Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OpsJAWS#4 CloudWatch Events Hands-on

Avatar for Tmorinaga Tmorinaga
March 01, 2016
Technology
3
1.8k

OpsJAWS#4 CloudWatch Events Hands-on

OpsJAWS#4 20160301

Avatar for Tmorinaga

Tmorinaga

March 01, 2016
Tweet

More Decks by Tmorinaga

See All by Tmorinaga
OpsJAWS#13 IAMベストプラクティス
Avatar for Tmorinaga tmorinaga
1
3.9k
Developers.IO 2017 E3
Avatar for Tmorinaga tmorinaga
0
1.3k
JAWS DAYS 2017 Security-JAWS発表資料
Avatar for Tmorinaga tmorinaga
2
4.7k
AWS WAFのログが3時間しか見れないのでなんとかしてみる
Avatar for Tmorinaga tmorinaga
3
4.3k
re:Growth 2016 in Tokyo
Avatar for Tmorinaga tmorinaga
0
2.2k
Developers.IO 2016 in Fukuoka
Avatar for Tmorinaga tmorinaga
1
850
【エンジニア編】AWS活用を考えているなら”必ず!"知っておくべきセキュリティの話
Avatar for Tmorinaga tmorinaga
1
4.4k
【ビジネス編】AWS活用を考えているなら”必ず!"知っておくべきセキュリティの話
Avatar for Tmorinaga tmorinaga
1
2.3k

Other Decks in Technology

See All in Technology
Step Functions First - サーバーレスアーキテクチャの新しいパラダイム
Avatar for Taiki Sugawara taikis
1
280
OTel 公式ドキュメント翻訳 PJ から始めるコミュニティ活動/Community activities starting with the OTel official document translation project
Avatar for Msksgm msksgm
0
290
P2P ではじめる WebRTC のつまづきどころ
Avatar for tnoho tnoho
1
260
RapidPen: AIエージェントによる高度なペネトレーションテスト自動化の研究開発
Avatar for Sho Nakatani laysakura
1
400
大規模組織にAIエージェントを迅速に導入するためのセキュリティの勘所 / AI agents for large-scale organizations
Avatar for Masato Ishigaki / 石垣雅人 i35_267
6
310
Snowflake のアーキテクチャは本当に筋がよかったのか / Data Engineering Study #30
Avatar for Yoshi Matsuzaki indigo13love
0
280
会社もクラウドも違うけど​ 通じたコスト削減テクニック/Cost optimization strategies effective regardless of company or cloud provider
Avatar for AEON aeonpeople
2
350
低レイヤソフトウェア技術者が YouTuberとして食っていこうとした話
Avatar for Satoru Takeuchi sat
PRO
7
5.9k
マルチモーダル基盤モデルに基づく動画と音の解析技術
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
1
160
公開初日に個人環境で試した Gemini CLI 体験記など / Gemini CLI実験レポート
Avatar for you(@youtoy) you
PRO
3
540
Webの技術とガジェットで那須の子ども達にワクワクを! / IoTLT_20250720
Avatar for you(@youtoy) you
PRO
0
130
PdM業務における使い分け
Avatar for Shinshiro shinshiro
0
660

Featured

See All Featured
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
138
34k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
Avatar for Dan Newman danielanewman
229
22k
Art, The Web, and Tiny UX
Avatar for Lynn Fisher lynnandtonic
301
21k
Mobile First: as difficult as doing things right
Avatar for Swwweet swwweet
223
9.7k
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
51
3.3k
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
54
6.5k
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.2k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
34
5.9k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
331
22k
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
63
7.8k
Building Flexible Design Systems
Avatar for Yesenia Perez-Cruz yeseniaperezcruz
328
39k
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
189
11k

Transcript

  1. OpsJAWS#4 CloudWatchEvents Hands-on Ϋϥεϝιουגࣜձࣾ ιϦϡʔγϣϯΞʔΩςΫτ ৿Ӭେࢤ

  2. ࣗݾ঺հ

  3. Morinaga Taishi(@morimoritaitai) AWS Solution Archetect ✦ झຯ : ήʔϜ(શൠ) /

    ञ / Χϝϥ ✦ ڵຯ : DevOps / Security ✦ ޷͖ͳαʔϏε:Config/CloudTrail/IAM AWS Certified Solutions Architect - Professional Developer -Associate SysOps Administorator - Associate

  4. ձࣾ঺հ

  5. Classmethod,Inc.

  6. Classmethod,Inc. AWSίϯαϧɾઃܭɾߏஙͱ ϞόΠϧ։ൃ͕ϝΠϯ

  7. ੈքதʹΦϑΟε جຊతʹਓ͕͍Δͱ͜ΖʹΦϑΟε͕ग़དྷ·͢

  8. Developers.IO

  9. Developers.IO 5500ຊͷٕज़هࣄ 2300ຊͷAWSهࣄ ݄ؒ100ສPV

  10. ϋϯζΦϯͷࢿྉ͸ͪ͜Β https://speakerdeck.com/tmorinaga https://gist.github.com/Tmorinaga

  11. Agenda • CloudWatchEventsͱ͸ • ϋϯζΦϯͷ४උ • Built-in targetΛࢼͯ͠ΈΔ • Lambda

    functionΛࢼͯ͠ΈΔ • ͓ย͚ͮ

  12. CloudWatch Eventsͱ͸

  13. CloudWatchEventsͱ͸ • ΠϕϯτʢϦιʔεͷঢ়ଶมԽͳͲʣΛݕ஌ ͠ɺΠϕϯτυϦϒϯͰΞΫγϣϯΛ࣮ߦ͢ ΔࣄͷͰ͖ΔαʔϏε • ౦ژϦʔδϣϯͰ࢖͑·͢ʂʂʂ

  14. ΠϕϯτυϦϒϯͬͯLambda ͱ͸Ͳ͏ҧ͏ͷʁ • CWE͸Lambdaͷ৽͍͠Πϕϯτιʔε • LambdaҎ֎ͷ࿈ܞʢSNSɺKinesisʣ΍Built- inͷ࢓૊Έ΋༻ҙ͞Ε͍ͯΔ

  15. CloudWatchEventsͷߏ੒ཁૉ • Πϕϯτιʔε • λʔήοτ • ϧʔϧ

  16. Πϕϯτιʔε • ΠϕϯτͷݩͱͳΔϦιʔε΍λΠϛϯά • ݱࡏબ୒Ͱ͖Δͷ͸ҎԼ • EC2ͷStatusมԽʢRunning,Stopped etcʣ • εέδϡʔϧʢ࠷୹̑෼ִؒʣ

    • API CallʢCloudTrailͰर͑Δ΋ͷ͸͍͍ͩͨʣ • AutoScalingͷมԽʢLaunch Successful etcʣ

  17. Πϕϯτιʔε • ΠϕϯτͷݩͱͳΔϦιʔε΍λΠϛϯά • ݱࡏબ୒Ͱ͖Δͷ͸ҎԼ • EC2ͷStatusมԽʢRunning,Stopped etcʣ • εέδϡʔϧʢ࠷୹̑෼ִؒʣ

    • API CallʢCloudTrailͰर͑Δ΋ͷ͸͍͍ͩͨʣ • AutoScalingͷมԽʢLaunch Successful etcʣ

  18. CloudWatchEvents͕ API CallΛΠϕϯτιʔεʹ΋ͭ

  19. Lambda͕ CWEΛΠϕϯτιʔεʹ΋ͭ

  20. ΄΅͢΂ͯͷAPI CallΛ ؆୯ʹLambda࿈ܞͰ͖Δʂ

  21. λʔήοτ • ࣮ߦ͢ΔΞΫγϣϯ • ݱࡏબ୒Ͱ͖Δͷ͸ҎԼ • Lambda Function • SNS

    Topic • Kinesis Stream • Built-in Targetʢsnapshot࡞੒ͳͲͷػೳʣ

  22. ϧʔϧ • Πϕϯτιʔεͱλʔήοτͷ૊Έ߹Θͤ • ͲΜͳϦιʔε͕Ͳ͏ͳͬͨΒʢΠϕϯτιʔ εʣɺͲ͏͢Δ͔ʢλʔήοτʣ

  23. ϋϯζΦϯͷ४උ

  24. ҎԼͷࣄΛ֬ೝͯ͠Լ͍͞ • IAMͷPolicyઃఆ • ࠓճ͸ AdminݖݶͰ΍Γ·͢ʢIAM͍͡ΔͨΊʣ • STSʢSecurity Token ServiceʣͷEndpoint

    • IAM→Account Settings→Security Token Service RegionsͰઃఆ • σϑΥϧτ͸ON • Stoppedঢ়ଶͷΠϯελϯεΛͻͱͭ

  25. CWEʹඞཁͳPolicy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action":

    "events:*", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*" } ] }

  26. Ϧʔδϣϯͷ ΤϯυϙΠϯτ༗ޮԽ

  27. Πϯελϯεͷ४උ t2.nanoͰ΋ͳΜͰ΋͍͍Ͱ͢

  28. Built-in TargetΛ ࢼͯ͠ΈΔ

  29. ࢼͯ͠ΈΔ͜ͱ • InstanceΛىಈͨ͠ΒPendingঢ়ଶͰڧ੍ఀࢭ • ҙຯ͸ಛʹແ͍Ͱ͕͢ɺಈ͖Λݟͯ௖͚Ε͹

  30. Ruleͷ࡞੒ https://ap-northeast-1.console.aws.amazon.com/cloudwatch/home?region=ap-northeast-1#events:

  31. Πϕϯτιʔεͷબ୒

  32. EC2Πϯελϯεͷঢ়ଶΛબ୒

  33. λʔήοτͷ௥Ճ

  34. Built-in targetΛબ୒

  35. ΞΫγϣϯͷબ୒

  36. Πϯελϯεͷબ୒ ͜Ε * ͰࢦఆͰ͖ΔΑ͏ʹͳΓ·ͤΜ͔Ͷ…ʁ

  37. ϧʔϧͷ໊લΛೖྗ

  38. IAM RoleΛ࡞੒ طʹ࡞੒͞Ε͍ͯΔํ͸ͦͪΒΛબ୒

  39. IAM Roleͷ࡞੒ ಛʹઃఆ͸ཁΒͳ͍ͷͰڐՄ

  40. built-in targetʹඞཁͳPolicy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow",

    "Action": [ "ec2:Describe*", "ec2:RebootInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:CreateSnapshot" ], "Resource": "*" } ] }

  41. ϧʔϧ࡞੒׬ྃ

  42. ಈ࡞֬ೝ

  43. ಈ࡞֬ೝ ↓ pending͔Β͙͢ʹstoppedʹʂ

  44. ࣍ͷϋϯζΦϯͷͨΊʹ… ࢒͍ͯ͠Δͱ͕࣍͏·͍͖͘·ͤΜ

  45. Lambda FunctionΛ ࢼͯ͠ΈΔ

  46. ࢼͯ͠ΈΔ͜ͱ • ࢦఆ͞ΕͨλάʮCostʯ͕͍͍ͭͯͳ͍ InstanceΛىಈͨ͠ΒPendingঢ়ଶͰڧ੍ఀࢭ • λάͷ͚ͭ๨Εͬͯଟ͍Ͱ͢ΑͶ…

  47. Lambda Function࡞੒

  48. blueprint͸࢖Θͳ͍ͷͰSkip

  49. ໊લͱ࢖༻ݴޠΛࢦఆ

  50. ίʔυΛίϐϖ https://gist.github.com/Tmorinaga/5b1df9e90e20fe173685

  51. ίʔυʹ͍ͭͯ • ΤϥʔϋϯυϦϯάͳͲ͍ͯ͠·ͤΜͷͰɺ ຊ൪ར༻ͳͲ͢Δ৔߹͸࡞Γ͜ΜͰԼ͍͞ɻ • ͍͍΋ͷ͕Ͱ͖ͨΒڭ͑ͯԼ͍͞m(_ _)m

  52. Lambda༻IAM Role࡞੒

  53. Policyඍௐ੔

  54. Policyඍௐ੔

  55. built-in targetʹඞཁͳPolicy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow",

    "Action": [ . . . ], "Resource": "arn:aws:logs:*:*:*" }, { "Effect": "Allow", "Action": [ "ec2:StopInstances", "ec2:DescribeInstances" ], "Resource": "*" } ] } ←͜ͷ෦෼Λ௥Ճ https://gist.github.com/Tmorinaga/678cd280c1702c9c5233

  56. Advanced settings͸ͦͷ··

  57. Review

  58. Ruleͷ࡞੒ https://ap-northeast-1.console.aws.amazon.com/cloudwatch/home?region=ap-northeast-1#events:

  59. Πϕϯτιʔεͷબ୒

  60. EC2Πϯελϯεͷঢ়ଶΛબ୒

  61. λʔήοτͷ௥Ճ

  62. Lambda functionΛબ୒

  63. Lambda functionΛબ୒

  64. ϧʔϧͷ໊લΛೖྗ

  65. ϧʔϧ࡞੒׬ྃ

  66. λά෇͚ͳ͠ಈ࡞֬ೝ ↓ pending͔Β͙͢ʹstoppedʹʂ

  67. λάʮCostʯΛ௥Ճ

  68. λά෇͚͋Γಈ࡞֬ೝ ↓ runningʹͪΌΜͱͳΔʂ

  69. ͓ย͚ͮ

  70. ϧʔϧΛ࡟আ ফ͓͔ͯ͠ͳ͍ͱΠϯελϯε͕ ىಈͰ͖ͳ͍ݱ৅͕͓͖·͢ɻ

  71. Lambda functionΛ࡟আ ফ͞ͳͯ͘΋ѱ͞͸͠·ͤΜͷͰɺ ࢒͍ͯͯ͠΋ߏ͍·ͤΜ

  72. Πϯελϯεͷఀࢭ or ࡟আ

  73. ·ͱΊ

  74. ·ͱΊ • CloudWatch Events͸AWSϦιʔεͷঢ়ଶม ԽʹϦΞϧλΠϜʹରԠͰ͖Δ • pendingͰࢭΊΕ͹՝ۚͳ͠ʂ • ݁ہLambda͸ඞཁͳͷͰ֮͑·͠ΐ͏ •

    ؤுΓ·͢

  75. OpsJAWS͝঺հ • AWSӡ༻؅ཧͷϊ΢ϋ΢Λ޿͘ൃ৴ • Partner SAϒϩάʹӡ༻TipsهࣄΛܝࡌத ؂ࢹɺϩάӡ༻ɺίετ؅ཧɺδϣϒӡ༻ɺߏ੒؅ཧɺΠϕϯτ௨஌etc . . .

    http://aws.typepad.com/aws_partner_sa/2015/06/aws-ops.html ɹɹɹɹɹɹɹɹɹɹɹɹ·ͨ͸ɺɹɹɹɹɹɹɹɹɹ ɹɹɹͰݕࡧ • Doorkeeper(OpsJAWS)

  76. ͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ

  77. None