Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ECSとSQSでスケーラブルなバッチを作った

 ECSとSQSでスケーラブルなバッチを作った

Takafumi Yoshida

August 17, 2019
Tweet

More Decks by Takafumi Yoshida

Other Decks in Technology

Transcript

  1.  

  2. BXTDPOpH   [default] region = ap-northeast-1 output = json

    [profile hoge] region = ap-northeast-1 source_profile = default role_arn = arn:aws:iam::ACCOUNT_ID:role/john-doe mfa_serial = arn:aws:iam::ACCOUNT_ID:mfa/john-doe
  3. BXTDMJͰ4XJUDI3PMF͢Δ৔߹   $ AWS_PROFILE=hoge aws s3 ls Enter MFA

    code for arn:aws:iam::ACCOUNT_ID:mfa/john-doe [MFAτʔΫϯΛೖྗ͢Δ]
  4. "3/ɺ.'"τʔΫϯɺTUTΫϥΠΞϯτ   sts_client = Aws::STS::Client.new(region: 'ap-northeast-1') role_arn = `aws

    configure get role_arn --profile hoge`.chomp serial_number = `aws configure get mfa_serial --profile hoge`.chomp puts "Input MFA token code..." token_code = gets.chomp
  5. ΫϨσϯγϟϧੜ੒͠424ΫϥΠΞϯτΛ࡞੒   role_credentials = Aws::AssumeRoleCredentials.new( client: sts_client, role_arn: role_arn,

    role_session_name: "hoge_session", serial_number: serial_number, token_code: token_code) Aws::SQS::Client.new(credentials: role_credentials)
  6. λεΫఆ͔ٛΒࢀর   ContainerDefinitions: - Name: app ... Secrets: -

    Name: CLIENT_ID ValueFrom: !Sub "arn:aws:ssm:ap-northeast-1:${AWS::AccountId}:parameter/ClientId" - Name: CLIENT_SECRET ValueFrom: !Sub "arn:aws:ssm:ap-northeast-1:${AWS::AccountId}:parameter/ClientSecret" λεΫ಺ͷ؀ڥม਺Ͱ஋ΛऔಘͰ͖Δ