JAWS-UG Nagano Kickoff Meeting

Transcript

1. Ruby Ͱaws-sdkͰAWS͕αΠίʔʹΫʔϧͳ 3 ͭͷཧ༝ by [email protected]

2. Sorry! This is ௼ΓλΠτϧ.

3. ࢁޱ ༩ྗ (Yamaguchi Yoriki) Support Engineer at cloudpack ZJDPN ABOUT

   ME

4. MORE ABOUT ME • ग़਎஍ɿ௕໺ݝ๺ࠤٱ܊ܰҪ୔ொ • ग़਎ߍɿ৴भେֶણҡֶ෦ • ޷͖ͳAWSͷαʔϏεɿAmazon S3

   • ޷͖ͳRubyͷϝιουɿEnumerable#inject

5. TABLE OF CONTENTS 1. IAM Roleͷ࢖͍ํ 2. pryͰ࡞ΔշదAWS Rubyର࿩ࣜૢ࡞؀ڥ 3.

   ࠷ڧCloudFormation༻πʔϧkumogata঺հ

6. 1 HOW TO USE IAM ROLE

7. AWS SDK for Rubyɺ࢖ͬͯ·͔͢ʁ

8. AWS SDK for Ruby ! is ! Ruby͔ΒAWSΛૢ࡞Ͱ͖ΔϥΠϒϥϦ $ gem

   install aws-sdk

9. require “aws-sdk” ! AWS.config access_key_id: “NANKANAGAIALPHANUMERIC”, secret_access_key: “nankamottonagakutetotemooboerarenaiyo”, region: “ap-northeast-1”

   ! def ec2 @ec2 ||= AWS::EC2.new end ! ec2.instances.each do |instance| instance.terminate if instance.tags[“Name”].include? “test” end ! # αʔόʔΛϓϩάϥϚϒϧʹௐୡͰ͖Δ͠ɺࣺͯΔ͜ͱ΋Ͱ͖Δ " ‘ͬΆ͍ EXAMPLE ! શEC2Πϯελϯεͷ͏ͪɺNameλά͕”test” ΛؚΉ΋ͷΛ͢΂ͯterminate (ഁغ)͢Δʂ

10. AWS SDK for Rubyͷ ΊΜͲ͍͘͞ͱ͜Ζ

11. BOTHER TO USE AWS SDK for Ruby ! credentialsͷ؅ཧ͕໘౗ʂ require

    “aws-sdk” ! AWS.config access_key_id: “NANKANAGAIALPHANUMERIC”, secret_access_key: “nankamottonagakutetotemooboerarenaiyo”, region: “ap-northeast-1” ! # ↑͜Ε # ιʔείʔυʹൿີ৘ใܾΊଧͪ͸Ͳ͏Αʁ

12. BOTHER TO USE AWS SDK for Ruby ! credentialsͷ؅ཧ͕໘౗ʂ require

    “aws-sdk” require “yaml” ! AWS.config YAML.load_file “./credentials.yml” ! # ֎෦ϑΝΠϧʹҠಈͯ͠ΈΔ # ܾΊଧͪ͢Δ৔ॴ͕Ҡಈ͢Δ͚ͩͩΑͶ…

13. BOTHER TO USE AWS SDK for Ruby ! credentialsͷ؅ཧ͕໘౗ʂ $

    export AWS_ACCESS_KEY_ID=NANKANAGAIALPHANUMERIC $ export AWS_SECRET_ACCESS_KEY=nankamottonagakutetotemooboerarenai $ ruby some_script.rb ! # ؀ڥม਺ʹ࣋ͨͤΔ # ϑΝΠϧʹ௚઀ॻ͔ͳ͍ͿΜલ2ͭΑΓ͸͍͍͔΋……ʁ

14. EC2Πϯελϯε্Ͱ AWS SDK for RubyΛ࢖͏࠷ߴͷํ๏

15. Use IAM Role!

16. What is IAM? • IAM (Identity and Access Management) •

    IAM User & IAM Group • AWSΞΧ΢ϯτͷ഑Լʹ೚ҙͷ਺ͷࢠϢʔ βʔͱάϧʔϓΛ࡞੒͠ɺݸผʹAWSͷαʔ Ϗεʹର͢Δݖݶ؅ཧ͕Մೳ • IAM Role

17. What is IAM Role? – aws.amazon.com/jp/iam/faqs/ “EC2 Πϯελϯεͷ IAM ϩʔϧΛ࢖༻͢Δ͜ͱͰɺEC2

    Ͱ࣮ ߦ͞Ε͍ͯΔΞϓϦέʔγϣϯ͔Β AWS αʔϏεʢAmazon S3ɺAmazon SQSɺAmazon SNS ͳͲʣʹରͯ͠ϦΫΤετΛ ૹ৴Ͱ͖ΔΑ͏ʹͳΓ·͢ɻ͢΂ͯͷΠϯελϯεʹ AWS ΞΫ ηεΩʔΛίϐʔ͢Δඞཁ͸͋Γ·ͤΜ”

18. How to use IAM Role 1. IAM RoleΛ࡞੒

19. How to use IAM Role 2. IAM Roleʹ೚ҙͷPermissionsΛઃఆ

20. How to use IAM Role 3. EC2ΠϯελϯεΛىಈ࣌ʹIAM Roleબ୒ʢ˞ʣ ※ىಈࡁΈΠϯελϯεʹIAM RoleΛׂΓ౰ͯΔ͜ͱ͸ෆՄೳͳͷͰ஫ҙ

21. How to use IAM Role 4. ͦͷEC2Πϯελϯε಺͔Β͸credentialsΛࢦఆ ͢Δ͜ͱͳ͘aws-sdkΛ࢖༻Մೳʂ require “aws-sdk”

    ! # Ϧʔδϣϯ͸ࢦఆ͠Α͏ AWS.config region: “ap-northeast-1” ! ! ! # do something

22. IAM Role EC2ཱͯΔ࣌͸͚͓͖ͭͯ·͠ΐ͏

23. 2 USING AWS-SDK WITH PRY

24. – github.com/pry/pry “Pry is a powerful alternative to the standard

    IRB shell for Ruby.”

25. What is pry? • ͍ΘΏΔREPL (ର࿩ܕΠϯλϓϦλ) • Rubyඪ४ͷirbΛ௒ڧྗʹͨ͠΍ͭ • awesome_print

    (៉ྷʹը໘ग़ྗͰ͖ΔϥΠϒϥϦ) Λ૊Έ߹ΘͤΔͱ࠷ڧ • aws-rbίϚϯυʹ΋ࣗಈͰಡΈࠐ·ΕΔ $ gem install pry awesome_print

26. FEATURES • Syntax Highlighting

27. FEATURES • TabͰม਺ɺϝιου໊Λิ׬ • ls, cd ͰΧϨϯτΦϒδΣΫτҠಈ • γεςϜͷίϚϯυΛ࣮ߦՄೳ •

    .git • .pwd • .rails generate model user name:string • wtfͰલճൃੜͨ͠ྫ֎Λ࠶౓ൃੜ

28. AWS SDK for Rubyͱ૊Έ߹ΘͤΔͱ ΊͬͪΌḿΔ

29. AWS SDK + PRY • ͋ͷϝιουͳΜ͚ͩͬ… →్த·ͰଧͬͯTab࿈ଧ

30. AWS SDK + PRY • ʙʙͷҰཡΛݟ͍ͨ →Collection#to_aͷ݁Ռ͕ݟ΍͍͢

31. AWS SDK + PRY • ID͚ͩ͡ΌΘ͔Βͳ͘Ͷʁ →දࣔ͢ΔΑ͏ʹม͑ͪΌ͍·͠ΐ͏ AWS> class ::AWS::EC2::Instance

    AWS| def inspect AWS| "<AWS::EC2::Instance id: #{id}, name: #{tags["Name"]}>" AWS| end AWS| end :inspect AWS> ec2.instances.to_a # => [ [0] <AWS::EC2::Instance id: i-1234f567, name: test-1>, [1] <AWS::EC2::Instance id: i-1234f568, name: test-3>, [2] <AWS::EC2::Instance id: i-1234f569, name: test-2> ]

32. AWS SDK + PRY • pryίϚϯυͰىಈ͢ΔҎ֎ʹ΋ →ίʔυதͷ೚ҙͷҐஔʹ binding.pry require “aws-sdk”

    ! def ec2 @ec2 ||= AWS::EC2.new end ! instances = ec2.instances ! require “pry” binding.pry # ͔͜͜Βpry͕ىಈͯ͠σόοάͰ͖Δ ! instances.each do |instance| …

33. AWS SDK + PRY is ! ḿΔ

34. 3 CLOUDFORMATION WITH KUMOGATA

35. CloudFormationɺ࢖ͬͯ·͔͢ʁ

36. CloudFormation ! is ! JSONͰςϯϓϨʔτΛॻ͍ͯɺͦͷ௨Γ ʹAWSϦιʔεΛ഑ஔͯ͘͠ΕΔαʔϏε

37. CloudFormation Pros æ æ ææ朜œ] æ æææ‹ææ æ æ› æææ‹æ

    ]ノ æ–Ç]æ › æ ‹ æmﾟ⌒æææ⌒ﾟmæ › æࠓ೔΋·ͨɺManagement ConsoleΛϙνϙν͢Δ࢓ࣄ͕࢝·Δ͓… æ zææææ Á]]人]]Ëææææz æ ›ææ æ À ⌒´ æ æ ‹ ͔Βͷղ์

38. CloudFormation Cons • ઃఆ͕JSON • JSONΛखͰॻ͘ͷ͸ͭΒ͍

39. JSON͕ͭΒ͍ཧ༝ (1) • ίϝϯτΞ΢τͰ͖ͳ͍ʂ { "username":"y13i", "url":"http://y13i.com", "description":"writing_json_by_hand_is_painful" } !

    ! { "username":"y13i", // “url”:"http://y13i.com", "description":"writing_json_by_hand_is_painful" } *OWBMJE
    +40/

40. JSON͕ͭΒ͍ཧ༝ (2) • Ϧετ຤ඌཁૉͷޙʹ,Λ͚ͭΒΕͳ͍ʂ { "username":"y13i", "url":"http://y13i.com", "description":"writing_json_by_hand_is_painful" } !

    ! { "username":"y13i", “url”:"http://y13i.com", “description":"writing_json_by_hand_is_painful", } *OWBMJE
    +40/

41. JSON͕ͭΒ͍ཧ༝ (3) • ϑΝΠϧΛ෼ׂͰ͖ͳ͍ʂ • CloudFormationςϯϓϨʔτͩͱ1000ߦΦʔ όʔͱ͔βϥͰ͔͢Βʂ • tsurami.json (28,132

    bytes)

42. JSON͕ͭΒ͍ཧ༝ (4) • ϓϩάϥϛϯάݴޠͰ͸ͳ͍ʂ • JSON (JavaScript Object Notation) •

    JavaScriptʹ͓͚ΔΦϒδΣΫτͷදه๏Λϕʔεͱͨ͠ σʔλهड़ݴޠ • ϓϩάϥϛϯάݴޠͰͳ͍ͷͰɺ৚݅෼ذɾ܁Γฦ͠ͳͲ Λهड़͢Δ͜ͱ͕Ͱ͖ͳ͍ • ΄ͱΜͲಉ͡Α͏ͳϦιʔεͰ΋ҰࣈҰ۟܁Γฦ͠ॻ͔ͳ ͚Ε͹ͳΒͳ͍

43. JSONΛखͰॻ͘ͷ͸ͭΒ͍……

44. !!ͭΒ͍!!

45. – github.com/winebarrel/kumogata “Kumogata is a tool for AWS CloudFormation. !

    It can define a template in Ruby DSL”

46. AWSTemplateFormatVersion "2010-09-09" ! Description (<<-EOS).undent Kumogata Sample Template You can

    use Here document! EOS ! ! Resources do myEC2Instance do Type "AWS::EC2::Instance" Properties do ImageId "ami-XXXXXXXX" InstanceType { Ref "InstanceType" } KeyName "your_key_name" ! UserData (<<-EOS).undent.encode64 #!/bin/bash yum install -y httpd service httpd start EOS end end end RUBY DSL TEMPLATE?

47. RubyͳΒͭΒ͘ͳ͍ (1) • ίϝϯτΞ΢τͰ͖Δʂʢ΋ͪΖΜʣ WebELB do Type "AWS::ElasticLoadBalancing::LoadBalancer" Properties do

    # Instances (1..2).map {|i| _{Ref "WebEC2Instance#{i}"}} Instances _{Ref "WebEC2Instance1"} LoadBalancerName "dev-web" Listeners [ _{ InstancePort "80" InstanceProtocol "HTTP" LoadBalancerPort "80" Protocol "HTTP" } ] SecurityGroups [_{Ref "ELBSecurityGroup"}] Subnets [?A, ?C].map {|zone| _{Ref "PublicVariableSubnet#{zone}"}} end end

48. RubyͳΒͭΒ͘ͳ͍ (2) • Ϧετ຤ඌཁૉͷޙʹ,Λ͚ͭΒΕΔʂ roles = [ “web”, “app”, “db”,

    ] ! roles.each do |role| _ "#{role.capitalize}SecurityGroup" do Type "AWS::EC2::SecurityGroup" Properties do GroupDescription "Security group for #{role} instances." VpcId {Ref "#{ENVIRONMENT}VPC"} Tags [ "Key" => "Name", "Value" => role, ] end end end

49. RubyͳΒͭΒ͘ͳ͍ (3) • ϑΝΠϧ෼ׂͰ͖Δʂ Resources do %w( _common.rb development/security_groups.rb development/ec2.rb

    development/elb.rb development/rds.rb development/elasticache.rb development/s3.rb ).each do |template| _include template end end

50. RubyͳΒͭΒ͘ͳ͍ (4) • ܁Γฦ͠ɾ৚݅෼ذɾม਺ɾϝιου…… # webΛ4୆ɺdbΛ2୆ɺmngΛ1୆࡞Γ͍ͨɻෳ਺Availability Zoneʹ෼ࢄ͍ͤͨ͞ %w(web mng db).each

    do |role| 1.upto 4 do |i| resource_name = "#{role.capitalize}EC2Instance#{role == "mng" ? nil : i}" tag_name = "dev-#{role}#{role == "mng" ? nil : "-#{i}"}" ! break if i == 2 and role == “mng" break if i == 3 and role == “db” ! _ resource_name do Type "AWS::EC2::Instance" Properties do AvailabilityZone “ap-northeast-1#{i.even? ? “a” : “c”}“ BlockDeviceMappings [ _{ DeviceName "/dev/sda1" Ebs {VolumeSize 100} } ] # ҎԼུ

51. Kumogata is ! ਆ $ gem install kumogata

52. THANKS.