Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
塩漬けダメ、ゼッタイ! サポート切れのIaCツールをTerraformに移行した話
Search
SimSta
April 15, 2024
0
200
塩漬けダメ、ゼッタイ! サポート切れのIaCツールをTerraformに移行した話
SimSta
April 15, 2024
Tweet
Share
More Decks by SimSta
See All by SimSta
AWSの2025年最新トレンドをフル活用してフルサーバーレスな司書エージェントを作ってみた @ JAWS-UG Sapporo
shimagaji
3
270
AWS Media Servicesを使ってAmazon IVSとYouTubeへの同時配信を試してみた @ JAWS-UG千葉支部 x Media-JAWS
shimagaji
1
100
AWSアップデートまとめ #しむそく をFun Done Learnで振り返る @ JAWS-UG Tokyo
shimagaji
2
280
Amazon Q DeveloperでMCP Serverを使ってKnowledge Baseを呼び出してみた @ JAWS-UG 彩の国埼玉支部#1
shimagaji
1
390
KAG社内のPlatform Engineeringをちょっとだけ紹介します @ Sapporo Engineer Base
shimagaji
0
41
日本からre:Inventを支えた活動報告&ミニre:Cap @ JAWS-UG Sapporo
shimagaji
0
120
Step FunctionsとInfrastructure Composerで挑むローコード × Platform Engineering @ JAWS-UG 青森
shimagaji
1
320
スクラムチームのDevOpsを支えるPlatform Engineering @ 実践DevOps! 〜KAGとkubellの取り組み〜
shimagaji
0
100
日本からre:Inventを支える技術 @ re:Invent2024 北海道組 事前勉強会
shimagaji
0
120
Featured
See All Featured
Statistics for Hackers
jakevdp
799
220k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.5k
GraphQLの誤解/rethinking-graphql
sonatard
73
11k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
VelocityConf: Rendering Performance Case Studies
addyosmani
332
24k
Fireside Chat
paigeccino
40
3.7k
Automating Front-end Workflow
addyosmani
1371
200k
Rebuilding a faster, lazier Slack
samanthasiow
84
9.2k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
The Cult of Friendly URLs
andyhume
79
6.6k
KATA
mclloyd
32
15k
Optimising Largest Contentful Paint
csswizardry
37
3.4k
Transcript
Ԙ௮͚μϝɺθολΠʂ αϙʔτΕͷ*B$πʔϧΛ 5FSSBGPSNʹҠߦͨ͠ 4JN4UB !TIJNBHBKJ +"846(γεࢧ෦
ˡϗϫΠτγϚϦεͷΞϧλ
ࣗݾհ "84ೝఆ ʲॕʳף ɹ࡛ۄɹʢʙେֶͷ్த·Ͱʣ ˠࡳຈɹʢʙେֶɾʣ ˠਆಸʢʙେֶӃʙब৬ͯ͘͠Β͍ʣ ˠࡳຈɹʢʙ͘Β͍ɺݱࡏʣ ͖ͳ"84αʔϏεɿ4UFQ'VODUJPOT 4JN4UBʢΦϯϥΠϯͷ͕ͨ͢ʣ ,%%*ΞδϟΠϧ։ൃηϯλʔגࣜձࣾ
ϓϥοτϑΥʔϜΤϯδχΞϦϯά෦ !TIJNBHBKJ 5XJUUFS ΧάΧά %&" 4FSWFSMFTT
ϗϫΠτγϚϦεͱ Β͍ͯ͠·͢🐿 ˢେνϧλϦε 5XJUUFSΞΧϯτ͋ΔΑ !BMUB@XIJUFDIJQ ઌिʢʣࡀʹͳΓ·ͨ͠🎂
աڈͷొஃࢿྉΞοϓͯ͠·͢ʢࠓͷࢿྉʂʣ IUUQTTQFBLFSEFDLDPNTIJNBHBKJ
ݸਓϒϩάΛӡ༻͍ͯ͠·͢͠·͕͡ ͠Ήͦ͘ "84ΞοϓσʔτΛ ຖिߋ৽ʂ ͦͷଞ ΫϥυΨδΣοτ γϚϦεͷͳͲ
"HFOEB • ͡Ίʹ • ೖࣾͯ͠ਅͬઌʹͬͨ͜ͱ • ݟ͚ͯ͠·ͬͨͷ • Ṗͷ%SPOFΛܸͤΑ •
5FSSBGPSNҠߦฤʢϋϚΓϙΠϯτूʣ • ϦιʔεఆٛͷϋϚΓϙΠϯτ • JNQPSUͷϋϚΓϙΠϯτ • (JU)VC"DUJPOTͷϋϚΓϙΠϯτ • ·ͱΊͱڭ܇
͡Ίʹ
ઌ݄ʢ݄ʣʹ,"(ೖࣾ͠·ͨ͠ ͪΐ͏ͲΏΔΩϟϥσϏϡʔ͠·ͨ͠ ୭Θͳ͍ϋογϡλάय़͔Β,"(
ೖ͔ࣾͨ͠Γͷγε1'& ·ͣԿΛ͢Δ͔ʁ 1'&ɿϓϥοτϑΥʔϜΤϯδχΞ
ࣾڞ௨ͷݕূ༻"84ΞΧϯτΛோΊ·͢ ˞ը૾ΠϝʔδʢݸਓΞΧϯτͷͷʣͰ͢
·ͣ"84ΞΧϯτΛோΊͯΔ͜ͱʢൈਮʣ • "ENJOJTUSBUPS"DDFTTͷΞΫηεΩʔ͕ແ͍͔ • ίϯιʔϧ༻ͷ*".ϢʔβʔʹΞΫηεΩʔ༩͞Ε͍ͯͳ͍͔ • ظؒ༻͞Ε͍ͯͳ͍*".Ϣʔβʔ͕͍ͳ͍͔
• ڧ͍ݖݶΛ࣋ͭ*".Ϣʔβʔʹ.'"ઃఆ͞Ε͍ͯΔ͔ • ༨ܭͳྉۚΛൃੜ͍ͤͯ͞ΔϦιʔεແ͍͔
·ͣ"84ΞΧϯτΛோΊͯΔ͜ͱʢൈਮʣ • "ENJOJTUSBUPS"DDFTTͷΞΫηεΩʔ͕ແ͍͔ → • ίϯιʔϧ༻ͷ*".ϢʔβʔʹΞΫηεΩʔ༩͞Ε͍ͯͳ͍͔ →
付 • ظؒ༻͞Ε͍ͯͳ͍*".Ϣʔβʔ͕͍ͳ͍͔ → • ڧ͍ݖݶΛ࣋ͭ*".Ϣʔβʔʹ.'"ઃఆ͞Ε͍ͯΔ͔ → 設定 • ༨ܭͳྉۚΛൃੜ͍ͤͯ͞ΔϦιʔεແ͍͔ → (今⽇ 話) ˞·ͩձࣾ෦ॺग़དྷͯؒͳ͍͜ͱ͋Γɺࠓ·ͰϧʔϧԽ͞Ε͍ͯͳ͔ͬͨ෦Λඋ͍ͯ͠Δͱ͜ΖͰ͢
݄ͷ3%4ٻը໘
݄ͷ3%4ٻը໘
…
݄ͷ3%4ٻը໘ ʂʁ
݄ͷ3%4ٻը໘ ୭ؾ͔ͳ͍͏ͪʹ3%4GPS.Z42-͕ Ԇαϙʔτʹಥೖ͍ͯͨͤ͠Ͱ ίϯϐϡʔςΟϯάྉ͕ۚഒҎ্ʹͳͬͯ·ͨ͠🤔
ࢀߟɿ3%4ʢGPS.Z42-ʣͷԆαϙʔτ IUUQTBXTBNB[PODPNKQSETNZTRMQSJDJOH IUUQTRJJUBDPNNJOPSVOJUFNTBDFCFCGF ʢ3%4͚ͩ͡Όͳ͘&,4͔Β͋ΔΑʣ
݄υϧ͑ͷίετΛੜΈग़͢൜ਓ ɾɾɾԿऀʁ
%SPOFʢͱ1JDVMFUʣͷ࣮ଶ • 1JDVMFUͱ͍͏ηΩϡϦςΟάϧʔϓΛཧ͢ΔͬΆ͍πʔϧ͕͋Δ ˠ3VCZ%4-ͰηΩϡϦςΟάϧʔϓΛهड़͍ͯ͠Δ ɹάάͬͯҎ্લͷใ͔͠ग़ͯ͜ͳ͍ʜ • (JU)VC&OUFSQSJTFΛϗετ͢Δ&$ͷηΩϡϦςΟάϧʔϓΛ
ϦϙδτϦͰཧ͠ɺར༻ऀʹΑΔ*1ՃมߋΛϓϧϦΫΤετͰड • %SPOFʢগͳ͘ͱ͜͜ͰʣϦϙδτϦͷઃఆ༰Λͱʹ "84্ͷηΩϡϦςΟάϧʔϓΛߋ৽͢Δ$*$%πʔϧʢΒ͍͠ʣ • &$ʢ"VUP4DBMJOHʣͱ3%4ʢ͖ͬ͞ͷͭʣͰಈ͍͍ͯΔ ˠ&$ͱ͔͘3%4ͷྉ͕ۚΩπ͍ • ΊͬͪΌ$SFBUF4FDVSJUZ(SPVQୟ͘ • 現在 中⾝ 分 ⼈ ˞·ͩձࣾ෦ॺग़དྷͯؒͳ͍͜ͱ͋Γɺࠓ·ͰϧʔϧԽ͞Ε͍ͯͳ͔ͬͨ෦Λඋ͍ͯ͠Δͱ͜ΖͰ͢
%SPOFʢͱ1JDVMFUʣͷ࣮ଶ Network Load Balancer NAT gateway GitHub Enterprise Bastion
Drone drone-db User AWS Cloud Push Merge ηΩϡϦςΟάϧʔϓ ͍͍ͩͨ͜Μͳײ͡ʢ$PEF#VJME͕ࠐΜͰ͋ΔΒ͍͚͠ͲṖʣ
ͱ͍͏͜ͱͰʂ
%SPOFܸ࡞ઓɺ։࢝
5FSSBGPSNҠߦฤ ʢ͔͜͜Βͬ͘͟Γ͍͖·͢ʣ
5FSSBGPSNҠߦͷഎܠ • ࣾͰΘΕ͍ͯΔ*B$πʔϧ͕5FSSBGPSN͔ͩͬͨΒ฿ͬͨ ʢ(PPHMF$MPVE"[VSF͏໘͕ҰԠ͋Δʣ • $MPVE'PSNBUJPOΛීஈ͓ͬͯΓɺॳΊͯͷ5FSSBGPSN ˠॻ͖ํΛͱΓ࣮֮͋͑ͣ͑ͯ͢Δ
ʢࠓճηΩϡϦςΟάϧʔϓ͚͍͚ͩͩ͠ΔΖʜʣ • %SPOFΛಈ͔͠ଓ͚͍ͯΔݶΓͣͬͱߴֹͳྉ͕ۚൃੜ͢ΔͷͰ ͳΔ͘ૣ͘ҠߦΛࡁ·ͤΔ ˠଟগଥڠ͢Δ໘͕͋ͬͯεϐʔυΛ༏ઌ͠ɺҠߦޙʹߟ͑Δ
ϋϚΓϙΠϯτબ ʢ࣮ࡍͬͱ͋ͬͨʣ
ϦιʔεఆٛͷϋϚΓϙΠϯτ ηΩϡϦςΟάϧʔϓͷϧʔϧͷॻ͖ํͬͯछྨ͋ΜͶΜ • BXT@TFDVSJUZ@HSPVQͷதʹJOHSFTTͱFHSFTTΛೖΕΔ • BXT@TFDVSJUZ@HSPVQ@SVMF • BXT@WQD@TFDVSJUZ@HSPVQ@JOHSFTTFHSFTT@SVMF ࢀߟɿ5FSSBGPSNͰ"84ͷηΩϡϦςΟάϧʔϓͷϧʔϧΛ࡞͢Δํ๏ͷൺֱͱҙ IUUQTEFWDMBTTNFUIPEKQBSUJDMFTUFSSBGPSNTFDVSJUZHSPVQ
ͦΕͧΕͷॻ͖ํͷྫ ີ݁߹͕ͩݟ͍͢ ૄ݁߹ɺఆ͕ٛ૿͑Δ ᶃ ᶄ
ͦΕͧΕͷॻ͖ํͷྫ ˠ֤νʔϜࢀর͢ΔͨΊɺݟ͢͞ͱମݧͷมΘΒͳ͞ॏࢹͰᶃΛ࠾༻ ᶅ ૄ݁߹Ͱϧʔϧ͝ͱʹλάΛઃఆͰ͖Δ͕͍
JNQPSUͷϋϚΓϙΠϯτ ϦιʔεͷJNQPSUํ๏ͬͯछྨ͋ΜͶΜ • UFSSBGPSNJNQPSUίϚϯυͰ݅ͣͭऔΓࠐΉํ๏ • UGϑΝΠϧʹJNQPSUϒϩοΫΛهड़͠ɺBQQMZͰऔΓࠐΉํ๏
ˠUFSSBGPSNҎ߱Ͱར༻Մೳ terraform import aws_security_group.hoge_sg sg-XXXXXXXXXXXXXXXX import { resource “aws_security_group” “hoge_sg { id = sg-XXXXXXXXXXXXXXXX } } terraform apply
JNQPSUͷϋϚΓϙΠϯτ JNQPSUϒϩοΫΛ͏ͱෳϦιʔεΛҰؾʹऔΓࠐΊΔʂ ˠUFSSBGPSNBQQMZͷ֬ೝը໘ͰɺطଘͷϦιʔεΛআ͠ ɹಉ͡ઃఆͷ৽͍͠Ϧιʔε͕࡞͞ΕΔঢ়ଶʹͳ͍ͬͯͨ🤔 ࣌ؒແ͍ͷͰ݅ͣͭJNQPSUίϚϯυͰऔΓࠐΉํ๏ʹΓସ͑ ʢͦΕ΄Ͳଟ͘ͳ͔ͬͨͷͰͳΜͱ͔ͳͬͨʣ Γํ͕ؒҧ͍ͬͯͨՄೳੑ͋ΔͷͰɺखಈͰରԠͰ͖ͳ͍ͷ
ϦιʔεΛJNQPSU͢Δͱ͖ʹඋ͑ͯਖ਼͍͠ํ๏Λཱ͍֬ͤͨ͞ʜ
(JU)VC"DUJPOTͷϋϚΓϙΠϯτ w (JU)VC"DUJPOTΛಈ࡞ͤ͞Δ3VOOFSͬͯछྨ͋ΜͶΜ • (JU)VCʹΑΔϚωʔδυ3VOOFS • ࣗલͰ༻ҙ͢Δ4FMG)PTUFE3VOOFS w (JU)VC&OUFSQSJTFʢηϧϑϚωʔδυ൛ʣ4FMG)PTUFEͷΈ
ˠํͳ͘ΦϯσϚϯυͷ&$Λߏங͠ɺฏ࣌ʹՔಇ ʢͬͱίεύ͕ߴ͘ӡ༻ෛՙ͕͍Έ͕ࣾʹ͋ͬͨͬΆ͍ʣ w 3VOOFS͕UFSSBGPSNBQQMZʹͯηΩϡϦςΟάϧʔϓΛߋ৽ ˠ5FSSBGPSNΛΠϯετʔϧ͠ɺదͳ*".ϩʔϧΛ༩
(JU)VC"DUJPOTʹΑΔUFSSBGPSNBQQMZͷ᠘ w ϩʔΧϧͰBQQMZ͢Δ߹ AWS Cloud UGTUBUFΛߋ৽ BQQMZޙʹϩʔΧϧͷUGTUBUF͕ߋ৽͞ΕΔͨΊ߹ੑ͕อͨΕΔ ϩʔΧϧͷUGTUBUFΛͬͯ UFSSBGPSNBQQMZ ˞UGTUBUFɿݱࡏͷϦιʔεͷঢ়ଶ͕هड़͞Ε͍ͯΔϑΝΠϧɻQMBOBQQMZͷࡍUGϑΝΠϧͱUGTUBUFΛൺֱ͢Δ
w (JU)VC"DUJPOT͕BQQMZ͢Δ߹ AWS Cloud UGTUBUFΛߋ৽ ϦϙδτϦͷUGTUBUFΛͬͯ UFSSBGPSNBQQMZ "DUJPOT͕ऴྃͨ͠Β࡞ۀσΟϨΫτϦআ͞ΕΔͨΊɺ ϦϙδτϦͷUGTUBUFߋ৽͞Εͣෆ߹͕ൃੜ (JU)VC"DUJPOTʹΑΔUFSSBGPSNBQQMZͷ᠘
w (JU)VC"DUJPOT͕BQQMZ͢Δ߹ʢରࡦ൛ʣ AWS Cloud ᶅUGTUBUFΛߋ৽ ᶄ4͔Βऔಘͨ͠UGTUBUFΛͬͯ UFSSBGPSNBQQMZ 4ʹஔͨ͠UGTUBUFΛऔಘͯ͠BQQMZΛ࣮ࢪ͠ɺ 4ͷUGTUBUFΛ্ॻ͖͢Δ͜ͱͰ߹ੑΛอͭ ᶃऔಘ
ᶆ্ॻ͖ (JU)VC"DUJPOTʹΑΔUFSSBGPSNBQQMZͷ᠘
͜Μͳײ͡Ͱ ͳΜ͔Μ͋ͬͯʜ
5FSSBGPSNҠߦ͢Δ͜ͱͰ %SPOFܸ࡞ઓɺޭʂʂʂ
%SPOF͕ࢭ·ͬͯίετݮΓ·ͨ͠ Ұ࣌ఀࢭͨ͠ʢʣ ·ͩੜ͖ͯΔͷͰ ετϨʔδྉۚൃੜ υϧˠυϧ ຊʢʣ εφοϓγϣοτऔͬͯ શʹফ͠·ͨ͠
·ͱΊͱڭ܇
·ͱΊͱڭ܇ • "84ڥΛோΊ͍ͯͨΒԆαϙʔτಥೖͷ3%4͕͍ͨ ˠԘ௮͚Λແ͘͠ɺఆظతʹݕ͠Α͏ • Ṗͷ*B$πʔϧ͔Β5FSSBGPSNʹҠߦͨ͠ ˠϒϥοΫϘοΫεΛແ͘͠ɺٕज़ෛ࠴Λฦͦ͏ •
͍͔ͭ͘ଥڠͭͭ͠ɺظؒͰҠߦΛࡁ·ͤͨ ˠΞδϦςΟΛߴ͘อͪͭͭɺٕज़ෛ࠴ܭըతʹ ࠓޙࣾͷ"84ڥΛத৺ͱͨ͠ϓϥοτϑΥʔϜΛඋ͠ɺ ݈શͳঢ়ଶΛอͭ͜ͱͰΞδϦςΟͷߴ͍։ൃΛࢧԉ͍͖ͯ͠·͢ Ұॹʹࢧԉ͍ͨ͠ɺΞδϟΠϧΛਪਐ͍͖͍ͯͨ͠ํͳͲੋඇͪ͜Βˠ
5IBOLZPVʂ