Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
塩漬けダメ、ゼッタイ! サポート切れのIaCツールをTerraformに移行した話
Search
SimSta
April 15, 2024
0
180
塩漬けダメ、ゼッタイ! サポート切れのIaCツールをTerraformに移行した話
SimSta
April 15, 2024
Tweet
Share
More Decks by SimSta
See All by SimSta
KAG社内のPlatform Engineeringをちょっとだけ紹介します @ Sapporo Engineer Base
shimagaji
0
31
日本からre:Inventを支えた活動報告&ミニre:Cap @ JAWS-UG Sapporo
shimagaji
0
76
Step FunctionsとInfrastructure Composerで挑むローコード × Platform Engineering @ JAWS-UG 青森
shimagaji
1
230
スクラムチームのDevOpsを支えるPlatform Engineering @ 実践DevOps! 〜KAGとkubellの取り組み〜
shimagaji
0
84
日本からre:Inventを支える技術 @ re:Invent2024 北海道組 事前勉強会
shimagaji
0
98
KDDI CCoEからKAG Platform Engineeringへ受け継がれたもの、変わったもの @ CCoE実践者コミュニティ北海道
shimagaji
0
95
インナーソースはじめました @ NES Tech Brewery
shimagaji
4
200
Step FunctionsからはじめるBedrock @ JAWS-UG AI/ML
shimagaji
2
360
シマリスを知る!2024 @ Cloud in the Camp Horippa
shimagaji
0
85
Featured
See All Featured
Why You Should Never Use an ORM
jnunemaker
PRO
55
9.2k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
160
15k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
100
18k
Embracing the Ebb and Flow
colly
84
4.6k
VelocityConf: Rendering Performance Case Studies
addyosmani
328
24k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.4k
Six Lessons from altMBA
skipperchong
27
3.6k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
133
33k
Rebuilding a faster, lazier Slack
samanthasiow
80
8.9k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
366
25k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Docker and Python
trallard
44
3.3k
Transcript
Ԙ௮͚μϝɺθολΠʂ αϙʔτΕͷ*B$πʔϧΛ 5FSSBGPSNʹҠߦͨ͠ 4JN4UB !TIJNBHBKJ +"846(γεࢧ෦
ˡϗϫΠτγϚϦεͷΞϧλ
ࣗݾհ "84ೝఆ ʲॕʳף ɹ࡛ۄɹʢʙେֶͷ్த·Ͱʣ ˠࡳຈɹʢʙେֶɾʣ ˠਆಸʢʙେֶӃʙब৬ͯ͘͠Β͍ʣ ˠࡳຈɹʢʙ͘Β͍ɺݱࡏʣ ͖ͳ"84αʔϏεɿ4UFQ'VODUJPOT 4JN4UBʢΦϯϥΠϯͷ͕ͨ͢ʣ ,%%*ΞδϟΠϧ։ൃηϯλʔגࣜձࣾ
ϓϥοτϑΥʔϜΤϯδχΞϦϯά෦ !TIJNBHBKJ 5XJUUFS ΧάΧά %&" 4FSWFSMFTT
ϗϫΠτγϚϦεͱ Β͍ͯ͠·͢🐿 ˢେνϧλϦε 5XJUUFSΞΧϯτ͋ΔΑ !BMUB@XIJUFDIJQ ઌिʢʣࡀʹͳΓ·ͨ͠🎂
աڈͷొஃࢿྉΞοϓͯ͠·͢ʢࠓͷࢿྉʂʣ IUUQTTQFBLFSEFDLDPNTIJNBHBKJ
ݸਓϒϩάΛӡ༻͍ͯ͠·͢͠·͕͡ ͠Ήͦ͘ "84ΞοϓσʔτΛ ຖिߋ৽ʂ ͦͷଞ ΫϥυΨδΣοτ γϚϦεͷͳͲ
"HFOEB • ͡Ίʹ • ೖࣾͯ͠ਅͬઌʹͬͨ͜ͱ • ݟ͚ͯ͠·ͬͨͷ • Ṗͷ%SPOFΛܸͤΑ •
5FSSBGPSNҠߦฤʢϋϚΓϙΠϯτूʣ • ϦιʔεఆٛͷϋϚΓϙΠϯτ • JNQPSUͷϋϚΓϙΠϯτ • (JU)VC"DUJPOTͷϋϚΓϙΠϯτ • ·ͱΊͱڭ܇
͡Ίʹ
ઌ݄ʢ݄ʣʹ,"(ೖࣾ͠·ͨ͠ ͪΐ͏ͲΏΔΩϟϥσϏϡʔ͠·ͨ͠ ୭Θͳ͍ϋογϡλάय़͔Β,"(
ೖ͔ࣾͨ͠Γͷγε1'& ·ͣԿΛ͢Δ͔ʁ 1'&ɿϓϥοτϑΥʔϜΤϯδχΞ
ࣾڞ௨ͷݕূ༻"84ΞΧϯτΛோΊ·͢ ˞ը૾ΠϝʔδʢݸਓΞΧϯτͷͷʣͰ͢
·ͣ"84ΞΧϯτΛோΊͯΔ͜ͱʢൈਮʣ • "ENJOJTUSBUPS"DDFTTͷΞΫηεΩʔ͕ແ͍͔ • ίϯιʔϧ༻ͷ*".ϢʔβʔʹΞΫηεΩʔ༩͞Ε͍ͯͳ͍͔ • ظؒ༻͞Ε͍ͯͳ͍*".Ϣʔβʔ͕͍ͳ͍͔
• ڧ͍ݖݶΛ࣋ͭ*".Ϣʔβʔʹ.'"ઃఆ͞Ε͍ͯΔ͔ • ༨ܭͳྉۚΛൃੜ͍ͤͯ͞ΔϦιʔεແ͍͔
·ͣ"84ΞΧϯτΛோΊͯΔ͜ͱʢൈਮʣ • "ENJOJTUSBUPS"DDFTTͷΞΫηεΩʔ͕ແ͍͔ → • ίϯιʔϧ༻ͷ*".ϢʔβʔʹΞΫηεΩʔ༩͞Ε͍ͯͳ͍͔ →
付 • ظؒ༻͞Ε͍ͯͳ͍*".Ϣʔβʔ͕͍ͳ͍͔ → • ڧ͍ݖݶΛ࣋ͭ*".Ϣʔβʔʹ.'"ઃఆ͞Ε͍ͯΔ͔ → 設定 • ༨ܭͳྉۚΛൃੜ͍ͤͯ͞ΔϦιʔεແ͍͔ → (今⽇ 話) ˞·ͩձࣾ෦ॺग़དྷͯؒͳ͍͜ͱ͋Γɺࠓ·ͰϧʔϧԽ͞Ε͍ͯͳ͔ͬͨ෦Λඋ͍ͯ͠Δͱ͜ΖͰ͢
݄ͷ3%4ٻը໘
݄ͷ3%4ٻը໘
…
݄ͷ3%4ٻը໘ ʂʁ
݄ͷ3%4ٻը໘ ୭ؾ͔ͳ͍͏ͪʹ3%4GPS.Z42-͕ Ԇαϙʔτʹಥೖ͍ͯͨͤ͠Ͱ ίϯϐϡʔςΟϯάྉ͕ۚഒҎ্ʹͳͬͯ·ͨ͠🤔
ࢀߟɿ3%4ʢGPS.Z42-ʣͷԆαϙʔτ IUUQTBXTBNB[PODPNKQSETNZTRMQSJDJOH IUUQTRJJUBDPNNJOPSVOJUFNTBDFCFCGF ʢ3%4͚ͩ͡Όͳ͘&,4͔Β͋ΔΑʣ
݄υϧ͑ͷίετΛੜΈग़͢൜ਓ ɾɾɾԿऀʁ
%SPOFʢͱ1JDVMFUʣͷ࣮ଶ • 1JDVMFUͱ͍͏ηΩϡϦςΟάϧʔϓΛཧ͢ΔͬΆ͍πʔϧ͕͋Δ ˠ3VCZ%4-ͰηΩϡϦςΟάϧʔϓΛهड़͍ͯ͠Δ ɹάάͬͯҎ্લͷใ͔͠ग़ͯ͜ͳ͍ʜ • (JU)VC&OUFSQSJTFΛϗετ͢Δ&$ͷηΩϡϦςΟάϧʔϓΛ
ϦϙδτϦͰཧ͠ɺར༻ऀʹΑΔ*1ՃมߋΛϓϧϦΫΤετͰड • %SPOFʢগͳ͘ͱ͜͜ͰʣϦϙδτϦͷઃఆ༰Λͱʹ "84্ͷηΩϡϦςΟάϧʔϓΛߋ৽͢Δ$*$%πʔϧʢΒ͍͠ʣ • &$ʢ"VUP4DBMJOHʣͱ3%4ʢ͖ͬ͞ͷͭʣͰಈ͍͍ͯΔ ˠ&$ͱ͔͘3%4ͷྉ͕ۚΩπ͍ • ΊͬͪΌ$SFBUF4FDVSJUZ(SPVQୟ͘ • 現在 中⾝ 分 ⼈ ˞·ͩձࣾ෦ॺग़དྷͯؒͳ͍͜ͱ͋Γɺࠓ·ͰϧʔϧԽ͞Ε͍ͯͳ͔ͬͨ෦Λඋ͍ͯ͠Δͱ͜ΖͰ͢
%SPOFʢͱ1JDVMFUʣͷ࣮ଶ Network Load Balancer NAT gateway GitHub Enterprise Bastion
Drone drone-db User AWS Cloud Push Merge ηΩϡϦςΟάϧʔϓ ͍͍ͩͨ͜Μͳײ͡ʢ$PEF#VJME͕ࠐΜͰ͋ΔΒ͍͚͠ͲṖʣ
ͱ͍͏͜ͱͰʂ
%SPOFܸ࡞ઓɺ։࢝
5FSSBGPSNҠߦฤ ʢ͔͜͜Βͬ͘͟Γ͍͖·͢ʣ
5FSSBGPSNҠߦͷഎܠ • ࣾͰΘΕ͍ͯΔ*B$πʔϧ͕5FSSBGPSN͔ͩͬͨΒ฿ͬͨ ʢ(PPHMF$MPVE"[VSF͏໘͕ҰԠ͋Δʣ • $MPVE'PSNBUJPOΛීஈ͓ͬͯΓɺॳΊͯͷ5FSSBGPSN ˠॻ͖ํΛͱΓ࣮֮͋͑ͣ͑ͯ͢Δ
ʢࠓճηΩϡϦςΟάϧʔϓ͚͍͚ͩͩ͠ΔΖʜʣ • %SPOFΛಈ͔͠ଓ͚͍ͯΔݶΓͣͬͱߴֹͳྉ͕ۚൃੜ͢ΔͷͰ ͳΔ͘ૣ͘ҠߦΛࡁ·ͤΔ ˠଟগଥڠ͢Δ໘͕͋ͬͯεϐʔυΛ༏ઌ͠ɺҠߦޙʹߟ͑Δ
ϋϚΓϙΠϯτબ ʢ࣮ࡍͬͱ͋ͬͨʣ
ϦιʔεఆٛͷϋϚΓϙΠϯτ ηΩϡϦςΟάϧʔϓͷϧʔϧͷॻ͖ํͬͯछྨ͋ΜͶΜ • BXT@TFDVSJUZ@HSPVQͷதʹJOHSFTTͱFHSFTTΛೖΕΔ • BXT@TFDVSJUZ@HSPVQ@SVMF • BXT@WQD@TFDVSJUZ@HSPVQ@JOHSFTTFHSFTT@SVMF ࢀߟɿ5FSSBGPSNͰ"84ͷηΩϡϦςΟάϧʔϓͷϧʔϧΛ࡞͢Δํ๏ͷൺֱͱҙ IUUQTEFWDMBTTNFUIPEKQBSUJDMFTUFSSBGPSNTFDVSJUZHSPVQ
ͦΕͧΕͷॻ͖ํͷྫ ີ݁߹͕ͩݟ͍͢ ૄ݁߹ɺఆ͕ٛ૿͑Δ ᶃ ᶄ
ͦΕͧΕͷॻ͖ํͷྫ ˠ֤νʔϜࢀর͢ΔͨΊɺݟ͢͞ͱମݧͷมΘΒͳ͞ॏࢹͰᶃΛ࠾༻ ᶅ ૄ݁߹Ͱϧʔϧ͝ͱʹλάΛઃఆͰ͖Δ͕͍
JNQPSUͷϋϚΓϙΠϯτ ϦιʔεͷJNQPSUํ๏ͬͯछྨ͋ΜͶΜ • UFSSBGPSNJNQPSUίϚϯυͰ݅ͣͭऔΓࠐΉํ๏ • UGϑΝΠϧʹJNQPSUϒϩοΫΛهड़͠ɺBQQMZͰऔΓࠐΉํ๏
ˠUFSSBGPSNҎ߱Ͱར༻Մೳ terraform import aws_security_group.hoge_sg sg-XXXXXXXXXXXXXXXX import { resource “aws_security_group” “hoge_sg { id = sg-XXXXXXXXXXXXXXXX } } terraform apply
JNQPSUͷϋϚΓϙΠϯτ JNQPSUϒϩοΫΛ͏ͱෳϦιʔεΛҰؾʹऔΓࠐΊΔʂ ˠUFSSBGPSNBQQMZͷ֬ೝը໘ͰɺطଘͷϦιʔεΛআ͠ ɹಉ͡ઃఆͷ৽͍͠Ϧιʔε͕࡞͞ΕΔঢ়ଶʹͳ͍ͬͯͨ🤔 ࣌ؒແ͍ͷͰ݅ͣͭJNQPSUίϚϯυͰऔΓࠐΉํ๏ʹΓସ͑ ʢͦΕ΄Ͳଟ͘ͳ͔ͬͨͷͰͳΜͱ͔ͳͬͨʣ Γํ͕ؒҧ͍ͬͯͨՄೳੑ͋ΔͷͰɺखಈͰରԠͰ͖ͳ͍ͷ
ϦιʔεΛJNQPSU͢Δͱ͖ʹඋ͑ͯਖ਼͍͠ํ๏Λཱ͍֬ͤͨ͞ʜ
(JU)VC"DUJPOTͷϋϚΓϙΠϯτ w (JU)VC"DUJPOTΛಈ࡞ͤ͞Δ3VOOFSͬͯछྨ͋ΜͶΜ • (JU)VCʹΑΔϚωʔδυ3VOOFS • ࣗલͰ༻ҙ͢Δ4FMG)PTUFE3VOOFS w (JU)VC&OUFSQSJTFʢηϧϑϚωʔδυ൛ʣ4FMG)PTUFEͷΈ
ˠํͳ͘ΦϯσϚϯυͷ&$Λߏங͠ɺฏ࣌ʹՔಇ ʢͬͱίεύ͕ߴ͘ӡ༻ෛՙ͕͍Έ͕ࣾʹ͋ͬͨͬΆ͍ʣ w 3VOOFS͕UFSSBGPSNBQQMZʹͯηΩϡϦςΟάϧʔϓΛߋ৽ ˠ5FSSBGPSNΛΠϯετʔϧ͠ɺదͳ*".ϩʔϧΛ༩
(JU)VC"DUJPOTʹΑΔUFSSBGPSNBQQMZͷ᠘ w ϩʔΧϧͰBQQMZ͢Δ߹ AWS Cloud UGTUBUFΛߋ৽ BQQMZޙʹϩʔΧϧͷUGTUBUF͕ߋ৽͞ΕΔͨΊ߹ੑ͕อͨΕΔ ϩʔΧϧͷUGTUBUFΛͬͯ UFSSBGPSNBQQMZ ˞UGTUBUFɿݱࡏͷϦιʔεͷঢ়ଶ͕هड़͞Ε͍ͯΔϑΝΠϧɻQMBOBQQMZͷࡍUGϑΝΠϧͱUGTUBUFΛൺֱ͢Δ
w (JU)VC"DUJPOT͕BQQMZ͢Δ߹ AWS Cloud UGTUBUFΛߋ৽ ϦϙδτϦͷUGTUBUFΛͬͯ UFSSBGPSNBQQMZ "DUJPOT͕ऴྃͨ͠Β࡞ۀσΟϨΫτϦআ͞ΕΔͨΊɺ ϦϙδτϦͷUGTUBUFߋ৽͞Εͣෆ߹͕ൃੜ (JU)VC"DUJPOTʹΑΔUFSSBGPSNBQQMZͷ᠘
w (JU)VC"DUJPOT͕BQQMZ͢Δ߹ʢରࡦ൛ʣ AWS Cloud ᶅUGTUBUFΛߋ৽ ᶄ4͔Βऔಘͨ͠UGTUBUFΛͬͯ UFSSBGPSNBQQMZ 4ʹஔͨ͠UGTUBUFΛऔಘͯ͠BQQMZΛ࣮ࢪ͠ɺ 4ͷUGTUBUFΛ্ॻ͖͢Δ͜ͱͰ߹ੑΛอͭ ᶃऔಘ
ᶆ্ॻ͖ (JU)VC"DUJPOTʹΑΔUFSSBGPSNBQQMZͷ᠘
͜Μͳײ͡Ͱ ͳΜ͔Μ͋ͬͯʜ
5FSSBGPSNҠߦ͢Δ͜ͱͰ %SPOFܸ࡞ઓɺޭʂʂʂ
%SPOF͕ࢭ·ͬͯίετݮΓ·ͨ͠ Ұ࣌ఀࢭͨ͠ʢʣ ·ͩੜ͖ͯΔͷͰ ετϨʔδྉۚൃੜ υϧˠυϧ ຊʢʣ εφοϓγϣοτऔͬͯ શʹফ͠·ͨ͠
·ͱΊͱڭ܇
·ͱΊͱڭ܇ • "84ڥΛோΊ͍ͯͨΒԆαϙʔτಥೖͷ3%4͕͍ͨ ˠԘ௮͚Λແ͘͠ɺఆظతʹݕ͠Α͏ • Ṗͷ*B$πʔϧ͔Β5FSSBGPSNʹҠߦͨ͠ ˠϒϥοΫϘοΫεΛແ͘͠ɺٕज़ෛ࠴Λฦͦ͏ •
͍͔ͭ͘ଥڠͭͭ͠ɺظؒͰҠߦΛࡁ·ͤͨ ˠΞδϦςΟΛߴ͘อͪͭͭɺٕज़ෛ࠴ܭըతʹ ࠓޙࣾͷ"84ڥΛத৺ͱͨ͠ϓϥοτϑΥʔϜΛඋ͠ɺ ݈શͳঢ়ଶΛอͭ͜ͱͰΞδϦςΟͷߴ͍։ൃΛࢧԉ͍͖ͯ͠·͢ Ұॹʹࢧԉ͍ͨ͠ɺΞδϟΠϧΛਪਐ͍͖͍ͯͨ͠ํͳͲੋඇͪ͜Βˠ
5IBOLZPVʂ