Tweet
Tweet

Slide 1

Slide 1 text

AWS Docker Microservices Meetup vol.3 2016/09/08

Slide 2

Slide 2 text

@pottava SUPINF Inc. Docker Administration and Operations (AWS Certified) SA, DevOps Engineer Pro 2

Slide 3

Slide 3 text

ޮՌతͳಋೖɾӡ༻ͷͨΊͷ Amazon Web Services ׆༻ೖ໳ 2016/08/01 ίϯςφؔ࿈αʔϏεͰ͋Δ ECSɺECR ͦͷଞ CloudFrontɺACMɺAPI Gateway IAMɺAWS WAFɺCloudFormation ॻ͖·ͨ͠ɻ 3

Slide 4

Slide 4 text

http://jawsug-container.connpass.com/ ECS Λத৺ʹɺAWS Ͱͷίϯςφӡ༻Λߟ͍͑ͯ·͢ 4

Slide 5

Slide 5 text

http://jawsug-ai.connpass.com/ AI ΋ϚΠΫϩαʔϏεͱͯ͠औΓࠐΜ͡Ό͍·͠ΐ͏ʂ 5

Slide 6

Slide 6 text

גࣜձࣾεϐϯϑ ΞΠσΟΞΛ͔ͨͪʹʂ + 6

Slide 7

Slide 7 text

https://www.supinf.co.jp/service/dockersupport/ Comfy for Docker ϓϩδΣΫτ΁ͷ Docker ಋೖɾ։ൃࢧԉɾӡ༻؂ࢹ୅ߦΛ͍ͨ͠·͢ɻ ʢGCP / Azure ΋΋ͪΖΜରԠ͍ͯ͠·͢ɾɾʣ http://prtimes.jp/main/html/rd/p/000000007.000007768.html 7

Slide 8

Slide 8 text

Ͱ͸ 8

Slide 9

Slide 9 text

ɹAWS (Docker) Containers 9

Slide 10

Slide 10 text

͓఻͍͑ͨ͜͠ͱ 1. AWS ʹ΋ίϯςφࢧԉػೳͨ͘͞Μ͋ΔΑ 2. ΍Γ͍ͨ͜ͱʹԠ͍ͯ͡ΖΜͳߏ੒͋Γ·͢ 10

Slide 11

Slide 11 text

͓࿩͢͠Δ͜ͱ 1. AWS ͷίϯςφؔ࿈αʔϏε֓ཁ 2. جຊతͳߏ੒ɾߋ৽ྫ 2.1. ECSɻ 2.2. ElasticBeanstalkɻ 2.3. CodeDeployɻ 3. AWS ͷϚΠΫϩαʔϏεࢧԉαʔϏε 4. ϑΣʔζผͷߏ੒ྫɾࣄྫ 4.1. ։ൃ؀ڥ 4.2. ධՁ؀ڥ 4.3. ຊ൪؀ڥ 11

Slide 12

Slide 12 text

1. AWS ͷίϯςφؔ࿈αʔϏε֓ཁ 12

Slide 13

Slide 13 text

EC2 Amazon Elastic Compute CloudɻԾ૝αʔόɻ [ Ϣʔεέʔε ] • Docker ͷ swarm Ϟʔυ΍ Kubernetes Λ࢖͍͍ͨ • Docker ϨδετϦΛࣗલͰӡ༻͍ͨ͠ • อक೿ʢʁʣओʹ SSH ଒ͷओઓ৔ɻ [ ಛ௃ ] • Ϋϥελ؅ཧπʔϧ෼ɺαʔόىಈ਺↑ӡ༻ෛՙ↑ • ͱ͸͍͑ɺͳΜͰ΋Ͱ͖Δ. 13

Slide 14

Slide 14 text

ECS EC2 Container Serviceɻίϯςφ؅ཧɻ [ Ϣʔεέʔε ] • λεΫ͝ͱͷద੾ͳݖݶઃఆ + εέʔϧ΋ AWS ʹ೚͍ͤͨ • ࠷େݶϦιʔεΛޮ཰తʹ࢖͍ɺۃྗίετΛ཈͍͑ͨ. [ ಛ௃ ] • Ϛωʔδυ͞ΕͨΫϥελʔϚωʔδϟɻӡ༻ෛՙ͕௿͍. • Service Auto Scaling ΍ AZ Λҙࣝͨ͠ ࣗಈεέʔϧ • ALB ͱͷ૊Έ߹ΘͤͰಈతϙʔτϚοϐϯά࣮ݱ • λεΫεέδϡʔϥΛࣗ༝ʹೖΕସ͑ΒΕΔ. 14

Slide 15

Slide 15 text

name EC2 Container Service (ECS) Google Container Engine (GKE) Azure Container Service (ACS) based on - Kubernetes DC/OS or Docker swarm unit λεΫ Pod Service 15 ࢀߟʣίϯςφ؅ཧ͓͓·͔ͳൺֱ

Slide 16

Slide 16 text

ElasticBeanstalk (EB) Heroku తͳࢠɻ [ Ϣʔεέʔε ] • ίϯςφ΋طଘͷ EB ΞϓϦಉ༷ʹӡ༻͍ͨ͠ [ ಛ௃ ] • ECS ͷλεΫͱ࣮ͯ͠ߦ͞ΕΔ → ECS ͷΑ͞ΛҰ෦׆͔ͤΔ • ҰํͰ ECS ͷλεΫఆٛɺίϯςφ਺্ݶ 10 ʹΑΔ੍໿ • ElasticBeanstalk ͷ֤छػೳ͕࢖͑Δʂ؀ڥΫϩʔϯͳͲ • εέʔϧ͸αʔό୯Ґ. 16

Slide 17

Slide 17 text

ALB / ELB Application Load Balancer (L7) / Elastic Load Balancing (L4, L7)ɻϩʔυόϥϯαɻ [ Ϣʔεέʔε ] • ίϯςφͷલʹ͓͖͍ͨ • ECS ͷಈతϙʔτϚοϐϯάΛ࢖͍͍ͨ ( ALB ) • DC/OS ΍ Docker for AWS ͳͲͰ؅ཧϊʔυ΁ͷ HTTPS, SSH [ ಛ௃ ] • ٸܹͳෛՙ͕༧૝͞ΕΔͱ͖͸ஆؾਃ੥ • VPC ಺෦ͷϩʔυόϥϯαͱͯ͠΋࡞੒Մೳ NEW 17

Slide 18

Slide 18 text

ECR EC2 Container RegistryɻDocker ϨδετϦɻ [ Ϣʔεέʔε ] • Docker Hub ͷ଎౓͕ෆຬɻ౦ژʹ΄͍͠ʂ • ΞΫηε੍ޚ͍͚ͨ͠Ͳࣗલ؅ཧ͸ݏ. [ ಛ௃ ] • Ϛωʔδυ͞Εͨ Docker ϨδετϦɻӡ༻ෛՙ͕௿͍. • IAM ͱ౷߹͞Ε͍ͯͯɺΞΧ΢ϯτ/Ϣʔβࢦఆͷղ์ָ͕ • ΦϑΟε΍ GCP ͳͲ AWS ֎͔Β΋ར༻Մೳ • github.com/awslabs/amazon-ecr-credential-helper 18

Slide 19

Slide 19 text

S3 ߴػೳͳετϨʔδαʔϏεɻϑΝΠϧஔ͖৔ɻ [ Ϣʔεέʔε ] • docker save Ͱੜ੒Ͱ͖Δ tar ΞʔΧΠϒͷอ؅ɾ഑෍ ʢDocker ΠϝʔδͰ͸഑෍͠ʹ͍͘ঢ়گͳͲͰͱͯ΋ศརʣ • ൿಗ৘ใΛอ؅ɾ഑෍͍ͨ͠. • ίϯςφ֎ʹӬଓԽ͍ͨ͠σʔλ͕͋Δ. [ ಛ௃ ] • σʔλͷ҉߸ԽΦϓγϣϯ͕๛෋. • IAM ͱͷ࿈ܞͰίϯςφ͔ΒͷΞΫηε੍ޚ΋༰қ 19

Slide 20

Slide 20 text

CodeDeploy σϓϩΠࣗಈԽͷΈʹಛԽͨ͠αʔϏεɻ [ Ϣʔεέʔε ] • docker pull ͚ͩͰͳ͘ɺsave & load ΋࢖͍͍ͨ • ωΟςΠϒͳ docker-compose ΍ swarm ͰσϓϩΠ͍ͨ͠ • σϓϩΠલޙʹ͋Μͳॲཧ΍͜ΜͳॲཧΛؾܰʹ͸͞Έ͍ͨ [ ಛ௃ ] • ΦϯϓϨʹ͋Δαʔόʹରͯ͠΋࢖͑Δ • Healthy Ͱ͍ͯ΄͍͠ ୆਺ / ׂ߹ Λࢦఆͯ͠σϓϩΠ 20

Slide 21

Slide 21 text

2. جຊతͳߏ੒ɾߋ৽ྫ 21

Slide 22

Slide 22 text

ECS 22 ࠷খߏ੒: ECR ECS EC2 Ϣʔβ

Slide 23

Slide 23 text

ECS 23 ؀ڥߋ৽: ECR ECS EC2 ᶃ docker push ᶄ λεΫఆٛߋ৽ & ɹ Service ߋ৽ͳͲ ᶅ ΤʔδΣϯτʹࢦࣔ ΤϯδχΞ Ϣʔβ ᶆ docker pull ᶇ σϓϩΠ

Slide 24

Slide 24 text

ECS with ALB / ELB AWS CLI Ͱͷߋ৽ྫɻʢECS CLI ͸ݱঢ়ಛఆ༻్͔ͳ..ʣ 1. docker build & push > ECR etc..ɻ 2. λεΫఆٛॻ͖׵͑ 3. aws ecs register-task-definitionɻ 4. aws ecs update-serviceɻ εέʔϧͤ͞ΔͳΒϩʔυόϥϯαΛɻ ECS ͸αʔϏεσΟεΧόϦ΋ ALB / ELB Ͱߦ͏ࢥ૝ɻ 24

Slide 25

Slide 25 text

ECS: ಈతϙʔτϚοϐϯά • λεΫఆٛ ͷ Host ଆ Port ʹ 0 Λࢦఆ • Service ͷϩʔυόϥϯαʹ ALB Λࢦఆ • ίϯςφଆ Port ͱҰக͢Δ TargetGroup ΛׂΓ౰ͯ NEW 25

Slide 26

Slide 26 text

• ͨͱ͑ EC2 ͕ 1୆Ͱ΋ɺService DesiredCount > 1 Մೳ • ྫ͑͹ 5 ʹ͢Δͱ͜͏ͳΔ • TargetGroup ͷ Targets ΋ݡ͘ɺউखʹ͜͏ͳΔ ECS: ಈతϙʔτϚοϐϯά NEW 26

Slide 27

Slide 27 text

ײ૝ • Port ͕λεΫεέδϡʔϧ্ͷ੍໿͔Β֎Εͨʂʂ • ཁ݅ʹԠͯ͡ docker swarm (+ CodeDeploy) ͱൺֱݕ౼ - ͍ͣΕ΋ແఀࢭͰͷϩʔϦϯάΞοϓσʔτ͕Մೳ - ͨͱ͑ EC2 1୆Ͱ͋ͬͯ΋ʂ • ͍ͭʹ͜ͷ೔͕དྷͨɻ • ײྦ ECS: ಈతϙʔτϚοϐϯά NEW 27

Slide 28

Slide 28 text

ElasticBeanstalk 28 ࠷খߏ੒: EC2 ECR EB ECS Ϣʔβ

Slide 29

Slide 29 text

ElasticBeanstalk 29 ؀ڥߋ৽: EC2 ECR EB ᶃ docker push ΤϯδχΞ Ϣʔβ ᶈ docker pull ᶉ ϩʔϦϯά Ξοϓσʔτ S3 ᶄ S3 ʹ bundle.zip సૹ ᶅ όʔδϣΞοϓ & ؀ڥߋ৽ ʢEB ͷߋ৽ύλʔϯ͸ෳ਺ʣ ECS ᶆ λεΫߋ৽ ᶇ ΤʔδΣϯτ ɹʹࢦࣔ

Slide 30

Slide 30 text

ElasticBeanstalk: ෳ਺ίϯςφ؀ڥ AWS CLI Ͱͷߋ৽ྫɻʢEB CLI ͳΒߋʹγϯϓϧʣ • source-bundleɻ - .ebextensionsɻ - foo.configɻ - bar.configɻ - Dockerrun.aws.json : ඞཁʹԠͯ͜͡ΕΛͭΒͭΒॻ͖׵͑.. 1. source-bundle Λ zip ͰݻΊͯ S3 ʹసૹ 2. aws elasticbeanstalk create-application-versionɻ 3. aws elasticbeanstalk update-environmentɻ 30

Slide 31

Slide 31 text

ElasticBeanstalk: ෳ਺ίϯςφ؀ڥ EB × Dockerɺ͚ͬ͜͏͸·Δਓଟ͍ʁ • CloudInfra Podcast ( https://cloudinfra.audio/ ) #nobolycloud ͷ Track 8 ͸ ෳ਺ίϯςφ Docker ؀ڥͷͭΒΈ͕ޠΒΕ͍ͯΔ.. • ࣾ಺Ͱ͋ͬͨ͸·Γࣄྫ: - λεΫʹఆٛͰ͖Δίϯςφ਺্ݶ 10 ɹˠ ࢒ΓΛಉ͡ϗετ্ʹखಈ / ECS Ͱىಈ ɹˠ EB ͷσϓϩΠ͕ 2 ճʹ 1 ճίέΔ - AWS CLI ͔Βͷ EB ॳճ࡞੒࣌ɺγϯάϧΠϯελϯεΛ ɹɹ ࢦఆ͍ͯ͠Δͷʹ ELB ͕ੜ੒͞ΕΔ͜ͱ͕͋ΔʢṖʣ • EB ͷ AutoScale ͸ ECS ͷΑ͏ʹΫϥελج४Ͱ͸ͳ͘ɺ(ry 31

Slide 32

Slide 32 text

CodeDeploy 32 ࠷খߏ੒: EC2 S3 CodeDeploy Ϣʔβ

Slide 33

Slide 33 text

CodeDeploy 33 ؀ڥߋ৽: EC2 S3 CodeDeploy ᶃ docker save ͨ͠ tar ͱ ɹ appspec.yml Λసૹ ᶄ CodeDeploy ʹ ɹ S3 ར༻ͷσϓϩΠΛࢦࣔ ᶅ ΤʔδΣϯτʹࢦࣔ ΤϯδχΞ Ϣʔβ ᶆ σʔλऔಘ ᶇ σϓϩΠ

Slide 34

Slide 34 text

CodeDeploy with docker ؀ڥߋ৽ͷجຊɻ 1. CircleCI ΍ GitLab CI Ͱಛఆϒϥϯνʹ push / λά͕͍ͭͨΒ 2. Docker Πϝʔδੜ੒ͯ͠ɺςετ͕௨ͬͨΒ - docker save ͨ͠ tar ࠐΈͰ CodeDeploy ༻ͷ S3 ʹసૹ - ·ͨ͸ ECR ʹ docker push + appspec.yml ͳͲΛ S3 ʹసૹ 3. CodeDeploy ʹσϓϩΠࢦࣔ 4. ApplicationStop ϑοΫͰ docker rm -f name 2>/dev/null || true 5. ApplicationStart ϑοΫͰ docker load / run -d -p 80:80 .. 34

Slide 35

Slide 35 text

CodeDeploy with docker-compose 35 ϩʔΧϧͱಉ͡ؾ͕ܰ͞΄͍͠ɻ 1. ಉ্ 2. docker-compose.yml ΋ zip ʹೖΕͯ S3 ʹసૹ 3. ಉ্ 4. ApplicationStop ϑοΫͰ docker-compose rm -f 5. ApplicationStart ϑοΫͰ docker-compose up -d

Slide 36

Slide 36 text

EC2 1୆Ͱ΋ແఀࢭΞοϓσʔτ͍ͨ͠ɻ 1. ಉ্ 2. with docker ͱಉ༷ 3. ಉ্ 4. ApplicationStop ෆཁ 5. ApplicationStart ϑοΫͰ - ͢ͰʹՔಇαʔϏε͕͋Ε͹ docker service update ʢ͜ͷͱ͖ docker ΠϝʔδΛ࠷৽ʹߋ৽͢ΔͨΊͷ޻෉Λʂʣ ʢECR ͳΒ @sha256:.. Ͱͷϋογϡࢦఆ͕ݸਓతʹ͸Φεεϝʣ - ͳ͚Ε͹ docker service create --name web -p 80:80 --replicas 2 .. CodeDeploy with docker swarm 36

Slide 37

Slide 37 text

CodeDeploy ಋೖ Tips 37 • CI αʔό༻ͷ IAM Ϣʔβʹ͸ - https://circleci.com/docs/continuous-deployment-with-aws-codedeploy/ ɻ - ECR Λܦ༝͢Δ৔߹͸͜͜ͷ IAM ʹ ECR ͷ؅ཧݖݶΛ௥Ճ • CodeDeploy ͷσϓϩΠʹ S3 Λ࢖͏ͱ͖͸ - EC2 ʹ AmazonS3ReadOnlyAccess ͳͲͷϩʔϧΛ • CodeDeploy ͷσϓϩΠʹ ECR Λ࢖͏ͱ͖͸ - EC2 ʹ AmazonEC2ContainerRegistryReadOnly ͳͲͷϩʔϧΛ - github.com/awslabs/amazon-ecr-credential-helper ɻ - github.com/pottava/dockerized-ecr-credential-helper ɻ • Docker swarm ϞʔυΛ࢖͏ʹ͸ - Docker 1.12 ͕ඞཁͳͨΊɺAMI ʹ͸ CentOS 7 / Ubuntu 14.04 ͳͲΛ

Slide 38

Slide 38 text

3. AWS ͷϚΠΫϩαʔϏεࢧԉαʔϏε ʢݸਓతղऍʹجͮ͘ʣ 38

Slide 39

Slide 39 text

ߴػೳͳίϯςϯπ഑৴ɻ [ ໾ཱͭػೳ ] • ៛ີʹઃఆͰ͖ΔΩϟογϡઃఆ • cookie ΛؚΉಈతίϯςϯπʹ΋҆৺ͯ͠࢖͑Δઃܭ • ෳ਺ΦϦδϯͰɺϚΠΫϩαʔϏεΛ౷߹Ͱ͖Δ [ ಛ௃ ] • ͱʹ͔͘ߴ଎ʹϨεϙϯε͢ΔͨΊͷ๛෋ͳػೳ ʢੈքதͷΤοδϩέʔγϣϯɺΩϟογϡɺTCPɾTLS ࠷దԽͳͲʣ CloudFront 39

Slide 40

Slide 40 text

ࠓேൃදɺɹॕ HTTP/2 ରԠ CloudFront 40 NEW

Slide 41

Slide 41 text

ར༻ྫ: CloudFront AWS WAF CloudFront ACM ECS / ElasticBeanstalk ELB / ALB EC2 https://www.service.com/ https://assets.service.com/ ʢSSL / TLS ূ໌ॻʣ ʢCDNʣ ʢίϯςφΫϥελ؅ཧʣ ʢϩʔυόϥϯαʣ ʢԾ૝αʔόʣ S3 AWS Lambda ʢ੩తϑΝΠϧʣ ʢؔ਺࣮ߦج൫ʣ API Gateway ʢAPI ؅ཧʣ ʢWeb ΞϓϦέʔγϣϯϑΝΠΞ΢Υʔϧʣ * https://api.service.com/v1/mobies/ https://api.service.com/v1/users/ 41

Slide 42

Slide 42 text

API Gateway API ͷͨΊͷଟ༷ͳػೳΛ΋ͬͨήʔτ΢ΣΠɻ [ ໾ཱͭػೳ ] • ෳ਺ͷ API Λ·ͱΊΔΧελϜυϝΠϯػೳ • IAMɺLambdaɺCognito UserPools ͷ͍ͣΕ͔ʹΑΔೝՄ • API ΩʔผͷεϩοτϦϯάͱϦΫΤετΫΥʔλ੍ݶ • Τϥʔ࣌ͷࢦ਺ؔ਺తޙୀΞϧΰϦζϜʹ΋ରԠͨ͠ SDK ͷ഑෍ ref) http://docs.aws.amazon.com/ja_jp/general/latest/gr/api-retries.html [ ಛ௃ ] • CI / CD Ͱ΋҆৺ͷϥΠϑαΠΫϧ؅ཧ • ख࡞ۀͰͷઃఆ͸ͭΒ͍ɻSwagger.. 42

Slide 43

Slide 43 text

ར༻ྫ: AWS WAF CloudFront ACM ECS / ElasticBeanstalk S3 ELB / ALB EC2 ʢԾ૝αʔόʣ API Gateway AWS Lambda ʢؔ਺࣮ߦج൫ʣ API Gateway ʢAPI ؅ཧʣ * *αʔϏεϓϩΩγɻDynamoDB ͷ GetItem ΍ PutItem ͳͲ IAM ͷ actions Ͱݟ׳Εͨ AWS ֤αʔϏεͷΞΫγϣϯΛ API Gateway ͔Β௚઀ୟ͚Δػೳɻ ʢϩʔυόϥϯαʣ https://api.service.com/v1/mobies/ https://api.service.com/v2/users/ https://api.service.com/v1/users/ 43

Slide 44

Slide 44 text

Serverless ͷՐ෇͚໾ɺFunction as a Serviceɻ [ ໾ཱͭػೳ ] • Cognito Sync ΍ CloudWatch Logs ͳͲ͔Βͷ࣮ߦ • εέδϡʔϧ࣮ߦ [ ಛ௃ ] • Մ༻ੑ΍εέʔϥϏϦςΟ͸ AWS ʹ͓೚ͤ • ରԠαʔόϨεϑϨʔϜϫʔΫଟ਺ɻซ༻ΦεεϝͰ͢ • ެࣜ: ChaliceʢPythonʣ/ Flourishʢެ։଴ͪ..ʣ • Serverless: API Gateway ͱ૊Έ߹Θͤ HTTP αʔόΛ؆୯ʹ࡞ΕΔ • Apex: Go ݴޠͰ΋ॻ͚ΔɻLambda ͷΈͷ؅ཧ • Lamvery: KMS ରԠ͍ͯͯ͠ૉఢ Lambda 44

Slide 45

Slide 45 text

Ϣʔβ؅ཧ͸ʁ 45

Slide 46

Slide 46 text

Ϣʔβ؅ཧ΍ೝূɺϢʔβσʔλͷσόΠεؒಉظɻ [ ໾ཱͭػೳ ] • UserPools: AWS ϚωʔδυͳϢʔβ؅ཧػೳ • Federated Identities: ID ϓϩόΠμΛ௨ͨ͡ AWS Ϧιʔε΁ͷ҆શͳΞΫηε • Sync: ϢʔβσʔλͷอଘɺσόΠεؒͰಉظ [ ಛ௃ ] • ֎෦ ID ϓϩόΠμʢFacebook ͳͲʣͱ؆୯ʹ࿈ܞͰ͖Δ • Lambda Λ࢖͍ॊೈʹΧελϚΠζͰ͖Δ Cognito 46

Slide 47

Slide 47 text

Cognito Cognito UserPools ະೝূ Facebook Google+ Twitter Amazon.com .. Federated Identities Authenticated Unauthenticated NEW Cognito Streams Cognito Events ϓογϡಉظ 47

Slide 48

Slide 48 text

.. Cognito Federated Identities ͍ͣΕ͔ͰϩάΠϯͨ͠Β ↓ ະϩάΠϯͳΒ ↓ AWS Ͱ͜Ε࢖͍͍ͬͯΑʂ AWS Ͱ͜Ε࢖͍͍ͬͯΑʂ มΘͬͨϢʔβσʔλ͸ ͜ΕͩΑ Ϣʔβσʔλ͕ มߋ͞ΕͨΑʂ ଞͷσόΠεʹ σʔλಉظͯ͠ʂ Authenticated Unauthenticated 48

Slide 49

Slide 49 text

ར༻ྫ: AWS WAF CloudFront ACM ECS / ElasticBeanstalk S3 ELB / ALB EC2 Cognito Cognito ͱ࿈ܞͯ͠Ϣʔβ৘ใऔಘ AWS Lambda Cognito ͱ࿈ܞ API Gateway CognitoʢϢʔβೝূɾ؅ཧʣ * https://www.service.com/ https://api.service.com/v1/mobies/ https://api.service.com/v2/users/ https://api.service.com/v1/users/ Cognito Ͱೝূ͞Εͨਓ͚ͩڐՄʂ *αʔϏεϓϩΩγɻDynamoDB ͷ GetItem ΍ PutItem ͳͲ IAM ͷ actions Ͱݟ׳Εͨ AWS ֤αʔϏεͷΞΫγϣϯΛ API Gateway ͔Β௚઀ୟ͚Δػೳɻ 49

Slide 50

Slide 50 text

Cognito UserPools ʹΑΔೝূɻϢʔβ৘ใͷอ؅΋҆৺ɻ Ϣʔβొ࿥ αΠϯΠϯ ύεϫʔυมߋ ʢฐࣾࣄྫʣ 50

Slide 51

Slide 51 text

AWS Ϧιʔε΍ΞϓϦέʔγϣϯͷϞχλϦϯάɻ [ ໾ཱͭػೳ ] • ΞϥʔϜ: ECS ͷ Service Auto Scaling ͕ઃఆͰ͖Δ • CloudWatch Logs: Docker ͷϩάυϥΠόʹରԠࡁɺͱͯ΋ศར • Events: ಛఆͷλΠϛϯάͰ Lambda ΛىಈͰ͖Δ [ ಛ௃ ] • ϝτϦοΫεσʔλͷอଘظؒ͸ 2 िؒ • Logs ͷอ࣋ظؒ͸σϑΥϧτͰ͸ແظݶ CloudWatch 51

Slide 52

Slide 52 text

IAM AWS ϢʔβͱϦιʔε΁ͷણࡉͳΞΫηε੍ޚɻ [ ໾ཱͭػೳ ] • ݖݶ؅ཧʢEC2 Πϯελϯε / ECS λεΫ୯ҐͰ੍ޚՄೳʣ • Cognito ΍ API Gateway Λซ༻͠ɺαʔϏε΁ͷΞΫηεΛ੍ޚ [ ಛ௃ ] • ΄ͱΜͲͷ AWS αʔϏε͕ IAM ʹରԠࡁ • Policy Simulator ΍ΞΫηεΞυόΠβͰΑΓηΩϡΞͳઃఆ΁ 52

Slide 53

Slide 53 text

σʔλͷ҉߸Խʹ࢖͏Ωʔͷ؅ཧɻ [ ໾ཱͭػೳ ] • ൿಗ৘ใͷ؅ཧʢ+ DynamoDB → github.com/fugue/credstash etc. ʣ • ҉߸ԽΩʔ ID ͷΈΛ؀ڥม਺Ͱίϯςφʹ౉͢ͳͲ [ ಛ௃ ] • 伴Λ࢖͏ݖݶͷͳ͍ਓ͔Β৘ใΛकΔ͜ͱ͕Ͱ͖Δ • CloudTrail Λ༗ޮʹ͢Ε͹ɺΩʔͷ࢖༻΋͢΂ͯϩάʹ࢒Δ KMS 53

Slide 54

Slide 54 text

4. ϑΣʔζผͷߏ੒ྫɾࣄྫ Suzie Prince Head of Product, ThoughtWorks Products 54

Slide 55

Slide 55 text

ϩʔΧϧ։ൃ؀ڥ: ໌೔.. http://m3-engineer.connpass.com/event/36062/ ʮ։ൃ؀ڥͷ Docker Խύλʔϯूʯ@pottava 55

Slide 56

Slide 56 text

ͲΜͳ؀ڥͰ΋ɺئΘ͘͸ • Ҋ݅͝ͱʹՄ༻ੑɾΞΫηε੍ޚɾίετͳͲͰߏ੒ΛܾΊ͍ͨ • Infrastructure as Code ͳɺόʔδϣϯ؅ཧ͞Εͨੈքʹ͍ͨ͠ • Πϯϑϥ΋ΞϓϦ΋ git push Ͱ؀ڥߋ৽͍ͨ͠ ɹʢͨͩ͠Πϯϑϥͷ͢΂ͯΛɺͱ͸ݴΘͳ͍ʣ • No more SSHɻ • ֤ਓͷ໾ׂʹԠͯ͡ɺ΍ΕΔ͜ͱΛ੍ݶ͍ͨ͠ → IAM Role • ୭͕ԿΛͨ͠ͷ͔೺Ѳ͍ͨ͠ → CloudTrail 56

Slide 57

Slide 57 text

ҎԼɺҰྫ 57

Slide 58

Slide 58 text

։ൃ؀ڥ • Մ༻ੑɿଟগͷμ΢ϯλΠϜ͸ڐ༰͢Δ • ΞΫηε੍ޚɿҰൠެ։͸͠ͳ͍ɺϓϩδΣΫτʹΑͬͯ͸ෳࡶ • ίετɿ࠷খߏ੒Ͱ͓ئ͍͠·͢ɻ 58

Slide 59

Slide 59 text

։ൃ؀ڥ ฐࣾࣄྫ: ECS ෳ਺ϓϩδΣΫτɺςετ؀ڥ΋ಥͬࠐΈ΍͍͢ɻ • ALB / ELB ͸࢖ΘͣɺEC2 1୆ߏ੒ • Minimum healthy percent: 0, Maximum percent: 100 Ͱμ΢ϯڐ༰ 59 EC2 ᶃ ߋ৽ࢦࣔ ᶄ docker pull ECS ECR

Slide 60

Slide 60 text

։ൃ؀ڥ ฐࣾࣄྫ: ElasticBeanstalk EB ʹ׳Ε͍ͯΕ͹ൺֱతಋೖ͠΍͍͢Ͱ͢ɻ • ECS Λϥοϓͯ͠Ӆṭ͍ͯ͠ΔͷͰɺֶशίετ͸Ұݟ௿͍ • τϥϒͬͨ࣌ͳͲ ECS ίϯιʔϧ݁ہ։͘͜ͱ͸͠͹͠͹.. 60 EB ᶃ λεΫߋ৽ EC2 ᶄ ߋ৽ࢦࣔ ᶅ docker pull ECS ECR

Slide 61

Slide 61 text

։ൃ؀ڥ ฐࣾࣄྫ: CodeDeploy ΘΓͱͳΜͰ΋Ͱ͖Δ͕ɺγΣϧܳײ͸൱Ίͳ͍ɾɾ • ϩʔΧϧ؀ڥಉ༷ docker-compose ͕ͦͷ··࢖͑Δͷ͏Ε͍͠ • The Twelve-Factor App ײɺߴΊΒΕΔɻߴ·Δʔ • ັ࿭ͷΦϯϓϨར༻.. 61 S3 CodeDeploy EC2 ᶃ ߋ৽ࢦࣔ ᶄ σʔλऔಘ

Slide 62

Slide 62 text

ຊ൪؀ڥ • Մ༻ੑɿ௒ॏཁɻσϓϩΠ࣌΋μ΢ϯλΠϜ͸ڐ༰͠ͳ͍ • ΞΫηε੍ޚɿηΩϡϦςΟରࡦɺAPI ܥͷೝূɾೝՄ • ίετɿϩʔυόϥϯα΍ࣗಈεέʔϧ΋ߟྀʹೖΕͯ OK 62

Slide 63

Slide 63 text

ຊ൪؀ڥ ฐࣾࣄྫ: ECS + ALB ಈతϙʔτϚοϐϯάͰߋʹίετ࡟ݮͰ͖·ͨ͠ɻ • ίϯςφ഑ஔ্ɺϙʔτ໰୊͕௕೥ͭΒ͔ͬͨ → ղফʂ • ϩά͸ϩάυϥΠόܦ༝Ͱ͢΂ͯ CloudWatch Logs ʹ 63 EC2 ECR ALB ECS S3 CloudWatch CloudFront AWS WAF + ACM +

Slide 64

Slide 64 text

ຊ൪؀ڥ ฐࣾࣄྫ: Microservices AWS ͷϚωʔδυαʔϏεΛଟ༻ɻ • CognitoɺLambdaɺAPI GatewayɺKinesisɺSES • ALB ͷύεϕʔεϧʔςΟϯάʢ /auth ͷΈผαʔϏεͳͲʣ • ίϯςφىಈ࣌ʹ౉͢؀ڥม਺ͰڍಈɺԠ౴Λ੍ޚ • Sentry ͳͲΤϥʔτϨʔεख๏͸ΫοΫύου͞ΜΛࢀߟʹ 64

Slide 65

Slide 65 text

ຊ൪؀ڥ ฐࣾࣄྫ: DC/OS (Mesos) ෳࡶͳ಺෦௨৴ʹ͸ ELB Ҏ֎ͷબ୒ࢶ΋ɻ • ELB ͷ࣍ϨΠϠʹ Marathon-LBɺͦͷԼʹϚΠΫϩαʔϏε • Marathon-LB: ϗετ໊΍ HTTP ϔομͰϧʔςΟϯά • ͍ۙকདྷ GPU ରԠͷਪ࿦ϚΠΫϩαʔϏε΋౤ೖͨ͘͠.. ʢECS Ͱ΋Ͱ͖Δ͕.. ઌ೔ Apache Mesos v1.0 ౸ୡɺGPU ਖ਼ࣜαϙʔτʣ 65 Master ELB Public Agent Private Agent

Slide 66

Slide 66 text

AWS ެࣜͰͷࣄྫ 66

Slide 67

Slide 67 text

• ΫϨδοτΧʔυ΍ॅ୐ϩʔϯʹڧΈΛ΋ͭΞϝϦΧͷۜߦɻ • ALB Ͱ API Λ·ͱΊͨΓɺίετ࡟ݮͰ͖ͨ࿩ɻݩʑ AWS Ϣʔβɻ Capital OneʢECS + ALB ࣄྫʣ 67 https://aws.amazon.com/jp/blogs/compute/microservice-delivery-with-amazon-ecs-and-application-load-balancers/

Slide 68

Slide 68 text

• ੈքதͷେֶͱڠྗɺ͍͔ͭ͘ΛແঈͰΦϯϥΠϯ্ʹఏڙ͍ͯ͠Δɻ • δϣϒΛ Docker ͰϚΠΫϩαʔϏεʹ෼ׂɺECS Ͱεέδϡʔϧɻ CourseraʢECS ࣄྫʣ 68 https://aws.amazon.com/jp/solutions/case-studies/coursera-ecs/

Slide 69

Slide 69 text

• EC αΠτͷʮ͜ͷ঎඼Λങͬͨਓ͸͜Μͳ঎඼΋஫໨͍ͯ͠·͢ʯ • σΟʔϓϥʔχϯάͷ OSS * ͚ͩͰͳ͘ɺࣗࣾͷߏ੒΋ࣄྫެ։ɻ Amazon.comʢECS + EMR ࣄྫʣ 69 http://aws.typepad.com/sajp/2016/07/generating-recommendations-at-amazon-scale-with-apache-spark-and-amazon-dsstne.html * Amazon DSSTNE: https://github.com/amznlabs/amazon-dsstne

Slide 70

Slide 70 text

֤ϗετͰඞͣىಈ͍ͤͨ͞ίϯςφ͕͋Δ ʢϞχλϦϯάɺvolume / network ϓϥάΠϯͳͲʣ [ AWS αʔϏε ] • ECS: UserData ಺Ͱ aws ecs start-task Λར༻ ref) http://docs.aws.amazon.com/ja_jp/AmazonECS/latest/developerguide/start_task_at_launch.html • ElasticBeanstalk: جຊతʹͦ͏ಈ͘ [ ͦͷଞ ] • Docker swarm Ϟʔυ: --mode global ͰαʔϏεੜ੒ • Mesos/Marathon: UNIQUE ੍໿Λ͚ͭͯαʔϏεੜ੒ • Kubernetes: DaemonSet Λ࢖͏ ࢀߟʣon every node 70

Slide 71

Slide 71 text

ࢀߟʣAWS Ͱͷ DevOps • ܧଓతσϓϩΠ • AWS API Λ࢖ͬͯࣗલ CI αʔό͔Βͷࣗಈద༻ • Code 3ܑఋͱ֎෦αʔϏε࿈ܞ • αʔϏε͸མͪΔ • Route53ɺALB / ELB ͰͷϔϧενΣοΫ • CloudFront ΍ S3 ͰͷιʔϦʔ / Τϥʔϖʔδઃఆ • ECSɺAutoScaling Ͱͷࣗಈ෮چ • ΠϯϑϥϨΠϠ΋Πϛϡʔλϒϧʹ • CloudFormation ςϯϓϨʔτ / αʔυύʔςΟπʔϧ܈ • ECSɺElasticBeanstalkɺAPI Gateway ͳͲͷόʔδϣχϯά • ΠϯϑϥϨΠϠ΋ Docker Λҙࣝ͢Δ • IAMʢಛʹϩʔϧʣ/ VPC / SecurityGroup ͷݟ௚͠ • ϚωʔδυαʔϏεͷಋೖ 71

Slide 72

Slide 72 text

• Docker ࣾ੡ɺAWS ༻ swarm Ϋϥελಋೖπʔϧɻεέʔϧ΋؆୯ɻ • αʔϏεΛఆٛ͢Δͱ ELB ͷ֘౰ϙʔτ͕ͦΕʹࣗಈ௥ਵ͢Δʂ • ଍Γͳ͍ͱ͜Ζ͸ΈΜͳͰ Docker ࣾʹཁ๬Λʙ ࢀߟʣDocker for AWS 72

Slide 73

Slide 73 text

͝૬ஊ͸͓ؾܰʹͪ͜Β·Ͱ.. <