Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
OpsJAWS#4 CloudWatch Events Hands-on
Search
Tmorinaga
March 01, 2016
Technology
3
1.8k
OpsJAWS#4 CloudWatch Events Hands-on
OpsJAWS#4 20160301
Tmorinaga
March 01, 2016
Tweet
Share
More Decks by Tmorinaga
See All by Tmorinaga
OpsJAWS#13 IAMベストプラクティス
tmorinaga
1
3.9k
Developers.IO 2017 E3
tmorinaga
0
1.3k
JAWS DAYS 2017 Security-JAWS発表資料
tmorinaga
2
4.7k
AWS WAFのログが3時間しか見れないのでなんとかしてみる
tmorinaga
3
4.3k
re:Growth 2016 in Tokyo
tmorinaga
0
2.2k
Developers.IO 2016 in Fukuoka
tmorinaga
1
830
【エンジニア編】AWS活用を考えているなら”必ず!"知っておくべきセキュリティの話
tmorinaga
1
4.4k
【ビジネス編】AWS活用を考えているなら”必ず!"知っておくべきセキュリティの話
tmorinaga
1
2.3k
Other Decks in Technology
See All in Technology
LinkX_GitHubを基点にした_AI時代のプロジェクトマネジメント.pdf
iotcomjpadmin
0
170
Model Mondays S2E02: Model Context Protocol
nitya
0
210
How Community Opened Global Doors
hiroramos4
PRO
1
110
フィンテック養成勉強会#54
finengine
0
170
Witchcraft for Memory
pocke
1
220
Prox Industries株式会社 会社紹介資料
proxindustries
0
260
Snowflake Summit 2025全体振り返り / Snowflake Summit 2025 Overall Review
mtpooh
2
390
Windows 11 で AWS Documentation MCP Server 接続実践/practical-aws-documentation-mcp-server-connection-on-windows-11
emiki
0
910
VCpp Link and Library - C++ breaktime 2025 Summer
harukasao
0
240
AWS アーキテクチャ作図入門/aws-architecture-diagram-101
ma2shita
29
10k
IIWレポートからみるID業界で話題のMCP
fujie
0
770
Node-REDのFunctionノードでMCPサーバーの実装を試してみた / Node-RED × MCP 勉強会 vol.1
you
PRO
0
110
Featured
See All Featured
Art, The Web, and Tiny UX
lynnandtonic
299
21k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.4k
Java REST API Framework Comparison - PWX 2021
mraible
31
8.6k
How to Think Like a Performance Engineer
csswizardry
24
1.7k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.3k
It's Worth the Effort
3n
185
28k
For a Future-Friendly Web
brad_frost
179
9.8k
Gamification - CAS2011
davidbonilla
81
5.3k
Thoughts on Productivity
jonyablonski
69
4.7k
The Pragmatic Product Professional
lauravandoore
35
6.7k
Code Reviewing Like a Champion
maltzj
524
40k
What's in a price? How to price your products and services
michaelherold
246
12k
Transcript
OpsJAWS#4 CloudWatchEvents Hands-on Ϋϥεϝιουגࣜձࣾ ιϦϡʔγϣϯΞʔΩςΫτ Ӭେࢤ
ࣗݾհ
Morinaga Taishi(@morimoritaitai) AWS Solution Archetect ✦ झຯ : ήʔϜ(શൠ) /
ञ / Χϝϥ ✦ ڵຯ : DevOps / Security ✦ ͖ͳαʔϏε:Config/CloudTrail/IAM AWS Certified Solutions Architect - Professional Developer -Associate SysOps Administorator - Associate
ձࣾհ
Classmethod,Inc.
Classmethod,Inc. AWSίϯαϧɾઃܭɾߏஙͱ ϞόΠϧ։ൃ͕ϝΠϯ
ੈքதʹΦϑΟε جຊతʹਓ͕͍Δͱ͜ΖʹΦϑΟε͕ग़དྷ·͢
Developers.IO
Developers.IO 5500ຊͷٕज़هࣄ 2300ຊͷAWSهࣄ ݄ؒ100ສPV
ϋϯζΦϯͷࢿྉͪ͜Β https://speakerdeck.com/tmorinaga https://gist.github.com/Tmorinaga
Agenda • CloudWatchEventsͱ • ϋϯζΦϯͷ४උ • Built-in targetΛࢼͯ͠ΈΔ • Lambda
functionΛࢼͯ͠ΈΔ • ͓ย͚ͮ
CloudWatch Eventsͱ
CloudWatchEventsͱ • ΠϕϯτʢϦιʔεͷঢ়ଶมԽͳͲʣΛݕ ͠ɺΠϕϯτυϦϒϯͰΞΫγϣϯΛ࣮ߦ͢ ΔࣄͷͰ͖ΔαʔϏε • ౦ژϦʔδϣϯͰ͑·͢ʂʂʂ
ΠϕϯτυϦϒϯͬͯLambda ͱͲ͏ҧ͏ͷʁ • CWELambdaͷ৽͍͠Πϕϯτιʔε • LambdaҎ֎ͷ࿈ܞʢSNSɺKinesisʣBuilt- inͷΈ༻ҙ͞Ε͍ͯΔ
CloudWatchEventsͷߏཁૉ • Πϕϯτιʔε • λʔήοτ • ϧʔϧ
Πϕϯτιʔε • ΠϕϯτͷݩͱͳΔϦιʔελΠϛϯά • ݱࡏબͰ͖ΔͷҎԼ • EC2ͷStatusมԽʢRunning,Stopped etcʣ • εέδϡʔϧʢ࠷ִ̑ؒʣ
• API CallʢCloudTrailͰर͑Δͷ͍͍ͩͨʣ • AutoScalingͷมԽʢLaunch Successful etcʣ
Πϕϯτιʔε • ΠϕϯτͷݩͱͳΔϦιʔελΠϛϯά • ݱࡏબͰ͖ΔͷҎԼ • EC2ͷStatusมԽʢRunning,Stopped etcʣ • εέδϡʔϧʢ࠷ִ̑ؒʣ
• API CallʢCloudTrailͰर͑Δͷ͍͍ͩͨʣ • AutoScalingͷมԽʢLaunch Successful etcʣ
CloudWatchEvents͕ API CallΛΠϕϯτιʔεʹͭ
Lambda͕ CWEΛΠϕϯτιʔεʹͭ
΄΅ͯ͢ͷAPI CallΛ ؆୯ʹLambda࿈ܞͰ͖Δʂ
λʔήοτ • ࣮ߦ͢ΔΞΫγϣϯ • ݱࡏબͰ͖ΔͷҎԼ • Lambda Function • SNS
Topic • Kinesis Stream • Built-in Targetʢsnapshot࡞ͳͲͷػೳʣ
ϧʔϧ • ΠϕϯτιʔεͱλʔήοτͷΈ߹Θͤ • ͲΜͳϦιʔε͕Ͳ͏ͳͬͨΒʢΠϕϯτιʔ εʣɺͲ͏͢Δ͔ʢλʔήοτʣ
ϋϯζΦϯͷ४උ
ҎԼͷࣄΛ֬ೝͯ͠Լ͍͞ • IAMͷPolicyઃఆ • ࠓճ AdminݖݶͰΓ·͢ʢIAM͍͡ΔͨΊʣ • STSʢSecurity Token ServiceʣͷEndpoint
• IAM→Account Settings→Security Token Service RegionsͰઃఆ • σϑΥϧτON • Stoppedঢ়ଶͷΠϯελϯεΛͻͱͭ
CWEʹඞཁͳPolicy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action":
"events:*", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*" } ] }
Ϧʔδϣϯͷ ΤϯυϙΠϯτ༗ޮԽ
Πϯελϯεͷ४උ t2.nanoͰͳΜͰ͍͍Ͱ͢
Built-in TargetΛ ࢼͯ͠ΈΔ
ࢼͯ͠ΈΔ͜ͱ • InstanceΛىಈͨ͠ΒPendingঢ়ଶͰڧ੍ఀࢭ • ҙຯಛʹແ͍Ͱ͕͢ɺಈ͖Λݟ͚ͯΕ
Ruleͷ࡞ https://ap-northeast-1.console.aws.amazon.com/cloudwatch/home?region=ap-northeast-1#events:
Πϕϯτιʔεͷબ
EC2Πϯελϯεͷঢ়ଶΛબ
λʔήοτͷՃ
Built-in targetΛબ
ΞΫγϣϯͷબ
Πϯελϯεͷબ ͜Ε * ͰࢦఆͰ͖ΔΑ͏ʹͳΓ·ͤΜ͔Ͷ…ʁ
ϧʔϧͷ໊લΛೖྗ
IAM RoleΛ࡞ طʹ࡞͞Ε͍ͯΔํͦͪΒΛબ
IAM Roleͷ࡞ ಛʹઃఆཁΒͳ͍ͷͰڐՄ
built-in targetʹඞཁͳPolicy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow",
"Action": [ "ec2:Describe*", "ec2:RebootInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:CreateSnapshot" ], "Resource": "*" } ] }
ϧʔϧ࡞ྃ
ಈ࡞֬ೝ
ಈ࡞֬ೝ ↓ pending͔Β͙͢ʹstoppedʹʂ
࣍ͷϋϯζΦϯͷͨΊʹ… ͍ͯ͠Δͱ͕࣍͏·͍͖͘·ͤΜ
Lambda FunctionΛ ࢼͯ͠ΈΔ
ࢼͯ͠ΈΔ͜ͱ • ࢦఆ͞ΕͨλάʮCostʯ͕͍͍ͭͯͳ͍ InstanceΛىಈͨ͠ΒPendingঢ়ଶͰڧ੍ఀࢭ • λάͷ͚ͭΕͬͯଟ͍Ͱ͢ΑͶ…
Lambda Function࡞
blueprintΘͳ͍ͷͰSkip
໊લͱ༻ݴޠΛࢦఆ
ίʔυΛίϐϖ https://gist.github.com/Tmorinaga/5b1df9e90e20fe173685
ίʔυʹ͍ͭͯ • ΤϥʔϋϯυϦϯάͳͲ͍ͯ͠·ͤΜͷͰɺ ຊ൪ར༻ͳͲ͢Δ߹࡞Γ͜ΜͰԼ͍͞ɻ • ͍͍ͷ͕Ͱ͖ͨΒڭ͑ͯԼ͍͞m(_ _)m
Lambda༻IAM Role࡞
Policyඍௐ
Policyඍௐ
built-in targetʹඞཁͳPolicy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow",
"Action": [ . . . ], "Resource": "arn:aws:logs:*:*:*" }, { "Effect": "Allow", "Action": [ "ec2:StopInstances", "ec2:DescribeInstances" ], "Resource": "*" } ] } ←͜ͷ෦ΛՃ https://gist.github.com/Tmorinaga/678cd280c1702c9c5233
Advanced settingsͦͷ··
Review
Ruleͷ࡞ https://ap-northeast-1.console.aws.amazon.com/cloudwatch/home?region=ap-northeast-1#events:
Πϕϯτιʔεͷબ
EC2Πϯελϯεͷঢ়ଶΛબ
λʔήοτͷՃ
Lambda functionΛબ
Lambda functionΛબ
ϧʔϧͷ໊લΛೖྗ
ϧʔϧ࡞ྃ
λά͚ͳ͠ಈ࡞֬ೝ ↓ pending͔Β͙͢ʹstoppedʹʂ
λάʮCostʯΛՃ
λά͚͋Γಈ࡞֬ೝ ↓ runningʹͪΌΜͱͳΔʂ
͓ย͚ͮ
ϧʔϧΛআ ফ͓͔ͯ͠ͳ͍ͱΠϯελϯε͕ ىಈͰ͖ͳ͍ݱ͕͓͖·͢ɻ
Lambda functionΛআ ফ͞ͳͯ͘ѱ͞͠·ͤΜͷͰɺ ͍ͯͯ͠ߏ͍·ͤΜ
Πϯελϯεͷఀࢭ or আ
·ͱΊ
·ͱΊ • CloudWatch EventsAWSϦιʔεͷঢ়ଶม ԽʹϦΞϧλΠϜʹରԠͰ͖Δ • pendingͰࢭΊΕ՝ۚͳ͠ʂ • ݁ہLambdaඞཁͳͷͰ֮͑·͠ΐ͏ •
ؤுΓ·͢
OpsJAWS͝հ • AWSӡ༻ཧͷϊϋΛ͘ൃ৴ • Partner SAϒϩάʹӡ༻TipsهࣄΛܝࡌத ࢹɺϩάӡ༻ɺίετཧɺδϣϒӡ༻ɺߏཧɺΠϕϯτ௨etc . . .
http://aws.typepad.com/aws_partner_sa/2015/06/aws-ops.html ɹɹɹɹɹɹɹɹɹɹɹɹ·ͨɺɹɹɹɹɹɹɹɹɹ ɹɹɹͰݕࡧ • Doorkeeper(OpsJAWS)
͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ
None