AWS CDKのあるあるお悩みに答えたい

Transcript

1. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

   Services, Inc. or its affiliates. Twitter: #jawsug_cdk © 2023, Amazon Web Services, Inc. or its affiliates. AWS CDKͷ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ ։ൃ࣌ͷҙࢥܾఆΛߴ଎Խ͢ΔͨΊʹ ༑Ԭ խࢤ Prototyping Engineer Amazon Web Services Japan G.K.

2. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

   Services, Inc. or its affiliates. Twitter: #jawsug_cdk ࠓ೔ͷ͓࿩ AWS CDK (ҎԼCDK) ։ൃʹؔ͢ΔFAQʹରͯ͠ ౴͑ ߟ͑ํͷےಓΛࣔ͢ Ͱ͖Δ͚ͩCDK։ൃ࣌ʹ೰Ή࣌ؒΛݮΒͤΕ͹޾͍Ͱ͢ʂ ର৅ࢹௌऀ: CDK։ൃऀ͸ͲͳͨͰ΋ (CDK׬શॳ৺ऀͷํ͸ɺগ͠׳Ε͖ͯͨࠒʹݟฦ͢ͷ͕Φεεϝ) ୠ͠ॻ͖ • ίʔσΟϯά্ͷ׳श͸͠͹͠͹ਓʹΑΓҙݟ͕෼͔ΕΔ෦෼Ͱ͢ • ίϯςΩετͷҧ͍ / ఆྔԽͮ͠Β͍ • ࠓ೔ͷ಺༰΋౿·͑ͭͭɺݸผͷঢ়گʹԠͨ͡ద੾ͳ൑அΛ͍ͯͩ͘͠͞ 2 ຊ೔ͷࢿྉ

3. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

   Services, Inc. or its affiliates. Twitter: #jawsug_cdk ࣗݾ঺հ ༑Ԭ խࢤ Prototyping Engineer @AWS Japan લ৬ mBaaS։ൃŋӡ༻ (Rails, Sinatra, Ruby, MySQL) ϞόΠϧήʔϜΫϥΠΞϯτ։ൃ (Unity, C#) CDKܦݧ ্هmBaaSΛAWSҠߦ͢Δࡍʹ࠾༻ (2019/12 - 2020/10) ϓϩτλΠϓ։ൃʹར༻ (2020/11 -) AWSࣾ಺αʔϏεͷӡ༻։ൃ (2021/7 - 2022/3) ࠷ۙ࡞ͬͨ΋ͷ: aws-samples/jenkins-unity-build-on-aws Twitter: @tmokmss 3

4. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

   Services, Inc. or its affiliates. Twitter: #jawsug_cdk ͓඼ॻ͖ • ͲͷϓϩάϥϛϯάݴޠΛ࢖͏΂͖ʁ • ελοΫ͸ͲͷΑ͏ʹ෼͚Δʁ • ελοΫ಺ͷίʔυ͕ࢄΒ͔͖ͬͯͨΜ͚ͩͲ… • L1 / L2 / L3ίϯετϥΫτɺͲΕΛ࢖͏΂͖ʁ • ؀ڥΛ૿΍͢ํ๏͸ʁ • ࣗಈςετͲ͏͢Δʁ 4 ؍఺ (FAQͷதͰ΋): OR৚݅ • ൑அ͕೉͍͠΋ͷ • 1 way doorͳܾஅʹͳΔ΋ͷ • ஌Βͳ͍ͱଛ͢Δ஌ࣝ

5. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

   Services, Inc. or its affiliates. Twitter: #jawsug_cdk TypeScript (JSؚΉ) Python Java .NET Go 2022 CDK community survey CDKϢʔβʔͷར༻ݴޠൺ཰ n=122 5 Q. ͲͷݴޠΛ࢖͏΂͖͔ • ಛผͳཧ༝͕ͳ͍ݶΓ͸ TypeScript ͕͓͢͢Ίɻཧ༝: 1. Ϣʔβʔ਺͕࠷ଟ (ӈਤ) → ৘ใ͕ଟ͍ɺಓ͕੔උ͞Ε͍ͯΔ 2. ίϯετϥΫτϥΠϒϥϦͷpublish਺͕࠷ଟ (constructs.dev) • TypeScriptΛ100%ͱͯ͠ Python: 80% .NET: 56% Java: 53% Go: 12% (2022/10࣌఺) • ཧ࿦্͸શݴޠͰ࢖͑Δ(jsii)ͷ͕ͩɺ୯ʹϥΠϒϥϦ࡞ऀ͕publish͍ͯ͠ͳ͍ 3. ֶशίετ͕ൺֱత௿͍ (Ϋηͷͳ͍จ๏ɻCDKΛॻ͘ఔ౓ͳΒ…) • ͨͩ͠: CDKͷػೳࣗମ͸ͲͷݴޠͰ΋ࠩͳ͠ (jsii͕ͦΕΛอূ) • ։ൃऀʹڧ͍޷Έ͕͋Δ৔߹͸ɺͦͷݴޠΛ࢖͏ͷ͸શવΞϦ (׳ΕͨݴޠΛ࢖͑Δͷ͕CDKͷັྗ) • ࢀߟ: TypeScriptͷCDKίʔυ͸ػցతʹଞݴޠ΁ॻ͖׵͑Մೳ Translating from TypeScript • ࣗಈ຋༁: AWS CDK Translator

6. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

   Services, Inc. or its affiliates. Twitter: #jawsug_cdk Q. ελοΫ͸Ͳ͏෼͚Δͷ͕ྑ͍ʁ • جຊϧʔϧ: ඞཁ͕ͳ͍ͳΒ෼͚ͳ͍ • ελοΫΛ෼͚Δͱେ఍ͷ৔߹ελοΫؒͷґଘؔ܎͕ੜ͡Δ (ελοΫؒࢀরͳͲ) • ελοΫؒࢀর͸։ൃŋӡ༻্͍͔ͭ͘ͷ໘౗ΛҾ͖ى͕ͪ͜͠ (ޙड़) • ελοΫΛ෼͚Δඞཁ͕͋Δ৔߹ͷ୅දྫ 1. CloudFormationͷϋʔυϦϛοτʹ౰ͨΔͱ͖ (Ϧιʔε਺500ͳͲ) 2. ΞΧ΢ϯτ΍ϦʔδϣϯΛލ͍ͩσϓϩΠ͕ඞཁͳͱ͖ 3. ϦιʔεΛσϓϩΠ͢ΔؒʹCloudFormation֎ͷૢ࡞͕ඞཁͳͱ͖ • ྫ: όοΫΤϯυͷσϓϩΠ → ϑϩϯτΤϯυͷ؀ڥม਺ (Cognito Pool IDͳͲ) ΛຒΊࠐΜͰϏϧυ → ϑϩϯτΤϯυͷσϓϩΠ • ඞཁ͕͋Δ͔Ͳ͏͔Θ͔Βͳ͍ͱ͖ → ෼͚Δ͜ͱͰ۩ମతͳϝϦοτ͕͋Δ͔ߟ͑Δ • Ϧιʔεͷॴ༗ऀ͕ҟͳΔ৔߹ͳͲɺ্هͷඞཁੑ͕ͳͯ͘΋෼ׂ͕߹ཧతͳ৔߹΋͋Γ 6 νʔϜؒͷಠཱੑΛอͭखஈͱͯ͠ɺ App͝ͱ෼͚Δબ୒ࢶ΋͋Δ ※

7. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

   Services, Inc. or its affiliates. Twitter: #jawsug_cdk ελοΫΛ෼͚Δ͜ͱͷσϝϦοτ 1. ελοΫؒࢀরʹΑΓɺ॥؀ґଘ΍σϓϩΠ࣌ͷ޻෉ͳͲ௥Ճͷߟྀ͕ඞཁʹ (ҎԼ͸Ұྫ) • ӈਤͷঢ়ଶͰҎԼͷૢ࡞Λ͢ΔͱσϓϩΠ΍synthʹࣦഊ͢Δ 1. Parent͔ΒChildͷϦιʔεΛࢀর (॥؀ґଘ) 2. ChildStack಺ͷLambda FunctionΛ࡟আ (มߋͷڝ߹ɺཧ༝͸࣍ͷεϥΠυ) • ճආ͸Մೳ (ޙड़)ɻ։ൃମݧͷѱԽ͕՝୊ 2. σϓϩΠ͕ಷԽ • ґଘؔ܎ͷ͋ΔελοΫ͸ಉ࣌ʹσϓϩΠͰ͖ͳ͍ → σϓϩΠͷฒྻ౓੍͕ݶ͞ΕΔ 3. ద੾ͳ෼͚ํΛઃܭ͢Δͷ͕େม 7 ParentStack DynamoDB Table Stack export: TableName ChildStack Lambda Function (ςʔϒϧ໊Λࢀর) Fn:ImportValue

8. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

   Services, Inc. or its affiliates. Twitter: #jawsug_cdk ิ଍: ελοΫͷσϓϩΠʹࣦഊ͢Δ࢓૊Έ 8 ParentStack DynamoDB Table Stack export: TableName ChildStack Lambda Function (ςʔϒϧ໊Λࢀর) Fn:ImportValue ParentStack DynamoDB Table Stack export: TableName ChildStack Lambda Function (ςʔϒϧ໊Λࢀর) Fn:ImportValue લఏ ελοΫؒࢀরͷಛ௃: • ΤΫεϙʔτ͞ΕͨελοΫग़ྗ஋͕ਖ਼ମ • CDK͕ม਺ͷؔ܎ੑΛݟͯࣗಈͰ࡞੒ • ࢀর͞Ε͍ͯΔग़ྗ஋͸࡟আͰ͖ͳ͍ (ڧ͍ࢀর) cdk deploy ͷॱং: Parent → Child ৽͍͠ParentStack͸Stack exportΛ࡟আ͠Α͏ͱ͢Δ͕ɺ ChildStack͸·ͩݹ͍΋ͷ͕σϓϩΠ͞Εͨ·· ͭ·ΓTableName͸·ͩࢀর͞Ε͍ͯΔͷͰɺStack exportͷ࡟আʹࣦഊ͢Δ Lambdaؔ਺Λ࡟আͯ͠σϓϩΠΛࢼΈΔ σϓϩΠʹࣦഊʂ

9. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

   Services, Inc. or its affiliates. Twitter: #jawsug_cdk αʔϏεछผʹΑΔ෼͚ํ ػೳʹΑΔ෼͚ํ • Ұͭͷࢦඪ: ελοΫؒࢀরΛͰ͖Δ͚ͩগͳ͘͢Δ • ϦιʔεؒͷґଘΛελοΫ಺Ͱ׬݁ͤ͞Δ • ֤ελοΫΛͰ͖Δ͚ͩಠཱͤ͞ΔΠϝʔδ ServiceB stack ServiceA stack Persistance stack Network stack Stateless stack ͦΕͰ΋ελοΫΛ෼͚͍ͨͱ͖͸ ServiceA ServiceB Network Persistent Stateless 1 3 1 (ελοΫؒࢀর਺) ※ ڽू౓ͷ࿩ʹ΋ؔ࿈ ˙ ͸࿦ཧతڽूɺ˙ ͸ػೳతڽूʹ͍͔ۙ ελοΫؒࢀরͳ͠ 9

10. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk ϚϧνελοΫ։ൃ࣌ͷTips – มߋͷڝ߹Λղফ͢Δ • -e, --exclusivelyϑϥάͰґଘؔ܎Λແࢹͯ͠σϓϩΠ͢Δ ࢀর • Stack.exportValueϝιουͰ໌ࣔతʹStack exportΛ࡞੒͢Δ • ελοΫؒࢀরΛ࢖Θͣʹ஋ΛελοΫؒͰड͚౉͢ • SSMύϥϝʔλΛܦ༝͢Δɺ໋໊نଇʹԊͬͨ஋Λϋʔυίʔυ͢ΔͳͲ ↓ • 2ஈ֊ʹ෼͚ͯσϓϩΠ͢Δ (࣍ͷϖʔδ) 10 ChildStackͷΈΛઌʹσϓϩΠ͢Ε͹ɺ Stack export͸ෆཁʹͳΓɺมߋ͸ڝ߹͠ͳ͍ ChildStack͕ݩʑඞཁͱͨ͠஋Λ໌ࣔతʹexport Stack export͕อ࣋͞Εɺมߋ͸ڝ߹͠ͳ͍ exclusive deploy CDKͰελοΫؒͷύϥϝʔλʔΛड͚౉͢5ͭͷํ๏ͱ έʔεผͷ࠷దղʹ͍ͭͯߟ͑ͯΈͨ

11. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk 2ஈ֊σϓϩΠͷྫ ParentStack ChildStack DynamoDB Table v1 Lambdaؔ਺ TableNameΛࢀর ParentStack ChildStack DynamoDB Table v2 Lambdaؔ਺ TableNameΛࢀর DynamoDB Table v1 11 ParentStack ChildStack DynamoDB Table v2 Lambdaؔ਺ ͜ͷExport͸·ͩ࡟আͰ͖ͳ͍ exportValueͰ໌ࣔతʹ࢒͢ TableNameΛࢀর Deploy#1 Deploy#2 ॳظঢ়ଶ தؒঢ়ଶ ࠷ऴঢ়ଶ Deploy#2 Ͱ࡟আ ※ ࠓճ͸৽چςʔϒϧؒͷσʔλҠߦΛߟྀ͍ͯ͠ͳ͍

12. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk ϚϧνελοΫ։ൃ࣌ͷTips – ॥؀ґଘΛղফ͢Δ ελοΫͷ॥؀ґଘ: 2ͭͷελοΫ͕ޓ͍ͷStack exportΛࢀর͋͠͏ঢ়ଶ ParentStack ChildStack Security group Security group VPC Lambda Subnet IDΛࢀর Ingress rule Security group IDΛࢀর Ingress rule Error: 'Stack2' depends on 'Stack1' ({Stack2/Handler/ServiceRole/Resource}.addDependency({Stack1/Vpc/IsolatedSubnet1/RouteTableAssociation}),… ). Adding this dependency (Stack1 -> Stack2/Handler/SecurityGroup/Resource.GroupId) would create a cyclic reference. 12 ґଘؔ܎ͷํ޲Λҙ࣮ࣝͨ͠૷Ͱճආ ྫ: ͜ͷґଘ͸NG ґଘ͸ยํ޲ͷΈڐ͞ΕΔ ※ ্هͰ͸ճආͰ͖ͳ͍͜ͱ΋ɻGitHubͰIssueΛ୳͢ɾཱͯΔͷ΋खɻ

13. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk ϚϧνελοΫ։ൃ࣌ͷTips – ॥؀ґଘΛղফ͢Δ ελοΫͷ॥؀ґଘ: 2ͭͷελοΫ͕ޓ͍ͷStack exportΛࢀর͋͠͏ঢ়ଶ ParentStack ChildStack Security group Security group VPC Lambda Subnet IDΛࢀর Ingress rule Security group IDΛࢀর Ingress rule Error: 'Stack2' depends on 'Stack1' ({Stack2/Handler/ServiceRole/Resource}.addDependency({Stack1/Vpc/IsolatedSubnet1/RouteTableAssociation}),… ). Adding this dependency (Stack1 -> Stack2/Handler/SecurityGroup/Resource.GroupId) would create a cyclic reference. 13 ґଘؔ܎ͷํ޲Λҙ࣮ࣝͨ͠૷Ͱճආ ྫ: ͜ͷґଘ͸NG ґଘ͸ยํ޲ͷΈڐ͞ΕΔ ΠςϨʔςΟϒͳ։ൃͰ͸ ͋·Γߟ͑ͨ͘ͳ͍൥Θ͠͞ ͤΊͯ։ൃ؀ڥͰ͸γϯάϧελοΫʹ อͬͯ͸͍͔͕ʁ ※ ্هͰ͸ճආͰ͖ͳ͍͜ͱ΋ɻGitHubͰIssueΛ୳͢ɾཱͯΔͷ΋खɻ

14. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk Q. Stackͷίʔυ͕ࢄΒ͔͖ͬͯͨ • ϦιʔεΛϑϥοτʹϕλॻ͖͢Δͱɺೝ஌ෛՙ͕ߴ·Δ • Ϧιʔεͷґଘؔ܎͕Θ͔ΓͮΒ͔ͬͨΓɺεΫϩʔϧྔ͕૿͑ͨΓ • OOPʹ͓͚ΔΫϥεઃܭͷॏཁੑʹ΋ྨࣅ • ந৅ → ۩ମ ͷॱΛ෼͔Γ΍͍͢ͱײ͡Δਓ͸ଟ͍ (Օ৚ॻ͖ͱಉ͡) • ίϯετϥΫτΛ࢖ͬͯߏ଄Խ͢Δͷ͕͓͢͢Ί ü Ϧιʔεͷू߹Λҙຯͷ͋Δ୯ҐͰ·ͱΊΔ ü ϞδϡʔϧԽͷར఺Λڗड (࠶ར༻ੑɺந৅ԽͳͲ) ü ID (ୈ2Ҿ਺) ͷָ໋໊͕ʹ (ҰҙੑΛอͭείʔϓ͕ڱ·ΔͨΊ) 14 ೝূ Storage Lambda API ID

15. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk ೝূ Storage Lambda API ίϯετϥΫτͰίʔυΛߏ଄Խ͢Δ 15 ↑ίϨ͘Β͍ͷཻ౓Ͱ·ͱ·͍ͬͯΔͱύοτݟͰߏ଄͕Θ͔Γ΍͍͢ ͋ΔҙຯͰෳࡶ͞͸૿͢ͷͰɺํ਑͸νʔϜͰٞ࿦͢Δͱ 🙆 vs ίʔυྫ

16. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk CloudFormationίϯιʔϧͷTree View΋ݟ΍͘͢ 16 ࢿྉ

17. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk খωλ: ແ໊ίϯετϥΫτ (ͱɺݺΜͰΈΔ) • ίϯετϥΫτπϦʔͷ֓೦Λཧղ͢ΔͱḿΔ • ϑΝΠϧγεςϜͷσΟϨΫτϦπϦʔͰྨਪ͢Δͱָ • είʔϓ(ୈ1Ҿ਺)=਌σΟϨΫτϦ, ID(ୈ2Ҿ਺)=σΟϨΫτϦ໊ • ͋ΔσΟϨΫτϦ(είʔϓ)ͷதʹಉ໊͡લ(ID)͸ଘࡏͰ͖ͳ͍ • είʔϓ͸ඞͣ͠΋ this Ͱ͋Δඞཁ͸ͳ͍ • ۭͷίϯετϥΫτΛͦͷ৔Ͱ࡞੒͠ɺ ଞͷίϯετϥΫτ͸ͦΕΛ਌ʹͰ͖Δ • ແ໊Ϋϥε΍ແ໊ؔ਺ʹྨࣅͯ͠·ͤΜʁ • Ϋϥεఆٛ͢Δ΄ͲͰ͸ͳ͍Μ͚ͩͲɺɺ ͱ͍͏ঢ়گʹ͸ศརʹ࢖͑Δ͔ 17 Pro tip: ϒϥέοτ{} Ͱม਺ͷείʔϓ΋੍ޚՄೳ είʔϓ͕ҧ͏ͷͰಉ͡IDΛ࢖͑Δ ۭͷίϯετϥΫτ είʔϓͷࢦఆ

18. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk ίϯετϥΫτΛ࡞Δͱ͖ͷTips ࢀর: AWS CDK Tips: ίϯετϥΫτͰߏ଄Խ͠Α͏ 1. ίϯετϥΫτͷ෼͚ํ • ελοΫͷ෼͚ํ΄ͲηϯγςΟϒͳ࿩୊Ͱ͸ͳ͍ (Լखʹ෼͚ͯ΋σϝϦοτ͕࿐ఄͮ͠Β͍) • ͨͩ͠εςʔτϑϧͳϦιʔε͸ޙ͔ΒϦϑΝΫλͮ͠Β͍ͷͰɺ৻ॏʹ • ਓ͕෼͔Γ΍͍͢୯ҐͰ·ͱΊΕ͹Ұ୴े෼ (จষ΍ΞʔΩਤॻ͘ͱ͖ͳͲ΋ࣗવͱҙࣝͯ͠Δ͸ͣ) 2. ID=‘Default’ ʹΑΓ Logical IDΛ୹ॖ͢Δ Shorter AWS CDK Logical IDs • CFnʹΑΔࣗಈ໋໊ΛΘ͔Γ΍͘͢อͭͨΊ • ϦϑΝΫλͷͱ͖΋LogicalIDͷมߋΛ๷͙ͨΊʹ໾ཱͬͨΓ 3. IDͷ໋໊͸PascalCase͕͓͢͢Ί Construct ID͸ύεΧϧέʔεͰ໋໊͢Δͷ͕ྑ͍ • CFnʹΑΔࣗಈ໋໊ΛΘ͔Γ΍͘͢อͭͨΊ 18 ID

19. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk Q. L1 / L2 / L3 ίϯετϥΫτ ͲΕΛ࢖͏ʁ • ந৅౓ʹΑΓίϯετϥΫτ͸L1~L3ʹେผ͞ΕΔ (ӈਤ) • جຊతʹ͸L2+Λੵۃతʹ࢖͏΄͏͕CDKͷར఺Λڗड͠΍͍͢ • grantXxx, allowFromͳͲʹΑΔந৅Խ΋ڧྗ • ந৅ԽʹΑͬͯॊೈੑΛࣦΘͳ͍ͨΊʹ 1. ࣗ૊৫ͰίϯετϥΫτΛ࡞੒ɾ؅ཧ͢Δ • ࣗ༝ʹमਖ਼Մೳͳͷ͕ڧΈɻεχϖοτͱͯ͠࢖͍ճ͢΋͋Γ 2. ެࣜɾαʔυύʔςΟͷίϯετϥΫτ͸… • ϑΥʔΫ͢Δ or ίϯτϦϏϡʔτ (Pull RequestΛૹΔ) • ޙऀ͸ΤίγεςϜͷڧԽͱ͍͏ҙຯͰ͸ཧ૝త (࣌ʹେม) 3. Escape hatch ʹΑΔΦʔόʔϥΠυ (࠷ޙʹͯ͠࠷ڧͷํ๏) • ࣍ͷεϥΠυͰৄ͘͠঺հ 19 ந৅౓௿ ॊೈੑ ந৅౓ߴ ੜ࢈ੑ L1 L2 L3

20. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk L2 / L3ίϯετϥΫτͰॊೈੑΛऔΓ໭͢ - Escape hatchฤ • ·ΕʹΑ͘ඞཁͳΠϯλʔϑΣʔεΛL2+Ͱ͸ར༻Ͱ͖ͳ͍৔߹͕͋Δ • ͜ͷ఺Λཧ༝ʹCFnͷ΄͏͕CDKΑΓྑ͍ͱݴΘΕΔ͜ͱ΋͋Δ͕ɺඞͣ͠΋ͦ͏Ͱ͸ͳ͍ • Escape hatchΛ࢖͑͹ɺL1ͱಉϨϕϧʹॊೈͳૢ࡞͕Մೳ 20 ྫ: Lambda RoleͷPolicy໊Λมߋ͢Δ Escape hatchͰL1 constructΛ௚઀৮ΔCDKίʔυ MetadataΛݟΕ͹Ϧιʔεͷύε͕෼͔Δ ߹੒ޙͷCloudFormationςϯϓϨʔτ ύεʹԊͬͯίϯετϥΫτπϦʔΛ۷Δ ৄࡉ: Abstractions and escape hatches ೚ҙͷϓϩύςΟΛΦʔόʔϥΠυͰ͖ΔΠϯλʔϑΣʔε

21. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk Q. ෳ਺؀ڥ޲͚ʹςϯϓϨʔτͷఆٛΛ͢Δʹ͸ʁ Dev/Staging/ProdͳͲෳ਺ͷ؀ڥΛͲ͏͏·͘ఆٛ͢Δ͔ʁ ࠷௿ݶɺҎԼΛͲ͏͢Δ͔ߟ͍͑ͨ: 1. ؀ڥ͝ͱʹύϥϝʔλΛઃఆ͢Δํ๏ • ྫ: Auroraʹ͍ͭͯɺDev؀ڥ͸ t3ΠϯελϯεɾProd؀ڥ͸m6gΠϯελϯεΛ࢖͏ 2. ؀ڥ͝ͱʹελοΫఆٛΛग़͠෼͚Δํ๏ • ҰͭͷCDKίʔυ͔Βෳ਺ͷ؀ڥ༻ελοΫΛsynth͍ͨ͠ • ྫ: Dev؀ڥ༻ɺProd؀ڥ༻ͷελοΫΛͲ͏ఆٛ͢Δ͔ 21

22. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk ؀ڥ͝ͱʹύϥϝʔλΛઃఆ͢Δํ๏ • ύϥϝʔλΛ؅ཧ͢Δ৔ॴΛܾΊΔ • ӈ͸୅දྫ5ͭ (ଞʹ΋ແݶʹߟ͑ΒΕΔ) • ࣍ϖʔδʹৄ͍͠ൺֱදΛهࡌ • ಡΈࠐΜͩύϥϝʔλΛελοΫ΍ ίϯετϥΫτͷPropsʹ౉͢૝ఆ 22

23. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk ؀ڥ͝ͱʹύϥϝʔλΛઃఆ͢Δํ๏ - ൺֱද 23 (ॱෆಉ) ֓ཁ Pros Cons 1. Context variable cdk.json΍ –c ΦϓγϣϯͰ ࢦఆ cdk deploy –c env=dev CDKඪ४ؔ਺ (tryGetContext) Ͱ஋ ΛऔಘͰ͖Δ͜ͱͷެࣜײ JSONʹΑΔinteroperabilityͷߴ͞ (ଞπʔϧͰJSONΛੜ੒ͨ͠ΓͳͲ) ஋ͷValidationʹҰ޻෉ඞཁ (JSON SchemaͳͲ) JSONͷදݱྗʹറΒΕΔ (CDKͷܕ DurationͳͲ͸࢖͑ͳ͍) 2. ؀ڥม਺ CDKίϚϯυ࣮ߦ࣌ʹ؀ڥ ม਺Λࢦఆ ENV=dev cdk deploy CDKҎ֎ͷք۾Ͱ΋ඪ४తͳํ๏ CIπʔϧͷઃఆͰ্ॻ͖Ͱ͖ΔͳͲ Ԡ༻ํ๏͸ଟ͍͔΋ ؀ڥม਺͸จࣈྻܕͷΈ ؀ڥม਺Λ؅ཧ͢Δ৔ॴΛߟ͑Δ ඞཁ͋Γ 3. ֤ݴޠͷ ΦϒδΣΫτ CDKͷݴޠͰύϥϝʔλΛ ϋʔυίʔυ͢Δ (e.g. TypeScriptͷobject) จࣈྻŋ਺ࣈҎ֎ͷܕ͕࢖͑Δ (Duration΍ec2.InstanceTypeͳͲ) खܰʹܕ҆શ ݴޠ͕ݻఆ͞ΕΔɺಈతͳੜ੒ʹෆ ޲͖ͳͲinteroperability͕ඞཁͳঢ় گͰ͸೉͍͕͠ɺك 4. Secrets Manager ParameterStore CDK֎ͰύϥϝʔλΛ࡞੒ deploy࣌ʹCFn͕஋Λಡࠐ ൿಗ৘ใ(API keyͳͲ)ΛCDKίʔυ ΍CFnςϯϓϨʔτ͔ΒӅṭͰ͖Δ ύϥϝʔλͷॳظԽʹ௥Ճखॱඞཁ ύϥϝʔλͷARNͷ؅ཧ΋ඞཁ 5. CfnParameter CloudFormationͷ ParameterػೳΛ࢖͏ synthޙʹσϓϩΠ಺༰ΛมߋՄೳ ߹੒ͨ͠CFnςϯϓϨʔτΛ഑෍͠ ͍ͨ৔߹ʹ͸༗ޮ CFnΛҙࣝ͢Δඞཁ͕͋ΓɺૉͷCDK ΑΓॻ͖ʹ͍͘ ಛघͳঢ়گΛআ͍ͯϝϦοτ͸ബ͍ ݸਓతͳ࢖͍෼͚: σϑΥϧτ͸3ɺඞཁʹԠͯ͡2/4/5

24. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk Q. ෳ਺؀ڥ޲͚ʹςϯϓϨʔτͷఆٛΛ͢Δʹ͸ʁ Dev/Staging/ProdͳͲෳ਺ͷ؀ڥΛͲ͏͏·͘ఆٛ͢Δ͔ʁ ࠷௿ݶɺҎԼΛͲ͏͢Δ͔ߟ͍͑ͨ: 1. ؀ڥ͝ͱʹύϥϝʔλΛઃఆ͢Δํ๏ • ྫ: Auroraʹ͍ͭͯɺDev؀ڥ͸ t3ΠϯελϯεɾProd؀ڥ͸m6gΠϯελϯεΛ࢖͏ 2. ؀ڥ͝ͱʹελοΫఆٛΛग़͠෼͚Δํ๏ • ҰͭͷCDKίʔυ͔Βෳ਺ͷ؀ڥ༻ελοΫΛsynth͍ͨ͠ • ྫ: Dev؀ڥ༻ɺProd؀ڥ༻ͷελοΫΛͲ͏ఆٛ͢Δ͔ 24

25. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk ؀ڥ͝ͱʹελοΫఆٛΛग़͠෼͚Δํ๏ ελοΫఆٛํ๏ͷ୅දྫ (௨ৗ bin/xxx.ts ʹॻ͘ΞϨ) • Dynamicύλʔϯ • 1ͭͷελοΫఆٛΛ࢖͍ճ͢ StackͷID͸֎෦͔Β஫ೖ • Staticύλʔϯ1 • ؀ڥͷ਺͚ͩελοΫΛϋʔυίʔυ͢Δ • DynamicΑΓApp಺ͷελοΫߏ੒͕෼͔Γ΍͍͢ • Staticύλʔϯ2 • ελοΫͷΫϥεఆٛࣗମΛ؀ڥ͝ͱʹ࢖͍෼͚Δ • ؀ڥ͝ͱʹϦιʔεͷߏ੒ŋελοΫ෼ׂΛม͍͑ͨ࣌ͳͲʹ༗ޮ • ؀ڥͷҰக౓͕௿Լ͢ΔϦεΫ͋Γ 25 ※ Staticύλʔϯ͸synthͷ͕࣌ؒ௕͘ͳΓ͕ͪɻ ؀ڥม਺౳Ͱ৚݅෼ذ͠ɺෆཁͳnew Stack()Λ ඈ͹͢ͳͲͰճආ͸Մೳɻ ※ CDK PipelinesΛ࢖͏৔߹͸ɺ εςʔδͱ͍͏֓೦Ͱ͞Βʹϥοϓ͞ΕΔ

26. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk Q. ࣗಈςετ͸Ͳ͏͢Δʁ࠷௿ݶ͸… • ඞਢ: εφοϓγϣοτςετ (synthޙͷCFnςϯϓϨʔτΛൺֱ͢Δςετ) • CDKͷόʔδϣϯΞοϓ࣌ͳͲʹɺҙਤ͠ͳ͍มߋ͕ੜ͍ͯ͡ͳ͍͜ͱΛݕূ͢ΔͨΊ • ࣮૷΋ۃΊͯ؆୯ (※ ݴޠ͝ͱͷςετϥΠϒϥϦΛ׆༻) ࣮૷ྫ: Testing constructs – Snapshot test • ೚ҙ: ΠϯςάϨʔγϣϯςετ (࣮ࡍʹAWS؀ڥʹσϓϩΠ͢Δςετ) • ΧελϜϦιʔεͷ࣮૷΍CloudFormationଆͷόϦσʔγϣϯΛݕূ͢ΔͨΊ • ςετ༻AWS؀ڥΛ༻ҙͯ͠౎౓σϓϩΠ͢Δͷ͕खܰͳखஈ (dev؀ڥΛ࢖͏ͳͲ) • Integ-runner ΍ integ-tests ͱ͍ͬͨϥΠϒϥϦ΋ఏڙ͞Ε͍ͯΔ (·ͩalpha) • ೚ҙ: Fine-grained assertions (ςϯϓϨʔτʹର͢Δࡉ΍͔ͳݕূ) • ࣗࣾϙϦγʔ΁ͷίϯϓϥΠΞϯεΛݕূ͢ΔͳͲ cdk-nagͳͲͰҰൠతͳ੬ऑੑݕࠪ͸Մೳ 26 ※ pdk-nag: ϓϩτλΠϐϯά޲͚ͷɺΑΓ؇͍ϧʔϧηοτ

27. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk CDK։ൃαΠΫϧͷҰྫ ݸਓతʹΑ͋͘ΔCDK։ൃͷྲྀΕΛࢀߟ·Ͱʹ (non-TDD): • ࣮૷ → σϓϩΠ → ಈ࡞֬ೝ͕جຊαΠΫϧ • σϓϩΠͯ͠खಈͷݕূΛ͢Δεςοϓ͸Ͳ͏ͯ͠΋ඞཁ • ͢΂ͯ֬ೝͰ͖ͨΒɺεφοϓγϣοτΛ࡞Δ • Ҏޙ͸εφοϓγϣοτͱͷࠩ෼ΛϨϏϡʔ͢Ε͹มԽΛ௥͑Δ • ςετࣗಈԽͷॏཁੑ͸IaCͷมߋස౓ʹԠͯ͡΋มΘΔ • ҆ఆޙ΋εφοϓγϣοτͷࠩ෼ϨϏϡʔ͕ͭΒ͍Ϩϕϧͩͱɺ ͦͷଞͷςετΛࣗಈԽ͢ΔΞϓϩʔν΋߹ཧతʹͳΔ͔ 27 CDK࣮૷ σϓϩΠ ಈ࡞֬ೝ εφοϓγϣοτ࡞੒ ϝϯςφϯε ͋Δػೳ։ൃͷϥΠϑαΠΫϧ

28. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk ·ͱΊ • AWS CDK։ൃʹ൐͏ҙࢥܾఆͷϙΠϯτɺFAQ΁ͷߟ͑ํΛ·ͱΊ·ͨ͠ • ͦΕͧΕͷPros/ConsΛߟ্͑ͨͰదٓ࠷దͳํ๏Λߟ͑Δ͜ͱ͕͓͢͢Ί • ͨͩ͠ɺ೰Έଓ͚ͯ։ൃ͕ࢭ·Δ͘Β͍ͳΒɺͱΓ͋͑ͣࢼ͠ͳ͕Βߟ͑Δํ͕ྑ͍Ͱ͢Ͷʂ • IaC࢖Θ(͑)ͳ͍ <<< (ӽ͑ΒΕͳ͍น) <<< CDK࢖͑Δ < CDK͏·͘࢖͑Δ • جຊͷߟ͑ํ: ඞཁͷͳ͍ݶΓෳࡶԽ͸͠ͳ͍ • ίϨΛҙࣝ͢Δͱଟ͘ͷ৔߹ແବͷͳ͍ίʔυʹͳΔ͸ͣʂ ຅ωλ • CDKίʔυΛϦϑΝΫλ͍ͨ͠ • طଘͷϦιʔεΛCDK؅ཧԼʹऔΓࠐΉ • σΟϨΫτϦߏ੒ɺetc… 28 ࠓޙ AWS Black BeltγϦʔζ ͰΧόʔ͞ΕΔ༧ఆͰ͢ʂ

29. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk ܦݧஊ΋ฉ͖͍ͨ AWS Dev Day 2023ͰBLEAνʔϜ͔Βൃද༧ఆ օ༷ͷAWS CDKܦݧஊɾۤ࿑࿩΋ͥͻ͝ڞ༗͍ͩ͘͞ʂ 29

30. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk ࢀߟࢿྉ • Best practices for developing and deploying cloud infrastructure with the AWS CDK • CDKʹؔ͢ΔϕετϓϥΫςΟεͷݪయɻ • JAWS CDKࢧ෦ͷΠϕϯτ࿥ը • ࠃ಺։ൃऀͷ஌ݟڞ༗ͷ৔ɻ೔ຊͷCDKίϛϡχςΟ͸ੈքతʹݟͯ΋׆ൃʂ • cdk.dev • άϩʔόϧͳCDKίϛϡχςΟSlackɻͪ͜Β΋׆ൃͰɺ೔໷࣭໰΍ٞ࿦͕ඈͼަ͍ͬͯ·͢ • Twitter CDK JP Community • ίϛϡχςΟࢀՃऀΛϑΥϩʔ͢Δͱ͍Ζ͍Ζͳҙݟ͕࢕͑·͢ɻ։ൃऀͷϒϩά͸ಛʹࢀߟʹͳΔʂ • The CDK Book • CDKʹؔ͢Δ஌͕ࣝ໢ཏతʹ·ͱ·ͬͨॻ੶ɻCDKϚχΞͳΒങͬͯ΋ଛ͸ͳ͍͸ͣ 30

31. 2023/05/20 AWS CDK CONFERENCE JAPAN ͋Δ͋Δ͓೰Έʹ౴͍͑ͨ © 2023, Amazon Web

    Services, Inc. or its affiliates. Twitter: #jawsug_cdk Thank you! © 2022, Amazon Web Services, Inc. or its affiliates. Masashi Tomooka [email protected] tmokmss