Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
OpsJAWS#4 CloudWatch Events Hands-on
Search
Tmorinaga
March 01, 2016
Technology
3
1.7k
OpsJAWS#4 CloudWatch Events Hands-on
OpsJAWS#4 20160301
Tmorinaga
March 01, 2016
Tweet
Share
More Decks by Tmorinaga
See All by Tmorinaga
OpsJAWS#13 IAMベストプラクティス
tmorinaga
1
3.6k
Developers.IO 2017 E3
tmorinaga
0
1.2k
JAWS DAYS 2017 Security-JAWS発表資料
tmorinaga
2
4.3k
AWS WAFのログが3時間しか見れないのでなんとかしてみる
tmorinaga
3
4.1k
re:Growth 2016 in Tokyo
tmorinaga
0
2.1k
Developers.IO 2016 in Fukuoka
tmorinaga
1
720
【エンジニア編】AWS活用を考えているなら”必ず!"知っておくべきセキュリティの話
tmorinaga
1
4.2k
【ビジネス編】AWS活用を考えているなら”必ず!"知っておくべきセキュリティの話
tmorinaga
1
2.1k
Other Decks in Technology
See All in Technology
AIアシスタントの活用で品質の向上と開発ワークフローのスピードアップ
nagix
1
210
「単なる OAuth 2.0 を認証に使うと、車が通れるほどのどでかいセキュリティー・ホールができる」のか検証してみた
terara
0
380
頼られるのが大好きな 皆さんへ - 支援相手との期待の合わせ方、突き放し方 -/For_people_who_like_to_be_relied_on
naitosatoshi
1
290
AOAI Dev Day - Opening Session
yoshidashingo
2
470
Git 研修 Basic【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
310
初中級者用如何使用backlog -VALE TUDOEDITION-
in0u
0
140
20240724_cm_odyssey_hibiyatech
hiashisan
0
110
Azure Pipelinesを使用したCICDベースラインアーキテクチャ実践
yuriemori
0
190
データベース研修 DB基礎【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
220
地理情報とAPIのトレンド
nagix
0
160
サービスの持続的な成長と技術負債について
siva_official
PRO
10
4.4k
サーバーレスAPI(API Gateway+Lambda)とNext.jsで 個人ブログを作ろう!
shuntaka
PRO
0
560
Featured
See All Featured
Understanding Cognitive Biases in Performance Measurement
bluesmoon
18
1.2k
In The Pink: A Labor of Love
frogandcode
139
22k
How STYLIGHT went responsive
nonsquared
93
5k
Designing for humans not robots
tammielis
247
25k
Visualization
eitanlees
139
14k
Happy Clients
brianwarren
94
6.6k
How to Think Like a Performance Engineer
csswizardry
4
590
Learning to Love Humans: Emotional Interface Design
aarron
269
39k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
20
7.2k
Fashionably flexible responsive web design (full day workshop)
malarkey
399
65k
Building Adaptive Systems
keathley
34
2k
4 Signs Your Business is Dying
shpigford
178
21k
Transcript
OpsJAWS#4 CloudWatchEvents Hands-on Ϋϥεϝιουגࣜձࣾ ιϦϡʔγϣϯΞʔΩςΫτ Ӭେࢤ
ࣗݾհ
Morinaga Taishi(@morimoritaitai) AWS Solution Archetect ✦ झຯ : ήʔϜ(શൠ) /
ञ / Χϝϥ ✦ ڵຯ : DevOps / Security ✦ ͖ͳαʔϏε:Config/CloudTrail/IAM AWS Certified Solutions Architect - Professional Developer -Associate SysOps Administorator - Associate
ձࣾհ
Classmethod,Inc.
Classmethod,Inc. AWSίϯαϧɾઃܭɾߏஙͱ ϞόΠϧ։ൃ͕ϝΠϯ
ੈքதʹΦϑΟε جຊతʹਓ͕͍Δͱ͜ΖʹΦϑΟε͕ग़དྷ·͢
Developers.IO
Developers.IO 5500ຊͷٕज़هࣄ 2300ຊͷAWSهࣄ ݄ؒ100ສPV
ϋϯζΦϯͷࢿྉͪ͜Β https://speakerdeck.com/tmorinaga https://gist.github.com/Tmorinaga
Agenda • CloudWatchEventsͱ • ϋϯζΦϯͷ४උ • Built-in targetΛࢼͯ͠ΈΔ • Lambda
functionΛࢼͯ͠ΈΔ • ͓ย͚ͮ
CloudWatch Eventsͱ
CloudWatchEventsͱ • ΠϕϯτʢϦιʔεͷঢ়ଶมԽͳͲʣΛݕ ͠ɺΠϕϯτυϦϒϯͰΞΫγϣϯΛ࣮ߦ͢ ΔࣄͷͰ͖ΔαʔϏε • ౦ژϦʔδϣϯͰ͑·͢ʂʂʂ
ΠϕϯτυϦϒϯͬͯLambda ͱͲ͏ҧ͏ͷʁ • CWELambdaͷ৽͍͠Πϕϯτιʔε • LambdaҎ֎ͷ࿈ܞʢSNSɺKinesisʣBuilt- inͷΈ༻ҙ͞Ε͍ͯΔ
CloudWatchEventsͷߏཁૉ • Πϕϯτιʔε • λʔήοτ • ϧʔϧ
Πϕϯτιʔε • ΠϕϯτͷݩͱͳΔϦιʔελΠϛϯά • ݱࡏબͰ͖ΔͷҎԼ • EC2ͷStatusมԽʢRunning,Stopped etcʣ • εέδϡʔϧʢ࠷ִ̑ؒʣ
• API CallʢCloudTrailͰर͑Δͷ͍͍ͩͨʣ • AutoScalingͷมԽʢLaunch Successful etcʣ
Πϕϯτιʔε • ΠϕϯτͷݩͱͳΔϦιʔελΠϛϯά • ݱࡏબͰ͖ΔͷҎԼ • EC2ͷStatusมԽʢRunning,Stopped etcʣ • εέδϡʔϧʢ࠷ִ̑ؒʣ
• API CallʢCloudTrailͰर͑Δͷ͍͍ͩͨʣ • AutoScalingͷมԽʢLaunch Successful etcʣ
CloudWatchEvents͕ API CallΛΠϕϯτιʔεʹͭ
Lambda͕ CWEΛΠϕϯτιʔεʹͭ
΄΅ͯ͢ͷAPI CallΛ ؆୯ʹLambda࿈ܞͰ͖Δʂ
λʔήοτ • ࣮ߦ͢ΔΞΫγϣϯ • ݱࡏબͰ͖ΔͷҎԼ • Lambda Function • SNS
Topic • Kinesis Stream • Built-in Targetʢsnapshot࡞ͳͲͷػೳʣ
ϧʔϧ • ΠϕϯτιʔεͱλʔήοτͷΈ߹Θͤ • ͲΜͳϦιʔε͕Ͳ͏ͳͬͨΒʢΠϕϯτιʔ εʣɺͲ͏͢Δ͔ʢλʔήοτʣ
ϋϯζΦϯͷ४උ
ҎԼͷࣄΛ֬ೝͯ͠Լ͍͞ • IAMͷPolicyઃఆ • ࠓճ AdminݖݶͰΓ·͢ʢIAM͍͡ΔͨΊʣ • STSʢSecurity Token ServiceʣͷEndpoint
• IAM→Account Settings→Security Token Service RegionsͰઃఆ • σϑΥϧτON • Stoppedঢ়ଶͷΠϯελϯεΛͻͱͭ
CWEʹඞཁͳPolicy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action":
"events:*", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*" } ] }
Ϧʔδϣϯͷ ΤϯυϙΠϯτ༗ޮԽ
Πϯελϯεͷ४උ t2.nanoͰͳΜͰ͍͍Ͱ͢
Built-in TargetΛ ࢼͯ͠ΈΔ
ࢼͯ͠ΈΔ͜ͱ • InstanceΛىಈͨ͠ΒPendingঢ়ଶͰڧ੍ఀࢭ • ҙຯಛʹແ͍Ͱ͕͢ɺಈ͖Λݟ͚ͯΕ
Ruleͷ࡞ https://ap-northeast-1.console.aws.amazon.com/cloudwatch/home?region=ap-northeast-1#events:
Πϕϯτιʔεͷબ
EC2Πϯελϯεͷঢ়ଶΛબ
λʔήοτͷՃ
Built-in targetΛબ
ΞΫγϣϯͷબ
Πϯελϯεͷબ ͜Ε * ͰࢦఆͰ͖ΔΑ͏ʹͳΓ·ͤΜ͔Ͷ…ʁ
ϧʔϧͷ໊લΛೖྗ
IAM RoleΛ࡞ طʹ࡞͞Ε͍ͯΔํͦͪΒΛબ
IAM Roleͷ࡞ ಛʹઃఆཁΒͳ͍ͷͰڐՄ
built-in targetʹඞཁͳPolicy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow",
"Action": [ "ec2:Describe*", "ec2:RebootInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:CreateSnapshot" ], "Resource": "*" } ] }
ϧʔϧ࡞ྃ
ಈ࡞֬ೝ
ಈ࡞֬ೝ ↓ pending͔Β͙͢ʹstoppedʹʂ
࣍ͷϋϯζΦϯͷͨΊʹ… ͍ͯ͠Δͱ͕࣍͏·͍͖͘·ͤΜ
Lambda FunctionΛ ࢼͯ͠ΈΔ
ࢼͯ͠ΈΔ͜ͱ • ࢦఆ͞ΕͨλάʮCostʯ͕͍͍ͭͯͳ͍ InstanceΛىಈͨ͠ΒPendingঢ়ଶͰڧ੍ఀࢭ • λάͷ͚ͭΕͬͯଟ͍Ͱ͢ΑͶ…
Lambda Function࡞
blueprintΘͳ͍ͷͰSkip
໊લͱ༻ݴޠΛࢦఆ
ίʔυΛίϐϖ https://gist.github.com/Tmorinaga/5b1df9e90e20fe173685
ίʔυʹ͍ͭͯ • ΤϥʔϋϯυϦϯάͳͲ͍ͯ͠·ͤΜͷͰɺ ຊ൪ར༻ͳͲ͢Δ߹࡞Γ͜ΜͰԼ͍͞ɻ • ͍͍ͷ͕Ͱ͖ͨΒڭ͑ͯԼ͍͞m(_ _)m
Lambda༻IAM Role࡞
Policyඍௐ
Policyඍௐ
built-in targetʹඞཁͳPolicy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow",
"Action": [ . . . ], "Resource": "arn:aws:logs:*:*:*" }, { "Effect": "Allow", "Action": [ "ec2:StopInstances", "ec2:DescribeInstances" ], "Resource": "*" } ] } ←͜ͷ෦ΛՃ https://gist.github.com/Tmorinaga/678cd280c1702c9c5233
Advanced settingsͦͷ··
Review
Ruleͷ࡞ https://ap-northeast-1.console.aws.amazon.com/cloudwatch/home?region=ap-northeast-1#events:
Πϕϯτιʔεͷબ
EC2Πϯελϯεͷঢ়ଶΛબ
λʔήοτͷՃ
Lambda functionΛબ
Lambda functionΛબ
ϧʔϧͷ໊લΛೖྗ
ϧʔϧ࡞ྃ
λά͚ͳ͠ಈ࡞֬ೝ ↓ pending͔Β͙͢ʹstoppedʹʂ
λάʮCostʯΛՃ
λά͚͋Γಈ࡞֬ೝ ↓ runningʹͪΌΜͱͳΔʂ
͓ย͚ͮ
ϧʔϧΛআ ফ͓͔ͯ͠ͳ͍ͱΠϯελϯε͕ ىಈͰ͖ͳ͍ݱ͕͓͖·͢ɻ
Lambda functionΛআ ফ͞ͳͯ͘ѱ͞͠·ͤΜͷͰɺ ͍ͯͯ͠ߏ͍·ͤΜ
Πϯελϯεͷఀࢭ or আ
·ͱΊ
·ͱΊ • CloudWatch EventsAWSϦιʔεͷঢ়ଶม ԽʹϦΞϧλΠϜʹରԠͰ͖Δ • pendingͰࢭΊΕ՝ۚͳ͠ʂ • ݁ہLambdaඞཁͳͷͰ֮͑·͠ΐ͏ •
ؤுΓ·͢
OpsJAWS͝հ • AWSӡ༻ཧͷϊϋΛ͘ൃ৴ • Partner SAϒϩάʹӡ༻TipsهࣄΛܝࡌத ࢹɺϩάӡ༻ɺίετཧɺδϣϒӡ༻ɺߏཧɺΠϕϯτ௨etc . . .
http://aws.typepad.com/aws_partner_sa/2015/06/aws-ops.html ɹɹɹɹɹɹɹɹɹɹɹɹ·ͨɺɹɹɹɹɹɹɹɹɹ ɹɹɹͰݕࡧ • Doorkeeper(OpsJAWS)
͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ
None