Upgrade to Pro — share decks privately, control downloads, hide ads and more …

TerraformのレビューをConftestで自動化する

Avatar for Ryo Kubota Ryo Kubota
February 10, 2021
Programming
3
1.7k

 TerraformのレビューをConftestで自動化する

Avatar for Ryo Kubota

Ryo Kubota

February 10, 2021
Tweet

More Decks by Ryo Kubota

See All by Ryo Kubota
Terraform x OPA/Conftest の tips
Avatar for Ryo Kubota ryokbt
0
1.1k
Handling TV Ad Traffic Influx with Microservices
Avatar for Ryo Kubota ryokbt
0
1.5k

Other Decks in Programming

See All in Programming
Combinatorial Interview Problems with Backtracking Solutions - From Imperative Procedural Programming to Declarative Functional Programming - Part 2
Avatar for Philip Schwarz philipschwarz
PRO
0
120
Pythonではじめるオープンデータ分析〜書籍の紹介と書籍で紹介しきれなかった事例の紹介〜
Avatar for Ryo YOSHI welliving
3
630
The Art of Re-Architecture - Droidcon India 2025
Avatar for Sid Patil siddroid
0
140
Kotlin Multiplatform Meetup - Compose Multiplatform 외부 의존성 아키텍처 설계부터 운영까지
Avatar for Suhyeon Kim wisemuji
0
130
2年のAppleウォレットパス開発の振り返り
Avatar for muno92 muno92
PRO
0
120
Findy AI+の開発、運用におけるMCP活用事例
Avatar for starfish719 starfish719
0
1.8k
ELYZA_Findy AI Engineering Summit登壇資料_AIコーディング時代に「ちゃんと」やること_toB LLMプロダクト開発舞台裏_20251216
Avatar for 株式会社ELYZA elyza
2
670
TerraformとStrands AgentsでAmazon Bedrock AgentCoreのSSO認証付きエージェントを量産しよう!
Avatar for neruneruo neruneruo
4
1.9k
クラウドに依存しないS3を使った開発術
Avatar for しめさば simesaba80
0
180
AI Agent Tool のためのバックエンドアーキテクチャを考える #encraft
Avatar for izumin5210 izumin5210
5
1.3k
令和最新版Android Studioで化石デバイス向けアプリを作る
Avatar for Sora Arakawa arkw
0
460
Deno Tunnel を使ってみた話
Avatar for すずとも kamekyame
0
260

Featured

See All Featured
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
Avatar for Ines Montani inesmontani
PRO
3
2k
Information Architects: The Missing Link in Design Systems
Avatar for Michelle Chin soysaucechin
0
720
Efficient Content Optimization with Google Search Console & Apps Script
Avatar for Katarina Dahlin katarinadahlin
PRO
0
260
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
187
22k
The Web Performance Landscape in 2024 [PerfNow 2024]
Avatar for Tammy Everts tammyeverts
12
980
The Impact of AI in SEO - AI Overviews June 2024 Edition
Avatar for Aleyda Solis aleyda
5
680
The untapped power of vector embeddings
Avatar for Frank van Dijk frankvandijk
1
1.5k
Agile Leadership in an Agile Organization
Avatar for Dr. Kim W Petersen kimpetersen
PRO
0
59
SEO in 2025: How to Prepare for the Future of Search
Avatar for Michael King ipullrank
3
3.3k
The Success of Rails: Ensuring Growth for the Next 100 Years
Avatar for Eileen M. Uchitelle eileencodes
47
7.9k
How to build an LLM SEO readiness audit: a practical framework
Avatar for Nick Samuel nmsamuel
1
590
Visual Storytelling: How to be a Superhuman Communicator
Avatar for David Neal reverentgeek
2
400

Transcript

  1. 5FSSBGPSNͷϨϏϡʔΛ $POGUFTUͰࣗಈԽ͢Δ Terraform meetup ONLINE #2021.02 Ryo Kubota @ryok6t

  2. • Ryo Kubota (@ryok6t) • FiNC Technologies • SRE Team

    manager • Terraformྺ͸1೥൒΄Ͳ ࣗݾ঺հ

  3. • ໿50ͷϚΠΫϩαʔϏε͕ AWS ্ʹଘࡏ • ϚΠΫϩαʔϏεͷΠϯϑϥΛ Terraform Ͱ؅ཧ • αʔϏεͱ؀ڥ͝ͱʹಠཱͨ͠

    state Λอ༗ લఏ 4UBHJOH UGTUBUF 1SPEVDUJPO UGTUBUF αʔϏε" 4UBHJOH UGTUBUF 1SPEVDUJPO UGTUBUF αʔϏε# ʜ

  4. • ϚΠΫϩαʔϏεͷΠϯϑϥΛ։ൃऀʹҕৡ͢Δͱ͍ ͏ࢥ૝͔Β Terraform Λಋೖ • ໿2000ݸͷطʹ࡞ΒΕͯ͠·͍ͬͯͨϦιʔεΛ
 શͯ import ͠ɺαʔϏεͱ؀ڥ͝ͱʹ෼ׂ

    ೥൒લ͸*B$ͳͲແ͔ͬͨ

  5. • Terraform Λಋೖ͠ɺ։ൃऀ͸ HCL Λॻ͍ͯ
 ϓϧϦΫΤετΛग़ͤ͹ΠϯϑϥʹมߋΛՃ͑ΒΕΔ Α͏ʹͳͬͨ • ࢥ૝ʹҰาۙ෇͍ͨ എܠ

  6. • ࣭ͷ୲อͷͨΊɺϨϏϡʔ͸΄ͱΜͲ SRE ͕୲౰ • ϨϏϡʔ͕ແࢹͰ͖ͳ͍ίετʹ ݟ͖͑ͯͨ৽ͨͳ՝୊

  7. • ຊདྷͷϚΠΫϩαʔϏεͷ఩ֶͱͯ͠͸ɺ֤νʔϜ͕ Πϯϑϥͷมߋ΋ؚΊͯ։ൃΛεϐʔσΟʹճ͍ͯ͠ ͚Δ΂͖ • ϨϏϡʔ΋ؚΊͯҕৡ͍͖͍ͯͨ͠ ຊདྷͷࢥ૝ʹཱͪฦΔͱʜ

  8. • ͦΕͳΓʹෳࡶͳઃఆ͕ඞཁʹͳΔέʔε΋ • Ճ͑ͯɺTerraform/AWS ͷ஌ࣝ͸ݸਓ/νʔϜʹΑͬ ͯҟͳΔ ҕৡ͸؆୯Ͱ͸ͳ͍

  9. • FiNC Ͱ͸αʔϏεؒͷඇಉظ௨৴ʹ Amazon SNS/ SQS Λ࢖༻ • ΍΍ෳࡶͳઃఆ͕ඞཁ "NB[PO4/4424ͷྫ

  10. • αʔϏεA ʹ SNS topic Λ࡞੒ • αʔϏεA ͷ IAM

    policy ʹ SNS topic ͷݖݶΛ௥Ճ • αʔϏεB ʹ SQS queue Λ࡞੒ • αʔϏεB ͷ IAM policy ʹ SQS queue ͷݖݶΛ௥Ճ • SQS queue ͷ policy ʹ SNS topic ͷݖݶΛ௥Ճ • SNS topic ͱ SQS queue Λඥ͚ͮΔ resource Λ௥Ճ 4/4424ͷઃఆ߲໨͸ଟ͍

  11. • ίετूܭ΍ Datadog ͰͷॲཧͷͨΊʹ tag Λٛ຿ Խ͍ͯ͠Δ • λά෇͚ͳͲͷϕετϓϥΫςΟε΋શһ͕೺Ѳͯ͠ ͍ΔΘ͚Ͱ͸ͳ͍

    5BHͷྫ

  12. • શαʔϏεͰͷ࣭ͷ୲อ͕ࠔ೉ʹ • HCL ͷߏจ্͸໰୊ແ͍͜ͱ͕ଟ͍ͷͰɺTerraform Ͱ͸ݕ஌Ͱ͖ͳ͍ • ͋͘·Ͱҙຯ্ͷ໰୊ • e.g.

    tag ͕ແͯ͘΋౰વ apply ͸Մೳ ϨϏϡʔΛҕৡ͢Δͱʜ

  13. • ֤αʔϏεͷࣗ཯Խͱશମͷ࣭ͷτϨʔυΦϑʹ • ϨϏϡʔ͸ҕৡ͍ͨ͠ʢࣗ཯Խ͍ͨ͠ʣ͕ɺ
 ࣭΋୲อ͍ͨ͠ • ͳΜΒ͔ͷ࢓૊ΈΛ༻͍ͯࣗಈԽ͢Δඞཁ͋Γ ࣭ͱࣗ཯ԽͷτϨʔυΦϑʁ

  14. • CircleCI Ͱ terraform plan Λ͢Δࡍʹɺઃఆʹ໰୊͕ ແ͍͔ΛࣗಈͰνΣοΫ͢Δ • Open Policy

    Agent(OPA) Λར༻ͯ͜͠ΕΛୡ੒ ղܾࡦ

  15. • OSS ͷϙϦγʔΤϯδϯ • CNCF ͷ Graduation project • Rego

    ͱݺ͹ΕΔϙϦγʔهड़ݴޠΛ࢖ͬͯϙϦγʔ Λఆٛ 01"ͱ͸ʁ

  16. 01"ͷΠϝʔδ :".-+40/ ͳͲͷ σʔλ 3FHP 1PMJDZ ೖྗ ൑ఆ

  17. • ηϚϯςΟΫεతͳ໰୊ͷݕ஌ΛࣗಈԽՄೳ • ஞҰʮtag ͍ͭͯͳ͍Αʂʯͱ͔ࢦఠ͕ෆཁ • Policy as Code ͕࣮ݱՄೳ

    • ϙϦγʔΛ໌จԽ 㱻 ଐਓԽ • ϙϦγʔ΋ίʔυͱͯ͠։ൃՄೳ 01"Λ࢖͏ͱԿ͕خ͍͠ͷ͔

  18. • CircleCI ্Ͱ Conftest ͱ͍͏ OPA ͷπʔϧΛ࣮ߦ • Conftest ͱ͸ʁ

    • ୯ͳΔ OPA ͷϢʔβʔΠϯλʔϑΣʔε • ࣮ࡍͷ࡞ۀ͸΄΅ OPA ͕࣮ߦ ࣮ࡍͲ͏࢖͍ͬͯΔͷ͔

  19. • plan ݁ՌΛ JSONʹͯ͠ೖྗ͢Δ • terraform plan -out plan.tfplan •

    terraform show -json plan.tfplan | conftest test - 5FSSBGPSNͰͷ$POGUFTU

  20. 5FSSBGPSNQMBOͷ+40/ ϦιʔεͱͦΕʹର͢ΔมߋҰཡ Ճ͑Δૢ࡞ʢDSFBUF VQEBUFͳͲʣ Ϧιʔεͷ৘ใ มߋલมߋޙͷঢ়ଶ

  21. ϙϦγʔͷྫʢUBHʣ ඞਢʹ͍ͨ͠UBH SFTPVSDF@DIBOHFTΛϧʔϓ ҰͭͰ΋ຬ͍ͨͯ͠ͳ͍΋ͷ͕ ͋Ε͹WJPMBUJPO

  22. • action ͱϦιʔεͷछྨ͔ΒมߋͷӨڹൣғΛܭࢉ • ͦΕʹΑͬͯϨϏϡϫʔΛมߋ ଞʹ΋͜Μͳ͜ͱ΋ʜ

  23. • Policy as Code: ϙϦγʔΛίʔυͱͯ͠ѻ͏ • Rego ͷจ๏ʹ͸Ϋη͕͋ΔͨΊɺςετ͕ॏཁ • OPA

    Ͱ͸ϙϦγʔͷςετ༻ϑϨʔϜϫʔΫ͕ଘࡏ ͠ɺ؆୯ʹςετ͕Մೳ ϙϦγʔ͸ςετՄೳ

  24. • ϚΠΫϩαʔϏεʹ͓͍ͯ͸αʔϏεͷࣗ཯ੑͱશମ ͷ࣭ͷ୲อ͕τϨʔυΦϑʹͳΓ΍͍͢ • ҆શͰߴ଎ͳ։ൃͷͨΊʹ͸ɺPolicy as Code ʹΑΔ ηϚϯςΟΫεݕূͷࣗಈԽ͕༗ޮ •

    Conftest Λ࢖͏͜ͱͰ͜ΕΛ࣮ݱՄೳ ·ͱΊ

  25. • Sentinel Ͱ΋ Terraform ͷ Policy as Code ͕Մೳ •

    FiNC Ͱ͸ Kubernetes ͷ manifest ͷνΣοΫʹ΋ Conftest Λ༻͍͍ͯΔͨΊ Conftest Λ࠾༻ ͪͳΈʹʜ