20180122-jawsug-terada

Transcript

1. re:Invent 2017 Ͱൃද ͞Εͨੵۃతʹ࢖͍͍ͨ αʔϏε5ͭʂ JAWS-UG ௕໺ࢧ෦ ࣉా ྯਅ

2. Α͏ͦ͜দຊ΁ • લ͔ΒɺদຊͰJAWS-UGΛ΍Γ͔ͨͬͨ • 11݄ͷ௕໺ࢧ෦ͷRebootʹ͸ମௐෆྑͰߦ͚ͣɻɻɻ • ͜ʹΌ͞Μ͕ɺ΅ͦͬͱͭͿ΍͍ͨͷΛؾʹɺদຊͰ΋΍Δ͜ͱʹ! • 1೥ʹ਺ճ͸ߦ͍͍ͨͱࢥ͍ͬͯ·͢ɻ࣍͸ 3

   or 4݄͝Ζʹ΍ΕΕ͹ • ௕໺ࢢͱ࿈ܞاը΋ߟ͑த • ͪͳΈʹɺ௕໺ݝத෦Ͱձ৔Λିͯ͠௖͚͚Δاۀ༷͕͋Ε͹ɺඇ ৗʹخ͍͠Ͱ͢

3. • ࣉా ྯਅ(Reima TERADA) • ॴଐ1ɿ
 גࣜձࣾαʔόʔϫʔΫε
 Ϋϥ΢υΠϯςάϨʔγϣϯ෦
 ٕज़2՝ (AWSΤϯδχΞ)

   • ॴଐ2ɿ
 ৴भେֶେֶӃ
 ߴΤωϧΪʔ෺ཧֶݚڀࣨ ത࢜1೥ • Twitterɿ@re__maɹfacebook: https://www.facebook.com/reima.terada

4. ֶੜͬͯʁ • ͍ΘΏΔɺ͘͝ී௨ͷࣾձਓυΫλʔ • ౦ژΛԕ͘཭Εͯɺ௕໺ݝࡏॅ • جຊɺϦϞʔτϫʔΫͰશͯͷ࢓ࣄΛ • னؒ࢓ࣄͯ͠ɺே൩+ٳ೔ʹݚڀɾ࣮ ݧɾղੳ

5. ݚڀ಺༰ • ߴΤωϧΪʔ෺ཧֶ͕ઐ໳ • εΠεɺδϡωʔϒͷڊେͳՃ଎ثͱ͔ʹԑ͕͋Γ ·͢ • ΍͍ͬͯΔͷ͸ɺ౦๺ʹ࡞Ζ͏ͱߦ͍ͬͯΔɺϦχ ΞίϥΠμʔܭըͷଌఆثR&D

6. ࢓ࣄͷํͷ࿩ • ΠϯϑϥΤϯδχΞΛ΍͍ͬͯ·͢ • ओʹɺVPCͱEC2ͱRDSΛຖ݄࡞੒͍ͯ͠·͢ • CloudFormation͸৬ਓʹͳΕ·͢ • ίʔυ͸PythonͰগ͠ॻ͚·͕͢ɺ࢓ࣄͰίʔ σΟϯά͸͍ͯ͠·ͤΜ

   • ࠷ۙ͸ɺӡ༻ͱ͔ηΩϡϦςΟपΓ͕ଟΊͰ͢

7. re:InventͰൃද͞ΕͨαʔϏε • 2ϲ݄΄Ͳܦաͯ͠͠·ͬͨͷͰɺ؆୯ʹ͓ ͞Β͍Λ • ৽αʔϏεͱͯ͠ɺ60ݸఔ౓ग़ͨΑ͏Ͱ͢
 https://aws.amazon.com/jp/new/reinvent/ • re:Inventલޙʹ΋ز͔ͭ࿩͕͋Γ·ͨ͠

8. ಠஅͱภݟͱࣗ෼ͷ࢓ࣄ෼໺͔ Β͑ΒͿɺ࢖͍͍ͨαʔϏε • ྑ͍ͳͱࢥ͍ͬͯΔαʔϏεΛ5ͭબΜͰ࿩͠·͢ • AWS Fargate • Amazon Time

   Sync Service • Amazon Aurora Serverless • Inter-Region VPC Peering • Amazon GuardDuty

9. AWS Fargate • ͓ͳ͡ΈͷίϯςφͷϑϧϚωʔδυαʔϏε • ͍͍ͱ͜Ζ • ίϯςφΛಈ͔͢αʔόʔͷӡ༻Λ͠ͳ͍͍ͯ͘
 (ECSͰ͸͕͜͜ωοΫͩͬͨ •

   AutoScalingΑΓ΋ىಈ͕ૣ͍ • AutoScalingͷνϡʔχϯάෆཁ • ஫ҙ఺ • ·ͩɺ౦ژϦʔδϣϯʹདྷ͍ͯͳ͍ • ྉۚ͸ɺECS ͱ͔ EKS ͱ͔ΑΓ͸ߴΊ (αʔόʔӡ༻ͷίετΛߟ͑Ε͹ଟ෼ଥ౰

10. AWS Fargate ͜͜ͷ؅ཧ͸ͨ͘͠ͳ͔ͬͨ
 AutoScalingͩͱνϡʔχϯά΋ඞཁ εέʔϦϯά͢Δ࣌ؒ΋͔͔Δ FargateͩͱEC2ͷϦιʔε؅ཧ͸ෆཁʂ ίϯςφͩͱىಈ΋਺ඵͰՄೳʂ

11. Amazon Time Sync Service • NTPΛVPCͳ͍͔Β࢖͑Δɺ͋Δҙຯ஍ຯͳαʔϏεͰ͢ • αʔϏε͕ग़Δલ • NTPͷઃఆͰɺ

    ntp.nict.jp ͱ͔ʹ޲͚͍ͯͨɻ • GIPΛ͍࣋ͬͯΔαʔόʔ͸ɺΠϯλʔωοτ͔ΒΞΫηε͕Մೳ
 ϓϥΠϕʔταϒωοτ͔Β͸ɺNAT͕ඞཁ
 NAT΋͓͚ͳ͍৔߹͸ɺNTPதܧαʔόʔ͕ඞཁ • ࠓճͷαʔϏεͷ͍͍ͱ͜Ζ • 169.254.169.123 Λࢦఆ͢Ε͹VPC಺ͳΒͲ͜Ͱ΋ΞΫηεՄೳʂ • ஫ҙ఺ • ͱ͘ʹͳ͠ (ͲΜͲΜ࢖͑͹ྑ͍ʂ

12. Amazon Time Sync Service ͍Ζ͍Ζ༨෼ʹඞཁ
 NTPαʔόʔ͸؂ࢹ΋ඞཁ

13. Amazon Aurora Serverless • ଴๬ͷ RDB ͷServerlessͷαʔϏε • ΞϓϦΛ No

    SQL (Dynamo DB)޲͚ʹॻ͖׵͑ͳͯ͘΋ར༻Մ ೳ • ߟ͑ΒΕΔϢʔεέʔε • Serveless (Lambda) Λओʹ༻͍ͨΞϓϦέʔγϣϯ • RDB͕ඞཁͳϨΨγʔͳαʔϏε͔ͭɺখن໛ͳαʔϏε • ex) ࣾ಺޲͚ͷ؆୯ͳ؅ཧγεςϜɺࣗલͷblogαΠτ

14. Amazon Aurora Serverless • ݸਓతʹ·ͣਪ͍ͨ͠఺͸ɺখن໛ͳγεςϜͰͷར༻ • খن໛ͳ৔߹Ͱ΋ɺt2ܥΛར༻͠ͳͯ͘΋αʔϏε͕Մೳ ͔ͭɺطଘt2.smallͱ΄ͱΜͲಉ͡஋ஈʹͳΔͱߟ͑ΒΕΔ • ΋͠ɺΞΫηε͕૿͑Ε͹ɺࣗಈతʹεέʔϧ

    (εέʔϧʹ ඞཁͳ࣌ؒ͸ཁݕূ • RDSͷαʔόʔͷఀࢭػೳ͸ग़͕ͨɺ͜ΕΛར༻͢Ε͹ αʔόʔͷఀࢭ͕ෆཁ

15. Amazon Aurora Serverless • ଞͷྫͱͯ͠͸ɺEC2͕AutoScaling͢ΔγεςϜͰͷ ར༻ • RDSͷΩϟύγςΟ͕ωοΫͱͳΓɺγεςϜશମ͕ εέʔϧ͠ͳ͘ͳΔͷΛ๷͛Δ •

    Aurora ReadReplica AutoScaling Ͱ΋͍ۙ͜ͱ͸Մ ೳ͕ͩɺύϥϝʔλνϡʔχϯά΋ෆཁ (EC2ͷ AutoScalingͱLambdaͱ͔ɺFargateͷؔ܎ͱҰॹʂ

16. Inter-Region VPC Peering • ࠓ·Ͱͳ͔ͬͨɺϦʔδϣϯؒͷVPCͷ઀ଓ͕Մೳʹ • άϩʔόϧʹ·͕ͨΔγεςϜΛ࡞Δͱ͖ʹཉ͔ͬͨ͠΍ ͭ • ·ͨɺDRରࡦͱͯ͠΋ར༻Մೳ

    • جຊతͳ࢖༻͸ɺVPC-Peeringͱ΄΅ಉ͡ • ஫ҙ఺ • ౦ژ͸·ͩ

17. Inter-Region VPC Peering Transit VPC͕ඞཁͩͬͨ https://aws.amazon.com/jp/answers/networking/aws-multiple-region-multi-vpc-connectivity/ Transit VPCଆͷϧʔλʔ͸ ϧʔςΟϯά΋อक΋ϥΠηϯείετ΋ඞཁ ϧʔλෆཁ

    ϧʔςΟϯάͷઃఆ΋
 VPCͰ׬݁

18. Amazon GuardDuty • AWSͷ௨৴ͳͲΛ؂ࢹ͠ɺෆ৹ͳߦಈ͕͋ͬͨ৔߹ʹΞϥʔτΛ౤͛ͯ͘ΕΔ αʔϏε • ྑ͍఺ • AgentΛΠϯετʔϧ͢Δඞཁ͕ͳ͍(Agent Less)

    • طଘͷ΋ͷʹ؆୯ʹ௥ՃՄೳ • ͍··ͰͷηΩϡϦςΟιϑτͱൺ΂Δͱ͍҆ʂ • ԿΑΓ΋େࣄͳͷ͸ɺ໘౗ͳηΩϡϦςΟͷ؂ࢹӡ༻ͱ௨஌ΛࣗಈͰ΍ͬͯ͘ ΕΔͱ͜Ζ
 (͔͠΋AWSͷ͍࣋ͬͯΔσʔλͱ෇͖߹Θ͕ͤߦΘΕΔͨΊɺࣗ෼ͰಘΒΕ Δ৘ใΑΓ΋ͨ͘͞Μͷ৘ใͱಥ͖߹Θͤͯ͘ΕΔ

19. Amazon GuardDuty • ஫ҙ఺ • ΢ΟϧεରࡦιϑτͰ͸ͳ͍ (DeepSecurityͳͲͷ୯७ͳஔ͖׵͑ ʹ͸ͳΒͳ͍ • WAFͰ΋ͳ͍

    (WAF͸ AWS WAF Λઃఆ͢Δඞཁ͋Γ • ݱࡏͷର৅͸EC2ͱIAM (ͱ͸͍͑ɺඞཁ࠷௿ݶ͸Χόʔ͞Ε͍ͯΔ • Ξϥʔτ্͕͕ͬͨΒɺࣗ෼ͰରԠ͕ඞཁ • શମతͳηΩϡϦςΟ؂ࢹ͕͚ͨ͠Ε͹ɺAlert LogicͳͲΛ࢖ͬͨ΄ ͏͕͍͍ (͓ͨͩۚ͠͸͔͔Δ

20. ଞʹ΋αʔϏε͸ଟ਺ • Cloud9 (IDE • Amazon MQ (ϝοηʔδϒϩʔΧʔαʔϏε • ৽͍͠ΠϯελϯελΠϓ

    (M5, H1 • Aurora Multi-Master • Dynamo DB Global Tables (ϦʔδϣϯΛ௒͑ͨϚϧνϚε λ • etc

21. ·ͱΊ • ྫ೥ͷ͜ͱͳ͕Βɺ re:Invent Ͱͷଟ਺ͷαʔϏε͕ग़·͠ ͨΑͱ • ͓͢͢ΊͰ͖ΔαʔϏεΛϐοΫΞοϓͯ͠5ͭ঺հͯ͠Έ ·ͨ͠ •

    ઃఆෆཁͳαʔϏεͱ͔ɺ͜ΕͰ͖Δͱӡ༻͕ΉͬͪΌָ ʹͳΔαʔϏεͱ͔Λ·ͱΊͯΈͨͭ΋ΓͰ͢ • IoT·ΘΓͱ͔MLपΓͱ͔͸͍͍͚͍ͭͯͯͳ͍ͷͰɺؤ ுͬͯΩϟονΞοϓ͠ͳͯ͘͸ɻɻɻ

22. JAWS DAYS 2018 ! • https://jawsdays2018.jaws-ug.jp