AWS CDKはどう使いこなすのか、初期開発から運用までのノウハウ/know-how-from-initial-development-to-operation-on-how-to-use-aws-cdk

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS CDK ͸Ͳ͏࢖͍͜ͳ͢ͷ͔ɺॳظ։ൃ͔Βӡ༻·Ͱͷϊ΢ϋ΢
Ϋϥεϝιου גࣜձࣾ
ࠤ౻ஐथ
C - 2

View Slide

O N L I N E J A P A N | S E P T E M B E R 2 8 , 2 0 2 1

View Slide

• ࠤ౻ஐथ
• Ϋϥεϝιουגࣜձࣾ
• CX ࣄۀຊ෦ IoT ࣄۀ෦
• લ৬ɿSIer ͷ SE Λ4೥ऑ
• ݱࡏɿΠϯϑϥ݉αʔόʔαΠυ݉ etc
• ޷͖ͳAWSαʔϏεɿ
AWS LambdaɺAWS Cloud Development Kit (CDK)
ࣗݾ঺հ
@tmk2154
@tomoki10

View Slide

• AWS CDK ͷशख़౓ʹ߹Θͤͨίϯςϯπ
ର৅ͱͳΔௌߨऀ
େମΘ͔ͬͨਓ
AWS CDKͰΫϥ΢υΞϓϦέ
ʔγϣϯΛ։ൃ͢ΔͨΊͷϕ
ετϓϥΫςΟε etc..
গ͠࢖ͬͨਓ
• CDK Patterns ͳͲͷαϯϓ
ϧ͸͋͘·Ͱ࣮૷ͷύλʔϯ
• ࣮຿ͷ؍఺͸গͳ͍
ະܦݧͷਓ
AWS CDK Workshop
https://summit-online-japan-cdk.workshop.aws/
https://aws.amazon.com/jp/blogs/news/best-practices-
for-developing-cloud-applications-with-aws-cdk/
ʁ

View Slide

• शख़౓͝ͱͷ໨ඪ
ର৅ͱͳΔௌߨऀ͝ͱͷ໨ඪ
େମΘ͔ͬͨਓ
͜͜ʹߦ͘଎౓ΛૣΊΔ
গ͠࢖ͬͨਓ
ͱΓ͋͑ͣ CDK ৮ͬͨਓ͕
ະܦݧͷਓ
AWS CDK Workshop
https://summit-online-japan-cdk.workshop.aws/

View Slide

• शख़౓͝ͱͷ໨ඪ
ର৅ͱͳΔௌߨऀ͝ͱͷ໨ඪ
େମΘ͔ͬͨਓ
• 2൪໨ͷର৅
• ຊࢿྉΛνʔϜͷೝ
ࣝ߹ΘͤͷνΣοΫ
Ϧετͱͯ͠׆༻
• ҉໧஌ͷ࠶֬ೝ
গ͠࢖ͬͨਓ
• ϝΠϯͷର৅
• PJ ։࢝࣌ʹ೰Ή෦෼
ͷղফʹ׆༻
ະܦݧͷਓ
• CDK Workshop Λࢼ
ͯ͠ɺ࣮ӡ༻Ͱ೰Μ
ͩ࣌ࢿྉΛࢥ͍ग़͢

View Slide

• ॳظ։ൃ࣌ͷݕ౼ࣄ߲ (11߲໨)
• CI/CD ؀ڥͷ࡞੒ (5߲໨)
• ӡ༻ (7߲໨)
ΞδΣϯμ (શମʣ

View Slide

• ݴޠબఆ
• ύοέʔδ؅ཧ
• ΞϓϦ૚ (bin) ͷ෼͚ํ
• ελοΫ૚ (lib) ͷ෼͚ํ
• ελοΫؒͷϦιʔεࢀর
• ίϯετϥΫτ૚ͷ࢖͍෼͚
• ෳ਺ΞΧ΢ϯτ΁ͷσϓϩΠ
• ίʔσΟϯάن໿
• ෳ਺ਓ։ൃ࣌ͷσϓϩΠํ๏
• ϦϙδτϦͷཻ౓
• Ͳ͜·Ͱ AWS CDK Խ͢Δ͔
ΞδΣϯμ(ॳظ։ൃ࣌ͷݕ౼ࣄ߲ʣ

View Slide

• AWS CDK Ͱ࣮૷͢Δࡍʹ࢖͑Δݴޠ
TypeScript/JavaScriptɺPythonɺJavaɺC#ɺGo(։ൃऀϓϨϏϡʔ) ※
։ൃʹ࢖༻͍ͯ͠Δݴޠͱಉ͡ݴޠͰॻ͖΍͍͢
• ͓͢͢Ίͷݴޠɺཧ༝
TypeScript
• TypeScript Ͱॻ͔Ε͍ͯΔ೔ຊޠͷهࣄ΍αϯϓϧίʔυ͕ඇৗʹଟ͍
• AWS CDK ࣗମ͕ TypeScript Ͱॻ͔Ε͍ͯΔͷͰ໋໊نଇ΍ઃܭɺ࣮૷͸
AWS CDK ͷํ਑Λਅࣅ࣮ͯ͠૷͠΍͍͢
• ଍Γͳ͍ػೳ͕͋Δ৔߹ʹಉ͡ݴޠͩͱ֦ு͠΍͍͢
ݴޠબఆ
※ࢀߟɿʮWorking with the AWS CDKʯhttps://docs.aws.amazon.com/cdk/latest/guide/work-with.html

View Slide

ܕΤϥʔͷࢀߟɿ
• AWS CDK ͷύοέʔδ͸શͯಉ͡όʔδϣϯʹ͢Δ
• όʔδϣϯؒͰܕʹޓ׵ੑ͕ͳ͘ΤϥʔʹͳΔ৔
߹͕͋Δ
• Α͋͘Δύλʔϯɿ
௥ՃͰ AWS CDKͷ ύοέʔδΛೖΕͨࡍɺݩ͋
ͬͨύοέʔδ܈ͱόʔδϣϯ͕ҟͳΓܕΤϥʔ
͕ൃੜ
→όʔδϣϯݻఆͰΠϯετʔϧ͠Α͏ʂ
• ։ൃ࣌ࠔͬͨΒTIPS
• node_modules Λ࡟আͯ͠࠶Πϯετʔϧ
• ύοέʔδπʔϧͷΤϥʔϩάΛ֬ೝ
ύοέʔδ؅ཧ (TypeScript ݶఆ)
ࢀߟURLɿ
https://dev.classmethod.jp/articles/align-the-versions-of-aws-cdk-
modules-in-the-same-cdk-project/

View Slide

• bin/lib͕ର৅ͱͳΔൣғ
σϑΥϧτͩͱҎԼͷσΟϨΫτϦ( cdk.json ͷ appͰมߋՄೳ )
• bin: ӈਤͷAppʹ૬౰͢Δ෦෼(ҎޙΞϓϦ૚ͱهड़͠·͢)
• lib: ӈਤͷStackʹ૬౰͢Δ෦෼ (ҎޙελοΫ૚ͱهड़͠·͢)
ΞϓϦ૚ (bin) ͷ෼͚ํ
ը૾Ҿ༻ݩɿ
https://aws.amazon.com/jp/blogs/aws/boost-your-infrastructure-with-cdk/
↑codebuild-testͱ͍͏ϓϩδΣΫτΛ࡞ͬͨ৔߹

View Slide

• ੾Γ෼͚ํ
• ΞϓϦ૚/ελοΫ૚ͲͪΒͷ୯ҐͰ΋σϓϩΠՄೳ
• جຊ͸ΞϓϦ૚͸1ͭͰ໰୊ͳ͠
• ҎԼͷΑ͏ʹΞϓϦ૚Λ෼͚ΔͱՄಡੑ͸্͕Δ
• AWS ϩάΠϯ༻ͷ AWS Identity and Access
Management (IAM) User ΍σϓϩΠ༻ͷIAM Role
• όοΫΤϯυ/ϑϩϯτΤϯυ
• Πϯϑϥ/ΞϓϦ
• ϦϙδτϦͷཻ౓ͱ΋ؔ܎͢Δ෦෼ͳͷͰ߹Θͤͯݕ
౼͕ඞཁ
• ෳ਺ΞϓϦ͕͋Δ৔߹
• cdk deploy ࣌ʹ `—app` Ҿ਺ͰΞϓϦ૚Λ੾Γସ͑Δ
ΞϓϦ૚ (bin) ͷ෼͚ํ
ը૾Ҿ༻ݩɿ
https://aws.amazon.com/jp/blogs/aws/boost-your-infrastructure-with-cdk/

View Slide

Monitor
Stack
• ελοΫ෼ׂͷ؍఺
• σϓϩΠͷϥΠϑαΠΫϧ
• ΞϓϦϦιʔεͱετϨʔδϦιʔεͳͲͰ෼ׂ
• Өڹൣғ
• σϓϩΠࣦഊ࣌ʹ͋Δఔ౓͸ϩʔϧόοΫ͢Δ͕Ө
ڹൣғΛߜΔ͜ͱ͸ඞཁ
• ؔ܎ऀͰ෼཭
• ϑϩϯτΤϯυ/όοΫΤϯυ༻Ϧιʔε΍ΞϓϦ/
Πϯϑϥ༻ϦιʔεΛผʑʹ୲౰Ͱ͖ΔΑ͏෼཭
(ϦϙδτϦ, σΟϨΫτϦ, ΞϓϦ૚Ͱͷ෼཭΋ݕ౼)
• AWS CloudFormation ͷ੍໿
ੜ੒͞ΕΔύϥϝʔλ΍Ϧιʔε਺ͳͲʹ্ݶ͕͋Δɻ
্ݶղআͷਃ੥Ͱ͋Δఔ౓؇࿨͸Մೳ
ελοΫ૚ (lib) ͷ෼͚ํ
App
Stack
Storage
Stack
App A
Stack
App B
Stack
App C
Stack
Backend
Stack
Frontend
Stack
API
Gateway
Stack
Lambda A
Stack
Lambda B
Stack
σϓϩΠͷϥΠϑαΠΫϧ Өڹൣғ
ؔ܎ऀͰ෼཭ CloudFormationͷ੍໿
App
Stack
Infra
Stack

View Slide

• ελοΫؒͷϦιʔεࢀরͷछྨ
• ࣗಈΫϩεελοΫࢀর
• AWS CDK ͷࣗಈղܾʹ೚ͤΔ
• ར఺ɿ؆୯ʹελοΫؒͷґଘΛهड़Ͱ͖Δ
• ܽ఺ɿӡ༻தͷελοΫؒͷϦιʔεҠಈ͕ෳࡶԽ͠΍͍͢
• ωετελοΫࢀর
• ελοΫ಺෦ͰผͷελοΫΛݺͼग़͢
• ར఺ɿ؆୯ʹґଘΛهड़Ͱ͖Δ
• ܽ఺ɿελοΫͷϨΠϠʔ͕ζϨΔͷͰՄಡੑ͕Լ͕Δ
ɹɹɹ਌ελοΫ୯ମͷσϓϩΠ͕Ͱ͖ͳ͍
• Amazon Resource Name (ARN) ϕʔεͷࢀর
• ௚઀ຒΊࠐΉ͔ AWS Systems Manager Parameter Store΍
AWS Secret Manager͔Βऔग़
• ར఺ɿελοΫؒࢀরͷґଘؔ܎ղܾʹ೰·͞Εͳ͍
• ܽ఺ɿґଘؔ܎Λߟྀͨ͠σϓϩΠ͕ඞཁ
ৄ͘͠͸ͪ͜Βࢀর
͜͜ʹߦ͘଎౓ΛૣΊΔ
ελοΫؒͷϦιʔεࢀর
https://dev.classmethod.jp/articles/apig-and-lambda-best-stack-
configuration-with-aws-cdk/

View Slide

• CDK ͷ Construct ʹ͸ओʹ3छྨ͋Δ
• L1 (Low Level) Construct ( CfnXXX )
CloudFormationͷϦιʔεͱ1ର1ͰରԠ
• L2 (High Level) Construct
σϑΥϧτ஋΍௥Ճͷؔ਺Λ࣮૷ͯ͠L1
ConstructΛந৅Խ
• L3 Construct
L1,2 ConstructΛ͞Βʹந৅Խͯ͠ར༻͢Δ
(ࣗલ࣮૷, Patterns, Solutions Constructs※,
Construct Hub※)
ίϯετϥΫτ૚ͷ࢖͍෼͚
ECS
CDK
Construct
ECS Cfn
Construct
Construct ͷ Layer ͷΠϝʔδ
L1
L2
ECS Cfn
Construct
ECS
Cloud
Formation
L3
ECS
Patterns
ECS
CDK
Construct
ECR
CDK
Construct
VPC
CDK
Construct
ALB
CDK
Construct
ECS
Cloud
Formation
1:1
ରԠ
ந৅Խ
…
…
ந৅Խ
※ʮAWS Solutions Constructsʯhttps://docs.aws.amazon.com/solutions/latest/constructs/welcome.html
※ʮConstruct Hubʯhttps://constructs.dev/

View Slide

• ECS CfnTaskDefinition ͷύϥϝʔλ
ίϯετϥΫτ૚ͷ࢖͍෼͚ ( L1 Construct ͷ঺հ )
ECS
CDK
Construct
ECS Cfn
Construct
L1
L2
ECS Cfn
Construct
ECS
Cloud
Formation
L3
ECS
Patterns
ECS
CDK
Construct
ECR
CDK
Construct
VPC
CDK
Construct
ALB
CDK
Construct
ECS
Cloud
Formation
1:1
ରԠ
ந৅Խ
…
…
ந৅Խ
※ʮCfnTaskDefinitionʯhttps://awscdk.io/packages/@aws-cdk/[email protected]/#/./@aws-cdk_aws-ecs.CfnTaskDefinition

View Slide

• ECS CDK Construct
FargateTaskDefinition ͷύϥϝʔλ
ECS
CDK
Construct
ECS Cfn
Construct
L1
L2
ECS Cfn
Construct
ECS
Cloud
Formation
L3
ECS
Patterns
ECS
CDK
Construct
ECR
CDK
Construct
VPC
CDK
Construct
ALB
CDK
Construct
ECS
Cloud
Formation
1:1
ରԠ
ந৅Խ
…
…
ந৅Խ
※ʮclass FargateTaskDefinition (construct) Construct Propsʯhttps://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ecs.FargateTaskDefinition.html#construct-props

View Slide

• L3 Construct ecs_patterns ʹΑΔ࣮૷
ECS
CDK
Construct
ECS Cfn
Construct
L1
L2
ECS Cfn
Construct
ECS
Cloud
Formation
L3
ECS
Patterns
ECS
CDK
Construct
ECR
CDK
Construct
VPC
CDK
Construct
ALB
CDK
Construct
ECS
Cloud
Formation
1:1
ରԠ
ந৅Խ
…
…
ந৅Խ
※ίʔυҾ༻ݩʮ30ߦ͘Β͍Ͱ࡞Δ͸͡ΊͯͷΠϯϑϥߏஙʯhttps://dev.classmethod.jp/articles/aws-cdk-create-your-first-infrastfacture/
…
// Create VPC
const vpc = new Vpc(this, "sample-vpc", {});
// Create ECS Cluster
const cluster = new Cluster(this, "ecs-cluster", {
vpc,
});
// Create ALB
const loadBalancedFargateService
= new ApplicationLoadBalancedFargateService(this,
"fargate-alb-service", {
cluster,
taskImageOptions: {
image: ContainerImage.fromRegistry(
“amazon/amazon-ecs-sample"
),
},
platformVersion: FargatePlatformVersion.VERSION1_3,
}
);

View Slide

• ͓͢͢Ίͷ࢖͍ํ
• طଘͷ L3 Construct ͰαʔϏεΛࢼ͢
( ecs_patterns ͳͲ )
• ࣮૷ͷجຊ͸ந৅Խ͞Εͨ L2 Construct
Λத৺ʹ׆༻
• L2 ະରԠαʔϏε͸ L1 Construct Λ׆༻
• ෳ਺ PJ Ͱಉ͡Α͏ͳߏ੒Λ࡞Δ͜ͱ͕ଟ
͍λΠϛϯάͰ L3 Construct ԽΛݕ౼
ίϯετϥΫτ૚ͷ࢖͍෼͚
ECS
CDK
Construct
ECS Cfn
Construct
L1
L2
ECS Cfn
Construct
ECS
Cloud
Formation
L3
ECS
Patterns
ECS
CDK
Construct
ECR
CDK
Construct
VPC
CDK
Construct
ALB
CDK
Construct
ECS
Cloud
Formation
1:1
ରԠ
ந৅Խ
…
…
ந৅Խ

View Slide

• ԿΞΧ΢ϯτ༻ҙ͢Δͷ͔
• ։ൃɺݕূɺຊ൪ͷAWSΞΧ΢ϯτ͸ཉ͍͠ɻ࠷௿Ͱ΋։ൃɺຊ൪ΞΧ΢ϯτ͸ඞਢ
• ΞϓϦଆͷ౎߹ʹ΋ΑΔ෦෼΋͋ΔͷͰɺΞϓϦͱΠϯϑϥͰνʔϜ͕ผΕΔ৔߹ͳͲ͸ཁ૬ஊ
• εέʔϧ͕૝ఆͰ͖ΔͳΒෛՙςετΞΧ΢ϯτͳͲ༻్ʹԠͯ͡૿΍ͯ͠΋ྑ͍
• ݕূ༻ͷΞΧ΢ϯτ͕͋Δͱɺݕূ->ຊ൪ΞΧ΢ϯτ΁ͷ IaC ͷߋ৽͕҆શʹߦ͑Δ
ෳ਺ΞΧ΢ϯτ΁ͷσϓϩΠ
ը૾Ҿ༻ݩɿʮʲਤղʳgit-flowɺGitHub FlowΛ։ൃݱ৔Ͱ࢖͍࢝ΊΔͨΊʹ͜Ε͚ͩ͸͓֮͑ͯ͜͏ɿͬͦ͜Γ࢝ΊΔGitʗGitHub௒ೖ໳ʢऴʣ - ˏITʯ
ɹɹɹɹɹɹɹhttps://atmarkit.itmedia.co.jp/ait/articles/1708/01/news015.html
Gitflow ͷྫ
→ ຊ൪ΞΧ΢ϯτ
→ ݕূΞΧ΢ϯτ
→ ։ൃΞΧ΢ϯτ
→ ։ൃΞΧ΢ϯτ(ݸਓ༻ελοΫ)

View Slide

• ԿΞΧ΢ϯτ༻ҙ͢Δͷ͔
• ։ൃɺݕূɺຊ൪ͷAWSΞΧ΢ϯτ͸ཉ͍͠ɻ࠷௿Ͱ΋։ൃɺຊ൪ΞΧ΢ϯτ͸ඞਢ
• ΞϓϦଆͷ౎߹ʹ΋ΑΔ෦෼΋͋ΔͷͰɺΞϓϦͱΠϯϑϥͰνʔϜ͕ผΕΔ৔߹ͳͲ͸ཁ૬ஊ
• εέʔϧ͕૝ఆͰ͖ΔͳΒෛՙςετΞΧ΢ϯτͳͲ༻్ʹԠͯ͡૿΍ͯ͠΋ྑ͍
• ݕূ༻ͷΞΧ΢ϯτ͕͋Δͱɺݕূ->ຊ൪ΞΧ΢ϯτ΁ͷ IaC ͷߋ৽͕҆શʹߦ͑Δ
ը૾Ҿ༻ݩɿʮϓϩμΫτͷϦϦʔεͱGitϒϥϯνӡ༻Λߟ͑ͯΈͨʯ
ɹɹɹɹɹɹɹhttps://dev.classmethod.jp/articles/product-git-branch-rule/
GitHub Flow ͕ϕʔεͷྫ

View Slide

• ෼཭ํ๏
• cdk.json ʹ֤؀ڥͷݸผͷఆ਺Λهࡌ
• σϓϩΠ࣌ͷ Context Ͱ؀ڥ͝ͱͷ৘ใΛ౉͢
• ελοΫଆҾ਺ͷ Props ܕΛ֦ுͯ͠ఆ਺Λ౉͢
cdk.json:
{
"app": "npx ts-node --prefer-ts-exts bin/hoge-app.ts”,
"context": {
"projectName": "hoge-fuga",
"dev": {
"description": "Develop environment variables",
"envName": "dev",
"env": {
"account": "123456789012",
"region": "ap-northeast-1"
}
},
"stg": {
"description": "Staging environment variables",
"envName": “stg",
...
}
...
}
}
σϓϩΠ࣌ͷίϚϯυɿ
cdk deploy -c environment=dev ~~
hoge-app.ts:
const app = new cdk.App();
const projectName = app.node.tryGetContext(‘projectName');
const envKey = app.node.tryGetContext(‘environment’);
const envValues = app.node.tryGetContext(envKey);
new HogeHogeStack(app,
`${envValues.env}-${projectName}-hogehoge-stack’, {
env: envValues.env,
envName: envValues.envName,
projectName: projectName,
});

View Slide

• AWS CDK ͸ίʔυͰ͔͚ΔͨΊࣗ༝౓͕ߴ͍
• هड़͕όϥ͚΍͘͢σϓϩΠखॱ΍ CI/CD ͷ
ઃఆʹ΋Өڹ͕ग़ͯ͘Δ
• ܾΊͨํ͕ྑ͍ن໿
• ίʔυΛͲ͜·Ͱ DRY ʹ͢Δ͔
ա৒ͳ DRY ͸ޙͷอकͰͷಡΈղ͖΍ελο
Ϋ෼ׂ͕ࠔ೉ʹͳΔ
• ૊৫ͱͯ͠ CCoE※ Λ্ཱͪ͛ͯޮ཰Խ͠
͍ͨ৔߹͸ɺL3 Construct ͷ࡞੒Λݕ౼
ίʔσΟϯάن໿
ECS
CDK
Construct
ECS
CFN
Construct
ConstructͷLayerͷΠϝʔδ
L1
L2
ECS
CFN
Construct
ECS
Cloud
Formation
L3
ECS
Patterns
ECS
CDK
Construct
ECR
CDK
Construct
VPC
CDK
Construct
ALB
CDK
Construct
ECS
Cloud
Formation
1:1
ରԠ
ந৅Խ
…
…
ந৅Խ
※ CCoE (Cloud Center of Excellence)
Ϋϥ΢υͷϕετϓϥΫςΟε ΍ϑϨʔϜϫʔΫɺΨόφϯεΛ࡞੒/఻ಓ͢ΔͨΊͷઐ໳νʔϜ
֓ཁࢀߟϦϯΫɿ
ʮCCoE(Cloud Center of Excellence)ʹ͍ͭͯ·ͱΊͯΈͨʯhttps://dev.classmethod.jp/articles/about_ccoe/

View Slide

• IDͷ໋໊ن໿
• ͓͢͢Ίɿ
${؀ڥ໊}-${ϓϩδΣΫτ໊}-෇໊͚͍ͨલ
• ελοΫɺϦιʔεͷIDΛ্هͰ͚ͭΔ
• ໌ࣔతʹϦιʔε໊Λ෇͚Δ͔
• ϕετϓϥΫςΟε͸ࣗಈੜ੒ʹ೚ͤΔ
• ࣗಈੜ੒ͷ৔߹ͷ஫ҙ
• Deletion Policy ͷ֬ೝ(ෆཁϦιʔεͷ࡟আ)
• ෳ਺ਓͰಉ͡ίʔυΛ࢖͍ID͕ಉͩ͡ͱϦιʔε໊͕ॏ
ෳ͢ΔαʔϏε͕͋ΔͷͰɺ্هͷ໋໊ن໿Ͱ෼͚Δ
• ελοΫIDΛϦιʔε໊ʹ൓ө͠ͳ͍αʔϏε΋͋Δ
(ex. Amazon Aurora ͷΫϥελʔ໊)
ίʔσΟϯάن໿
hoge-stack.ts:
…
new lambdaNodejs.NodejsFunction(
this,
`${props.envName}-${props.projectName}-hoge-lambda`,
{…}
);
…
cdk.json:
{
…
"context": {
"dev": { "envName": “dev" …},
"stg": { "envName": “stg” …},
…
}
։ൃ؀ڥͷσϓϩΠɿ
% cdk deploy -c environment=dev ~~
ݕূ؀ڥͷσϓϩΠɿ
% cdk deploy -c environment=stg ~~

View Slide

ίʔσΟϯάن໿
ΞϓϦ/ελοΫ૚྆ํ͕ cdk.json ࢀর͢Δྫɿ
cdk.json:
{
…
"context": {
…
}
hoge-app.ts(ΞϓϦ૚):
…
const projectName =
app.node.tryGetContext(‘projectName');
…
hoge-stack.ts(ελοΫ૚):
…
const envKey = this.node.tryGetContext(‘environment’);
…
σϓϩΠɿ
cdk.json
ελοΫ
૚
ӈͷϑΝΠϧߏ੒ͷΠϝʔδ
ΞϓϦ૚
• tryGetContext ͸Ͳ͜Ͱॻ͔͘
(cdk.json ͷ context ߲໨͔Βͷσʔλಡࠐ)
• ΞϓϦ૚Ͱ΋ελοΫ૚Ͱ΋ॻ͚Δ͕ͲͪΒͰ
࢖͏͔౷Ұͨ͠ํ͕Մಡੑ͸্͕Δ

View Slide

ίʔσΟϯάن໿
ΞϓϦ૚ͷΈ͕ cdk.json ࢀর͢Δྫɿ
cdk.json:
{
…
"context": {
…
}
hoge-app.ts(ΞϓϦ૚):
const projectName=app.node.tryGetContext(‘projectName');
const envKey = app.node.tryGetContext(‘environment’);
const envValues = app.node.tryGetContext(envKey);
// ελοΫ૚ͷݺͼग़͠
new HogeStack(app,
`${envValues.env}-${projectName}-hoge-stack’, {
env: envValues.env,
envName: envValues.envName,
projectName: projectName,
});
σϓϩΠɿ
cdk.json ΞϓϦ૚
ελοΫ
૚
• tryGetContext ͸Ͳ͜Ͱॻ͔͘
(cdk.json ͷ context ߲໨͔Βͷσʔλಡࠐ)
• ΞϓϦ૚Ͱ΋ελοΫ૚Ͱ΋ॻ͚Δ͕ͲͪΒͰ
࢖͏͔౷Ұͨ͠ํ͕Մಡੑ͸্͕Δ
• ͓͢͢Ίɿ
ΞϓϦ૚Ͱ͚ͩ tryGetContext Λॻ͍ͨํ͕
cdk.json ͱͷґଘΛ1Օॴʹ·ͱΊΒΕΔ
ӈͷϑΝΠϧߏ੒ͷΠϝʔδ

View Slide

• IaaS, PaaS, CaaS ͱͯ͠։ൃ͢Δ৔߹ɺ΄΅ݕ౼ෆཁ
• FaaS ͳΒैྔ՝ۚͳͷͰ։ൃऀ෼ϦιʔεͷσϓϩΠ͕Մೳ
• ෳ਺ਓͰ୯ҰΞΧ΢ϯτʹσϓϩΠ͢ΔͨΊͷ४උ
• ผΞΧ΢ϯτల։ͱಉ༷ʹ cdk.json ΁։ൃ؀ڥͷ಺༰
ͱ΄΅ಉ༷ͷݸਓ༻ͷઃఆΛهࡌ
• ID໊ʹ؀ڥ໊ΛؚΊΔΑ͏࣮૷
• ஫ҙ఺
• Ұ෦ैྔ՝ۚͰͳ͍ઃఆ(DynamoDBͷϓϩϏδϣχϯ
άϞʔυ΍LambdaͷProvisioned ConcurrencyͳͲ)ʹ
஫ҙ
• ݸਓ؀ڥ໊͕௕͍ͱID໊͕Ϧιʔε໊ʹ൓ө͞Ε
Amazon Simple Storage Service(S3) ͳͲͰϦιʔε໊
ͷ্ݶ(3~63จࣈ)ʹҾ͔͔ͬΔՄೳੑ͸͋Δ
ෳ਺ਓ։ൃ࣌ͷσϓϩΠํ๏
hoge-stack.ts:
…
new lambdaNodejs.NodejsFunction(
this,
`${props.envName}-${props.projectName}-hoge-lambda`,
{…}
);
…
cdk.json:
{
…
"context": {
"sat": { "envName": “sat” …},
"tmk": { "envName": “tmk” …},
…
}
ݸਓ؀ڥ(sat)ͷσϓϩΠɿ
% cdk deploy -c environment=sat ~~
ݸਓ؀ڥ(tmk)ͷσϓϩΠɿ
% cdk deploy -c environment=tmk ~~

View Slide

• ϞϊϦγοΫϦϙδτϦ(ϞϊϨϙ)
• 1ͭͷϦϙδτϦ഑ԼʹΞϓϦʹؔ͢ΔશͯͷίʔυΛؚΊΔ
ex. ϩάΠϯ༻ͷIAMϩʔϧ΍ϑϩϯτ/όοΫɺΞϓϦ/Πϯϑϥͷ࣮૷·Ͱ·ͱΊΔ
• ϞϊϨϙͷར఺
• 1ͭͷ GitHub Organization ʹෳ਺ͷ PJ ͕͋Δ৔߹͸ PJ ͷؔ܎Ϧιʔε͕෼͔Γ΍͍͢
(GitHub EnterPriseͰ͋Ε͹ PJ ͝ͱʹ Organization Λ෼ׂ΋Մೳ˞)
• ύοέʔδΛڞ༗͢Δ৔߹ɺAWS CDK ؔ࿈ͷύοέʔδͳͲͷઃఆΛ1Χॴʹ·ͱΊͯߋ৽͠΍͍͢
• ϞϊϨϙͷܽ఺
• σϓϩΠཻ౓͕ҟͳΔϦιʔεΛ෼཭ͯ͠ CI/CD ͢Δ࢓૊Έ͕ඞཁ
ʢGitHub Actions ͸ՄೳɺCodePipeline ͸ௐ੔͕ඞཁ?ʣ
• ύοέʔδΛڞ༗͢Δ৔߹ɺύοέʔδߋ৽ʹΑΔӨڹൣғ͕޿͘ͳΔͷͰ IaC ͷܧଓతͳςετ͕ඞཁ (ޙड़)
• ϞϊϨϙಛ༗ͷઃܭʹ࣌ؒΛ౤ࢿ͢Δඞཁ͕͋Δ
ϦϙδτϦͷཻ౓
※ʮEnterprise ΞΧ΢ϯτʹ Organization Λ؅ཧ͢Δʯ
ɹhttps://docs.github.com/ja/github/setting-up-and-managing-your-enterprise/managing-organizations-in-your-enterprise-account/adding-organizations-to-your-enterprise-account

View Slide

• ϚϧνϦϙδτϦ(ϚϧνϨϙ)
• ༻్ʹԠͯ͡ෳ਺ͷϦϙδτϦʹ෼͚Δɻผͷ IaC πʔϧ Terraform ͷެࣜυΩϡϝϯ
τͷҰ෦ͩͱͪ͜Β͕ਪ঑˞
ex. ϩάΠϯ༻IAMपΓɺϑϩϯτΤϯυ/όοΫΤϯυɺΠϯϑϥ/ΞϓϦͰ෼཭
• ϚϧνϨϙͷར఺
• ผϦϙδτϦͳͷͰ࡞ۀ෼୲͠΍͍͢
• ύοέʔδߋ৽ʹΑΔӨڹൣғ͕ϦϙδτϦ಺෦ʹཹ·Δ
• ؔ࿈ϦιʔεΛߟྀͤͣʹύοέʔδͷߋ৽͕Մೳ
• ϚϧνϨϙͷܽ఺
• ϦϙδτϦ෼ύοέʔδͷߋ৽؅ཧ͕ඞཁ
ϦϙδτϦͷཻ౓
※ʮTerraform Configurations in Terraform Cloud Workspacesʯhttps://www.terraform.io/docs/cloud/workspaces/configurations.html

View Slide

• IaC Խ͢Δࡍͷར఺
• υΩϡϝϯτΛॻ͔ͳͯ͘΋ઃܭ͕ίʔυͱͯ͠࢒ͤΔ
• ผΞΧ΢ϯτ΁ಉ͡ߏ੒ͷϦιʔεల։͕ඇৗʹૣ͍
• ݻఆͨ͠ૢ࡞ͰਓతϛεΛݮΒ͠΍͍͢
• ཪΛฦ͢ͱҎԼͷΑ͏ͳϦιʔεͳΒ IaC Խͷར఺͸গͳ͍
• ͙͢ʹऴΘΔΑ͏ͳ࡞ۀ͸ϝϞͷํ͕ IaC ΑΓઃఆ࣌/ϝϯςφϯε࣌ͷίετ΋௿͍
• ܧଓతͳมߋ͕গͳ͍ʢҰ౓ઃఆͨ͠Β΄΅Ԙ௮͚ʣ
• ༏ઌ౓͸௿ͦ͏ͳ಺༰
• Route53 ͷϨίʔυઃఆ
• ϩάΠϯ༻ IAMϢʔβ/ϩʔϧ ͷ࡞੒
• AWS Security HubɺAmazon GuardDuty ͳͲͷ AWS Organizations Ͱ·ͱΊͯ؅ཧͰ͖ΔϦιʔεͷઃఆ˞
ΞΧ΢ϯτͷ੍໿্ AWS Organizations ͕࢖͑ͣɺෳ਺ΞΧ΢ϯτ·ͱΊͯઃఆ͍ͨ͠৔߹͸͋Γ
Ͳ͜·Ͱ AWS CDK Խ͢Δ͔
※ࢀߟʮʲOrganizationsʳ૊৫಺͢΂ͯͷΞΧ΢ϯτɾ͢΂ͯͷϦʔδϣϯ΁ͷ GuardDutyઃఆΛ؆୯ʹߦ͏ʯhttps://dev.classmethod.jp/articles/organizations-guardduty-all-account-all-region/
ɹɹɹʮ[Ξοϓσʔτ]Security Hub͕ AWS Organizations ͱ౷߹ʂ૊৫಺ηΩϡϦςΟνΣοΫ؀ڥΛ؆୯ʹηοτΞοϓ/؅ཧͰ͖ΔΑ͏ʹͳΓ·ͨ͠ʯhttps://dev.classmethod.jp/articles/security-hub-integrates-organizations/

View Slide

• αʔϏεબఆ
(Code γϦʔζ or ֎෦ CI)
• Code γϦʔζͷར༻ύλʔϯ
• Code γϦʔζͷ৔߹ͷ໰୊
• ֎෦ CI ͷར༻ύλʔϯ
• ֎෦ CI ͷ৔߹ͷ໰୊఺
ΞδΣϯμ (CI/CDʣ

View Slide

• AWS CDK ͷ CI/CD ύΠϓϥΠϯΛ࡞Δʹ͸
େ·͔ʹ2ύλʔϯ͋Δ
• CodeγϦʔζ(AWS CodeBuild, AWS
CodePipeline)Λ࢖͏ύλʔϯ
• ֎෦ͷ CI αʔϏεΛ࢖͏ύλʔϯ
• ͦΕͧΕͷར఺
• Code γϦʔζɿҰ࣌ΫϨσϯγϟϧΛ
AWS ͷ֎΁౉ͣ͞ʹࡁΉ
• ֎෦ CIɿαϯϓϧίʔυ͕๛෋ɻyaml ͩ
͚Ͱखܰʹ࢖͑Δ
αʔϏεબఆ ( Code γϦʔζ or ֎෦ CI )
GitHub Actions
AWS CodeBuild AWS CodePipeline
etc…

View Slide

• Code γϦʔζΛͦͷ··࢖͏ (ҎԼ͸ GitHub ͷ৔߹)
• CI: CodeBuild
• CodeBuild ଆ͔Β GitHub ΁ͷ઀ଓΛઃఆ
• CodeBuild ΁ GitHubͷݸਓΞΫηετʔΫϯΛ౉͔͢ OAuth App Ͱͷೝূ͕ඞཁ
• GitHub Ͱ೚ҙͷϒϥϯν͔ΒͷPR࡞੒ΠϕϯτͳͲΛwebhookͰड͚ͯ CI Λ࣮ߦ͕Մೳʹ
• CD: CodePipeline + CodeBuild
• ઀ଓઃఆ͸ CodeBuild ͱҟͳΔ
• GitHub App ͰͷೝূΛߦͬͯ AWS CodeStar Connections Λ࡞੒͢Δ
(ιʔεϓϩόΠμʔ͕GitHub ver.2 ͷ৔߹)
• ݻఆͷϒϥϯν΁ Push ͳͲʹ൓Ԡͯ͠ύΠϓϥΠϯΛ࣮ߦ
• ঝೝύΠϓϥΠϯΛ૊Ή͜ͱ΋Մೳ
Code γϦʔζͷར༻ύλʔϯ

View Slide

• CD͸ CDK Pipelines Ͱߏங͢Δํ๏
• CodePipeline ͷ Construct Λ࢖͏ࡍͱൺ΂ͨϝϦοτ
• ύΠϓϥΠϯࣗମͷࣗಈߋ৽ɺฒྻ࣮ߦɺผΞΧ΢ϯτ΁ͷσ
ϓϩΠɺ࡞੒ϦιʔεͷݕূͳͲ͕؆୯ʹՄೳ
• CDK Pipelines ࣗମ͕ύΠϓϥΠϯΛߋ৽͢Δ
• CDK Pipelines ͷσϑΥϧτͷڍಈ
1. ݻఆͷϒϥϯν΁ͷϚʔδͳͲΛܖػʹ
ύΠϓϥΠϯ͕ىಈ
2. ύΠϓϥΠϯͷ్தͰύΠϓϥΠϯઃఆͷߋ৽͕͋Ε͹
ύΠϓϥΠϯࣗମΛσϓϩΠ
3. ύΠϓϥΠϯมߋޙͷঢ়ଶͰ࠷ॳ͔Β࣮ߦ
• selfMutating ΦϓγϣϯͰແޮԽ΋Մೳ
• ৄࡉ͸ࢀߟURLࢀর˞
• ݁࿦
• CI ͸ CodeBuildɺCD ͸ CDK Pipelines ͕༗ྗ? (ݕূத)
Code γϦʔζͷར༻ύλʔϯ (CDK Pipelines)
CDK Pipelines ߋ৽ͷྲྀΕ(Deploy StageΛ௥Ճͨ͠৔߹)
1.
AWS
CodePipeline
Source
Stage
Build
Stage
Pipeline
Update
Stage
2.
AWS
CodePipeline
Source
Stage
Build
Stage
Pipeline
Update
Stage
AWS CDK
3.
AWS
CodePipeline
Source
Stage
Build
Stage
Deploy
Stage
Pipeline
Update
Stage
※ࢀߟʮCDK Pipelinesͷmodern APIΛ࢖ͬͯCDKΞϓϦέʔγϣϯΛσϓϩΠ͢Δʯhttps://aws.amazon.com/jp/blogs/news/deploying-a-cdk-application-using-the-cdk-pipelines-modern-api/

View Slide

• CI/CD Λ૊Ήํ๏͕͙͢ʹ෼͔Βͳ͍ (ݸਓͷײ૝Ͱ͢)
• ex. CodePipeline ͕ branch ࢦఆͰ͔͠ύΠϓϥΠϯ͕૊Ίͳ͍ɻ೚ҙ
ͷ branch Λ࡞੒ͯ͠ Pull Request Ͱ CI ͍ͨ͠৔߹Ͳ͏΍Δͷ͔ʁ
→ CodeBuild ͷΈ࢖͏
• ex. CodeBuild ͱ CodePipeline Ͱ GitHub ΁ͷ઀ଓํ๏͕ҟͳΔ
• CodeBuildɿGitHub ͷݸਓ༻ΞΫηετʔΫϯ or OAuth App
• CodePipelineɿCodeStar Connections + GitHub App
ɹɹɹɹɹɹɹ(ιʔεϓϩόΠμʔ͕ GitHub ver.2 ͷ৔߹)
Code γϦʔζͷར༻࣌ͷ໰୊఺

View Slide

• ଞͷ CI ʹൺ΂ΔͱτϦΨʔΛॊೈʹઃܭͰ͖ͳ͍ or ઃఆ͕೉͍͠෦෼͕ଟʑ͋Δ
• ಛఆͷϑΝΠϧͷมߋͷ͚࣌ͩ൓Ԡͯ͠ύΠϓϥΠϯ࣮ߦ͕Ͱ͖ͳ͍
• Push Ҏ֎ͷΠϕϯτͰύΠϓϥΠϯΛಈ͔͢৔߹ɺೝূํࣜΛݹ͍΋ͷʹ੾Γସ͑ͯ
webhook ϑΟϧλͷमਖ਼͕ඞཁ
• CodeBuild ͱ GitHub ͷඥ෇͚͕1ͭͷ GitHub ΞΧ΢ϯτܦ༝ʹͳΔͷͰ஫ҙ
• CodeBuild ͱ GitHub ͷ઀ଓΛݸਓͷΞΧ΢ϯτͰઃఆ͢Δͱ CodeBuild ΁ͷΞΫηεݖݶΛ࣋
ͭଞͷϢʔβʹ΋ϓϥΠϕʔτͳϦϙδτϦ΍ଞͷ GitHub Organization ͷϦϙδτϦ͕ݟ͑ͯ
͠·͏˞
→ ༗ྉͷ GitHub ΞΧ΢ϯτΛߪೖ͢Δ͔ɺಈతʹ CodePipeline Λ࡞Δ࢓૊Έ͕ඞཁ
Code γϦʔζͷར༻࣌ͷ໰୊఺
※ࢀߟURLɿʮCodeBuild ͱ GitHub ࿈ܞͰࠔͬͨ͜ͱ - omuronͷඋ๨࿥ʯhttps://omuron.hateblo.jp/entry/2020/04/30/200000
ɹɹɹɹɹ ಈతʹCodePipelineΛ࡞Δ࣮૷ͷࢀߟʮawesome-codepipelineʯhttps://github.com/nicolai86/awesome-codepipeline-ci

View Slide

• GitHub Actions ͷར఺
• ެࣜͷΞΫγϣϯ (aws-actions ͳͲ) Ͱ AWS ؀ڥ΁ͷ
σϓϩΠ࣌ʹඞཁͳૢ࡞͕͋Δఔ౓ิ׬͞Ε͍ͯΔ
• ϫʔΫϑϩʔͷߏ଄͕γϯϓϧͰಡΈ΍͍͢
• ࢦఆͨ͠ϑΝΠϧ΍σΟϨΫτϦͷมߋʹ͚ͩ൓Ԡͯ͠
ϫʔΫϑϩʔΛ࣮ߦͰ͖Δ
• GitHub Actions ͰͷσϓϩΠͷྲྀΕ
• CIɿ
• GitHub ΁ͷ PR࡞੒Ͱ࣮ߦ͢ΔϫʔΫϑϩʔΛఆٛ͢Δ
• CDɿ
• GitHub ಛఆͷϒϥϯν΁ͷϚʔδ΍λά࡞੒ʹԠͯ͡
AWS؀ڥ΁σϓϩΠ͢ΔϫʔΫϑϩʔΛఆٛ͢Δ
• ϫʔΫϑϩʔͷதͰAWS΁ΞΫηε͢ΔͨΊͷΫϨσϯ
γϟϧΛऔಘ͢Δ
֎෦ CI ͷར༻ύλʔϯ ( GitHub Actions ͷྫ )
CI ϫʔΫϑϩʔͷྫɿ
name: project-ci.yml
on:
pull_request:
paths:
- ‘*.json’
- '.github/workflows/project-ci.yml'
jobs:
integ:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
…
CD ϫʔΫϑϩʔͷྫɿ
name: project-cd.yml
on:
push:
branches:
- develop
- staging
…

View Slide

• AWS ֎෦ͷ SaaS ͕ඞཁͳͷͰ૊৫ʹΑͬͯ͸ผ్ߪೖਃ੥͔Βঝೝ·Ͱʹ͕͔͔࣌ؒΔ
• ੥ٻ΋෼཭͢ΔͷͰ఻౷తͳاۀ΄Ͳॲཧ͕େมʹͳΔ
• ೝূΩʔ৘ใͷྲྀग़ͷߟྀ
• ೝূΩʔ৘ใ͕ྲྀग़͠AWSͷϦιʔεΛෆਖ਼ʹ࢖༻͞ΕΔϦεΫ͕͋Δ
• ࠷௿ݶඞཁͳରॲ
• CI αʔϏεʹ༩͑ΔݖݶΛ࠷খʹ͢Δʢ FaaS ͩͱॊೈʹݖݶΛมߋ͍ͯ͘͠ͷ͸େม…ʣ
• ωοτ্ͳͲͰఏҊ͞Ε͍ͯΔ͍͔ͭ͘ͷରॲํ๏
• ݖݶͷͳ͍IAMϢʔβ͔ΒCloudFormationσϓϩΠ༻ͷϩʔϧʹεΠονͯ͠σϓϩΠ͢Δํ๏
• Ωʔ৘ใ͕ྲྀग़ͯ͠΋σϓϩΠγʔέϯεͱݖݶ͕෼͔Βͳ͚Ε͹࢖༻Ͱ͖ͳ͍
ग़యɿ
ʮ[AssumeRole] ΞΫηεΩʔ͕࿙Ӯͯ͠΋ඃ֐͕࠷খݶʹͳΔIAMϢʔβͰCloudFormationʹσϓϩΠ͢Δํ๏ʯ
ɹɹɹhttps://dev.classmethod.jp/articles/assume-role-deploy-iam-user-and-role/
• σϓϩΠ࣌MFAೝূΛߦ͏ํ๏
• σϓϩΠ༻ϢʔβͷϫϯλΠϜύεϫʔυΛ 1password ͰνʔϜʹڞ༗ͯ͠MFAೝূΛ͔͚Δ
֎෦ CI ͷར༻࣌ͷ໰୊఺

View Slide

• ωοτ্ͰఏҊ͞Ε͍ͯΔ͍͔ͭ͘ͷରॲํ๏ (ଓ͖)
• CloudShellܦ༝ͰೝূΩʔΛऔಘ͢Δํ๏
• CloudShell্ͷΩʔ৘ใΛϥϯμϜͳURLͱผͷΩʔ৘ใͰެ։͠CIʹ౉࣮ͯ͠ߦ͢Δ
ग़యɿʮGitHub Actionsʹʮڧ͍ʯAWSͷݖݶΛ౉͍ͨ͠ʯ
ɹɹɹ https://speakerdeck.com/fujiwara3/aws-credentials-on-actions
• MFAͷ୅ΘΓʹ Google ID Token ͳͲΛ࢖͏ํ๏
• Google ID Token ͳͲͰҰ࣌తʹऔಘͰ͖ΔJWTτʔΫϯΛσϓϩΠ༻ϩʔϧͷ৴པؔ܎ʹ௥Ճͯ͠ೝূ͢Δ
ग़యɿʮGitHub Actionsʹʮڧ͍ʯAWSͷݖݶΛ౉͍ͨ͠ ~࡞ઓ3 - AssumeRole with Google ID Token ~ʯ
ɹɹɹ https://techblog.kayac.com/assume-role-with-google-id-token
֎෦ CI ͷར༻࣌ͷ໰୊఺

View Slide

• New update!! (2021/9/15)
• GitHub Actions ͕ Open ID Connect Λར༻
ͨ͠Ϋϥ΢υ؀ڥ΁ͷσϓϩΠʹରԠ ( β )
• GitHub ্ʹೝূΩʔΛஔ͔ͣʹɺҰ࣌ΫϨ
σϯγϟϧͷΈͰ AWS ΁ͷૢ࡞͕Մೳʹͳ
Γ·ͨ͠ 🎉
• Ұ࣌ΫϨσϯγϟϧ͸ AWS ֎෦ʹஔ͔Ε
ΔͷͰ͚ͦͩ͜஫ҙ
֎෦ CI ͷར༻࣌ͷ໰୊఺
ը૾Ҿ༻ɿhttps://github.com/github/roadmap/issues/249
Actions: Secure cloud deployments with Open ID Connect

View Slide

• CloudWatch Dashboard ͷ࡞੒
• Ξϥʔτͷ࡞੒
• γϯηςΟΫε؂ࢹͷ࡞੒
• AWS CDK ͷόʔδϣϯΞοϓ
• ΠϯϑϥͷϢχοτςετ
• ݕূ؀ڥͰσϓϩΠ/ಈ࡞ςετ
• ۓٸ࣌ͷରॲʗखಈมߋͷऔࠐ
ΞδΣϯμ (ӡ༻ʣ

View Slide

• ੜ੒ͨ͠Ϧιʔεʹରͯ͠؆୯ʹμογϡϘʔυ͕࡞੒Ͱ͖Δ
CloudWatch Dashboard ͷ࡞੒
ը૾Ҿ༻ݩɿhttps://github.com/cdk-patterns/serverless/tree/main/the-cloudwatch-dashboard/typescript
new cloudwatch.Dashboard(
this,
`${props.envName}-${props.projectName}-cloudwatch-dashboard`,
{ dashboardName:
`${props.envName}-${props.projectName}-dashboard`
},
).addWidgets(
new cloudwatch.GraphWidget({
title: ‘Requests',
// apiGatewayRequestsCount: cloudwatch.MathExpression
left: [apiGatewayRequestsCounts],
stacked: true,
width: 8,
…
});

View Slide

• ੜ੒ͨ͠Ϧιʔεʹରͯ͠؆୯ʹΞϥʔτ͕࡞੒Ͱ͖Δ
Ξϥʔτͷ࡞੒
ը૾Ҿ༻ݩɿhttps://github.com/cdk-patterns/serverless/tree/main/the-cloudwatch-dashboard/typescript
new cloudwatch.Alarm(
this,
`${props.envName}-${props.projectName}-apig-4xx-error-count`,
{
metric: apiGateway4xxErrorRequests,
threshold: props.restApi4xxAlertThreshold,
evaluationPeriods: 1,
datapointsToAlarm: 1,
treatMissingData: cloudwatch.TreatMissingData.NOT_BREACHING,
},
).addAlarmAction(
new cloudwatchActions.SnsAction(errorNotificationTopic)
);

View Slide

΋ͬͱৄ͍͠಺༰͸͜ͷํͷൃදͰʂ
CloudWatch ΞϥʔϜͷ࡞੒

View Slide

• ΞϓϦ΍APIΤϯυϙΠϯτʹରͯ͠γϯηςΟΫε؂ࢹ͕Ͱ͖Δ
γϯηςΟΫε؂ࢹͷ࡞੒
ίʔυҾ༻ݩɿhttps://dev.classmethod.jp/articles/aws-cdk-cloudwatch-synthetics-canary/
...
const screenCanary = new Canary(this, 'screen-canary', {
canaryName: 'screen-canary',
schedule: Schedule.rate(cdk.Duration.minutes(10)),
test: Test.custom({
code: Code.fromAsset(
path.join(__dirname,‘../lambda/canary')
),
handler: 'screen-canary.handler'
})
})
...
※ AWS Lambda ͳͲ͕ཪͰಈ͍͍ͯΔͷͰͲ͜ͷϦʔδϣϯͰઃఆ͢Δ͔͸ཁݕ౼

View Slide

• جຊසൟͳΞοϓσʔτ͸ඞཁͳ͍
• CloudFormation ςϯϓϨʔτͷੜ੒πʔϧͳͷͰ໰୊͕ى͖ʹ͍͘
• ҎԼͷ؍఺Ͱఆظతͳߋ৽͕ඞཁ
• ੬ऑੑରԠͰͷϏοΫόϯΞοϓσʔτ๷ࢭ
• Semantic Versioning ͸فΓɺޙํޓ׵ੑͷͳ͍ϚΠφʔ/ύονΞοϓσʔτ΋͋Γ͏Δ
• ৽ػೳ΁ͷରԠ
• Lambda ͷ Hotswap deploy ͳͲɺศརͳػೳΛૣΊʹ࢖͏ͨΊ
• Ξοϓσʔτपظ (PJͰͷࢀߟྫ)
• ϚΠφʔ/ύονΞοϓσʔτ
• CI/CD ʹεφοϓγϣοτςετΛ૊ΈࠐΜͰɺAWS CDK ͕ੜ੒͢Δ CloudFormation ʹม
Խ͕ͳ͚Ε͹ఆظతʹόʔδϣϯΛߋ৽͢ΔΑ͏࣮૷
AWS CDK ͷόʔδϣϯΞοϓ

View Slide

• AWS CDK ͷόʔδϣϯΞοϓ͢Δͱ͖͚ͩ࢖͏(ݸਓͷײ૝Ͱ͢)
• ʮAWS CDKͷόʔδϣϯΞοϓʯͷ෦෼Ͱॻ͍ͨΑ͏ʹ stable Ͱ΋ഁյతม
ߋ͕ى͖Δ৔߹΋͋Δ
→҆શʹόʔδϣϯΞοϓ͢ΔͨΊʹςετ͕ඞཁ
• બ୒͢Δςετ
• Snapshot Test : લճੜ੒ͨ͠ςϯϓϨʔτͱࠓճͷࠩ෼Λ֬ೝ͢Δςετ
• ͦͷଞͷςετ(CDK ͷ Construct Λಠ֦ࣗு͢ΔͳΒ࢖͏?)
• Fine-grained Test : ૝ఆ͞ΕΔύϥϝʔλ͕࡞੒͞ΕΔ͔ͷςετ
• Validation Test : ελοΫͷύϥϝʔλΛόϦσʔγϣϯͰ͖Δ͔ͷςετ
ΠϯϑϥͷϢχοτςετ

View Slide

• σϓϩΠςετ͸ͳͥඞཁͳͷ͔
• ݱঢ়ͷϦιʔεʹରͯ͠ CloudFormation Λ࣮ߦͨ͠৔߹ʹ໰୊͕Ͱͳ͍͔Λ֬ೝ͢ΔͨΊɻຊ൪ϦϦʔε࣌ʹ
खॱ͕͍Βͳ͍͔ͷ֬ೝ
• (Gitflowͷ৔߹)
։ൃ->ݕূϒϥϯν΁ͷϚʔδ͔Βݕূ->ຊ൪ϒϥϯν΁ͷϚʔδͷظ͕ؒ։͘ͱɺݕূͱຊ൪ͷιʔεͷဃ
཭͕େ͖͘ͳΓσϓϩΠ͕ࣦഊ͢Δύλʔϯ΋͋Δ (ex. DynamoDB ͷ GSI ͕ෳ਺ಉ࣌ߋ৽ʹͳͬͯΤϥʔ౳)
• CI/CD ύΠϓϥΠϯʹରͯ͠ద੾ͳݖݶ͕͋Δ͔֬ೝ
• ಈ࡞ςετ
• ϦϦʔεޙʹ֤छϦιʔε΁ͷΞΫηεͳͲ͕ਖ਼ৗʹಈ͔͘
• ϙϦγʔ/ϩʔϧͰมߋ͕ͳ͍͔ɺมߋ͕͋Δ৔߹͸࠷௿ݶ AWS ͷݖݶ؍఺Ͱ໰୊ͳ͍͔֬ೝ͢Δςετ͸ඞཁ
ݕূ؀ڥͰσϓϩΠ/ಈ࡞ςετ

View Slide

• ΞϓϦ/Πϯϑϥো֐ͷ৔߹ɺۓٸ࣌͸جຊҎԼͷରԠ
• ຊ൪ϒϥϯν΍λά͔Β hotfix ϒϥϯνΛ੾ͬͯमਖ਼ͯ͠Ϛʔδ
• ҰࠁΛ૪͏৔߹͸࠷ѱखಈมߋ
• खಈۓٸมߋޙͷରॲ(Gitflowͷ৔߹)
• ݕূ؀ڥͷϦιʔεΛຊ൪؀ڥͱಉ͡ঢ়ଶʹ͢Δ
• AWS CDK ʹۓٸରԠͨ͠಺༰ΛऔΓࠐΉ
• ݕূ؀ڥ΁ͷ CloudFormation σϓϩΠ͕ਖ਼ৗʹऴΘΔ͔ςετ͢Δ
• ໰୊͕ى͖Δ৔߹͸ݕূ؀ڥͷঢ়ଶΛຊ൪؀ڥ૬౰ʹ໭ͯ͠࠶ςετ
ۓٸ࣌ͷରॲʗखಈมߋͷऔΓࠐΈ

View Slide

• ॳظ։ൃ࣌ͷݕ౼ࣄ߲
• ΞϓϦ૚/ελοΫ૚/ίϯετϥΫτΛͲ͏࢖͏͔ܾΊΔ͜ͱ͕ॏཁ
• ίʔσΟϯάن໿΍ෳ਺ΞΧ΢ϯτӡ༻ͷํ਑΋ૣΊʹೝࣝΛ߹ΘͤΑ͏
• CI/CD ؀ڥͷ࡞੒
• Code γϦʔζ͸ΫϨσϯγϟϧΛAWS֎෦ʹग़͞ͳͯ͘ྑ͍ɻॊೈͳઃܭ͸೉͍͠
• ֎෦ CI ͸ॊೈʹϫʔΫϑϩʔΛ૊Έ΍͍͢ɻҰ࣌ΫϨσϯγϟϧͷѻ͍ʹ஫ҙ
• ӡ༻
• ӡ༻Ͱඞཁͳ؂ࢹΞϥʔτઃܭ΍μογϡϘʔυ࡞੒΋ AWS CDK Ͱ࡞੒Մೳ
• ܧଓతͳΞοϓσʔτͷͨΊʹΠϯϑϥςετ͸͋ͬͨํ͕ྑ͍
·ͱΊ

View Slide

ࣾ֎
• ͞ΘΒ͞Μ https://hiroga.hatenablog.com/
ࣾ಺
• shuntaka ͞Μ https://dev.classmethod.jp/author/takahashi-shunichi/
• ౻Ҫݩو ͞Μ https://dev.classmethod.jp/author/fujii-genki/
• lee.byonghun ͞Μ https://dev.classmethod.jp/author/lee-byonghun/
Special Thanks 🎉
ҎԼͷօ͞ΜʹࢿྉϨϏϡʔ͍͖ͨͩ·ͨ͠ʂ͋Γ͕ͱ͏͍͟͝·͢ʂ

View Slide

એ఻
ฐࣾ IoT ࣄۀ෦Ͱ͸ࠓճൃදͨ͠Α͏ͳ࣮૷/ઃܭ΋සൟʹ΍ͬͯ·͢ʂ
ʮIoTόοΫΤϯυΤϯδχΞʯͰݕࡧʂʂ

View Slide

Thank you!
Tomoki Sato
AWS CDK ͸Ͳ͏࢖͍͜ͳ͢ͷ͔ɺॳظ։ൃ͔Βӡ༻·Ͱͷϊ΢ϋ΢

View Slide

AWS CDKはどう使いこなすのか、初期開発から運用までのノウハウ/know-how-from-initial-development-to-operation-on-how-to-use-aws-cdk

AWS CDKはどう使いこなすのか、初期開発から運用までのノウハウ/know-how-from-initial-development-to-operation-on-how-to-use-aws-cdk

tomoki10

More Decks by tomoki10

Other Decks in Technology

Featured

Transcript