Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
OpsJAWS#4 CloudWatch Events Hands-on
Search
Tmorinaga
March 01, 2016
Technology
3
1.8k
OpsJAWS#4 CloudWatch Events Hands-on
OpsJAWS#4 20160301
Tmorinaga
March 01, 2016
Tweet
Share
More Decks by Tmorinaga
See All by Tmorinaga
OpsJAWS#13 IAMベストプラクティス
tmorinaga
1
3.9k
Developers.IO 2017 E3
tmorinaga
0
1.3k
JAWS DAYS 2017 Security-JAWS発表資料
tmorinaga
2
4.8k
AWS WAFのログが3時間しか見れないのでなんとかしてみる
tmorinaga
3
4.3k
re:Growth 2016 in Tokyo
tmorinaga
0
2.2k
Developers.IO 2016 in Fukuoka
tmorinaga
1
860
【エンジニア編】AWS活用を考えているなら”必ず!"知っておくべきセキュリティの話
tmorinaga
1
4.4k
【ビジネス編】AWS活用を考えているなら”必ず!"知っておくべきセキュリティの話
tmorinaga
1
2.3k
Other Decks in Technology
See All in Technology
なぜSaaSがMCPサーバーをサービス提供するのか?
sansantech
PRO
8
2.7k
共有と分離 - Compose Multiplatform "本番導入" の設計指針
error96num
1
220
20250910_障害注入から効率的復旧へ_カオスエンジニアリング_生成AIで考えるAWS障害対応.pdf
sh_fk2
3
170
研究開発と製品開発、両利きのロボティクス
youtalk
1
500
AIのグローバルトレンド2025 #scrummikawa / global ai trend
kyonmm
PRO
1
250
Grafana MCPサーバーによるAIエージェント経由でのGrafanaダッシュボード動的生成
hamadakoji
1
1.5k
Obsidian応用活用術
onikun94
1
430
実践!カスタムインストラクション&スラッシュコマンド
puku0x
0
270
Webアプリケーションにオブザーバビリティを実装するRust入門ガイド
nwiizo
3
450
[RSJ25] Feasible RAG: Hierarchical Multimodal Retrieval with Feasibility-Aware Embodied Memory for Mobile Manipulation
keio_smilab
PRO
0
120
テストを軸にした生き残り術
kworkdev
PRO
0
190
下手な強制、ダメ!絶対! 「ガードレール」を「檻」にさせない"ガバナンス"の取り方とは?
tsukaman
2
390
Featured
See All Featured
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.4k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
252
21k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Writing Fast Ruby
sferik
628
62k
The Cult of Friendly URLs
andyhume
79
6.6k
RailsConf 2023
tenderlove
30
1.2k
Faster Mobile Websites
deanohume
309
31k
YesSQL, Process and Tooling at Scale
rocio
173
14k
Designing for Performance
lara
610
69k
Speed Design
sergeychernyshev
32
1.1k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
The Straight Up "How To Draw Better" Workshop
denniskardys
236
140k
Transcript
OpsJAWS#4 CloudWatchEvents Hands-on Ϋϥεϝιουגࣜձࣾ ιϦϡʔγϣϯΞʔΩςΫτ Ӭେࢤ
ࣗݾհ
Morinaga Taishi(@morimoritaitai) AWS Solution Archetect ✦ झຯ : ήʔϜ(શൠ) /
ञ / Χϝϥ ✦ ڵຯ : DevOps / Security ✦ ͖ͳαʔϏε:Config/CloudTrail/IAM AWS Certified Solutions Architect - Professional Developer -Associate SysOps Administorator - Associate
ձࣾհ
Classmethod,Inc.
Classmethod,Inc. AWSίϯαϧɾઃܭɾߏஙͱ ϞόΠϧ։ൃ͕ϝΠϯ
ੈքதʹΦϑΟε جຊతʹਓ͕͍Δͱ͜ΖʹΦϑΟε͕ग़དྷ·͢
Developers.IO
Developers.IO 5500ຊͷٕज़هࣄ 2300ຊͷAWSهࣄ ݄ؒ100ສPV
ϋϯζΦϯͷࢿྉͪ͜Β https://speakerdeck.com/tmorinaga https://gist.github.com/Tmorinaga
Agenda • CloudWatchEventsͱ • ϋϯζΦϯͷ४උ • Built-in targetΛࢼͯ͠ΈΔ • Lambda
functionΛࢼͯ͠ΈΔ • ͓ย͚ͮ
CloudWatch Eventsͱ
CloudWatchEventsͱ • ΠϕϯτʢϦιʔεͷঢ়ଶมԽͳͲʣΛݕ ͠ɺΠϕϯτυϦϒϯͰΞΫγϣϯΛ࣮ߦ͢ ΔࣄͷͰ͖ΔαʔϏε • ౦ژϦʔδϣϯͰ͑·͢ʂʂʂ
ΠϕϯτυϦϒϯͬͯLambda ͱͲ͏ҧ͏ͷʁ • CWELambdaͷ৽͍͠Πϕϯτιʔε • LambdaҎ֎ͷ࿈ܞʢSNSɺKinesisʣBuilt- inͷΈ༻ҙ͞Ε͍ͯΔ
CloudWatchEventsͷߏཁૉ • Πϕϯτιʔε • λʔήοτ • ϧʔϧ
Πϕϯτιʔε • ΠϕϯτͷݩͱͳΔϦιʔελΠϛϯά • ݱࡏબͰ͖ΔͷҎԼ • EC2ͷStatusมԽʢRunning,Stopped etcʣ • εέδϡʔϧʢ࠷ִ̑ؒʣ
• API CallʢCloudTrailͰर͑Δͷ͍͍ͩͨʣ • AutoScalingͷมԽʢLaunch Successful etcʣ
Πϕϯτιʔε • ΠϕϯτͷݩͱͳΔϦιʔελΠϛϯά • ݱࡏબͰ͖ΔͷҎԼ • EC2ͷStatusมԽʢRunning,Stopped etcʣ • εέδϡʔϧʢ࠷ִ̑ؒʣ
• API CallʢCloudTrailͰर͑Δͷ͍͍ͩͨʣ • AutoScalingͷมԽʢLaunch Successful etcʣ
CloudWatchEvents͕ API CallΛΠϕϯτιʔεʹͭ
Lambda͕ CWEΛΠϕϯτιʔεʹͭ
΄΅ͯ͢ͷAPI CallΛ ؆୯ʹLambda࿈ܞͰ͖Δʂ
λʔήοτ • ࣮ߦ͢ΔΞΫγϣϯ • ݱࡏબͰ͖ΔͷҎԼ • Lambda Function • SNS
Topic • Kinesis Stream • Built-in Targetʢsnapshot࡞ͳͲͷػೳʣ
ϧʔϧ • ΠϕϯτιʔεͱλʔήοτͷΈ߹Θͤ • ͲΜͳϦιʔε͕Ͳ͏ͳͬͨΒʢΠϕϯτιʔ εʣɺͲ͏͢Δ͔ʢλʔήοτʣ
ϋϯζΦϯͷ४උ
ҎԼͷࣄΛ֬ೝͯ͠Լ͍͞ • IAMͷPolicyઃఆ • ࠓճ AdminݖݶͰΓ·͢ʢIAM͍͡ΔͨΊʣ • STSʢSecurity Token ServiceʣͷEndpoint
• IAM→Account Settings→Security Token Service RegionsͰઃఆ • σϑΥϧτON • Stoppedঢ়ଶͷΠϯελϯεΛͻͱͭ
CWEʹඞཁͳPolicy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action":
"events:*", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*" } ] }
Ϧʔδϣϯͷ ΤϯυϙΠϯτ༗ޮԽ
Πϯελϯεͷ४උ t2.nanoͰͳΜͰ͍͍Ͱ͢
Built-in TargetΛ ࢼͯ͠ΈΔ
ࢼͯ͠ΈΔ͜ͱ • InstanceΛىಈͨ͠ΒPendingঢ়ଶͰڧ੍ఀࢭ • ҙຯಛʹແ͍Ͱ͕͢ɺಈ͖Λݟ͚ͯΕ
Ruleͷ࡞ https://ap-northeast-1.console.aws.amazon.com/cloudwatch/home?region=ap-northeast-1#events:
Πϕϯτιʔεͷબ
EC2Πϯελϯεͷঢ়ଶΛબ
λʔήοτͷՃ
Built-in targetΛબ
ΞΫγϣϯͷબ
Πϯελϯεͷબ ͜Ε * ͰࢦఆͰ͖ΔΑ͏ʹͳΓ·ͤΜ͔Ͷ…ʁ
ϧʔϧͷ໊લΛೖྗ
IAM RoleΛ࡞ طʹ࡞͞Ε͍ͯΔํͦͪΒΛબ
IAM Roleͷ࡞ ಛʹઃఆཁΒͳ͍ͷͰڐՄ
built-in targetʹඞཁͳPolicy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow",
"Action": [ "ec2:Describe*", "ec2:RebootInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:CreateSnapshot" ], "Resource": "*" } ] }
ϧʔϧ࡞ྃ
ಈ࡞֬ೝ
ಈ࡞֬ೝ ↓ pending͔Β͙͢ʹstoppedʹʂ
࣍ͷϋϯζΦϯͷͨΊʹ… ͍ͯ͠Δͱ͕࣍͏·͍͖͘·ͤΜ
Lambda FunctionΛ ࢼͯ͠ΈΔ
ࢼͯ͠ΈΔ͜ͱ • ࢦఆ͞ΕͨλάʮCostʯ͕͍͍ͭͯͳ͍ InstanceΛىಈͨ͠ΒPendingঢ়ଶͰڧ੍ఀࢭ • λάͷ͚ͭΕͬͯଟ͍Ͱ͢ΑͶ…
Lambda Function࡞
blueprintΘͳ͍ͷͰSkip
໊લͱ༻ݴޠΛࢦఆ
ίʔυΛίϐϖ https://gist.github.com/Tmorinaga/5b1df9e90e20fe173685
ίʔυʹ͍ͭͯ • ΤϥʔϋϯυϦϯάͳͲ͍ͯ͠·ͤΜͷͰɺ ຊ൪ར༻ͳͲ͢Δ߹࡞Γ͜ΜͰԼ͍͞ɻ • ͍͍ͷ͕Ͱ͖ͨΒڭ͑ͯԼ͍͞m(_ _)m
Lambda༻IAM Role࡞
Policyඍௐ
Policyඍௐ
built-in targetʹඞཁͳPolicy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow",
"Action": [ . . . ], "Resource": "arn:aws:logs:*:*:*" }, { "Effect": "Allow", "Action": [ "ec2:StopInstances", "ec2:DescribeInstances" ], "Resource": "*" } ] } ←͜ͷ෦ΛՃ https://gist.github.com/Tmorinaga/678cd280c1702c9c5233
Advanced settingsͦͷ··
Review
Ruleͷ࡞ https://ap-northeast-1.console.aws.amazon.com/cloudwatch/home?region=ap-northeast-1#events:
Πϕϯτιʔεͷબ
EC2Πϯελϯεͷঢ়ଶΛબ
λʔήοτͷՃ
Lambda functionΛબ
Lambda functionΛબ
ϧʔϧͷ໊લΛೖྗ
ϧʔϧ࡞ྃ
λά͚ͳ͠ಈ࡞֬ೝ ↓ pending͔Β͙͢ʹstoppedʹʂ
λάʮCostʯΛՃ
λά͚͋Γಈ࡞֬ೝ ↓ runningʹͪΌΜͱͳΔʂ
͓ย͚ͮ
ϧʔϧΛআ ফ͓͔ͯ͠ͳ͍ͱΠϯελϯε͕ ىಈͰ͖ͳ͍ݱ͕͓͖·͢ɻ
Lambda functionΛআ ফ͞ͳͯ͘ѱ͞͠·ͤΜͷͰɺ ͍ͯͯ͠ߏ͍·ͤΜ
Πϯελϯεͷఀࢭ or আ
·ͱΊ
·ͱΊ • CloudWatch EventsAWSϦιʔεͷঢ়ଶม ԽʹϦΞϧλΠϜʹରԠͰ͖Δ • pendingͰࢭΊΕ՝ۚͳ͠ʂ • ݁ہLambdaඞཁͳͷͰ֮͑·͠ΐ͏ •
ؤுΓ·͢
OpsJAWS͝հ • AWSӡ༻ཧͷϊϋΛ͘ൃ৴ • Partner SAϒϩάʹӡ༻TipsهࣄΛܝࡌத ࢹɺϩάӡ༻ɺίετཧɺδϣϒӡ༻ɺߏཧɺΠϕϯτ௨etc . . .
http://aws.typepad.com/aws_partner_sa/2015/06/aws-ops.html ɹɹɹɹɹɹɹɹɹɹɹɹ·ͨɺɹɹɹɹɹɹɹɹɹ ɹɹɹͰݕࡧ • Doorkeeper(OpsJAWS)
͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ
None