月額10円から作るServerLess Website

Transcript

1. ֹ݄10ԁ͔Β࡞Δ ServerLess Website 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 1

2. ৿ాɹ๜༟ @morita92hiro kunihiro.morita.52 - ܦྺ - ૊ΈࠐΈΤϯδχΞ - ΅ͬͪΠϯϑϥΤϯδχΞ 2013ʙ

   2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 2

3. ʮ1܅ɺLPαΠτ࡞ͬ ͯɻCMS͸͍Βͳ͍ɻʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 3

4. >>1ʮS3ͷग़൪΍ʂʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 4

5. Static Website Hosting • ͙͢࡞ΔΕͯ(10෼ఔ౓) • ҆ͯ͘(ֹ݄10ԁʙ) • ݎ࿚(99.999999999%) 2016/3/21

   JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 5

6. ʮ1܅ɺ͓໰͍߹Θͤϖʔδ࡞ͬͯʯ >>1 ʮS3͸੩త͔͠ɾɾɾʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 6

7. ʮ1܅ɺ͓໰͍߹Θͤʯ >>1 ʮ͸͍ɾɾɾʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 7

8. >>1ʮJSͰS3ʹPUT͓ͯ͠໰͍߹Θͤ σʔλஔ͍ͯɺʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 8

9. >>1ʮJS͕S3΁ͷॻ͖ࠐΈݖݶඞཁ΍ ͠ɺJSʹೝূ৘ใॻ͖ࠐΉͷ ͸ɾɾɾʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 9

10. >>1ʮͤ΍ʂCognito͕ ͋Δ΍Μʂʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 10

11. ະೝূήετʹॻ͖ࠐΈݖݶ • IAMͰCognitoʹS3΁ͷॻ͖ࠐΈݖݶΛ෇༩ • JS͸Cognito͔ΒҰ࣌తͳAWSೝূ৘ใऔಘ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 11

12. // Cognito AWS.config.region = 'ap-northeast-1'; // Region AWS.config.credentials = new

    AWS.CognitoIdentityCredentials({ IdentityPoolId: 'ap-northeast-1:12345679-1234-1234-1234-123456789012', }); AWS.config.credentials.get(); // S3 Put var s3 = new AWS.S3({ params: { Bucket: bucket } }); s3.putObject({ Key: now.getTime() + '.json', ContentType: 'application/json', Body: blob }, function(err, data) { if (data !== null) { alert('Success'); } else { alert('Fail'); } } ); 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 12

13. ิ଍ • ͓໰͍߹Θͤσʔλஔ͖৔ͷS3όέοτʹ͸CORSઃఆ • S3 PUT߈ܸ͞Εͨ͘ͳ͍ͷͰ͔ͬ͠Γ੍ݶ <?xml version="1.0" encoding="UTF-8"?> <CORSConfiguration

    xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> <CORSRule> <AllowedOrigin>http://hoge.com</AllowedOrigin> <AllowedMethod>PUT</AllowedMethod> <AllowedHeader>*</AllowedHeader> </CORSRule> </CORSConfiguration> 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 13

14. >>1ʮ͓໰͍߹ΘͤΛͲ͏΍ͬͯ஌Ζ͏͔ɾɾɾʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 14

15. >>1ʮͤ΍ʂLambda͕ ͋Δ΍Μʂʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 15

16. LambdaͰαʔόʔϨεʹϝʔϧૹ৴ • S3΁ϑΝΠϧ௥ՃΠϕϯτΛτϦΨʔʹLambdaΩοΫ • Lambda͔ΒSESͰϝʔϧૹ৴ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 16

17. >>1ʮϝʔϧ௨஌͚͚ͩͩͲɺޙ͔Β ௥Ճ͠΍͘͢ɾɾɾʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 17

18. >>1ʮSNSڬΜͲ͚͹͍ ͍΍Ζʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 18

19. ந৅తʹ • S3ΠϕϯτΛSNSܦ༝ͰLambdaΩοΫ • ΞΫγϣϯ௥Ճ΋SNSαϒεΫϦϓγϣϯ௥Ճ͚ͩͰࡁΉ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 19

20. ʮ1܅ɺS3஗͍͠HTTP ͷΈɻ࣌୅͸HTTPS΍ʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 20

21. >>1ʮCloudFrontͰര ଎ʹͨ͠Δʂʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 21

22. CDN • ίϯςϯπσϦόϦʔαʔϏε • GzipѹॖػೳͰ͞Βʹߴ଎ɺసૹίετ࡟ݮʂ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 22

23. ʮ1܅ɺαʔόʔূ໌ॻ͸͍҆ͷͰʯ >>1ʮɾɾɾʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 23

24. >>1ʮͤ΍ʂACM͕͋Δ ΍Μʂʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 24

25. AWSͷແྉSSLূ໌ॻ • υϝΠϯೝূ(DV) • ରԠαʔϏε͸CloudFrontͱELB(us-east-1ͷΈ) 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 25

26. >>1ʮͳΜ͔߈ܸ͞Εͯ Δؾ͕͢ɾɾɾʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 26

27. ิ଍ ̏ߦͰΞΫηεղੳ • S3, CloudFrontͷΞΫηεϩά͸S3ʹग़ྗՄೳ • ΞΫηεϩά͕S3PUT͞ΕͨτϦΨʔͰLambdaΩοΫ • Lambda͔ΒElasticsearchʹ์ΓࠐΜͰKibanaͰ෼ੳ 2016/3/21

    JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 27

28. >>1ʮWAFͰϒϩοΫʂʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 28

29. WAF • ରԠαʔϏε͸CloudFrontͷΈ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 29

30. >>1ʮੲCloudFrontམͪͨɻ·ͨݺ ͼग़͞Εͨ͘ͳ͍ϯΰɾɾɾʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 30

31. >>1ʮRoute53ʹม͑Δʂʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 31

32. ҆৺ͷSLA100%ͷDNS • DNSϔϧενΣοΫͰCloudFrontΛ؂ࢹ • ϔϧενΣοΫNGͰS3ʹDNS੾Γସ͑(ϑΣΠϧΦʔόʔ) 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 32

33. ʮ1܅ɺܞଳʹϝʔϧಧ͔ͳ͍Μͩʯ >>1ʮSES͸ΩϟϦΞϝʔϧ͕͕ɾɾɾʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 33

34. >>1ʮSendGridʹมߋ΍ɻͰ΋ Lambdaʹೝূ৘ใΛຒΊࠐΈͨ͘ͳ ͍ϯΰɾɾɾʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 34

35. >>1ʮͤ΍ʂKMS͕͋Δ ΍Μʂʯ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 35

36. ҉߸ˍ෮߸ • KMSͰೝূ৘ใΛ҉߸Խͯ͠ຒΊࠐΈ • ࢖͏ͱ͖ʹKMSͰ෮߸ɻLambdaʹ෮߸ͷIAM Role༩͑Δɻ 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 36

37. ·ͱΊ • ֹ݄10ԁ͙Β͍ • ֹ݄1000ԁ͙Β͍?ɺWAFআ͚͹300ԁ͙Β͍? 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 37

38. σϞ (σϞ͸ΠϝʔδͰ͢) 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 38

39. ͓ΘΓ! 2016/3/21 JAWS-UG෱Ԭ ·ͨೱ͍໨ʹAWSͷ࿩Λͯ͠ΈΑ͏ 39