20230510_FinJAWS

$%,ͷา͖ํ ໺ଜ૯߹ݚڀॴ ถᖒ୓໵ #-&"GPS'4*ͷ   ιʔεΛಡΈղͨ͘Ίͷ

͜ͷ-5Ͱ͓఻͍͑ͨ͜͠ͱ #-&"GPS'4*ͷιʔείʔυΛಡΈղ֦͘ு͢ΔͨΊʹ஌͓ͬͯ͘΂͖ϙΠϯτ ࠔͬͨͱ͖ʹࢀর͢ΔͰ͋Ζ͏$%,ެࣜϦϑΝϨϯεͷಡΈํ $%,Λ5ZQF4DSJQUͰ։ൃ͢Δͷ͸ා͘ͳ͍ʂ ͜ͷ-5Ͱ͓఻͑͠ͳ͍͜ͱ #-&"GPS'4*ͷߏ੒ཁૉઃܭࢥ૝ʢطʹղઆࡁΈͷ͸ͣɻɻʣ #-&"GPS'4*ͷݕূͯ͠Έͨ࿩ ͸͡Ίʹ

͜Εʂ ೥ʹ໺ଜ૯߹ݚڀॴʹ৽ଔೖࣾɻۚ༥ۀքͷ͓٬༷޲͚ʹ ϑϩϯτγεςϜͷߏஙΤϯϋϯεΛ୲౰ͨ͠ޙʹδϣϒνΣϯδɻ ݱࡏ͸࢈ۀۀքͷ͓٬༷޲͚ʹ"84؀ڥશൠͷઃܭߏஙΛ୲౰ɻ   8&#։ൃ͔Β"84౷੍ɺΫϥ΢υΨΠυϥΠϯࡦఆͳͲԿͰ΋΍Γ·͢ ޷͖ͳ"84αʔϏε͸4". "QQMJDBUJPO$PNQPTFS $PEF1JQFMJOF
޷͖ͳٕज़͸/FYUKT 5BJMXJOE$44 %PDLFS LT 3BODIFS झຯ͸֨ಆٕʢ΍Γ·͢ݟ·͢ʣɺ͓ՈLTʢ͔Θ͍͍ʣ UBLVZBZPOF ถᖒ୓໵ 5BLVZB:POF[BXB

"84$%,ʢ$MPVE%FWFMPQNFOU,JUʣ ϓϩάϥϛϯάݴޠΛ࢖༻ͯ͠"84্ͷϦιʔεΛఆٛ͢Δ͜ͱ͕Ͱ͖Δ   *B$ʢ*OGSBTUSVDUVSFBT$PEFʣπʔϧ ར༻Մೳͳݴޠ͸1ZUIPOɺ5ZQF4DSJQUɺ+BWBɺ(PMBOH౳ 044ͱͯ͠(JU)VCͰެ։͞Ε͓ͯΓɺ׆ൃʹ։ൃ͞Ε͍ͯΔ $%,ιʔεΛϏϧυ$MPVE'PSNBUJPOͱͯ͠Ϧιʔε͕ߏங͞ΕΔ Ϧιʔεఆٛͷந৅౓ʹԠͯ͡---ͱ͍͏ϨΠϠʔ͕ଘࡏ
  -ɿந৅౓௿Ίʢ$MPVE'PSNBUJPOͱରԠɻ಄จࣈ͕$GOʓʓʣ   -ɿந৅౓ߴΊʢ"84ͷϕετϓϥΫςΟεΛ͋Δఔ౓ඪ४औΓࠐΈࡁΈʣ   -ɿෳ਺Ϧιʔεԣஅʢ"-#ͱ&$4λεΫΛηοτͰ࡞੒ͳͲʣ "84$%, ˞ IUUQTHJUIVCDPNBXTBXTDEL

"84$%,ʢ$MPVE%FWFMPQNFOU,JUʣ ϓϩάϥϛϯάݴޠΛ࢖༻ͯ͠"84্ͷϦιʔεΛఆٛ͢Δ͜ͱ͕Ͱ͖Δ   *B$ʢ*OGSBTUSVDUVSFBT$PEFʣπʔϧ ར༻Մೳͳݴޠ͸1ZUIPOɺ5ZQF4DSJQUɺ+BWBɺ(PMBOH౳ 044ͱͯ͠(JU)VCͰެ։͞Ε͓ͯΓɺ׆ൃʹ։ൃ͞Ε͍ͯΔ $%,ιʔεΛϏϧυ$MPVE'PSNBUJPOͱͯ͠Ϧιʔε͕ߏங͞ΕΔ Ϧιʔεఆٛͷந৅౓ʹԠͯ͡---ͱ͍͏ϨΠϠʔ͕ଘࡏ
  -ɿந৅౓௿Ίʢ$MPVE'PSNBUJPOͱରԠɻ಄จࣈ͕$GOʓʓʣ   -ɿந৅౓ߴΊʢ"84ͷϕετϓϥΫςΟεΛ͋Δఔ౓ඪ४औΓࠐΈࡁΈʣ   -ɿෳ਺Ϧιʔεԣஅʢ"-#ͱ&$4λεΫΛηοτͰ࡞੒ͳͲʣ "84$%, ˞ IUUQTHJUIVCDPNBXTBXTDEL Ͳͷݴޠ࢖͏ͷ͕Φεεϝʁ🤔

ʘ5ZQF4DSJQUΛ࢖͏΂͠ʂʗ

$%,PO5ZQF4DSJQUͷਪ͠ϙΠϯτ ͦ΋ͦ΋$%,͕5ZQF4DSJQUͰॻ͔Ε͍ͯΔͱ͍͏҆৺ײ ಉ͡։ൃݴޠͱͳΔͨΊɺಠ֦ࣗு͕؆୯ʢͩͱࢥ͏ʣ ࣮૷ํ਑΍໋໊نଇʹࠔͬͨΒ$%,ͷιʔείʔυΛோΊͯࢀߟʹͰ͖Δ ଟ͘ͷ5ZQF4DSJQU࣮૷ྫ΍αϯϓϧίʔυ͕ωοτ্ʹ͋Δ 5ZQF4DSJQUͷܕิ׬͕ൈ܈ͷ։ൃମݧ $%,ͷެࣜυΩϡϝϯτͷαϯϓϧ͕ͦ΋ͦ΋5ZQF4DSJQU ଞͷ/PEFKT੡ύοέʔδͱͷ਌࿨ੑ͕˓ ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝

5ZQF4DSJQUʹ͍ͭͯগ͠ิ଍ +BWBTDSJQUʹܕͱ͍͏֓೦Λ࣋ͨͤͨ"MU+4ʢBMUFSOBUJWF+BWB4DSJQUʣ ੩తܕ෇͚ݴޠͰ͋Δʢ5ZQFͱݴΘΕΔॴҎʣ Ϗϧυ࣌ʹɺม਺ʹ͓͔͠ͳ஋͕ೖ͍ͬͯΕ͹Τϥʔ͕ى͖ΔʢFYJOUܕͷม਺ʹTUSJOHܕΛ୅ೖͨ͠ʣ ಈతܕ෇͚ͩͱɺϏϧυˠ࣮ߦ·Ͱ΍Βͳ͍ͱΤϥʔ͕ى͜Δ͔Ͳ͏͔͸෼͔Βͳ͍ ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝

5ZQF4DSJQUʹ͍ͭͯগ͠ิ଍ $%,PO5ZQF4DSJQUͰͷܕνΣοΫྫ -Ͱͷ4όέοτ࡞੒ ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝ const testBucket = new s3.Bucket(this,'TestBucket',{
versioned: true, }); ܕνΣοΫ0, const testBucket = new s3.Bucket(this,'TestBucket',{ versioned: "123", }); ܕνΣοΫ/( WFSTJPOFE͸ CPPMFBO·ͨ͸VOEF fi OFE ͡Όͳ͍ͱμϝʂ

$%,PO5ZQF4DSJQUͰ਌ͷإΑΓݟΔެࣜυΩϡϝϯτ ެࣜυΩϡϝϯτͷαϯϓϧίʔυ͸جຊతʹ5ZQF4DSJQUલఏͳͷͰɺ߹Θ͓ͤͯ͘ͱ٢ ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝ ˞ IUUQTEPDTBXTBNB[PODPNDELBQJWEPDTBXTDPOTUSVDUMJCSBSZIUNM

#-&"GPS'4*ͷϦϙδτϦΛ೷͍ͯΈ·͠ΐ͏ VTFSDBTFTCBTFDUMPHHJOHQBDLBHFKTPO ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝ "devDependencies": { "@types/jest": "^27.5.2", "@types/node": "18.7.14",
"@typescript-eslint/eslint-plugin": "^5.38.0", "@typescript-eslint/parser": "^5.38.0", "cdk-nag": "^2.15.38", "eslint": "^8.23.1", "eslint-config-prettier": "^8.5.0", "lint-staged": "^13.0.3", "prettier": "^2.7.1", "simple-git-hooks": "^2.8.0", "standard-version": "^9.5.0", "typescript": "^4.8.3" },

#-&"GPS'4*ͷϦϙδτϦΛ೷͍ͯΈ·͠ΐ͏ VTFSDBTFTCBTFDUMPHHJOHQBDLBHFKTPO ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝ "devDependencies": { "@types/jest": "^27.5.2", "@types/node": "18.7.14",
"@typescript-eslint/eslint-plugin": "^5.38.0", "@typescript-eslint/parser": "^5.38.0", "cdk-nag": "^2.15.38", "eslint": "^8.23.1", "eslint-config-prettier": "^8.5.0", "lint-staged": "^13.0.3", "prettier": "^2.7.1", "simple-git-hooks": "^2.8.0", "standard-version": "^9.5.0", "typescript": "^4.8.3" }, ͳʹ΍Β$%,ͬΆ͘ͳ͍ ύοέʔδఆ͕ٛɺɺ φχίϨ 🤔

#-&"GPS'4*Ͱ࠾༻͞Ε͍ͯΔ/PEFKTύοέʔδൈਮ &4-JOU +BWB4DSJQU΍5ZQF4DSJQU޲͚ͷ੩తղੳπʔϧɻ   ߏจΤϥʔ΍ϓϩδΣΫτݻ༗ͷίʔσΟϯάن໿ʹҧ൓͢Δ৔߹ʹ/(Λग़ͯ͘͠ΕΔɻ ղੳఆٛ͸FTMJOUSDKTPOʹهࡌ͞Ε͍ͯΔ 1SFUUJFS ෳ਺ݴޠʹରԠͨ͠ιʔείʔυϑΥʔϚολʢιʔείʔυΛ੔ܗͯ͘͠ΕΔʣ ϑΥʔϚοτఆٛ͸QSFUUJFSSDKTPOʹهࡌ͞Ε͍ͯΔ MJOUTUBHFE
HJUDPNNJU࣌ʹԿ͔͠ΒͷॲཧΛτϦΨʔ͢Δ͜ͱ͕Մೳ #-&"GPS'4*Ͱ͸Լه͕ઃఆ͞Ε͍ͯΔ   ᶃγʔΫϨοτ৘ใͷεΩϟϯ   ᶄ&4-JOUͰͷ੩తղੳ   ᶅ1SFUUJFSʹΑΔࣗಈϑΥʔϚοςΟϯά ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝ "lint-staged": { "*": [ "git-secrets --scan" ], "*.(ts|tsx|js|jsx)": [ "npx eslint --fix" ], "*.(ts|tsx|js|jsx|json|html|yml|yaml|md|graphql|css|scss|less|vue|flow)": [ "npx prettier --write" ] }

#-&"GPS'4*Ͱ࠾༻͞Ε͍ͯΔ/PEFKTύοέʔδൈਮ &4-JOU +BWB4DSJQU΍5ZQF4DSJQU޲͚ͷ੩తղੳπʔϧɻ   ߏจΤϥʔ΍ϓϩδΣΫτݻ༗ͷίʔσΟϯάن໿ʹҧ൓͢Δ৔߹ʹ/(Λग़ͯ͘͠ΕΔɻ ղੳఆٛ͸FTMJOUSDKTPOʹهࡌ͞Ε͍ͯΔ 1SFUUJFS ෳ਺ݴޠʹରԠͨ͠ιʔείʔυϑΥʔϚολʢιʔείʔυΛ੔ܗͯ͘͠ΕΔʣ ϑΥʔϚοτఆٛ͸QSFUUJFSSDKTPOʹهࡌ͞Ε͍ͯΔ MJOUTUBHFE
HJUDPNNJU࣌ʹԿ͔͠ΒͷॲཧΛτϦΨʔ͢Δ͜ͱ͕Մೳ #-&"GPS'4*Ͱ͸Լه͕ઃఆ͞Ε͍ͯΔ   ᶃγʔΫϨοτ৘ใͷεΩϟϯ   ᶄ&4-JOUͰͷ੩తղੳ   ᶅ1SFUUJFSʹΑΔࣗಈϑΥʔϚοςΟϯά ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝ "lint-staged": { "*": [ "git-secrets --scan" ], "*.(ts|tsx|js|jsx)": [ "npx eslint --fix" ], "*.(ts|tsx|js|jsx|json|html|yml|yaml|md|graphql|css|scss|less|vue|flow)": [ "npx prettier --write" ] } #-&"GPS'4*Ͱ͸$%,PO5ZQFTDSJQU։ൃ   ʹඞཁͳమ൘ύοέʔδ͕ඪ४Ͱೖ͍ͬͯΔͷͰ ͦͷ··࢖͏͚ͩ͡Ό΋͍ͬͨͳ͍ʂ

#-&"GPS'4*ͷίʔυΛগ͠೷͍ͯΈ·͠ΐ͏ VTFDBTFTCBTFDUMPHHJOHMJCCMFBGTJTCVDLFUTUBDLUT͔ΒҰ෦ൈਮ $%,PO5ZQF4DSJQU։ൃ͋Δ͋Δ import { aws_s3 as s3 }
from 'aws-cdk-lib'; export class S3BucketStack extends cdk.Stack { constructor(scope: Construct, id: string, props: cdk.StackProps) { const logsBucket = new s3.Bucket(this, 'logsBucket', { accessControl: s3.BucketAccessControl.PRIVATE, blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL, versioned: true, removalPolicy: cdk.RemovalPolicy.RETAIN, serverAccessLogsBucket: archiveLogsBucket, encryption: s3.BucketEncryption.S3_MANAGED, enforceSSL: true, });

#-&"GPS'4*ͷίʔυΛνϥݟ VTFDBTFTCBTFDUMPHHJOHMJCCMFBGTJTCVDLFUTUBDLUT͔ΒҰ෦ൈਮ $%,PO5ZQF4DSJQU։ൃ͋Δ͋Δ import { aws_s3 as s3 }
from 'aws-cdk-lib'; export class S3BucketStack extends cdk.Stack { constructor(scope: Construct, id: string, props: cdk.StackProps) { const logsBucket = new s3.Bucket(this, 'logsBucket', { accessControl: s3.BucketAccessControl.PRIVATE, blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL, versioned: true, removalPolicy: cdk.RemovalPolicy.RETAIN, serverAccessLogsBucket: archiveLogsBucket, encryption: s3.BucketEncryption.S3_MANAGED, enforceSSL: true, }); BXTDELMJCͷBXT@TϞδϡʔϧΛ Tͱ͍͏ผ໊Ͱར༻͢ΔΑʂ OPEF@NPEVMFTBXTDELMJCBXTT ͔ΒΠϯϙʔτ

#-&"GPS'4*ͷίʔυΛνϥݟ VTFDBTFTCBTFDUMPHHJOHMJCCMFBGTJTCVDLFUTUBDLUT͔ΒҰ෦ൈਮ $%,PO5ZQF4DSJQU։ൃ͋Δ͋Δ import { aws_s3 as s3 }
from 'aws-cdk-lib'; export class S3BucketStack extends cdk.Stack { constructor(scope: Construct, id: string, props: cdk.StackProps) { const logsBucket = new s3.Bucket(this, 'logsBucket', { accessControl: s3.BucketAccessControl.PRIVATE, blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL, versioned: true, removalPolicy: cdk.RemovalPolicy.RETAIN, serverAccessLogsBucket: archiveLogsBucket, encryption: s3.BucketEncryption.S3_MANAGED, enforceSSL: true, }); 4όέοτΛ   ࡞ͬͯΔίʔυͬΆ͍͚Ͳɺ   ͲΜͳόέοτ࡞ͬͯΜͷʁ🤔

਌ͷإΑΓݟΔ$%,υΩϡϝϯτ $%,PO5ZQF4DSJQU։ൃ͋Δ͋Δ

਌ͷإΑΓݟΔ$%,υΩϡϝϯτ #VDLFUΫϥεͷϓϩύςΟ $%,PO5ZQF4DSJQU։ൃ͋Δ͋Δ

਌ͷإΑΓݟΔ$%,υΩϡϝϯτ #VDLFUΫϥεͷϓϩύςΟ $%,PO5ZQF4DSJQU։ൃ͋Δ͋Δ /BNFͷ຤ඌʹ ͕෇͍͍ͯΔ΋ͷ͸໌ࣔ͠ͳͯ͘ ΋$%,ͰΑ͠ͳʹઃఆͯ͘͠ΕΔ

਌ͷإΑΓݟΔ$%,υΩϡϝϯτ #VDLFUΫϥεͷϓϩύςΟ $%,PO5ZQF4DSJQU։ൃ͋Δ͋Δ σϑΥϧτ஋͸$MPVE'PSNBUJPOελοΫଆͰ   Α͠ͳʹઃఆ͓ͯͥ͘͠ʂ

ʘಡΈղ͖ํ͕෼͔Ε͹#-&"GPS'4*͸ා͘ͳ͍ʂʗ

͋͞ɺ#-&"GPS'4*ͷιʔεͷੈք΁%FFQ%JWFʂ IUUQTHJUIVCDPNBXTTBNQMFTCBTFMJOFFOWJSPONFOUPOBXTGPS fi OBODJBMTFSWJDFTJOTUJUVUF

20230510_FinJAWS

20230510_FinJAWS

Takuya Yonezawa

More Decks by Takuya Yonezawa

Other Decks in Programming

Featured

Transcript

$%,ͷา͖ํ ໺ଜ૯߹ݚڀॴ ถᖒ୓໵ #-&"GPS'4*ͷ   ιʔεΛಡΈղͨ͘Ίͷ

ʘ5ZQF4DSJQUΛ࢖͏΂͠ʂʗ

5ZQF4DSJQUʹ͍ͭͯগ͠ิ଍ $%,PO5ZQF4DSJQUͰͷܕνΣοΫྫ -Ͱͷ4όέοτ࡞੒ ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝ const testBucket = new s3.Bucket(this,'TestBucket',{

$%,PO5ZQF4DSJQUͰ਌ͷإΑΓݟΔެࣜυΩϡϝϯτ ެࣜυΩϡϝϯτͷαϯϓϧίʔυ͸جຊతʹ5ZQF4DSJQUલఏͳͷͰɺ߹Θ͓ͤͯ͘ͱ٢ ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝ ˞ IUUQTEPDTBXTBNB[PODPNDELBQJWEPDTBXTDPOTUSVDUMJCSBSZIUNM

#-&"GPS'4*ͷϦϙδτϦΛ೷͍ͯΈ·͠ΐ͏ VTFSDBTFTCBTFDUMPHHJOHQBDLBHFKTPO ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝ "devDependencies": { "@types/jest": "^27.5.2", "@types/node": "18.7.14",

#-&"GPS'4*ͷϦϙδτϦΛ೷͍ͯΈ·͠ΐ͏ VTFSDBTFTCBTFDUMPHHJOHQBDLBHFKTPO ࢲ͕$%,PO5ZQF4DSJQUΛਪ͢ཧ༝ "devDependencies": { "@types/jest": "^27.5.2", "@types/node": "18.7.14",

#-&"GPS'4*ͷίʔυΛগ͠೷͍ͯΈ·͠ΐ͏ VTFDBTFTCBTFDUMPHHJOHMJCCMFBGTJTCVDLFUTUBDLUT͔ΒҰ෦ൈਮ $%,PO5ZQF4DSJQU։ൃ͋Δ͋Δ import { aws_s3 as s3 }

#-&"GPS'4*ͷίʔυΛνϥݟ VTFDBTFTCBTFDUMPHHJOHMJCCMFBGTJTCVDLFUTUBDLUT͔ΒҰ෦ൈਮ $%,PO5ZQF4DSJQU։ൃ͋Δ͋Δ import { aws_s3 as s3 }

#-&"GPS'4*ͷίʔυΛνϥݟ VTFDBTFTCBTFDUMPHHJOHMJCCMFBGTJTCVDLFUTUBDLUT͔ΒҰ෦ൈਮ $%,PO5ZQF4DSJQU։ൃ͋Δ͋Δ import { aws_s3 as s3 }

਌ͷإΑΓݟΔ$%,υΩϡϝϯτ $%,PO5ZQF4DSJQU։ൃ͋Δ͋Δ

਌ͷإΑΓݟΔ$%,υΩϡϝϯτ #VDLFUΫϥεͷϓϩύςΟ $%,PO5ZQF4DSJQU։ൃ͋Δ͋Δ

਌ͷإΑΓݟΔ$%,υΩϡϝϯτ #VDLFUΫϥεͷϓϩύςΟ $%,PO5ZQF4DSJQU։ൃ͋Δ͋Δ /BNFͷ຤ඌʹ ͕෇͍͍ͯΔ΋ͷ͸໌ࣔ͠ͳͯ͘ ΋$%,ͰΑ͠ͳʹઃఆͯ͘͠ΕΔ

਌ͷإΑΓݟΔ$%,υΩϡϝϯτ #VDLFUΫϥεͷϓϩύςΟ $%,PO5ZQF4DSJQU։ൃ͋Δ͋Δ σϑΥϧτ஋͸$MPVE'PSNBUJPOελοΫଆͰ   Α͠ͳʹઃఆ͓ͯͥ͘͠ʂ

ʘಡΈղ͖ํ͕෼͔Ε͹#-&"GPS'4*͸ා͘ͳ͍ʂʗ

͋͞ɺ#-&"GPS'4*ͷιʔεͷੈք΁%FFQ%JWFʂ IUUQTHJUIVCDPNBXTTBNQMFTCBTFMJOFFOWJSPONFOUPOBXTGPS fi OBODJBMTFSWJDFTJOTUJUVUF