OpsJAWS#4 CloudWatch Events Hands-on

by Tmorinaga

Slide 1

Slide 1 text

OpsJAWS#4 CloudWatchEvents Hands-on Ϋϥεϝιουגࣜձࣾ ιϦϡʔγϣϯΞʔΩςΫτ ৿Ӭେࢤ

Slide 2

Slide 2 text

ࣗݾ঺հ

Slide 3

Slide 3 text

Morinaga Taishi(@morimoritaitai) AWS Solution Archetect ✦ झຯ : ήʔϜ(શൠ) / ञ / Χϝϥ ✦ ڵຯ : DevOps / Security ✦ ޷͖ͳαʔϏε:Conﬁg/CloudTrail/IAM AWS Certiﬁed Solutions Architect - Professional Developer -Associate SysOps Administorator - Associate

Slide 4

Slide 4 text

ձࣾ঺հ

Slide 5

Slide 5 text

Classmethod,Inc.

Slide 6

Slide 6 text

Classmethod,Inc. AWSίϯαϧɾઃܭɾߏஙͱ ϞόΠϧ։ൃ͕ϝΠϯ

Slide 7

Slide 7 text

ੈքதʹΦϑΟε جຊతʹਓ͕͍Δͱ͜ΖʹΦϑΟε͕ग़དྷ·͢

Slide 8

Slide 8 text

Developers.IO

Slide 9

Slide 9 text

Developers.IO 5500ຊͷٕज़هࣄ 2300ຊͷAWSهࣄ ݄ؒ100ສPV

Slide 10

Slide 10 text

ϋϯζΦϯͷࢿྉ͸ͪ͜Β https://speakerdeck.com/tmorinaga https://gist.github.com/Tmorinaga

Slide 11

Slide 11 text

Agenda • CloudWatchEventsͱ͸ • ϋϯζΦϯͷ४උ • Built-in targetΛࢼͯ͠ΈΔ • Lambda functionΛࢼͯ͠ΈΔ • ͓ย͚ͮ

Slide 12

Slide 12 text

CloudWatch Eventsͱ͸

Slide 13

Slide 13 text

CloudWatchEventsͱ͸ • ΠϕϯτʢϦιʔεͷঢ়ଶมԽͳͲʣΛݕ஌ ͠ɺΠϕϯτυϦϒϯͰΞΫγϣϯΛ࣮ߦ͢ ΔࣄͷͰ͖ΔαʔϏε • ౦ژϦʔδϣϯͰ࢖͑·͢ʂʂʂ

Slide 14

Slide 14 text

ΠϕϯτυϦϒϯͬͯLambda ͱ͸Ͳ͏ҧ͏ͷʁ • CWE͸Lambdaͷ৽͍͠Πϕϯτιʔε • LambdaҎ֎ͷ࿈ܞʢSNSɺKinesisʣ΍Built- inͷ࢓૊Έ΋༻ҙ͞Ε͍ͯΔ

Slide 15

Slide 15 text

CloudWatchEventsͷߏ੒ཁૉ • Πϕϯτιʔε • λʔήοτ • ϧʔϧ

Slide 16

Slide 16 text

Πϕϯτιʔε • ΠϕϯτͷݩͱͳΔϦιʔε΍λΠϛϯά • ݱࡏબ୒Ͱ͖Δͷ͸ҎԼ • EC2ͷStatusมԽʢRunning,Stopped etcʣ • εέδϡʔϧʢ࠷୹̑෼ִؒʣ • API CallʢCloudTrailͰर͑Δ΋ͷ͸͍͍ͩͨʣ • AutoScalingͷมԽʢLaunch Successful etcʣ

Slide 17

Slide 17 text

Slide 18

Slide 18 text

CloudWatchEvents͕ API CallΛΠϕϯτιʔεʹ΋ͭ

Slide 19

Slide 19 text

Lambda͕ CWEΛΠϕϯτιʔεʹ΋ͭ

Slide 20

Slide 20 text

΄΅͢΂ͯͷAPI CallΛ ؆୯ʹLambda࿈ܞͰ͖Δʂ

Slide 21

Slide 21 text

λʔήοτ • ࣮ߦ͢ΔΞΫγϣϯ • ݱࡏબ୒Ͱ͖Δͷ͸ҎԼ • Lambda Function • SNS Topic • Kinesis Stream • Built-in Targetʢsnapshot࡞੒ͳͲͷػೳʣ

Slide 22

Slide 22 text

ϧʔϧ • Πϕϯτιʔεͱλʔήοτͷ૊Έ߹Θͤ • ͲΜͳϦιʔε͕Ͳ͏ͳͬͨΒʢΠϕϯτιʔ εʣɺͲ͏͢Δ͔ʢλʔήοτʣ

Slide 23

Slide 23 text

ϋϯζΦϯͷ४උ

Slide 24

Slide 24 text

ҎԼͷࣄΛ֬ೝͯ͠Լ͍͞ • IAMͷPolicyઃఆ • ࠓճ͸ AdminݖݶͰ΍Γ·͢ʢIAM͍͡ΔͨΊʣ • STSʢSecurity Token ServiceʣͷEndpoint • IAM→Account Settings→Security Token Service RegionsͰઃఆ • σϑΥϧτ͸ON • Stoppedঢ়ଶͷΠϯελϯεΛͻͱͭ

Slide 25

Slide 25 text

CWEʹඞཁͳPolicy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "events:*", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*" } ] }

Slide 26

Slide 26 text

Ϧʔδϣϯͷ ΤϯυϙΠϯτ༗ޮԽ

Slide 27

Slide 27 text

Πϯελϯεͷ४උ t2.nanoͰ΋ͳΜͰ΋͍͍Ͱ͢

Slide 28

Slide 28 text

Built-in TargetΛ ࢼͯ͠ΈΔ

Slide 29

Slide 29 text

ࢼͯ͠ΈΔ͜ͱ • InstanceΛىಈͨ͠ΒPendingঢ়ଶͰڧ੍ఀࢭ • ҙຯ͸ಛʹແ͍Ͱ͕͢ɺಈ͖Λݟͯ௖͚Ε͹

Slide 30

Slide 30 text

Ruleͷ࡞੒ https://ap-northeast-1.console.aws.amazon.com/cloudwatch/home?region=ap-northeast-1#events:

Slide 31

Slide 31 text

Πϕϯτιʔεͷબ୒

Slide 32

Slide 32 text

EC2Πϯελϯεͷঢ়ଶΛબ୒

Slide 33

Slide 33 text

λʔήοτͷ௥Ճ

Slide 34

Slide 34 text

Built-in targetΛબ୒

Slide 35

Slide 35 text

ΞΫγϣϯͷબ୒

Slide 36

Slide 36 text

Πϯελϯεͷબ୒ ͜Ε * ͰࢦఆͰ͖ΔΑ͏ʹͳΓ·ͤΜ͔Ͷ…ʁ

Slide 37

Slide 37 text

ϧʔϧͷ໊લΛೖྗ

Slide 38

Slide 38 text

IAM RoleΛ࡞੒ طʹ࡞੒͞Ε͍ͯΔํ͸ͦͪΒΛબ୒

Slide 39

Slide 39 text

IAM Roleͷ࡞੒ ಛʹઃఆ͸ཁΒͳ͍ͷͰڐՄ

Slide 40

Slide 40 text

built-in targetʹඞཁͳPolicy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:Describe*", "ec2:RebootInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:CreateSnapshot" ], "Resource": "*" } ] }

Slide 41

Slide 41 text

ϧʔϧ࡞੒׬ྃ

Slide 42

Slide 42 text

ಈ࡞֬ೝ

Slide 43

Slide 43 text

ಈ࡞֬ೝ ↓ pending͔Β͙͢ʹstoppedʹʂ

Slide 44

Slide 44 text

࣍ͷϋϯζΦϯͷͨΊʹ… ࢒͍ͯ͠Δͱ͕࣍͏·͍͖͘·ͤΜ

Slide 45

Slide 45 text

Lambda FunctionΛ ࢼͯ͠ΈΔ

Slide 46

Slide 46 text

ࢼͯ͠ΈΔ͜ͱ • ࢦఆ͞ΕͨλάʮCostʯ͕͍͍ͭͯͳ͍ InstanceΛىಈͨ͠ΒPendingঢ়ଶͰڧ੍ఀࢭ • λάͷ͚ͭ๨Εͬͯଟ͍Ͱ͢ΑͶ…

Slide 47

Slide 47 text

Lambda Function࡞੒

Slide 48

Slide 48 text

blueprint͸࢖Θͳ͍ͷͰSkip

Slide 49

Slide 49 text

໊લͱ࢖༻ݴޠΛࢦఆ

Slide 50

Slide 50 text

ίʔυΛίϐϖ https://gist.github.com/Tmorinaga/5b1df9e90e20fe173685

Slide 51

Slide 51 text

ίʔυʹ͍ͭͯ • ΤϥʔϋϯυϦϯάͳͲ͍ͯ͠·ͤΜͷͰɺ ຊ൪ར༻ͳͲ͢Δ৔߹͸࡞Γ͜ΜͰԼ͍͞ɻ • ͍͍΋ͷ͕Ͱ͖ͨΒڭ͑ͯԼ͍͞m(_ _)m

Slide 52

Slide 52 text

Lambda༻IAM Role࡞੒

Slide 53

Slide 53 text

Policyඍௐ੔

Slide 54

Slide 54 text

Policyඍௐ੔

Slide 55

Slide 55 text

built-in targetʹඞཁͳPolicy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ . . . ], "Resource": "arn:aws:logs:*:*:*" }, { "Effect": "Allow", "Action": [ "ec2:StopInstances", "ec2:DescribeInstances" ], "Resource": "*" } ] } ←͜ͷ෦෼Λ௥Ճ https://gist.github.com/Tmorinaga/678cd280c1702c9c5233

Slide 56

Slide 56 text

Advanced settings͸ͦͷ··

Slide 57

Slide 57 text

Review

Slide 58

Slide 58 text

Ruleͷ࡞੒ https://ap-northeast-1.console.aws.amazon.com/cloudwatch/home?region=ap-northeast-1#events:

Slide 59

Slide 59 text

Πϕϯτιʔεͷબ୒

Slide 60

Slide 60 text

EC2Πϯελϯεͷঢ়ଶΛબ୒

Slide 61

Slide 61 text

λʔήοτͷ௥Ճ

Slide 62

Slide 62 text

Lambda functionΛબ୒

Slide 63

Slide 63 text

Lambda functionΛબ୒

Slide 64

Slide 64 text

ϧʔϧͷ໊લΛೖྗ

Slide 65

Slide 65 text

ϧʔϧ࡞੒׬ྃ

Slide 66

Slide 66 text

λά෇͚ͳ͠ಈ࡞֬ೝ ↓ pending͔Β͙͢ʹstoppedʹʂ

Slide 67

Slide 67 text

λάʮCostʯΛ௥Ճ

Slide 68

Slide 68 text

λά෇͚͋Γಈ࡞֬ೝ ↓ runningʹͪΌΜͱͳΔʂ

Slide 69

Slide 69 text

͓ย͚ͮ

Slide 70

Slide 70 text

ϧʔϧΛ࡟আ ফ͓͔ͯ͠ͳ͍ͱΠϯελϯε͕ ىಈͰ͖ͳ͍ݱ৅͕͓͖·͢ɻ

Slide 71

Slide 71 text

Lambda functionΛ࡟আ ফ͞ͳͯ͘΋ѱ͞͸͠·ͤΜͷͰɺ ࢒͍ͯͯ͠΋ߏ͍·ͤΜ

Slide 72

Slide 72 text

Πϯελϯεͷఀࢭ or ࡟আ

Slide 73

Slide 73 text

·ͱΊ

Slide 74

Slide 74 text

·ͱΊ • CloudWatch Events͸AWSϦιʔεͷঢ়ଶม ԽʹϦΞϧλΠϜʹରԠͰ͖Δ • pendingͰࢭΊΕ͹՝ۚͳ͠ʂ • ݁ہLambda͸ඞཁͳͷͰ֮͑·͠ΐ͏ • ؤுΓ·͢

Slide 75

Slide 75 text

OpsJAWS͝঺հ • AWSӡ༻؅ཧͷϊ΢ϋ΢Λ޿͘ൃ৴ • Partner SAϒϩάʹӡ༻TipsهࣄΛܝࡌத ؂ࢹɺϩάӡ༻ɺίετ؅ཧɺδϣϒӡ༻ɺߏ੒؅ཧɺΠϕϯτ௨஌etc . . . http://aws.typepad.com/aws_partner_sa/2015/06/aws-ops.html ɹɹɹɹɹɹɹɹɹɹɹɹ·ͨ͸ɺɹɹɹɹɹɹɹɹɹ ɹɹɹͰݕࡧ • Doorkeeper(OpsJAWS)