AWS CDKの最強の書き方を実践してみる 2023年版/practice-the-strongest-writing-method-of-aws-cdk-2023-edition

Transcript

1. AWS CDKͷ࠷ڧͷॻ͖ํΛ ࣮ફͯ͠ΈΔ 2023೥൛ 2023/7/8 CXࣄۀຊ෦ ࠤ౻ஐथ

2. None

3. ࣗݾ঺հ • ࠤ౻ஐथ • CXࣄۀຊ෦ ΞʔΩςΫτνʔϜ Ϛωʔδϟʔ • JAWS-UG CDKࢧ෦

   ӡӦ • ڭһ໔ڐ ߴߍ/தֶ਺ֶ ৘ใ • ޷͖ͳAWSαʔϏεɿLambdaɺCDK 3 @tmk2154 tomoki10

4. ࠓճ࿩͢͜ͱʢҰ୴঺հʣ ҎԼͷτϐοΫ͔ΒԿݸ͔࿩͢ 4 1. جຊతͳCDKͷߏ੒ͷ͓͞Β͍ 2. CDKͰ͸ա౓ͳந৅ԽΛආ͚Δ 3. StackͰͳ͘ConstructͰ෼͚Δ 4.

   Construct ͸ L2(+α)ΛϝΠϯͰ࢖͏ 5. ؀ڥ͝ͱͷࠩ෼͸஋ΦϒδΣΫτΛ࢖͏ 6. Stackఆٛͷग़͠෼͚ 7. ςετΛͲ͜·Ͱ΍Δ͔ 8. NodejsFunctionΛ࢖͓͏ҕһձ 9. ϞϊϨϙ͔ɺγϯάϧϨϙ͔

5. ࠓ೔ͷϋογϡλά 5 ɹ #devio2023

6. ໨࣍ •νϣʔΫτʔΫͱ͸ •ͳͥࠓ೔࿩͢ͷ͔ •࿩͢͜ͱͷݩωλ •ࠓճ࿩͢͜ͱ 6

7. νϣʔΫτʔΫͱ͸ ٕज़΍ઐ໳஌ࣝʹؔ͢ΔτϐοΫʹ͍ͭͯɺΤΩεύʔτ΍ ઐ໳Ո͕ࢀՃऀʹରͯ͠௚઀తʹઆ໌΍σϞϯετϨʔγϣ ϯΛߦ͍ͳ͕Βɺର࿩΍σΟεΧογϣϯΛߦ͏Πϕϯτܗ ࣜͰ͢ɻ νϣʔΫτʔΫͷಛ௃͸ɺࢀՃऀͱΤΩεύʔτͱͷؒͰର ࿩΍σΟεΧογϣϯ͕׆ൃʹߦΘΕΔ͜ͱͰ͢ɻࢀՃऀ ͸ɺ࣭໰Λͨ͠Γɺٙ໰΍ҙݟΛड़΂ͨΓ͢Δ͜ͱͰɺΤΩ εύʔτͱͷ૬ޓ࡞༻Λ௨ͯ͡ΑΓਂ͍ཧղ΍஌ࣝΛಘΔ͜ ͱ͕Ͱ͖·͢ɻ

   7

8. νϣʔΫτʔΫͱ͸ ٕज़΍ઐ໳஌ࣝʹؔ͢ΔτϐοΫʹ͍ͭͯɺΤΩεύʔτ΍ ઐ໳Ո͕ࢀՃऀʹରͯ͠௚઀తʹઆ໌΍σϞϯετϨʔγϣ ϯΛߦ͍ͳ͕Βɺର࿩΍σΟεΧογϣϯΛߦ͏Πϕϯτܗ ࣜͰ͢ɻ νϣʔΫτʔΫͷಛ௃͸ɺࢀՃऀͱΤΩεύʔτͱͷؒͰର ࿩΍σΟεΧογϣϯ͕׆ൃʹߦΘΕΔ͜ͱͰ͢ɻࢀՃऀ ͸ɺ࣭໰Λͨ͠Γɺٙ໰΍ҙݟΛड़΂ͨΓ͢Δ͜ͱͰɺΤΩ εύʔτͱͷ૬ޓ࡞༻Λ௨ͯ͡ΑΓਂ͍ཧղ΍஌ࣝΛಘΔ͜ ͱ͕Ͱ͖·͢ɻ

   8

9. ͍ͭͰ΋/ͲΜͳ࣭໰Ͱ΋ Welcome!! 9

10. CDKͬͯԿʁ ͿͬͪΌ͚ࠓ೔ϊϦͰདྷͨΜͰ 10 ྫ͑͹…

11. ࣭໰ CDK࢖ͬͨ͜ͱ͕͋Δਓʁ ɹɹɹ1. ࢓ࣄͰ2೥Ҏ্࢖͍ͬͯΔ ɹɹɹ2. ࢓ࣄͰ1೥Ҏ্࢖͍ͬͯΔ ɹɹɹ3. ϋϯζΦϯ΍ۀ຿֎Ͱࢼ͍ͯ͠Δ ɹɹɹ4. ࢖ͬͨ͜ͱ͕ͳ͍

    11

12. ͳͥࠓ೔࿩͢ͷ͔ 12 ੲͷࢿྉ

13. 2021೥ͷࢿྉͰݕ౼ࣄ߲͸ྑ͍͕౴͑͸ݹ͘ͳ͖ͬͯͨ ͳͥࠓ೔࿩͢ͷ͔ 13

14. ࠓճ࿩͢͜ͱͷݩωλ 14

15. ࢿྉ΋Ξοϓϩʔυ͞Εͯ·͢ 15

16. ͜ͷ໘ന͞఻ΘͬͯΔͷ͔ͳ͋ʁ ΋ͬͱ޿Ί͍ͨʂ 16

17. ࠓճ࿩͢͜ͱ ҎԼͷτϐοΫ͔ΒԿݸ͔࿩͢ 17 1. جຊతͳCDKͷߏ੒ͷ͓͞Β͍ 2. CDKͰ͸ա౓ͳந৅ԽΛආ͚Δ 3. StackͰͳ͘ConstructͰ෼͚Δ 4.

    Construct ͸ L2(+α)ΛϝΠϯͰ࢖͏ 5. ؀ڥ͝ͱͷࠩ෼͸஋ΦϒδΣΫτΛ࢖͏ 6. Stackఆٛͷग़͠෼͚ 7. ςετΛͲ͜·Ͱ΍Δ͔ 8. NodejsFunctionΛ࢖͓͏ҕһձ 9. ϞϊϨϙ͔ɺγϯάϧϨϙ͔

18. αϯϓϧϦϙδτϦ https://github.com/tomoki10/cdk-best-design-2023 18

19. جຊతͳCDKͷߏ੒ͷ͓͞Β͍ 19 DELKTPO 03 ŠBQQ
    PQUJPO FOUSZQPJOU

20. جຊతͳCDKͷߏ੒ͷ͓͞Β͍ 20

21. CDKͰ͸ա౓ͳந৅ԽΛආ͚Δ खଓܕ͕ͩએݴܕతʹॻ͘ 21

22. CDKͰ͸ա౓ͳந৅ԽΛආ͚Δ खଓܕ͕ͩએݴܕతʹॻ͘
 ҎԼ͸ۃ୺ͳѱ͍ྫ 22

23. CDKͰ͸ա౓ͳந৅ԽΛආ͚Δ Ifɺfor΋ۃྗॻ͔ͳ͍ɺ؀ڥࠩҟ͸جຊύϥϝʔλͰઃఆ
 ։ൃ/ຊ൪ؒͰͷϦιʔεଘࡏͷࠩҟ΋ۃྗ཈͑Δ※ 23 ※ ʮTwelve-Factor App ։ൃ/ຊ൪Ұகʯhttps://12factor.net/ja/dev-prod-parity

24. StackͰͳ͘ConstructͰ෼͚Δ 24 PropsʹΑΔStackؒࢀর͕ݩڟͰCDK࢖༻ऀͷ
 ΄΅100%͕ϋϚΔ᠘ ࢖͍ͬͯͳ͍  ͋Δ  CDKͷΫϩεελοΫؒࢀরͰ 


    ٧·ͬͨ͜ͱ͸͋Γ·͔͢ʁ(Սۭ) https://dev.classmethod.jp/articles/aws-cdk-props-cross-stack-reference- problem-and-handle/

25. StackͰͳ͘ConstructͰ෼͚Δ 25

26. L1,2,3 Constructͷ͓͞Β͍ 26 $POTUSVDU
    ͷ
    -BZFS
    ͷΠϝʔδ - - - &$4
    $%,
    $POTUSVDU

    &$3
    $%,
    $POTUSVDU 71$
    $%,
    $POTUSVDU &$4
    $GO
    $POTUSVDU &$4
    $%,
    $POTUSVDU &$4
    $GO
    $POTUSVDU &$4
    
    $MPVE
    'PSNBUJPO &$4
    1BUUFSOT &$4
    
    $MPVE
    'PSNBUJPO ʜ ʜ - ந৅Խ ରԠ ରԠ ந৅Խ

27. Construct ͸ L2(+α)ΛϝΠϯͰ࢖͏ 27 L2 + Security or Governance or

    Best Setting Platform Team΍Security TeamͳͲ͕ਪ঑ઃఆΛॻ͖ɺࢀর࣮͠૷

28. ؀ڥ͝ͱͷࠩ෼͸஋ΦϒδΣΫτΛ࢖͏ 28 cdk.json: { "app": "npx ts-node --prefer-ts-exts bin/cdk-best-design-2023.ts”, "context":

    { "projectName": "hoge-fuga", "dev": { "envName": "dev", "env": { "account": "123456789012", "region": "ap-northeast-1" } }, "stg": { "envName": “stg", ... } ... } } σϓϩΠ࣌ͷίϚϯυɿ cdk deploy -c environment=dev ~~ ੲͷϕετϓϥΫςΟεɺcdk.jsonͰ؀ڥࠩ෼Λઃఆ

29. ؀ڥ͝ͱͷࠩ෼͸஋ΦϒδΣΫτΛ࢖͏ 29 parameter.ts bin/cdk-best-design-2023.ts

30. Stack ఆٛͷग़͠෼͚ 30

31. Stack ఆٛͷग़͠෼͚ 31

32. ςετΛͲ͜·Ͱ΍Δ͔ 32 • Snapshot Test
 
 CloudFormationςϯϓϨʔτΛอଘ͠ɺࠩ෼֬ೝΛߦ͑Δ • GoodɿCDKΞοϓσʔτ࣌ͷมߋࠩ෼Λ֬ೝͰ͖ͯ҆৺ •

    BadɿS3ͳͲΞηοτͰ૝ఆҎ্ʹมߋࠩ෼͕Ͱ͖ΔͷͰ཈੍͕͍Δ

33. assetsͷิ଍ʢCDKͷཪଆͷجຊతͳಈ͖ʣ 33 Client CI/CD Env Source code AWS CloudFormation AWS

    account OR AWS CDK Cfn Template Stack (Resource State) Cfn Template 1.Synthesize S3 Bucket assets 2.Upload 3.Deploy 5.Generate AWS Lambda Amazon API Gateway 6.API Call 4.Pull

34. ςετΛͲ͜·Ͱ΍Δ͔ 34 • Fine-grained Assertions
 
 CloudFormation্ͷϦιʔε͕૝ఆͨ͠ঢ়ଶ͔֬ೝͰ͖Δ • Goodɿ੍ޚߏจΛ࢖͏৔߹ʹಈ࡞֬ೝ͕Ͱ͖Δ •

    BadɿL2ϕʔεͰίʔυΛએݴతʹॻ͍͍ͯΕ͹ͦ΋ͦ΋ෆཁͳ৔߹΋ଟ͍

35. ςετΛͲ͜·Ͱ΍Δ͔ 35 • Integration Test (Alpha)
 
 ϦιʔεΛ࣮ࡍͷΞΧ΢ϯτʹσϓϩΠͯ͠ɺσϓϩΠՄೳ͔ͷ֬ೝ΍
 σϓϩΠޙʹHTTPSϦΫΤετͷૄ௨֬ೝͳͲ͕Ͱ͖Δ
 CDKͷ಺෦࣮૷Ͱओʹ࢖ΘΕ͍ͯΔ

    • Goodɿ࣮ࡍͷ؀ڥͰ૝ఆͨ͠ಈ࡞Λ͢Δ͔֬ೝՄೳ • BadɿσϓϩΠ͕͋ΔͷͰςετύλʔϯ͕ଟ͍ͱςετ͕࣌ؒ௕͘ͳΔ

36. ςετΛͲ͜·Ͱ΍Δ͔ 36 • cdk-nag
 
 AWS΍NIST.800.53ɺPCI DSSͳͲͷηΩϡϦςΟɾίϯϓϥΠΞϯεϧʔϧʹ
 ४ڌ͍ͯ͠Δ͔֬ೝͰ͖Δπʔϧ • GoodɿσϓϩΠલݕূͰηΩϡϦςΟͷγϑτϨϑτ͕࣮ݱͰ͖Δ

    • Badɿޡݕ஌΋ଟ͘཈੍͕݁ߏඞཁΒ͍͠ • pdk-nag※
 cdk-nagͷϥΠτ൛APAC(ओʹΦʔετϥϦΞ)ͷAWS Prototyping Team͕࡞੒ ※https://aws.github.io/aws-prototyping-sdk/developer_guides/pdk-nag/index.html

37. NodejsFunctionΛ࢖͓͏ҕһձ 37 LambdaͰNodejsΛ࢖͏ࡍͷศརπʔϧ͕ἧ͍ͬͯΔ L2+͙Β͍ͷബ͍Construct
 ҎԼ͸ར఺ͷҰ෦ • όϯυϧ͕؆୯ɻesbuildΛೖΕΔ͚ͩ
 distσΟϨΫτϦͳͲதؒͷϑΝΠϧஔ͖৔΋ෆཁ • HotswapͰ࠷଎ͷσϓϩΠʢ਺ඵͰσϓϩΠ😆

    ٳΉՋͳ͠😢ʣ • BundlingΦϓγϣϯͷcommandHooksͰ೚ҙίϚϯυϑοΫͳͲ͕Մೳʂ
 ͜ͷϑΝΠϧ΋͍ͭͰʹLambdaʹೖΕ͍ͨͱ͔΋OK • awsSdkConnectionReuse ͰTCP઀ଓͷ࢖͍ճ͠ΛαΫοͱઃఆ

38. ϞϊϨϙ͔ɺγϯάϧϨϙ͔ 38 ͓લΑΓ·্ͩͷੈք͕͋Δʂ 💦 ͳΜʜͩͱʜ

39. ϞϊϨϙ͔ɺγϯάϧϨϙ͔ 39 ϦϙδτϦʢϞϊϨϙʣ

40. ϞϊϨϙ͔ɺγϯάϧϨϙ͔ 40 ϦϙδτϦ ϦϙδτϦ ϦϙδτϦ

41. એ఻ 41 དྷि$%,ࢧ෦ͰΠϕϯτ΍Γ·͢ʂ
     ਫ
    ʙ
    https://jawsug-cdk.connpass.com/

42. Ξϯέʔτ͓ئ͍͠·͢ 42 https://forms.gle/Upi2i5PsMTEUyJ6F8 ຬ଍౓্ҐͷηογϣϯΛޙ೔ϒϩάͰެ։༧ఆʂ
    ճ౴΁ͷ͝ڠྗΛΑΖ͓͘͠ئ͍͠·͢ɻ
    

43. ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ 43