Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
ブログサービスのHTTPS化を支えたAWSで作るピタゴラスイッチ / The construc...
Search
aereal
September 08, 2018
Programming
3
400k
ブログサービスのHTTPS化を支えたAWSで作るピタゴラスイッチ / The construction of large scale TLS certificates management system with AWS
talked at builderscon tokyo 2018
aereal
September 08, 2018
Tweet
Share
More Decks by aereal
See All by aereal
盆栽転じて家具となる / Bonsai and Furnitures
aereal
0
4.7k
How to send distibuted traces to Datadog using build own OpenTelemetry-Lambda distribution
aereal
3
270
好きな技術《コト》で、 生きていく技術 / life with what you like
aereal
5
4k
qron: Cloud Native Cron Alternativeの今
aereal
2
2.7k
自動作曲入門 / introduction to programatic music composition
aereal
1
530k
はてなブログ タグとCDK / The epic of AWS CDK and Hatena Blog Tag
aereal
2
200k
はてなブログ タグの技術選択 / The technical details of Hatena Blog Tag
aereal
3
200k
AWSではてなブログの常時HTTPS配信をバーンとやる話 / The Epic of migration from HTTP to HTTPS on Hatena Blog with AWS
aereal
14
18k
ScalaとPerlでMicroservices in production / Building microservices with Perl and Scala in production
aereal
0
5.5k
Other Decks in Programming
See All in Programming
来たるべき 8.0 に備えて React 19 新機能と React Router 固有機能の取捨選択とすり合わせを考える
oukayuka
2
880
Code as Context 〜 1にコードで 2にリンタ 34がなくて 5にルール? 〜
yodakeisuke
0
120
Goで作る、開発・CI環境
sin392
0
190
PicoRuby on Rails
makicamel
2
120
Systèmes distribués, pour le meilleur et pour le pire - BreizhCamp 2025 - Conférence
slecache
0
120
0626 Findy Product Manager LT Night_高田スライド_speaker deck用
mana_takada
0
140
What Spring Developers Should Know About Jakarta EE
ivargrimstad
0
370
生成AIコーディングとの向き合い方、AIと共創するという考え方 / How to deal with generative AI coding and the concept of co-creating with AI
seike460
PRO
1
350
AIプログラマーDevinは PHPerの夢を見るか?
shinyasaita
1
180
Google Agent Development Kit でLINE Botを作ってみた
ymd65536
2
210
新メンバーも今日から大活躍!SREが支えるスケールし続ける組織のオンボーディング
honmarkhunt
1
330
20250704_教育事業におけるアジャイルなデータ基盤構築
hanon52_
4
240
Featured
See All Featured
Balancing Empowerment & Direction
lara
1
390
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
20
1.3k
The Pragmatic Product Professional
lauravandoore
35
6.7k
Into the Great Unknown - MozCon
thekraken
39
1.9k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
Stop Working from a Prison Cell
hatefulcrawdad
270
20k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
7
720
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
3.1k
Practical Orchestrator
shlominoach
188
11k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Statistics for Hackers
jakevdp
799
220k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
2.9k
Transcript
ϒϩάαʔϏεͷ HTTPSԽΛࢧ͑ͨ AWSͰ࡞ΔϐλΰϥεΠον id:aereal
staff.hatenablog.com/entry/2018/06/13/160000 ಠࣗυϝΠϯͰӡ༻͞Ε͍ͯΔϒϩά͕ɺ HTTPSͰ৴Ͱ͖ΔΑ͏ʹͳΓ·ͨ͠
None
͢͜ͱ • ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ • എܠͱཁٻ • ࣮ͷհ • ্هࣄྫΛݩʹෳࡶͳόον =
ϐλΰϥεΠονߏஙͷ ΤοηϯεΛߟ͑ͯΈΔ
ࣗݾհ • id:aereal • GitHub: aereal • Twitter: aereal •
ϒϩά౷߹νʔϜ ΞϓϦέʔγϣϯΤϯδχΞ ςοΫϦʔυ
എܠ ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ
• ͯͳϒϩάPro (༗ྉϓϥϯ) ʹਃ͠ࠐΉͱ ಠࣗυϝΠϯͰࣗͷϒϩάΛ৴Ͱ͖Δ • ݱࡏɺສ୯ҐͷಠࣗυϝΠϯ͕ొɾར༻͞Ε͍ͯΔ • ͜ΕΒͷಠࣗυϝΠϯͰৗ࣌HTTPS৴͍ͨ͠
Let's Encrypt • ISRG = Internet Security Research Group͕ఏڙ͢Δ ϓϩάϥϚϒϧʹΞΫηεՄೳͳೝূہ
(CA) • ͜Ε·ͰTLSূ໌ॻΛൃߦ͢Δʹ ͦͦ͜͜ͷֹۚͱख͕ؒඞཁ͕ͩͬͨɺͦΕΛม͑ͨCA • LEͷొʹΑΓTLSূ໌ॻͷେྔൃߦ͕ݱ࣮తʹͳͬͨ
developer.hatenastaff.com/entry/2018/06/04/140000 ͯͳϒϩάͷHTTPSԽ࣮ࢪʹ͍, Let's EncryptͷدΛ࣮ࢪ͠·ͨ͠ - Hatena Developer Blog
• LEͷొ࿕ใ͕ͩ͜Ε͚ͩͰΓͳ͍ • ສ୯ҐͷTLSূ໌ॻΛཧ͢Δઓज़ɾઓུ͕͚͍ܽͯΔ • ৴ͱൃߦʹେ͖͚ͯ͘ΈΔ
ཁ݅ͷݕ౼: ৴ ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ
HTTPS৴: ͓͞Β͍ • ͯͳϒϩάͰສ୯ҐͷಠࣗυϝΠϯ͕ར༻͞Ε͍ͯΔ • ҰൠతͳWebαΠτӡ༻ͷײ֮ͩͱφʔόε͗͢Δ • ສ୯Ґͷূ໌ॻΛҰʹಡΈࠐΉͱ proxyͷϝϞϦ༻ྔ͕ஶ͘͠૿Ճ͢Δ •
proxyͷ࠶ىಈʹ͕͔͔࣌ؒΔ
SAN? • = Subject Alternative Names 1ͭͷূ໌ॻʹෳυϝΠϯΛඥ͚Δ֦ு • ͔݁Βݴ͏ͱͯͳϒϩάͷέʔεͰ͍͠ •
LEͰSANΛར༻͢Δ߹ɺACME challengedns-01ͷΈ ར༻Ͱ͖Δ (ݱࡏ) • DNSઃఆ֤ϢʔβʔʹҕͶΒΕΔͷͰࣗಈԽͰ͖ͳ͍
ACME? • ACME: Automated Certificate Management Environment • ূ໌ॻൃߦͳͲͷ࡞ۀΛ ࣗಈԽ͢ΔϓϩτίϧΛ·ͱΊ༷ͨ
• ACME challenge: υϝΠϯͷॴ༗ݖݶΛ֬ೝ͢Δํ๏ • Google AnalyticsͷΞϨΈ͍ͨͳͭ • LE͕ࡦఆɾ࠾༻͍ͯ͠Δ
ACME challenge? • dns-01: υϝΠϯͷTXTϨίʔυʹϫϯλΠϜτʔΫϯΛॻ ͖ࠐΉ • http-01: CAͷϦΫΤετʹର͠ॴఆͷϨεϙϯεΛฦ͢ •
ྫ: /.well-known/TOKEN • (ଞʹ͍Ζ͍Ζ)
HTTPS৴: ͓͞Β͍ (࠶) • ͯͳϒϩάͰສ୯ҐͷಠࣗυϝΠϯ͕ར༻͞Ε͍ͯΔ • ҰൠతͳWebαΠτӡ༻ͷײ֮ͩͱφʔόε͗͢Δ • ສ୯Ґͷূ໌ॻΛҰʹಡΈࠐΉͱ proxyͷϝϞϦ༻ྔ͕ஶ͘͠૿Ճ͢Δ
• proxyͷ࠶ىಈʹ͕͔͔࣌ؒΔ
HTTPS৴: ํ • ϦΫΤετຖʹূ໌ॻΛબɾಡΈࠐΉ • ϝϞϦ༻ྔͷ૿Ճ࠶ىಈ࣌ؒͷѱԽΛ͑Δ • ෳproxyʹରԠ͢ΔͨΊσʔλετΞʹূ໌ॻΛอଘ • ͔͠ϨΠςϯγΛѱԽͤͣ͞ʹ࣮ݱ͢Δ
• ϩʔΧϧΩϟογϡ
ཁ݅ͷݕ౼:ൃߦ ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ
ূ໌ॻൃߦ • Ұ؏ੑɾཏੑ͕ٻΊΒΕΔ • ൃߦʹࣦഊ͠ଓ͚Δͱϒϩά͕ӾཡͰ͖ͳ͘ͳΔ • ແޮͳυϝΠϯΛ์ஔ͍͚ͯ͠ͳ͍ • ཁٻߴ͍͕ෆ࣮֬ੑߴ͍ •
ূ໌ॻΛߋ৽͢ΔࡍɺυϝΠϯʹର͠εέʔϧ͢Δ͜ͱ
ແޮͳυϝΠϯͷআ • ແޮͳυϝΠϯ = ඞͣACME challengeʹࣦഊ͢Δ • LEʹΞΧϯτ * time
window͝ͱʹࣦഊͷ্ݶ͕͋Δ • ์ஔ͢ΔͱඞͣAPI limitʹ͋ͨͬͯ͠·͏ • ࣦഊͨ͠υϝΠϯඞͣআ
ূ໌ॻൃߦ: ෆ࣮֬ੑ • υϝΠϯͷ༗ޮੑมΘΓ͏Δ • ՝ۚऴྃ • DNSϨίʔυҟৗ • ֎෦API
= LEͱͷ౷߹ • API Limit • దͳϦτϥΠͱΤϥʔϦΧόϦ͕ඞਢ
ূ໌ॻൃߦ: εέʔϥϏϦςΟ • ରυϝΠϯͷ૿Ճʹର͠εέʔϧ͢ΔΈʹ͍ͨ͠ • SELECT * FROM custom_domain WHERE
id > ? Έ͍ͨͳΫΤϦආ͚͍ͨ • υϝΠϯ͕૿͑Δͱϖʔδϯά͕ඞཁ • ࣮ߦ్தͰࣦഊͨ͠ΒɺϦτϥΠΩϡʔʹೖΕ͢Α͏ ͳΛڽΒ͞ͳ͍ͱ͍͚ͳ͘ͳΔ
γεςϜͷཁ݅: ·ͱΊ • ϦΫΤετຖʹূ໌ॻΛऔಘɾ༻ • Ͱ͖Δ͚ͩϨΠςϯγͰ • Τϥʔੑ͕ߴ͍ • ࣦഊͨ͠ΒऔಘରͷυϝΠϯ͔Β֎͢
• ֎෦API௨৴ͷΤϥʔΛదʹॲཧͰ͖Δ • υϝΠϯͷ૿Ճʹεέʔϧ͢Δ
γεςϜͷհ ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
৴γεςϜ • ngx_mruby: ূ໌ॻಡΈࠐΈ࣌ʹmrubyͷίʔυΛ࣮ߦ • cache gatewayHTTP GET͢Δ͚ͩ • https://github.com/matsumotory/ngx_mruby
• cache gateway (Go): HTTP GET͢Δͱূ໌ॻΛฦ͢ • DynamoDB: ূ໌ॻΛอଘ͢ΔσʔλετΞ
cache gateway • AWS (DynamoDB) APIݺͼग़͠ΛHTTP APIʹม͑Δ • mrubyʹAWS SDK͕ͳ͍
• ಉډ͢ΔmemcachedʹಡΈॻ͖͠ɺ DynamoDBͷΞΫηεΛͰ͖Δ͚ͩݮΒ͢
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
৴γεςϜ • ngx_mrubyΛͬͯϦΫΤετຖʹূ໌ॻΛऔಘͰ͖ͨ • proxyʹಉډͨ͠memcachedΛ͏͜ͱͰ DynamoDBͷϦΫΤετΛݮΒ͠ϨΠςϯγΛԼ͛ͨ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
ূ໌ॻൃߦγεςϜ • cert-updater-state: AWS StepFunctions; ֤LambdaΛىಈ • Τϥʔ༰ʹԠͨ͡ϦΧόϦɾϦτϥΠ (ޙड़) •
cert-updater-function: AWS Lambda; ূ໌ॻΛൃߦɺ DynamoDBॻ͖ࠐΈ • cert-update-notifier: Lambda; ൱Λͯͳϒϩά௨
None
None
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,
"MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],
AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,
"MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],
AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,
"MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],
AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,
"MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],
ূ໌ॻൃߦγεςϜ • AWS StepFunctionsΛͬͯదͳΤϥʔॲཧΛ࣮ݱ • Ϧιʔε্ݶʹୡ͢ΔͳͲ ҟৗऴྃͨ࣌͠ଈ࠲ʹ݁ՌΛ௨ • APIݺͼग़ࣦ͠ഊͳͲϦτϥΠՄೳͳ࣌ϦτϥΠ
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
ূ໌ॻൃߦ: ߋ৽ • DynamoDBͷTTL Trigger͕Lambdaܦ༝ͰSFnΛىಈ • cert-reissue-confirmer: ͯͳϒϩάʹυϝΠϯ༗ޮੑΛ ͍߹Θͤͯɺߋ৽͢Δඞཁ͕͋Δ͔Λޙଓʹ͑Δ •
cert-cleanup-function: ແޮͳυϝΠϯΛDynamoDB͔Βফ ͢
cert-lifecycle-store (DynamoDB) Domain: ex1.example.com ExpiresAt: 2018-05-23T02:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T03:00:00
Domain: ex2.example.com ExpiresAt: 2018-05-23T04:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00
cert-lifecycle-store (DynamoDB) Domain: ex2.example.com ExpiresAt: 2018-05-23T03:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T04:00:00
Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00
cert-lifecycle-store (DynamoDB) Domain: ex2.example.com ExpiresAt: 2018-05-23T04:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00
cert-lifecycle-store (DynamoDB) Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00
cert-lifecycle-store (DynamoDB)
publish SELECT * FROM ... ࣮ߦ
Τϥʔॲཧ͕؆ܿʹ • όονॲཧͩͱ: औಘͨ͠ෳͷυϝΠϯΛϧʔϓͰॲཧ • = ॲཧ୯Ґ͕ෳυϝΠϯʹͳΔ • Ұ෦ͷυϝΠϯ͕ࣦഊͨ࣌͠ɺόονॲཧશମͷ εςʔλεͲ͏͢Δ?
ޭ? ࣦഊ? • pub/subͩͱ: Ҿͱͯͬͨ͠υϝΠϯ1ͭΛॲཧ͢Δ • = ॲཧ୯Ґ͕υϝΠϯ1ͭʹͳΔ
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state "Determine next state": { "Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢", "Type": "Choice", "Choices":
[ { "Variable": "$.UpdateRequired", "BooleanEquals": true, "Next": "Call reissue of certificate" }, { "Variable": "$.UpdateRequired", "BooleanEquals": false, "Next": "Clean up of certificate" } ] },
cert-reissue-state "Determine next state": { "Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢", "Type": "Choice", "Choices":
[ { "Variable": "$.UpdateRequired", "BooleanEquals": true, "Next": "Call reissue of certificate" }, { "Variable": "$.UpdateRequired", "BooleanEquals": false, "Next": "Clean up of certificate" } ] },
cert-reissue-state "Determine next state": { "Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢", "Type": "Choice", "Choices":
[ { "Variable": "$.UpdateRequired", "BooleanEquals": true, "Next": "Call reissue of certificate" }, { "Variable": "$.UpdateRequired", "BooleanEquals": false, "Next": "Clean up of certificate" } ] },
ূ໌ॻߋ৽γεςϜ • σʔλϑϩʔΛpub/subͰγϯϓϧʹ • ॳճൃߦߋ৽࣌DynamoDBͷI/O͚͕ͩൃੜ͢Δ • DynamoDB TTL TriggerΛ׆༻ •
ঢ়ଶ = σʔλΛதԝʹू
࠶ܝ: ৴γεςϜ • ngx_mrubyΛͬͯϦΫΤετຖʹূ໌ॻΛऔಘͰ͖ͨ • proxyʹಉډͨ͠memcachedΛ͏͜ͱͰ DynamoDBͷϦΫΤετΛݮΒ͠ϨΠςϯγΛԼ͛ͨ
࠶ܝ: ূ໌ॻൃߦγεςϜ • AWS StepFunctionsΛͬͯదͳΤϥʔॲཧΛͰ͖ͨ • Ϧιʔε্ݶʹୡ͢ΔͳͲ ҟৗऴྃͨ࣌͠ଈ࠲ʹ݁ՌΛ௨ • APIݺͼग़ࣦ͠ഊͳͲϦτϥΠՄೳͳ࣌ϦτϥΠ
ߟ ϐλΰϥεΠονͷ࡞Γํ
ڊେͳόονͷ͠͞ • ࣮ߦεςοϓશ༰ΛѲ͢Δ͜ͱͷ͠͞ • શମͰεςοϓ͕͜Ε͚ͩ͋Δ • Ͳ͜ͷεςοϓͰࣦഊͨ͠ͷ͔ • ॲཧ୯Ґ͕େ͖͘ͳΓ͕ͪ •
ඞવͱ࣮ߦ࣌ؒҾ͖͕ͪ • Ұ෦͚ࣦͩഊͨ࣌͠ɺ࣮ߦͷঢ়ଶޭ? ࣦഊ?
΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ ͷϐλΰϥεΠον • ϫʔΫϑϩʔΤϯδϯͷಋೖ • ࣮ߦεςοϓશ༰ΛѲ͘͢͠ • ͦΕͱߴʹ౷߹͞Εͨόον࣮ߦڥ͕͋Δͱͳ͓Α͍ • pub/subϞσϧͰରσʔλͷ૿Ճʹର͠εέʔϧͤ͞Δ
• ॲཧ͢Δσʔλ୯ҐΛෳˠ1ͭ • ͍ͭͰʹσʔλετΞঢ়ଶ͕ڽू͞ΕΔ
ׂ౷࣏ • খ͞ͳؔΫϥεΛ࡞ΓɺͦΕΒΛΈ߹ΘͤΔ͜ͱΛ ීஈ͔Βҙ͍ࣝͯͬͯ͠Δͣ • ʹؔΘΒͣόον͕ڊେʹͳΓ͕ͪͳͷͳͥͳͷ͔? • ύϑΥʔϚϯε • ߹Մೳ
(composable) Ͱͳ͍
ׂ౷࣏ • খ͞ͳؔΫϥεΛ࡞ΓɺͦΕΒΛΈ߹ΘͤΔ͜ͱΛ ීஈ͔Βҙ͍ࣝͯͬͯ͠Δͣ • ʹؔΘΒͣόον͕ڊେʹͳΓ͕ͪͳͷͳͥͳͷ͔? • ύϑΥʔϚϯε • ߹Մೳ
(composable) Ͱͳ͍
߹ՄೳΛࢧ͑Δٕज़ • 2ͭͷεςοϓͷྻ࣮ߦΛೋ߲ԋࢉͱΈͳͯ͠ΈΔ • operand: ൣғ͕খ͍͜͞ͱ • operator: ༷ʑͳ๏ଇΛຬͨ͢͜ͱ •
݁߹ଇɺଇ
ہॴঢ়ଶΛ࣋ͨͳ͍ • ঢ়ଶ = มߋՄೳͳσʔλ • άϩʔόϧʹͨͩ1ͭͷঢ়ଶΛ࣋ͭ͜ͱ͕େࣄ • Ճ͑ͯঢ়ଶΛมߋ͢Δཁૉ͕୯ҰͰ͋Δ͜ͱ
άϩʔόϧม? • άϩʔόϧมѱͱ͍͏ߟ͑ํͱ͠ͳ͍͔? → ͠ͳ͍ • ঢ়ଶΛมߋ͢Δཁૉ͕୯ҰͳΒɺ ֤࣮ߦεςοϓঢ়ଶΛड͚औͬͯ৽ͨͳσʔλΛฦ͢ ؔͱΈͳͤΔ
// ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "domain": "www.example.com", "endpoint": "https://...." } // ͋Δόονͷೖྗ
{ "domain": "www.example.com" }
// ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "domain": "www.example.com", "endpoint": "https://...." } // ͋Δόονͷೖྗ
{ "domain": "www.example.com" } άϩʔόϧঢ়ଶΛҾม͢Δ (όον͔ΒͷมߋෆՄ)
// ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "updateRequired": true, "domain": "www.example.com", "endpoint": "https://...." }
// ͋Δόονͷग़ྗ { "updateRequired": true }
// ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "updateRequired": true, "domain": "www.example.com", "endpoint": "https://...." }
// ͋Δόονͷग़ྗ { "updateRequired": true } όονͷग़ྗΛάϩʔόϧͳঢ়ଶม (વɺग़ྗޙ͔ΒมߋෆՄ)
όονॲཧͷ߹ • operand: ֤εςοϓ • operator: ϫʔΫϑϩʔΤϯδϯ
όονॲཧͷ߹ • operand: ֤εςοϓ; AWS Lambda • operator: ϫʔΫϑϩʔΤϯδϯ; AWS
StepFunctions
΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ͷ ϐλΰϥεΠον@ͯͳϒϩά • ϫʔΫϑϩʔΤϯδϯ: AWS StepFunctions • ……ͱͦΕΒ͔Β࣮ߦ͞ΕΔAWS Lambda •
pub/sub: DynamoDB TTL Trigger
࠶: ΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ ͷϐλΰϥεΠον • ϫʔΫϑϩʔΤϯδϯͷಋೖ • ࣮ߦεςοϓશ༰ΛѲ͘͢͠ • ͦΕͱߴʹ౷߹͞Εͨόον࣮ߦڥ͕͋Δͱͳ͓Α͍ •
pub/subϞσϧͰରσʔλͷ૿Ճʹର͠εέʔϧͤ͞Δ • ॲཧ͢Δσʔλ୯ҐΛෳˠ1ͭ • ͍ͭͰʹσʔλετΞঢ়ଶ͕ڽू͞ΕΔ
·ͱΊ
·ͱΊ • ιϑτΣΞߏஙҰൠͷݪଇ͕͑Δ • άϩʔόϧͳঢ়ଶΛ࣋ͨͳ͍ɾม͑ͳ͍ɾ࣋ͪࠐ·ͤͳ͍ • ॲཧ୯ҐΛͰ͖Δ͚ͩখ͘͞ɺࣦഊΛѲ͘͢͠ • ͜ΕΒΛ࣮ݱ͢ΔͨΊͷҰྫͱͯ͠ •
ϫʔΫϑϩʔΤϯδϯ: AWS StepFunctions • pub/subΛαϙʔτ͢ΔσʔλετΞ: DynamoDB