AWS CDKはどう使いこなすのか、初期開発から運用までのノウハウ/know-how-from-initial-development-to-operation-on-how-to-use-aws-cdk

Transcript

1. © 2021, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. AWS CDK ͸Ͳ͏࢖͍͜ͳ͢ͷ͔ɺॳظ։ൃ͔Βӡ༻·Ͱͷϊ΢ϋ΢ Ϋϥεϝιου גࣜձࣾ ࠤ౻ஐथ C - 2

2. O N L I N E J A P A

   N | S E P T E M B E R 2 8 , 2 0 2 1

3. • ࠤ౻ஐथ • Ϋϥεϝιουגࣜձࣾ • CX ࣄۀຊ෦ IoT ࣄۀ෦ •

   લ৬ɿSIer ͷ SE Λ4೥ऑ • ݱࡏɿΠϯϑϥ݉αʔόʔαΠυ݉ etc • ޷͖ͳAWSαʔϏεɿ AWS LambdaɺAWS Cloud Development Kit (CDK) ࣗݾ঺հ @tmk2154 @tomoki10

4. • AWS CDK ͷशख़౓ʹ߹Θͤͨίϯςϯπ ର৅ͱͳΔௌߨऀ େମΘ͔ͬͨਓ AWS CDKͰΫϥ΢υΞϓϦέ ʔγϣϯΛ։ൃ͢ΔͨΊͷϕ ετϓϥΫςΟε

   etc.. গ͠࢖ͬͨਓ • CDK Patterns ͳͲͷαϯϓ ϧ͸͋͘·Ͱ࣮૷ͷύλʔϯ • ࣮຿ͷ؍఺͸গͳ͍ ະܦݧͷਓ AWS CDK Workshop https://summit-online-japan-cdk.workshop.aws/ https://aws.amazon.com/jp/blogs/news/best-practices- for-developing-cloud-applications-with-aws-cdk/ ʁ

5. • शख़౓͝ͱͷ໨ඪ ର৅ͱͳΔௌߨऀ͝ͱͷ໨ඪ େମΘ͔ͬͨਓ ͜͜ʹߦ͘଎౓ΛૣΊΔ গ͠࢖ͬͨਓ ͱΓ͋͑ͣ CDK ৮ͬͨਓ͕ ະܦݧͷਓ

   AWS CDK Workshop https://summit-online-japan-cdk.workshop.aws/

6. • शख़౓͝ͱͷ໨ඪ ର৅ͱͳΔௌߨऀ͝ͱͷ໨ඪ େମΘ͔ͬͨਓ • 2൪໨ͷର৅ • ຊࢿྉΛνʔϜͷೝ ࣝ߹ΘͤͷνΣοΫ Ϧετͱͯ͠׆༻

   • ҉໧஌ͷ࠶֬ೝ গ͠࢖ͬͨਓ • ϝΠϯͷର৅ • PJ ։࢝࣌ʹ೰Ή෦෼ ͷղফʹ׆༻ ະܦݧͷਓ • CDK Workshop Λࢼ ͯ͠ɺ࣮ӡ༻Ͱ೰Μ ͩ࣌ࢿྉΛࢥ͍ग़͢

7. © 2021, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. • ॳظ։ൃ࣌ͷݕ౼ࣄ߲ (11߲໨) • CI/CD ؀ڥͷ࡞੒ (5߲໨) • ӡ༻ (7߲໨) ΞδΣϯμ (શମʣ

8. © 2021, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. • ݴޠબఆ • ύοέʔδ؅ཧ • ΞϓϦ૚ (bin) ͷ෼͚ํ • ελοΫ૚ (lib) ͷ෼͚ํ • ελοΫؒͷϦιʔεࢀর • ίϯετϥΫτ૚ͷ࢖͍෼͚ • ෳ਺ΞΧ΢ϯτ΁ͷσϓϩΠ • ίʔσΟϯάن໿ • ෳ਺ਓ։ൃ࣌ͷσϓϩΠํ๏ • ϦϙδτϦͷཻ౓ • Ͳ͜·Ͱ AWS CDK Խ͢Δ͔ ΞδΣϯμ(ॳظ։ൃ࣌ͷݕ౼ࣄ߲ʣ

9. • AWS CDK Ͱ࣮૷͢Δࡍʹ࢖͑Δݴޠ TypeScript/JavaScriptɺPythonɺJavaɺC#ɺGo(։ൃऀϓϨϏϡʔ) ※ ։ൃʹ࢖༻͍ͯ͠Δݴޠͱಉ͡ݴޠͰॻ͖΍͍͢ • ͓͢͢Ίͷݴޠɺཧ༝ TypeScript

   • TypeScript Ͱॻ͔Ε͍ͯΔ೔ຊޠͷهࣄ΍αϯϓϧίʔυ͕ඇৗʹଟ͍ • AWS CDK ࣗମ͕ TypeScript Ͱॻ͔Ε͍ͯΔͷͰ໋໊نଇ΍ઃܭɺ࣮૷͸ AWS CDK ͷํ਑Λਅࣅ࣮ͯ͠૷͠΍͍͢ • ଍Γͳ͍ػೳ͕͋Δ৔߹ʹಉ͡ݴޠͩͱ֦ு͠΍͍͢ ݴޠબఆ ※ࢀߟɿʮWorking with the AWS CDKʯhttps://docs.aws.amazon.com/cdk/latest/guide/work-with.html

10. ܕΤϥʔͷࢀߟɿ • AWS CDK ͷύοέʔδ͸શͯಉ͡όʔδϣϯʹ͢Δ • όʔδϣϯؒͰܕʹޓ׵ੑ͕ͳ͘ΤϥʔʹͳΔ৔ ߹͕͋Δ • Α͋͘Δύλʔϯɿ

    ௥ՃͰ AWS CDKͷ ύοέʔδΛೖΕͨࡍɺݩ͋ ͬͨύοέʔδ܈ͱόʔδϣϯ͕ҟͳΓܕΤϥʔ ͕ൃੜ →όʔδϣϯݻఆͰΠϯετʔϧ͠Α͏ʂ • ։ൃ࣌ࠔͬͨΒTIPS • node_modules Λ࡟আͯ͠࠶Πϯετʔϧ • ύοέʔδπʔϧͷΤϥʔϩάΛ֬ೝ ύοέʔδ؅ཧ (TypeScript ݶఆ) ࢀߟURLɿ https://dev.classmethod.jp/articles/align-the-versions-of-aws-cdk- modules-in-the-same-cdk-project/

11. • bin/lib͕ର৅ͱͳΔൣғ σϑΥϧτͩͱҎԼͷσΟϨΫτϦ( cdk.json ͷ appͰมߋՄೳ ) • bin: ӈਤͷAppʹ૬౰͢Δ෦෼(ҎޙΞϓϦ૚ͱهड़͠·͢)

    • lib: ӈਤͷStackʹ૬౰͢Δ෦෼ (ҎޙελοΫ૚ͱهड़͠·͢) ΞϓϦ૚ (bin) ͷ෼͚ํ ը૾Ҿ༻ݩɿ https://aws.amazon.com/jp/blogs/aws/boost-your-infrastructure-with-cdk/ ↑codebuild-testͱ͍͏ϓϩδΣΫτΛ࡞ͬͨ৔߹

12. • ੾Γ෼͚ํ • ΞϓϦ૚/ελοΫ૚ͲͪΒͷ୯ҐͰ΋σϓϩΠՄೳ • جຊ͸ΞϓϦ૚͸1ͭͰ໰୊ͳ͠ • ҎԼͷΑ͏ʹΞϓϦ૚Λ෼͚ΔͱՄಡੑ͸্͕Δ • AWS

    ϩάΠϯ༻ͷ AWS Identity and Access Management (IAM) User ΍σϓϩΠ༻ͷIAM Role • όοΫΤϯυ/ϑϩϯτΤϯυ • Πϯϑϥ/ΞϓϦ • ϦϙδτϦͷཻ౓ͱ΋ؔ܎͢Δ෦෼ͳͷͰ߹Θͤͯݕ ౼͕ඞཁ • ෳ਺ΞϓϦ͕͋Δ৔߹ • cdk deploy ࣌ʹ `—app` Ҿ਺ͰΞϓϦ૚Λ੾Γସ͑Δ ΞϓϦ૚ (bin) ͷ෼͚ํ ը૾Ҿ༻ݩɿ https://aws.amazon.com/jp/blogs/aws/boost-your-infrastructure-with-cdk/

13. Monitor Stack • ελοΫ෼ׂͷ؍఺ • σϓϩΠͷϥΠϑαΠΫϧ • ΞϓϦϦιʔεͱετϨʔδϦιʔεͳͲͰ෼ׂ • Өڹൣғ

    • σϓϩΠࣦഊ࣌ʹ͋Δఔ౓͸ϩʔϧόοΫ͢Δ͕Ө ڹൣғΛߜΔ͜ͱ͸ඞཁ • ؔ܎ऀͰ෼཭ • ϑϩϯτΤϯυ/όοΫΤϯυ༻Ϧιʔε΍ΞϓϦ/ Πϯϑϥ༻ϦιʔεΛผʑʹ୲౰Ͱ͖ΔΑ͏෼཭ (ϦϙδτϦ, σΟϨΫτϦ, ΞϓϦ૚Ͱͷ෼཭΋ݕ౼) • AWS CloudFormation ͷ੍໿ ੜ੒͞ΕΔύϥϝʔλ΍Ϧιʔε਺ͳͲʹ্ݶ͕͋Δɻ ্ݶղআͷਃ੥Ͱ͋Δఔ౓؇࿨͸Մೳ ελοΫ૚ (lib) ͷ෼͚ํ App Stack Storage Stack App A Stack App B Stack App C Stack Backend Stack Frontend Stack API Gateway Stack Lambda A Stack Lambda B Stack σϓϩΠͷϥΠϑαΠΫϧ Өڹൣғ ؔ܎ऀͰ෼཭ CloudFormationͷ੍໿ App Stack Infra Stack

14. • ελοΫؒͷϦιʔεࢀরͷछྨ • ࣗಈΫϩεελοΫࢀর • AWS CDK ͷࣗಈղܾʹ೚ͤΔ • ར఺ɿ؆୯ʹελοΫؒͷґଘΛهड़Ͱ͖Δ

    • ܽ఺ɿӡ༻தͷελοΫؒͷϦιʔεҠಈ͕ෳࡶԽ͠΍͍͢ • ωετελοΫࢀর • ελοΫ಺෦ͰผͷελοΫΛݺͼग़͢ • ར఺ɿ؆୯ʹґଘΛهड़Ͱ͖Δ • ܽ఺ɿελοΫͷϨΠϠʔ͕ζϨΔͷͰՄಡੑ͕Լ͕Δ ɹɹɹ਌ελοΫ୯ମͷσϓϩΠ͕Ͱ͖ͳ͍ • Amazon Resource Name (ARN) ϕʔεͷࢀর • ௚઀ຒΊࠐΉ͔ AWS Systems Manager Parameter Store΍ AWS Secret Manager͔Βऔग़ • ར఺ɿελοΫؒࢀরͷґଘؔ܎ղܾʹ೰·͞Εͳ͍ • ܽ఺ɿґଘؔ܎Λߟྀͨ͠σϓϩΠ͕ඞཁ ৄ͘͠͸ͪ͜Βࢀর ͜͜ʹߦ͘଎౓ΛૣΊΔ ελοΫؒͷϦιʔεࢀর https://dev.classmethod.jp/articles/apig-and-lambda-best-stack- configuration-with-aws-cdk/

15. • CDK ͷ Construct ʹ͸ओʹ3छྨ͋Δ • L1 (Low Level) Construct

    ( CfnXXX ) CloudFormationͷϦιʔεͱ1ର1ͰରԠ • L2 (High Level) Construct σϑΥϧτ஋΍௥Ճͷؔ਺Λ࣮૷ͯ͠L1 ConstructΛந৅Խ • L3 Construct L1,2 ConstructΛ͞Βʹந৅Խͯ͠ར༻͢Δ (ࣗલ࣮૷, Patterns, Solutions Constructs※, Construct Hub※) ίϯετϥΫτ૚ͷ࢖͍෼͚ ECS CDK Construct ECS Cfn Construct Construct ͷ Layer ͷΠϝʔδ L1 L2 ECS Cfn Construct ECS Cloud Formation L3 ECS Patterns ECS CDK Construct ECR CDK Construct VPC CDK Construct ALB CDK Construct ECS Cloud Formation 1:1 ରԠ ந৅Խ … … ந৅Խ ※ʮAWS Solutions Constructsʯhttps://docs.aws.amazon.com/solutions/latest/constructs/welcome.html ※ʮConstruct Hubʯhttps://constructs.dev/

16. • ECS CfnTaskDefinition ͷύϥϝʔλ ίϯετϥΫτ૚ͷ࢖͍෼͚ ( L1 Construct ͷ঺հ )

    ECS CDK Construct ECS Cfn Construct Construct ͷ Layer ͷΠϝʔδ L1 L2 ECS Cfn Construct ECS Cloud Formation L3 ECS Patterns ECS CDK Construct ECR CDK Construct VPC CDK Construct ALB CDK Construct ECS Cloud Formation 1:1 ରԠ ந৅Խ … … ந৅Խ ※ʮCfnTaskDefinitionʯhttps://awscdk.io/packages/@aws-cdk/[email protected]/#/./@aws-cdk_aws-ecs.CfnTaskDefinition

17. • ECS CDK Construct FargateTaskDefinition ͷύϥϝʔλ ίϯετϥΫτ૚ͷ࢖͍෼͚ ( L2 Construct

    ͷ঺հ ) ECS CDK Construct ECS Cfn Construct Construct ͷ Layer ͷΠϝʔδ L1 L2 ECS Cfn Construct ECS Cloud Formation L3 ECS Patterns ECS CDK Construct ECR CDK Construct VPC CDK Construct ALB CDK Construct ECS Cloud Formation 1:1 ରԠ ந৅Խ … … ந৅Խ ※ʮclass FargateTaskDefinition (construct) Construct Propsʯhttps://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ecs.FargateTaskDefinition.html#construct-props

18. • L3 Construct ecs_patterns ʹΑΔ࣮૷ ίϯετϥΫτ૚ͷ࢖͍෼͚ ( L3 Construct ͷ঺հ

    ) ECS CDK Construct ECS Cfn Construct Construct ͷ Layer ͷΠϝʔδ L1 L2 ECS Cfn Construct ECS Cloud Formation L3 ECS Patterns ECS CDK Construct ECR CDK Construct VPC CDK Construct ALB CDK Construct ECS Cloud Formation 1:1 ରԠ ந৅Խ … … ந৅Խ ※ίʔυҾ༻ݩʮ30ߦ͘Β͍Ͱ࡞Δ͸͡ΊͯͷΠϯϑϥߏஙʯhttps://dev.classmethod.jp/articles/aws-cdk-create-your-first-infrastfacture/ … // Create VPC const vpc = new Vpc(this, "sample-vpc", {}); // Create ECS Cluster const cluster = new Cluster(this, "ecs-cluster", { vpc, }); // Create ALB const loadBalancedFargateService = new ApplicationLoadBalancedFargateService(this, "fargate-alb-service", { cluster, taskImageOptions: { image: ContainerImage.fromRegistry( “amazon/amazon-ecs-sample" ), }, platformVersion: FargatePlatformVersion.VERSION1_3, } );

19. • ͓͢͢Ίͷ࢖͍ํ • طଘͷ L3 Construct ͰαʔϏεΛࢼ͢ ( ecs_patterns ͳͲ

    ) • ࣮૷ͷجຊ͸ந৅Խ͞Εͨ L2 Construct Λத৺ʹ׆༻ • L2 ະରԠαʔϏε͸ L1 Construct Λ׆༻ • ෳ਺ PJ Ͱಉ͡Α͏ͳߏ੒Λ࡞Δ͜ͱ͕ଟ ͍λΠϛϯάͰ L3 Construct ԽΛݕ౼ ίϯετϥΫτ૚ͷ࢖͍෼͚ ECS CDK Construct ECS Cfn Construct Construct ͷ Layer ͷΠϝʔδ L1 L2 ECS Cfn Construct ECS Cloud Formation L3 ECS Patterns ECS CDK Construct ECR CDK Construct VPC CDK Construct ALB CDK Construct ECS Cloud Formation 1:1 ରԠ ந৅Խ … … ந৅Խ

20. • ԿΞΧ΢ϯτ༻ҙ͢Δͷ͔ • ։ൃɺݕূɺຊ൪ͷAWSΞΧ΢ϯτ͸ཉ͍͠ɻ࠷௿Ͱ΋։ൃɺຊ൪ΞΧ΢ϯτ͸ඞਢ • ΞϓϦଆͷ౎߹ʹ΋ΑΔ෦෼΋͋ΔͷͰɺΞϓϦͱΠϯϑϥͰνʔϜ͕ผΕΔ৔߹ͳͲ͸ཁ૬ஊ • εέʔϧ͕૝ఆͰ͖ΔͳΒෛՙςετΞΧ΢ϯτͳͲ༻్ʹԠͯ͡૿΍ͯ͠΋ྑ͍ • ݕূ༻ͷΞΧ΢ϯτ͕͋Δͱɺݕূ->ຊ൪ΞΧ΢ϯτ΁ͷ

    IaC ͷߋ৽͕҆શʹߦ͑Δ ෳ਺ΞΧ΢ϯτ΁ͷσϓϩΠ ը૾Ҿ༻ݩɿʮʲਤղʳgit-flowɺGitHub FlowΛ։ൃݱ৔Ͱ࢖͍࢝ΊΔͨΊʹ͜Ε͚ͩ͸͓֮͑ͯ͜͏ɿͬͦ͜Γ࢝ΊΔGitʗGitHub௒ೖ໳ʢऴʣ - ˏITʯ ɹɹɹɹɹɹɹhttps://atmarkit.itmedia.co.jp/ait/articles/1708/01/news015.html Gitflow ͷྫ → ຊ൪ΞΧ΢ϯτ → ݕূΞΧ΢ϯτ → ։ൃΞΧ΢ϯτ → ։ൃΞΧ΢ϯτ(ݸਓ༻ελοΫ)

21. • ԿΞΧ΢ϯτ༻ҙ͢Δͷ͔ • ։ൃɺݕূɺຊ൪ͷAWSΞΧ΢ϯτ͸ཉ͍͠ɻ࠷௿Ͱ΋։ൃɺຊ൪ΞΧ΢ϯτ͸ඞਢ • ΞϓϦଆͷ౎߹ʹ΋ΑΔ෦෼΋͋ΔͷͰɺΞϓϦͱΠϯϑϥͰνʔϜ͕ผΕΔ৔߹ͳͲ͸ཁ૬ஊ • εέʔϧ͕૝ఆͰ͖ΔͳΒෛՙςετΞΧ΢ϯτͳͲ༻్ʹԠͯ͡૿΍ͯ͠΋ྑ͍ • ݕূ༻ͷΞΧ΢ϯτ͕͋Δͱɺݕূ->ຊ൪ΞΧ΢ϯτ΁ͷ

    IaC ͷߋ৽͕҆શʹߦ͑Δ ෳ਺ΞΧ΢ϯτ΁ͷσϓϩΠ ը૾Ҿ༻ݩɿʮϓϩμΫτͷϦϦʔεͱGitϒϥϯνӡ༻Λߟ͑ͯΈͨʯ ɹɹɹɹɹɹɹhttps://dev.classmethod.jp/articles/product-git-branch-rule/ GitHub Flow ͕ϕʔεͷྫ

22. • ෼཭ํ๏ • cdk.json ʹ֤؀ڥͷݸผͷఆ਺Λهࡌ • σϓϩΠ࣌ͷ Context Ͱ؀ڥ͝ͱͷ৘ใΛ౉͢ •

    ελοΫଆҾ਺ͷ Props ܕΛ֦ுͯ͠ఆ਺Λ౉͢ ෳ਺ΞΧ΢ϯτ΁ͷσϓϩΠ cdk.json: { "app": "npx ts-node --prefer-ts-exts bin/hoge-app.ts”, "context": { "projectName": "hoge-fuga", "dev": { "description": "Develop environment variables", "envName": "dev", "env": { "account": "123456789012", "region": "ap-northeast-1" } }, "stg": { "description": "Staging environment variables", "envName": “stg", ... } ... } } σϓϩΠ࣌ͷίϚϯυɿ cdk deploy -c environment=dev ~~ hoge-app.ts: const app = new cdk.App(); const projectName = app.node.tryGetContext(‘projectName'); const envKey = app.node.tryGetContext(‘environment’); const envValues = app.node.tryGetContext(envKey); new HogeHogeStack(app, `${envValues.env}-${projectName}-hogehoge-stack’, { env: envValues.env, envName: envValues.envName, projectName: projectName, });

23. • AWS CDK ͸ίʔυͰ͔͚ΔͨΊࣗ༝౓͕ߴ͍ • هड़͕όϥ͚΍͘͢σϓϩΠखॱ΍ CI/CD ͷ ઃఆʹ΋Өڹ͕ग़ͯ͘Δ •

    ܾΊͨํ͕ྑ͍ن໿ • ίʔυΛͲ͜·Ͱ DRY ʹ͢Δ͔ ա৒ͳ DRY ͸ޙͷอकͰͷಡΈղ͖΍ελο Ϋ෼ׂ͕ࠔ೉ʹͳΔ • ૊৫ͱͯ͠ CCoE※ Λ্ཱͪ͛ͯޮ཰Խ͠ ͍ͨ৔߹͸ɺL3 Construct ͷ࡞੒Λݕ౼ ίʔσΟϯάن໿ ECS CDK Construct ECS CFN Construct ConstructͷLayerͷΠϝʔδ L1 L2 ECS CFN Construct ECS Cloud Formation L3 ECS Patterns ECS CDK Construct ECR CDK Construct VPC CDK Construct ALB CDK Construct ECS Cloud Formation 1:1 ରԠ ந৅Խ … … ந৅Խ ※ CCoE (Cloud Center of Excellence) Ϋϥ΢υͷϕετϓϥΫςΟε ΍ϑϨʔϜϫʔΫɺΨόφϯεΛ࡞੒/఻ಓ͢ΔͨΊͷઐ໳νʔϜ ֓ཁࢀߟϦϯΫɿ ʮCCoE(Cloud Center of Excellence)ʹ͍ͭͯ·ͱΊͯΈͨʯhttps://dev.classmethod.jp/articles/about_ccoe/

24. • ܾΊͨํ͕ྑ͍ن໿ • IDͷ໋໊ن໿ • ͓͢͢Ίɿ ${؀ڥ໊}-${ϓϩδΣΫτ໊}-෇໊͚͍ͨલ • ελοΫɺϦιʔεͷIDΛ্هͰ͚ͭΔ •

    ໌ࣔతʹϦιʔε໊Λ෇͚Δ͔ • ϕετϓϥΫςΟε͸ࣗಈੜ੒ʹ೚ͤΔ • ࣗಈੜ੒ͷ৔߹ͷ஫ҙ • Deletion Policy ͷ֬ೝ(ෆཁϦιʔεͷ࡟আ) • ෳ਺ਓͰಉ͡ίʔυΛ࢖͍ID͕ಉͩ͡ͱϦιʔε໊͕ॏ ෳ͢ΔαʔϏε͕͋ΔͷͰɺ্هͷ໋໊ن໿Ͱ෼͚Δ • ελοΫIDΛϦιʔε໊ʹ൓ө͠ͳ͍αʔϏε΋͋Δ (ex. Amazon Aurora ͷΫϥελʔ໊) ίʔσΟϯάن໿ hoge-stack.ts: … new lambdaNodejs.NodejsFunction( this, `${props.envName}-${props.projectName}-hoge-lambda`, {…} ); … cdk.json: { … "context": { "projectName": "hoge-fuga", "dev": { "envName": “dev" …}, "stg": { "envName": “stg” …}, … } ։ൃ؀ڥͷσϓϩΠɿ % cdk deploy -c environment=dev ~~ ݕূ؀ڥͷσϓϩΠɿ % cdk deploy -c environment=stg ~~

25. ίʔσΟϯάن໿ ΞϓϦ/ελοΫ૚྆ํ͕ cdk.json ࢀর͢Δྫɿ cdk.json: { … "context": { "projectName":

    "hoge-fuga", "dev": { "envName": “dev" …}, … } hoge-app.ts(ΞϓϦ૚): … const projectName = app.node.tryGetContext(‘projectName'); … hoge-stack.ts(ελοΫ૚): … const envKey = this.node.tryGetContext(‘environment’); … σϓϩΠɿ % cdk deploy -c environment=dev ~~ cdk.json ελοΫ ૚ ӈͷϑΝΠϧߏ੒ͷΠϝʔδ ΞϓϦ૚ • ܾΊͨํ͕ྑ͍ن໿ • tryGetContext ͸Ͳ͜Ͱॻ͔͘ (cdk.json ͷ context ߲໨͔Βͷσʔλಡࠐ) • ΞϓϦ૚Ͱ΋ελοΫ૚Ͱ΋ॻ͚Δ͕ͲͪΒͰ ࢖͏͔౷Ұͨ͠ํ͕Մಡੑ͸্͕Δ

26. ίʔσΟϯάن໿ ΞϓϦ૚ͷΈ͕ cdk.json ࢀর͢Δྫɿ cdk.json: { … "context": { "projectName":

    "hoge-fuga", "dev": { "envName": “dev" …}, … } hoge-app.ts(ΞϓϦ૚): const projectName=app.node.tryGetContext(‘projectName'); const envKey = app.node.tryGetContext(‘environment’); const envValues = app.node.tryGetContext(envKey); // ελοΫ૚ͷݺͼग़͠ new HogeStack(app, `${envValues.env}-${projectName}-hoge-stack’, { env: envValues.env, envName: envValues.envName, projectName: projectName, }); σϓϩΠɿ % cdk deploy -c environment=dev ~~ cdk.json ΞϓϦ૚ ελοΫ ૚ • ܾΊͨํ͕ྑ͍ن໿ • tryGetContext ͸Ͳ͜Ͱॻ͔͘ (cdk.json ͷ context ߲໨͔Βͷσʔλಡࠐ) • ΞϓϦ૚Ͱ΋ελοΫ૚Ͱ΋ॻ͚Δ͕ͲͪΒͰ ࢖͏͔౷Ұͨ͠ํ͕Մಡੑ͸্͕Δ • ͓͢͢Ίɿ ΞϓϦ૚Ͱ͚ͩ tryGetContext Λॻ͍ͨํ͕ cdk.json ͱͷґଘΛ1Օॴʹ·ͱΊΒΕΔ ӈͷϑΝΠϧߏ੒ͷΠϝʔδ

27. • IaaS, PaaS, CaaS ͱͯ͠։ൃ͢Δ৔߹ɺ΄΅ݕ౼ෆཁ • FaaS ͳΒैྔ՝ۚͳͷͰ։ൃऀ෼ϦιʔεͷσϓϩΠ͕Մೳ • ෳ਺ਓͰ୯ҰΞΧ΢ϯτʹσϓϩΠ͢ΔͨΊͷ४උ

    • ผΞΧ΢ϯτల։ͱಉ༷ʹ cdk.json ΁։ൃ؀ڥͷ಺༰ ͱ΄΅ಉ༷ͷݸਓ༻ͷઃఆΛهࡌ • ID໊ʹ؀ڥ໊ΛؚΊΔΑ͏࣮૷ • ஫ҙ఺ • Ұ෦ैྔ՝ۚͰͳ͍ઃఆ(DynamoDBͷϓϩϏδϣχϯ άϞʔυ΍LambdaͷProvisioned ConcurrencyͳͲ)ʹ ஫ҙ • ݸਓ؀ڥ໊͕௕͍ͱID໊͕Ϧιʔε໊ʹ൓ө͞Ε Amazon Simple Storage Service(S3) ͳͲͰϦιʔε໊ ͷ্ݶ(3~63จࣈ)ʹҾ͔͔ͬΔՄೳੑ͸͋Δ ෳ਺ਓ։ൃ࣌ͷσϓϩΠํ๏ hoge-stack.ts: … new lambdaNodejs.NodejsFunction( this, `${props.envName}-${props.projectName}-hoge-lambda`, {…} ); … cdk.json: { … "context": { "projectName": "hoge-fuga", "dev": { "envName": “dev" …}, "sat": { "envName": “sat” …}, "tmk": { "envName": “tmk” …}, … } ݸਓ؀ڥ(sat)ͷσϓϩΠɿ % cdk deploy -c environment=sat ~~ ݸਓ؀ڥ(tmk)ͷσϓϩΠɿ % cdk deploy -c environment=tmk ~~

28. • ϞϊϦγοΫϦϙδτϦ(ϞϊϨϙ) • 1ͭͷϦϙδτϦ഑ԼʹΞϓϦʹؔ͢ΔશͯͷίʔυΛؚΊΔ ex. ϩάΠϯ༻ͷIAMϩʔϧ΍ϑϩϯτ/όοΫɺΞϓϦ/Πϯϑϥͷ࣮૷·Ͱ·ͱΊΔ • ϞϊϨϙͷར఺ • 1ͭͷ

    GitHub Organization ʹෳ਺ͷ PJ ͕͋Δ৔߹͸ PJ ͷؔ܎Ϧιʔε͕෼͔Γ΍͍͢ (GitHub EnterPriseͰ͋Ε͹ PJ ͝ͱʹ Organization Λ෼ׂ΋Մೳ˞) • ύοέʔδΛڞ༗͢Δ৔߹ɺAWS CDK ؔ࿈ͷύοέʔδͳͲͷઃఆΛ1Χॴʹ·ͱΊͯߋ৽͠΍͍͢ • ϞϊϨϙͷܽ఺ • σϓϩΠཻ౓͕ҟͳΔϦιʔεΛ෼཭ͯ͠ CI/CD ͢Δ࢓૊Έ͕ඞཁ ʢGitHub Actions ͸ՄೳɺCodePipeline ͸ௐ੔͕ඞཁ?ʣ • ύοέʔδΛڞ༗͢Δ৔߹ɺύοέʔδߋ৽ʹΑΔӨڹൣғ͕޿͘ͳΔͷͰ IaC ͷܧଓతͳςετ͕ඞཁ (ޙड़) • ϞϊϨϙಛ༗ͷઃܭʹ࣌ؒΛ౤ࢿ͢Δඞཁ͕͋Δ ϦϙδτϦͷཻ౓ ※ʮEnterprise ΞΧ΢ϯτʹ Organization Λ؅ཧ͢Δʯ ɹhttps://docs.github.com/ja/github/setting-up-and-managing-your-enterprise/managing-organizations-in-your-enterprise-account/adding-organizations-to-your-enterprise-account

29. • ϚϧνϦϙδτϦ(ϚϧνϨϙ) • ༻్ʹԠͯ͡ෳ਺ͷϦϙδτϦʹ෼͚Δɻผͷ IaC πʔϧ Terraform ͷެࣜυΩϡϝϯ τͷҰ෦ͩͱͪ͜Β͕ਪ঑˞ ex.

    ϩάΠϯ༻IAMपΓɺϑϩϯτΤϯυ/όοΫΤϯυɺΠϯϑϥ/ΞϓϦͰ෼཭ • ϚϧνϨϙͷར఺ • ผϦϙδτϦͳͷͰ࡞ۀ෼୲͠΍͍͢ • ύοέʔδߋ৽ʹΑΔӨڹൣғ͕ϦϙδτϦ಺෦ʹཹ·Δ • ؔ࿈ϦιʔεΛߟྀͤͣʹύοέʔδͷߋ৽͕Մೳ • ϚϧνϨϙͷܽ఺ • ϦϙδτϦ෼ύοέʔδͷߋ৽؅ཧ͕ඞཁ ϦϙδτϦͷཻ౓ ※ʮTerraform Configurations in Terraform Cloud Workspacesʯhttps://www.terraform.io/docs/cloud/workspaces/configurations.html

30. • IaC Խ͢Δࡍͷར఺ • υΩϡϝϯτΛॻ͔ͳͯ͘΋ઃܭ͕ίʔυͱͯ͠࢒ͤΔ • ผΞΧ΢ϯτ΁ಉ͡ߏ੒ͷϦιʔεల։͕ඇৗʹૣ͍ • ݻఆͨ͠ૢ࡞ͰਓతϛεΛݮΒ͠΍͍͢ •

    ཪΛฦ͢ͱҎԼͷΑ͏ͳϦιʔεͳΒ IaC Խͷར఺͸গͳ͍ • ͙͢ʹऴΘΔΑ͏ͳ࡞ۀ͸ϝϞͷํ͕ IaC ΑΓઃఆ࣌/ϝϯςφϯε࣌ͷίετ΋௿͍ • ܧଓతͳมߋ͕গͳ͍ʢҰ౓ઃఆͨ͠Β΄΅Ԙ௮͚ʣ • ༏ઌ౓͸௿ͦ͏ͳ಺༰ • Route53 ͷϨίʔυઃఆ • ϩάΠϯ༻ IAMϢʔβ/ϩʔϧ ͷ࡞੒ • AWS Security HubɺAmazon GuardDuty ͳͲͷ AWS Organizations Ͱ·ͱΊͯ؅ཧͰ͖ΔϦιʔεͷઃఆ˞ ΞΧ΢ϯτͷ੍໿্ AWS Organizations ͕࢖͑ͣɺෳ਺ΞΧ΢ϯτ·ͱΊͯઃఆ͍ͨ͠৔߹͸͋Γ Ͳ͜·Ͱ AWS CDK Խ͢Δ͔ ※ࢀߟʮʲOrganizationsʳ૊৫಺͢΂ͯͷΞΧ΢ϯτɾ͢΂ͯͷϦʔδϣϯ΁ͷ GuardDutyઃఆΛ؆୯ʹߦ͏ʯhttps://dev.classmethod.jp/articles/organizations-guardduty-all-account-all-region/ ɹɹɹʮ[Ξοϓσʔτ]Security Hub͕ AWS Organizations ͱ౷߹ʂ૊৫಺ηΩϡϦςΟνΣοΫ؀ڥΛ؆୯ʹηοτΞοϓ/؅ཧͰ͖ΔΑ͏ʹͳΓ·ͨ͠ʯhttps://dev.classmethod.jp/articles/security-hub-integrates-organizations/

31. © 2021, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. • αʔϏεબఆ (Code γϦʔζ or ֎෦ CI) • Code γϦʔζͷར༻ύλʔϯ • Code γϦʔζͷ৔߹ͷ໰୊ • ֎෦ CI ͷར༻ύλʔϯ • ֎෦ CI ͷ৔߹ͷ໰୊఺ ΞδΣϯμ (CI/CDʣ

32. • AWS CDK ͷ CI/CD ύΠϓϥΠϯΛ࡞Δʹ͸ େ·͔ʹ2ύλʔϯ͋Δ • CodeγϦʔζ(AWS CodeBuild,

    AWS CodePipeline)Λ࢖͏ύλʔϯ • ֎෦ͷ CI αʔϏεΛ࢖͏ύλʔϯ • ͦΕͧΕͷར఺ • Code γϦʔζɿҰ࣌ΫϨσϯγϟϧΛ AWS ͷ֎΁౉ͣ͞ʹࡁΉ • ֎෦ CIɿαϯϓϧίʔυ͕๛෋ɻyaml ͩ ͚Ͱखܰʹ࢖͑Δ αʔϏεબఆ ( Code γϦʔζ or ֎෦ CI ) GitHub Actions AWS CodeBuild AWS CodePipeline etc…

33. • Code γϦʔζΛͦͷ··࢖͏ (ҎԼ͸ GitHub ͷ৔߹) • CI: CodeBuild •

    CodeBuild ଆ͔Β GitHub ΁ͷ઀ଓΛઃఆ • CodeBuild ΁ GitHubͷݸਓΞΫηετʔΫϯΛ౉͔͢ OAuth App Ͱͷೝূ͕ඞཁ • GitHub Ͱ೚ҙͷϒϥϯν͔ΒͷPR࡞੒ΠϕϯτͳͲΛwebhookͰड͚ͯ CI Λ࣮ߦ͕Մೳʹ • CD: CodePipeline + CodeBuild • ઀ଓઃఆ͸ CodeBuild ͱҟͳΔ • GitHub App ͰͷೝূΛߦͬͯ AWS CodeStar Connections Λ࡞੒͢Δ (ιʔεϓϩόΠμʔ͕GitHub ver.2 ͷ৔߹) • ݻఆͷϒϥϯν΁ Push ͳͲʹ൓Ԡͯ͠ύΠϓϥΠϯΛ࣮ߦ • ঝೝύΠϓϥΠϯΛ૊Ή͜ͱ΋Մೳ Code γϦʔζͷར༻ύλʔϯ

34. • CD͸ CDK Pipelines Ͱߏங͢Δํ๏ • CodePipeline ͷ Construct Λ࢖͏ࡍͱൺ΂ͨϝϦοτ

    • ύΠϓϥΠϯࣗମͷࣗಈߋ৽ɺฒྻ࣮ߦɺผΞΧ΢ϯτ΁ͷσ ϓϩΠɺ࡞੒ϦιʔεͷݕূͳͲ͕؆୯ʹՄೳ • CDK Pipelines ࣗମ͕ύΠϓϥΠϯΛߋ৽͢Δ • CDK Pipelines ͷσϑΥϧτͷڍಈ 1. ݻఆͷϒϥϯν΁ͷϚʔδͳͲΛܖػʹ ύΠϓϥΠϯ͕ىಈ 2. ύΠϓϥΠϯͷ్தͰύΠϓϥΠϯઃఆͷߋ৽͕͋Ε͹ ύΠϓϥΠϯࣗମΛσϓϩΠ 3. ύΠϓϥΠϯมߋޙͷঢ়ଶͰ࠷ॳ͔Β࣮ߦ • selfMutating ΦϓγϣϯͰແޮԽ΋Մೳ • ৄࡉ͸ࢀߟURLࢀর˞ • ݁࿦ • CI ͸ CodeBuildɺCD ͸ CDK Pipelines ͕༗ྗ? (ݕূத) Code γϦʔζͷར༻ύλʔϯ (CDK Pipelines) CDK Pipelines ߋ৽ͷྲྀΕ(Deploy StageΛ௥Ճͨ͠৔߹) 1. AWS CodePipeline Source Stage Build Stage Pipeline Update Stage 2. AWS CodePipeline Source Stage Build Stage Pipeline Update Stage AWS CDK 3. AWS CodePipeline Source Stage Build Stage Deploy Stage Pipeline Update Stage ※ࢀߟʮCDK Pipelinesͷmodern APIΛ࢖ͬͯCDKΞϓϦέʔγϣϯΛσϓϩΠ͢Δʯhttps://aws.amazon.com/jp/blogs/news/deploying-a-cdk-application-using-the-cdk-pipelines-modern-api/

35. • CI/CD Λ૊Ήํ๏͕͙͢ʹ෼͔Βͳ͍ (ݸਓͷײ૝Ͱ͢) • ex. CodePipeline ͕ branch ࢦఆͰ͔͠ύΠϓϥΠϯ͕૊Ίͳ͍ɻ೚ҙ

    ͷ branch Λ࡞੒ͯ͠ Pull Request Ͱ CI ͍ͨ͠৔߹Ͳ͏΍Δͷ͔ʁ → CodeBuild ͷΈ࢖͏ • ex. CodeBuild ͱ CodePipeline Ͱ GitHub ΁ͷ઀ଓํ๏͕ҟͳΔ • CodeBuildɿGitHub ͷݸਓ༻ΞΫηετʔΫϯ or OAuth App • CodePipelineɿCodeStar Connections + GitHub App ɹɹɹɹɹɹɹ(ιʔεϓϩόΠμʔ͕ GitHub ver.2 ͷ৔߹) Code γϦʔζͷར༻࣌ͷ໰୊఺

36. • ଞͷ CI ʹൺ΂ΔͱτϦΨʔΛॊೈʹઃܭͰ͖ͳ͍ or ઃఆ͕೉͍͠෦෼͕ଟʑ͋Δ • ಛఆͷϑΝΠϧͷมߋͷ͚࣌ͩ൓Ԡͯ͠ύΠϓϥΠϯ࣮ߦ͕Ͱ͖ͳ͍ • Push

    Ҏ֎ͷΠϕϯτͰύΠϓϥΠϯΛಈ͔͢৔߹ɺೝূํࣜΛݹ͍΋ͷʹ੾Γସ͑ͯ webhook ϑΟϧλͷमਖ਼͕ඞཁ • CodeBuild ͱ GitHub ͷඥ෇͚͕1ͭͷ GitHub ΞΧ΢ϯτܦ༝ʹͳΔͷͰ஫ҙ • CodeBuild ͱ GitHub ͷ઀ଓΛݸਓͷΞΧ΢ϯτͰઃఆ͢Δͱ CodeBuild ΁ͷΞΫηεݖݶΛ࣋ ͭଞͷϢʔβʹ΋ϓϥΠϕʔτͳϦϙδτϦ΍ଞͷ GitHub Organization ͷϦϙδτϦ͕ݟ͑ͯ ͠·͏˞ → ༗ྉͷ GitHub ΞΧ΢ϯτΛߪೖ͢Δ͔ɺಈతʹ CodePipeline Λ࡞Δ࢓૊Έ͕ඞཁ Code γϦʔζͷར༻࣌ͷ໰୊఺ ※ࢀߟURLɿʮCodeBuild ͱ GitHub ࿈ܞͰࠔͬͨ͜ͱ - omuronͷඋ๨࿥ʯhttps://omuron.hateblo.jp/entry/2020/04/30/200000 ɹɹɹɹɹ ಈతʹCodePipelineΛ࡞Δ࣮૷ͷࢀߟʮawesome-codepipelineʯhttps://github.com/nicolai86/awesome-codepipeline-ci

37. • GitHub Actions ͷར఺ • ެࣜͷΞΫγϣϯ (aws-actions ͳͲ) Ͱ AWS

    ؀ڥ΁ͷ σϓϩΠ࣌ʹඞཁͳૢ࡞͕͋Δఔ౓ิ׬͞Ε͍ͯΔ • ϫʔΫϑϩʔͷߏ଄͕γϯϓϧͰಡΈ΍͍͢ • ࢦఆͨ͠ϑΝΠϧ΍σΟϨΫτϦͷมߋʹ͚ͩ൓Ԡͯ͠ ϫʔΫϑϩʔΛ࣮ߦͰ͖Δ • GitHub Actions ͰͷσϓϩΠͷྲྀΕ • CIɿ • GitHub ΁ͷ PR࡞੒Ͱ࣮ߦ͢ΔϫʔΫϑϩʔΛఆٛ͢Δ • CDɿ • GitHub ಛఆͷϒϥϯν΁ͷϚʔδ΍λά࡞੒ʹԠͯ͡ AWS؀ڥ΁σϓϩΠ͢ΔϫʔΫϑϩʔΛఆٛ͢Δ • ϫʔΫϑϩʔͷதͰAWS΁ΞΫηε͢ΔͨΊͷΫϨσϯ γϟϧΛऔಘ͢Δ ֎෦ CI ͷར༻ύλʔϯ ( GitHub Actions ͷྫ ) CI ϫʔΫϑϩʔͷྫɿ name: project-ci.yml on: pull_request: paths: - ‘*.json’ - '.github/workflows/project-ci.yml' jobs: integ: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 … CD ϫʔΫϑϩʔͷྫɿ name: project-cd.yml on: push: branches: - develop - staging …

38. • AWS ֎෦ͷ SaaS ͕ඞཁͳͷͰ૊৫ʹΑͬͯ͸ผ్ߪೖਃ੥͔Βঝೝ·Ͱʹ͕͔͔࣌ؒΔ • ੥ٻ΋෼཭͢ΔͷͰ఻౷తͳاۀ΄Ͳॲཧ͕େมʹͳΔ • ೝূΩʔ৘ใͷྲྀग़ͷߟྀ •

    ೝূΩʔ৘ใ͕ྲྀग़͠AWSͷϦιʔεΛෆਖ਼ʹ࢖༻͞ΕΔϦεΫ͕͋Δ • ࠷௿ݶඞཁͳରॲ • CI αʔϏεʹ༩͑ΔݖݶΛ࠷খʹ͢Δʢ FaaS ͩͱॊೈʹݖݶΛมߋ͍ͯ͘͠ͷ͸େม…ʣ • ωοτ্ͳͲͰఏҊ͞Ε͍ͯΔ͍͔ͭ͘ͷରॲํ๏ • ݖݶͷͳ͍IAMϢʔβ͔ΒCloudFormationσϓϩΠ༻ͷϩʔϧʹεΠονͯ͠σϓϩΠ͢Δํ๏ • Ωʔ৘ใ͕ྲྀग़ͯ͠΋σϓϩΠγʔέϯεͱݖݶ͕෼͔Βͳ͚Ε͹࢖༻Ͱ͖ͳ͍ ग़యɿ ʮ[AssumeRole] ΞΫηεΩʔ͕࿙Ӯͯ͠΋ඃ֐͕࠷খݶʹͳΔIAMϢʔβͰCloudFormationʹσϓϩΠ͢Δํ๏ʯ ɹɹɹhttps://dev.classmethod.jp/articles/assume-role-deploy-iam-user-and-role/ • σϓϩΠ࣌MFAೝূΛߦ͏ํ๏ • σϓϩΠ༻ϢʔβͷϫϯλΠϜύεϫʔυΛ 1password ͰνʔϜʹڞ༗ͯ͠MFAೝূΛ͔͚Δ ֎෦ CI ͷར༻࣌ͷ໰୊఺

39. • ωοτ্ͰఏҊ͞Ε͍ͯΔ͍͔ͭ͘ͷରॲํ๏ (ଓ͖) • CloudShellܦ༝ͰೝূΩʔΛऔಘ͢Δํ๏ • CloudShell্ͷΩʔ৘ใΛϥϯμϜͳURLͱผͷΩʔ৘ใͰެ։͠CIʹ౉࣮ͯ͠ߦ͢Δ ग़యɿʮGitHub Actionsʹʮڧ͍ʯAWSͷݖݶΛ౉͍ͨ͠ʯ ɹɹɹ

    https://speakerdeck.com/fujiwara3/aws-credentials-on-actions • MFAͷ୅ΘΓʹ Google ID Token ͳͲΛ࢖͏ํ๏ • Google ID Token ͳͲͰҰ࣌తʹऔಘͰ͖ΔJWTτʔΫϯΛσϓϩΠ༻ϩʔϧͷ৴པؔ܎ʹ௥Ճͯ͠ೝূ͢Δ ग़యɿʮGitHub Actionsʹʮڧ͍ʯAWSͷݖݶΛ౉͍ͨ͠ ~࡞ઓ3 - AssumeRole with Google ID Token ~ʯ ɹɹɹ https://techblog.kayac.com/assume-role-with-google-id-token ֎෦ CI ͷར༻࣌ͷ໰୊఺

40. • New update!! (2021/9/15) • GitHub Actions ͕ Open ID

    Connect Λར༻ ͨ͠Ϋϥ΢υ؀ڥ΁ͷσϓϩΠʹରԠ ( β ) • GitHub ্ʹೝূΩʔΛஔ͔ͣʹɺҰ࣌ΫϨ σϯγϟϧͷΈͰ AWS ΁ͷૢ࡞͕Մೳʹͳ Γ·ͨ͠ 🎉 • Ұ࣌ΫϨσϯγϟϧ͸ AWS ֎෦ʹஔ͔Ε ΔͷͰ͚ͦͩ͜஫ҙ ֎෦ CI ͷར༻࣌ͷ໰୊఺ ը૾Ҿ༻ɿhttps://github.com/github/roadmap/issues/249 Actions: Secure cloud deployments with Open ID Connect

41. © 2021, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. • CloudWatch Dashboard ͷ࡞੒ • Ξϥʔτͷ࡞੒ • γϯηςΟΫε؂ࢹͷ࡞੒ • AWS CDK ͷόʔδϣϯΞοϓ • ΠϯϑϥͷϢχοτςετ • ݕূ؀ڥͰσϓϩΠ/ಈ࡞ςετ • ۓٸ࣌ͷରॲʗखಈมߋͷऔࠐ ΞδΣϯμ (ӡ༻ʣ

42. • ੜ੒ͨ͠Ϧιʔεʹରͯ͠؆୯ʹμογϡϘʔυ͕࡞੒Ͱ͖Δ CloudWatch Dashboard ͷ࡞੒ ը૾Ҿ༻ݩɿhttps://github.com/cdk-patterns/serverless/tree/main/the-cloudwatch-dashboard/typescript new cloudwatch.Dashboard( this, `${props.envName}-${props.projectName}-cloudwatch-dashboard`,

    { dashboardName: `${props.envName}-${props.projectName}-dashboard` }, ).addWidgets( new cloudwatch.GraphWidget({ title: ‘Requests', // apiGatewayRequestsCount: cloudwatch.MathExpression left: [apiGatewayRequestsCounts], stacked: true, width: 8, … });

43. • ੜ੒ͨ͠Ϧιʔεʹରͯ͠؆୯ʹΞϥʔτ͕࡞੒Ͱ͖Δ Ξϥʔτͷ࡞੒ ը૾Ҿ༻ݩɿhttps://github.com/cdk-patterns/serverless/tree/main/the-cloudwatch-dashboard/typescript new cloudwatch.Alarm( this, `${props.envName}-${props.projectName}-apig-4xx-error-count`, { metric:

    apiGateway4xxErrorRequests, threshold: props.restApi4xxAlertThreshold, evaluationPeriods: 1, datapointsToAlarm: 1, treatMissingData: cloudwatch.TreatMissingData.NOT_BREACHING, }, ).addAlarmAction( new cloudwatchActions.SnsAction(errorNotificationTopic) );

44. ΋ͬͱৄ͍͠಺༰͸͜ͷํͷൃදͰʂ CloudWatch ΞϥʔϜͷ࡞੒

45. • ΞϓϦ΍APIΤϯυϙΠϯτʹରͯ͠γϯηςΟΫε؂ࢹ͕Ͱ͖Δ γϯηςΟΫε؂ࢹͷ࡞੒ ίʔυҾ༻ݩɿhttps://dev.classmethod.jp/articles/aws-cdk-cloudwatch-synthetics-canary/ ... const screenCanary = new Canary(this,

    'screen-canary', { canaryName: 'screen-canary', schedule: Schedule.rate(cdk.Duration.minutes(10)), test: Test.custom({ code: Code.fromAsset( path.join(__dirname,‘../lambda/canary') ), handler: 'screen-canary.handler' }) }) ... ※ AWS Lambda ͳͲ͕ཪͰಈ͍͍ͯΔͷͰͲ͜ͷϦʔδϣϯͰઃఆ͢Δ͔͸ཁݕ౼

46. • جຊසൟͳΞοϓσʔτ͸ඞཁͳ͍ • CloudFormation ςϯϓϨʔτͷੜ੒πʔϧͳͷͰ໰୊͕ى͖ʹ͍͘ • ҎԼͷ؍఺Ͱఆظతͳߋ৽͕ඞཁ • ੬ऑੑରԠͰͷϏοΫόϯΞοϓσʔτ๷ࢭ •

    Semantic Versioning ͸فΓɺޙํޓ׵ੑͷͳ͍ϚΠφʔ/ύονΞοϓσʔτ΋͋Γ͏Δ • ৽ػೳ΁ͷରԠ • Lambda ͷ Hotswap deploy ͳͲɺศརͳػೳΛૣΊʹ࢖͏ͨΊ • Ξοϓσʔτपظ (PJͰͷࢀߟྫ) • ϚΠφʔ/ύονΞοϓσʔτ • CI/CD ʹεφοϓγϣοτςετΛ૊ΈࠐΜͰɺAWS CDK ͕ੜ੒͢Δ CloudFormation ʹม Խ͕ͳ͚Ε͹ఆظతʹόʔδϣϯΛߋ৽͢ΔΑ͏࣮૷ AWS CDK ͷόʔδϣϯΞοϓ

47. • AWS CDK ͷόʔδϣϯΞοϓ͢Δͱ͖͚ͩ࢖͏(ݸਓͷײ૝Ͱ͢) • ʮAWS CDKͷόʔδϣϯΞοϓʯͷ෦෼Ͱॻ͍ͨΑ͏ʹ stable Ͱ΋ഁյతม ߋ͕ى͖Δ৔߹΋͋Δ

    →҆શʹόʔδϣϯΞοϓ͢ΔͨΊʹςετ͕ඞཁ • બ୒͢Δςετ • Snapshot Test : લճੜ੒ͨ͠ςϯϓϨʔτͱࠓճͷࠩ෼Λ֬ೝ͢Δςετ • ͦͷଞͷςετ(CDK ͷ Construct Λಠ֦ࣗு͢ΔͳΒ࢖͏?) • Fine-grained Test : ૝ఆ͞ΕΔύϥϝʔλ͕࡞੒͞ΕΔ͔ͷςετ • Validation Test : ελοΫͷύϥϝʔλΛόϦσʔγϣϯͰ͖Δ͔ͷςετ ΠϯϑϥͷϢχοτςετ

48. • σϓϩΠςετ͸ͳͥඞཁͳͷ͔ • ݱঢ়ͷϦιʔεʹରͯ͠ CloudFormation Λ࣮ߦͨ͠৔߹ʹ໰୊͕Ͱͳ͍͔Λ֬ೝ͢ΔͨΊɻຊ൪ϦϦʔε࣌ʹ खॱ͕͍Βͳ͍͔ͷ֬ೝ • (Gitflowͷ৔߹) ։ൃ->ݕূϒϥϯν΁ͷϚʔδ͔Βݕূ->ຊ൪ϒϥϯν΁ͷϚʔδͷظ͕ؒ։͘ͱɺݕূͱຊ൪ͷιʔεͷဃ

    ཭͕େ͖͘ͳΓσϓϩΠ͕ࣦഊ͢Δύλʔϯ΋͋Δ (ex. DynamoDB ͷ GSI ͕ෳ਺ಉ࣌ߋ৽ʹͳͬͯΤϥʔ౳) • CI/CD ύΠϓϥΠϯʹରͯ͠ద੾ͳݖݶ͕͋Δ͔֬ೝ • ಈ࡞ςετ • ϦϦʔεޙʹ֤छϦιʔε΁ͷΞΫηεͳͲ͕ਖ਼ৗʹಈ͔͘ • ϙϦγʔ/ϩʔϧͰมߋ͕ͳ͍͔ɺมߋ͕͋Δ৔߹͸࠷௿ݶ AWS ͷݖݶ؍఺Ͱ໰୊ͳ͍͔֬ೝ͢Δςετ͸ඞཁ ݕূ؀ڥͰσϓϩΠ/ಈ࡞ςετ

49. • ΞϓϦ/Πϯϑϥো֐ͷ৔߹ɺۓٸ࣌͸جຊҎԼͷରԠ • ຊ൪ϒϥϯν΍λά͔Β hotfix ϒϥϯνΛ੾ͬͯमਖ਼ͯ͠Ϛʔδ • ҰࠁΛ૪͏৔߹͸࠷ѱखಈมߋ • खಈۓٸมߋޙͷରॲ(Gitflowͷ৔߹)

    • ݕূ؀ڥͷϦιʔεΛຊ൪؀ڥͱಉ͡ঢ়ଶʹ͢Δ • AWS CDK ʹۓٸରԠͨ͠಺༰ΛऔΓࠐΉ • ݕূ؀ڥ΁ͷ CloudFormation σϓϩΠ͕ਖ਼ৗʹऴΘΔ͔ςετ͢Δ • ໰୊͕ى͖Δ৔߹͸ݕূ؀ڥͷঢ়ଶΛຊ൪؀ڥ૬౰ʹ໭ͯ͠࠶ςετ ۓٸ࣌ͷରॲʗखಈมߋͷऔΓࠐΈ

50. • ॳظ։ൃ࣌ͷݕ౼ࣄ߲ • ΞϓϦ૚/ελοΫ૚/ίϯετϥΫτΛͲ͏࢖͏͔ܾΊΔ͜ͱ͕ॏཁ • ίʔσΟϯάن໿΍ෳ਺ΞΧ΢ϯτӡ༻ͷํ਑΋ૣΊʹೝࣝΛ߹ΘͤΑ͏ • CI/CD ؀ڥͷ࡞੒ •

    Code γϦʔζ͸ΫϨσϯγϟϧΛAWS֎෦ʹग़͞ͳͯ͘ྑ͍ɻॊೈͳઃܭ͸೉͍͠ • ֎෦ CI ͸ॊೈʹϫʔΫϑϩʔΛ૊Έ΍͍͢ɻҰ࣌ΫϨσϯγϟϧͷѻ͍ʹ஫ҙ • ӡ༻ • ӡ༻Ͱඞཁͳ؂ࢹΞϥʔτઃܭ΍μογϡϘʔυ࡞੒΋ AWS CDK Ͱ࡞੒Մೳ • ܧଓతͳΞοϓσʔτͷͨΊʹΠϯϑϥςετ͸͋ͬͨํ͕ྑ͍ ·ͱΊ

51. ࣾ֎ • ͞ΘΒ͞Μ https://hiroga.hatenablog.com/ ࣾ಺ • shuntaka ͞Μ https://dev.classmethod.jp/author/takahashi-shunichi/ •

    ౻Ҫݩو ͞Μ https://dev.classmethod.jp/author/fujii-genki/ • lee.byonghun ͞Μ https://dev.classmethod.jp/author/lee-byonghun/ Special Thanks 🎉 ҎԼͷօ͞ΜʹࢿྉϨϏϡʔ͍͖ͨͩ·ͨ͠ʂ͋Γ͕ͱ͏͍͟͝·͢ʂ

52. એ఻ ฐࣾ IoT ࣄۀ෦Ͱ͸ࠓճൃදͨ͠Α͏ͳ࣮૷/ઃܭ΋සൟʹ΍ͬͯ·͢ʂ ʮIoTόοΫΤϯυΤϯδχΞʯͰݕࡧʂʂ

53. Thank you! © 2021, Amazon Web Services, Inc. or its

    affiliates. All rights reserved. Tomoki Sato AWS CDK ͸Ͳ͏࢖͍͜ͳ͢ͷ͔ɺॳظ։ൃ͔Βӡ༻·Ͱͷϊ΢ϋ΢