framework well-architected lead, amazon web services japan...© 2018, amazon web services, inc. or...
TRANSCRIPT
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Well-Architected Lead, Amazon Web Services Japan
Framework
2-H1-1-12
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS AWS …
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS AWS …
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS AWS …
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
資料は追って公開します
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
(2011/09 )
(
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Well-Architected Framework(W-A) …
• ( )
AWS
• (5 )
• (3 )
• (2 )
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS (SA)
AWS W-A
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
情報に基づいた意思決定を行い、
その意思決定が持つ影響を理解する
全てがベストプラクティスに則っている必要は無く…
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Well-Architected Frameworkの構成要素
① W-Aホワイトペーパーと、柱ごと5つの詳細版ホワイトペーパー
②「ベストプラクティスに則っているか」のチェックリスト(確認質問集)
コストの
最適化
セキュリティ 信頼性 パフォーマンス
効率
運用性
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
( )
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
( )
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
(General)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
: (Reliability)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
( )
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
( )
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
( )
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
“ソリューションを設計する際にビジネス要件に基づいて柱の
間でトレードオフを⾏うことになり、こうしたビジネス上の
決定がエンジニアリングの優先付けにつながります”
信頼性
パフォーマンス
効率
信頼性
コストの
最適化
コストの
最適化
コストの
最適化
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
“ソリューションを設計する際にビジネス要件に基づいて柱の
間でトレードオフを⾏うことになり、こうしたビジネス上の
決定がエンジニアリングの優先付けにつながります”
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS
10
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
繰り返しになりますが…資料は追って公開します
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
(5 ) (2 )(3 )
10
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
(5 )
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Well-Architected Framework
AWS Well-Architected Framework …
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Well-Architected Framework
AWS Well-Architected Framework …
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Well-Architected Framework
AWS Well-Architected Framework …
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Well-Architected Framework
AWS Well-Architected Framework …
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
1.AWS
AWS•
• AWS
AWS MFA ” ”•
(MFA)
• Security Credential Access Key( Access Key )
(https://docs.aws.amazon.com/ja_jp/general/latest/gr/aws_tasks-that-require-root.html)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
1.AWS
IAM
AWS Identity and Access Management (IAM)
• AWS
•
•
•
•
•
•
•
•
•
•
•
•
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
2.
IAM IAM
IAM
• AWS API
CLI
• API
CLI
• AWS JSON
IAM
• IAM
• AWS JSON
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
2.
• IAM IAM
•
IAM
• IAM ( API
) MFA
• ( )
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
3.
IAM• Amazon EC2 AWS
AWS
• STS(Security Token Service)
EC2 Lambda IAM• OS
メタデータ
IAMロール利用
プログラム
IAMユーザー利用
IAM Role
プログラム
SDK/CLI
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
3.
: git-secrets • AWS Labs git
$ git secrets --scan
$ git secrets --register-aws
$ git add git-secret.py
$ git commit -m "This is a test commit for git-secret"
git-secret.py:1:AWSAccessKeyId = ”AKIAIOSFODNN7EXAMPLE"
git-secret.py:2:AWSSecretKey = " wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY "
[ERROR] Matched one or more prohibited patterns
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
4. ( )
AWS CloudTrail• AWS API
•
• CloudTrail CloudWatch Logs
→
( )
•
•
•
•
•
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
4. ( )→
Amazon GuardDuty
• CloudTrail VPC Flow Logs
• GuardDuty AWS
•
( 30 )
AWS re:Invent2017
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
5.
•
– ACL-
• VPC
•
(EC2, Amazon RDS ) – -
• ( )
•
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
5.
AWS WAF•
Web
• ALB(Application Load Balancer) CloudFront
AWS Shield• (DDoS) 3 4
• “Standard”
“Advanced”
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
(3 )
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Well-Architected Framework
AWS Well-Architected Framework …
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Well-Architected Framework
AWS Well-Architected Framework …
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
6.
AWS CloudWatch• AWS
•
• AutoScaling
• CloudWatch Logs OS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
6.
• /
• ( )
• AutoScaling
• (Amazon SQS
Amazon Kinesis )
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
6.
• /
• ( )
• AutoScaling
• (Amazon SQS
Amazon Kinesis )
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
6.
• (M5,M4,T2) (C5,C4)
(R4) (large,small
)
m4 . xlarge
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
6.
•
• ( ) EC2
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
7.
• /
•
• AutoScaling
• (Amazon SQS
Amazon Kinesis )
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
7.
- -• AWS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
7.
- -• AWS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
7.
- -• AWS
1YR
3YR
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
7.
- -• AWS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
7.
•
• RI ( EC2 RDS )
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
7.
- -•
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
8. [ ]
IAM• IAM IAM
(https://docs.aws.amazon.com/ja_jp/awsaccountbilling/latest/aboutv2/grantaccess.html)
•(https://docs.aws.amazon.com/ja_jp/awsaccountbilling/latest/aboutv2/cost-explorer-access.html)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
8.
•
•
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
8.
•
•
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
8.
(Billing Alert)•
• Simple Notification Service(SNS) SNS
E HTTP/HTTPS(https://docs.aws.amazon.com/ja_jp/awsaccountbilling/latest/aboutv2/monitor-charges.html)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
(2 )
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Well-Architected Framework
AWS Well-Architected Framework …
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Well-Architected Framework
AWS Well-Architected Framework …
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
9.
AWS
Amazon EC2 AMI
• EC2
Amazon (AMI)
Amazon EBS• EBS
•
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
9.
AWS
RDS
• 1 1 5
Point-in-Time (DB
)
• 35 (
)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
10.
• (… )
アベイラビリティーゾーンアベイラビリティーゾーン
Auto Scaling Group
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
10.
•
•
•
Region
Multi-AZ
Availability
zone
Availability
zone
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
10.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
• AWS AWS
”AWS Well-Architected Framework”
-AWS -
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
常に”Well-Architected”であること
(1度だけでなく)定期的な見直しが重要
• Well-Architected
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
ホワイトペーパーも是非チェックを!
日本語版AWS Well-Architectedのサイトからダウンロード可能
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWSのSAに相談することも出来る
•
•
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
参考:Trusted Advisor
• AWS ( )
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
[Appendix]
AWSサポート - Trusted Advisor -
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWSサポートの活用
AWSはサポートを(あえて)バンドルしていない• デフォルトでは、サポートをバンドルせず、最適なプランを選択できる
• お客様の「24時間365日体制の電話サポートが必要」「専任担当者アサインが欲しい」「サポート不要なので1円でも安価に利用したい」などの様々なニーズにお答えできるように、3種類のサポートプランをご用意
サポートプランの選択• サポートプランにより、連絡手段、応答時間などが異なる
• 本番環境用アカウントでは「Trusted Advisor(後述)」も利用できるビジネスプラン以上を推奨
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWSサポートの活用
最適なサポートプランを選択できる
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Trusted Advisor
ご利用実績を元に、自動的にセキュリティリスクの指摘やコスト最適化提案を実施するツール• 全項目の確認にはAWSサポート(ビジネスプラン・エンタープライズプラン)
が必要
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Trusted Advisor
( ) 50•
EC2
EBS
MFA
IAM
CloudTrail
RDS AZ
EBS
Amazon RDS
EC2
CloudFront