This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
2013年年CloudFormationのアップデート
201327bull Amazon S3 と Amazon RDSのタグ付けが可能に
2013220bull EBS-‐‑‒Optimized EC2インスタンスのプロビジョニングbull Auto Scaling Groupのローリングデプロイbull スタックアップデートのキャンセル
2013812bull 並列列スタック処理理とネストされたスタックの更更新の追加
2013917bull 追加のVPCサポートと新テンプレート
20131014bull フェデレーテッドユーザーおよび一時的なセキュリティ認証情報が利利用可能に
2
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationの概要
4
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック
AWS CloudFormationのイメージ
S3
CloudWatch
Elastic Load Balancing
EC2 EC2Auto Scaling
SNS
テンプレート
CloudFormation
テンプレートに基づき各サービスが起動
6
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
利利用料料金金
CloudFormationの利利用自体は無料料
テンプレートに従って構築された各AWSサービスに対して課金金
8
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSの構築デプロイ自動化サービスの中での位置づけ
Elastic Beanstalk OpsWorks CloudFormation
フレキシビリティ
導入の容易易さ
9
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック
11
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック構築方法 AWS Management Consoleから構築 コマンドラインツール
bull AWS Command Line Toolbull httpawsamazoncomcli
各種SDKbull Java httpawsamazoncomjpsdkforjavabull NET httpawsamazoncomjpsdkfornetbull PHP httpawsamazoncomjpsdkforphpbull Ruby httpdocsawsamazoncomAWSSdkDocsRubylatestDeveloperGuideruby-‐‑‒dg-‐‑‒setuphtml
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒1
16
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒2
スタックの名称
サンプルテンプレート
ローカルファイルのemsp テンプレート
テンプレートファイルURL(同一リージョンのS3上)
いずれか
17
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
各種パラメータの入力力(後で説明)
AWS Management Consoleから構築-‐‑‒3
18
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒4
リソースにタグ付け
19
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒5
20
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒6
スタックのコスト見見積もり
21
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
2013年年CloudFormationのアップデート
201327bull Amazon S3 と Amazon RDSのタグ付けが可能に
2013220bull EBS-‐‑‒Optimized EC2インスタンスのプロビジョニングbull Auto Scaling Groupのローリングデプロイbull スタックアップデートのキャンセル
2013812bull 並列列スタック処理理とネストされたスタックの更更新の追加
2013917bull 追加のVPCサポートと新テンプレート
20131014bull フェデレーテッドユーザーおよび一時的なセキュリティ認証情報が利利用可能に
2
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationの概要
4
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック
AWS CloudFormationのイメージ
S3
CloudWatch
Elastic Load Balancing
EC2 EC2Auto Scaling
SNS
テンプレート
CloudFormation
テンプレートに基づき各サービスが起動
6
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
利利用料料金金
CloudFormationの利利用自体は無料料
テンプレートに従って構築された各AWSサービスに対して課金金
8
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSの構築デプロイ自動化サービスの中での位置づけ
Elastic Beanstalk OpsWorks CloudFormation
フレキシビリティ
導入の容易易さ
9
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック
11
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック構築方法 AWS Management Consoleから構築 コマンドラインツール
bull AWS Command Line Toolbull httpawsamazoncomcli
各種SDKbull Java httpawsamazoncomjpsdkforjavabull NET httpawsamazoncomjpsdkfornetbull PHP httpawsamazoncomjpsdkforphpbull Ruby httpdocsawsamazoncomAWSSdkDocsRubylatestDeveloperGuideruby-‐‑‒dg-‐‑‒setuphtml
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒1
16
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒2
スタックの名称
サンプルテンプレート
ローカルファイルのemsp テンプレート
テンプレートファイルURL(同一リージョンのS3上)
いずれか
17
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
各種パラメータの入力力(後で説明)
AWS Management Consoleから構築-‐‑‒3
18
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒4
リソースにタグ付け
19
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒5
20
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒6
スタックのコスト見見積もり
21
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationの概要
4
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック
AWS CloudFormationのイメージ
S3
CloudWatch
Elastic Load Balancing
EC2 EC2Auto Scaling
SNS
テンプレート
CloudFormation
テンプレートに基づき各サービスが起動
6
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
利利用料料金金
CloudFormationの利利用自体は無料料
テンプレートに従って構築された各AWSサービスに対して課金金
8
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSの構築デプロイ自動化サービスの中での位置づけ
Elastic Beanstalk OpsWorks CloudFormation
フレキシビリティ
導入の容易易さ
9
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック
11
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック構築方法 AWS Management Consoleから構築 コマンドラインツール
bull AWS Command Line Toolbull httpawsamazoncomcli
各種SDKbull Java httpawsamazoncomjpsdkforjavabull NET httpawsamazoncomjpsdkfornetbull PHP httpawsamazoncomjpsdkforphpbull Ruby httpdocsawsamazoncomAWSSdkDocsRubylatestDeveloperGuideruby-‐‑‒dg-‐‑‒setuphtml
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒1
16
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒2
スタックの名称
サンプルテンプレート
ローカルファイルのemsp テンプレート
テンプレートファイルURL(同一リージョンのS3上)
いずれか
17
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
各種パラメータの入力力(後で説明)
AWS Management Consoleから構築-‐‑‒3
18
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒4
リソースにタグ付け
19
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒5
20
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒6
スタックのコスト見見積もり
21
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationの概要
4
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック
AWS CloudFormationのイメージ
S3
CloudWatch
Elastic Load Balancing
EC2 EC2Auto Scaling
SNS
テンプレート
CloudFormation
テンプレートに基づき各サービスが起動
6
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
利利用料料金金
CloudFormationの利利用自体は無料料
テンプレートに従って構築された各AWSサービスに対して課金金
8
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSの構築デプロイ自動化サービスの中での位置づけ
Elastic Beanstalk OpsWorks CloudFormation
フレキシビリティ
導入の容易易さ
9
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック
11
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック構築方法 AWS Management Consoleから構築 コマンドラインツール
bull AWS Command Line Toolbull httpawsamazoncomcli
各種SDKbull Java httpawsamazoncomjpsdkforjavabull NET httpawsamazoncomjpsdkfornetbull PHP httpawsamazoncomjpsdkforphpbull Ruby httpdocsawsamazoncomAWSSdkDocsRubylatestDeveloperGuideruby-‐‑‒dg-‐‑‒setuphtml
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒1
16
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒2
スタックの名称
サンプルテンプレート
ローカルファイルのemsp テンプレート
テンプレートファイルURL(同一リージョンのS3上)
いずれか
17
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
各種パラメータの入力力(後で説明)
AWS Management Consoleから構築-‐‑‒3
18
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒4
リソースにタグ付け
19
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒5
20
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒6
スタックのコスト見見積もり
21
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック
AWS CloudFormationのイメージ
S3
CloudWatch
Elastic Load Balancing
EC2 EC2Auto Scaling
SNS
テンプレート
CloudFormation
テンプレートに基づき各サービスが起動
6
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
利利用料料金金
CloudFormationの利利用自体は無料料
テンプレートに従って構築された各AWSサービスに対して課金金
8
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSの構築デプロイ自動化サービスの中での位置づけ
Elastic Beanstalk OpsWorks CloudFormation
フレキシビリティ
導入の容易易さ
9
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック
11
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック構築方法 AWS Management Consoleから構築 コマンドラインツール
bull AWS Command Line Toolbull httpawsamazoncomcli
各種SDKbull Java httpawsamazoncomjpsdkforjavabull NET httpawsamazoncomjpsdkfornetbull PHP httpawsamazoncomjpsdkforphpbull Ruby httpdocsawsamazoncomAWSSdkDocsRubylatestDeveloperGuideruby-‐‑‒dg-‐‑‒setuphtml
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒1
16
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒2
スタックの名称
サンプルテンプレート
ローカルファイルのemsp テンプレート
テンプレートファイルURL(同一リージョンのS3上)
いずれか
17
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
各種パラメータの入力力(後で説明)
AWS Management Consoleから構築-‐‑‒3
18
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒4
リソースにタグ付け
19
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒5
20
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒6
スタックのコスト見見積もり
21
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック
AWS CloudFormationのイメージ
S3
CloudWatch
Elastic Load Balancing
EC2 EC2Auto Scaling
SNS
テンプレート
CloudFormation
テンプレートに基づき各サービスが起動
6
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
利利用料料金金
CloudFormationの利利用自体は無料料
テンプレートに従って構築された各AWSサービスに対して課金金
8
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSの構築デプロイ自動化サービスの中での位置づけ
Elastic Beanstalk OpsWorks CloudFormation
フレキシビリティ
導入の容易易さ
9
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック
11
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック構築方法 AWS Management Consoleから構築 コマンドラインツール
bull AWS Command Line Toolbull httpawsamazoncomcli
各種SDKbull Java httpawsamazoncomjpsdkforjavabull NET httpawsamazoncomjpsdkfornetbull PHP httpawsamazoncomjpsdkforphpbull Ruby httpdocsawsamazoncomAWSSdkDocsRubylatestDeveloperGuideruby-‐‑‒dg-‐‑‒setuphtml
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒1
16
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒2
スタックの名称
サンプルテンプレート
ローカルファイルのemsp テンプレート
テンプレートファイルURL(同一リージョンのS3上)
いずれか
17
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
各種パラメータの入力力(後で説明)
AWS Management Consoleから構築-‐‑‒3
18
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒4
リソースにタグ付け
19
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒5
20
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒6
スタックのコスト見見積もり
21
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
利利用料料金金
CloudFormationの利利用自体は無料料
テンプレートに従って構築された各AWSサービスに対して課金金
8
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSの構築デプロイ自動化サービスの中での位置づけ
Elastic Beanstalk OpsWorks CloudFormation
フレキシビリティ
導入の容易易さ
9
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック
11
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック構築方法 AWS Management Consoleから構築 コマンドラインツール
bull AWS Command Line Toolbull httpawsamazoncomcli
各種SDKbull Java httpawsamazoncomjpsdkforjavabull NET httpawsamazoncomjpsdkfornetbull PHP httpawsamazoncomjpsdkforphpbull Ruby httpdocsawsamazoncomAWSSdkDocsRubylatestDeveloperGuideruby-‐‑‒dg-‐‑‒setuphtml
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒1
16
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒2
スタックの名称
サンプルテンプレート
ローカルファイルのemsp テンプレート
テンプレートファイルURL(同一リージョンのS3上)
いずれか
17
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
各種パラメータの入力力(後で説明)
AWS Management Consoleから構築-‐‑‒3
18
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒4
リソースにタグ付け
19
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒5
20
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒6
スタックのコスト見見積もり
21
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
利利用料料金金
CloudFormationの利利用自体は無料料
テンプレートに従って構築された各AWSサービスに対して課金金
8
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSの構築デプロイ自動化サービスの中での位置づけ
Elastic Beanstalk OpsWorks CloudFormation
フレキシビリティ
導入の容易易さ
9
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック
11
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック構築方法 AWS Management Consoleから構築 コマンドラインツール
bull AWS Command Line Toolbull httpawsamazoncomcli
各種SDKbull Java httpawsamazoncomjpsdkforjavabull NET httpawsamazoncomjpsdkfornetbull PHP httpawsamazoncomjpsdkforphpbull Ruby httpdocsawsamazoncomAWSSdkDocsRubylatestDeveloperGuideruby-‐‑‒dg-‐‑‒setuphtml
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒1
16
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒2
スタックの名称
サンプルテンプレート
ローカルファイルのemsp テンプレート
テンプレートファイルURL(同一リージョンのS3上)
いずれか
17
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
各種パラメータの入力力(後で説明)
AWS Management Consoleから構築-‐‑‒3
18
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒4
リソースにタグ付け
19
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒5
20
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒6
スタックのコスト見見積もり
21
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSの構築デプロイ自動化サービスの中での位置づけ
Elastic Beanstalk OpsWorks CloudFormation
フレキシビリティ
導入の容易易さ
9
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック
11
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック構築方法 AWS Management Consoleから構築 コマンドラインツール
bull AWS Command Line Toolbull httpawsamazoncomcli
各種SDKbull Java httpawsamazoncomjpsdkforjavabull NET httpawsamazoncomjpsdkfornetbull PHP httpawsamazoncomjpsdkforphpbull Ruby httpdocsawsamazoncomAWSSdkDocsRubylatestDeveloperGuideruby-‐‑‒dg-‐‑‒setuphtml
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒1
16
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒2
スタックの名称
サンプルテンプレート
ローカルファイルのemsp テンプレート
テンプレートファイルURL(同一リージョンのS3上)
いずれか
17
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
各種パラメータの入力力(後で説明)
AWS Management Consoleから構築-‐‑‒3
18
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒4
リソースにタグ付け
19
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒5
20
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒6
スタックのコスト見見積もり
21
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック
11
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック構築方法 AWS Management Consoleから構築 コマンドラインツール
bull AWS Command Line Toolbull httpawsamazoncomcli
各種SDKbull Java httpawsamazoncomjpsdkforjavabull NET httpawsamazoncomjpsdkfornetbull PHP httpawsamazoncomjpsdkforphpbull Ruby httpdocsawsamazoncomAWSSdkDocsRubylatestDeveloperGuideruby-‐‑‒dg-‐‑‒setuphtml
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒1
16
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒2
スタックの名称
サンプルテンプレート
ローカルファイルのemsp テンプレート
テンプレートファイルURL(同一リージョンのS3上)
いずれか
17
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
各種パラメータの入力力(後で説明)
AWS Management Consoleから構築-‐‑‒3
18
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒4
リソースにタグ付け
19
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒5
20
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒6
スタックのコスト見見積もり
21
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック
11
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック構築方法 AWS Management Consoleから構築 コマンドラインツール
bull AWS Command Line Toolbull httpawsamazoncomcli
各種SDKbull Java httpawsamazoncomjpsdkforjavabull NET httpawsamazoncomjpsdkfornetbull PHP httpawsamazoncomjpsdkforphpbull Ruby httpdocsawsamazoncomAWSSdkDocsRubylatestDeveloperGuideruby-‐‑‒dg-‐‑‒setuphtml
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒1
16
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒2
スタックの名称
サンプルテンプレート
ローカルファイルのemsp テンプレート
テンプレートファイルURL(同一リージョンのS3上)
いずれか
17
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
各種パラメータの入力力(後で説明)
AWS Management Consoleから構築-‐‑‒3
18
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒4
リソースにタグ付け
19
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒5
20
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒6
スタックのコスト見見積もり
21
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック構築方法 AWS Management Consoleから構築 コマンドラインツール
bull AWS Command Line Toolbull httpawsamazoncomcli
各種SDKbull Java httpawsamazoncomjpsdkforjavabull NET httpawsamazoncomjpsdkfornetbull PHP httpawsamazoncomjpsdkforphpbull Ruby httpdocsawsamazoncomAWSSdkDocsRubylatestDeveloperGuideruby-‐‑‒dg-‐‑‒setuphtml
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒1
16
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒2
スタックの名称
サンプルテンプレート
ローカルファイルのemsp テンプレート
テンプレートファイルURL(同一リージョンのS3上)
いずれか
17
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
各種パラメータの入力力(後で説明)
AWS Management Consoleから構築-‐‑‒3
18
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒4
リソースにタグ付け
19
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒5
20
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒6
スタックのコスト見見積もり
21
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック構築方法 AWS Management Consoleから構築 コマンドラインツール
bull AWS Command Line Toolbull httpawsamazoncomcli
各種SDKbull Java httpawsamazoncomjpsdkforjavabull NET httpawsamazoncomjpsdkfornetbull PHP httpawsamazoncomjpsdkforphpbull Ruby httpdocsawsamazoncomAWSSdkDocsRubylatestDeveloperGuideruby-‐‑‒dg-‐‑‒setuphtml
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒1
16
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒2
スタックの名称
サンプルテンプレート
ローカルファイルのemsp テンプレート
テンプレートファイルURL(同一リージョンのS3上)
いずれか
17
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
各種パラメータの入力力(後で説明)
AWS Management Consoleから構築-‐‑‒3
18
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒4
リソースにタグ付け
19
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒5
20
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒6
スタックのコスト見見積もり
21
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
スタック構築方法 AWS Management Consoleから構築 コマンドラインツール
bull AWS Command Line Toolbull httpawsamazoncomcli
各種SDKbull Java httpawsamazoncomjpsdkforjavabull NET httpawsamazoncomjpsdkfornetbull PHP httpawsamazoncomjpsdkforphpbull Ruby httpdocsawsamazoncomAWSSdkDocsRubylatestDeveloperGuideruby-‐‑‒dg-‐‑‒setuphtml
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒1
16
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒2
スタックの名称
サンプルテンプレート
ローカルファイルのemsp テンプレート
テンプレートファイルURL(同一リージョンのS3上)
いずれか
17
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
各種パラメータの入力力(後で説明)
AWS Management Consoleから構築-‐‑‒3
18
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒4
リソースにタグ付け
19
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒5
20
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒6
スタックのコスト見見積もり
21
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒1
16
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒2
スタックの名称
サンプルテンプレート
ローカルファイルのemsp テンプレート
テンプレートファイルURL(同一リージョンのS3上)
いずれか
17
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
各種パラメータの入力力(後で説明)
AWS Management Consoleから構築-‐‑‒3
18
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒4
リソースにタグ付け
19
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒5
20
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒6
スタックのコスト見見積もり
21
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒1
16
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒2
スタックの名称
サンプルテンプレート
ローカルファイルのemsp テンプレート
テンプレートファイルURL(同一リージョンのS3上)
いずれか
17
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
各種パラメータの入力力(後で説明)
AWS Management Consoleから構築-‐‑‒3
18
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒4
リソースにタグ付け
19
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒5
20
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒6
スタックのコスト見見積もり
21
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒2
スタックの名称
サンプルテンプレート
ローカルファイルのemsp テンプレート
テンプレートファイルURL(同一リージョンのS3上)
いずれか
17
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
各種パラメータの入力力(後で説明)
AWS Management Consoleから構築-‐‑‒3
18
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒4
リソースにタグ付け
19
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒5
20
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒6
スタックのコスト見見積もり
21
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
各種パラメータの入力力(後で説明)
AWS Management Consoleから構築-‐‑‒3
18
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒4
リソースにタグ付け
19
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒5
20
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒6
スタックのコスト見見積もり
21
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒4
リソースにタグ付け
19
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒5
20
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒6
スタックのコスト見見積もり
21
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒5
20
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒6
スタックのコスト見見積もり
21
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒6
スタックのコスト見見積もり
21
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒7
スタック構築開始
22
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒8
23
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒9
スタック構築実行行中
24
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒10
スタック構築完了了この時点ですべてのサービスが起動している
25
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWS Management Consoleから構築-‐‑‒11
スタック構築失敗ロールバック中
26
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
27
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート
CloudFormationの心臓部 スタック構築の設計図 JSONフォーマットで記述
AWSTemplateFormatVersion 2010-09-09 Description ldquoSample Parameters KeyName Description ldquoSample key Type String Mappings Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
28
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレート解説 AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Parameters
CloudFormation実行行時に後で変更更可能なパラメータを列列挙(例例DBユーザー名など)
30
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Parameters Age TypeNumber ldquoDefaultrdquo ldquo30rdquo ldquoMinValuerdquo ldquo20rdquo ldquoMaxValuerdquo ldquo60rdquo Descriptioninput your ageldquo FirstName TypeString Descriptioninput your first nameldquo
31
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Mappings
Hashtableのようなものキーに応じて値を特定出来る
(例例リージョンに応じたAMI番号など)
36
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Mappings RegionTable us-east-1 AMI ami-8c1fece5ldquo ldquoKeyrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
マッピングを定義(この例例の場合rdquoRegionTablerdquoという
マッピングを定義)
37
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Resources
EC2やRDSなどスタックを構成するリソースを定義
42
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
ldquoResources ldquoMyWebServer ldquoType ldquoAWSEC2Instancerdquo ldquoProperties ldquoKeyName ami-8c1fece5ldquo ldquoImageIdrdquo ldquomyKey-eastrdquo us-west-1 AMI ami-3bc9997eldquo ldquoKeyrdquo ldquomyKey-westrdquo ap-northeast-1 AMI ami-300ca731ldquo ldquoKeyrdquo ldquomyKey-japanrdquo
43
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
EC2+SecurityGroupの例例 Resources Ec2Instance Type AWSEC2Instance Properties SecurityGroups [ Ref InstanceSecurityGroup ] KeyName Ref KeyName ImageId FnFindInMap [ RegionMap Ref AWSRegion AMI ] InstanceSecurityGroup Type AWSEC2SecurityGroup Properties GroupDescription Enable SSH access via port 22 SecurityGroupIngress [ IpProtocol tcp FromPort 22 ToPort 22 CidrIp 00000 ]
リソース毎のプロパティ
リソースタイプ
44
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
AWSTemplateFormatVersion ldquo2010-09-09 Description Valid JSON strings up to 4K Parameters set of parameters Mappings set of mappings ldquoConditions set of conditions Resources set of resources Outputs set of outputs
Outputs
スタック構築後に取得したい値(例例アクセスURLなど)
47
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
出力力したい名称を定義
説明
値
Functionを使って文字列列を加工
49
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Outputの定義 Outputs InstanceId Description InstanceId of the newly created EC2 instance Value Ref Ec2Instance AZ Description Availability Zone of the newly created EC2 instance Value FnGetAtt [ Ec2Instance AvailabilityZone ] ApplicationURL Description URL of running web application Value FnJoin [ [ http FnGetAtt [ Ec2Instance PublicIp] indexhtml] ]
50
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Resources myS3Bucket Type AWSS3Bucket DeletionPolicy Retain
52
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
リソース数が多いと何のリソースか分からなくなるのでTagsプロパティを使用するMyInstance Type AWSEC2Instance Properties SecurityGroups [ Ref MySecurityGroup ] ImageId ami-20b65349 Tags [ Key ldquoName Value ldquoMyInstance ]
53
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
テンプレートTips
CloudFormationで作られたリソースにはスタック名などのタグが付与される
54
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
57
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Cloud-‐‑‒init
User Dataに定義Cloud-‐‑‒initがuserdata
を読み込む
読み込んだスクリプトを実行行
EC2インスタンス起動
59
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormation helpers
63
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
cfn-‐‑‒initの設定 files
bull 指定パスへのファイルの生成
files appdbconf content FnJoin [ [ dbname= Ref DBName n dbuser= Ref DBUser n dbpass= Ref DBPassword n dbhost= FnGetAtt [DBInstance EndpointAddress] n ]] mode 000644 owner root group root etcmyappmyapp-initpp source httpss3amazonawscommyappmyapp-initpp mode 100644 owner root group wheel
ファイルの中身を生成
ファイルパス
S3などから取得
67
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer
73
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer 既に構築済みのシステム構成からテンプレートを作成するツール
テンプレート作成のベースとなるテンプレートを構築するのに利利用可能
EC2 EC2
AutoScaling
テンプレート
CloudFormer
74
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormerスタックを作成し起動
以下のいずれかからスタックを作成bull AWS CloudFormation コンソール
bull サンプルテンプレートからrdquo CloudFormer -‐‑‒ create a template from your existing resourcesrdquoを選択
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer起動
78
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormer実行行方法
テンプレート化したいリージョンを選ぶとウィザード形式でリソースの選択が可能
チェックボックスを入れたリソースを元にテンプレートが完成
79
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
その他Tips
80
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
Baked AMI VS CF-‐‑‒Init AMIの作り込み VS Cloud-‐‑‒init+CloudFormation helpers
用途によってAMI作り込みcloud-‐‑‒inithelperを使い分ける事が重要
利点 欠点
AMI作り込み 構築が容易 起動が速い (オートスケールに有効)
ベースAMIミドルウェア 更新時に再インストールが必要 リージョン毎の構築が必要
ベースAMI+ Cloud-init+CFN helpers
ベースAMIミドルウェア更新時 に追従が可能 DBのエンドポイントなどの 定義が渡せる
テンプレート構築が手間 OS初期化に時間がかかる
81
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
IAM Capability CloudFormationでIAMユーザーを作成する場合ウィザード途中でチェックボックスをonにする必要があるbull cfn-‐‑‒create-‐‑‒stackおよびcfn-‐‑‒update-‐‑‒stackの場合は emsp emsp 「-‐‑‒-‐‑‒capalilities CAPABILITY_IAM」をコマンドに付与
82
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
まとめ
83
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2012 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
CloudFormationで真のクラウドマイスターを目指せ
WebServer
AppServer
86
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc
copy 2013 Amazoncom Inc and its affiliates All rights reserved May not be copied modified or distributed in whole or in part without the express consent of Amazoncom Inc