", { onEventHandler: containerStartBuildLambda, // ࡞੒ࡁLambdaΛࢦఆ }); new cdk.CustomResource(this, "Custom::EcsDeploy", { serviceToken: provider.serviceToken, properties: { imageTag }, }); ※ https://github.com/aws-samples/baseline-environment-on-aws/blob/main/usecases/guest-webapp-sample/lib/blea-build-container-stack.ts

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Πϝʔδ΁ͷλά෇͚ͷํ๏ Πϝʔδλά͸Πϛϡʔλϒϧ(มߋෆՄ)ͳλάΛ෇͚Δ͜ͱ͕ਪ঑͞Ε͍ͯΔ • Amazon ECS ͷϕετϓϥΫςΟεΨΠυ-λεΫͱίϯςφͷηΩϡϦςΟͷ಺༰Λཁ໿ • Amazon ECR ͰෆมλάΛ࢖༻͢Δ※1 • λάͷ্ॻ͖Λ๷ࢭ͢Δ͜ͱͰ߈ܸऀ͕ಉ͡λάͰΠϝʔδͷ৵֐͞ΕͨόʔδϣϯΛ push͢Δ͜ͱΛ๷͙ • NIST SP800-190 ΞϓϦέʔγϣϯίϯςφηΩϡϦςΟΨΠυ͔ΒҾ༻※2 • ݹ͘ͳͬͨΠϝʔδΛ࢖༻͢ΔϦεΫ͸ɺ2 ͭͷجຊతͳํ๏Ͱܰݮ͢Δ͜ͱ͕Ͱ͖Δ(தུ) Ұͭ໨ͷํ๏͸ɺ૊৫͕ɺ ΋͏࢖༻͢Δ͜ͱ͕ͳ͍ɺ੬ऑੑ͕͋ͬͯ҆શͰ͸ͳ͍Πϝʔδͷ ొ࿥Λ࡟আ(தུ)2 ͭ໨ͷํ๏͸ɺӡ༻ ϓϥΫςΟεʹ͓͍ͯɺ࢖༻͢ΔΠϝʔδͷݸผͷ όʔδϣϯΛಛఆ͢ΔΠϛϡʔλϒϧͳ໊લΛ࢖༻ͯ͠ΠϝʔδʹΞΫηε͢Δ͜ͱ ※1 https://docs.aws.amazon.com/ja_jp/AmazonECS/latest/bestpracticesguide/security-tasks-containers.html ※2 https://www.ipa.go.jp/files/000085279.pdf

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Πϛϡʔλϒϧͳλά෇͚Λߦ͏ํ๏ Πϛϡʔλϒϧͳλά໊ͷΑ͋͘Δ෇͚ํ • ΠϝʔδλάʹGitHubͳͲͷίϛοτϋογϡΛ࢖༻͠ιʔεͱΠϝʔδΛ࿈ಈ • ηϚϯςΟοΫόʔδϣχϯάΛ࢖༻ ֎෦഑෍ͷ৔߹͸ɺߋ৽Λ෼͔Γ΍͘͢͢ΔͨΊύοέʔδͷΑ͏ʹόʔδϣϯ൪߸Λ෇͚Δ GitHubͷRelease TagΛ࢖ͬͯΔ৔߹ɺҰகͤ͞ΔͱτϨʔε͠΍͍͢ CI/CDͷதͰGitHubͷίϛοτϋογϡΛλάʹ෇༩͢Δํ๏ͷྫ • AWS CodeBuild ͷ৔߹ɿCODEBUILD_RESOLVED_SOURCE_VERSIONఆ਺Λऔಘ • GitHub Actionsͷ৔߹ɿgithub.shaͰίϛοτϋογϡΛऔಘ

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CDK͸جຊAWS CloudFormationґଘͳͷͰϦιʔεͷ੾Γ཭͕͠Ͱ͖ͳ͍ ΞϓϦͱΠϯϑϥͷCI/CDΛผͰ࡞Δ৔߹ɺιʔε΍λεΫఆٛͷಉظ͕ඞཁɻҎԼ͸ࣦഊྫ ΠϛϡʔλϒϧλάͰى͖Δ໰୊ AWS CodePipeline AWS CodePipeline App༻ Infra༻ tag: 123456 σϓϩΠ1ճ໨ AWS CodePipeline AWS CodePipeline App༻ Infra༻ tag: asdfgh σϓϩΠ2ճ໨Ҏ߱ AWS CodePipeline AWS CodePipeline App༻ Infra༻ tag: 789012 InfraଆͰλεΫఆٛߋ৽࣌ ݹ͍assets͕ σϓϩΠʁ Task Definition Task Definition read/update Task Definition update create

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. ҎԼͷΑ͏ʹλάΛAWS Systems ManagerͷύϥϝʔλετΞʹొ࿥ͯ͠λάΛಉظͤ͞Δ͜ͱͰ ઌ૆ฦΓΛ๷͙ɻҎԼ͸InfraଆͰλεΫఆٛߋ৽࣌Ͱ΋࠷৽ͷλάΛࢀরͯ͠ಉظ͢Δྫ Πϛϡʔλϒϧλά໰୊ͷରࡦྫ AWS CodePipeline AWS CodePipeline σϓϩΠ1ճ໨ AWS CodePipeline AWS CodePipeline σϓϩΠ2ճ໨Ҏ߱ AWS CodePipeline AWS CodePipeline App༻ Infra༻ App༻ Infra༻ App༻ Infra༻ InfraଆͰλεΫఆٛߋ৽࣌ tag: 123456 Task Definition AWS Systems Manager write tag create tag: asdfgh Task Definition read/update AWS Systems Manager write tag AWS Systems Manager tag: asdfgh Task Definition read tag update ↑ Image Push΋࣮ߦ͠ͳ͍Α͏ʹઃܭ

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. ཧ૝తͳίϯςφϨδετϦͷϦϙδτϦ؅ཧ ։ൃ͸։ൃͰಠཱ͠ɺݕূ/ຊ൪؀ڥ༻ͷΠϝʔδ͸ڞ༗͞ΕΔ Ϗϧυޙʹݕূͨ͠ΠϝʔδͰຊ൪؀ڥʹ΋σϓϩΠͰ͖ɺϏϧυ࣌ͷࣄނΛݮΒͤΔ Amazon ECR ։ൃ؀ڥ Amazon ECS Amazon ECS Amazon ECR ݕূ؀ڥ ຊ൪؀ڥ Amazon ECS Amazon ECR Replication Code Repo Pull Image Push Image Pull Image Image Pull Event Image Push AWS CodePipeline AWS CodeBuild CI/CD؀ڥ

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. ݱ࣮Ͱߟ͑ΔϦϙδτϦ౷Ұ࣌ͷ՝୊ ݕূ/ຊ൪Ͱ؀ڥ͝ͱͷࠩ෼Λٵऩ͢ΔͨΊɺ֎෦ʹઃఆΛ੾Γग़͢ඞཁ͕͋Δɻ Amazon ECR ݕূ؀ڥ Code Repo ҎԼͷ؀ڥࠩҟΛͲ͏෼͚Δͷ͔ • ؀ڥݻ༗৘ใ(SaaS઀ଓઌͳͲʣ • ೝূ৘ใ(DBͳͲ) • ػೳ(Feature Flag) ؀ڥࠩ෼ΛਤͷΑ͏ʹ؀ڥଆͷ αʔϏεʹԡ͠ࠐΊ͹Մೳ ※ϑϨʔϜϫʔΫ͕Ϗϧυ࣌ʹ ఆ਺ΛຒΊࠐΉͷͰ೉͍͠৔߹΋… AWS Secrets Manager AWS Systems Manager Parameter Store AWS AppConfig Image ؀ڥݻ༗৘ใࢀর ೝূ৘ใࢀর ػೳࠩҟࢀর Push

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. ݱ࣮ͰબΜͩϦϙδτϦ؅ཧ Ϋϥ΢υ׳Ε͍ͯ͠Δϝϯόʔ͕গͳ͔ͬͨͨΊɺ࠷௿ݶ Secrets ManagerͳͲͰηΩϡΞͳ৘ใ͸ ෼཭͠ΠϝʔδࣗମͷϏϧυ͸ݸผʹ࣮ࢪɻpackage-lock.jsonͳͲͰؔ࿈͢Δύοέʔδ͸ݻఆԽ Amazon ECR ։ൃ؀ڥ Amazon ECS Amazon ECS Amazon ECR ݕূ؀ڥ ຊ൪؀ڥ Amazon ECS Amazon ECR Code Repo Pull Image Push Image Pull Image Image Pull Event CodePipeline CodeBuild Image Push CodePipeline CodeBuild Event Image Push CodePipeline CodeBuild Event Secrets Manager ࢀর Secrets Manager ࢀর Secrets Manager ࢀর

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. ίϯςφͷσϓϩΠํ๏ Amazon ECS͕ఏڙ͢ΔσϓϩΠํ๏ʹ͸େ·͔ʹ2छྨ͋Δ • ϩʔϦϯάΞοϓσʔτ • ݹ͍ίϯςφΛՔಇͤͭͭ͞৽͍͠ίϯςφΛσϓϩΠ͢Δɻঃʑʹ৽͍͠ίϯςφʹ τϥϑΟοΫΛྲྀ͠ɺݹ͍ίϯςφΛLB͔Β੾Γ཭ͯ͠ఀࢭ͠ೖΕସ͑Δ • Blue/GreenσϓϩΠ • Blue؀ڥʢݹ͍ʣͱGreen؀ڥʢ৽͍͠ʣΛҰఆ࣌ؒฒߦͰՔಇͯ͠ೖΕସ͑Δ Τϥʔ΍໰୊ൃੜ࣌ʹࣗಈ/खಈͰଈ࠲ʹ੾Γ໭ͤΔɻAWS CDK(AWS CloudFormation)Λ ࢖ͬͨAmazon ECSͷBlue/Green σϓϩΠʹ͸ҎԼͷ2छྨ͕͋Δ • CloudFormationHookΛ࢖͏ํ๏ ɿAWS CloudFormationͷಈ࡞ʹ࿈ಈ • CodeDeploy୯ମΛ࢖͏ํ๏ɿAWS CloudFormationͱͷ࿈ಈΛҰ෦੾Δ ※ https://github.com/aws-samples/baseline-environment-on-aws/blob/main/usecases/guest-webapp-sample/lib/blea-build-container-stack.ts

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. ϩʔϦϯάΞοϓσʔτ ఀࢭ࣌ؒͳ͠Ͱݹ͍ίϯςφΛঃʑʹ৽͍͠ίϯςφʹೖΕସ͍͑ͯ͘ ҎԼ͸ minHealthyPercent:50% maxHealthyPercent:200% DesiredCount:2 ͷ৔߹ ※஫ҙɿCPU/ϝϞϦ࢖༻཰ͷߴ͍λεΫͷ৔߹͸ɺminHealthyPercent:100%ͰσϓϩΠ͢Δ͜ͱ Ord Task New Task Application Load Balancer σϓϩΠલ Application Load Balancer σϓϩΠத Application Load Balancer σϓϩΠத Stopped Task ࣌ؒ ܦա ࣌ؒ ܦա

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon ECSͷBlue/GreenσϓϩΠ Blue؀ڥʢݹ͍ʣͱGreen؀ڥʢ৽͍͠ʣΛҰఆ࣌ؒฒߦͰՔಇ͠LBͰτϥϑΟοΫΛ੾Γସ͑Δ Τϥʔ΍໰୊ൃੜ࣌ʹࣗಈ΍खಈͰଈ࠲ʹ੾Γ໭͢͜ͱ͕Ͱ͖Δ Ord Task New Task Application Load Balancer σϓϩΠલ Application Load Balancer σϓϩΠத(ଈ੾Γ໭͠Մೳ) Application Load Balancer σϓϩΠ׬ྃ ࣌ؒ ܦա ࣌ؒ ܦա Traffic Traffic Traffic Stopped Task

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. ૝૾ͨ͠ཧ૝ͷσϓϩΠํ๏ ίϯςφΛBlue/GreenσϓϩΠͰো֐ൃੜ࣌ʹ͸ଈ࠲ʹ੾Γ໭ͤΔɻσϓϩΠ͸AWS CDKͰ׬݁͠ AWS CDKͷίʔυ͸ՔಇதͷλεΫ/ίϯςφͷঢ়ଶͱҰக͠ɺίʔυ͚ͩݟΕ͹ઃఆ͕෼͔Δ Application Load Balancer Application Load Balancer Application Load Balancer ࣌ؒ ܦա ࣌ؒ ܦա Traffic Traffic Traffic AWS CDK Ord Task New Task Stopped Task

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Blue/GreenσϓϩΠ CloudFormationHookΛ࢖͏ํ๏ AWS CDKͰAmazon ECSͷBlue/GreenσϓϩΠΛߦ͏ࡍɺҎલ(2022/09ࠒ·Ͱ)ਪ঑͞Ε͍ͯͨํ๏ • AWS CloudFormationͷσϓϩΠεςʔλεʹ࿈ಈͯ͠ɺBlue/GreenσϓϩΠΛ࣮ߦ • AWS CloudFormationσϓϩΠதͷεςʔλεͰԿΒ͔ͷΤϥʔ͕ൃੜͨ͠৔߹ AWSCloudFormationͷελοΫ͝ͱϩʔϧόοΫͯ͠ॲཧΛ໭͢͜ͱ͕Ͱ͖Δ AWS CDKͷαϯϓϧ࣮૷͸ެ։͞Ε͍ͯΔ※ ※ https://github.com/aws-samples/aws-reinvent-trivia-game/blob/master/trivia-backend/infra/cdk/ecs-service-blue-green.ts

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Blue/GreenσϓϩΠ CloudFormationHookΛ࢖͏ํ๏ CloudFormationHookΛ࢖͏৔߹ͷߟྀࣄ߲ʢެࣜυΩϡϝϯτΑΓҾ༻˞ʣ • ʮECS ϒϧʔ/άϦʔϯσϓϩΠΛτϦΨʔ͢ΔϦιʔεͷߋ৽ʯͰઆ໌͞Ε͍ͯΔΑ͏ʹɺಛఆͷϦιʔεʹର͢Δߋ৽ͷΈ͕άϦʔϯσϓϩΠΛ։࢝͠·͢ɻ • ʮECS ϒϧʔ/άϦʔϯσϓϩΠΛτϦΨʔ͢ΔϦιʔεͷߋ৽ʯͰઆ໌͞Ε͍ͯΔΑ͏ʹɺάϦʔϯσϓϩΠΛ։࢝͢ΔϦιʔε΁ͷߋ৽ͱଞͷϦιʔε΁ͷߋ৽Λಉ͡ελοΫߋ৽ʹؚΊΔ͜ͱ ͸Ͱ͖·ͤΜɻ • σϓϩΠλʔήοτͱͯ͠ࢦఆͰ͖Δ ECS αʔϏε͸ɺ1 ͚ͭͩͰ͢ɻ • CloudFormation ʹΑͬͯ೉ಡԽ͞Εͨ஋Λ࣋ͭύϥϝʔλ͸ɺάϦʔϯσϓϩΠ࣌ʹ CodeDeploy αʔϏεʹΑͬͯߋ৽Ͱ͖ͣΤϥʔ΍ελοΫͷߋ৽ʹࣦഊ͠·͢ɻ۩ମతʹ͸࣍ͷͱ͓ΓͰ͢ɻ • NoEcho ଐੑͰఆٛ͞Εͨύϥϝʔλɻ • ಈతͳࢀরΛ࢖༻ͯ͠֎෦αʔϏε͔Β஋Λऔಘ͢Δύϥϝʔλɻৄࡉʹ͍ͭͯ͸ɺʮಈతͳࢀরΛ࢖༻ͯ͠ςϯϓϨʔτ஋Λࢦఆ͢ΔʯΛࢀর͍ͯͩ͘͠͞ɻ • ·ͩਐߦதͷάϦʔϯσϓϩΠΛΩϟϯηϧ͢Δʹ͸ɺCodeDeploy ·ͨ͸ ECS Ͱ͸ͳ͘ɺCloudFormation ͰελοΫͷߋ৽ΛΩϟϯηϧ͠·͢ɻৄࡉʹ͍ͭͯ͸ɺʮελοΫߋ৽ͷΩϟϯηϧʯ Λࢀর͍ͯͩ͘͠͞ɻ(ߋ৽͕׬ྃͨ͠ޙʹΩϟϯηϧ͢Δ͜ͱ͸Ͱ͖·ͤΜɻͨͩ͠ɺҎલͷઃఆΛ࢖༻ͯ͠ελοΫΛ࠶౓ߋ৽͢Δ͜ͱ͸Ͱ͖·͢ɻ • ϒϧʔ/άϦʔϯ ECS σϓϩΠΛఆٛ͢ΔςϯϓϨʔτͰ͸ɺग़ྗ஋ͷએݴ΍ଞͷελοΫ͔Βͷ஋ͷΠϯϙʔτ͸ݱࡏαϙʔτ͞Ε͍ͯ·ͤΜɻ • ϒϧʔ/άϦʔϯ ECS σϓϩΠΛఆٛ͢ΔςϯϓϨʔτͰ͸ɺطଘͷϦιʔεͷΠϯϙʔτ͸ݱࡏαϙʔτ͞Ε͍ͯ·ͤΜɻ • ωετ͞ΕͨελοΫϦιʔεΛؚΉςϯϓϨʔτͰ͸ɺAWS::CodeDeploy::BlueGreen ϑοΫΛ࢖༻Ͱ͖·ͤΜɻ • ωετ͞ΕͨελοΫͰ͸ AWS::CodeDeploy::BlueGreen ϑοΫΛ࢖༻Ͱ͖·ͤΜɻ ※ https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/blue-green.html

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Blue/GreenσϓϩΠ CloudFormationHookΛ࢖͏ํ๏ ࣮ࡍʹಈ࡞֬ೝͨ࣌͠ͷಈ͖ɹ˞ݸਓͷݕূͷͨΊؾʹͳΔ৔߹͸࣮ࡍʹಈ࡞ݕূ͍ͯͩ͘͠͞ • ผελοΫఆٛͷVPCͳͲϦιʔεΛprops΍ArnͰݺͼग़ͯ͠࢖༻ˠσϓϩΠࣦഊʢಈతύϥϝʔλ͸࢖༻Ͱ͖ͳ͍ʣ • CfnParameter Λ࢖ͬͯVPCͳͲΛݺͿʢAWS CDKతʹ͸ඇਪ঑ʣˠσϓϩΠ੒ޭ • αʔϏεϩʔϧͷϩʔϧΛArnࢦఆͰݺͼग़ͯ͠HooksͰ࢖༻ˠσϓϩΠࣦഊʢಈతύϥϝʔλ͸࢖༻Ͱ͖ͳ͍ʣ • αʔϏεϩʔϧΛϩʔϧ໊௚ࢦఆͰݺͼग़ͯ͠HooksͰ࢖༻ˠσϓϩΠ੒ޭ • disiredCount୯ମΛมߋˠσϓϩΠࣦഊ • CfnCodeDeployBlueGreenHookͷҰ෦ͷύϥϝʔλΛมߋˠσϓϩΠ੒ޭ͕ͩno changeɻมߋʹ͸Hookͷ࠶࡞੒͕ඞཁ • TransformͱHooksΛίϝϯτΞ΢τͯ͠σϓϩΠ͠ɺ࠶౓ύϥϝʔλมߋޙσϓϩΠˠσϓϩΠ੒ޭ • TransformͱHooksΛίϝϯτΞ΢τͯ͠σϓϩΠޙɺdisiredCountΛมߋˠσϓϩΠࣦഊ αʔϏε/λεΫʹର͢Δૢ࡞ʹ͸ɺHook΍TransformͷίϝϯτΞ΢τ͕ඞཁʹͳΔͷͰखಈσϓϩΠ͕΄΅ඞਢ αʔϏε/λεΫपΓ࠶ઃఆʹ͸ελοΫͷ࠶࡞੒͕ඞཁʹͳΔՄೳੑ͕͋ΔͨΊɺेೋ෼ͳݕূΛߦͬͨޙ࢖༻͢Δ͜ͱ͕͓͢͢Ί ※ https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/blue-green.html

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Blue/GreenσϓϩΠ CodeDeploy୯ମΛ࢖͏ํ๏ AWS CDKͷެࣜυΩϡϝϯτͰ࢖ΘΕͳ͍ͱهࡌ͞Ε͍ͯΔ※1 ͷͰ৮ͬͯͳ͔ͬͨ ࠷ۙAWS CloudFormation(Cfn)पΓͰΞοϓσʔτ͕͋Γࣄ৘͕มΘ͖ͬͯͨ ্هͷهࡌʹରͯ͠૝ఆ͞ΕΔཧ༝ʢएׯԱଌ͋Γʣ • ੲ(গͳ͘ͱ΋2021/3࣌఺·Ͱ)͸CfnͰAWS::CodeDeploy::DeploymentGroupͷ Blue/GreenσϓϩΠʹؔ͢Δύϥϝʔλ͕ઃఆͰ͖ͳ͔ͬͨ※2 ͷͰ্هͷهࡌʹͳͬͨʁ • ݱࡏ͸CfnͰ্هͷύϥϝʔλ͕࢖༻Մೳʹͳͬͨ※3 ͷͰࠓ͸هࡌ͕͋ͬͯͳ͍ʁ AWS CDKଆͷPRͰ࠷ۙL2 ConstructΛ࣮૷ऀ͕͍ΔͷͰࠓޙʹظ଴※4 ͱॻ͍ͨΒϚʔδ͞Εͨ ※1 https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_codedeploy.CfnDeploymentGroup.html Amazon ECS blue/green deployments through CodeDeploy do not use the AWS::CodeDeploy::DeploymentGroup resource. To perform Amazon ECS blue/green deployments, use the AWS::CodeDeploy::BlueGreen hook. See Perform Amazon ECS blue/green deployments through CodeDeploy using AWS CloudFormation for more information. ※2 https://dev.classmethod.jp/articles/cloudformation-with-custom-resource-for-fargate-blue-green-deployment/ ※3 https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/483 ※4 https://github.com/aws/aws-cdk/pull/22295

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Blue/GreenσϓϩΠ CodeDeploy୯ମΛ࢖͏ํ๏ طʹL2ͷ࣮૷ऀʹΑΔαϯϓϧ࣮૷͕ެ։͞Ε͍ͯΔ※ ҎԼ͸αϯϓϧ࣮૷ͷߏ੒ͷ֓ཁਤ AWS CDKͷ؅ཧ͔ΒAWS CodeDeployͱAmazon ECSͷαʔϏε/λεΫఆٛΛ੾Γ཭͢Α͏ʹ࡞Δ ॳճσϓϩΠҎ߱͸AWS CodeDeployͷAPI΍APIΛϥοϓ͍ͯ͠ΔecspressoͳͲ͔ΒσϓϩΠ͢Δ ※ https://github.com/aws-samples/aws-reinvent-trivia-game/blob/master/trivia-backend/infra/codedeploy-blue-green/deployment-setup.ts AWS CloudFormation(Cfn) Stack Stack ALB Amazon VPC Amazon ECS ࢀর Fn.importValueͳͲΛ࢖͍ CDK্ͷࢀরΛ࢒͞ͳ͍ AWS CDK ։ൃ/ӡ༻͕ଓ͘͝ͱʹ AWS CDK্ͷߏ੒ͱ ࣮؀ڥͷߏ੒ʹࠩ෼͕ ग़ΔͷͰ஫ҙ σϓϩΠ σϓϩΠ AWS CodeDeploy

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon ECSͷΈσϓϩΠ͢Δํ๏ ecspresso※1 ͳͲAmazon ECSͷσϓϩΠʹؔ࿈͢Δ࠷খݶͷϦιʔεͷΈΛ؅ཧͰ͖ΔπʔϧΛ࢖͏ ALB/NLB΍IAM RoleͳͲͷίʔυ؅ཧ͸ผ్ߦ͍ɺAmazon ECSͷσϓϩΠͷΈߦ͏ ࡉ͔͘σϓϩΠํ๏Λࢦఆ͍ͨ͠৔߹΍ΠϯϑϥͱΞϓϦͷσϓϩΠΛ෼཭͍ͨ͠৔߹ʹ༗ޮ ҎԼ͸૝ఆ͞ΕΔӡ༻ͷܗʢӡ༻࣌ʹࢀরͰ໰୊͕ൃੜ͠ͳ͍͔͸ཁݕূʣ ※1 https://github.com/kayac/ecspresso ecspressoͰ σϓϩΠΛ࣮ࢪ σϓϩΠࡁͷαʔϏε͕ ࢀরͷΈߦ͏ AWS CloudFormation(Cfn) Stack Stack AWS CodeDeploy ALB Amazon VPC Amazon ECS AWS CDK σϓϩΠ σϓϩΠ

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon ECSͱAWS CDKͷBlue/GreenσϓϩΠʹ͍ͭͯ Amazon ECSͱAWS CDKͰBlue/GreenσϓϩΠΛ࢖͏৔߹ͷྺ࢙Λ஌Γ͍ͨํ͸ҎԼͷissueͷ ίϝϯτཝΛνΣοΫɻCloudFormationHookͷ৔߹Λ࢖͏৔߹Կ͕໰୊ͩͬͨͷ͔ CodeDeploy୯ମ͸͍ͭ࢖͑ΔΑ͏ʹͳͬͨͷ͔ͳͲͷܦҢ͕෼͔Γ·͢ ※ https://github.com/aws/aws-cdk/issues/1559 ໿3೥ڧͷ݄೔Λܦͯ ࠷ۙ(2022/10/28)΍ͬͱΫϩʔζ ຊ౰͸AWS CDKͰܧଓ؅ཧͰ͖Δߏ੒͕ཉ͍͠…

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. ౰࣌બ୒ͨ͠σϓϩΠํ๏ AWS CDKܦ༝ͰͷϩʔϦϯάΞοϓσʔτΛબ୒ɻҎԼ͸બఆཧ༝ • Blue/GreenσϓϩΠ͕౰࣌͸ෆ҆ఆ or ΧελϚΠζ͕ଟ͘ͳΔ • CloudFormationHookͷಈ࡞͕ෆ໌֬ͰAWS CDK/AWS CloudFormation/Hookͷཧղ͕ ૬౰ඞཁɻμ΢ϯλΠϜ͕ͳ͚Ε͹มߋෆՄͳ಺༰΋͋ΓҾ͖ܧ͗ޙͷϦεΫ͕େ͖͍ • ΧελϜϦιʔεͰ࣮૷͢Δํ๏΋͋Δ͕ಠ࣮ࣗ૷͕૿͑Δͱཧղ͕ࠔ೉ʹͳΔ • ϩʔϦϯάΞοϓσʔτͷར఺ΛվΊͯ֬ೝ • σϓϩΠ࣌ʹμ΢ϯλΠϜ͸ൃੜͤͣɺαʔΩοτϒϨʔΧʔͰ࠷௿ݶͷ੾Γ໭͠͸Մೳ • AWS CDKͷίʔυΛݟΔ͚ͩͰAmazon ECSͷαʔϏε/λεΫઃఆΛ֬ೝͰ͖Δ • Blue/GreenσϓϩΠͱͷେ͖ͳҧ͍͸ɺ৽چλεΫͷࠞࡏ΍੾Γ໭࣌͠ͷλΠϜϥά͕ͩ ڐ༰Մೳͱ൑அͯ͠બ୒

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. ϩʔϦϯάΞοϓσʔτ ECSͷαʔϏε෦෼ͷ࣮૷ͰઃఆՄೳʢϩʔϦϯάΞοϓσʔτ͕σϑΥϧτͳͷͰ໌ࣔ͸ෆཁʣ const fargateService = new ecs.FargateService(this, `${id}-FargateService`, { cluster, vpcSubnets: props.myVpc.selectSubnets({ subnetGroupName: "Protected" }), securityGroups: [securityGroupForFargate], taskDefinition: serviceTaskDefinition, desiredCount: 1, // ϩʔϦϯάΞοϓσʔτ࣌ͷڍಈʹӨڹ maxHealthyPercent: 200, minHealthyPercent: 50, // ECS Exec͕ඞཁͳ࣌ͷΈ༗ޮԽ enableExecuteCommand: true, // ECS ServiceͰࢦఆՄೳ(σϑΥϧτ͕ϩʔϦϯάΞοϓσʔτͳͷͰࢦఆͳ͠Ͱ΋Մೳ) deploymentController: { type: ecs.DeploymentControllerType.ECS }, // αʔΩοτϒϨʔΧʔΛ༗ޮԽ͢Δͱɺίϯςφىಈࣦഊ࣌ʹϩʔϧόοΫͰ͖Δ circuitBreaker: { rollback: true }, });

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon ECSͷσϓϩΠΛߴ଎Խ͍ͨ͠৔߹ͷࢀߟ https://toris.io/2021/04/speeding-up-amazon-ecs-container-deployments/ LBͷϔϧενΣοΫ஋ɺίωΫγϣϯυϨΠϯɺ SIGTERMͷ଴ͪ࣌ؒௐ੔ͳͲݕ౼ࣄ߲͕هࡌ ϩʔϦϯάΞοϓσʔτͷಈ͖΍σϓϩΠ଎౓Λվળ͢Δࡍͷߟྀ఺ͳͲ͕ࢀߟʹͳΔ

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon ECSͷσϓϩΠΛߴ଎Խ͍ͨ͠৔߹(։ൃ࣌ͷΈ) https://zenn.dev/intercept6/articles/ed2dfded5aae03 AWS CDKͰ͸Hotswap deployments͕͋ΔͷͰɺ௚઀APIܦ༝Ͱߴ଎ʹλεΫͷߋ৽͕Մೳ ※ ஫ҙɿhotswap deployments͸λεΫ͕Ұ࣌తʹ0ʹͳΔͷͰར༻͸։ൃ͚࣌ͩʹཹΊΔ จதͷtimeίϚϯυʹΑΔܭଌྫ

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. ·ͱΊ • AWS CDK + Amazon ECS on AWS Fargateͷߏ੒ͷྑ࣭ͳίϯςϯπ͸͋Δ͕ݱঢ়Ͱ΋ߟྀ఺͸݁ߏ͋Δ • ίϯςφΛσϓϩΠ͢Δ·Ͱͷઃܭ • ίϯςφΠϝʔδΛԿͰϏϧυ͢Δ͔ • AWS CDKܦ༝ͳΒࠓ͸cdk-ecr-deployment͔ΧελϜϦιʔε+CodeBuild͕༗ྗ • Πϝʔδ΁ͷλά෇͚ͷํ๏ • Πϛϡʔλϒϧͳλά෇͚ͷਪ঑ͱλάͷಉظʹ͍ͭͯղઆ • ίϯςφϦϙδτϦͷ؅ཧ • γϯάϧϦϙδτϦͰ؅ཧ͍͕ͨ͠ݱ࣮͸೉͍͠৔߹΋… • ೉͍͠৔߹͸ผϏϧυͰ࠷௿ݶύοέʔδݻఆ΍ηΩϡΞͳ৘ใ͸֎෦͔Βऔಘ • ίϯςφͷσϓϩΠํ๏ • ҆ఆ͸ϩʔϦϯάΞοϓσʔτɺBlue/GreenσϓϩΠ͸ཁݕূ

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you! © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tomoki Sato [email protected] @tmk2154