Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

re:Invent2024のIaC周りのアップデート&セッションの共有/around-re...

tomoki10
December 10, 2024
Technology
0
630

 re:Invent2024のIaC周りのアップデート&セッションの共有/around-re-invent-2024-iac-updates

クラスメソッドのre:Capイベント、re:Growth2024で発表した内容です。
https://classmethod.doorkeeper.jp/events/179538

tomoki10

December 10, 2024
Tweet

More Decks by tomoki10

See All by tomoki10
Classmethod流のPlatform Engineering / classmethod-platform-engineering-devio2024
tomoki10
1
1.3k
AWS CDK Conference Japan 2024 OP
tomoki10
0
680
TypeScripterに送るIaCの世界への招待〜AWS CDKと共に〜/inviting-typescripters-to-the-world-of-iac-with-aws-cdk
tomoki10
0
720
AWSでもBuildpacksを使ってDockerfileレスに出来るのか!?/can-i-use-buildpacks-to-go-dockerfile-less-in-aws
tomoki10
0
2.8k
ECS on Fargate のセキュリティ対策は何をやるべき?開発者目線で考える/security-for-ecs-on-fargate-secjawsdays
tomoki10
14
11k
AWS CDKの最強の書き方を実践してみる 2023年版/practice-the-strongest-writing-method-of-aws-cdk-2023-edition
tomoki10
4
6.7k
CDK支部のこれまでとこれから / jaws-ug-cdk-past-and-future
tomoki10
1
870
AWS CDKでECS on FargateのCI/CDを実現する際の理想と現実 / ideal-and-reality-when-implementing-cicd-for-ecs-on-fargate-with-aws-cdk
tomoki10
21
27k
AWSCDKを通してAWSを学ぶ/learn AWS through AWS CDK
tomoki10
0
3.4k

Other Decks in Technology

See All in Technology
B10-ひと目でわかる(といいなぁ)Microsoft Purview
seafay
PRO
0
490
振る舞い駆動開発(BDD)における、テスト自動化の前に大切にしていること #stac2024 / BDD formulation
nihonbuson
3
1k
Oracle Base Database Service:サービス概要のご紹介
oracle4engineer
PRO
0
15k
高品質と高スピードを両立させるソフトウェアQA/Software QA that Supports Agility and Quality
goyoki
8
1.4k
検証と資産化を形にするプロダクト組織へ/tapple_pmconf2024
corin8823
1
9.5k
知らない景色を見に行こう チャンスを掴んだら道が開けたマネジメントの旅 / Into the unknown~My management journey~
kakehashi
10
1.2k
Raspberry Pi 秋の新製品をチェックしてみよう / 20231202-rpi-jam-tokyo
akkiesoft
0
470
GitHub Actions의 다양한 기능 활용하기 - GitHub Universe '24 Recap
outsider
0
520
データパイプラインをなんとかした話 / Improving the Data Pipeline in IVRy
mirakui
0
110
40歲的我會給20歲的自己,關於軟體開發的7個建議
line_developers_tw
PRO
0
2.5k
最近のUplift Modeling手法にRでトライ
hskksk
0
130
GDGoC開発体験談 - Gemini生成AI活用ハッカソン / GASとFirebaseで挑むパン屋のフードロス解決 -
hotekagi
1
760

Featured

See All Featured
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
48
2.2k
GraphQLとの向き合い方2022年版
quramy
44
13k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
169
50k
The Invisible Side of Design
smashingmag
298
50k
Into the Great Unknown - MozCon
thekraken
33
1.5k
Mobile First: as difficult as doing things right
swwweet
222
8.9k
How to Think Like a Performance Engineer
csswizardry
21
1.2k
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.4k
Optimizing for Happiness
mojombo
376
70k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
780
A better future with KSS
kneath
238
17k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k

Transcript

  1. 2024/12/10 ੡଄ϏδωεςΫϊϩδʔ෦ ࠤ౻ஐथ re:Invent2024ͷIaCपΓͷ Ξοϓσʔτ&ηογϣϯͷڞ༗

  2. SNS౤ߘλά ·ͣ͸ૉৼΓʂ #regrowth Λ͚ͭͯ SNS౤ߘΛʂ

  3. ࣗݾ঺հ !UNL !UPNPLJ • ࠤ౻ஐथ • ੡଄ϏδωεςΫϊϩδʔ෦ • ΞʔΩςΫτνʔϜ •

    JAWS-UG CDKࢧ෦ ӡӦ • ޷͖ͳAWSαʔϏε -BNCEB $%,

  4. ͋Ε!?IaCΞοϓσʔτ͚͋ͬͨͬʁ

  5. re:InventظؒதIaCʹؔ͢ΔΞοϓσʔτͳ͠ʂʂ ಺༰Λೖྗ͍ͯͩ͘͠͞

  6. pre:Inventظؒத͸͋Γʂʂ • AWS CloudFormation Hooks ͕ΧελϜ AWS Lambda ؔ਺ͷαϙʔτΛ։࢝ •

    AWS CloudFormation Hooks ͕ελοΫͱมߋηοτͷλʔήοτݺͼग़͠ϙΠϯτΛಋೖ • AWS CloudFormation Hooks Ͱ AWS Cloud Control API ͷϦιʔεઃఆͷධՁ͕ར༻Մೳʹ • AWS CloudFormation ͷ͝ΈശϧʔϧͷαϙʔτΛൃද • CloudFormation Guard υϝΠϯݻ༗ͷݴޠΛ࢖༻ͯ͠ AWS CloudFormation Hooks Λ࡞੒ • Amazon Q Developer ͷࢧԉػೳΛ࢖ͬͯ AWS CloudFormation ͷτϥϒϧγϡʔςΟϯά Λਝ଎Խ • ʁʁʁ

  7. 2024/12/10 ੡଄ϏδωεςΫϊϩδʔ෦ ࠤ౻ஐथ re:Invent2024पΓͷIaCͷ Ξοϓσʔτ&ηογϣϯͷڞ༗

  8. 8 • ैདྷ͸ΞΧ΢ϯτ಺ͷCloudFormation(Cfn) ͷ࡞੒/ߋ৽/࡟আૢ࡞ʹରͯ͠ɺΞΫγϣϯ ΍ϦιʔεݕࠪΛ௥ՃͰ͖ͨHooks • ैདྷΧελϜHookΛ࢖͏৔߹ɺCfnͱͯ͠ HookΛ࡞੒͠ɺCloudFormation Registryʹ ొ࿥͢Δඞཁ͕͋ͬͨ

    • ࠓճͷΞοϓσʔτͰLambdaΛ௚઀Hook ͱͯ͠ར༻͢Δ͜ͱ͕ՄೳʹͳΓɺςετ ΍σϓϩΠΛଞͷ։ൃϓϩηεͱ߹ΘͤΔ ͜ͱ͕Մೳʹͳͬͨʂ AWS CloudFormation Hooks ͕ΧελϜ AWS Lambda ؔ਺ͷαϙʔτΛ։࢝ https://aws.amazon.com/jp/about-aws/whats-new/2024/11/aws-cloudformation-hooks-custom-aws-lambda-functions/

  9. 9 • Hookݺͼग़͠ͷλʔήοτʹελο Ϋ(STACK)ͱมߋηοτ (CHANGE_SET)͕௥Ճʂ • ࠓ·Ͱ͸Ϧιʔε୯ҐͰͷมߋݕ஌ ͔͠Ͱ͖ͳ͔͕ͬͨɺελοΫͷૢ ࡞΍มߋηοτͷ࡞੒͚ͩͰτϦ ΨʔՄೳ

    • Ϧιʔε୯ମʹด͡ͳ͍Ψόφϯε ͷ࣮૷͕Մೳ AWS CloudFormation Hooks ͕ελοΫͱมߋηοτͷλʔήοτݺͼग़͠ϙΠϯτΛಋೖ https://aws.amazon.com/jp/about-aws/whats-new/2024/11/aws-cloudformation-hooks-stack-change-set-target-points/

  10. 10 • Hooksػೳ͕͞ΒʹCloud Control API(CC API)Ͱͷૢ࡞ʹରԠʂ • Cfn͚ͩͰͳ͘Terraform΍Pulumiͳ ͲଞͷCC APIΛ࢖͏πʔϧ΋Ψόφ

    ϯεͷର৅ͱͯ͠௥ՃՄೳʂ • ҎԼ͸ໝ૝ • কདྷతʹ͸ίϯιʔϧૢ࡞΋͜Ε ͰϒϩοΫͰ͖Δ͔΋ʁ AWS CloudFormation Hooks Ͱ AWS Cloud Control API ͷϦιʔεઃఆͷධՁ͕ར༻Մೳʹ https://aws.amazon.com/jp/about-aws/whats-new/2024/11/aws-cloudformation-hooks-cloud-control-api-configurations-evaluation/

  11. 11 • AMIͱEBSεφοϓγϣοτΛ࡟আ ޙɺҰఆظؒ෮چՄೳʹ͢Δΰϛശ ػೳ͕CfnʹରԠ͠·ͨ͠ʂ • ΰϛശػೳࣗମΛIaCͰ؅ཧՄೳʹʂ AWS CloudFormation ͷ͝ΈശϧʔϧͷαϙʔτΛൃද

    https://aws.amazon.com/jp/about-aws/whats-new/2024/11/aws-cloudformation-recycle-bin-rules/ https://dev.classmethod.jp/articles/cloudformation-recycle-bin-rules/ AWSTemplateFormatVersion: 2010-09-09 Description: --- Resources: HogeSnapShotRule: Type: AWS::Rbin::Rule Properties: ResourceType: EBS_SNAPSHOT RetentionPeriod: RetentionPeriodUnit: DAYS RetentionPeriodValue: 3 HogeAmiRule: Type: AWS::Rbin::Rule Properties: ResourceType: EC2_IMAGE RetentionPeriod: RetentionPeriodUnit: DAYS RetentionPeriodValue: 3

  12. 12 • ैདྷϓϩάϥϛϯάݴޠͰͷ࣮૷͕ ඞཁͩͬͨCfn Hooks • ࠓճͷΞοϓσʔτͰGuard DSLΛ ॻ͘͜ͱͰHookͷ࡞੒͕Մೳʹʂ •

    Lambdaͷ؅ཧ͕ෆཁͰɺPolicy as CodeΛ࣮ݱͰ͖Δ • S3্ʹDSLΛஔ͍ͯ࢖༻ CloudFormation Guard υϝΠϯݻ༗ͷݴޠΛ࢖༻ͯ͠ AWS CloudFormation Hooks Λ࡞੒ https://aws.amazon.com/about-aws/whats-new/2024/11/author-aws-cloudformation-hooks-cloudformation-guard-domain-specific-language/

  13. let aws_lambda_functions_inside_vpc = Resources.*[ Type == 'AWS::Lambda::Function' Metadata.cfn_nag.rules_to_suppress not exists

    or Metadata.cfn_nag.rules_to_suppress.*.id != "W89" Metadata.guard.SuppressedRules not exists or Metadata.guard.SuppressedRules.* != "LAMBDA_INSIDE_VPC" ] rule LAMBDA_INSIDE_VPC when %aws_lambda_functions_inside_vpc !empty { %aws_lambda_functions_inside_vpc.Properties.VpcConfig.SecurityGroupIds !empty %aws_lambda_functions_inside_vpc.Properties.VpcConfig.SubnetIds !empty << Violation: All AWS Lambda Functions must be configured with access to a VPC … >> } ྫɿVPC LambdaҎ֎Λېࢭ͢Δ৔߹ͷྫ https://github.com/aws-cloudformation/aws-guard-rules-registry/blob/main/rules/aws/lambda/lambda_inside_vpc.guard CloudFormation Guard υϝΠϯݻ༗ͷݴޠΛ࢖༻ͯ͠ AWS CloudFormation Hooks Λ࡞੒ 13

  14. 14 • Amazon Q DeveloperΛ༗ޮʹ͍ͯ͠Δͱɺ CloudFormationͷΤϥʔ͕ى͖͍ͯΔ෦෼ʹ ʮDiagnose with QʯϘλϯ͕දࣔ͞ΕݪҼಛఆ ͕Մೳ

    • ஫ҙɿҎԼͷ৔߹ͷΈදࣔʢ2024/12/10࣌఺ʣ • ݴޠઃఆ͕English(US/UK)ͷ৔߹ • Ϧʔδϣϯ͕όʔδχΞ๺෦/ΦϨΰϯͷ৔߹ • ಛఆͷΤϥʔͷ৔߹ • ͜ͷػೳ͕ݟΕͨ͋ͳͨ͸ϥοΩʔʂ Amazon Q Developer ͷࢧԉػೳΛ࢖ͬͯ AWS CloudFormation ͷτϥϒϧγϡʔςΟϯάΛਝ଎Խ https://aws.amazon.com/jp/about-aws/whats-new/2024/11/cloudformation-troubleshooting-q-developer-assistance/

  15. AWS re:invent?ͷΞοϓσʔτ

  16. 16 • AWS CDKʹ͸L2/L3Constructͱ͍͏ AWSϦιʔεΛந৅Խͯ͠ѻ͑Δ֓ ೦͕͋Δ • L2/L3ͷConstructΛ΄΅ͦͷ·· Pulumi্Ͱར༻Մೳʹʂ •

    CloudFormationΛܦ༝ͤͣɺCloud Control APIܦ༝ͳͷͰߴ଎ʂ AWS CDK on Pulumi͕GAʂ https://www.pulumi.com/blog/aws-cdk-on-pulumi-1.0/ https://dev.classmethod.jp/articles/aws-cdk-on-pulumi-ga/

  17. re:Inventηογϣϯ঺հ

  18. 18 • લ൒͸CloudFormation(Cfn)ͱCloud Control API(CC API)ͷ࿩ • Cfn͕ݱࡏ͸΄΅CC APIʹҠߦͯ͠ ͍Δ࿩΍Cfn͕ࠓ೥ߴ଎Խͨ͠ཪଆͷ

    ࣮૷͸Ͳ͏΍ͬͨͷ͔֓ཁ঺հ • ͳ͔ͥ࠷ޙʹNetflix͕Cfn΋CDK΋ Terraform΋࢖ΘͣʹYAML ✕ CC API ͰIaCΛ࡞ͬͨ࿩΋ ηογϣϯʢAWS infrastructure as code: A year in reviewʣ https://dev.classmethod.jp/articles/aws-reinvent2024-dop201/

  19. pre:InventͳͲΞοϓσʔτ·ͱΊ • AWS CloudFormation Hooks ͕ΧελϜ AWS Lambda ؔ਺ͷαϙʔτΛ։࢝ •

    AWS CloudFormation Hooks ͕ελοΫͱมߋηοτͷλʔήοτݺͼग़͠ϙΠϯτΛಋೖ • AWS CloudFormation Hooks Ͱ AWS Cloud Control API ͷϦιʔεઃఆͷධՁ͕ར༻Մೳʹ • AWS CloudFormation ͷ͝ΈശϧʔϧͷαϙʔτΛൃද • CloudFormation Guard υϝΠϯݻ༗ͷݴޠΛ࢖༻ͯ͠ AWS CloudFormation Hooks Λ࡞੒ • Amazon Q Developer ͷࢧԉػೳΛ࢖ͬͯ AWS CloudFormation ͷτϥϒϧγϡʔςΟϯά Λਝ଎Խ • AWS CDK on Pulumi͕GAʂ

  20. ͬ͘͟Γ·ͱΊ •CloudFormation Hooks͕࢖͍΍͘͢ɺద༻ ൣғ΋CfnҎ֎ʹ޿͕ͬͨʂ •Cloud Control API΁ͷஔ͖׵͕͑ਐΜͰɺ 3rd party IaC΍ಠࣗIaC΋೤͘ͳΔʂ͔΋

  21. None