Slide 1
Slide 1 text
ϒϩάαʔϏεͷ
HTTPSԽΛࢧ͑ͨ
AWSͰ࡞ΔϐλΰϥεΠον
id:aereal
Slide 2
Slide 2 text
staff.hatenablog.com/entry/2018/06/13/160000
ಠࣗυϝΠϯͰӡ༻͞Ε͍ͯΔϒϩά͕ɺ
HTTPSͰ৴Ͱ͖ΔΑ͏ʹͳΓ·ͨ͠
Slide 3
Slide 3 text
No content
Slide 4
Slide 4 text
͢͜ͱ
• ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ
• എܠͱཁٻ
• ࣮ͷհ
• ্هࣄྫΛݩʹෳࡶͳόον = ϐλΰϥεΠονߏஙͷ
ΤοηϯεΛߟ͑ͯΈΔ
Slide 5
Slide 5 text
ࣗݾհ
• id:aereal
• GitHub: aereal
• Twitter: aereal
• ϒϩά౷߹νʔϜ
ΞϓϦέʔγϣϯΤϯδχΞ
ςοΫϦʔυ
Slide 6
Slide 6 text
എܠ
ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ
Slide 7
Slide 7 text
• ͯͳϒϩάPro (༗ྉϓϥϯ) ʹਃ͠ࠐΉͱ
ಠࣗυϝΠϯͰࣗͷϒϩάΛ৴Ͱ͖Δ
• ݱࡏɺສ୯ҐͷಠࣗυϝΠϯ͕ొɾར༻͞Ε͍ͯΔ
• ͜ΕΒͷಠࣗυϝΠϯͰৗ࣌HTTPS৴͍ͨ͠
Slide 8
Slide 8 text
Let's Encrypt
• ISRG = Internet Security Research Group͕ఏڙ͢Δ
ϓϩάϥϚϒϧʹΞΫηεՄೳͳೝূہ (CA)
• ͜Ε·ͰTLSূ໌ॻΛൃߦ͢Δʹ
ͦͦ͜͜ͷֹۚͱख͕ؒඞཁ͕ͩͬͨɺͦΕΛม͑ͨCA
• LEͷొʹΑΓTLSূ໌ॻͷେྔൃߦ͕ݱ࣮తʹͳͬͨ
Slide 9
Slide 9 text
developer.hatenastaff.com/entry/2018/06/04/140000
ͯͳϒϩάͷHTTPSԽ࣮ࢪʹ͍, Let's
EncryptͷدΛ࣮ࢪ͠·ͨ͠
- Hatena Developer Blog
Slide 10
Slide 10 text
• LEͷొ࿕ใ͕ͩ͜Ε͚ͩͰΓͳ͍
• ສ୯ҐͷTLSূ໌ॻΛཧ͢Δઓज़ɾઓུ͕͚͍ܽͯΔ
• ৴ͱൃߦʹେ͖͚ͯ͘ΈΔ
Slide 11
Slide 11 text
ཁ݅ͷݕ౼: ৴
ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ
Slide 12
Slide 12 text
HTTPS৴: ͓͞Β͍
• ͯͳϒϩάͰສ୯ҐͷಠࣗυϝΠϯ͕ར༻͞Ε͍ͯΔ
• ҰൠతͳWebαΠτӡ༻ͷײ֮ͩͱφʔόε͗͢Δ
• ສ୯Ґͷূ໌ॻΛҰʹಡΈࠐΉͱ
proxyͷϝϞϦ༻ྔ͕ஶ͘͠૿Ճ͢Δ
• proxyͷ࠶ىಈʹ͕͔͔࣌ؒΔ
Slide 13
Slide 13 text
SAN?
• = Subject Alternative Names
1ͭͷূ໌ॻʹෳυϝΠϯΛඥ͚Δ֦ு
• ͔݁Βݴ͏ͱͯͳϒϩάͷέʔεͰ͍͠
• LEͰSANΛར༻͢Δ߹ɺACME challengedns-01ͷΈ
ར༻Ͱ͖Δ (ݱࡏ)
• DNSઃఆ֤ϢʔβʔʹҕͶΒΕΔͷͰࣗಈԽͰ͖ͳ͍
Slide 14
Slide 14 text
ACME?
• ACME: Automated Certificate Management Environment
• ূ໌ॻൃߦͳͲͷ࡞ۀΛ
ࣗಈԽ͢ΔϓϩτίϧΛ·ͱΊ༷ͨ
• ACME challenge: υϝΠϯͷॴ༗ݖݶΛ֬ೝ͢Δํ๏
• Google AnalyticsͷΞϨΈ͍ͨͳͭ
• LE͕ࡦఆɾ࠾༻͍ͯ͠Δ
Slide 15
Slide 15 text
ACME challenge?
• dns-01: υϝΠϯͷTXTϨίʔυʹϫϯλΠϜτʔΫϯΛॻ
͖ࠐΉ
• http-01: CAͷϦΫΤετʹର͠ॴఆͷϨεϙϯεΛฦ͢
• ྫ: /.well-known/TOKEN
• (ଞʹ͍Ζ͍Ζ)
Slide 16
Slide 16 text
HTTPS৴: ͓͞Β͍ (࠶)
• ͯͳϒϩάͰສ୯ҐͷಠࣗυϝΠϯ͕ར༻͞Ε͍ͯΔ
• ҰൠతͳWebαΠτӡ༻ͷײ֮ͩͱφʔόε͗͢Δ
• ສ୯Ґͷূ໌ॻΛҰʹಡΈࠐΉͱ
proxyͷϝϞϦ༻ྔ͕ஶ͘͠૿Ճ͢Δ
• proxyͷ࠶ىಈʹ͕͔͔࣌ؒΔ
Slide 17
Slide 17 text
HTTPS৴: ํ
• ϦΫΤετຖʹূ໌ॻΛબɾಡΈࠐΉ
• ϝϞϦ༻ྔͷ૿Ճ࠶ىಈ࣌ؒͷѱԽΛ͑Δ
• ෳproxyʹରԠ͢ΔͨΊσʔλετΞʹূ໌ॻΛอଘ
• ͔͠ϨΠςϯγΛѱԽͤͣ͞ʹ࣮ݱ͢Δ
• ϩʔΧϧΩϟογϡ
Slide 18
Slide 18 text
ཁ݅ͷݕ౼:ൃߦ
ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ
Slide 19
Slide 19 text
ূ໌ॻൃߦ
• Ұ؏ੑɾཏੑ͕ٻΊΒΕΔ
• ൃߦʹࣦഊ͠ଓ͚Δͱϒϩά͕ӾཡͰ͖ͳ͘ͳΔ
• ແޮͳυϝΠϯΛ์ஔ͍͚ͯ͠ͳ͍
• ཁٻߴ͍͕ෆ࣮֬ੑߴ͍
• ূ໌ॻΛߋ৽͢ΔࡍɺυϝΠϯʹର͠εέʔϧ͢Δ͜ͱ
Slide 20
Slide 20 text
ແޮͳυϝΠϯͷআ
• ແޮͳυϝΠϯ = ඞͣACME challengeʹࣦഊ͢Δ
• LEʹΞΧϯτ * time window͝ͱʹࣦഊͷ্ݶ͕͋Δ
• ์ஔ͢ΔͱඞͣAPI limitʹ͋ͨͬͯ͠·͏
• ࣦഊͨ͠υϝΠϯඞͣআ
Slide 21
Slide 21 text
ূ໌ॻൃߦ: ෆ࣮֬ੑ
• υϝΠϯͷ༗ޮੑมΘΓ͏Δ
• ՝ۚऴྃ
• DNSϨίʔυҟৗ
• ֎෦API = LEͱͷ౷߹
• API Limit
• దͳϦτϥΠͱΤϥʔϦΧόϦ͕ඞਢ
Slide 22
Slide 22 text
ূ໌ॻൃߦ: εέʔϥϏϦςΟ
• ରυϝΠϯͷ૿Ճʹର͠εέʔϧ͢ΔΈʹ͍ͨ͠
• SELECT * FROM custom_domain WHERE id > ?
Έ͍ͨͳΫΤϦආ͚͍ͨ
• υϝΠϯ͕૿͑Δͱϖʔδϯά͕ඞཁ
• ࣮ߦ్தͰࣦഊͨ͠ΒɺϦτϥΠΩϡʔʹೖΕ͢Α͏
ͳΛڽΒ͞ͳ͍ͱ͍͚ͳ͘ͳΔ
Slide 23
Slide 23 text
γεςϜͷཁ݅: ·ͱΊ
• ϦΫΤετຖʹূ໌ॻΛऔಘɾ༻
• Ͱ͖Δ͚ͩϨΠςϯγͰ
• Τϥʔੑ͕ߴ͍
• ࣦഊͨ͠ΒऔಘରͷυϝΠϯ͔Β֎͢
• ֎෦API௨৴ͷΤϥʔΛదʹॲཧͰ͖Δ
• υϝΠϯͷ૿Ճʹεέʔϧ͢Δ
Slide 24
Slide 24 text
γεςϜͷհ
ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ
Slide 25
Slide 25 text
cert-dispatcher
cert-cache-gw
cert-store
cert-cache
User Blog
HTTP ssl_handshake_handler
HTTP
Get/Set Get
৴
Slide 26
Slide 26 text
৴γεςϜ
• ngx_mruby: ূ໌ॻಡΈࠐΈ࣌ʹmrubyͷίʔυΛ࣮ߦ
• cache gatewayHTTP GET͢Δ͚ͩ
• https://github.com/matsumotory/ngx_mruby
• cache gateway (Go): HTTP GET͢Δͱূ໌ॻΛฦ͢
• DynamoDB: ূ໌ॻΛอଘ͢ΔσʔλετΞ
Slide 27
Slide 27 text
cache gateway
• AWS (DynamoDB) APIݺͼग़͠ΛHTTP APIʹม͑Δ
• mrubyʹAWS SDK͕ͳ͍
• ಉډ͢ΔmemcachedʹಡΈॻ͖͠ɺ
DynamoDBͷΞΫηεΛͰ͖Δ͚ͩݮΒ͢
Slide 28
Slide 28 text
cert-dispatcher
cert-cache-gw
cert-store
cert-cache
User Blog
HTTP ssl_handshake_handler
HTTP
Get/Set Get
৴
Slide 29
Slide 29 text
cert-dispatcher
cert-cache-gw
cert-store
cert-cache
User Blog
HTTP ssl_handshake_handler
HTTP
Get/Set Get
৴
Slide 30
Slide 30 text
cert-dispatcher
cert-cache-gw
cert-store
cert-cache
User Blog
HTTP ssl_handshake_handler
HTTP
Get/Set Get
৴
Slide 31
Slide 31 text
cert-dispatcher
cert-cache-gw
cert-store
cert-cache
User Blog
HTTP ssl_handshake_handler
HTTP
Get/Set Get
৴
Slide 32
Slide 32 text
cert-dispatcher
cert-cache-gw
cert-store
cert-cache
User Blog
HTTP ssl_handshake_handler
HTTP
Get/Set Get
৴
Slide 33
Slide 33 text
৴γεςϜ
• ngx_mrubyΛͬͯϦΫΤετຖʹূ໌ॻΛऔಘͰ͖ͨ
• proxyʹಉډͨ͠memcachedΛ͏͜ͱͰ
DynamoDBͷϦΫΤετΛݮΒ͠ϨΠςϯγΛԼ͛ͨ
Slide 34
Slide 34 text
cert-updater-state cert-updater-function
cert-update-notifier
Let's Encrypt
cert-store cert-lifecycle-store
Blog
HTTP
HTTP
࣮ߦ
࣮ߦ
UpdateItem
UpdateItem
ূ໌ॻൃߦ
࣮ߦ
ূ໌ॻൃߦ
Slide 35
Slide 35 text
ূ໌ॻൃߦγεςϜ
• cert-updater-state: AWS StepFunctions; ֤LambdaΛىಈ
• Τϥʔ༰ʹԠͨ͡ϦΧόϦɾϦτϥΠ (ޙड़)
• cert-updater-function: AWS Lambda; ূ໌ॻΛൃߦɺ
DynamoDBॻ͖ࠐΈ
• cert-update-notifier: Lambda; ൱Λͯͳϒϩά௨
Slide 36
Slide 36 text
No content
Slide 37
Slide 37 text
No content
Slide 38
Slide 38 text
cert-updater-state cert-updater-function
cert-update-notifier
Let's Encrypt
cert-store cert-lifecycle-store
Blog
HTTP
HTTP
࣮ߦ
࣮ߦ
UpdateItem
UpdateItem
ূ໌ॻൃߦ
࣮ߦ
ূ໌ॻൃߦ
Slide 39
Slide 39 text
cert-updater-state cert-updater-function
cert-update-notifier
Let's Encrypt
cert-store cert-lifecycle-store
Blog
HTTP
HTTP
࣮ߦ
࣮ߦ
UpdateItem
UpdateItem
ূ໌ॻൃߦ
࣮ߦ
ূ໌ॻൃߦ
Slide 40
Slide 40 text
cert-updater-state cert-updater-function
cert-update-notifier
Let's Encrypt
cert-store cert-lifecycle-store
Blog
HTTP
HTTP
࣮ߦ
࣮ߦ
UpdateItem
UpdateItem
ূ໌ॻൃߦ
࣮ߦ
ূ໌ॻൃߦ
Slide 41
Slide 41 text
cert-updater-state cert-updater-function
cert-update-notifier
Let's Encrypt
cert-store cert-lifecycle-store
Blog
HTTP
HTTP
࣮ߦ
࣮ߦ
UpdateItem
UpdateItem
ূ໌ॻൃߦ
࣮ߦ
ূ໌ॻൃߦ
Slide 42
Slide 42 text
cert-updater-state cert-updater-function
cert-update-notifier
Let's Encrypt
cert-store cert-lifecycle-store
Blog
HTTP
HTTP
࣮ߦ
࣮ߦ
UpdateItem
UpdateItem
ূ໌ॻൃߦ
࣮ߦ
ূ໌ॻൃߦ
Slide 43
Slide 43 text
cert-updater-state cert-updater-function
cert-update-notifier
Let's Encrypt
cert-store cert-lifecycle-store
Blog
HTTP
HTTP
࣮ߦ
࣮ߦ
UpdateItem
UpdateItem
ূ໌ॻൃߦ
࣮ߦ
ূ໌ॻൃߦ
Slide 44
Slide 44 text
AWS SFn: ϦτϥΠ
"Retry": [
{
"ErrorEquals": ["ErrMaybeRecoverable"],
"IntervalSeconds": 1,
"MaxAttempts": 3,
"BackoffRate": 2.0
}
],
"Catch": [
{
"ErrorEquals": ["States.TaskFailed"],
"Next": "Notify result to Hatena-Epic"
}
],
Slide 45
Slide 45 text
AWS SFn: ϦτϥΠ
"Retry": [
{
"ErrorEquals": ["ErrMaybeRecoverable"],
"IntervalSeconds": 1,
"MaxAttempts": 3,
"BackoffRate": 2.0
}
],
"Catch": [
{
"ErrorEquals": ["States.TaskFailed"],
"Next": "Notify result to Hatena-Epic"
}
],
Slide 46
Slide 46 text
AWS SFn: ϦτϥΠ
"Retry": [
{
"ErrorEquals": ["ErrMaybeRecoverable"],
"IntervalSeconds": 1,
"MaxAttempts": 3,
"BackoffRate": 2.0
}
],
"Catch": [
{
"ErrorEquals": ["States.TaskFailed"],
"Next": "Notify result to Hatena-Epic"
}
],
Slide 47
Slide 47 text
AWS SFn: ϦτϥΠ
"Retry": [
{
"ErrorEquals": ["ErrMaybeRecoverable"],
"IntervalSeconds": 1,
"MaxAttempts": 3,
"BackoffRate": 2.0
}
],
"Catch": [
{
"ErrorEquals": ["States.TaskFailed"],
"Next": "Notify result to Hatena-Epic"
}
],
Slide 48
Slide 48 text
ূ໌ॻൃߦγεςϜ
• AWS StepFunctionsΛͬͯదͳΤϥʔॲཧΛ࣮ݱ
• Ϧιʔε্ݶʹୡ͢ΔͳͲ
ҟৗऴྃͨ࣌͠ଈ࠲ʹ݁ՌΛ௨
• APIݺͼग़ࣦ͠ഊͳͲϦτϥΠՄೳͳ࣌ϦτϥΠ
Slide 49
Slide 49 text
cert-reissue-state cert-reissue-confirmer
cert-updater-state-caller
cert-cleanup-function
Blog
cert-lifecycle-store
cert-update-trigger
cert-updater-state
cert-store
࣮ߦ ࣮ߦ
࣮ߦ
࣮ߦ
࣮ߦ
HTTP
TTL Trigger
DeleteItem
ূ໌ॻൃߦ
(ߋ৽)
Slide 50
Slide 50 text
ূ໌ॻൃߦ: ߋ৽
• DynamoDBͷTTL Trigger͕Lambdaܦ༝ͰSFnΛىಈ
• cert-reissue-confirmer: ͯͳϒϩάʹυϝΠϯ༗ޮੑΛ
͍߹Θͤͯɺߋ৽͢Δඞཁ͕͋Δ͔Λޙଓʹ͑Δ
• cert-cleanup-function: ແޮͳυϝΠϯΛDynamoDB͔Βফ
͢
Slide 51
Slide 51 text
cert-lifecycle-store
(DynamoDB)
Domain: ex1.example.com
ExpiresAt: 2018-05-23T02:00:00
Domain: ex2.example.com
ExpiresAt: 2018-05-23T03:00:00
Domain: ex2.example.com
ExpiresAt: 2018-05-23T04:00:00
Domain: ex2.example.com
ExpiresAt: 2018-05-23T05:00:00
Slide 52
Slide 52 text
cert-lifecycle-store
(DynamoDB)
Domain: ex2.example.com
ExpiresAt: 2018-05-23T03:00:00
Domain: ex2.example.com
ExpiresAt: 2018-05-23T04:00:00
Domain: ex2.example.com
ExpiresAt: 2018-05-23T05:00:00
Slide 53
Slide 53 text
cert-lifecycle-store
(DynamoDB)
Domain: ex2.example.com
ExpiresAt: 2018-05-23T04:00:00
Domain: ex2.example.com
ExpiresAt: 2018-05-23T05:00:00
Slide 54
Slide 54 text
cert-lifecycle-store
(DynamoDB)
Domain: ex2.example.com
ExpiresAt: 2018-05-23T05:00:00
Slide 55
Slide 55 text
cert-lifecycle-store
(DynamoDB)
Slide 56
Slide 56 text
publish
SELECT * FROM ...
࣮ߦ
Slide 57
Slide 57 text
Τϥʔॲཧ͕؆ܿʹ
• όονॲཧͩͱ: औಘͨ͠ෳͷυϝΠϯΛϧʔϓͰॲཧ
• = ॲཧ୯Ґ͕ෳυϝΠϯʹͳΔ
• Ұ෦ͷυϝΠϯ͕ࣦഊͨ࣌͠ɺόονॲཧશମͷ
εςʔλεͲ͏͢Δ? ޭ? ࣦഊ?
• pub/subͩͱ: Ҿͱͯͬͨ͠υϝΠϯ1ͭΛॲཧ͢Δ
• = ॲཧ୯Ґ͕υϝΠϯ1ͭʹͳΔ
Slide 58
Slide 58 text
cert-reissue-state cert-reissue-confirmer
cert-updater-state-caller
cert-cleanup-function
Blog
cert-lifecycle-store
cert-update-trigger
cert-updater-state
cert-store
࣮ߦ ࣮ߦ
࣮ߦ
࣮ߦ
࣮ߦ
HTTP
TTL Trigger
DeleteItem
ূ໌ॻൃߦ
(ߋ৽)
Slide 59
Slide 59 text
cert-reissue-state cert-reissue-confirmer
cert-updater-state-caller
cert-cleanup-function
Blog
cert-lifecycle-store
cert-update-trigger
cert-updater-state
cert-store
࣮ߦ ࣮ߦ
࣮ߦ
࣮ߦ
࣮ߦ
HTTP
TTL Trigger
DeleteItem
ূ໌ॻൃߦ
(ߋ৽)
Slide 60
Slide 60 text
cert-reissue-state cert-reissue-confirmer
cert-updater-state-caller
cert-cleanup-function
Blog
cert-lifecycle-store
cert-update-trigger
cert-updater-state
cert-store
࣮ߦ ࣮ߦ
࣮ߦ
࣮ߦ
࣮ߦ
HTTP
TTL Trigger
DeleteItem
ূ໌ॻൃߦ
(ߋ৽)
Slide 61
Slide 61 text
cert-reissue-state cert-reissue-confirmer
cert-updater-state-caller
cert-cleanup-function
Blog
cert-lifecycle-store
cert-update-trigger
cert-updater-state
cert-store
࣮ߦ ࣮ߦ
࣮ߦ
࣮ߦ
࣮ߦ
HTTP
TTL Trigger
DeleteItem
ূ໌ॻൃߦ
(ߋ৽)
Slide 62
Slide 62 text
cert-reissue-state cert-reissue-confirmer
cert-updater-state-caller
cert-cleanup-function
Blog
cert-lifecycle-store
cert-update-trigger
cert-updater-state
cert-store
࣮ߦ ࣮ߦ
࣮ߦ
࣮ߦ
࣮ߦ
HTTP
TTL Trigger
DeleteItem
ূ໌ॻൃߦ
(ߋ৽)
Slide 63
Slide 63 text
cert-reissue-state cert-reissue-confirmer
cert-updater-state-caller
cert-cleanup-function
Blog
cert-lifecycle-store
cert-update-trigger
cert-updater-state
cert-store
࣮ߦ ࣮ߦ
࣮ߦ
࣮ߦ
࣮ߦ
HTTP
TTL Trigger
DeleteItem
ূ໌ॻൃߦ
(ߋ৽)
Slide 64
Slide 64 text
cert-reissue-state cert-reissue-confirmer
cert-updater-state-caller
cert-cleanup-function
Blog
cert-lifecycle-store
cert-update-trigger
cert-updater-state
cert-store
࣮ߦ ࣮ߦ
࣮ߦ
࣮ߦ
࣮ߦ
HTTP
TTL Trigger
DeleteItem
ূ໌ॻൃߦ
(ߋ৽)
Slide 65
Slide 65 text
cert-reissue-state cert-reissue-confirmer
cert-updater-state-caller
cert-cleanup-function
Blog
cert-lifecycle-store
cert-update-trigger
cert-updater-state
cert-store
࣮ߦ ࣮ߦ
࣮ߦ
࣮ߦ
࣮ߦ
HTTP
TTL Trigger
DeleteItem
ূ໌ॻൃߦ
(ߋ৽)
Slide 66
Slide 66 text
cert-reissue-state
"Determine next state": {
"Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢",
"Type": "Choice",
"Choices": [
{
"Variable": "$.UpdateRequired",
"BooleanEquals": true,
"Next": "Call reissue of certificate"
},
{
"Variable": "$.UpdateRequired",
"BooleanEquals": false,
"Next": "Clean up of certificate"
}
]
},
Slide 67
Slide 67 text
cert-reissue-state
"Determine next state": {
"Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢",
"Type": "Choice",
"Choices": [
{
"Variable": "$.UpdateRequired",
"BooleanEquals": true,
"Next": "Call reissue of certificate"
},
{
"Variable": "$.UpdateRequired",
"BooleanEquals": false,
"Next": "Clean up of certificate"
}
]
},
Slide 68
Slide 68 text
cert-reissue-state
"Determine next state": {
"Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢",
"Type": "Choice",
"Choices": [
{
"Variable": "$.UpdateRequired",
"BooleanEquals": true,
"Next": "Call reissue of certificate"
},
{
"Variable": "$.UpdateRequired",
"BooleanEquals": false,
"Next": "Clean up of certificate"
}
]
},
Slide 69
Slide 69 text
ূ໌ॻߋ৽γεςϜ
• σʔλϑϩʔΛpub/subͰγϯϓϧʹ
• ॳճൃߦߋ৽࣌DynamoDBͷI/O͚͕ͩൃੜ͢Δ
• DynamoDB TTL TriggerΛ׆༻
• ঢ়ଶ = σʔλΛதԝʹू
Slide 70
Slide 70 text
࠶ܝ: ৴γεςϜ
• ngx_mrubyΛͬͯϦΫΤετຖʹূ໌ॻΛऔಘͰ͖ͨ
• proxyʹಉډͨ͠memcachedΛ͏͜ͱͰ
DynamoDBͷϦΫΤετΛݮΒ͠ϨΠςϯγΛԼ͛ͨ
Slide 71
Slide 71 text
࠶ܝ: ূ໌ॻൃߦγεςϜ
• AWS StepFunctionsΛͬͯదͳΤϥʔॲཧΛͰ͖ͨ
• Ϧιʔε্ݶʹୡ͢ΔͳͲ
ҟৗऴྃͨ࣌͠ଈ࠲ʹ݁ՌΛ௨
• APIݺͼग़ࣦ͠ഊͳͲϦτϥΠՄೳͳ࣌ϦτϥΠ
Slide 72
Slide 72 text
ߟ
ϐλΰϥεΠονͷ࡞Γํ
Slide 73
Slide 73 text
ڊେͳόονͷ͠͞
• ࣮ߦεςοϓશ༰ΛѲ͢Δ͜ͱͷ͠͞
• શମͰεςοϓ͕͜Ε͚ͩ͋Δ
• Ͳ͜ͷεςοϓͰࣦഊͨ͠ͷ͔
• ॲཧ୯Ґ͕େ͖͘ͳΓ͕ͪ
• ඞવͱ࣮ߦ࣌ؒҾ͖͕ͪ
• Ұ෦͚ࣦͩഊͨ࣌͠ɺ࣮ߦͷঢ়ଶޭ? ࣦഊ?
Slide 74
Slide 74 text
΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏
ͷϐλΰϥεΠον
• ϫʔΫϑϩʔΤϯδϯͷಋೖ
• ࣮ߦεςοϓશ༰ΛѲ͘͢͠
• ͦΕͱߴʹ౷߹͞Εͨόον࣮ߦڥ͕͋Δͱͳ͓Α͍
• pub/subϞσϧͰରσʔλͷ૿Ճʹର͠εέʔϧͤ͞Δ
• ॲཧ͢Δσʔλ୯ҐΛෳˠ1ͭ
• ͍ͭͰʹσʔλετΞঢ়ଶ͕ڽू͞ΕΔ
Slide 75
Slide 75 text
ׂ౷࣏
• খ͞ͳؔΫϥεΛ࡞ΓɺͦΕΒΛΈ߹ΘͤΔ͜ͱΛ
ීஈ͔Βҙ͍ࣝͯͬͯ͠Δͣ
• ʹؔΘΒͣόον͕ڊେʹͳΓ͕ͪͳͷͳͥͳͷ͔?
• ύϑΥʔϚϯε
• ߹Մೳ (composable) Ͱͳ͍
Slide 76
Slide 76 text
ׂ౷࣏
• খ͞ͳؔΫϥεΛ࡞ΓɺͦΕΒΛΈ߹ΘͤΔ͜ͱΛ
ීஈ͔Βҙ͍ࣝͯͬͯ͠Δͣ
• ʹؔΘΒͣόον͕ڊେʹͳΓ͕ͪͳͷͳͥͳͷ͔?
• ύϑΥʔϚϯε
• ߹Մೳ (composable) Ͱͳ͍
Slide 77
Slide 77 text
߹ՄೳΛࢧ͑Δٕज़
• 2ͭͷεςοϓͷྻ࣮ߦΛೋ߲ԋࢉͱΈͳͯ͠ΈΔ
• operand: ൣғ͕খ͍͜͞ͱ
• operator: ༷ʑͳ๏ଇΛຬͨ͢͜ͱ
• ݁߹ଇɺଇ
Slide 78
Slide 78 text
ہॴঢ়ଶΛ࣋ͨͳ͍
• ঢ়ଶ = มߋՄೳͳσʔλ
• άϩʔόϧʹͨͩ1ͭͷঢ়ଶΛ࣋ͭ͜ͱ͕େࣄ
• Ճ͑ͯঢ়ଶΛมߋ͢Δཁૉ͕୯ҰͰ͋Δ͜ͱ
Slide 79
Slide 79 text
άϩʔόϧม?
• άϩʔόϧมѱͱ͍͏ߟ͑ํͱ͠ͳ͍͔?
→ ͠ͳ͍
• ঢ়ଶΛมߋ͢Δཁૉ͕୯ҰͳΒɺ
֤࣮ߦεςοϓঢ়ଶΛड͚औͬͯ৽ͨͳσʔλΛฦ͢
ؔͱΈͳͤΔ
Slide 80
Slide 80 text
// ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ
{
"domain":
"www.example.com",
"endpoint": "https://...."
}
// ͋Δόονͷೖྗ
{
"domain":
"www.example.com"
}
Slide 81
Slide 81 text
// ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ
{
"domain":
"www.example.com",
"endpoint": "https://...."
}
// ͋Δόονͷೖྗ
{
"domain":
"www.example.com"
}
άϩʔόϧঢ়ଶΛҾม͢Δ
(όον͔ΒͷมߋෆՄ)
Slide 82
Slide 82 text
// ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ
{
"updateRequired": true,
"domain":
"www.example.com",
"endpoint": "https://...."
}
// ͋Δόονͷग़ྗ
{
"updateRequired": true
}
Slide 83
Slide 83 text
// ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ
{
"updateRequired": true,
"domain":
"www.example.com",
"endpoint": "https://...."
}
// ͋Δόονͷग़ྗ
{
"updateRequired": true
}
όονͷग़ྗΛάϩʔόϧͳঢ়ଶม
(વɺग़ྗޙ͔ΒมߋෆՄ)
Slide 84
Slide 84 text
όονॲཧͷ߹
• operand: ֤εςοϓ
• operator: ϫʔΫϑϩʔΤϯδϯ
Slide 85
Slide 85 text
όονॲཧͷ߹
• operand: ֤εςοϓ; AWS Lambda
• operator: ϫʔΫϑϩʔΤϯδϯ; AWS StepFunctions
Slide 86
Slide 86 text
΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ͷ
ϐλΰϥεΠον@ͯͳϒϩά
• ϫʔΫϑϩʔΤϯδϯ: AWS StepFunctions
• ……ͱͦΕΒ͔Β࣮ߦ͞ΕΔAWS Lambda
• pub/sub: DynamoDB TTL Trigger
Slide 87
Slide 87 text
࠶: ΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏
ͷϐλΰϥεΠον
• ϫʔΫϑϩʔΤϯδϯͷಋೖ
• ࣮ߦεςοϓશ༰ΛѲ͘͢͠
• ͦΕͱߴʹ౷߹͞Εͨόον࣮ߦڥ͕͋Δͱͳ͓Α͍
• pub/subϞσϧͰରσʔλͷ૿Ճʹର͠εέʔϧͤ͞Δ
• ॲཧ͢Δσʔλ୯ҐΛෳˠ1ͭ
• ͍ͭͰʹσʔλετΞঢ়ଶ͕ڽू͞ΕΔ
Slide 88
Slide 88 text
·ͱΊ
Slide 89
Slide 89 text
·ͱΊ
• ιϑτΣΞߏஙҰൠͷݪଇ͕͑Δ
• άϩʔόϧͳঢ়ଶΛ࣋ͨͳ͍ɾม͑ͳ͍ɾ࣋ͪࠐ·ͤͳ͍
• ॲཧ୯ҐΛͰ͖Δ͚ͩখ͘͞ɺࣦഊΛѲ͘͢͠
• ͜ΕΒΛ࣮ݱ͢ΔͨΊͷҰྫͱͯ͠
• ϫʔΫϑϩʔΤϯδϯ: AWS StepFunctions
• pub/subΛαϙʔτ͢ΔσʔλετΞ: DynamoDB
Slide 90
Slide 90 text