Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SSMパラメーターストアでクロススタック参照の罠を回避する

ShuyaKinjo
January 25, 2023
Technology
1
9.2k

 SSMパラメーターストアでクロススタック参照の罠を回避する

JAWS-UG CDK支部 #5の登壇内容です。
CDKのProps渡しでクロススタック参照すると、CDKとCloudFormationのレイヤーで参照の依存関係が逆転する罠があります。
それを回避するためにSSMパラメーターストアを使用する方法と、そもそものスタック分割の考え方について発表しました。

ShuyaKinjo

January 25, 2023
Tweet

More Decks by ShuyaKinjo

See All by ShuyaKinjo
AWS CDKとGitHubActionsで始めるInfrastructure as CodeのCI/CD
shuyakinjo
1
4.7k

Other Decks in Technology

See All in Technology
Win Testing Trophy Easily / テスティングトロフィーを獲得する / PHPerKaigi 2023
k1low
2
200
Jotaiで作ったフォームをApollo_Clientで投げたらいい感じだった件.pdf
asazutaiga
1
230
Svelte/SvelteKitを採用した理由とその魅力
oekazuma
3
210
チームで導入する Jetpack Compose あの素晴らしいLTをもう一度.ver
kako351
1
170
Data Lake, Real-time Analytics, or Both? Exploring Presto and ClickHouse
ahana
0
110
カンファレンススタッフはいいぞ
muno92
PRO
1
110
『登記所備付地図XMLデータ』に触れてみよう〜法務省が公開した大規模オープンデータとは一体何なのか〜 / What is moj map xml
sakaik
0
150
Swift 開発が楽になる道具たち
megabitsenmzq
1
310
Linuxのブロックデバイス
sat
PRO
4
1.7k
エンジニアのためのマネジメント入門/Introduction to Management for Software Engineers
dskst
1
350
開発チーム内でのQAの役割
iseki
0
140
ビギナー向け エッジランタイムのすすめ | エッジランタイムを意識した開発をはじめよう
aiji42
1
640

Featured

See All Featured
Build The Right Thing And Hit Your Dates
maggiecrowley
22
1.5k
How to train your dragon (web standard)
notwaldorf
66
4.4k
Creatively Recalculating Your Daily Design Routine
revolveconf
207
11k
Statistics for Hackers
jakevdp
785
210k
Building Better People: How to give real-time feedback that sticks.
wjessup
346
17k
How To Stay Up To Date on Web Technology
chriscoyier
779
250k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
109
16k
Designing the Hi-DPI Web
ddemaree
273
33k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
214
12k
Streamline your AJAX requests with AmplifyJS and jQuery
dougneiner
128
8.8k
Fontdeck: Realign not Redesign
paulrobertlloyd
74
4.4k
VelocityConf: Rendering Performance Case Studies
addyosmani
317
22k

Transcript

  1. +"846($%,ࢧ෦

    ۚ৓ल࠸
    44.ύϥϝʔλʔετΞͰ
    ΫϩεελοΫࢀরͷ᠘Λճආ͢Δ
    $9ࣄۀຊ෦%FMJWFSZ෦

    View Slide

  2. ࣗݾ঺հ
    w Ϋϥεϝιουגࣜձࣾ
    w αʔόʔαΠυΤϯδχΞ
    w "1/"--"84$FSUJGJDBUJPOT&OHJOFFS
    w ޷͖ͳ"84ͷαʔϏε
    w "84$%,ɺ$MPVE'PSNBUJPO
    w $PEFγϦʔζ
    ۚ৓ल࠸ 4IVZB,JOKP

    @joe-king-sh

    View Slide


  3. ελοΫؒͷύϥϝʔλʔࢀর


    ԿΛ࢖ͬͯ·͔͢ʁ

    View Slide

  4. ελοΫؒͷύϥϝʔλʔࢀরํ๏
    ΫϩεελοΫࢀর &YQPSU*NQPSU

    1SPQT౉͠ͷΫϩεελοΫࢀরʹΑΔࣗಈղܾ
    Ϧιʔε໊΍"3/Λ௚ଧͪͰࢦఆ
    44.ύϥϝʔλʔετΞ

    View Slide

  5. ελοΫؒͷύϥϝʔλʔࢀরํ๏
    ΫϩεελοΫࢀর &YQPSU*NQPSU

    1SPQT౉͠ͷΫϩεελοΫࢀরʹΑΔࣗಈղܾ
    Ϧιʔε໊΍"3/Λ௚ଧͪͰࢦఆ
    44.ύϥϝʔλʔετΞ
    ؍ଌൣғͰ͸͜Ε͕ଟ͍

    View Slide

  6. Կ΋ߟ͑ͣʹ1SPQT౉͠Λ࢖͍ͬͯΔ৔߹
    ؾ෇͔͵͏ͪʹ


    ΫϩεελοΫࢀরͷ᠘ʹ


    ϋϚ͍ͬͯΔՄೳੑ͕͋Γ·͢

    View Slide


  7. ࠓ೔͓࿩͢͠Δ͜ͱ

    View Slide

  8. ͜ͷ෼Ͱ͓࿩͢͠Δ͜ͱ
    1SPQT౉͠ͷΫϩεελοΫࢀরͰൃੜ͢Δ໰୊
    44.ύϥϝʔλʔετΞΛ༻͍ͨճආํ๏
    ελοΫ෼ׂͷߟ͑ํ

    View Slide


  9. ·ͣΫϩεελοΫࢀরͷ͓͞Β͍

    View Slide

  10. ΫϩεελοΫࢀরͱ͸
    $MPVE'PSNBUJPOͷඪ४ػೳ
    ࢀরݩελοΫ
    ඃࢀরελοΫ
    ࢀর

    View Slide

  11. ඃࢀরελοΫଆͷϦιʔε͸࡟আɾมߋ͕Ͱ͖·ͤΜ
    ΫϩεελοΫࢀরͷ੍ݶ
    Lambda ελοΫ
    -BNCEB
    -BNCEB "1*
    (BUF8BZ
    API Gateway ελοΫ
    DynamoDB ελοΫ
    ΫϩεελοΫࢀর ΫϩεελοΫࢀর
    ࡟আɾมߋෆՄ ࡟আɾมߋෆՄ
    ҎԼͷ%ZOBNP%#ςʔϒϧ໊ͷมߋɺ-BNCEBؔ਺໊ͷมߋ΍࡟আΛ͠Α͏ͱ͢Δͱɺ
    ଞͷελοΫ͔Βࢀর͞Ε͍ͯΔΤϥʔͰσϓϩΠ͕ࣦഊ͠·͢ɻ
    %ZOBNP%#

    View Slide

  12. ํ๏ɿࢀরݩελοΫΛ࡟আ͢Δ
    ΫϩεελοΫࢀরΤϥʔͷղফํ๏
    wຊ൪ՔಇޙͳΒμ΢ϯλΠϜඞਢ
    wεςʔτϑϧͳϦιʔε͕ଘࡏ͢ΔͱऔΕͳ͍ํ๏
    Lambda ελοΫ
    -BNCEB
    -BNCEB "1*
    (BUF8BZ
    API Gateway ελοΫ
    DynamoDB ελοΫ
    %ZOBNP%#

    View Slide

  13. ํ๏ɿผͷϦιʔε 0VUQVUT
    ʹࢀরઌΛ੾Γସ͑ͯ
    ͔Βมߋ͢Δ
    ΫϩεελοΫࢀরΤϥʔͷղফํ๏
    wσϓϩΠ͕ෳ਺ճඞཁͰ໘౗
    Lambda ελοΫ
    -BNCEB
    -BNCEB "1*
    (BUF8BZ
    %ZOBNP%#
    API Gateway ελοΫ
    DynamoDB ελοΫ
    %ZOBNP%# ᶄࢀরઌΛ੾Γସ͑ͯґଘΛͳ͘͢
    ᶅ࡟আ or มߋ͢Δ
    ᶃ৽ͨʹϦιʔεΛ࡞Δ(OutputsͰExportΛ࡞Δ)

    View Slide

  14. ΫϩεελοΫࢀর࢖༻࣌ͷ஫ҙ఺
    ελοΫؒͷґଘؔ܎ͷ޲͖
    ඃࢀরελοΫͷߋ৽ස౓ ϥΠϑαΠΫϧ

    View Slide


  15. CDKͰΫϩεελοΫࢀর͢Δํ๏͸ʁ

    View Slide


  16. ํ๏1:


    CfnOutputίϯετϥΫτΛ࢖༻͢Δ

    View Slide

  17. ํ๏$GO0VUQVUίϯετϥΫτΛ࢖༻͢Δ
    ඃࢀরελοΫ
    Ҿ༻ݩ: AWS CDKͰΫϩεελοΫࢀরΛͯ͠Έͨ
    $MPVE'PSNBUJPOͷ0VUQVUTʹ
    &YQPSU͕ੜ੒͞ΕΔ

    View Slide

  18. ํ๏$GO0VUQVUίϯετϥΫτΛ࢖༻͢Δ
    ࢀরݩελοΫ
    $MPVE'PSNBUJPOςϯϓϨʔτʹ
    'O*NQPSU7BMVF͕ੜ੒͞ΕΔ
    Ҿ༻ݩ: AWS CDKͰΫϩεελοΫࢀরΛͯ͠Έͨ

    View Slide


  19. ํ๏2:


    Props౉͠ͷΫϩεελοΫࢀরͰ


    ࣗಈղܾ͢Δ

    View Slide

  20. ํ๏1SPQT౉͠Ͱࣗಈղܾ͢Δ
    ඃࢀরελοΫ

    View Slide

  21. ํ๏1SPQT౉͠Ͱࣗಈղܾ͢Δ
    ࢀরݩελοΫ
    1SPQT͔Β౉͖ͬͯͨΩϡʔ͕ɺ
    4/4τϐοΫΛαϒεΫϥΠϒ͠·͢

    View Slide

  22. ํ๏1SPQT౉͠ͷࣗಈղܾ
    ඃࢀরελοΫˠࢀরݩελοΫͷϦιʔεड͚౉͠
    4UBDLͷ1SPQTͰɺ
    424ͷΩϡʔΛड͚౉͠·͢

    View Slide


  23. CDKΛ࢖͏ͳΒProps౉͠Ͱࣗಈղܾ͕


    ศརͳͷͰ͸ɾɾʁ🧐

    View Slide

  24. 1SPQT౉͕͠ศརͦ͏ʹࢥ͑Δ఺
    ໌ࣔతʹ$GO0VUQVUΛॻ͔ͳͯ͘ྑ͍
    $%,ͷϨΠϠʔ ϓϩάϥϛϯάݴޠ
    ͰϦιʔεͷ
    ґଘؔ܎͕௥͑Δ
    ͬͪ͜ͷํ͕ศརͦ͏🥳

    View Slide

  25. 1SPQT౉͕͠ศརͦ͏ʹࢥ͑Δ఺
    ໌ࣔతʹ$GO0VUQVUΛॻ͔ͳͯ͘ྑ͍
    $%,ͷϨΠϠʔ ϓϩάϥϛϯάݴޠ
    ͰϦιʔεͷ
    ґଘؔ܎͕௥͑Δ
    ὃ͞Εͯ͸͍͚·ͤΜ😇

    View Slide

  26. ὃ͞Εͯ͸͍͚·ͤΜ
    ͜͜ʹProps౉͠ͷ


    ΫϩεελοΫࢀরͷ᠘͕͋Γ·͢😇

    View Slide

  27. ʲ࠶ܝʳํ๏1SPQT౉͠ͷࣗಈղܾ
    ඃࢀরελοΫˠࢀরݩελοΫͷϦιʔεड͚౉͠
    4UBDLͷ1SPQTͰɺ
    424ͷΩϡʔΛड͚౉͠·͢

    View Slide

  28. $%,ϨΠϠʔͰͷελοΫͷґଘؔ܎
    5PQJD4UBDL͕1SPQTͰ౉͞Ε͖ͯͨ2VFVFΛࢀর͍ͯ͠Δ

    View Slide

  29. $MPVE'PSNBUJPOϨΠϠʔͰͷελοΫͷґଘؔ܎
    5PQJD4UBDL͕τϐοΫ໊Λ&YQPSUͯ͠ɺ
    2VFVF4UBDL͕ɺͦΕΛ*NQPSU7BMVFͰࢀর͍ͯ͠Δ
    Ϧιʔε͸2VFVFελοΫଆʹ࡞੒͞Ε͍ͯΔ

    View Slide


  30. ͳͥ͜Μͳ͜ͱ͕ى͖Δͷ͔🤔

    View Slide

  31. 4/45PQJDͷ࣮૷ͰɺTDPQF͕͢Γସ͑ΒΕ͍ͯΔ
    αϒεΫϥΠόʔଆ 2VFVF4UBDL
    ͷ
    TDPQFʹ͢Γସ͑
    αϒεΫϥΠόʔଆ 2VFVF4UBDL
    ͷTDPQFʹɺ
    4VCTDSJQUJPOΛ࡞੒͍ͯ͠Δ
    PR:
    fi
    x(sns): create subscriptions in consumer scope #3065

    View Slide

  32. ͳͥTDPQFΛ͢Γସ͑Δͷ͔ *TTVFʹΑΔͱ

    Issue: sns: topic.addSubscription should create the subscription on the consumer's stack to avoid cycles #3064
    ཧ༝ɿελοΫؒͷ॥؀ࢀরΛආ͚ΔͨΊ
    w4/4͔ΒϝοηʔδΛड͚औΔίϯγϡʔϚελοΫ͸5PQJDΛࢀর͢
    Δέʔε͕ଟ͍
    w˞௨ৗ-BNCEBΛ*OWPLFͨ͠Γ2VFVF͕ϝοηʔδΛड৴͢Δͷʹ
    5PQJDͷ"3/Λ༻͍ͯϙϦγʔΛߋ৽͢ΔͨΊ
    wͲ͏ͤίϯγϡʔϚ͔Β5PQJDΛࢀর͢ΔͳΒɺ4VCTDSJQUJPO΋ɺίϯ
    γϡʔϚଆʹ͓͍ͨํ͕ɺࢀরͷ޲͖͕Ұํ޲ʹͳΓ॥؀ࢀরΛ๷͛Δ

    View Slide

  33. 1SPQT౉͠ͷΫϩεελοΫࢀরͷ஫ҙ఺
    CloudFormationͷ


    ΫϩεελοΫࢀরࣗମ


    ͦ΋ͦ΋ѻ͍͕೉͍͠😣

    View Slide

  34. 1SPQT౉͠ͷΫϩεελοΫࢀরͷ஫ҙ఺
    ͞ΒʹCDKͰந৅Խ͞ΕΔͷͰɺ


    CloudFormationͷϨΠϠʔͰͷ


    ґଘؔ܎ͷ޲͖ʹ஫ҙ͕ඞཁ⚠

    View Slide


  35. Ͱ͸Ͳ͏͢Δ΂͖͔ʁ

    View Slide


  36. Lambda ελοΫ
    -BNCEB
    -BNCEB "1*
    (BUF8BZ
    %ZOBNP%#
    API Gateway ελοΫ
    DynamoDB ελοΫ
    ύϥϝʔ
    λʔετΞ
    ύϥϝʔ
    λʔετΞ
    ొ࿥
    ࢀর
    ొ࿥
    ࢀর
    Φεεϝͷํ๏44.ύϥϝʔλʔετΞΛ࢖༻
    ελοΫ͕ؒૄ݁߹ʹͳΔ

    View Slide

  37. Φεεϝͷํ๏44.ύϥϝʔλʔετΞΛ࢖༻
    ඃࢀরελοΫ
    5PQJD"SOΛ44.ύϥϝʔλʔετΞ΁ΤΫεϙʔτ

    View Slide

  38. ࢀরݩελοΫ
    Φεεϝͷํ๏44.ύϥϝʔλʔετΞΛ࢖༻
    2VFVFελοΫଆʹ4VCTDSJQUJPOΛ࡞ΔͷͰɺ
    $%,ͱ$MPVE'PSNBUJPOϨΠϠʔͰɺґଘؔ܎ͷ޲͖͕Ұக

    View Slide

  39. ελοΫؒͷґଘؔ܎ͷ໌ࣔ
    Φεεϝͷํ๏44.ύϥϝʔλʔετΞΛ࢖༻
    w$%,ͷࣗݾղܾʹ೚ͤͳ͍෼ɺελοΫؒͷґଘؔ܎ͷ໌ࣔ͢Δඞཁ͋Γ
    wઌʹ5PQJDελοΫΛσϓϩΠͯ͠ύϥϝʔλʔετΞʹొ࿥
    wͦͷޙ2VFVFελοΫͷσϓϩΠΛ૸ΒͤΔ

    View Slide

  40. 44.ύϥϝʔλʔετΞͷར఺
    Lambda ελοΫ
    -BNCEB
    -BNCEB "1*
    (BUF8BZ
    %ZOBNP%#
    API Gateway ελοΫ
    DynamoDB ελοΫ
    ύϥϝʔ
    λʔετΞ
    ύϥϝʔ
    λʔετΞ
    ొ࿥
    ࢀর
    ొ࿥
    ࢀর
    wΫϩεελοΫࢀরͷڧ੍͍໿ʹറΒΕͳ͍
    wύϥϝʔλʔετΞͷ஋͸खಈมߋՄೳ ༥௨͕ޮ͘

    View Slide

  41. 44.ύϥϝʔλʔετΞͷར఺
    SSMύϥϝʔλʔετΞΛ༻͍Δͱɺ


    ΫϩεελοΫࢀরΑΓ΋ॊೈʹ


    ґଘؔ܎Λѻ͑·͢☝

    View Slide


  42. ԿΑΓ΋େ੾ͳ͜ͱ͸ɾɾ

    View Slide


  43. ͦͷελοΫؒࢀর͸


    ຊ౰ʹඞཁͰ͔͢ʁ🤨

    View Slide

  44. wςϯϓϨʔτελοΫ
    wՄಡੑͷͨΊʹϦιʔεͷϥΠϑαΠΫϧͰద੾ͳα
    ΠζʹςϯϓϨʔτΛ෼ׂ͢Δඞཁ͕͋ͬͨ
    $MPVE'PSNBUJPOͷ࣌୅
    Lambda ελοΫ
    -BNCEB
    -BNCEB "1*
    (BUF8BZ
    %ZOBNP%#
    DynamoDB ελοΫ API Gateway ελοΫ

    View Slide

  45. $%,Ͱ͸$POTUSVDUͰ෼ׂ͕Մೳ
    -BNCEB
    -BNCEB "1*
    (BUF8BZ
    %ZOBNP%#
    Application A Stack
    Lambda Construct API Gateway Construct
    DynamoDB Construct
    wՄಡੑͷͨΊʹ4UBDLΛ෼͚Δඞཁ͸ͳ͍
    wಉ͡ελοΫؒͷϦιʔεࢀর͸ۃΊͯγϯϓϧ

    View Slide

  46. $%,ͷϕετϓϥΫςΟε
    Ҿ༻ݩ: AWS CDKͰΫϥ΢υΞϓϦέʔγϣϯΛ։ൃ͢ΔͨΊͷϕετϓϥΫςΟε

    View Slide

  47. ·ͱΊ
    wΫϩεελοΫࢀর͸ඃࢀরଆΛߋ৽͢Δӡ༻͕ਏ͍
    w1SPQT౉͠ͷࢀর͸ґଘͷ޲͖ͷ੍ޚ͕೉͍͠
    wελοΫͷ෼ׂ਺Λ࠷௿ݶʹͯ͠ελοΫؒͷύϥ
    ϝʔλʔࢀরΛগͳ͘͢Δ͜ͱ͕࠷΋ॏཁ
    wͲ͏ͯ͠΋෼͚Δඞཁ͕͋Δ৔߹͸ɺ44.ύϥϝʔ
    λʔετΞΛ࢖͏ͱɺΫϩεελοΫࢀরΑΓ΋ॊೈ
    ʹɺґଘؔ܎ͷ੔ཧ͕Մೳ

    View Slide

  48. ࢀߟ৘ใ
    https://dev.classmethod.jp/articles/best-way-to-reference-parameters-in-cdk/

    View Slide

  49. ࢀߟ৘ใ
    https://dev.classmethod.jp/articles/aws-cdk-props-cross-stack-reference-problem-and-handle/

    View Slide


  50. View Slide