SSMパラメーターストアでクロススタック参照の罠を回避する

Transcript

1. +"846(
   $%,ࢧ෦
    
   ۚ৓ल࠸ 44.ύϥϝʔλʔετΞͰ
   ΫϩεελοΫࢀরͷ᠘Λճආ͢Δ $9ࣄۀຊ෦
   %FMJWFSZ෦

2. ࣗݾ঺հ  w Ϋϥεϝιουגࣜձࣾ
   w αʔόʔαΠυΤϯδχΞ
   w 
   "1/
   "--
   "84
   $FSUJGJDBUJPOT
   &OHJOFFS
   w ޷͖ͳ"84ͷαʔϏε
   

   w "84
   $%,ɺ$MPVE'PSNBUJPO
   w $PEFγϦʔζ
   ۚ৓
   ल࠸ 4IVZB
   ,JOKP @joe-king-sh

3.  ελοΫؒͷύϥϝʔλʔࢀর ԿΛ࢖ͬͯ·͔͢ʁ

4. ελοΫؒͷύϥϝʔλʔࢀরํ๏  
   ΫϩεελοΫࢀর &YQPSU*NQPSU
   
   1SPQT౉͠ͷΫϩεελοΫࢀরʹΑΔࣗಈղܾ
   
   Ϧιʔε໊΍"3/Λ௚ଧͪͰࢦఆ
   
   44.ύϥϝʔλʔετΞ

5. ελοΫؒͷύϥϝʔλʔࢀরํ๏  
   ΫϩεελοΫࢀর &YQPSU*NQPSU
   
   1SPQT౉͠ͷΫϩεελοΫࢀরʹΑΔࣗಈղܾ
   
   Ϧιʔε໊΍"3/Λ௚ଧͪͰࢦఆ
   
   44.ύϥϝʔλʔετΞ ؍ଌൣғͰ͸͜Ε͕ଟ͍

6. Կ΋ߟ͑ͣʹ1SPQT౉͠Λ࢖͍ͬͯΔ৔߹  ؾ෇͔͵͏ͪʹ ΫϩεελοΫࢀরͷ᠘ʹ ϋϚ͍ͬͯΔՄೳੑ͕͋Γ·͢

7.  ࠓ೔͓࿩͢͠Δ͜ͱ

8. ͜ͷ෼Ͱ͓࿩͢͠Δ͜ͱ  
   1SPQT౉͠ͷΫϩεελοΫࢀরͰൃੜ͢Δ໰୊
   
   44.ύϥϝʔλʔετΞΛ༻͍ͨճආํ๏
   
   ελοΫ෼ׂͷߟ͑ํ

9.  ·ͣΫϩεελοΫࢀরͷ͓͞Β͍

10. ΫϩεελοΫࢀরͱ͸  $MPVE'PSNBUJPOͷඪ४ػೳ
    ࢀরݩελοΫ ඃࢀরελοΫ ࢀর

11. ඃࢀরελοΫଆͷϦιʔε͸࡟আɾมߋ͕Ͱ͖·ͤΜ ΫϩεελοΫࢀরͷ੍ݶ  Lambda ελοΫ -BNCEB -BNCEB "1*
    (BUF8BZ API

    Gateway ελοΫ DynamoDB ελοΫ ΫϩεελοΫࢀর ΫϩεελοΫࢀর ࡟আɾมߋෆՄ ࡟আɾมߋෆՄ ҎԼͷ%ZOBNP%#ςʔϒϧ໊ͷมߋɺ-BNCEBؔ਺໊ͷมߋ΍࡟আΛ͠Α͏ͱ͢Δͱɺ
    ଞͷελοΫ͔Βࢀর͞Ε͍ͯΔΤϥʔͰσϓϩΠ͕ࣦഊ͠·͢ɻ %ZOBNP%#

12. ํ๏ɿࢀরݩελοΫΛ࡟আ͢Δ ΫϩεελοΫࢀরΤϥʔͷղফํ๏  wຊ൪ՔಇޙͳΒμ΢ϯλΠϜඞਢ
    wεςʔτϑϧͳϦιʔε͕ଘࡏ͢ΔͱऔΕͳ͍ํ๏ Lambda ελοΫ -BNCEB -BNCEB "1*
    

    (BUF8BZ API Gateway ελοΫ DynamoDB ελοΫ %ZOBNP%#

13. ํ๏ɿผͷϦιʔε 0VUQVUT ʹࢀরઌΛ੾Γସ͑ͯ ͔Βมߋ͢Δ ΫϩεελοΫࢀরΤϥʔͷղফํ๏  wσϓϩΠ͕ෳ਺ճඞཁͰ໘౗ Lambda ελοΫ -BNCEB

    -BNCEB "1*
    (BUF8BZ %ZOBNP%# API Gateway ελοΫ DynamoDB ελοΫ %ZOBNP%# ᶄࢀরઌΛ੾Γସ͑ͯґଘΛͳ͘͢ ᶅ࡟আ or มߋ͢Δ ᶃ৽ͨʹϦιʔεΛ࡞Δ(OutputsͰExportΛ࡞Δ)

14. ΫϩεελοΫࢀর࢖༻࣌ͷ஫ҙ఺  
    ελοΫؒͷґଘؔ܎ͷ޲͖
    
    ඃࢀরελοΫͷߋ৽ස౓ ϥΠϑαΠΫϧ

15.  CDKͰΫϩεελοΫࢀর͢Δํ๏͸ʁ

16.  ํ๏1: CfnOutputίϯετϥΫτΛ࢖༻͢Δ

17. ํ๏
    $GO0VUQVUίϯετϥΫτΛ࢖༻͢Δ  ඃࢀরελοΫ
    Ҿ༻ݩ: AWS CDKͰΫϩεελοΫࢀরΛͯ͠Έͨ $MPVE'PSNBUJPOͷ0VUQVUTʹ
    &YQPSU͕ੜ੒͞ΕΔ

18. ํ๏
    $GO0VUQVUίϯετϥΫτΛ࢖༻͢Δ  ࢀরݩελοΫ
    $MPVE'PSNBUJPOςϯϓϨʔτʹ
    'O*NQPSU7BMVF͕ੜ੒͞ΕΔ Ҿ༻ݩ: AWS CDKͰΫϩεελοΫࢀরΛͯ͠Έͨ

19.  ํ๏2: Props౉͠ͷΫϩεελοΫࢀরͰ ࣗಈղܾ͢Δ

20. ํ๏
    1SPQT౉͠Ͱࣗಈղܾ͢Δ  ඃࢀরελοΫ
    

21. ํ๏
    1SPQT౉͠Ͱࣗಈղܾ͢Δ  ࢀরݩελοΫ
    1SPQT͔Β౉͖ͬͯͨΩϡʔ͕ɺ
    4/4τϐοΫΛαϒεΫϥΠϒ͠·͢

22. ํ๏
    1SPQT౉͠ͷࣗಈղܾ  ඃࢀরελοΫˠࢀরݩελοΫͷϦιʔεड͚౉͠ 4UBDLͷ1SPQTͰɺ
    424ͷΩϡʔΛड͚౉͠·͢

23.  CDKΛ࢖͏ͳΒProps౉͠Ͱࣗಈղܾ͕ ศརͳͷͰ͸ɾɾʁ🧐

24. 1SPQT౉͕͠ศརͦ͏ʹࢥ͑Δ఺  
    ໌ࣔతʹ$GO0VUQVUΛॻ͔ͳͯ͘ྑ͍
    
    $%,ͷϨΠϠʔ ϓϩάϥϛϯάݴޠ ͰϦιʔεͷ ґଘؔ܎͕௥͑Δ
    ͬͪ͜ͷํ͕ศརͦ͏🥳

25. 1SPQT౉͕͠ศརͦ͏ʹࢥ͑Δ఺  
    ໌ࣔతʹ$GO0VUQVUΛॻ͔ͳͯ͘ྑ͍
    
    $%,ͷϨΠϠʔ ϓϩάϥϛϯάݴޠ ͰϦιʔεͷ ґଘؔ܎͕௥͑Δ
    ὃ͞Εͯ͸͍͚·ͤΜ😇

26. ὃ͞Εͯ͸͍͚·ͤΜ  ͜͜ʹProps౉͠ͷ ΫϩεελοΫࢀরͷ᠘͕͋Γ·͢😇

27. ʲ࠶ܝʳํ๏
    1SPQT౉͠ͷࣗಈղܾ  ඃࢀরελοΫˠࢀরݩελοΫͷϦιʔεड͚౉͠ 4UBDLͷ1SPQTͰɺ
    424ͷΩϡʔΛड͚౉͠·͢

28. $%,ϨΠϠʔͰͷελοΫͷґଘؔ܎  5PQJD4UBDL͕1SPQTͰ౉͞Ε͖ͯͨ2VFVFΛࢀর͍ͯ͠Δ

29. $MPVE'PSNBUJPOϨΠϠʔͰͷελοΫͷґଘؔ܎  5PQJD4UBDL͕τϐοΫ໊Λ&YQPSUͯ͠ɺ
    2VFVF4UBDL͕ɺͦΕΛ*NQPSU7BMVFͰࢀর͍ͯ͠Δ Ϧιʔε͸2VFVFελοΫଆʹ࡞੒͞Ε͍ͯΔ

30.  ͳͥ͜Μͳ͜ͱ͕ى͖Δͷ͔🤔

31. 4/45PQJDͷ࣮૷ͰɺTDPQF͕͢Γସ͑ΒΕ͍ͯΔ  αϒεΫϥΠόʔଆ 2VFVF4UBDL ͷ
    TDPQFʹ͢Γସ͑ αϒεΫϥΠόʔଆ 2VFVF4UBDL ͷTDPQFʹɺ
    4VCTDSJQUJPOΛ࡞੒͍ͯ͠Δ
    

    PR: fi x(sns): create subscriptions in consumer scope #3065

32. ͳͥTDPQFΛ͢Γସ͑Δͷ͔ *TTVFʹΑΔͱ  Issue: sns: topic.addSubscription should create the subscription

    on the consumer's stack to avoid cycles #3064 ཧ༝ɿελοΫؒͷ॥؀ࢀরΛආ͚ΔͨΊ
    w4/4͔ΒϝοηʔδΛड͚औΔίϯγϡʔϚελοΫ͸5PQJDΛࢀর͢ Δέʔε͕ଟ͍
    w˞௨ৗ-BNCEBΛ*OWPLFͨ͠Γ2VFVF͕ϝοηʔδΛड৴͢Δͷʹ 5PQJDͷ"3/Λ༻͍ͯϙϦγʔΛߋ৽͢ΔͨΊ
    wͲ͏ͤίϯγϡʔϚ͔Β5PQJDΛࢀর͢ΔͳΒɺ4VCTDSJQUJPO΋ɺίϯ γϡʔϚଆʹ͓͍ͨํ͕ɺࢀরͷ޲͖͕Ұํ޲ʹͳΓ॥؀ࢀরΛ๷͛Δ

33. 1SPQT౉͠ͷΫϩεελοΫࢀরͷ஫ҙ఺  CloudFormationͷ ΫϩεελοΫࢀরࣗମ ͦ΋ͦ΋ѻ͍͕೉͍͠😣

34. 1SPQT౉͠ͷΫϩεελοΫࢀরͷ஫ҙ఺  ͞ΒʹCDKͰந৅Խ͞ΕΔͷͰɺ CloudFormationͷϨΠϠʔͰͷ ґଘؔ܎ͷ޲͖ʹ஫ҙ͕ඞཁ⚠

35.  Ͱ͸Ͳ͏͢Δ΂͖͔ʁ

36.  Lambda ελοΫ -BNCEB -BNCEB "1*
    (BUF8BZ %ZOBNP%# API Gateway

    ελοΫ DynamoDB ελοΫ ύϥϝʔ λʔετΞ ύϥϝʔ λʔετΞ ొ࿥ ࢀর ొ࿥ ࢀর Φεεϝͷํ๏
    
    44.ύϥϝʔλʔετΞΛ࢖༻ ελοΫ͕ؒૄ݁߹ʹͳΔ
    

37. Φεεϝͷํ๏
    
    44.ύϥϝʔλʔετΞΛ࢖༻  ඃࢀরελοΫ
    5PQJD"SOΛ44.ύϥϝʔλʔετΞ΁ΤΫεϙʔτ
    

38. ࢀরݩελοΫ
    Φεεϝͷํ๏
    
    44.ύϥϝʔλʔετΞΛ࢖༻  2VFVFελοΫଆʹ4VCTDSJQUJPOΛ࡞ΔͷͰɺ
    $%,ͱ$MPVE'PSNBUJPOϨΠϠʔͰɺґଘؔ܎ͷ޲͖͕Ұக
    

39. ελοΫؒͷґଘؔ܎ͷ໌ࣔ
    Φεεϝͷํ๏
    
    44.ύϥϝʔλʔετΞΛ࢖༻  w$%,ͷࣗݾղܾʹ೚ͤͳ͍෼ɺελοΫؒͷґଘؔ܎ͷ໌ࣔ͢Δඞཁ͋Γ
    wઌʹ5PQJDελοΫΛσϓϩΠͯ͠ύϥϝʔλʔετΞʹొ࿥
    wͦͷޙ2VFVFελοΫͷσϓϩΠΛ૸ΒͤΔ

40. 44.ύϥϝʔλʔετΞͷར఺  Lambda ελοΫ -BNCEB -BNCEB "1*
    (BUF8BZ %ZOBNP%# API

    Gateway ελοΫ DynamoDB ελοΫ ύϥϝʔ λʔετΞ ύϥϝʔ λʔετΞ ొ࿥ ࢀর ొ࿥ ࢀর wΫϩεελοΫࢀরͷڧ੍͍໿ʹറΒΕͳ͍
    wύϥϝʔλʔετΞͷ஋͸खಈมߋՄೳ ༥௨͕ޮ͘

41. 44.ύϥϝʔλʔετΞͷར఺  SSMύϥϝʔλʔετΞΛ༻͍Δͱɺ ΫϩεελοΫࢀরΑΓ΋ॊೈʹ ґଘؔ܎Λѻ͑·͢☝

42.  ԿΑΓ΋େ੾ͳ͜ͱ͸ɾɾ

43.  ͦͷελοΫؒࢀর͸ ຊ౰ʹඞཁͰ͔͢ʁ🤨

44. wςϯϓϨʔτελοΫ
    wՄಡੑͷͨΊʹϦιʔεͷϥΠϑαΠΫϧͰద੾ͳα ΠζʹςϯϓϨʔτΛ෼ׂ͢Δඞཁ͕͋ͬͨ $MPVE'PSNBUJPOͷ࣌୅  Lambda ελοΫ -BNCEB -BNCEB "1*
    

    (BUF8BZ %ZOBNP%# DynamoDB ελοΫ API Gateway ελοΫ

45. $%,Ͱ͸$POTUSVDUͰ෼ׂ͕Մೳ  -BNCEB -BNCEB "1*
    (BUF8BZ %ZOBNP%# Application A Stack

    Lambda Construct API Gateway Construct DynamoDB Construct wՄಡੑͷͨΊʹ4UBDLΛ෼͚Δඞཁ͸ͳ͍
    wಉ͡ελοΫؒͷϦιʔεࢀর͸ۃΊͯγϯϓϧ

46. $%,ͷϕετϓϥΫςΟε  Ҿ༻ݩ: AWS CDKͰΫϥ΢υΞϓϦέʔγϣϯΛ։ൃ͢ΔͨΊͷϕετϓϥΫςΟε

47. ·ͱΊ  wΫϩεελοΫࢀর͸ඃࢀরଆΛߋ৽͢Δӡ༻͕ਏ͍
    w1SPQT౉͠ͷࢀর͸ґଘͷ޲͖ͷ੍ޚ͕೉͍͠
    wελοΫͷ෼ׂ਺Λ࠷௿ݶʹͯ͠ελοΫؒͷύϥ ϝʔλʔࢀরΛগͳ͘͢Δ͜ͱ͕࠷΋ॏཁ
    wͲ͏ͯ͠΋෼͚Δඞཁ͕͋Δ৔߹͸ɺ44.ύϥϝʔ λʔετΞΛ࢖͏ͱɺΫϩεελοΫࢀরΑΓ΋ॊೈ ʹɺґଘؔ܎ͷ੔ཧ͕Մೳ

48. ࢀߟ৘ใ  https://dev.classmethod.jp/articles/best-way-to-reference-parameters-in-cdk/

49. ࢀߟ৘ใ  https://dev.classmethod.jp/articles/aws-cdk-props-cross-stack-reference-problem-and-handle/

50.