ãæŠèŠã
æ¬èšäºã§ã¯ãAWSã§ã¢ããªãããã€ãŸã§ã解説ããŠãããããšæããŸãã
ãªããçè
ã¯åå¿è
ã§ãã®ã§ãéäžè¶³ãæ¹åæ¡ãªã©ãææãã ãããšå¹žãã§ãã
â»(ä»åçºè¡ããkeyãªã©ã¯ãæ²èŒåã«å šãŠåé€ããŠãããŸãããäºæ¿ãã ããã)
ã泚æïŒïŒã
â» ä»åã¯ãTerraformã§ã¯ãªãæ©èœç解ã®ãããã³ã³ãœãŒã«äž
ã§ç°å¢æ§ç¯ããŸãã
ãŸããAWSã¯æéãããããã®ã«ãªã£ãŠãããŸãïŒ
åœäœæ¥ã§çºçããæéãªã©ã¯çè
ã¯ãããªã責任ãè² ããŸããã®ã§ã泚æãã ããã
çµäºåŸã¯å¿ ãç°å¢ã®åé€ããé¡ãããŸãã
ãåæã
ã»äœææžã¢ããªãããããš
ã»ã€ã³ãã©æ§æãããçšåºŠç解ããŠããããš
ã»äœæããå³éãã®ã€ã³ãã©æ§ç¯ã®äœæ¥ãè¡ãããš
(ãã ããã€ã³ãã©æ§æã®èª¬æã®ãããGithub-actionã¯ä»å説æãçããŸãã)
âšç°å¢æ§ç¯ãªã©ã¯ãã¢ããªã§æé©è§£ãšãªããŸãã®ã§ãäºæ¿ãã ããã
ãŸããæ¹åæ¡ãªã©ããã°å®ãããé¡ãããããŸãã
ãç°å¢ã
ã»macOS Sonoma ver.14
ã»2024幎æç¹ã®AWSã³ã³ãœãŒã«
ã»Rails 7.0.8
ã»Ruby3.1.2
ã»Postgres
ã察象è ã
ã»AWSåå¿è
ã®æ¹
ã»IaCã§ãªããGUIã§ç¢ºèªãããæ¹
ãã¯ããã«ã
ã¯ããã«ãä»åäœæããã€ã³ãã©ã®æ§æå³ã確èªããŸãã
ä»åã¯äžèšãç®æšãšããŠäœæ¥ãè¡ããããšæããŸãã
éèŠãªãã®ã¯äžèšã§èª¬æããŸãã
ãã«ãŒããŠãŒã¶ãŒã
å
šæš©éãæã£ããŠãŒã¶ãŒã«ãªããŸãã
åºæ¬çã«ã¯ãIAMãŠãŒã¶ãŒã®äœæã»æš©éå§è²ãäºç®äœæãªã©åŒ·åãªæš©éã®æäœãè¡ããŸãã
ãIAMãŠãŒã¶ãŒã
ã«ãŒããŠãŒã¶ãŒããå§è²ãããæš©éç¯å²ã§æäœãè¡ãããã®ãŠãŒã¶ãŒã«ãªããŸãã
ãAWS Management Consoleã
MFA(ä»èŠçŽ èªèšŒ)ã®èšå®ã«ãªããŸããèšå®æ¹æ³ã«ã€ããŠã¯åŸè¿°ããŸãã
ãVPCãéèŠ!!
VPCïŒVirtual Private CloudïŒã¯ãã¯ã©ãŠãã³ã³ãã¥ãŒãã£ã³ã°ç°å¢ã«ãããŠããŠãŒã¶ãŒãä»®æ³çãªãã©ã€ããŒããããã¯ãŒã¯ãæ§ç¯ã§ãããµãŒãã¹ã§ããVPCã䜿çšããããšã§ããŠãŒã¶ãŒã¯ã¯ã©ãŠãå ã§ãªãœãŒã¹ãè«ççã«åé¢ããã»ãã¥ãªãã£ã匷åããããšãã§ããŸãã
å®å
šãªãããã¯ãŒã¯ã®ããšã§ãã
ãã³ã·ã§ã³ãã¢ããŒãã®ãããªãã®ãšäŸãããšåãããããã§ãã
ããµãããããã¹ã¯ãéèŠ!!
ãµãããããã¹ã¯ïŒSubnet MaskïŒã¯ãIPã¢ãã¬ã¹ããããã¯ãŒã¯ãšãã¹ãã®éšåã«åå²ããããã®æ段ã§ããIPv4ã¢ãã¬ã¹ã¯32ãããã§æ§æãããŠãããéåžžã¯4ã€ã®8ãããïŒãã€ãïŒãããã¯ã«åãããŠè¡šçŸãããŸãããµãããããã¹ã¯ã¯ãããã®ãããã®ã°ã«ãŒãããããã¯ãŒã¯éšåãšãã¹ãéšåã«åãã圹å²ãæãããŸãã
ãµãããããã¹ã¯ã¯ãããã¢ãéšå±çªå·ã®ããšã§ãã
ãµãããããã¹ã¯ã«ã¯ãpublic
ãšprivate
ãªãµããããã«åããããŸãã
å ·äœçã«ã¯äžèšã§ããFEã«è§Šããããšãããæ¹ã¯éŠŽæã¿æ·±ãããã§ãã
ã¯ã©ã¹ | ç¯å² | ãããã¯ãŒã¯æ° |
---|---|---|
ã¯ã©ã¹A | 10.0.0.0 ~ 10.255.255.255 (10.0.0.0/8) | 1 |
ã¯ã©ã¹B | 172.16.0.0 ~ 172.31.255.255 (172.16.0.0/12) | 16 |
ã¯ã©ã¹C | 192.168.0.0 ~ 192.168.255.255 (192.168.0.0/16) | 256 |
ãã ãããããã®ç¯å²å€ã«ãªããšã°ããŒãã«ã¢ãã¬ã¹ãšãªã£ãŠããŸãã®ã§ã
VPCããµãããããäœæããéã®IPv4CIDRãããã¯ã¯ãäžèšã®ç¯å²å
ã§äœæããŸãããã
ãŸããAWSã§èšå®ã§ããCIDRã®æå°åäœã¯ã/28ãšãªã£ãŠããã
äŸãã°ãã¯ã©ã¹Bã§èšå®ããå Žåã172.16.10.0/29ãªã©ã¯èšå®ã§ããªãã®ã§ã泚æãïŒ
(ã€ã³ãã©çŽ 人ãïŒé±éã§WebãµãŒãã¹ã®ã€ã³ãã©ã0ããæ§ç¯ããããã«ãã£ãããšããåŒçš)
IPã¢ãã¬ã¹ãäœæããéã¯äžèšã®CIDRç¯å²å ããæç²ããããã«ããŸãããã
CIDR | ãµãããããã¹ã¯ | IPã¢ãã¬ã¹ã®æ° |
---|---|---|
/28 | 255.255.255.240 | 16 |
/27 | 255.255.255.224 | 32 |
/26 | 255.255.255.192 | 64 |
/25 | 255.255.255.128 | 128 |
/24 | 255.255.255.0 | 256 |
/23 | 255.255.254.0 | 512 |
/22 | 255.255.252.0 | 1,024 |
/21 | 255.255.248.0 | 2,048 |
/20 | 255.255.240.0 | 4,096 |
/19 | 255.255.224.0 | 8,192 |
/18 | 255.255.192.0 | 16,384 |
/17 | 255.255.128.0 | 32,768 |
/16 | 255.255.0.0 | 65,536 |
ãEC2ãéèŠïŒïŒ
Amazon Elastic Compute CloudïŒAmazon EC2ïŒã¯ãAmazon Web ServicesïŒAWSïŒãæäŸããã¯ã©ãŠãã³ã³ãã¥ãŒãã£ã³ã°ãã©ãããã©ãŒã ã®äžéšã§ããEC2ã䜿çšãããšãä»®æ³ãµãŒããŒïŒã€ã³ã¹ã¿ã³ã¹ïŒããªã³ããã³ãã§ããããžã§ãã³ã°ããèµ·åãåæ¢ãåé€ãªã©ã®æäœãè¡ãããšãã§ããŸãã
ç°¡åã«ãããšãwebãµãŒãã§ãã
ä»åã¯ã€ã³ãã©æ§æã§ã¯public
ã®ã¿ã«èšçœ®ããæ§æã§ãããprivate
é
äžã«ãèšçœ®ããæ§æã§ãå¯èœã§ãã
ãã®å Žåãpublic
ããprivate
ã«å¯ŸããŠéä¿¡ãããŸãã
public
ã¯èžã¿å°ãµãŒããšåŒã°ããŸãã
ãRoute53ããéèŠïŒïŒ
äžèšã®ãããªããã¡ã€ã³ãååŸããã®ã«äœ¿çšããŸãã
https://***.com/ â***.comã®éšåã§ãã
ãåå.comãªã©ã§ããã¡ã€ã³ååŸããããšãã§ããŸããã
ä»åã¯ç·Žç¿ãšããŠæšèšã§ååŸããŸãã
ãã以å€ã«ããäžèšã®ãããªæ©æµãåŸãããŸãã
1.ãã¡ã€ã³ç»é²æ©èœ
2.DNS ã«ãŒãã£ã³ã°æ©èœ
3.DNS ãã«ã¹ãã§ãã¯æ©èœ
ä»ã«ãALB
ãEC2
ã«çŽä»ããèšå®ãã§ããŸãã
ãALBã éèŠ!!
Application Load Balancer (ã¢ããªã±ãŒã·ã§ã³ ããŒã ãã©ã³ãµãŒ):
AWS (Amazon Web Services) ã«ãããŠã¯ããALBãã¯ãApplication Load Balancerãã®ç¥ã§ãã³ã³ãã³ãããŒã¹ã®ã«ãŒãã£ã³ã°ãè¡ãããã®ããŒããã©ã³ãµãŒãµãŒãã¹ãæããŸããããã¯ããã©ãã£ãã¯ãè€æ°ã®Amazon EC2ã€ã³ã¹ã¿ã³ã¹ãã³ã³ããã«åçã«åæ£ããããšã§ãã¢ããªã±ãŒã·ã§ã³ã®åé·æ§ãšå¯çšæ§ãåäžãããã®ã«äœ¿çšãããŸãã
EC2ã€ã³ã¹ã¿ã³ã¹(webãµãŒã)ã®è² è·åæ£ã«å¿
èŠãªãã®ã§ãã
EC2ãè€æ°ååšããå Žåã¯ãèªåçã«è² è·åæ£ã§ããŸãã
ãã以å€ã«ããRoute 53ãšçŽã¥ããèšå®ãè¡ããŸãã
以äžã§ãéèŠãªAWSã®æŠå¿µã®èª¬æã«ãªããŸãã
ããããã®åœ¹å²ã確èªã§ããããæ©éå®è£
ã«åãããããŸãããã
ãå®æœæé ã
ããããå®æœæé ã«ãªããŸãã
ãæé ã
ã»ãAWSã¢ã«ãŠã³ãäœæã
ã»ãMFAå°å
¥ã
ã»ãVPCã
ã»ããµããããã®äœæã
ã»ãpublicã®ãµããããã
ã»ãprivateã®ãµããããã
ã»ãã€ã³ã¿ãŒãããã²ãŒããŠã§ã€(IGW)ã
ã»ãEC2ã
ã»ãRDSã
ã»ãACLã
ã»ãRoute 53ã
ã»ãACMã
ãAWSã¢ã«ãŠã³ãäœæã
ãŸãã¯ãAWSã®ç»é²ãè¡ããŸããäžèšãåç §ããŠãã ããã
äœæããã«ãŒããŠãŒã¶ãŒã§ãŸãã¯æäœãè¡ããŸãã
ã«ãŒããŠãŒã¶ãŒã§ãã°ã€ã³åŸãIAMãŠãŒã¶ãŒãäœæããŸãã
ä»åã¯ãå人éçºæ³å®ãªã®ã§ã管çè
æš©éãå§è²ããŠãã¹ãŠãã¡ãã§äœæ¥ããŸãã
(æ¬æ¥ãªããå¿
èŠãªæ©èœããšã«ãŠãŒã¶ãŒãåããã®ããã¹ããã©ã¯ãã£ã¹ã ãšæãããŸã)
3.ãŠãŒã¶ãŒã®è©³çŽ°ãèšå®
4.ãŠãŒã¶ãŒã°ã«ãŒããäœæ
5.ã°ã«ãŒããè¿œå
ãadministratoraccessã
ã§æ€çŽ¢ããã°ã«ãŒãã«è¿œå ã
8.ããããŒããã«ãŒããŠãŒã¶ãŒã®regionããæ±äº¬ãã«å€æŽ
ãªããäžèšç»é¢ã§ã¢ã«ãŠã³ãIDãæ§ããŠãããŸãããã(åŸã»ã©äœ¿çšããŸãã)
ãbudgetsèšå®ã
次ã«ãbudgetsã®èšå®ãè¡ããŸãã
ãããè¡ãããšã§ã課éã®äžééé¡ãªã©ã®èšå®ããã¢ã©ãŒããåºããããã«ããŸãããã
2.ãäºç®ãäœæããã¯ãªãã¯
3.ã«ã¹ã¿ãã€ãºãéžæãããã³ã¹ãäºç®ããã¯ãªãã¯
4.äºç®ãªã©ã®èšå®ãè¡ãã
ã»ééïŒæå¥
ã»äºç®æå¹æ¥ïŒå®æäºç®
ã»éå§æ¥ïŒãã®ãŸãŸ
ã»äºç®èšå®æ¹æ³ïŒåºå®
äºç®é¡ïŒ10.00(äŸ)
ã»äºç®ã®ã¹ã³ãŒã(å
šãŠããã©ã«ã)
5.ã¢ã©ãŒã ã®èšå®ãè¡ãã(ä»åã¯ã60%ãéŸå€ãšããŸã)
ãMFAå°å ¥ã
次ã¯ãå€æ®µéèªèšŒãèšå®ããŸãã
1.IAMã®ããŒãžã«ã¢ã¯ã»ã¹ããŠå·ŠåŽã®ã¡ãã¥ãŒããŒãããŠãŒã¶ãŒ
ãéžæ
2.ãã»ãã¥ãªãã£èªèšŒæ
å ±ãã®ã¿ãããMFA ããã€ã¹ã®å²ãåœãŠ
ãéžæ
3.MFA
ã確èªãããã®ãéžæãã次ãž
QRã³ãŒãã®èªã¿åãã¯ãäžèšã®ã¢ããªã䜿çš
4.ããã€ã¹ã®èšå®ãããã¯ã³ã¿ã€ã ãã¹ã¯ãŒããããããæéµã
(â»30ç§ããšã«ã¯ã³ã¿ã€ã ãã¹ãåãæ¿ããã®ã§ãé£ç¶ãããã¹ãæéµããŠãã ããã)
5.MFAã«äœæã§ããŠããã°å®äºã§ãã
6.次åããIAMãŠãŒã¶ãŒã®ãã°ã€ã³æã«ã¯ã³ã¿ã€ã ãã¹ã§ãã°ã€ã³ãå¶åŸ¡ããŸãã
ä»åã§ã¯ãã«ãŒããŠãŒã¶ãŒã§ã®äœæ¥ã¯ãããŸã§ã«ãªããŸãã
ãã®ä»ãAWSå
¬åŒã§ã¯èšå®ãæšå¥šããŠãããã®ãªã©èšå®ãããå Žåã¯äžèšããåç
§ãã ããã
IAMãŠãŒã¶ãŒã«åãæ¿ããŸãããã
ãVPCã
ãããããããã€ãè¡ãããã®ã詳现èšå®ã«ãªããŸãã
ãŸãã¯ãVPCãäœæããŸãããã
1.VPCãæ€çŽ¢ããVPCãã¯ãªãã¯ã
2.VPCãäœæãã¯ãªãã¯ã
ããã§ãVPCã®ç»é²ãè¡ããŸãã
ä»åã¯ããããã€çšã«productionã®ã¿ã®æ§æã«ããŸãã
ç°å¢ | IP |
---|---|
production | 10.0.0.0/16 |
staging | 10.1.0.0/16 |
development | 10.2.0.0/16 |
3.VPCã®èšå®
IPv4 CIDR: 10.0.0.0/16
ããµããããã®äœæã
次ã«ãµããããã®äœæãè¡ããŸãã
publicãµããããã®èšå®
1.publicã®ãµãããããçæããŸãã
2.ãµããããã®äœæãã¯ãªãã¯ã
3.ãµãããããäœæããã
ã»ååãpublic-subnet-1a-prodãã®ãããªpublicãšãããåœåã§ç»é²ã
IPv4ã®ã10.0.1.0/24ããèšå®ãããã®ä»ã¯ç»é¢éãã
privateãµããããã®äœæ
4.publicãšåæ§ã®æé ã§ïŒã3ãäœæ
åœåèŠåããprivate-subnet-1a-prodãã®ãããªpublicãšãããåœåã§ç»é²ã
CIDRã®èšå®ãã10.0.2.0/24ããšpublicãšåããããã«ããŸãããã
5.äžèšã®ããã«ãªããŸãã
6.RDSã§2ã€ã®AZãæ±ããããã®ã§ã倧éªãªãŒãžã§ã³ã§ãpublic
ãšprivate
ãäœæããŠãããŸãããã
(â»ALBçšã®ãµããããã¯åŸã§äœæããŸãã)
ãIGWã®èšå®ã
次ã«ãã€ã³ã¿ãŒãããã²ãŒããŠã§ã€(以äžãIGWãšç¥)ã®èšå®ãããŸãã
ã€ã³ã¿ãŒãããã²ãŒããŠã§ã€ïŒInternet GatewayïŒã¯ãAmazon Virtual Private CloudïŒAmazon VPCïŒå ã®ãªãœãŒã¹ã«ã€ã³ã¿ãŒããããžã®ã¢ã¯ã»ã¹ãæäŸããããã®AWSãµãŒãã¹ã§ããã€ã³ã¿ãŒãããã²ãŒããŠã§ã€ã¯ãVPCå ã®ãããªãã¯ãµãããããšé£æºããŠãå€éšããã®ãã©ãã£ãã¯ã®éåä¿¡ãå¯èœã«ããŸãã
èŠã¯ãpublicãµãããã
ã«ã€ã³ã¿ãŒãããåç·ãæã£ãŠããŠãããèšå®ã§ããããèšå®ããããšã§ãããæ¥ç¶ã§ããããã«ãªããŸãã(ç³ã®ãããªãã®ã ãšæã£ãŠãã ããã)
4.äœæåŸã«ãVPCã«ã¢ã¿ããããã
5.äœææžã¿ã®VPCãéžæããã¢ã¿ãã
ä»®ã«private
ãµãããããããããã¢ã¯ã»ã¹ãè¡ãå ŽåãNATã²ãŒããŠã§ã€
ãèšå®ããŸãããã
æ¬ã¢ããªã§ã®èšå®ã¯ãããŸã§ã«ãªããŸãã®ã§çç¥ããããŸãã
å称 | ã€ã³ã¿ãŒãããæ¥ç¶å¯Ÿè±¡ã®ãµãããã | IPã¢ãã¬ã¹ã®å€ææ¹æ³ | èš±å¯ãããéä¿¡æ¹å |
---|---|---|---|
ã€ã³ã¿ãŒãããã²ãŒããŠã§ã€ | ãããªãã¯ãµãããã | NAT | å€åããå åã |
NATã²ãŒããŠã§ã€ | ãã©ã€ããŒããµãããã | NAPT | å€åãã®ã¿ |
ãã«ãŒãã°ã«ãŒãã
ã«ãŒãããŒãã«ãšã¯ããµããããããå€ã«åºãéä¿¡ãã©ãã«åããŠçºä¿¡ãããã«ãŒã«
ã«ãªããŸããåºæ¬çã«ã¯äžèšã®ãããªæ§æã«ãªããŸãã
publicãµããããã®æ§æèŠçŽ
éä¿¡å | ã¿ãŒã²ãã |
---|---|
10.0.0.0/21 | local |
0.0.0.0/0 | Internet gateway |
1.ã«ãŒãã°ã«ãŒãã§æ€çŽ¢
2.ãµã€ãããŒãããã«ãŒãããŒãã«ããéžæããŸãã
3.æ¢åã®ã«ãŒããããã«ãŒããç·šéããã¯ãªãã¯ã
4.äžèšãèšå®
ã»éä¿¡å
ãã0.0.0.0ã
ã»ã¿ãŒã²ããããå
ã»ã©èšå®ããIGWã«èšå®ããã
5.ã«ãŒãããŒãã«âïžãµãããããžã®çŽä»ã
6.ãé¢é£ä»ããä¿åããpublic
ã§è¡ã
privateãµããããã®æ§æèŠçŽ
éä¿¡å | ã¿ãŒã²ãã |
---|---|
10.0.0.0/21 | local |
7.private
ãåæ§ã«ã«ãŒãããŒãã«ãäœæããã
8.private
ãµããããã®é¢é£ä»ããäœæããã
9.private
ã®é¢é£ä»ããä¿åããã
10.2ã€ã®é¢é£ä»ããäžèšã®ããã«ãªã£ãŠããã°åé¡ãªãã§ãïŒ
ãã»ãã¥ãªãã£ã°ã«ãŒãã®äœæã
次ã¯ãã»ãã¥ãªãã£ãŒã°ã«ãŒããäœæããŸãã
äž»ã«éä¿¡ãå¶åŸ¡ããFWæ©èœã»ã€ã³ã¹ã¿ã³ã¹ã®ã¢ã¯ã»ã¹èš±å¯ãå¶åŸ¡ãªã©ã®åœ¹å²ãæãããŸãã
ä»åã¯ãEC2ãšRDSã®ã»ãã¥ãªãã£ã°ã«ãŒããäœæããŸãã
ã»ãã¥ãªãã£ã°ã«ãŒãã®æŠèŠ
åœ¹å² | å称 | èš±å¯ããŒã | ã¢ã¯ã»ã¹å |
---|---|---|---|
ããŒããã©ã³ãµãŒ | web-system-alb-sg | HTTPS(443çªããŒã) | ã©ãããã§ãèš±å¯ |
èžã¿å°ãµãŒã㌠| web-system-bastion-sg | SSH(22çªããŒã) | èªåã®ã°ããŒãã«IPã¢ãã¬ã¹ |
WEBãµãŒã㌠| web-system-sg | HTTP(80çªããŒã) | ããŒããã©ã³ãµãŒããã®ã¿ |
WEBãµãŒã㌠| web-system-sg | SSH(22çªããŒã) | èžã¿å°ãµãŒããŒããã®ã¿ |
ãEC2ã®ã»ãã¥ãªãã£ã°ã«ãŒããäœæã
1.VPCã®ã»ãã¥ãªãã£ã°ã«ãŒããéžæ
ïŒ.ã»ãã¥ãªãã£ã°ã«ãŒããäœæ
3.äžèšã®ããã«ç·šé
ã»VPCïŒããã©ã«ãVPCã䜿çš
ã»ã€ã³ããŠã³ãã«ãŒã«ïŒ
- 1ã€ç®
ã»ã¿ã€ãïŒHTTP
ã»ãœãŒã¹ïŒAnywher IPv4 0.0.0.0/0
- 2ã€ç®
ã»ã¿ã€ãïŒSSH
ã»ãœãŒã¹ïŒAnywher IPv4 0.0.0.0/0
ã»ã¢ãŠãããŠã³ãã«ãŒã«ïŒãã®ãŸãŸ
ã»ã¿ã°ãäžèŠ
4.EC2ã®ã»ãã¥ãªãã£ã°ã«ãŒããã§ããããšã確èªã(httpséä¿¡çšã¯åŸã§èšå®ããã)
ãRDSçšã®ã»ãã¥ãªãã£ã°ã«ãŒããäœæã
5.RDSçšã®ã»ãã¥ãªãã£ã°ã«ãŒããèšè¿°ããŠããã
ã»ã»ãã¥ãªãã£ã°ã«ãŒã:db-sg
ã»èª¬æ:db-sg
ã»VPCïŒäœæããç©
ã»ã€ã³ããŠã³ãã«ãŒã«
ãã¿ã€ã:䜿çšããDBãéžæ
ãœãŒã¹:ã«ã¹ã¿ã
å
ã»ã©äœæããã»ãã¥ãªãã£ã°ã«ãŒããäœæ
ã»ã¢ãŠãããŠã³ãã«ãŒã«ïŒãã®ãŸãŸ
ã»ã¿ã°ãäžèŠ
6.äžèšã®ããã«ã»ãã¥ãªãã£ã°ã«ãŒããããããäœæã§ããããšã確èªã
ããšã³ããã€ã³ãã®äœæã
ãšã³ããã€ã³ãã®èšå®ã§ãã
privateãµãããã
ãããS3ãªã©ã«ã¢ã¯ã»ã¹ããããã«èšå®ãããã®ã«ãªããŸãã
éžæãééãããšã課éãããŠããŸããŸãã
ãªã³ãã¬ä»¥å€ã¯ãgatewayã®ã¿ã€ããéžã³ãŸãããã
ç¹åŸŽ | ã€ã³ã¿ãŒãã§ã€ã¹å | ã²ãŒããŠã§ã€å |
---|---|---|
çµè·¯ | awsãããã¯ãŒã¯çµç± | awsãããã¯ãŒã¯çµç± |
ãªã³ãã¬ç°å¢ããã®äœ¿çšâ»1 | å¯èœ | äžå¯ |
ãã¢ãªã³ã°å ããã®äœ¿çšâ»1 | å¯èœ | äžå¯ |
æé | ææ | ç¡æ |
䜿çšãããIPã¢ãã¬ã¹â»2 | ãã©ã€ããŒãIP | ãããªãã¯IP |
ã¢ã¯ã»ã¹å¶é | SG+ãšã³ããã€ã³ãããªã·ãŒ | ãšã³ããã€ã³ãããªã·ãŒ |
ã¢ã¯ã»ã¹æ¹æ³â»3 | ãšã³ããã€ã³ãã®DNSåãè¿œå ã§äœ¿çš | S3ã®Uriã®ã¿ã§å¯ |
äœææã®çŽä»ã察象 | ãµãããã | ã«ãŒãããŒãã« |
1.ããšã³ããã€ã³ãããéžæ
2.ããšã³ããã€ã³ããäœæããéžæ
3.äžèšã®ããã«éžæã
ã»VPCïŒããã©ã«ãVPCãéžæ
ã»ãµãŒãã¹ã«ããŽãªïŒãAWSã®ãµãŒãã¹ããéžæ
ã»ãµãŒãã¹ïŒãcom.amazonaws.ap-northeast-1.s3ããéžæ
ã»VPCïŒããã©ã«ãVPCãéžæ
ã»ã¢ãã€ã©ããªãã£ãŒãŸãŒã³ïŒãap-northeast-1aããéžæ
ã»ãµããããïŒ
ã»ã¢ãã€ã©ããªãã£ãŒãŸãŒã³ïŒap-northeast-1a
ã»ãµããããIDïŒprivateãµããããã®ãã®ãéžæ
ã»IPã¢ãã¬ã¹ã¿ã€ãïŒIPv4
ã»ã»ãã¥ãªãã£ã°ã«ãŒãïŒå
ã«äœæããã»ãã¥ãªãã£ã°ã«ãŒããéžæ
ã»ããªã·ãŒïŒãã«ã¢ã¯ã»ã¹
ã»ã«ãŒãããŒãã«ïŒ å
ã»ã©äœæããprivateãªã«ãŒãããŒãã«
4.å®äºããå Žåããã®ããã«ãªããŸãïŒ
â»ã¡ãªã¿ã«ãprivate
ã«ãŒãããŒãã«ã§çŽä»ããè¡ããªãå Žåã¯ErrorãçºçããŸãã
ãã®å ŽåãDNSãæå¹åã«ããèšå®ãå¿
èŠã§ãã
ããã§ç·šéåŸã«å床ãå®è¡ã
ç¡äºãäœæåºæ¥ãŸããïŒïŒðð(åºæ¬ã¯ã»ãã¥ãªãã£äžãåè
ã®å¯Ÿå¿ãè¯ããããªæ°ãããŸãã)
ãRDSã
ãã»ãã¥ãªãã£ã®èšå®ã
1.äœæããã»ãã¥ãªãã£ã°ã«ãŒããããµããããã°ã«ãŒãã«çŽä»ããè¡ãã
2.ãDBãµããããã°ã«ãŒããäœæããã¯ãªãã¯ã
5.äžèšAZã«å¯Ÿå¿ããprivate-subnet
ãçŽã¥ããã
6.äžèšã®ããã«äœæãããããšã確èªã
ãKMSã®èšå®ã
DBã®åŸ©å ãªã©ãè¡ãèšå®ã§ãã
1.ããŒã®äœæãã¯ãªãã¯ã
2.äžèšã®ããã«ãªã£ãŠããããšã確èªããã次ãžããã¯ãªãã¯ã
3.ã©ãã«ãè¿œå ã«ãŠãäžèšãåç
§ããå€æŽã
4.ããŒã¢ã¯ã»ã¹èš±å¯ãIAMãŠãŒã¶ãŒã«çŽã¥ããã
5.ããŒã®äœ¿çšæ³ã¢ã¯ã»ã¹èš±å¯ãå®çŸ©
6.èšå®å
容ã確èªããåé¡ãªããã°äœæã
7.äœæã§ããããšã確èªã(RDSäœæã§äœ¿çšããŸãã)
ãããŒã¿ããŒã¹ã®äœæã
1.ãããŒã¿ããŒã¹ãäœæããããéžæã
2.ããŒã¿ããŒã¹ã®å
容ã现ããèšå®ã
(äžèšåç
§ããã ããããŒãçªå·ãªã©å¿
èŠé
ç®ã¯èŠä»¶ã«åãããŠãã ããã)
â»å¿µã®çºãæŠç®ã³ã¹ããªã©ã¯ç¢ºèªããŠãããŸãããã(ä»åã¯ã³ã¹ãèšèŒæŠèŠãæºãããããåé¡ãªãã§ãã)
äœæããããŸã§ãå°ããåŸ
ã¡ããŠãããŸãããã
ã§ããŸããïŒïŒ
ãEC2ã
1.EC2ãšæéµåŸãã€ã³ã¹ã¿ã³ã¹ãéžæ
2.ãã€ã³ã¹ã¿ã³ã¹ã®èµ·åããéžæ
ã»ååãåãããããåœåèŠåã
ã»OSãAmazon Linux 2 AMI (HVM) - Kernel 5.10, SSD Volume Type(64ããã x86)ã
ã»ã€ã³ã¹ã¿ã³ã¹ã¿ã€ããt2.microã
ã»VPCãããã©ã«ãå€ã
ã»ãµãããããpublicãæå®ã
ã»ã»ãã¥ãªãã£ã°ã«ãŒã:å
ã»ã©èšå®ããã°ã«ãŒããæå®ã
ã»ãã®ä»ã¯ããã©ã«ãã®ãŸãŸ
3.äžèšã®ããã«åºæ¥ããäœæã
ããŒãã¢ã®äœæã¯å¿ããªãããã«ããŸãããïŒ
4.EC2ãšRDSã®çŽä»ããè¡ãã
5.çŽä»ããã§ãããšäžèšã®ç»é¢ã«ãªããŸãã
ãElastic IPã¢ãã¬ã¹ã
1.Elastic IPãéžæããã
3.ãã®ãŸãŸå²ãåœãŠãè¡ã
4.äœæåŸã«ãIPã®å²ãåœãŠãè¡ã(ElasticIPã¢ãã¬ã¹ã¯æ§ããŠãããŸãããã)
5.å
ã»ã©èµ·åããã€ã³ã¹ã¿ã³ã¹ãéžæ
ãRoute 53ã
éåžžã¯ããåå.comãªã©æ Œå®ã®ãµã€ãã§ååŸãã¹ãã§ãããä»åã¯ããã¡ãã®æ¹æ³ã§ååŸããŸãã
2.䜿çšå¯èœã§ããã°ããã®ãŸãŸé²ããŸãããã
â»ãã ãããã¡ã€ã³åã«ãã£ãŠå€æ®µãäžäžããã®ã§æ¯èŒããŠæ€èšããŠãã ããã
3.ããã§ãã¯ã¢ãŠãã«é²ãããã¯ãªãã¯ã
4.ã次ãžããã¯ãªãã¯ã
5.å人æ
å ±ãç»é²ãã次ã®ããã«äœæã
6.äœæãããããšã確èªããŸãã
ãS3ãã®èšå®
S3ã¯å¥èšäºã§çŽ¹ä»ããŠãããŸãã®ã§ãäžèšããåç
§ãã ããã
ãã ããäžèšèšäºã¯Railsã®åçä¿åã®å
容ã§ãã®ã§ããã°éé¿ã®èšå®ã¯ãèªèº«ã§èª¿æ»ãé¡ãããŸãã
ããããã€åæºåã
ãåŸ ããããŸããïŒãããããããã€ã§ãã
1.EC2ã§äœæããpemããŒã.ssh
çŽäžã«å
ã»ã©ååŸããããŒãèšå®ããã
2.äžèšãã³ããŒããã¿ãŒããã«ã§å®è¡ã(ã€ã³ã¹ã¿ã³ã¹ã®æš©éãèš±å¯ã»å®è¡ããã)
3.äžèšçšŒå確èªãè¡ã
â» ãããã®ãããªå Žåãããã
äžèšã®èšå®ãè¡ã£ãŠãã ããã
äžèšã®ããã«ãªãã°ãã°ã€ã³ã§ããŠãŸãã
xxx .ssh % ssh -i "xxxx.pem" xxxxx.xxxx.xxx.xx.xx.amazonaws.com
Last login: xxxxxxxxxxxxx
, #_
~\_ ####_ Amazon Linux 2
~~ \_#####\
~~ \###| AL2 End of Life is 2025-06-30.
~~ \#/ ___
~~ V~' '->
~~~ / A newer version of Amazon Linux is available!
~~._. _/
_/ _/ Amazon Linux 2023, GA and supported until 2028-03-15.
_/m/' https://aws.amazon.com/linux/amazon-linux-2023/
EC2ç°å¢ã®èšå®
ããã±ãŒãžã®ã¢ããããŒããè¡ãã
$ sudo yum -y update #ããã±ãŒãžã®ã¢ããããŒã
yumããã±ãŒãžã®ã€ã³ã¹ããŒã«ãè¡ãã
(äžèšã¯ãMySQLã®ã³ãã³ããå¥ã§postgersãçšæããŸãã)
$ sudo yum -y install \
git make gcc-c++ patch curl \
openssl-devel \
libcurl-devel libyaml-devel libffi-devel libicu-devel \
libxml2 libxslt libxml2-devel libxslt-devel \
zlib-devel readline-devel \
mysql mysql-server mysql-devel \
ImageMagick ImageMagick-devel \
epel-release
Node.jsãã€ã³ã¹ããŒã«ããããã®ãªããžããªãèšå®ããã¹ã¯ãªãããå®è¡ã
$ curl -sL https://rpm.nodesource.com/setup_19.x | sudo bash -
å ã»ã©åç §ã§ããããèšå®ãããªããžããªãã¡ã€ã«ããNode.jsãã€ã³ã¹ããŒã«
$ sudo yum install -y https://rpm.nodesource.com/pub_14.x/el/7/x86_64/nodesource-release-el7-1.noarch.rpm
Nodeã®çŽ°ããèšå®ãªã©ããã
$ sudo yum install -y gcc-c++ make #éçºããŒã«ãã³ã³ãã€ã©ãªã©ãã€ã³ã¹ããŒã«
$ curl -sL https://rpm.nodesource.com/setup_14.x | sudo -E bash - # Node.jsãã€ã³ã¹ããŒã«ããããã®ãªããžããªã®èšå®ã¹ã¯ãªãããããŠã³ããŒã
$ sudo yum install -y nodejs # Node.jsæ¬äœãã€ã³ã¹ããŒã«ããããã®ã³ãã³ã
$ which node # downloadå Žæã確èª
âäžèšã§ã衚瀺ãããã°ã€ã³ã¹ããŒã«å®äºã
Yarnã®å Žå
$ curl -sL https://dl.yarnpkg.com/rpm/yarn.repo | sudo tee /etc/yum.repos.d/yarn.repo # Yarnãã€ã³ã¹ããŒã«ããã®ãªããžããª
Yarnãç°å¢ã«ã€ã³ã¹ããŒã«
$ sudo yum -y install yarn # Yarnãã€ã³ã¹ããŒã«
Rubyã®buildäœæ¥
[ec2-user@ip... ~]$ git clone https://github.com/sstephenson/rbenv.git ~/.rbenv
[ec2-user@ip... ~]$ echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bash_profile
[ec2-user@ip... ~]$ echo 'eval "$(rbenv init -)"' >> ~/.bash_profile
[ec2-user@ip... ~]$ source ~/.bash_profile
äžèšãå®è¡ã
# ruby-buildã€ã³ã¹ããŒã«ããŠrubyãã€ã³ã¹ããŒã«
[ec2-user@ip... ~]$ git clone https://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
[ec2-user@ip... ~]$ rbenv install -v 3.1.4 #ãšãã§ããªãé·ãã§ãããã£ãŒãã¬ã€ã¯ããŸããããããã
[ec2-user@ip... ~]$ rbenv global 3.1.4
[ec2-user@ip... ~]$ rbenv rehash
[ec2-user@ip... ~]$ ruby -v
ruby 3.1.4p223 (2023-03-30 revision 957bb7cb81) [x86_64-linux]
èªèº«ã®ã¬ããžããªã®çŽä»ããè¡ã
[ec2-user@ip... ~]$ ssh-keygen -t rsa
äžèšã®ã³ãã³ãå®è¡åŸã空ãšã³ã¿ãŒãæŒããŠå®è¡ããã
=begin
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ec2-user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ec2-user/.ssh/id_rsa.
Your public key has been saved in /home/ec2-user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:YL6LzJmOgIQh+Qcyb+1GjjRF8PMPEAjLIM590RVPHQU ec2-user@ip-10-0-1-192.ap-northeast-1.compute.internal
The key's randomart image is:
+---[RSA 2048]----+
以äžãç¥ã
+----[SHA256]-----+
=end
çºè¡ããå ¬ééµãååŸã
cd .ssh
cat id_rsa.pub #衚瀺ãããå
容ãã³ããŒ
SSHããŒãšããŠç»é²ããã
Githubãšé£æºã
[ec2-user@ip... ~]$ ssh -T git@github.com
# äžèšã¡ãã»ãŒãžãåºããyesãå
¥åãã
Are you sure you want to continue connecting (yes/no)? # yes
# Hi! Githubã¢ã«ãŠã³ãå!!ãåºãã°å®äºã
ã¢ããªã§ã®èšå®
database.yml
ãã¡ã€ã«ã§äžèšèšè¿°ãè¿œå ããã
default: &default
# adapter: postgresql
# encoding: unicode
# username: user
# password: pass
# pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
host: <%= Rails.application.credentials.production[:MYAPP_DATABASE_HOST] %>
production:
<<: *default
database: <%= Rails.application.credentials.production[:MYAPP_DATABASE_NAME] %>
username: <%= Rails.application.credentials.production[:MYAPP_DATABASE_USERNAME] %>
password: <%= Rails.application.credentials.production[:MYAPP_DATABASE_PASSWORD] %>
credential.ymlãéãã
EDITOR="vim" rails credentials:edit
credential.ymlãäžèšã®ããã«ç·šéããã
MYAPP_DATABASE_HOST: "AWSã®DBã®ãã¹ãå"
MYAPP_DATABASE_NAME: "database-1"
MYAPP_DATABASE_USERNAME: "postgres"
MYAPP_DATABASE_PASSWORD: "èªèº«ã§èšå®ããpassword"
AWSã®DBã¯äžèšããã³ããããŸãããã
ECç°å¢ã«postgresã®ã€ã³ã¹ããŒã«
sudo yum install postgresql-libs
sudo yum install postgresql-devel
âšpsql --version
âpsql (PostgreSQL) 12.15ãã®ããã«è¡šç€ºãããã°OK
GithubãœãŒã¹ã®æ ŒçŽ
[ec2-user@ip... ~]$ cd /
[ec2-user@ip... /]$ sudo mkdir /var/www/
[ec2-user@ip... /]$ sudo chown ec2-user /var/www/
[ec2-user@ip... /]$ cd /var/www
[ec2-user@ip... www]$ git clone ã¯ããŒã³ããã¬ããžããªå
config/master.keyã®èšå®
cd /ã¢ããªå
vim config/master.key
ããŒã«ã«ã®master.keyã®å€ãå
¥åã»ä¿å
bundleæºå
[ec2-user@ip... `ã¢ããªå`]$ gem list bundler #bundlerã®ver確èª
***LOCAL GEMS***
bundler (default: 2.3.17)
bundle install
[ec2-user@ip... `ã¢ããªå`]$ gem install bundler `ããŒã«ã«ãšåãããŒãžã§ã³`
[ec2-user@ip... `ã¢ããªå`]$ bundle install
# Erroræã«ã¯ãlocalç°å¢ã§ç·šéããpushåŸã«å床pullããŸãããã
äžèšã®ãããªãšã©ãŒãçºçããå Žåã¯ãèšäºããåç §ãã ããã
An error occurred while installing pg (1.5.4), and Bundler cannot continue.
In Gemfile:
pg
ãã€ã°ã¬ãŒã·ã§ã³
# DBãäœæ
[ec2-user@ip... `ã¢ããªå`]$ rails db:create RAILS_ENV=production
# ããŒãã«äœæ
[ec2-user@ip... `ã¢ããªå`]$ rails db:migrate RAILS_ENV=production
Nginxã®ã€ã³ã¹ããŒã«
è² è·åæ£ãè¡ãããã«ãå°å ¥ããŸãã
[ec2-user@ip... ~]$ sudo amazon-linux-extras install nginx1 #installèšå®ã
Elastic IPã¢ãã¬ã¹ãã¢ãã¬ã¹ããŒã«æéµãããµã€ãã衚瀺ããããæåã
Nginxã®èšå®ãè¡ãã
[ec2-user@ip... ~]$ cd /etc/nginx/conf.d
[ec2-user@ip... conf.d]$ sudo vi aws-test-infra.conf
confå ã®èšå®ãããã(log管ççš)
error_log /var/www/ã¢ããªå/log/nginx.error.log;
access_log /var/www/ã¢ããªå/log/nginx.access.log;
client_max_body_size 2G;
upstream aws-test-app {
server unix:///var/www/ã¢ããªå/tmp/sockets/puma.sock fail_timeout=0;
}
server {
listen 80;
server_name xxx.xxx.xxx.xxx; # äœæããEC2ã® ElasticIPã¢ãã¬ã¹ã
keepalive_timeout 5;
root /var/www/ã¢ããªå/public;
try_files $uri/index.html $uri.html $uri @app;
location @app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://aws-test-app;
}
error_page 500 502 503 504 /500.html;
location = /500.html {
root /var/www/ã¢ããªå/public;
}
}
PumaãµãŒããæ¬çªç°å¢ã§äœ¿çšã§ããããã«èšå®ã
environment "production"
tmp_path = "#{File.expand_path("../../..", __FILE__)}/tmp"
bind "unix://#{tmp_path}/sockets/puma.sock"
threads 3, 3
workers 2
preload_app!
pidfile "#{tmp_path}/pids/puma.pid"
# stdout_redirect "#{tmp_path}/logs/puma.stdout.log", "#{tmp_path}/logs/puma.stderr.log", true
plugin :tmp_restart
ã¢ããªã®å®è¡ã
[ec2-user@ip... ~]$ cd /var/www/ã¢ããªå/
[ec2-user@ip... ã¢ããªå]$ RAILS_ENV=production rails assets:precompile
[ec2-user@ip... ã¢ããªå]$ bundle exec puma -C config/puma/production.rb -e production
Nginxã®ã¹ã¿ãŒã
[ec2-user@ip... ã¢ããªå]$ sudo nginx -s stop #åæ ããããããäžæåæ¢
[ec2-user@ip... ã¢ããªå]$ sudo service nginx startã#ã¹ã¿ãŒã
ãããŸã§ããã皌å確èªããŸããElasticIP
ãæéµããäžèšã®ããã«ãªãã°æåã§ãã
â» 2åç®ä»¥éã®ãã°ã€ã³ã§ãsocketãå²ãåœãŠãããŠããå ŽåãäžèšæéµåŸã«ãç«ã¡äžãçŽããŠãã ããã
rm /var/www/aws_test_app/tmp/sockets/puma.sock
ãRoute53ã
Aã¬ã³ãŒããäœæããElasticIPã¢ãã¬ã¹
ãšçŽä»ããè¡ããŸãã
1.DNSã®çŽä»ããè¡ã
2.IPã¢ãã¬ã¹ãçŽã¥ããã
Aã¬ã³ãŒããäœæåŸããã°ããåŸ
ã£ãŠããç«ã¡äžãçŽããšDNSã§ãã°ã€ã³ã§ããããã«ãªããŸãã
ãCMã
SSHåãè¡ãããã®èšŒææžãããã§çºè¡ããŸãã
ALBã䜿çšããå Žåã¯ãç¡æã«ãªããŸãã(ALBã¯ææã§ããããã)
2.蚌ææžãçºè¡æžã¿ã«ãªãã®ã確èªã
3.ãã¬ã³ãŒãã®äœæããã¯ãªãã¯ã
ãALBã
1.ALBã®ã»ãã¥ãªãã£ã°ã«ãŒããäœæã
2.EC2ã®ã»ãã¥ãªãã£ã°ã«ãŒããç·šéã(ALBçµç±ã®ã¿ã«çµãã)
2.EC2ããããŒããã©ã³ãµãŒãéžæã
3.ãALBããäœæãäžèšåç
§ã
ãALBãšRoute53ã®çŽä»ãã
1.å
ã»ã©ãElasticIPã¢ãã¬ã¹
ã§äœæããã¬ã³ãŒããå€æŽããŸãã
ç«ã¡äžãçŽããŠSSHåã§ããŠããã°åé¡ãªãã§ãïŒïŒ(蚌ææžãåé¡ãªãã§ããïŒ)
ãWAFv2ã®èšå®ã
DNSã§ã¯ããã°ã€ã³ã§ããŸããããIPã¢ãã¬ã¹çŽæã¡ã®å Žåãhttpéä¿¡ã®ãŸãŸã«ãªããŸãã
ãã®ãããäžèšã§ãregexã®ãã¿ãŒã³ãããã§å¯ŸçããŸãããã
(æ¬èšäºã§ã¯å²æãããŠããã ããŸãã)
ãçµããã«ã
ãããŸã§èªãã§ãã ãããããããšãããããŸããã
AWSã§ã®ãããã€ãéããŠãæ§ã
ãªåšèŸºç¥èã身ã«ã€ãããšæããŸãã
AWSã®ç¡ææéå
ã§çµéšããããšæããæ¬èšäºãäœæããªãããã³ãºãªã³ããŸããã
ããŒã¿åæãªã©çªãè©°ããã°ããããªããšãã§ãããã§ãããå人éçºã¬ãã«ã§ã¯ãã®èšäºã¬ãã«ã®ããšãæŒãããŠããã°ãããããªããšæããŸãã(CloudFontã¯ãµãããã£ãã§ããããã)
ãŸãã泚æã§ã觊ããã®ã§ãããä»å䜿çšãããã®ã¯ãçä»ãããŠãããŸãããã
䜿çšããŠããªããŠãã課éãããŠããŸããŸãïŒïŒ
é¢é£ä»ããªã©è§£é€ããªããäžå¯§ã«ãçä»ãããŠäžããã
(â»VPCãªã©èª²éãããªããã®ããããŸãããäžå®ãªæ¹ã¯å
šãŠåé€ããŠãããŸãããã)
ãåŒçšã