Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
ブログサービスのHTTPS化を支えたAWSで作るピタゴラスイッチ / The construc...
Search
aereal
September 08, 2018
Programming
3
400k
ブログサービスのHTTPS化を支えたAWSで作るピタゴラスイッチ / The construction of large scale TLS certificates management system with AWS
talked at builderscon tokyo 2018
aereal
September 08, 2018
Tweet
Share
More Decks by aereal
See All by aereal
盆栽転じて家具となる / Bonsai and Furnitures
aereal
0
5.3k
How to send distibuted traces to Datadog using build own OpenTelemetry-Lambda distribution
aereal
3
290
好きな技術《コト》で、 生きていく技術 / life with what you like
aereal
5
4.3k
qron: Cloud Native Cron Alternativeの今
aereal
2
2.9k
自動作曲入門 / introduction to programatic music composition
aereal
1
530k
はてなブログ タグとCDK / The epic of AWS CDK and Hatena Blog Tag
aereal
2
200k
はてなブログ タグの技術選択 / The technical details of Hatena Blog Tag
aereal
3
200k
AWSではてなブログの常時HTTPS配信をバーンとやる話 / The Epic of migration from HTTP to HTTPS on Hatena Blog with AWS
aereal
14
18k
ScalaとPerlでMicroservices in production / Building microservices with Perl and Scala in production
aereal
0
5.5k
Other Decks in Programming
See All in Programming
dynamic!
moro
9
6.6k
GitHub Actions × AWS OIDC連携の仕組みと経緯を理解する
ota1022
0
240
ソフトウェア設計の実践的な考え方
masuda220
PRO
3
490
複雑化したリポジトリをなんとかした話 pipenvからuvによるモノレポ構成への移行
satoshi256kbyte
1
790
階層構造を表現するデータ構造とリファクタリング 〜1年で10倍成長したプロダクトの変化と課題〜
yuhisatoxxx
3
920
そのpreloadは必要?見過ごされたpreloadが技術的負債として爆発した日
mugitti9
2
3k
ポスターセッション: 「まっすぐ行って、右!」って言ってラズパイカーを動かしたい 〜生成AI × Raspberry Pi Pico × Gradioの試作メモ〜
komofr
0
970
Cloudflare AgentsとAI SDKでAIエージェントを作ってみた
briete
0
100
SpecKitでどこまでできる? コストはどれくらい?
leveragestech
0
550
ИИ-Агенты в каждый дом – Алексей Порядин, PythoNN
sobolevn
0
150
Django Ninja による API 開発効率化とリプレースの実践
kashewnuts
0
980
育てるアーキテクチャ:戦い抜くPythonマイクロサービスの設計と進化戦略
fujidomoe
1
150
Featured
See All Featured
Code Reviewing Like a Champion
maltzj
525
40k
How to Ace a Technical Interview
jacobian
280
24k
Building a Scalable Design System with Sketch
lauravandoore
462
33k
Done Done
chrislema
185
16k
What's in a price? How to price your products and services
michaelherold
246
12k
Building Adaptive Systems
keathley
43
2.8k
Code Review Best Practice
trishagee
72
19k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
657
61k
Building a Modern Day E-commerce SEO Strategy
aleyda
43
7.7k
How STYLIGHT went responsive
nonsquared
100
5.8k
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
Fireside Chat
paigeccino
40
3.7k
Transcript
ϒϩάαʔϏεͷ HTTPSԽΛࢧ͑ͨ AWSͰ࡞ΔϐλΰϥεΠον id:aereal
staff.hatenablog.com/entry/2018/06/13/160000 ಠࣗυϝΠϯͰӡ༻͞Ε͍ͯΔϒϩά͕ɺ HTTPSͰ৴Ͱ͖ΔΑ͏ʹͳΓ·ͨ͠
None
͢͜ͱ • ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ • എܠͱཁٻ • ࣮ͷհ • ্هࣄྫΛݩʹෳࡶͳόον =
ϐλΰϥεΠονߏஙͷ ΤοηϯεΛߟ͑ͯΈΔ
ࣗݾհ • id:aereal • GitHub: aereal • Twitter: aereal •
ϒϩά౷߹νʔϜ ΞϓϦέʔγϣϯΤϯδχΞ ςοΫϦʔυ
എܠ ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ
• ͯͳϒϩάPro (༗ྉϓϥϯ) ʹਃ͠ࠐΉͱ ಠࣗυϝΠϯͰࣗͷϒϩάΛ৴Ͱ͖Δ • ݱࡏɺສ୯ҐͷಠࣗυϝΠϯ͕ొɾར༻͞Ε͍ͯΔ • ͜ΕΒͷಠࣗυϝΠϯͰৗ࣌HTTPS৴͍ͨ͠
Let's Encrypt • ISRG = Internet Security Research Group͕ఏڙ͢Δ ϓϩάϥϚϒϧʹΞΫηεՄೳͳೝূہ
(CA) • ͜Ε·ͰTLSূ໌ॻΛൃߦ͢Δʹ ͦͦ͜͜ͷֹۚͱख͕ؒඞཁ͕ͩͬͨɺͦΕΛม͑ͨCA • LEͷొʹΑΓTLSূ໌ॻͷେྔൃߦ͕ݱ࣮తʹͳͬͨ
developer.hatenastaff.com/entry/2018/06/04/140000 ͯͳϒϩάͷHTTPSԽ࣮ࢪʹ͍, Let's EncryptͷدΛ࣮ࢪ͠·ͨ͠ - Hatena Developer Blog
• LEͷొ࿕ใ͕ͩ͜Ε͚ͩͰΓͳ͍ • ສ୯ҐͷTLSূ໌ॻΛཧ͢Δઓज़ɾઓུ͕͚͍ܽͯΔ • ৴ͱൃߦʹେ͖͚ͯ͘ΈΔ
ཁ݅ͷݕ౼: ৴ ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ
HTTPS৴: ͓͞Β͍ • ͯͳϒϩάͰສ୯ҐͷಠࣗυϝΠϯ͕ར༻͞Ε͍ͯΔ • ҰൠతͳWebαΠτӡ༻ͷײ֮ͩͱφʔόε͗͢Δ • ສ୯Ґͷূ໌ॻΛҰʹಡΈࠐΉͱ proxyͷϝϞϦ༻ྔ͕ஶ͘͠૿Ճ͢Δ •
proxyͷ࠶ىಈʹ͕͔͔࣌ؒΔ
SAN? • = Subject Alternative Names 1ͭͷূ໌ॻʹෳυϝΠϯΛඥ͚Δ֦ு • ͔݁Βݴ͏ͱͯͳϒϩάͷέʔεͰ͍͠ •
LEͰSANΛར༻͢Δ߹ɺACME challengedns-01ͷΈ ར༻Ͱ͖Δ (ݱࡏ) • DNSઃఆ֤ϢʔβʔʹҕͶΒΕΔͷͰࣗಈԽͰ͖ͳ͍
ACME? • ACME: Automated Certificate Management Environment • ূ໌ॻൃߦͳͲͷ࡞ۀΛ ࣗಈԽ͢ΔϓϩτίϧΛ·ͱΊ༷ͨ
• ACME challenge: υϝΠϯͷॴ༗ݖݶΛ֬ೝ͢Δํ๏ • Google AnalyticsͷΞϨΈ͍ͨͳͭ • LE͕ࡦఆɾ࠾༻͍ͯ͠Δ
ACME challenge? • dns-01: υϝΠϯͷTXTϨίʔυʹϫϯλΠϜτʔΫϯΛॻ ͖ࠐΉ • http-01: CAͷϦΫΤετʹର͠ॴఆͷϨεϙϯεΛฦ͢ •
ྫ: /.well-known/TOKEN • (ଞʹ͍Ζ͍Ζ)
HTTPS৴: ͓͞Β͍ (࠶) • ͯͳϒϩάͰສ୯ҐͷಠࣗυϝΠϯ͕ར༻͞Ε͍ͯΔ • ҰൠతͳWebαΠτӡ༻ͷײ֮ͩͱφʔόε͗͢Δ • ສ୯Ґͷূ໌ॻΛҰʹಡΈࠐΉͱ proxyͷϝϞϦ༻ྔ͕ஶ͘͠૿Ճ͢Δ
• proxyͷ࠶ىಈʹ͕͔͔࣌ؒΔ
HTTPS৴: ํ • ϦΫΤετຖʹূ໌ॻΛબɾಡΈࠐΉ • ϝϞϦ༻ྔͷ૿Ճ࠶ىಈ࣌ؒͷѱԽΛ͑Δ • ෳproxyʹରԠ͢ΔͨΊσʔλετΞʹূ໌ॻΛอଘ • ͔͠ϨΠςϯγΛѱԽͤͣ͞ʹ࣮ݱ͢Δ
• ϩʔΧϧΩϟογϡ
ཁ݅ͷݕ౼:ൃߦ ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ
ূ໌ॻൃߦ • Ұ؏ੑɾཏੑ͕ٻΊΒΕΔ • ൃߦʹࣦഊ͠ଓ͚Δͱϒϩά͕ӾཡͰ͖ͳ͘ͳΔ • ແޮͳυϝΠϯΛ์ஔ͍͚ͯ͠ͳ͍ • ཁٻߴ͍͕ෆ࣮֬ੑߴ͍ •
ূ໌ॻΛߋ৽͢ΔࡍɺυϝΠϯʹର͠εέʔϧ͢Δ͜ͱ
ແޮͳυϝΠϯͷআ • ແޮͳυϝΠϯ = ඞͣACME challengeʹࣦഊ͢Δ • LEʹΞΧϯτ * time
window͝ͱʹࣦഊͷ্ݶ͕͋Δ • ์ஔ͢ΔͱඞͣAPI limitʹ͋ͨͬͯ͠·͏ • ࣦഊͨ͠υϝΠϯඞͣআ
ূ໌ॻൃߦ: ෆ࣮֬ੑ • υϝΠϯͷ༗ޮੑมΘΓ͏Δ • ՝ۚऴྃ • DNSϨίʔυҟৗ • ֎෦API
= LEͱͷ౷߹ • API Limit • దͳϦτϥΠͱΤϥʔϦΧόϦ͕ඞਢ
ূ໌ॻൃߦ: εέʔϥϏϦςΟ • ରυϝΠϯͷ૿Ճʹର͠εέʔϧ͢ΔΈʹ͍ͨ͠ • SELECT * FROM custom_domain WHERE
id > ? Έ͍ͨͳΫΤϦආ͚͍ͨ • υϝΠϯ͕૿͑Δͱϖʔδϯά͕ඞཁ • ࣮ߦ్தͰࣦഊͨ͠ΒɺϦτϥΠΩϡʔʹೖΕ͢Α͏ ͳΛڽΒ͞ͳ͍ͱ͍͚ͳ͘ͳΔ
γεςϜͷཁ݅: ·ͱΊ • ϦΫΤετຖʹূ໌ॻΛऔಘɾ༻ • Ͱ͖Δ͚ͩϨΠςϯγͰ • Τϥʔੑ͕ߴ͍ • ࣦഊͨ͠ΒऔಘରͷυϝΠϯ͔Β֎͢
• ֎෦API௨৴ͷΤϥʔΛదʹॲཧͰ͖Δ • υϝΠϯͷ૿Ճʹεέʔϧ͢Δ
γεςϜͷհ ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
৴γεςϜ • ngx_mruby: ূ໌ॻಡΈࠐΈ࣌ʹmrubyͷίʔυΛ࣮ߦ • cache gatewayHTTP GET͢Δ͚ͩ • https://github.com/matsumotory/ngx_mruby
• cache gateway (Go): HTTP GET͢Δͱূ໌ॻΛฦ͢ • DynamoDB: ূ໌ॻΛอଘ͢ΔσʔλετΞ
cache gateway • AWS (DynamoDB) APIݺͼग़͠ΛHTTP APIʹม͑Δ • mrubyʹAWS SDK͕ͳ͍
• ಉډ͢ΔmemcachedʹಡΈॻ͖͠ɺ DynamoDBͷΞΫηεΛͰ͖Δ͚ͩݮΒ͢
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
৴γεςϜ • ngx_mrubyΛͬͯϦΫΤετຖʹূ໌ॻΛऔಘͰ͖ͨ • proxyʹಉډͨ͠memcachedΛ͏͜ͱͰ DynamoDBͷϦΫΤετΛݮΒ͠ϨΠςϯγΛԼ͛ͨ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
ূ໌ॻൃߦγεςϜ • cert-updater-state: AWS StepFunctions; ֤LambdaΛىಈ • Τϥʔ༰ʹԠͨ͡ϦΧόϦɾϦτϥΠ (ޙड़) •
cert-updater-function: AWS Lambda; ূ໌ॻΛൃߦɺ DynamoDBॻ͖ࠐΈ • cert-update-notifier: Lambda; ൱Λͯͳϒϩά௨
None
None
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,
"MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],
AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,
"MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],
AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,
"MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],
AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,
"MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],
ূ໌ॻൃߦγεςϜ • AWS StepFunctionsΛͬͯదͳΤϥʔॲཧΛ࣮ݱ • Ϧιʔε্ݶʹୡ͢ΔͳͲ ҟৗऴྃͨ࣌͠ଈ࠲ʹ݁ՌΛ௨ • APIݺͼग़ࣦ͠ഊͳͲϦτϥΠՄೳͳ࣌ϦτϥΠ
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
ূ໌ॻൃߦ: ߋ৽ • DynamoDBͷTTL Trigger͕Lambdaܦ༝ͰSFnΛىಈ • cert-reissue-confirmer: ͯͳϒϩάʹυϝΠϯ༗ޮੑΛ ͍߹Θͤͯɺߋ৽͢Δඞཁ͕͋Δ͔Λޙଓʹ͑Δ •
cert-cleanup-function: ແޮͳυϝΠϯΛDynamoDB͔Βফ ͢
cert-lifecycle-store (DynamoDB) Domain: ex1.example.com ExpiresAt: 2018-05-23T02:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T03:00:00
Domain: ex2.example.com ExpiresAt: 2018-05-23T04:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00
cert-lifecycle-store (DynamoDB) Domain: ex2.example.com ExpiresAt: 2018-05-23T03:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T04:00:00
Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00
cert-lifecycle-store (DynamoDB) Domain: ex2.example.com ExpiresAt: 2018-05-23T04:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00
cert-lifecycle-store (DynamoDB) Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00
cert-lifecycle-store (DynamoDB)
publish SELECT * FROM ... ࣮ߦ
Τϥʔॲཧ͕؆ܿʹ • όονॲཧͩͱ: औಘͨ͠ෳͷυϝΠϯΛϧʔϓͰॲཧ • = ॲཧ୯Ґ͕ෳυϝΠϯʹͳΔ • Ұ෦ͷυϝΠϯ͕ࣦഊͨ࣌͠ɺόονॲཧશମͷ εςʔλεͲ͏͢Δ?
ޭ? ࣦഊ? • pub/subͩͱ: Ҿͱͯͬͨ͠υϝΠϯ1ͭΛॲཧ͢Δ • = ॲཧ୯Ґ͕υϝΠϯ1ͭʹͳΔ
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state "Determine next state": { "Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢", "Type": "Choice", "Choices":
[ { "Variable": "$.UpdateRequired", "BooleanEquals": true, "Next": "Call reissue of certificate" }, { "Variable": "$.UpdateRequired", "BooleanEquals": false, "Next": "Clean up of certificate" } ] },
cert-reissue-state "Determine next state": { "Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢", "Type": "Choice", "Choices":
[ { "Variable": "$.UpdateRequired", "BooleanEquals": true, "Next": "Call reissue of certificate" }, { "Variable": "$.UpdateRequired", "BooleanEquals": false, "Next": "Clean up of certificate" } ] },
cert-reissue-state "Determine next state": { "Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢", "Type": "Choice", "Choices":
[ { "Variable": "$.UpdateRequired", "BooleanEquals": true, "Next": "Call reissue of certificate" }, { "Variable": "$.UpdateRequired", "BooleanEquals": false, "Next": "Clean up of certificate" } ] },
ূ໌ॻߋ৽γεςϜ • σʔλϑϩʔΛpub/subͰγϯϓϧʹ • ॳճൃߦߋ৽࣌DynamoDBͷI/O͚͕ͩൃੜ͢Δ • DynamoDB TTL TriggerΛ׆༻ •
ঢ়ଶ = σʔλΛதԝʹू
࠶ܝ: ৴γεςϜ • ngx_mrubyΛͬͯϦΫΤετຖʹূ໌ॻΛऔಘͰ͖ͨ • proxyʹಉډͨ͠memcachedΛ͏͜ͱͰ DynamoDBͷϦΫΤετΛݮΒ͠ϨΠςϯγΛԼ͛ͨ
࠶ܝ: ূ໌ॻൃߦγεςϜ • AWS StepFunctionsΛͬͯదͳΤϥʔॲཧΛͰ͖ͨ • Ϧιʔε্ݶʹୡ͢ΔͳͲ ҟৗऴྃͨ࣌͠ଈ࠲ʹ݁ՌΛ௨ • APIݺͼग़ࣦ͠ഊͳͲϦτϥΠՄೳͳ࣌ϦτϥΠ
ߟ ϐλΰϥεΠονͷ࡞Γํ
ڊେͳόονͷ͠͞ • ࣮ߦεςοϓશ༰ΛѲ͢Δ͜ͱͷ͠͞ • શମͰεςοϓ͕͜Ε͚ͩ͋Δ • Ͳ͜ͷεςοϓͰࣦഊͨ͠ͷ͔ • ॲཧ୯Ґ͕େ͖͘ͳΓ͕ͪ •
ඞવͱ࣮ߦ࣌ؒҾ͖͕ͪ • Ұ෦͚ࣦͩഊͨ࣌͠ɺ࣮ߦͷঢ়ଶޭ? ࣦഊ?
΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ ͷϐλΰϥεΠον • ϫʔΫϑϩʔΤϯδϯͷಋೖ • ࣮ߦεςοϓશ༰ΛѲ͘͢͠ • ͦΕͱߴʹ౷߹͞Εͨόον࣮ߦڥ͕͋Δͱͳ͓Α͍ • pub/subϞσϧͰରσʔλͷ૿Ճʹର͠εέʔϧͤ͞Δ
• ॲཧ͢Δσʔλ୯ҐΛෳˠ1ͭ • ͍ͭͰʹσʔλετΞঢ়ଶ͕ڽू͞ΕΔ
ׂ౷࣏ • খ͞ͳؔΫϥεΛ࡞ΓɺͦΕΒΛΈ߹ΘͤΔ͜ͱΛ ීஈ͔Βҙ͍ࣝͯͬͯ͠Δͣ • ʹؔΘΒͣόον͕ڊେʹͳΓ͕ͪͳͷͳͥͳͷ͔? • ύϑΥʔϚϯε • ߹Մೳ
(composable) Ͱͳ͍
ׂ౷࣏ • খ͞ͳؔΫϥεΛ࡞ΓɺͦΕΒΛΈ߹ΘͤΔ͜ͱΛ ීஈ͔Βҙ͍ࣝͯͬͯ͠Δͣ • ʹؔΘΒͣόον͕ڊେʹͳΓ͕ͪͳͷͳͥͳͷ͔? • ύϑΥʔϚϯε • ߹Մೳ
(composable) Ͱͳ͍
߹ՄೳΛࢧ͑Δٕज़ • 2ͭͷεςοϓͷྻ࣮ߦΛೋ߲ԋࢉͱΈͳͯ͠ΈΔ • operand: ൣғ͕খ͍͜͞ͱ • operator: ༷ʑͳ๏ଇΛຬͨ͢͜ͱ •
݁߹ଇɺଇ
ہॴঢ়ଶΛ࣋ͨͳ͍ • ঢ়ଶ = มߋՄೳͳσʔλ • άϩʔόϧʹͨͩ1ͭͷঢ়ଶΛ࣋ͭ͜ͱ͕େࣄ • Ճ͑ͯঢ়ଶΛมߋ͢Δཁૉ͕୯ҰͰ͋Δ͜ͱ
άϩʔόϧม? • άϩʔόϧมѱͱ͍͏ߟ͑ํͱ͠ͳ͍͔? → ͠ͳ͍ • ঢ়ଶΛมߋ͢Δཁૉ͕୯ҰͳΒɺ ֤࣮ߦεςοϓঢ়ଶΛड͚औͬͯ৽ͨͳσʔλΛฦ͢ ؔͱΈͳͤΔ
// ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "domain": "www.example.com", "endpoint": "https://...." } // ͋Δόονͷೖྗ
{ "domain": "www.example.com" }
// ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "domain": "www.example.com", "endpoint": "https://...." } // ͋Δόονͷೖྗ
{ "domain": "www.example.com" } άϩʔόϧঢ়ଶΛҾม͢Δ (όον͔ΒͷมߋෆՄ)
// ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "updateRequired": true, "domain": "www.example.com", "endpoint": "https://...." }
// ͋Δόονͷग़ྗ { "updateRequired": true }
// ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "updateRequired": true, "domain": "www.example.com", "endpoint": "https://...." }
// ͋Δόονͷग़ྗ { "updateRequired": true } όονͷग़ྗΛάϩʔόϧͳঢ়ଶม (વɺग़ྗޙ͔ΒมߋෆՄ)
όονॲཧͷ߹ • operand: ֤εςοϓ • operator: ϫʔΫϑϩʔΤϯδϯ
όονॲཧͷ߹ • operand: ֤εςοϓ; AWS Lambda • operator: ϫʔΫϑϩʔΤϯδϯ; AWS
StepFunctions
΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ͷ ϐλΰϥεΠον@ͯͳϒϩά • ϫʔΫϑϩʔΤϯδϯ: AWS StepFunctions • ……ͱͦΕΒ͔Β࣮ߦ͞ΕΔAWS Lambda •
pub/sub: DynamoDB TTL Trigger
࠶: ΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ ͷϐλΰϥεΠον • ϫʔΫϑϩʔΤϯδϯͷಋೖ • ࣮ߦεςοϓશ༰ΛѲ͘͢͠ • ͦΕͱߴʹ౷߹͞Εͨόον࣮ߦڥ͕͋Δͱͳ͓Α͍ •
pub/subϞσϧͰରσʔλͷ૿Ճʹର͠εέʔϧͤ͞Δ • ॲཧ͢Δσʔλ୯ҐΛෳˠ1ͭ • ͍ͭͰʹσʔλετΞঢ়ଶ͕ڽू͞ΕΔ
·ͱΊ
·ͱΊ • ιϑτΣΞߏஙҰൠͷݪଇ͕͑Δ • άϩʔόϧͳঢ়ଶΛ࣋ͨͳ͍ɾม͑ͳ͍ɾ࣋ͪࠐ·ͤͳ͍ • ॲཧ୯ҐΛͰ͖Δ͚ͩখ͘͞ɺࣦഊΛѲ͘͢͠ • ͜ΕΒΛ࣮ݱ͢ΔͨΊͷҰྫͱͯ͠ •
ϫʔΫϑϩʔΤϯδϯ: AWS StepFunctions • pub/subΛαϙʔτ͢ΔσʔλετΞ: DynamoDB