.jpeg){kind=small}
Slide 1
Slide 1 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
© 2023, Amazon Web Services, Inc. or its affiliates.
AWS CDKͷ͋Δ͋Δ͓Έʹ͍͑ͨ
։ൃ࣌ͷҙࢥܾఆΛߴԽ͢ΔͨΊʹ
༑Ԭ խࢤ
Prototyping Engineer
Amazon Web Services Japan G.K.
Slide 2
Slide 2 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
ࠓͷ͓
AWS CDK (ҎԼCDK) ։ൃʹؔ͢ΔFAQʹରͯ͠ ͑ ߟ͑ํͷےಓΛࣔ͢
Ͱ͖Δ͚ͩCDK։ൃ࣌ʹΉ࣌ؒΛݮΒͤΕ͍Ͱ͢ʂ
ରࢹௌऀ: CDK։ൃऀͲͳͨͰ
(CDKશॳ৺ऀͷํɺগ͠׳Ε͖ͯͨࠒʹݟฦ͢ͷ͕Φεεϝ)
ୠ͠ॻ͖
• ίʔσΟϯά্ͷ׳श͠͠ਓʹΑΓҙݟ͕͔ΕΔ෦Ͱ͢
• ίϯςΩετͷҧ͍ / ఆྔԽͮ͠Β͍
• ࠓͷ༰౿·͑ͭͭɺݸผͷঢ়گʹԠͨ͡దͳஅΛ͍ͯͩ͘͠͞
2
ຊͷࢿྉ
Slide 3
Slide 3 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
ࣗݾհ
༑Ԭ խࢤ Prototyping Engineer @AWS Japan
લ৬
mBaaS։ൃŋӡ༻ (Rails, Sinatra, Ruby, MySQL)
ϞόΠϧήʔϜΫϥΠΞϯτ։ൃ (Unity, C#)
CDKܦݧ
্هmBaaSΛAWSҠߦ͢Δࡍʹ࠾༻ (2019/12 - 2020/10)
ϓϩτλΠϓ։ൃʹར༻ (2020/11 -)
AWSࣾαʔϏεͷӡ༻։ൃ (2021/7 - 2022/3)
࠷ۙ࡞ͬͨͷ: aws-samples/jenkins-unity-build-on-aws Twitter: @tmokmss
3
Slide 4
Slide 4 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
͓ॻ͖
• ͲͷϓϩάϥϛϯάݴޠΛ͏͖ʁ
• ελοΫͲͷΑ͏ʹ͚Δʁ
• ελοΫͷίʔυ͕ࢄΒ͔͖ͬͯͨΜ͚ͩͲ…
• L1 / L2 / L3ίϯετϥΫτɺͲΕΛ͏͖ʁ
• ڥΛ૿͢ํ๏ʁ
• ࣗಈςετͲ͏͢Δʁ
4
؍ (FAQͷதͰ): OR݅
• அ͕͍͠ͷ
• 1 way doorͳܾஅʹͳΔͷ
• Βͳ͍ͱଛ͢Δࣝ
Slide 5
Slide 5 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
TypeScript
(JSؚΉ)
Python
Java
.NET
Go
2022 CDK community survey
CDKϢʔβʔͷར༻ݴޠൺ n=122
5
Q. ͲͷݴޠΛ͏͖͔
• ಛผͳཧ༝͕ͳ͍ݶΓ TypeScript ͕͓͢͢Ίɻཧ༝:
1. Ϣʔβʔ͕࠷ଟ (ӈਤ) → ใ͕ଟ͍ɺಓ͕උ͞Ε͍ͯΔ
2. ίϯετϥΫτϥΠϒϥϦͷpublish͕࠷ଟ (constructs.dev)
• TypeScriptΛ100%ͱͯ͠ Python: 80% .NET: 56% Java: 53% Go: 12% (2022/10࣌)
• ཧ্શݴޠͰ͑Δ(jsii)ͷ͕ͩɺ୯ʹϥΠϒϥϦ࡞ऀ͕publish͍ͯ͠ͳ͍
3. ֶशίετ͕ൺֱత͍ (Ϋηͷͳ͍จ๏ɻCDKΛॻ͘ఔͳΒ…)
• ͨͩ͠: CDKͷػೳࣗମͲͷݴޠͰࠩͳ͠ (jsii͕ͦΕΛอূ)
• ։ൃऀʹڧ͍Έ͕͋Δ߹ɺͦͷݴޠΛ͏ͷશવΞϦ (׳ΕͨݴޠΛ͑Δͷ͕CDKͷັྗ)
• ࢀߟ: TypeScriptͷCDKίʔυػցతʹଞݴޠॻ͖͑Մೳ Translating from TypeScript
• ࣗಈ༁: AWS CDK Translator
Slide 6
Slide 6 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
Q. ελοΫͲ͏͚Δͷ͕ྑ͍ʁ
• جຊϧʔϧ: ඞཁ͕ͳ͍ͳΒ͚ͳ͍
• ελοΫΛ͚Δͱେͷ߹ελοΫؒͷґଘ͕ؔੜ͡Δ (ελοΫؒࢀরͳͲ)
• ελοΫؒࢀর։ൃŋӡ༻্͍͔ͭ͘ͷ໘ΛҾ͖ى͕ͪ͜͠ (ޙड़)
• ελοΫΛ͚Δඞཁ͕͋Δ߹ͷදྫ
1. CloudFormationͷϋʔυϦϛοτʹͨΔͱ͖ (Ϧιʔε500ͳͲ)
2. ΞΧϯτϦʔδϣϯΛލ͍ͩσϓϩΠ͕ඞཁͳͱ͖
3. ϦιʔεΛσϓϩΠ͢ΔؒʹCloudFormation֎ͷૢ࡞͕ඞཁͳͱ͖
• ྫ: όοΫΤϯυͷσϓϩΠ → ϑϩϯτΤϯυͷڥม (Cognito Pool IDͳͲ) ΛຒΊࠐΜͰϏϧυ → ϑϩϯτΤϯυͷσϓϩΠ
• ඞཁ͕͋Δ͔Ͳ͏͔Θ͔Βͳ͍ͱ͖ → ͚Δ͜ͱͰ۩ମతͳϝϦοτ͕͋Δ͔ߟ͑Δ
• Ϧιʔεͷॴ༗ऀ͕ҟͳΔ߹ͳͲɺ্هͷඞཁੑ͕ͳׂ͕ͯ͘߹ཧతͳ߹͋Γ
6
νʔϜؒͷಠཱੑΛอͭखஈͱͯ͠ɺ
App͝ͱ͚Δબࢶ͋Δ
※
Slide 7
Slide 7 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
ελοΫΛ͚Δ͜ͱͷσϝϦοτ
1. ελοΫؒࢀরʹΑΓɺ॥ґଘσϓϩΠ࣌ͷͳͲՃͷߟྀ͕ඞཁʹ (ҎԼҰྫ)
• ӈਤͷঢ়ଶͰҎԼͷૢ࡞Λ͢ΔͱσϓϩΠsynthʹࣦഊ͢Δ
1. Parent͔ΒChildͷϦιʔεΛࢀর
(॥ґଘ)
2. ChildStackͷLambda FunctionΛআ
(มߋͷڝ߹ɺཧ༝࣍ͷεϥΠυ)
• ճආՄೳ (ޙड़)ɻ։ൃମݧͷѱԽ͕՝
2. σϓϩΠ͕ಷԽ
• ґଘؔͷ͋ΔελοΫಉ࣌ʹσϓϩΠͰ͖ͳ͍ → σϓϩΠͷฒྻ੍͕ݶ͞ΕΔ
3. దͳ͚ํΛઃܭ͢Δͷ͕େม
7
ParentStack
DynamoDB Table
Stack export: TableName
ChildStack
Lambda Function
(ςʔϒϧ໊Λࢀর)
Fn:ImportValue
Slide 8
Slide 8 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
ิ: ελοΫͷσϓϩΠʹࣦഊ͢ΔΈ
8
ParentStack
DynamoDB Table
Stack export: TableName
ChildStack
Lambda Function
(ςʔϒϧ໊Λࢀর)
Fn:ImportValue
ParentStack
DynamoDB Table
Stack export: TableName
ChildStack
Lambda Function
(ςʔϒϧ໊Λࢀর)
Fn:ImportValue
લఏ
ελοΫؒࢀরͷಛ:
• ΤΫεϙʔτ͞ΕͨελοΫग़ྗ͕ਖ਼ମ
• CDK͕มͷؔੑΛݟͯࣗಈͰ࡞
• ࢀর͞Ε͍ͯΔग़ྗআͰ͖ͳ͍ (ڧ͍ࢀর)
cdk deploy ͷॱং: Parent → Child
৽͍͠ParentStackStack exportΛআ͠Α͏ͱ͢Δ͕ɺ
ChildStack·ͩݹ͍ͷ͕σϓϩΠ͞Εͨ··
ͭ·ΓTableName·ͩࢀর͞Ε͍ͯΔͷͰɺStack exportͷআʹࣦഊ͢Δ
LambdaؔΛআͯ͠σϓϩΠΛࢼΈΔ
σϓϩΠʹࣦഊʂ
Slide 9
Slide 9 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
αʔϏεछผʹΑΔ͚ํ ػೳʹΑΔ͚ํ
• Ұͭͷࢦඪ: ελοΫؒࢀরΛͰ͖Δ͚ͩগͳ͘͢Δ
• ϦιʔεؒͷґଘΛελοΫͰ݁ͤ͞Δ
• ֤ελοΫΛͰ͖Δ͚ͩಠཱͤ͞ΔΠϝʔδ
ServiceB stack
ServiceA stack
Persistance stack
Network stack
Stateless stack
ͦΕͰελοΫΛ͚͍ͨͱ͖
ServiceA ServiceB
Network
Persistent
Stateless
1
3
1 (ελοΫؒࢀর)
※ ڽूͷʹؔ࿈
˙ ཧతڽूɺ˙ ػೳతڽूʹ͍͔ۙ
ελοΫؒࢀরͳ͠
9
Slide 10
Slide 10 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
ϚϧνελοΫ։ൃ࣌ͷTips – มߋͷڝ߹Λղফ͢Δ
• -e, --exclusivelyϑϥάͰґଘؔΛແࢹͯ͠σϓϩΠ͢Δ ࢀর
• Stack.exportValueϝιουͰ໌ࣔతʹStack exportΛ࡞͢Δ
• ελοΫؒࢀরΛΘͣʹΛελοΫؒͰड͚͢
• SSMύϥϝʔλΛܦ༝͢Δɺ໋໊نଇʹԊͬͨΛϋʔυίʔυ͢ΔͳͲ ↓
• 2ஈ֊ʹ͚ͯσϓϩΠ͢Δ (࣍ͷϖʔδ)
10
ChildStackͷΈΛઌʹσϓϩΠ͢Εɺ
Stack exportෆཁʹͳΓɺมߋڝ߹͠ͳ͍
ChildStack͕ݩʑඞཁͱͨ͠Λ໌ࣔతʹexport
Stack export͕อ࣋͞Εɺมߋڝ߹͠ͳ͍
exclusive deploy
CDKͰελοΫؒͷύϥϝʔλʔΛड͚͢5ͭͷํ๏ͱ
έʔεผͷ࠷దղʹ͍ͭͯߟ͑ͯΈͨ
Slide 11
Slide 11 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
2ஈ֊σϓϩΠͷྫ
ParentStack ChildStack
DynamoDB
Table v1
Lambdaؔ
TableNameΛࢀর
ParentStack ChildStack
DynamoDB
Table v2
Lambdaؔ
TableNameΛࢀর
DynamoDB
Table v1
11
ParentStack ChildStack
DynamoDB
Table v2
Lambdaؔ
͜ͷExport·ͩআͰ͖ͳ͍
exportValueͰ໌ࣔతʹ͢
TableNameΛࢀর
Deploy#1
Deploy#2
ॳظঢ়ଶ
தؒঢ়ଶ
࠷ऴঢ়ଶ
Deploy#2
Ͱআ
※ ࠓճ৽چςʔϒϧؒͷσʔλҠߦΛߟྀ͍ͯ͠ͳ͍
Slide 12
Slide 12 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
ϚϧνελοΫ։ൃ࣌ͷTips – ॥ґଘΛղফ͢Δ
ελοΫͷ॥ґଘ: 2ͭͷελοΫ͕ޓ͍ͷStack exportΛࢀর͋͠͏ঢ়ଶ
ParentStack ChildStack
Security
group
Security
group
VPC Lambda
Subnet IDΛࢀর
Ingress rule
Security group IDΛࢀর
Ingress rule
Error: 'Stack2' depends on 'Stack1' ({Stack2/Handler/ServiceRole/Resource}.addDependency({Stack1/Vpc/IsolatedSubnet1/RouteTableAssociation}),…
). Adding this dependency (Stack1 -> Stack2/Handler/SecurityGroup/Resource.GroupId) would create a cyclic reference.
12
ґଘؔͷํΛҙ࣮ࣝͨ͠Ͱճආ
ྫ: ͜ͷґଘNG
ґଘยํͷΈڐ͞ΕΔ
※ ্هͰճආͰ͖ͳ͍͜ͱɻGitHubͰIssueΛ୳͢ɾཱͯΔͷखɻ
Slide 13
Slide 13 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
ϚϧνελοΫ։ൃ࣌ͷTips – ॥ґଘΛղফ͢Δ
ελοΫͷ॥ґଘ: 2ͭͷελοΫ͕ޓ͍ͷStack exportΛࢀর͋͠͏ঢ়ଶ
ParentStack ChildStack
Security
group
Security
group
VPC Lambda
Subnet IDΛࢀর
Ingress rule
Security group IDΛࢀর
Ingress rule
Error: 'Stack2' depends on 'Stack1' ({Stack2/Handler/ServiceRole/Resource}.addDependency({Stack1/Vpc/IsolatedSubnet1/RouteTableAssociation}),…
). Adding this dependency (Stack1 -> Stack2/Handler/SecurityGroup/Resource.GroupId) would create a cyclic reference.
13
ґଘؔͷํΛҙ࣮ࣝͨ͠Ͱճආ
ྫ: ͜ͷґଘNG
ґଘยํͷΈڐ͞ΕΔ
ΠςϨʔςΟϒͳ։ൃͰ
͋·Γߟ͑ͨ͘ͳ͍Θ͠͞
ͤΊͯ։ൃڥͰγϯάϧελοΫʹ
อ͍͔͕ͬͯʁ
※ ্هͰճආͰ͖ͳ͍͜ͱɻGitHubͰIssueΛ୳͢ɾཱͯΔͷखɻ
Slide 14
Slide 14 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
Q. Stackͷίʔυ͕ࢄΒ͔͖ͬͯͨ
• ϦιʔεΛϑϥοτʹϕλॻ͖͢Δͱɺೝෛՙ͕ߴ·Δ
• Ϧιʔεͷґଘ͕ؔΘ͔ΓͮΒ͔ͬͨΓɺεΫϩʔϧྔ͕૿͑ͨΓ
• OOPʹ͓͚ΔΫϥεઃܭͷॏཁੑʹྨࣅ
• ந → ۩ମ ͷॱΛ͔Γ͍͢ͱײ͡Δਓଟ͍ (Օॻ͖ͱಉ͡)
• ίϯετϥΫτΛͬͯߏԽ͢Δͷ͕͓͢͢Ί
ü Ϧιʔεͷू߹Λҙຯͷ͋Δ୯ҐͰ·ͱΊΔ
ü ϞδϡʔϧԽͷརΛڗड (࠶ར༻ੑɺநԽͳͲ)
ü ID (ୈ2Ҿ) ͷָ໋໊͕ʹ (ҰҙੑΛอͭείʔϓ͕ڱ·ΔͨΊ)
14
ೝূ
Storage
Lambda
API
ID
Slide 15
Slide 15 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
ೝূ
Storage
Lambda
API
ίϯετϥΫτͰίʔυΛߏԽ͢Δ
15
↑ίϨ͘Β͍ͷཻͰ·ͱ·͍ͬͯΔͱύοτݟͰߏ͕Θ͔Γ͍͢
͋ΔҙຯͰෳࡶ͞૿͢ͷͰɺํνʔϜͰٞ͢Δͱ 🙆
vs
ίʔυྫ
Slide 16
Slide 16 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
CloudFormationίϯιʔϧͷTree Viewݟ͘͢
16
ࢿྉ
Slide 17
Slide 17 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
খωλ: ແ໊ίϯετϥΫτ (ͱɺݺΜͰΈΔ)
• ίϯετϥΫτπϦʔͷ֓೦Λཧղ͢ΔͱḿΔ
• ϑΝΠϧγεςϜͷσΟϨΫτϦπϦʔͰྨਪ͢Δͱָ
• είʔϓ(ୈ1Ҿ)=σΟϨΫτϦ, ID(ୈ2Ҿ)=σΟϨΫτϦ໊
• ͋ΔσΟϨΫτϦ(είʔϓ)ͷதʹಉ໊͡લ(ID)ଘࡏͰ͖ͳ͍
• είʔϓඞͣ͠ this Ͱ͋Δඞཁͳ͍
• ۭͷίϯετϥΫτΛͦͷͰ࡞͠ɺ
ଞͷίϯετϥΫτͦΕΛʹͰ͖Δ
• ແ໊Ϋϥεແ໊ؔʹྨࣅͯ͠·ͤΜʁ
• Ϋϥεఆٛ͢Δ΄ͲͰͳ͍Μ͚ͩͲɺɺ
ͱ͍͏ঢ়گʹศརʹ͑Δ͔
17
Pro tip: ϒϥέοτ{} Ͱมͷείʔϓ੍ޚՄೳ
είʔϓ͕ҧ͏ͷͰಉ͡IDΛ͑Δ
ۭͷίϯετϥΫτ
είʔϓͷࢦఆ
Slide 18
Slide 18 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
ίϯετϥΫτΛ࡞Δͱ͖ͷTips
ࢀর: AWS CDK Tips: ίϯετϥΫτͰߏԽ͠Α͏
1. ίϯετϥΫτͷ͚ํ
• ελοΫͷ͚ํ΄ͲηϯγςΟϒͳͰͳ͍ (Լखʹ͚ͯσϝϦοτ͕࿐ఄͮ͠Β͍)
• ͨͩ͠εςʔτϑϧͳϦιʔεޙ͔ΒϦϑΝΫλͮ͠Β͍ͷͰɺ৻ॏʹ
• ਓ͕͔Γ͍͢୯ҐͰ·ͱΊΕҰ୴े (จষΞʔΩਤॻ͘ͱ͖ͳͲࣗવͱҙࣝͯ͠Δͣ)
2. ID=‘Default’ ʹΑΓ Logical IDΛॖ͢Δ Shorter AWS CDK Logical IDs
• CFnʹΑΔࣗಈ໋໊ΛΘ͔Γ͘͢อͭͨΊ
• ϦϑΝΫλͷͱ͖LogicalIDͷมߋΛ͙ͨΊʹཱͬͨΓ
3. IDͷ໋໊PascalCase͕͓͢͢Ί Construct IDύεΧϧέʔεͰ໋໊͢Δͷ͕ྑ͍
• CFnʹΑΔࣗಈ໋໊ΛΘ͔Γ͘͢อͭͨΊ
18
ID
Slide 19
Slide 19 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
Q. L1 / L2 / L3 ίϯετϥΫτ ͲΕΛ͏ʁ
• நʹΑΓίϯετϥΫτL1~L3ʹେผ͞ΕΔ (ӈਤ)
• جຊతʹL2+Λੵۃతʹ͏΄͏͕CDKͷརΛڗड͍͢͠
• grantXxx, allowFromͳͲʹΑΔநԽڧྗ
• நԽʹΑͬͯॊೈੑΛࣦΘͳ͍ͨΊʹ
1. ࣗ৫ͰίϯετϥΫτΛ࡞ɾཧ͢Δ
• ࣗ༝ʹमਖ਼Մೳͳͷ͕ڧΈɻεχϖοτͱ͍ͯ͠ճ͋͢Γ
2. ެࣜɾαʔυύʔςΟͷίϯετϥΫτ…
• ϑΥʔΫ͢Δ or ίϯτϦϏϡʔτ (Pull RequestΛૹΔ)
• ޙऀΤίγεςϜͷڧԽͱ͍͏ҙຯͰཧత (࣌ʹେม)
3. Escape hatch ʹΑΔΦʔόʔϥΠυ (࠷ޙʹͯ͠࠷ڧͷํ๏)
• ࣍ͷεϥΠυͰৄ͘͠հ 19
ந
ॊೈੑ
நߴ
ੜ࢈ੑ
L1 L2 L3
Slide 20
Slide 20 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
L2 / L3ίϯετϥΫτͰॊೈੑΛऔΓ͢ - Escape hatchฤ
• ·ΕʹΑ͘ඞཁͳΠϯλʔϑΣʔεΛL2+Ͱར༻Ͱ͖ͳ͍߹͕͋Δ
• ͜ͷΛཧ༝ʹCFnͷ΄͏͕CDKΑΓྑ͍ͱݴΘΕΔ͜ͱ͋Δ͕ɺඞͣͦ͠͏Ͱͳ͍
• Escape hatchΛ͑ɺL1ͱಉϨϕϧʹॊೈͳૢ࡞͕Մೳ
20
ྫ: Lambda RoleͷPolicy໊Λมߋ͢Δ
Escape hatchͰL1 constructΛ৮ΔCDKίʔυ
MetadataΛݟΕϦιʔεͷύε͕͔Δ
߹ޙͷCloudFormationςϯϓϨʔτ
ύεʹԊͬͯίϯετϥΫτπϦʔΛ۷Δ
ৄࡉ: Abstractions and escape hatches
ҙͷϓϩύςΟΛΦʔόʔϥΠυͰ͖ΔΠϯλʔϑΣʔε
Slide 21
Slide 21 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
Q. ෳڥ͚ʹςϯϓϨʔτͷఆٛΛ͢Δʹʁ
Dev/Staging/ProdͳͲෳͷڥΛͲ͏͏·͘ఆٛ͢Δ͔ʁ
࠷ݶɺҎԼΛͲ͏͢Δ͔ߟ͍͑ͨ:
1. ڥ͝ͱʹύϥϝʔλΛઃఆ͢Δํ๏
• ྫ: Auroraʹ͍ͭͯɺDevڥ t3ΠϯελϯεɾProdڥm6gΠϯελϯεΛ͏
2. ڥ͝ͱʹελοΫఆٛΛग़͚͠Δํ๏
• ҰͭͷCDKίʔυ͔Βෳͷڥ༻ελοΫΛsynth͍ͨ͠
• ྫ: Devڥ༻ɺProdڥ༻ͷελοΫΛͲ͏ఆٛ͢Δ͔
21
Slide 22
Slide 22 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
ڥ͝ͱʹύϥϝʔλΛઃఆ͢Δํ๏
• ύϥϝʔλΛཧ͢ΔॴΛܾΊΔ
• ӈදྫ5ͭ (ଞʹແݶʹߟ͑ΒΕΔ)
• ࣍ϖʔδʹৄ͍͠ൺֱදΛهࡌ
• ಡΈࠐΜͩύϥϝʔλΛελοΫ
ίϯετϥΫτͷPropsʹ͢ఆ
22
Slide 23
Slide 23 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
ڥ͝ͱʹύϥϝʔλΛઃఆ͢Δํ๏ - ൺֱද
23
(ॱෆಉ) ֓ཁ Pros Cons
1.
Context variable
cdk.json –c ΦϓγϣϯͰ
ࢦఆ
cdk deploy –c env=dev
CDKඪ४ؔ (tryGetContext) Ͱ
ΛऔಘͰ͖Δ͜ͱͷެࣜײ
JSONʹΑΔinteroperabilityͷߴ͞
(ଞπʔϧͰJSONΛੜͨ͠ΓͳͲ)
ͷValidationʹҰඞཁ (JSON
SchemaͳͲ)
JSONͷදݱྗʹറΒΕΔ (CDKͷܕ
DurationͳͲ͑ͳ͍)
2. ڥม CDKίϚϯυ࣮ߦ࣌ʹڥ
มΛࢦఆ
ENV=dev cdk deploy
CDKҎ֎ͷք۾Ͱඪ४తͳํ๏
CIπʔϧͷઃఆͰ্ॻ͖Ͱ͖ΔͳͲ
Ԡ༻ํ๏ଟ͍͔
ڥมจࣈྻܕͷΈ
ڥมΛཧ͢ΔॴΛߟ͑Δ
ඞཁ͋Γ
3. ֤ݴޠͷ
ΦϒδΣΫτ
CDKͷݴޠͰύϥϝʔλΛ
ϋʔυίʔυ͢Δ
(e.g. TypeScriptͷobject)
จࣈྻŋࣈҎ֎ͷܕ͕͑Δ
(Durationec2.InstanceTypeͳͲ)
खܰʹܕ҆શ
ݴޠ͕ݻఆ͞ΕΔɺಈతͳੜʹෆ
͖ͳͲinteroperability͕ඞཁͳঢ়
گͰ͍͕͠ɺك
4. Secrets Manager
ParameterStore
CDK֎ͰύϥϝʔλΛ࡞
deploy࣌ʹCFn͕Λಡࠐ
ൿಗใ(API keyͳͲ)ΛCDKίʔυ
CFnςϯϓϨʔτ͔ΒӅṭͰ͖Δ
ύϥϝʔλͷॳظԽʹՃखॱඞཁ
ύϥϝʔλͷARNͷཧඞཁ
5. CfnParameter CloudFormationͷ
ParameterػೳΛ͏
synthޙʹσϓϩΠ༰ΛมߋՄೳ
߹ͨ͠CFnςϯϓϨʔτΛ͠
͍ͨ߹ʹ༗ޮ
CFnΛҙࣝ͢Δඞཁ͕͋ΓɺૉͷCDK
ΑΓॻ͖ʹ͍͘
ಛघͳঢ়گΛআ͍ͯϝϦοτബ͍
ݸਓతͳ͍͚: σϑΥϧτ3ɺඞཁʹԠͯ͡2/4/5
Slide 24
Slide 24 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
Q. ෳڥ͚ʹςϯϓϨʔτͷఆٛΛ͢Δʹʁ
Dev/Staging/ProdͳͲෳͷڥΛͲ͏͏·͘ఆٛ͢Δ͔ʁ
࠷ݶɺҎԼΛͲ͏͢Δ͔ߟ͍͑ͨ:
1. ڥ͝ͱʹύϥϝʔλΛઃఆ͢Δํ๏
• ྫ: Auroraʹ͍ͭͯɺDevڥ t3ΠϯελϯεɾProdڥm6gΠϯελϯεΛ͏
2. ڥ͝ͱʹελοΫఆٛΛग़͚͠Δํ๏
• ҰͭͷCDKίʔυ͔Βෳͷڥ༻ελοΫΛsynth͍ͨ͠
• ྫ: Devڥ༻ɺProdڥ༻ͷελοΫΛͲ͏ఆٛ͢Δ͔
24
Slide 25
Slide 25 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
ڥ͝ͱʹελοΫఆٛΛग़͚͠Δํ๏
ελοΫఆٛํ๏ͷදྫ (௨ৗ bin/xxx.ts ʹॻ͘ΞϨ)
• Dynamicύλʔϯ
• 1ͭͷελοΫఆٛΛ͍ճ͢ StackͷID֎෦͔Βೖ
• Staticύλʔϯ1
• ڥͷ͚ͩελοΫΛϋʔυίʔυ͢Δ
• DynamicΑΓAppͷελοΫߏ͕͔Γ͍͢
• Staticύλʔϯ2
• ελοΫͷΫϥεఆٛࣗମΛڥ͝ͱʹ͍͚Δ
• ڥ͝ͱʹϦιʔεͷߏŋελοΫׂΛม͍͑ͨ࣌ͳͲʹ༗ޮ
• ڥͷҰக͕Լ͢ΔϦεΫ͋Γ
25
※ Staticύλʔϯsynthͷ͕࣌ؒ͘ͳΓ͕ͪɻ
ڥมͰ݅ذ͠ɺෆཁͳnew Stack()Λ
ඈ͢ͳͲͰճආՄೳɻ
※ CDK PipelinesΛ͏߹ɺ
εςʔδͱ͍͏֓೦Ͱ͞Βʹϥοϓ͞ΕΔ
Slide 26
Slide 26 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
Q. ࣗಈςετͲ͏͢Δʁ࠷ݶ…
• ඞਢ: εφοϓγϣοτςετ (synthޙͷCFnςϯϓϨʔτΛൺֱ͢Δςετ)
• CDKͷόʔδϣϯΞοϓ࣌ͳͲʹɺҙਤ͠ͳ͍มߋ͕ੜ͍ͯ͡ͳ͍͜ͱΛݕূ͢ΔͨΊ
• ࣮ۃΊͯ؆୯ (※ ݴޠ͝ͱͷςετϥΠϒϥϦΛ׆༻) ࣮ྫ: Testing constructs – Snapshot test
• ҙ: ΠϯςάϨʔγϣϯςετ (࣮ࡍʹAWSڥʹσϓϩΠ͢Δςετ)
• ΧελϜϦιʔεͷ࣮CloudFormationଆͷόϦσʔγϣϯΛݕূ͢ΔͨΊ
• ςετ༻AWSڥΛ༻ҙͯ͠σϓϩΠ͢Δͷ͕खܰͳखஈ (devڥΛ͏ͳͲ)
• Integ-runner integ-tests ͱ͍ͬͨϥΠϒϥϦఏڙ͞Ε͍ͯΔ (·ͩalpha)
• ҙ: Fine-grained assertions (ςϯϓϨʔτʹର͢Δࡉ͔ͳݕূ)
• ࣗࣾϙϦγʔͷίϯϓϥΠΞϯεΛݕূ͢ΔͳͲ cdk-nagͳͲͰҰൠతͳ੬ऑੑݕࠪՄೳ
26
※ pdk-nag: ϓϩτλΠϐϯά͚ͷɺΑΓ؇͍ϧʔϧηοτ
Slide 27
Slide 27 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
CDK։ൃαΠΫϧͷҰྫ
ݸਓతʹΑ͋͘ΔCDK։ൃͷྲྀΕΛࢀߟ·Ͱʹ (non-TDD):
• ࣮ → σϓϩΠ → ಈ࡞֬ೝ͕جຊαΠΫϧ
• σϓϩΠͯ͠खಈͷݕূΛ͢ΔεςοϓͲ͏ͯ͠ඞཁ
• ͯ֬͢ೝͰ͖ͨΒɺεφοϓγϣοτΛ࡞Δ
• ҎޙεφοϓγϣοτͱͷࠩΛϨϏϡʔ͢ΕมԽΛ͑Δ
• ςετࣗಈԽͷॏཁੑIaCͷมߋසʹԠͯ͡มΘΔ
• ҆ఆޙεφοϓγϣοτͷࠩϨϏϡʔ͕ͭΒ͍Ϩϕϧͩͱɺ
ͦͷଞͷςετΛࣗಈԽ͢ΔΞϓϩʔν߹ཧతʹͳΔ͔
27
CDK࣮
σϓϩΠ
ಈ࡞֬ೝ
εφοϓγϣοτ࡞
ϝϯςφϯε
͋Δػೳ։ൃͷϥΠϑαΠΫϧ
Slide 28
Slide 28 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
·ͱΊ
• AWS CDK։ൃʹ͏ҙࢥܾఆͷϙΠϯτɺFAQͷߟ͑ํΛ·ͱΊ·ͨ͠
• ͦΕͧΕͷPros/ConsΛߟ্͑ͨͰదٓ࠷దͳํ๏Λߟ͑Δ͜ͱ͕͓͢͢Ί
• ͨͩ͠ɺΈଓ͚ͯ։ൃ͕ࢭ·Δ͘Β͍ͳΒɺͱΓ͋͑ͣࢼ͠ͳ͕Βߟ͑Δํ͕ྑ͍Ͱ͢Ͷʂ
• IaCΘ(͑)ͳ͍ <<< (ӽ͑ΒΕͳ͍น) <<< CDK͑Δ < CDK͏·͑͘Δ
• جຊͷߟ͑ํ: ඞཁͷͳ͍ݶΓෳࡶԽ͠ͳ͍
• ίϨΛҙࣝ͢Δͱଟ͘ͷ߹ແବͷͳ͍ίʔυʹͳΔͣʂ
ωλ
• CDKίʔυΛϦϑΝΫλ͍ͨ͠
• طଘͷϦιʔεΛCDKཧԼʹऔΓࠐΉ
• σΟϨΫτϦߏɺetc…
28
ࠓޙ AWS Black BeltγϦʔζ ͰΧόʔ͞ΕΔ༧ఆͰ͢ʂ
Slide 29
Slide 29 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
ܦݧஊฉ͖͍ͨ
AWS Dev Day 2023ͰBLEAνʔϜ͔Βൃද༧ఆ
օ༷ͷAWS CDKܦݧஊɾۤ࿑ͥͻ͝ڞ༗͍ͩ͘͞ʂ
29
Slide 30
Slide 30 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
ࢀߟࢿྉ
• Best practices for developing and deploying cloud infrastructure with the AWS CDK
• CDKʹؔ͢ΔϕετϓϥΫςΟεͷݪయɻ
• JAWS CDKࢧ෦ͷΠϕϯτը
• ࠃ։ൃऀͷݟڞ༗ͷɻຊͷCDKίϛϡχςΟੈքతʹݟͯ׆ൃʂ
• cdk.dev
• άϩʔόϧͳCDKίϛϡχςΟSlackɻͪ͜Β׆ൃͰɺ࣭͕ٞඈͼަ͍ͬͯ·͢
• Twitter CDK JP Community
• ίϛϡχςΟࢀՃऀΛϑΥϩʔ͢Δͱ͍Ζ͍Ζͳҙݟ͕͑·͢ɻ։ൃऀͷϒϩάಛʹࢀߟʹͳΔʂ
• The CDK Book
• CDKʹؔ͢Δ͕ࣝཏతʹ·ͱ·ͬͨॻ੶ɻCDKϚχΞͳΒങͬͯଛͳ͍ͣ
30
Slide 31
Slide 31 text
2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓Έʹ͍͑ͨ
© 2023, Amazon Web Services, Inc. or its affiliates.
Twitter: #jawsug_cdk
Thank you!
© 2022, Amazon Web Services, Inc. or its affiliates.
Masashi Tomooka
[email protected]
tmokmss