Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS System Manager:
Parameter Store
@seapy

@nac...


© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
@seapy
CTO,
@nacyo_t
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS System Manager
Parameter Store
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS System Manager
Parameter Store
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Parameter Store ?
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Parameter Store
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
!
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS System Manager
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
EC2
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
EC2
RDS
Route 53
VPC
IAM
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
EC2
RDS
Route 53
VPC
IAM
ECS
CloudSearch
Elastic...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Run Commands
Resource Group
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
System Manager
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Parameter Store
System Manager
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS System Manager
Gain Operational Insight and ...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS System Manager
• Resource Groups
• Insights
...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Resource Group: Find Resources
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Resource Group: Saved Group
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Actions: Run Commands
SSH
,
ssm-agent
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS System Manager
Parameter Store
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
!
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Parameter Store


,
.
.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Parameter Store


,
.
.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Parameter Store
-
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Parameter Store
-
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Parameter Store
-
AWS !
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Parameter Store
-
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Parameter Store
-
!
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Parameter Store
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
put-parameter
$ aws ssm put-parameter --name "/t...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
get-parameter
$ aws ssm get-parameter --name "/t...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
get-parameters
$ aws ssm get-parameters --names ...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
get-parameters-by-path
$ aws ssm get-parameters-...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
delete-parameter
$ aws ssm delete --path "/test/...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
delete-parameters
$ aws ssm delete-parameters --...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Parameter Store vs. Redis
# Parameter Store
##
$...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Parameter Store
!
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Parameter Store:
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
?
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
= Build + Config
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Build



+



Config
Release
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Build



+



Config
Release
) Git
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Build



+



Config
) Git
•
•
• ->
•
•
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
?
= Build + Config
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
The release stage takes the build
produced by th...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
A litmus test for whether an app has all config ...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
😭
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
⚔ ⚔
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
• S3
• DynamoDB
• Sneaker using S3
• unicreds us...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
• S3 DynamoDB
•
• KMS / ,
• CRUD, ,
• AWS ,
• S3...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
• S3
•
• sneaker /
• KMS
codahale/sneaker
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
• Dynamo
•
• KMS
•
Versent/unicreds
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
• Parameter Store
• Parameter Store KMS ,
• Path...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
•
•
•
• Vault
• Vault
•
Hashicorp Vault
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
• AWS -
• , KMS
• Chamber
• ECS / Fargate
• Para...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Parameter Store
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
put-parameter
$ aws ssm put-parameter --name "/t...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
put-parameter --overwrite
$ aws ssm put-paramete...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
get-parameter
$ aws ssm get-parameter --name "/t...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
get-parameter-history
$ aws ssm get-parameter-hi...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
KMS
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
put-parameter (SecureString)
$ aws ssm put-param...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
get-parameter (SecureString)
$ aws ssm get-param...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
get-parameter --with-decryption
$ aws ssm get-pa...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Chamber
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
chamber
##
$ brew install chamber
## KMS
$ expor...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
chamber
## /foobar/hello
$ chamber write "foobar...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
ECS
AWS Launches Secrets Support for Amazon Elas...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Task Definition ValueFrom
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Task Definition: JSON
{
"containerDefinitions": ...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
※ ※
Parameter Store ECS Task Definition ,
Task e...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Task execution Role - Policy (1)
{
"Version": "2...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Task execution Role - Policy (2)
{
"Sid": "",
"E...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Fargate
AWS Fargate Platform Version 1.3 Adds Se...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Managed Parameters
Amazon ECS provides ECS-O...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
chamber
$ aws ssm get-parameters --names /aws/se...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
• Parameter Store
• System Manager
• AWS -
•
• ,...
!
#AWSSummit 

.
AWS Summit Seoul 2019
QR
.
Summit
.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reser...
!
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Upcoming SlideShare
Loading in …5
×

AWS System Manager: Parameter Store를 사용한 AWS 구성 데이터 관리 기법 - 정창훈, 당근마켓 / 김대권, 당근마켓 :: AWS Summit Seoul 2019

1,049 views

Published on

AWS System Manager: Parameter Store를 사용한 AWS 구성 데이터 관리 기법
정창훈, 당근마켓

AWS Systems Manager는 모든 AWS 리소스에 대한 가시성과 운영 데이터 통합 및 자동화 제어를 가능하게 하는 멋진 서비스입니다. 본 세션에서는 System Manager의 기본 기능에 대한 소개와 함께 어려워서 못쓰기보다 몰라서 안쓰는 Parameter Store의 사용법과 구성 정보 관리 부터 ECS, KMS, Lambda와 같은 AWS의 다른 서비스들과 연동해서 사용하는 방법에 대해서 당근 마켓의 실제 사례와 함께 소개합니다.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

AWS System Manager: Parameter Store를 사용한 AWS 구성 데이터 관리 기법 - 정창훈, 당근마켓 / 김대권, 당근마켓 :: AWS Summit Seoul 2019

  1. 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS System Manager: Parameter Store @seapy
 @nacyo_t
  2. 2. 
 © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  3. 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. @seapy CTO, @nacyo_t
  4. 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS System Manager Parameter Store
  5. 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS System Manager Parameter Store
  6. 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Parameter Store ?
  7. 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Parameter Store
  8. 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  9. 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. !
  10. 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS System Manager
  11. 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. EC2
  12. 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. EC2 RDS Route 53 VPC IAM
  13. 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. EC2 RDS Route 53 VPC IAM ECS CloudSearch ElasticSearch ElastiCache Neptune CloudFront SageMaker Cloud9 Workspaces
  14. 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Run Commands Resource Group
  15. 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. System Manager
  16. 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Parameter Store System Manager
  17. 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS System Manager Gain Operational Insight and Take Action on AWS Resources
  18. 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS System Manager • Resource Groups • Insights • Actions • Shred Resources
  19. 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Resource Group: Find Resources
  20. 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Resource Group: Saved Group
  21. 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Actions: Run Commands SSH , ssm-agent
  22. 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS System Manager Parameter Store
  23. 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. !
  24. 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Parameter Store 
 , . .
  25. 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Parameter Store 
 , . .
  26. 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Parameter Store -
  27. 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Parameter Store -
  28. 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Parameter Store - AWS !
  29. 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Parameter Store -
  30. 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Parameter Store - !
  31. 31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Parameter Store
  32. 32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. put-parameter $ aws ssm put-parameter --name "/test/hello" --value "world" --type "String" { "Version": 1 } $ aws ssm put-parameter --name "/test/hello/param1" --value "one" --type "String" $ aws ssm put-parameter --name "/test/hello/param2" --value "two" --type "String" $ aws ssm put-parameter --name "/test/hello/param3" --value "three" --type "String"
  33. 33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. get-parameter $ aws ssm get-parameter --name "/test/hello" { "Parameter": { "Name": "/test/hello", "Type": "String", "Value": "world", "Version": 1, "LastModifiedDate": 1555303879.036, "ARN": "arn:aws:ssm:ap-northeast-2:526159101733:parameter/test/hello" } }
  34. 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. get-parameters $ aws ssm get-parameters --names "/test/hello/param1" "/test/hello/param2" "/test/hello/param3" { "Parameters": [ { "Name": "/test/hello/param1", "Value": "one", ... }, { "Name": "/test/hello/param2", "Value": "two", ... }, { "Name": "/test/hello/param3", "Value": "three", ... } ], "InvalidParameters": [] }
  35. 35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. get-parameters-by-path $ aws ssm get-parameters-by-path --path "/test/hello/" { "Parameters": [ { "Name": "/test/hello/param1", "Value": "one", ... }, { "Name": "/test/hello/param2", "Value": "two", ... }, { "Name": "/test/hello/param3", "Value": "three", ... } ] }
  36. 36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. delete-parameter $ aws ssm delete --path "/test/hello/"
  37. 37. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. delete-parameters $ aws ssm delete-parameters --names "/test/hello/param1" "/test/hello/param2" "/test/hello/ param3" { "DeletedParameters": [ "/test/hello/param1", "/test/hello/param2", "/test/hello/param3" ], "InvalidParameters": [] }
  38. 38. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Parameter Store vs. Redis # Parameter Store ## $ aws ssm put-parameter --name "/test/hello" --value "world" -- type "String" ## $ aws ssm get-parameter --name "/test/hello" ## $ aws ssm delete --path "/test/hello/" # Redis > set "/test/hello" "world" > get "/test/hello" > del "/test/hello"
  39. 39. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Parameter Store !
  40. 40. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Parameter Store:
  41. 41. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. ?
  42. 42. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. = Build + Config
  43. 43. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Build
 
 +
 
 Config Release
  44. 44. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Build
 
 +
 
 Config Release ) Git
  45. 45. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Build
 
 +
 
 Config ) Git • • • -> • •
  46. 46. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. ? = Build + Config
  47. 47. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. The release stage takes the build produced by the build stage and combines it with the deploy’s current config. The resulting release contains both the build and the config and is ready for immediate execution in the execution environment. Release = Build + Config The Twelve-Factor App V. Build, relesae, run
  48. 48. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. A litmus test for whether an app has all config correctly factored out of the code is whether the codebase could be made open source at any moment, without compromising any credentials. Release = Build + Config The Twelve-Factor App III. Config
  49. 49. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. 😭
  50. 50. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. ⚔ ⚔
  51. 51. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • S3 • DynamoDB • Sneaker using S3 • unicreds using DynamoDB • Chamber using Parameter Store • Hashicorp Vault • SSM Parameter Store • • • •
  52. 52. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • S3 DynamoDB • • KMS / , • CRUD, , • AWS , • S3 KMS AWS S3 / AWS DynamoDB
  53. 53. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • S3 • • sneaker / • KMS codahale/sneaker
  54. 54. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Dynamo • • KMS • Versent/unicreds
  55. 55. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Parameter Store • Parameter Store KMS , • Path(Namespace) • Chamber • Parameter Store ECS • Segment.io segmentio/chamber
  56. 56. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • • • • Vault • Vault • Hashicorp Vault
  57. 57. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • AWS - • , KMS • Chamber • ECS / Fargate • Parameter Store • Vault , SSM Parameter Store
  58. 58. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Parameter Store
  59. 59. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  60. 60. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. put-parameter $ aws ssm put-parameter --name "/test/hello" --value "world" --type "String" { "Version": 1 } $ aws ssm put-parameter --name "/test/hello" --value "AWS" --type "String" An error occurred (ParameterAlreadyExists) when calling the PutParameter operation: The parameter already exists. To overwrite this value, set the overwrite option in the request to true.
  61. 61. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. put-parameter --overwrite $ aws ssm put-parameter --name "/test/hello" --value "AWS" --type "String" --overwrite { "Version": 2 }
  62. 62. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. get-parameter $ aws ssm get-parameter --name "/test/hello" { "Parameter": { "Name": "/test/hello", "Type": "String", "Value": "AWS", "Version": 2, "LastModifiedDate": 1555308458.303, "ARN": "arn:aws:ssm:ap-northeast-2:526159101733:parameter/test/hello" } }
  63. 63. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. get-parameter-history $ aws ssm get-parameter-history --name "/test/hello" { "Parameters": [ { "Name": "/test/hello", "Type": "String", "Value": "world", "Version": 1, ... }, { "Name": "/test/hello", "Type": "String", "Value": "AWS", "Version": 2, ... } ] }
  64. 64. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. KMS
  65. 65. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. put-parameter (SecureString) $ aws ssm put-parameter --name "/test/secure" --value "IMPORTANT" --type "SecureString" { "Version": 1 } ## --key-id KMS ## KMS
  66. 66. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. get-parameter (SecureString) $ aws ssm get-parameter --name "/test/secure" { "Parameter": { "Name": "/test/secure", "Type": "SecureString", "Value": "AQICAHjmoEU/R7DszFWj/vcjDjlukISSRNfobgwwWxcO4/ EqWwHWAE43hXLwQVDCE2ysqGGPAAAAYTBfBgkqhkiG9w0BBwagUjBQAgEAMEsGCSqGSIb3DQEHATAeBglghk gBZQMEAS4wEQQMK0yvazbwRn4DpRHSAgEQgB7Ent5SDdpLbbMbn1fNVtIzaM5uqzPUFFuiGXo3aLA=", "Version": 1, "LastModifiedDate": 1555308656.528, "ARN": "arn:aws:ssm:ap-northeast-2:526159101733:parameter/test/secure" } }
  67. 67. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. get-parameter --with-decryption $ aws ssm get-parameter --name "/test/secure" --with-decryption { "Parameter": { "Name": "/test/secure", "Type": "SecureString", "Value": "IMPORTANT", "Version": 1, "LastModifiedDate": 1555308656.528, "ARN": "arn:aws:ssm:ap-northeast-2:526159101733:parameter/test/secure" } }
  68. 68. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Chamber
  69. 69. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. chamber ## $ brew install chamber ## KMS $ export CHAMBER_KMS_KEY_ALIAS=aws/ssm
  70. 70. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. chamber ## /foobar/hello $ chamber write "foobar" "hello" "world" $ chamber read "foobar" "hello" Key Value Version LastModified User hello world 1 04-15 15:19:28 arn:aws:iam:: ## /foobar/ $ chamber exec foobar -- env | grep HELLO HELLO=world
  71. 71. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. ECS AWS Launches Secrets Support for Amazon Elastic Container Service
  72. 72. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Task Definition ValueFrom
  73. 73. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Task Definition: JSON { "containerDefinitions": [ { "environment": [ { "name": "KEY", "value": "this_is_a_key" } ], "secrets": [ { "name": "API_KEY" "valueFrom": "/services/foobar/api_key", }, ], ... } ], ... }
  74. 74. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. ※ ※ Parameter Store ECS Task Definition , Task execution role . • Parameter Store • Parameter Store KMS • Task execution role (ECR, CloudWatch Logs) • Task Role Task execution role !
  75. 75. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Task execution Role - Policy (1) { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Action": [ "ssm:GetParameters", ], "Resource": [ "arn:aws:ssm:ap-northeast-2:314695318048:parameter/services/foobar/*", ] }, { "Sid": "", "Effect": "Allow", "Action": [ "kms:Decrypt" ], "Resource": [ "arn:aws:kms:ap-northeast-2:314695318048:key/foobar" ] },
  76. 76. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Task execution Role - Policy (2) { "Sid": "", "Effect": "Allow", "Action": [ "logs:PutLogEvents", "logs:CreateLogStream", "ecr:GetDownloadUrlForLayer", "ecr:GetAuthorizationToken", "ecr:BatchGetImage", "ecr:BatchCheckLayerAvailability" ], "Resource": "*" } ] }
  77. 77. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Fargate AWS Fargate Platform Version 1.3 Adds Secrets Support
  78. 78. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Managed Parameters Amazon ECS provides ECS-Optimized AMI metadata via SSM Parameters • ECS AMI Paramater Store • /aws/service/ecs/optimized-ami/amazon-linux/recommended
  79. 79. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. chamber $ aws ssm get-parameters --names /aws/service/ecs/optimized-ami/amazon-linux/recommended { "Parameters": [ { "Name": "/aws/service/ecs/optimized-ami/amazon-linux/recommended", "Type": "String", "Value": "{"schema_version":1,"image_name":"amzn-ami-2018.03.o-amazon-ecs-optimized","image_id": "ami-0e0d82e1272b5ae8a","os":"Amazon Linux","ecs_runtime_version":"Docker version 18.06.1-ce","ecs_agent_version":"1.26.0"}", "Version": 21, "LastModifiedDate": 1554762689.322, "ARN": "arn:aws:ssm:ap-northeast-2::parameter/aws/service/ecs/optimized-ami/amazon-linux/recommended" } ], "InvalidParameters": [] }
  80. 80. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Parameter Store • System Manager • AWS - • • , • IAM • AWS (ECS, Fargate )
  81. 81. ! #AWSSummit 
 . AWS Summit Seoul 2019 QR . Summit . © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  82. 82. ! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

×