Slide 1
Slide 1 text
$%,ͷา͖ํ
ଜ૯߹ݚڀॴ
ถᖒ
#-&"GPS'4*ͷ
ιʔεΛಡΈղͨ͘Ίͷ
Slide 2
Slide 2 text
͜ͷ-5Ͱ͓͍͑ͨ͜͠ͱ
#-&"GPS'4*ͷιʔείʔυΛಡΈղ֦͘ு͢ΔͨΊʹ͓͖ͬͯ͘ϙΠϯτ
ࠔͬͨͱ͖ʹࢀর͢ΔͰ͋Ζ͏$%,ެࣜϦϑΝϨϯεͷಡΈํ
$%,Λ5ZQF4DSJQUͰ։ൃ͢Δͷා͘ͳ͍ʂ
͜ͷ-5Ͱ͓͑͠ͳ͍͜ͱ
#-&"GPS'4*ͷߏཁૉઃܭࢥʢطʹղઆࡁΈͷͣɻɻʣ
#-&"GPS'4*ͷݕূͯ͠Έͨ
͡Ίʹ
Slide 3
Slide 3 text
͜Εʂ
ʹଜ૯߹ݚڀॴʹ৽ଔೖࣾɻۚ༥ۀքͷ͓٬༷͚ʹ
ϑϩϯτγεςϜͷߏஙΤϯϋϯεΛ୲ͨ͠ޙʹδϣϒνΣϯδɻ
ݱࡏ࢈ۀۀքͷ͓٬༷͚ʹ"84ڥશൠͷઃܭߏஙΛ୲ɻ
8։ൃ͔Β"84౷੍ɺΫϥυΨΠυϥΠϯࡦఆͳͲԿͰΓ·͢
͖ͳ"84αʔϏε4".
"QQMJDBUJPO$PNQPTFS
$PEF1JQFMJOF
͖ͳٕज़/FYUKT
5BJMXJOE$44
%PDLFS
LT
3BODIFS
झຯ֨ಆٕʢΓ·͢ݟ·͢ʣɺ͓ՈLTʢ͔Θ͍͍ʣ
UBLVZBZPOF
ถᖒ
5BLVZB:POF[BXB
Slide 4
Slide 4 text
"84$%,ʢ$MPVE%FWFMPQNFOU,JUʣ
ϓϩάϥϛϯάݴޠΛ༻ͯ͠"84্ͷϦιʔεΛఆٛ͢Δ͜ͱ͕Ͱ͖Δ
*B$ʢ*OGSBTUSVDUVSFBT$PEFʣπʔϧ
ར༻Մೳͳݴޠ1ZUIPOɺ5ZQF4DSJQUɺ+BWBɺ(PMBOH
044ͱͯ͠(JU)VCͰެ։͞Ε͓ͯΓɺ׆ൃʹ։ൃ͞Ε͍ͯΔ
$%,ιʔεΛϏϧυ$MPVE'PSNBUJPOͱͯ͠Ϧιʔε͕ߏங͞ΕΔ
ϦιʔεఆٛͷநʹԠͯ͡---ͱ͍͏ϨΠϠʔ͕ଘࡏ
-ɿநΊʢ$MPVE'PSNBUJPOͱରԠɻ಄จࣈ͕$GOʓʓʣ
-ɿநߴΊʢ"84ͷϕετϓϥΫςΟεΛ͋Δఔඪ४औΓࠐΈࡁΈʣ
-ɿෳϦιʔεԣஅʢ"-#ͱ&$4λεΫΛηοτͰ࡞ͳͲʣ
"84$%,
˞
IUUQTHJUIVCDPNBXTBXTDEL
Slide 5
Slide 5 text
"84$%,ʢ$MPVE%FWFMPQNFOU,JUʣ
ϓϩάϥϛϯάݴޠΛ༻ͯ͠"84্ͷϦιʔεΛఆٛ͢Δ͜ͱ͕Ͱ͖Δ
*B$ʢ*OGSBTUSVDUVSFBT$PEFʣπʔϧ
ར༻Մೳͳݴޠ1ZUIPOɺ5ZQF4DSJQUɺ+BWBɺ(PMBOH
044ͱͯ͠(JU)VCͰެ։͞Ε͓ͯΓɺ׆ൃʹ։ൃ͞Ε͍ͯΔ
$%,ιʔεΛϏϧυ$MPVE'PSNBUJPOͱͯ͠Ϧιʔε͕ߏங͞ΕΔ
ϦιʔεఆٛͷநʹԠͯ͡---ͱ͍͏ϨΠϠʔ͕ଘࡏ
-ɿநΊʢ$MPVE'PSNBUJPOͱରԠɻ಄จࣈ͕$GOʓʓʣ
-ɿநߴΊʢ"84ͷϕετϓϥΫςΟεΛ͋Δఔඪ४औΓࠐΈࡁΈʣ
-ɿෳϦιʔεԣஅʢ"-#ͱ&$4λεΫΛηοτͰ࡞ͳͲʣ
"84$%,
˞
IUUQTHJUIVCDPNBXTBXTDEL
Ͳͷݴޠ͏ͷ͕Φεεϝʁ🤔
Slide 6
Slide 6 text
ʘ5ZQF4DSJQUΛ͏͠ʂʗ
Slide 7
Slide 7 text
$%,PO5ZQF4DSJQUͷਪ͠ϙΠϯτ
ͦͦ$%,͕5ZQF4DSJQUͰॻ͔Ε͍ͯΔͱ͍͏҆৺ײ
ಉ͡։ൃݴޠͱͳΔͨΊɺಠ֦ࣗு͕؆୯ʢͩͱࢥ͏ʣ
࣮ํ໋໊نଇʹࠔͬͨΒ$%,ͷιʔείʔυΛோΊͯࢀߟʹͰ͖Δ
ଟ͘ͷ5ZQF4DSJQU࣮ྫαϯϓϧίʔυ͕ωοτ্ʹ͋Δ
5ZQF4DSJQUͷܕิ͕ൈ܈ͷ։ൃମݧ
$%,ͷެࣜυΩϡϝϯτͷαϯϓϧ͕ͦͦ5ZQF4DSJQU
ଞͷ/PEFKTύοέʔδͱͷੑ͕˓
ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝
Slide 8
Slide 8 text
$%,PO5ZQF4DSJQUͷਪ͠ϙΠϯτ
ͦͦ$%,͕5ZQF4DSJQUͰॻ͔Ε͍ͯΔͱ͍͏҆৺ײ
ಉ͡։ൃݴޠͱͳΔͨΊɺಠ֦ࣗு͕؆୯ʢͩͱࢥ͏ʣ
࣮ํ໋໊نଇʹࠔͬͨΒ$%,ͷιʔείʔυΛோΊͯࢀߟʹͰ͖Δ
ଟ͘ͷ5ZQF4DSJQU࣮ྫαϯϓϧίʔυ͕ωοτ্ʹ͋Δ
5ZQF4DSJQUͷܕิ͕ൈ܈ͷ։ൃମݧ
$%,ͷެࣜυΩϡϝϯτͷαϯϓϧ͕ͦͦ5ZQF4DSJQU
ଞͷ/PEFKTύοέʔδͱͷੑ͕˓
ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝
Slide 9
Slide 9 text
5ZQF4DSJQUʹ͍ͭͯগ͠ิ
+BWBTDSJQUʹܕͱ͍͏֓೦Λ࣋ͨͤͨ"MU+4ʢBMUFSOBUJWF+BWB4DSJQUʣ
੩తܕ͚ݴޠͰ͋Δʢ5ZQFͱݴΘΕΔॴҎʣ
Ϗϧυ࣌ʹɺมʹ͓͔͠ͳ͕ೖ͍ͬͯΕΤϥʔ͕ى͖ΔʢFYJOUܕͷมʹTUSJOHܕΛೖͨ͠ʣ
ಈతܕ͚ͩͱɺϏϧυˠ࣮ߦ·ͰΒͳ͍ͱΤϥʔ͕ى͜Δ͔Ͳ͏͔͔Βͳ͍
ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝
Slide 10
Slide 10 text
5ZQF4DSJQUʹ͍ͭͯগ͠ิ
$%,PO5ZQF4DSJQUͰͷܕνΣοΫྫ
-Ͱͷ4όέοτ࡞
ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝
const testBucket = new s3.Bucket(this,'TestBucket',{
versioned: true,
});
ܕνΣοΫ0,
const testBucket = new s3.Bucket(this,'TestBucket',{
versioned: "123",
});
ܕνΣοΫ/(
WFSTJPOFE
CPPMFBO·ͨVOEF
fi
OFE
͡Όͳ͍ͱμϝʂ
Slide 11
Slide 11 text
$%,PO5ZQF4DSJQUͷਪ͠ϙΠϯτ
ͦͦ$%,͕5ZQF4DSJQUͰॻ͔Ε͍ͯΔͱ͍͏҆৺ײ
ಉ͡։ൃݴޠͱͳΔͨΊɺಠ֦ࣗு͕؆୯ʢͩͱࢥ͏ʣ
࣮ํ໋໊نଇʹࠔͬͨΒ$%,ͷιʔείʔυΛோΊͯࢀߟʹͰ͖Δ
ଟ͘ͷ5ZQF4DSJQU࣮ྫαϯϓϧίʔυ͕ωοτ্ʹ͋Δ
5ZQF4DSJQUͷܕิ͕ൈ܈ͷ։ൃମݧ
$%,ͷެࣜυΩϡϝϯτͷαϯϓϧ͕ͦͦ5ZQF4DSJQU
ଞͷ/PEFKTύοέʔδͱͷੑ͕˓
ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝
Slide 12
Slide 12 text
$%,PO5ZQF4DSJQUͰͷإΑΓݟΔެࣜυΩϡϝϯτ
ެࣜυΩϡϝϯτͷαϯϓϧίʔυجຊతʹ5ZQF4DSJQUલఏͳͷͰɺ߹Θ͓ͤͯ͘ͱ٢
ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝
˞
IUUQTEPDTBXTBNB[PODPNDELBQJWEPDTBXTDPOTUSVDUMJCSBSZIUNM
Slide 13
Slide 13 text
$%,PO5ZQF4DSJQUͷਪ͠ϙΠϯτ
ͦͦ$%,͕5ZQF4DSJQUͰॻ͔Ε͍ͯΔͱ͍͏҆৺ײ
ಉ͡։ൃݴޠͱͳΔͨΊɺಠ֦ࣗு͕؆୯ʢͩͱࢥ͏ʣ
࣮ํ໋໊نଇʹࠔͬͨΒ$%,ͷιʔείʔυΛோΊͯࢀߟʹͰ͖Δ
ଟ͘ͷ5ZQF4DSJQU࣮ྫαϯϓϧίʔυ͕ωοτ্ʹ͋Δ
5ZQF4DSJQUͷܕิ͕ൈ܈ͷ։ൃମݧ
$%,ͷެࣜυΩϡϝϯτͷαϯϓϧ͕ͦͦ5ZQF4DSJQU
ଞͷ/PEFKTύοέʔδͱͷੑ͕˓
ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝
Slide 14
Slide 14 text
#-&"GPS'4*ͷϦϙδτϦΛ͍ͯΈ·͠ΐ͏
VTFSDBTFTCBTFDUMPHHJOHQBDLBHFKTPO
ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝
"devDependencies": {
"@types/jest": "^27.5.2",
"@types/node": "18.7.14",
"@typescript-eslint/eslint-plugin": "^5.38.0",
"@typescript-eslint/parser": "^5.38.0",
"cdk-nag": "^2.15.38",
"eslint": "^8.23.1",
"eslint-config-prettier": "^8.5.0",
"lint-staged": "^13.0.3",
"prettier": "^2.7.1",
"simple-git-hooks": "^2.8.0",
"standard-version": "^9.5.0",
"typescript": "^4.8.3"
},
Slide 15
Slide 15 text
#-&"GPS'4*ͷϦϙδτϦΛ͍ͯΈ·͠ΐ͏
VTFSDBTFTCBTFDUMPHHJOHQBDLBHFKTPO
ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝
"devDependencies": {
"@types/jest": "^27.5.2",
"@types/node": "18.7.14",
"@typescript-eslint/eslint-plugin": "^5.38.0",
"@typescript-eslint/parser": "^5.38.0",
"cdk-nag": "^2.15.38",
"eslint": "^8.23.1",
"eslint-config-prettier": "^8.5.0",
"lint-staged": "^13.0.3",
"prettier": "^2.7.1",
"simple-git-hooks": "^2.8.0",
"standard-version": "^9.5.0",
"typescript": "^4.8.3"
},
ͳʹΒ$%,ͬΆ͘ͳ͍
ύοέʔδఆ͕ٛɺɺ
φχίϨ 🤔
Slide 16
Slide 16 text
#-&"GPS'4*Ͱ࠾༻͞Ε͍ͯΔ/PEFKTύοέʔδൈਮ
&4-JOU
+BWB4DSJQU5ZQF4DSJQU͚ͷ੩తղੳπʔϧɻ
ߏจΤϥʔϓϩδΣΫτݻ༗ͷίʔσΟϯάنʹҧ͢Δ߹ʹ/(Λग़ͯ͘͠ΕΔɻ
ղੳఆٛFTMJOUSDKTPOʹهࡌ͞Ε͍ͯΔ
1SFUUJFS
ෳݴޠʹରԠͨ͠ιʔείʔυϑΥʔϚολʢιʔείʔυΛܗͯ͘͠ΕΔʣ
ϑΥʔϚοτఆٛQSFUUJFSSDKTPOʹهࡌ͞Ε͍ͯΔ
MJOUTUBHFE
HJUDPNNJU࣌ʹԿ͔͠ΒͷॲཧΛτϦΨʔ͢Δ͜ͱ͕Մೳ
#-&"GPS'4*ͰԼه͕ઃఆ͞Ε͍ͯΔ
ᶃγʔΫϨοτใͷεΩϟϯ
ᶄ&4-JOUͰͷ੩తղੳ
ᶅ1SFUUJFSʹΑΔࣗಈϑΥʔϚοςΟϯά
ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝
"lint-staged": {
"*": [
"git-secrets --scan"
],
"*.(ts|tsx|js|jsx)": [
"npx eslint --fix"
],
"*.(ts|tsx|js|jsx|json|html|yml|yaml|md|graphql|css|scss|less|vue|flow)": [
"npx prettier --write"
]
}
Slide 17
Slide 17 text
#-&"GPS'4*Ͱ࠾༻͞Ε͍ͯΔ/PEFKTύοέʔδൈਮ
&4-JOU
+BWB4DSJQU5ZQF4DSJQU͚ͷ੩తղੳπʔϧɻ
ߏจΤϥʔϓϩδΣΫτݻ༗ͷίʔσΟϯάنʹҧ͢Δ߹ʹ/(Λग़ͯ͘͠ΕΔɻ
ղੳఆٛFTMJOUSDKTPOʹهࡌ͞Ε͍ͯΔ
1SFUUJFS
ෳݴޠʹରԠͨ͠ιʔείʔυϑΥʔϚολʢιʔείʔυΛܗͯ͘͠ΕΔʣ
ϑΥʔϚοτఆٛQSFUUJFSSDKTPOʹهࡌ͞Ε͍ͯΔ
MJOUTUBHFE
HJUDPNNJU࣌ʹԿ͔͠ΒͷॲཧΛτϦΨʔ͢Δ͜ͱ͕Մೳ
#-&"GPS'4*ͰԼه͕ઃఆ͞Ε͍ͯΔ
ᶃγʔΫϨοτใͷεΩϟϯ
ᶄ&4-JOUͰͷ੩తղੳ
ᶅ1SFUUJFSʹΑΔࣗಈϑΥʔϚοςΟϯά
ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝
"lint-staged": {
"*": [
"git-secrets --scan"
],
"*.(ts|tsx|js|jsx)": [
"npx eslint --fix"
],
"*.(ts|tsx|js|jsx|json|html|yml|yaml|md|graphql|css|scss|less|vue|flow)": [
"npx prettier --write"
]
}
#-&"GPS'4*Ͱ$%,PO5ZQFTDSJQU։ൃ
ʹඞཁͳమ൘ύοέʔδ͕ඪ४Ͱೖ͍ͬͯΔͷͰ
ͦͷ··͏͚ͩ͡Ό͍ͬͨͳ͍ʂ
Slide 18
Slide 18 text
#-&"GPS'4*ͷίʔυΛগ͍ͯ͠Έ·͠ΐ͏
VTFDBTFTCBTFDUMPHHJOHMJCCMFBGTJTCVDLFUTUBDLUT͔ΒҰ෦ൈਮ
$%,PO5ZQF4DSJQU։ൃ͋Δ͋Δ
import { aws_s3 as s3 } from 'aws-cdk-lib';
export class S3BucketStack extends cdk.Stack {
constructor(scope: Construct, id: string, props: cdk.StackProps) {
const logsBucket = new s3.Bucket(this, 'logsBucket', {
accessControl: s3.BucketAccessControl.PRIVATE,
blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
versioned: true,
removalPolicy: cdk.RemovalPolicy.RETAIN,
serverAccessLogsBucket: archiveLogsBucket,
encryption: s3.BucketEncryption.S3_MANAGED,
enforceSSL: true,
});
Slide 19
Slide 19 text
#-&"GPS'4*ͷίʔυΛνϥݟ
VTFDBTFTCBTFDUMPHHJOHMJCCMFBGTJTCVDLFUTUBDLUT͔ΒҰ෦ൈਮ
$%,PO5ZQF4DSJQU։ൃ͋Δ͋Δ
import { aws_s3 as s3 } from 'aws-cdk-lib';
export class S3BucketStack extends cdk.Stack {
constructor(scope: Construct, id: string, props: cdk.StackProps) {
const logsBucket = new s3.Bucket(this, 'logsBucket', {
accessControl: s3.BucketAccessControl.PRIVATE,
blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
versioned: true,
removalPolicy: cdk.RemovalPolicy.RETAIN,
serverAccessLogsBucket: archiveLogsBucket,
encryption: s3.BucketEncryption.S3_MANAGED,
enforceSSL: true,
});
BXTDELMJCͷBXT@TϞδϡʔϧΛ
Tͱ͍͏ผ໊Ͱར༻͢ΔΑʂ
OPEF@NPEVMFTBXTDELMJCBXTT
͔ΒΠϯϙʔτ
Slide 20
Slide 20 text
#-&"GPS'4*ͷίʔυΛνϥݟ
VTFDBTFTCBTFDUMPHHJOHMJCCMFBGTJTCVDLFUTUBDLUT͔ΒҰ෦ൈਮ
$%,PO5ZQF4DSJQU։ൃ͋Δ͋Δ
import { aws_s3 as s3 } from 'aws-cdk-lib';
export class S3BucketStack extends cdk.Stack {
constructor(scope: Construct, id: string, props: cdk.StackProps) {
const logsBucket = new s3.Bucket(this, 'logsBucket', {
accessControl: s3.BucketAccessControl.PRIVATE,
blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
versioned: true,
removalPolicy: cdk.RemovalPolicy.RETAIN,
serverAccessLogsBucket: archiveLogsBucket,
encryption: s3.BucketEncryption.S3_MANAGED,
enforceSSL: true,
});
4όέοτΛ
࡞ͬͯΔίʔυͬΆ͍͚Ͳɺ
ͲΜͳόέοτ࡞ͬͯΜͷʁ🤔
Slide 21
Slide 21 text
ͷإΑΓݟΔ$%,υΩϡϝϯτ
$%,PO5ZQF4DSJQU։ൃ͋Δ͋Δ
Slide 22
Slide 22 text
ͷإΑΓݟΔ$%,υΩϡϝϯτ
#VDLFUΫϥεͷϓϩύςΟ
$%,PO5ZQF4DSJQU։ൃ͋Δ͋Δ
Slide 23
Slide 23 text
ͷإΑΓݟΔ$%,υΩϡϝϯτ
#VDLFUΫϥεͷϓϩύςΟ
$%,PO5ZQF4DSJQU։ൃ͋Δ͋Δ
/BNFͷඌʹ ͕͍͍ͯΔͷ໌ࣔ͠ͳͯ͘
$%,ͰΑ͠ͳʹઃఆͯ͘͠ΕΔ
Slide 24
Slide 24 text
ͷإΑΓݟΔ$%,υΩϡϝϯτ
#VDLFUΫϥεͷϓϩύςΟ
$%,PO5ZQF4DSJQU։ൃ͋Δ͋Δ
σϑΥϧτ$MPVE'PSNBUJPOελοΫଆͰ
Α͠ͳʹઃఆ͓ͯͥ͘͠ʂ
Slide 25
Slide 25 text
ʘಡΈղ͖ํ͕͔Ε#-&"GPS'4*ා͘ͳ͍ʂʗ
Slide 26
Slide 26 text
͋͞ɺ#-&"GPS'4*ͷιʔεͷੈք%FFQ%JWFʂ
IUUQTHJUIVCDPNBXTTBNQMFTCBTFMJOFFOWJSPONFOUPOBXTGPS
fi
OBODJBMTFSWJDFTJOTUJUVUF