Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWS CDKの最強の書き方を実践してみる 2023年版/practice-the-strongest-writing-method-of-aws-cdk-2023-edition

tomoki10
July 08, 2023
Technology
4
3.8k

AWS CDKの最強の書き方を実践してみる 2023年版/practice-the-strongest-writing-method-of-aws-cdk-2023-edition

DevelopersIO 2023のイベントで登壇した際の内容です。

tomoki10

July 08, 2023
Tweet

More Decks by tomoki10

See All by tomoki10
ECS on Fargate のセキュリティ対策は何をやるべき?開発者目線で考える/security-for-ecs-on-fargate-secjawsdays
tomoki10
9
3.5k
CDK支部のこれまでとこれから / jaws-ug-cdk-past-and-future
tomoki10
1
510
AWS CDKでECS on FargateのCI/CDを実現する際の理想と現実 / ideal-and-reality-when-implementing-cicd-for-ecs-on-fargate-with-aws-cdk
tomoki10
13
19k
AWSCDKを通してAWSを学ぶ/learn AWS through AWS CDK
tomoki10
0
2.5k
それでも俺はAWS CDKが作るリソースに物理名を付けたい 〜CDKのベストプラクティスは本当にベストなのか〜 / AWS CDK resource name can be a physical name
tomoki10
1
4.5k
IoT系サービス総まとめ+CDK関連アップデート/regrowth-iot-and-cdk
tomoki10
0
990
RetoolとAWSでIoTデータ可視化基盤を最速で作ってみた #devio2021/iot-data-visualization-with-retool-and-aws
tomoki10
0
1.6k
AWS CDKはどう使いこなすのか、初期開発から運用までのノウハウ/know-how-from-initial-development-to-operation-on-how-to-use-aws-cdk
tomoki10
5
6.6k
AWS CDKとTerraformをn個の観点で徹底比較/compare-aws-cdk-and-terraform-from-n-perspectives
tomoki10
7
8.7k

Other Decks in Technology

See All in Technology
Beyond the Baseline: Horizons for Cloud Security Programs
ramimac
0
170
Microsoft Azure Well-Architected Framework でセキュアに
masakamayama
1
180
LLMアプリケーションの安定性を高めるための精度評価・改善
nrryuya
0
460
サーバーレス技術とDevSecOps: 安全かつ迅速なデプロイメントの新時代
gl_tsukasa
1
450
(n=1の)テーブルデータコンペの取り組み方
makotu
2
1.2k
360度写真を使った 屋内地図の作成
kawajiritakayuki
0
100
Designing an Incident Response Process at Scale
opeonikute
0
160
バクラクのAI-OCR機能を支えるアノテーションの仕組み
tomoaki25
2
370
開発生産性と組織 / Productivity and Organization
1000ch
0
120
サーバーレスで仮想待合室を作ろう! / Serverless Virtual Waiting Room
_kensh
3
970
kanto_kaggler_senkin13
senkin13
1
600
データベーススペシャリストというキャリアと生存戦略 ~10年後も変わらないこと、変わること / career-spiral
soudai
16
4.8k

Featured

See All Featured
Scaling GitHub
holman
455
140k
Why You Should Never Use an ORM
jnunemaker
PRO
49
8.2k
In The Pink: A Labor of Love
frogandcode
135
21k
Web Components: a chance to create the future
zenorocha
304
41k
10 Git Anti Patterns You Should be Aware of
lemiorhan
644
56k
Visualization
eitanlees
131
13k
Navigating Team Friction
lara
177
12k
Done Done
chrislema
178
15k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
239
1.2M
Rails Girls Zürich Keynote
gr2m
90
12k
Building Effective Engineering Teams - LeadDev
addyosmani
21
950
Atom: Resistance is Futile
akmur
257
24k

Transcript

  1. AWS CDKͷ࠷ڧͷॻ͖ํΛ
    ࣮ફͯ͠ΈΔ 2023೥൛
    2023/7/8
    CXࣄۀຊ෦ ࠤ౻ஐथ

    View Slide

  2. View Slide

  3. ࣗݾ঺հ
    • ࠤ౻ஐथ
    • CXࣄۀຊ෦ ΞʔΩςΫτνʔϜ Ϛωʔδϟʔ
    • JAWS-UG CDKࢧ෦ ӡӦ
    • ڭһ໔ڐ ߴߍ/தֶ਺ֶ ৘ใ
    • ޷͖ͳAWSαʔϏεɿLambdaɺCDK
    3
    @tmk2154
    tomoki10

    View Slide

  4. ࠓճ࿩͢͜ͱʢҰ୴঺հʣ
    ҎԼͷτϐοΫ͔ΒԿݸ͔࿩͢
    4
    1. جຊతͳCDKͷߏ੒ͷ͓͞Β͍
    2. CDKͰ͸ա౓ͳந৅ԽΛආ͚Δ
    3. StackͰͳ͘ConstructͰ෼͚Δ
    4. Construct ͸ L2(+α)ΛϝΠϯͰ࢖͏
    5. ؀ڥ͝ͱͷࠩ෼͸஋ΦϒδΣΫτΛ࢖͏
    6. Stackఆٛͷग़͠෼͚
    7. ςετΛͲ͜·Ͱ΍Δ͔
    8. NodejsFunctionΛ࢖͓͏ҕһձ
    9. ϞϊϨϙ͔ɺγϯάϧϨϙ͔

    View Slide

  5. ࠓ೔ͷϋογϡλά 5
    ɹ #devio2023

    View Slide

  6. ໨࣍
    •νϣʔΫτʔΫͱ͸
    •ͳͥࠓ೔࿩͢ͷ͔
    •࿩͢͜ͱͷݩωλ
    •ࠓճ࿩͢͜ͱ
    6

    View Slide

  7. νϣʔΫτʔΫͱ͸
    ٕज़΍ઐ໳஌ࣝʹؔ͢ΔτϐοΫʹ͍ͭͯɺΤΩεύʔτ΍
    ઐ໳Ո͕ࢀՃऀʹରͯ͠௚઀తʹઆ໌΍σϞϯετϨʔγϣ
    ϯΛߦ͍ͳ͕Βɺର࿩΍σΟεΧογϣϯΛߦ͏Πϕϯτܗ
    ࣜͰ͢ɻ
    νϣʔΫτʔΫͷಛ௃͸ɺࢀՃऀͱΤΩεύʔτͱͷؒͰର
    ࿩΍σΟεΧογϣϯ͕׆ൃʹߦΘΕΔ͜ͱͰ͢ɻࢀՃऀ
    ͸ɺ࣭໰Λͨ͠Γɺٙ໰΍ҙݟΛड़΂ͨΓ͢Δ͜ͱͰɺΤΩ
    εύʔτͱͷ૬ޓ࡞༻Λ௨ͯ͡ΑΓਂ͍ཧղ΍஌ࣝΛಘΔ͜
    ͱ͕Ͱ͖·͢ɻ
    7

    View Slide

  8. νϣʔΫτʔΫͱ͸
    ٕज़΍ઐ໳஌ࣝʹؔ͢ΔτϐοΫʹ͍ͭͯɺΤΩεύʔτ΍
    ઐ໳Ո͕ࢀՃऀʹରͯ͠௚઀తʹઆ໌΍σϞϯετϨʔγϣ
    ϯΛߦ͍ͳ͕Βɺର࿩΍σΟεΧογϣϯΛߦ͏Πϕϯτܗ
    ࣜͰ͢ɻ
    νϣʔΫτʔΫͷಛ௃͸ɺࢀՃऀͱΤΩεύʔτͱͷؒͰର
    ࿩΍σΟεΧογϣϯ͕׆ൃʹߦΘΕΔ͜ͱͰ͢ɻࢀՃऀ
    ͸ɺ࣭໰Λͨ͠Γɺٙ໰΍ҙݟΛड़΂ͨΓ͢Δ͜ͱͰɺΤΩ
    εύʔτͱͷ૬ޓ࡞༻Λ௨ͯ͡ΑΓਂ͍ཧղ΍஌ࣝΛಘΔ͜
    ͱ͕Ͱ͖·͢ɻ
    8

    View Slide

  9. ͍ͭͰ΋/ͲΜͳ࣭໰Ͱ΋
    Welcome!!
    9

    View Slide

  10. CDKͬͯԿʁ
    ͿͬͪΌ͚ࠓ೔ϊϦͰདྷͨΜͰ
    10
    ྫ͑͹…

    View Slide

  11. ࣭໰
    CDK࢖ͬͨ͜ͱ͕͋Δਓʁ
    ɹɹɹ1. ࢓ࣄͰ2೥Ҏ্࢖͍ͬͯΔ
    ɹɹɹ2. ࢓ࣄͰ1೥Ҏ্࢖͍ͬͯΔ
    ɹɹɹ3. ϋϯζΦϯ΍ۀ຿֎Ͱࢼ͍ͯ͠Δ
    ɹɹɹ4. ࢖ͬͨ͜ͱ͕ͳ͍
    11

    View Slide

  12. ͳͥࠓ೔࿩͢ͷ͔ 12
    ੲͷࢿྉ

    View Slide

  13. 2021೥ͷࢿྉͰݕ౼ࣄ߲͸ྑ͍͕౴͑͸ݹ͘ͳ͖ͬͯͨ
    ͳͥࠓ೔࿩͢ͷ͔ 13

    View Slide

  14. ࠓճ࿩͢͜ͱͷݩωλ 14

    View Slide

  15. ࢿྉ΋Ξοϓϩʔυ͞Εͯ·͢ 15

    View Slide

  16. ͜ͷ໘ന͞఻ΘͬͯΔͷ͔ͳ͋ʁ
    ΋ͬͱ޿Ί͍ͨʂ
    16

    View Slide

  17. ࠓճ࿩͢͜ͱ
    ҎԼͷτϐοΫ͔ΒԿݸ͔࿩͢
    17
    1. جຊతͳCDKͷߏ੒ͷ͓͞Β͍
    2. CDKͰ͸ա౓ͳந৅ԽΛආ͚Δ
    3. StackͰͳ͘ConstructͰ෼͚Δ
    4. Construct ͸ L2(+α)ΛϝΠϯͰ࢖͏
    5. ؀ڥ͝ͱͷࠩ෼͸஋ΦϒδΣΫτΛ࢖͏
    6. Stackఆٛͷग़͠෼͚
    7. ςετΛͲ͜·Ͱ΍Δ͔
    8. NodejsFunctionΛ࢖͓͏ҕһձ
    9. ϞϊϨϙ͔ɺγϯάϧϨϙ͔

    View Slide

  18. αϯϓϧϦϙδτϦ
    https://github.com/tomoki10/cdk-best-design-2023
    18

    View Slide

  19. جຊతͳCDKͷߏ੒ͷ͓͞Β͍ 19
    DELKTPO
    03
    ŠBQQPQUJPO
    FOUSZQPJOU

    View Slide

  20. جຊతͳCDKͷߏ੒ͷ͓͞Β͍ 20

    View Slide

  21. CDKͰ͸ա౓ͳந৅ԽΛආ͚Δ
    खଓܕ͕ͩએݴܕతʹॻ͘
    21

    View Slide

  22. CDKͰ͸ա౓ͳந৅ԽΛආ͚Δ
    खଓܕ͕ͩએݴܕతʹॻ͘

    ҎԼ͸ۃ୺ͳѱ͍ྫ
    22

    View Slide

  23. CDKͰ͸ա౓ͳந৅ԽΛආ͚Δ
    Ifɺfor΋ۃྗॻ͔ͳ͍ɺ؀ڥࠩҟ͸جຊύϥϝʔλͰઃఆ

    ։ൃ/ຊ൪ؒͰͷϦιʔεଘࡏͷࠩҟ΋ۃྗ཈͑Δ※
    23
    ※ ʮTwelve-Factor App ։ൃ/ຊ൪Ұகʯhttps://12factor.net/ja/dev-prod-parity

    View Slide

  24. StackͰͳ͘ConstructͰ෼͚Δ 24
    PropsʹΑΔStackؒࢀর͕ݩڟͰCDK࢖༻ऀͷ

    ΄΅100%͕ϋϚΔ᠘
    ࢖͍ͬͯͳ͍

    ͋Δ

    CDKͷΫϩεελοΫؒࢀরͰ

    ٧·ͬͨ͜ͱ͸͋Γ·͔͢ʁ(Սۭ)
    https://dev.classmethod.jp/articles/aws-cdk-props-cross-stack-reference-
    problem-and-handle/

    View Slide

  25. StackͰͳ͘ConstructͰ෼͚Δ 25

    View Slide

  26. L1,2,3 Constructͷ͓͞Β͍ 26
    $POTUSVDUͷ-BZFSͷΠϝʔδ
    -
    -
    -
    &$4
    $%,
    $POTUSVDU
    &$3
    $%,
    $POTUSVDU
    71$
    $%,
    $POTUSVDU
    &$4$GO
    $POTUSVDU
    &$4
    $%,
    $POTUSVDU
    &$4$GO
    $POTUSVDU
    &$4
    $MPVE
    'PSNBUJPO
    &$4
    1BUUFSOT
    &$4
    $MPVE
    'PSNBUJPO
    ʜ
    ʜ
    -
    ந৅Խ
    ରԠ
    ରԠ
    ந৅Խ

    View Slide

  27. Construct ͸ L2(+α)ΛϝΠϯͰ࢖͏ 27
    L2 + Security or Governance or Best Setting
    Platform Team΍Security TeamͳͲ͕ਪ঑ઃఆΛॻ͖ɺࢀর࣮͠૷

    View Slide

  28. ؀ڥ͝ͱͷࠩ෼͸஋ΦϒδΣΫτΛ࢖͏ 28
    cdk.json:


    {


    "app": "npx ts-node --prefer-ts-exts bin/cdk-best-design-2023.ts”,


    "context": {


    "projectName": "hoge-fuga",


    "dev": {


    "envName": "dev",


    "env": {


    "account": "123456789012",


    "region": "ap-northeast-1"


    }


    },


    "stg": {


    "envName": “stg",


    ...


    }


    ...


    }


    }


    σϓϩΠ࣌ͷίϚϯυɿ


    cdk deploy -c environment=dev ~~
    ੲͷϕετϓϥΫςΟεɺcdk.jsonͰ؀ڥࠩ෼Λઃఆ

    View Slide

  29. ؀ڥ͝ͱͷࠩ෼͸஋ΦϒδΣΫτΛ࢖͏ 29
    parameter.ts
    bin/cdk-best-design-2023.ts

    View Slide

  30. Stack ఆٛͷग़͠෼͚ 30

    View Slide

  31. Stack ఆٛͷग़͠෼͚ 31

    View Slide

  32. ςετΛͲ͜·Ͱ΍Δ͔ 32
    • Snapshot Test


    CloudFormationςϯϓϨʔτΛอଘ͠ɺࠩ෼֬ೝΛߦ͑Δ
    • GoodɿCDKΞοϓσʔτ࣌ͷมߋࠩ෼Λ֬ೝͰ͖ͯ҆৺
    • BadɿS3ͳͲΞηοτͰ૝ఆҎ্ʹมߋࠩ෼͕Ͱ͖ΔͷͰ཈੍͕͍Δ

    View Slide

  33. assetsͷิ଍ʢCDKͷཪଆͷجຊతͳಈ͖ʣ 33
    Client CI/CD Env
    Source
    code
    AWS


    CloudFormation
    AWS account
    OR
    AWS CDK
    Cfn


    Template
    Stack


    (Resource State)
    Cfn


    Template
    1.Synthesize
    S3
    Bucket
    assets
    2.Upload
    3.Deploy 5.Generate
    AWS Lambda
    Amazon


    API Gateway
    6.API Call
    4.Pull

    View Slide

  34. ςετΛͲ͜·Ͱ΍Δ͔ 34
    • Fine-grained Assertions


    CloudFormation্ͷϦιʔε͕૝ఆͨ͠ঢ়ଶ͔֬ೝͰ͖Δ
    • Goodɿ੍ޚߏจΛ࢖͏৔߹ʹಈ࡞֬ೝ͕Ͱ͖Δ
    • BadɿL2ϕʔεͰίʔυΛએݴతʹॻ͍͍ͯΕ͹ͦ΋ͦ΋ෆཁͳ৔߹΋ଟ͍

    View Slide

  35. ςετΛͲ͜·Ͱ΍Δ͔ 35
    • Integration Test (Alpha)


    ϦιʔεΛ࣮ࡍͷΞΧ΢ϯτʹσϓϩΠͯ͠ɺσϓϩΠՄೳ͔ͷ֬ೝ΍

    σϓϩΠޙʹHTTPSϦΫΤετͷૄ௨֬ೝͳͲ͕Ͱ͖Δ

    CDKͷ಺෦࣮૷Ͱओʹ࢖ΘΕ͍ͯΔ
    • Goodɿ࣮ࡍͷ؀ڥͰ૝ఆͨ͠ಈ࡞Λ͢Δ͔֬ೝՄೳ
    • BadɿσϓϩΠ͕͋ΔͷͰςετύλʔϯ͕ଟ͍ͱςετ͕࣌ؒ௕͘ͳΔ

    View Slide

  36. ςετΛͲ͜·Ͱ΍Δ͔ 36
    • cdk-nag


    AWS΍NIST.800.53ɺPCI DSSͳͲͷηΩϡϦςΟɾίϯϓϥΠΞϯεϧʔϧʹ

    ४ڌ͍ͯ͠Δ͔֬ೝͰ͖Δπʔϧ
    • GoodɿσϓϩΠલݕূͰηΩϡϦςΟͷγϑτϨϑτ͕࣮ݱͰ͖Δ
    • Badɿޡݕ஌΋ଟ͘཈੍͕݁ߏඞཁΒ͍͠
    • pdk-nag※

    cdk-nagͷϥΠτ൛APAC(ओʹΦʔετϥϦΞ)ͷAWS Prototyping Team͕࡞੒
    ※https://aws.github.io/aws-prototyping-sdk/developer_guides/pdk-nag/index.html

    View Slide

  37. NodejsFunctionΛ࢖͓͏ҕһձ 37
    LambdaͰNodejsΛ࢖͏ࡍͷศརπʔϧ͕ἧ͍ͬͯΔ L2+͙Β͍ͷബ͍Construct

    ҎԼ͸ར఺ͷҰ෦
    • όϯυϧ͕؆୯ɻesbuildΛೖΕΔ͚ͩ

    distσΟϨΫτϦͳͲதؒͷϑΝΠϧஔ͖৔΋ෆཁ
    • HotswapͰ࠷଎ͷσϓϩΠʢ਺ඵͰσϓϩΠ😆 ٳΉՋͳ͠😢ʣ
    • BundlingΦϓγϣϯͷcommandHooksͰ೚ҙίϚϯυϑοΫͳͲ͕Մೳʂ

    ͜ͷϑΝΠϧ΋͍ͭͰʹLambdaʹೖΕ͍ͨͱ͔΋OK
    • awsSdkConnectionReuse ͰTCP઀ଓͷ࢖͍ճ͠ΛαΫοͱઃఆ

    View Slide

  38. ϞϊϨϙ͔ɺγϯάϧϨϙ͔ 38
    ͓લΑΓ·্ͩͷੈք͕͋Δʂ
    💦
    ͳΜʜͩͱʜ

    View Slide

  39. ϞϊϨϙ͔ɺγϯάϧϨϙ͔ 39
    ϦϙδτϦʢϞϊϨϙʣ

    View Slide

  40. ϞϊϨϙ͔ɺγϯάϧϨϙ͔ 40
    ϦϙδτϦ ϦϙδτϦ ϦϙδτϦ

    View Slide

  41. એ఻ 41
    དྷि$%,ࢧ෦ͰΠϕϯτ΍Γ·͢ʂ ਫ
    ʙ
    https://jawsug-cdk.connpass.com/

    View Slide

  42. Ξϯέʔτ͓ئ͍͠·͢ 42
    https://forms.gle/Upi2i5PsMTEUyJ6F8
    ຬ଍౓্ҐͷηογϣϯΛޙ೔ϒϩάͰެ։༧ఆʂ
    ճ౴΁ͷ͝ڠྗΛΑΖ͓͘͠ئ͍͠·͢ɻ

    View Slide

  43. ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ
    43

    View Slide