Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
ブログサービスのHTTPS化を支えたAWSで作るピタゴラスイッチ / The construc...
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
aereal
September 08, 2018
Programming
3
400k
ブログサービスのHTTPS化を支えたAWSで作るピタゴラスイッチ / The construction of large scale TLS certificates management system with AWS
talked at builderscon tokyo 2018
aereal
September 08, 2018
Tweet
Share
More Decks by aereal
See All by aereal
盆栽転じて家具となる / Bonsai and Furnitures
aereal
0
6k
How to send distibuted traces to Datadog using build own OpenTelemetry-Lambda distribution
aereal
3
310
好きな技術《コト》で、 生きていく技術 / life with what you like
aereal
5
5k
qron: Cloud Native Cron Alternativeの今
aereal
2
3.2k
自動作曲入門 / introduction to programatic music composition
aereal
1
530k
はてなブログ タグとCDK / The epic of AWS CDK and Hatena Blog Tag
aereal
2
200k
はてなブログ タグの技術選択 / The technical details of Hatena Blog Tag
aereal
3
200k
AWSではてなブログの常時HTTPS配信をバーンとやる話 / The Epic of migration from HTTP to HTTPS on Hatena Blog with AWS
aereal
14
18k
ScalaとPerlでMicroservices in production / Building microservices with Perl and Scala in production
aereal
0
5.6k
Other Decks in Programming
See All in Programming
OCaml 5でモダンな並列プログラミングを Enjoyしよう!
haochenx
0
110
AI Agent の開発と運用を支える Durable Execution #AgentsInProd
izumin5210
7
2.2k
dchart: charts from deck markup
ajstarks
3
990
開発者から情シスまで - 多様なユーザー層に届けるAPI提供戦略 / Postman API Night Okinawa 2026 Winter
tasshi
0
180
KIKI_MBSD Cybersecurity Challenges 2025
ikema
0
1.3k
Vibe codingでおすすめの言語と開発手法
uyuki234
0
210
そのAIレビュー、レビューしてますか? / Are you reviewing those AI reviews?
rkaga
6
4.5k
16年目のピクシブ百科事典を支える最新の技術基盤 / The Modern Tech Stack Powering Pixiv Encyclopedia in its 16th Year
ahuglajbclajep
5
970
プロダクトオーナーから見たSOC2 _SOC2ゆるミートアップ#2
kekekenta
0
180
Smart Handoff/Pickup ガイド - Claude Code セッション管理
yukiigarashi
0
110
インターン生でもAuth0で 認証基盤刷新が出来るのか
taku271
0
190
Apache Iceberg V3 and migration to V3
tomtanaka
0
130
Featured
See All Featured
Crafting Experiences
bethany
1
45
GitHub's CSS Performance
jonrohan
1032
470k
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2k
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
katarinadahlin
PRO
0
3.4k
Jess Joyce - The Pitfalls of Following Frameworks
techseoconnect
PRO
1
62
Optimising Largest Contentful Paint
csswizardry
37
3.6k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
440
We Are The Robots
honzajavorek
0
160
Ruling the World: When Life Gets Gamed
codingconduct
0
130
How to Ace a Technical Interview
jacobian
281
24k
Code Review Best Practice
trishagee
74
20k
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
0
430
Transcript
ϒϩάαʔϏεͷ HTTPSԽΛࢧ͑ͨ AWSͰ࡞ΔϐλΰϥεΠον id:aereal
staff.hatenablog.com/entry/2018/06/13/160000 ಠࣗυϝΠϯͰӡ༻͞Ε͍ͯΔϒϩά͕ɺ HTTPSͰ৴Ͱ͖ΔΑ͏ʹͳΓ·ͨ͠
None
͢͜ͱ • ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ • എܠͱཁٻ • ࣮ͷհ • ্هࣄྫΛݩʹෳࡶͳόον =
ϐλΰϥεΠονߏஙͷ ΤοηϯεΛߟ͑ͯΈΔ
ࣗݾհ • id:aereal • GitHub: aereal • Twitter: aereal •
ϒϩά౷߹νʔϜ ΞϓϦέʔγϣϯΤϯδχΞ ςοΫϦʔυ
എܠ ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ
• ͯͳϒϩάPro (༗ྉϓϥϯ) ʹਃ͠ࠐΉͱ ಠࣗυϝΠϯͰࣗͷϒϩάΛ৴Ͱ͖Δ • ݱࡏɺສ୯ҐͷಠࣗυϝΠϯ͕ొɾར༻͞Ε͍ͯΔ • ͜ΕΒͷಠࣗυϝΠϯͰৗ࣌HTTPS৴͍ͨ͠
Let's Encrypt • ISRG = Internet Security Research Group͕ఏڙ͢Δ ϓϩάϥϚϒϧʹΞΫηεՄೳͳೝূہ
(CA) • ͜Ε·ͰTLSূ໌ॻΛൃߦ͢Δʹ ͦͦ͜͜ͷֹۚͱख͕ؒඞཁ͕ͩͬͨɺͦΕΛม͑ͨCA • LEͷొʹΑΓTLSূ໌ॻͷେྔൃߦ͕ݱ࣮తʹͳͬͨ
developer.hatenastaff.com/entry/2018/06/04/140000 ͯͳϒϩάͷHTTPSԽ࣮ࢪʹ͍, Let's EncryptͷدΛ࣮ࢪ͠·ͨ͠ - Hatena Developer Blog
• LEͷొ࿕ใ͕ͩ͜Ε͚ͩͰΓͳ͍ • ສ୯ҐͷTLSূ໌ॻΛཧ͢Δઓज़ɾઓུ͕͚͍ܽͯΔ • ৴ͱൃߦʹେ͖͚ͯ͘ΈΔ
ཁ݅ͷݕ౼: ৴ ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ
HTTPS৴: ͓͞Β͍ • ͯͳϒϩάͰສ୯ҐͷಠࣗυϝΠϯ͕ར༻͞Ε͍ͯΔ • ҰൠతͳWebαΠτӡ༻ͷײ֮ͩͱφʔόε͗͢Δ • ສ୯Ґͷূ໌ॻΛҰʹಡΈࠐΉͱ proxyͷϝϞϦ༻ྔ͕ஶ͘͠૿Ճ͢Δ •
proxyͷ࠶ىಈʹ͕͔͔࣌ؒΔ
SAN? • = Subject Alternative Names 1ͭͷূ໌ॻʹෳυϝΠϯΛඥ͚Δ֦ு • ͔݁Βݴ͏ͱͯͳϒϩάͷέʔεͰ͍͠ •
LEͰSANΛར༻͢Δ߹ɺACME challengedns-01ͷΈ ར༻Ͱ͖Δ (ݱࡏ) • DNSઃఆ֤ϢʔβʔʹҕͶΒΕΔͷͰࣗಈԽͰ͖ͳ͍
ACME? • ACME: Automated Certificate Management Environment • ূ໌ॻൃߦͳͲͷ࡞ۀΛ ࣗಈԽ͢ΔϓϩτίϧΛ·ͱΊ༷ͨ
• ACME challenge: υϝΠϯͷॴ༗ݖݶΛ֬ೝ͢Δํ๏ • Google AnalyticsͷΞϨΈ͍ͨͳͭ • LE͕ࡦఆɾ࠾༻͍ͯ͠Δ
ACME challenge? • dns-01: υϝΠϯͷTXTϨίʔυʹϫϯλΠϜτʔΫϯΛॻ ͖ࠐΉ • http-01: CAͷϦΫΤετʹର͠ॴఆͷϨεϙϯεΛฦ͢ •
ྫ: /.well-known/TOKEN • (ଞʹ͍Ζ͍Ζ)
HTTPS৴: ͓͞Β͍ (࠶) • ͯͳϒϩάͰສ୯ҐͷಠࣗυϝΠϯ͕ར༻͞Ε͍ͯΔ • ҰൠతͳWebαΠτӡ༻ͷײ֮ͩͱφʔόε͗͢Δ • ສ୯Ґͷূ໌ॻΛҰʹಡΈࠐΉͱ proxyͷϝϞϦ༻ྔ͕ஶ͘͠૿Ճ͢Δ
• proxyͷ࠶ىಈʹ͕͔͔࣌ؒΔ
HTTPS৴: ํ • ϦΫΤετຖʹূ໌ॻΛબɾಡΈࠐΉ • ϝϞϦ༻ྔͷ૿Ճ࠶ىಈ࣌ؒͷѱԽΛ͑Δ • ෳproxyʹରԠ͢ΔͨΊσʔλετΞʹূ໌ॻΛอଘ • ͔͠ϨΠςϯγΛѱԽͤͣ͞ʹ࣮ݱ͢Δ
• ϩʔΧϧΩϟογϡ
ཁ݅ͷݕ౼:ൃߦ ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ
ূ໌ॻൃߦ • Ұ؏ੑɾཏੑ͕ٻΊΒΕΔ • ൃߦʹࣦഊ͠ଓ͚Δͱϒϩά͕ӾཡͰ͖ͳ͘ͳΔ • ແޮͳυϝΠϯΛ์ஔ͍͚ͯ͠ͳ͍ • ཁٻߴ͍͕ෆ࣮֬ੑߴ͍ •
ূ໌ॻΛߋ৽͢ΔࡍɺυϝΠϯʹର͠εέʔϧ͢Δ͜ͱ
ແޮͳυϝΠϯͷআ • ແޮͳυϝΠϯ = ඞͣACME challengeʹࣦഊ͢Δ • LEʹΞΧϯτ * time
window͝ͱʹࣦഊͷ্ݶ͕͋Δ • ์ஔ͢ΔͱඞͣAPI limitʹ͋ͨͬͯ͠·͏ • ࣦഊͨ͠υϝΠϯඞͣআ
ূ໌ॻൃߦ: ෆ࣮֬ੑ • υϝΠϯͷ༗ޮੑมΘΓ͏Δ • ՝ۚऴྃ • DNSϨίʔυҟৗ • ֎෦API
= LEͱͷ౷߹ • API Limit • దͳϦτϥΠͱΤϥʔϦΧόϦ͕ඞਢ
ূ໌ॻൃߦ: εέʔϥϏϦςΟ • ରυϝΠϯͷ૿Ճʹର͠εέʔϧ͢ΔΈʹ͍ͨ͠ • SELECT * FROM custom_domain WHERE
id > ? Έ͍ͨͳΫΤϦආ͚͍ͨ • υϝΠϯ͕૿͑Δͱϖʔδϯά͕ඞཁ • ࣮ߦ్தͰࣦഊͨ͠ΒɺϦτϥΠΩϡʔʹೖΕ͢Α͏ ͳΛڽΒ͞ͳ͍ͱ͍͚ͳ͘ͳΔ
γεςϜͷཁ݅: ·ͱΊ • ϦΫΤετຖʹূ໌ॻΛऔಘɾ༻ • Ͱ͖Δ͚ͩϨΠςϯγͰ • Τϥʔੑ͕ߴ͍ • ࣦഊͨ͠ΒऔಘରͷυϝΠϯ͔Β֎͢
• ֎෦API௨৴ͷΤϥʔΛదʹॲཧͰ͖Δ • υϝΠϯͷ૿Ճʹεέʔϧ͢Δ
γεςϜͷհ ͯͳϒϩάͷৗ࣌HTTPS৴ͷղઆ
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
৴γεςϜ • ngx_mruby: ূ໌ॻಡΈࠐΈ࣌ʹmrubyͷίʔυΛ࣮ߦ • cache gatewayHTTP GET͢Δ͚ͩ • https://github.com/matsumotory/ngx_mruby
• cache gateway (Go): HTTP GET͢Δͱূ໌ॻΛฦ͢ • DynamoDB: ূ໌ॻΛอଘ͢ΔσʔλετΞ
cache gateway • AWS (DynamoDB) APIݺͼग़͠ΛHTTP APIʹม͑Δ • mrubyʹAWS SDK͕ͳ͍
• ಉډ͢ΔmemcachedʹಡΈॻ͖͠ɺ DynamoDBͷΞΫηεΛͰ͖Δ͚ͩݮΒ͢
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
cert-dispatcher cert-cache-gw cert-store cert-cache User Blog HTTP ssl_handshake_handler HTTP Get/Set
Get ৴
৴γεςϜ • ngx_mrubyΛͬͯϦΫΤετຖʹূ໌ॻΛऔಘͰ͖ͨ • proxyʹಉډͨ͠memcachedΛ͏͜ͱͰ DynamoDBͷϦΫΤετΛݮΒ͠ϨΠςϯγΛԼ͛ͨ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
ূ໌ॻൃߦγεςϜ • cert-updater-state: AWS StepFunctions; ֤LambdaΛىಈ • Τϥʔ༰ʹԠͨ͡ϦΧόϦɾϦτϥΠ (ޙड़) •
cert-updater-function: AWS Lambda; ূ໌ॻΛൃߦɺ DynamoDBॻ͖ࠐΈ • cert-update-notifier: Lambda; ൱Λͯͳϒϩά௨
None
None
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
cert-updater-state cert-updater-function cert-update-notifier Let's Encrypt cert-store cert-lifecycle-store Blog HTTP HTTP
࣮ߦ ࣮ߦ UpdateItem UpdateItem ূ໌ॻൃߦ ࣮ߦ ূ໌ॻൃߦ
AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,
"MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],
AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,
"MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],
AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,
"MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],
AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,
"MaxAttempts": 3, "BackoffRate": 2.0 } ], "Catch": [ { "ErrorEquals": ["States.TaskFailed"], "Next": "Notify result to Hatena-Epic" } ],
ূ໌ॻൃߦγεςϜ • AWS StepFunctionsΛͬͯదͳΤϥʔॲཧΛ࣮ݱ • Ϧιʔε্ݶʹୡ͢ΔͳͲ ҟৗऴྃͨ࣌͠ଈ࠲ʹ݁ՌΛ௨ • APIݺͼग़ࣦ͠ഊͳͲϦτϥΠՄೳͳ࣌ϦτϥΠ
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
ূ໌ॻൃߦ: ߋ৽ • DynamoDBͷTTL Trigger͕Lambdaܦ༝ͰSFnΛىಈ • cert-reissue-confirmer: ͯͳϒϩάʹυϝΠϯ༗ޮੑΛ ͍߹Θͤͯɺߋ৽͢Δඞཁ͕͋Δ͔Λޙଓʹ͑Δ •
cert-cleanup-function: ແޮͳυϝΠϯΛDynamoDB͔Βফ ͢
cert-lifecycle-store (DynamoDB) Domain: ex1.example.com ExpiresAt: 2018-05-23T02:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T03:00:00
Domain: ex2.example.com ExpiresAt: 2018-05-23T04:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00
cert-lifecycle-store (DynamoDB) Domain: ex2.example.com ExpiresAt: 2018-05-23T03:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T04:00:00
Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00
cert-lifecycle-store (DynamoDB) Domain: ex2.example.com ExpiresAt: 2018-05-23T04:00:00 Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00
cert-lifecycle-store (DynamoDB) Domain: ex2.example.com ExpiresAt: 2018-05-23T05:00:00
cert-lifecycle-store (DynamoDB)
publish SELECT * FROM ... ࣮ߦ
Τϥʔॲཧ͕؆ܿʹ • όονॲཧͩͱ: औಘͨ͠ෳͷυϝΠϯΛϧʔϓͰॲཧ • = ॲཧ୯Ґ͕ෳυϝΠϯʹͳΔ • Ұ෦ͷυϝΠϯ͕ࣦഊͨ࣌͠ɺόονॲཧશମͷ εςʔλεͲ͏͢Δ?
ޭ? ࣦഊ? • pub/subͩͱ: Ҿͱͯͬͨ͠υϝΠϯ1ͭΛॲཧ͢Δ • = ॲཧ୯Ґ͕υϝΠϯ1ͭʹͳΔ
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state cert-reissue-confirmer cert-updater-state-caller cert-cleanup-function Blog cert-lifecycle-store cert-update-trigger cert-updater-state cert-store ࣮ߦ
࣮ߦ ࣮ߦ ࣮ߦ ࣮ߦ HTTP TTL Trigger DeleteItem ূ໌ॻൃߦ (ߋ৽)
cert-reissue-state "Determine next state": { "Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢", "Type": "Choice", "Choices":
[ { "Variable": "$.UpdateRequired", "BooleanEquals": true, "Next": "Call reissue of certificate" }, { "Variable": "$.UpdateRequired", "BooleanEquals": false, "Next": "Clean up of certificate" } ] },
cert-reissue-state "Determine next state": { "Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢", "Type": "Choice", "Choices":
[ { "Variable": "$.UpdateRequired", "BooleanEquals": true, "Next": "Call reissue of certificate" }, { "Variable": "$.UpdateRequired", "BooleanEquals": false, "Next": "Clean up of certificate" } ] },
cert-reissue-state "Determine next state": { "Comment": "࣍ͷঢ়ଶΛܾఆ͠·͢", "Type": "Choice", "Choices":
[ { "Variable": "$.UpdateRequired", "BooleanEquals": true, "Next": "Call reissue of certificate" }, { "Variable": "$.UpdateRequired", "BooleanEquals": false, "Next": "Clean up of certificate" } ] },
ূ໌ॻߋ৽γεςϜ • σʔλϑϩʔΛpub/subͰγϯϓϧʹ • ॳճൃߦߋ৽࣌DynamoDBͷI/O͚͕ͩൃੜ͢Δ • DynamoDB TTL TriggerΛ׆༻ •
ঢ়ଶ = σʔλΛதԝʹू
࠶ܝ: ৴γεςϜ • ngx_mrubyΛͬͯϦΫΤετຖʹূ໌ॻΛऔಘͰ͖ͨ • proxyʹಉډͨ͠memcachedΛ͏͜ͱͰ DynamoDBͷϦΫΤετΛݮΒ͠ϨΠςϯγΛԼ͛ͨ
࠶ܝ: ূ໌ॻൃߦγεςϜ • AWS StepFunctionsΛͬͯదͳΤϥʔॲཧΛͰ͖ͨ • Ϧιʔε্ݶʹୡ͢ΔͳͲ ҟৗऴྃͨ࣌͠ଈ࠲ʹ݁ՌΛ௨ • APIݺͼग़ࣦ͠ഊͳͲϦτϥΠՄೳͳ࣌ϦτϥΠ
ߟ ϐλΰϥεΠονͷ࡞Γํ
ڊେͳόονͷ͠͞ • ࣮ߦεςοϓશ༰ΛѲ͢Δ͜ͱͷ͠͞ • શମͰεςοϓ͕͜Ε͚ͩ͋Δ • Ͳ͜ͷεςοϓͰࣦഊͨ͠ͷ͔ • ॲཧ୯Ґ͕େ͖͘ͳΓ͕ͪ •
ඞવͱ࣮ߦ࣌ؒҾ͖͕ͪ • Ұ෦͚ࣦͩഊͨ࣌͠ɺ࣮ߦͷঢ়ଶޭ? ࣦഊ?
΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ ͷϐλΰϥεΠον • ϫʔΫϑϩʔΤϯδϯͷಋೖ • ࣮ߦεςοϓશ༰ΛѲ͘͢͠ • ͦΕͱߴʹ౷߹͞Εͨόον࣮ߦڥ͕͋Δͱͳ͓Α͍ • pub/subϞσϧͰରσʔλͷ૿Ճʹର͠εέʔϧͤ͞Δ
• ॲཧ͢Δσʔλ୯ҐΛෳˠ1ͭ • ͍ͭͰʹσʔλετΞঢ়ଶ͕ڽू͞ΕΔ
ׂ౷࣏ • খ͞ͳؔΫϥεΛ࡞ΓɺͦΕΒΛΈ߹ΘͤΔ͜ͱΛ ීஈ͔Βҙ͍ࣝͯͬͯ͠Δͣ • ʹؔΘΒͣόον͕ڊେʹͳΓ͕ͪͳͷͳͥͳͷ͔? • ύϑΥʔϚϯε • ߹Մೳ
(composable) Ͱͳ͍
ׂ౷࣏ • খ͞ͳؔΫϥεΛ࡞ΓɺͦΕΒΛΈ߹ΘͤΔ͜ͱΛ ීஈ͔Βҙ͍ࣝͯͬͯ͠Δͣ • ʹؔΘΒͣόον͕ڊେʹͳΓ͕ͪͳͷͳͥͳͷ͔? • ύϑΥʔϚϯε • ߹Մೳ
(composable) Ͱͳ͍
߹ՄೳΛࢧ͑Δٕज़ • 2ͭͷεςοϓͷྻ࣮ߦΛೋ߲ԋࢉͱΈͳͯ͠ΈΔ • operand: ൣғ͕খ͍͜͞ͱ • operator: ༷ʑͳ๏ଇΛຬͨ͢͜ͱ •
݁߹ଇɺଇ
ہॴঢ়ଶΛ࣋ͨͳ͍ • ঢ়ଶ = มߋՄೳͳσʔλ • άϩʔόϧʹͨͩ1ͭͷঢ়ଶΛ࣋ͭ͜ͱ͕େࣄ • Ճ͑ͯঢ়ଶΛมߋ͢Δཁૉ͕୯ҰͰ͋Δ͜ͱ
άϩʔόϧม? • άϩʔόϧมѱͱ͍͏ߟ͑ํͱ͠ͳ͍͔? → ͠ͳ͍ • ঢ়ଶΛมߋ͢Δཁૉ͕୯ҰͳΒɺ ֤࣮ߦεςοϓঢ়ଶΛड͚औͬͯ৽ͨͳσʔλΛฦ͢ ؔͱΈͳͤΔ
// ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "domain": "www.example.com", "endpoint": "https://...." } // ͋Δόονͷೖྗ
{ "domain": "www.example.com" }
// ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "domain": "www.example.com", "endpoint": "https://...." } // ͋Δόονͷೖྗ
{ "domain": "www.example.com" } άϩʔόϧঢ়ଶΛҾม͢Δ (όον͔ΒͷมߋෆՄ)
// ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "updateRequired": true, "domain": "www.example.com", "endpoint": "https://...." }
// ͋Δόονͷग़ྗ { "updateRequired": true }
// ϫʔΫϑϩʔΤϯδϯͷঢ়ଶ { "updateRequired": true, "domain": "www.example.com", "endpoint": "https://...." }
// ͋Δόονͷग़ྗ { "updateRequired": true } όονͷग़ྗΛάϩʔόϧͳঢ়ଶม (વɺग़ྗޙ͔ΒมߋෆՄ)
όονॲཧͷ߹ • operand: ֤εςοϓ • operator: ϫʔΫϑϩʔΤϯδϯ
όονॲཧͷ߹ • operand: ֤εςοϓ; AWS Lambda • operator: ϫʔΫϑϩʔΤϯδϯ; AWS
StepFunctions
΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ͷ ϐλΰϥεΠον@ͯͳϒϩά • ϫʔΫϑϩʔΤϯδϯ: AWS StepFunctions • ……ͱͦΕΒ͔Β࣮ߦ͞ΕΔAWS Lambda •
pub/sub: DynamoDB TTL Trigger
࠶: ΅͘ͷ͔Μ͕͍͖͑ͨ͞ΐ͏ ͷϐλΰϥεΠον • ϫʔΫϑϩʔΤϯδϯͷಋೖ • ࣮ߦεςοϓશ༰ΛѲ͘͢͠ • ͦΕͱߴʹ౷߹͞Εͨόον࣮ߦڥ͕͋Δͱͳ͓Α͍ •
pub/subϞσϧͰରσʔλͷ૿Ճʹର͠εέʔϧͤ͞Δ • ॲཧ͢Δσʔλ୯ҐΛෳˠ1ͭ • ͍ͭͰʹσʔλετΞঢ়ଶ͕ڽू͞ΕΔ
·ͱΊ
·ͱΊ • ιϑτΣΞߏஙҰൠͷݪଇ͕͑Δ • άϩʔόϧͳঢ়ଶΛ࣋ͨͳ͍ɾม͑ͳ͍ɾ࣋ͪࠐ·ͤͳ͍ • ॲཧ୯ҐΛͰ͖Δ͚ͩখ͘͞ɺࣦഊΛѲ͘͢͠ • ͜ΕΒΛ࣮ݱ͢ΔͨΊͷҰྫͱͯ͠ •
ϫʔΫϑϩʔΤϯδϯ: AWS StepFunctions • pub/subΛαϙʔτ͢ΔσʔλετΞ: DynamoDB
SiteGround - Reliable hosting with speed, security, and support you can count on.
aereal
haochenx
izumin5210
ajstarks
tasshi
ikema
uyuki234
rkaga
ahuglajbclajep
kekekenta
yukiigarashi
taku271
tomtanaka
bethany
jonrohan
inesmontani
katarinadahlin
techseoconnect
csswizardry
tammyeverts
honzajavorek
codingconduct
jacobian
trishagee
![AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,](https://files.speakerdeck.com/presentations/22267519db914229ac6f70ff857b0420/slide_43.jpg){kind=link}
![AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,](https://files.speakerdeck.com/presentations/22267519db914229ac6f70ff857b0420/slide_44.jpg){kind=link}
![AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,](https://files.speakerdeck.com/presentations/22267519db914229ac6f70ff857b0420/slide_45.jpg){kind=link}
![AWS SFn: ϦτϥΠ "Retry": [ { "ErrorEquals": ["ErrMaybeRecoverable"], "IntervalSeconds": 1,](https://files.speakerdeck.com/presentations/22267519db914229ac6f70ff857b0420/slide_46.jpg){kind=link}
