SREã®è…原ã§ã™ã€‚
カンムã®ã‚µãƒ¼ãƒ“スã¯Webサービス・ãƒãƒƒãƒå‡¦ç†ãªã©ã‚‚å«ã‚ã¦åŸºæœ¬çš„ã«ã¯ECS上ã§å‹•ã‹ã—ã¦ã„ã‚‹ã®ã§ã™ãŒã€ç°¡å˜ãªãƒãƒƒãƒå‡¦ç†ã¯Lambda+EventBridge Schedulerã®çµ„ã¿åˆã‚ã›ã§å‹•ã‹ã™ã“ã¨ã‚‚ã‚ã‚Šã¾ã™ã€‚
Lambdaã¯ECSã«æ¯”ã¹ã¦Dockerイメージã®ãƒ“ルドやECRã®æº–å‚™ãŒä¸è¦ã§ä½œæˆã®æ‰‹é–“ãŒå°‘ãªã„ã®ã§ã™ãŒã€terraformã§ãƒ‡ãƒ—ãƒã‚¤ã¾ã§å«ã‚ã¦ç®¡ç†ã—よã†ã¨ã™ã‚‹ã¨å°‘ã—å•é¡ŒãŒã‚ã‚Šã¾ã—ãŸã€‚
terraformã§ã®Lambdaã®ãƒ‡ãƒ—ãƒã‚¤ã®å•é¡Œç‚¹
例ãˆã°ä»¥ä¸‹ã®ã‚ˆã†ãªæ§‹æˆã®Node.jsã®Lambdaをデプãƒã‚¤ã™ã‚‹å ´åˆ
/
├── lambda.tf
└── lambda
├── app.js
├── package-lock.json
└── package.json
// app.js const util = require("util"); const gis = util.promisify(require("g-i-s")); exports.handler = async (event) => { const rs = await gis("nyan"); console.log(JSON.stringify(rs, null, 2)); };
null_resource(ã¾ãŸã¯terraform-data)ã¨archive_fileを使ã£ã¦ã€terraformã§Lambdaã®ä½œæˆã¨ãƒ‡ãƒ—ãƒã‚¤ã‚’è¡Œãˆã¾ã™ã€‚
resource "null_resource" "npm_install" { triggers = { package_json = filebase64sha256("lambda/package.json") package_lock_json = filebase64sha256("lambda/package-lock.json") } provisioner "local-exec" { working_dir = "lambda" command = "npm install" } } data "archive_file" "nyan" { type = "zip" output_path = "app.zip" source_dir = "lambda" depends_on = [null_resource.npm_install] } resource "aws_lambda_function" "nyan" { function_name = "nyan" runtime = "nodejs20.x" role = "..." handler = "app.handler" filename = data.archive_file.nyan.output_path source_code_hash = data.archive_file.nyan.output_base64sha256 }
ã—ã‹ã—ã“ã®æ–¹æ³•ã ã¨
- archive_fileãŒãƒ‡ãƒ¼ã‚¿ã‚½ãƒ¼ã‚¹ã§ã‚ã‚‹ãŸã‚ã€terraformを実行ã™ã‚‹ãŸã³ã«zipファイルãŒä½œæˆã•ã‚Œã‚‹ *1
- 特ã«CIã‚„Atlantis*2ã§terraformを実行ã™ã‚‹å ´åˆã€æ„図ã—ãªã„タイミングã§Lambdaã®æ›´æ–°ãŒå®Ÿè¡Œã•ã‚Œã‚‹
- npm installã‚„pip installãªã©zipファイル作æˆå‰ã®å‡¦ç†ã®å®šç¾©ãŒè¤‡é›‘ã«ãªã‚‹
ã¨ã„ã†å•é¡ŒãŒã‚ã‚Šã¾ã™ã€‚
terraform-provider-lambdazip
ãã“ã§ã€ã“れらã®å•é¡Œã‚’解決ã—terraformã ã‘ã§Lambdaã®ç®¡ç†ã‚’è¡Œãˆã‚‹ã‚ˆã†ã«ã™ã‚‹ãŸã‚ã€terraformプãƒãƒã‚¤ãƒ€ãƒ¼ã‚’自作ã—ã¾ã—ãŸã€‚
- データソースã§ã¯ãªãリソースãªã®ã§triggersã®å¤‰æ›´ãŒãªã‘ã‚Œã°zipファイル作æˆå‡¦ç†ãŒèµ°ã‚‰ãªã„
- before_createã§zipファイル作æˆå‰ã®å‡¦ç†ã‚’指定ã§ãã‚‹
lambdazipプãƒãƒã‚¤ãƒ€ãƒ¼ã‚’使ã£ã¦å…ˆã»ã©ã®lambda.tfを書ãç›´ã™ã¨æ¬¡ã®ã‚ˆã†ã«ãªã‚Šã¾ã™ã€‚
data "lambdazip_files_sha256" "triggers" { files = [ "lambda/app.js", "lambda/package.json", "lambda/package-lock.json", ] } resource "lambdazip_file" "nyan" { base_dir = "lambda" sources = ["**"] output = "lambda.zip" before_create = "npm i" triggers = data.lambdazip_files_sha256.triggers.map } resource "aws_lambda_function" "nyan" { function_name = "nyan" runtime = "nodejs20.x" role = "..." handler = "app.handler" filename = lambdazip_file.nyan.output source_code_hash = lambdazip_file.nyan.base64sha256 }
Go Lambda
社内ã®Lambdaã«ã¯Pythonã‚„JavaScriptãŒä½¿ã‚れるã“ã¨ã‚‚ã‚ã‚Šã¾ã™ãŒã€ç§ãŒLambdaを作æˆã™ã‚‹å ´åˆã¯æ…£ã‚Œã¦ã„ã‚‹Goã§å®Ÿè£…ã™ã‚‹ã“ã¨ãŒå¤šã„ã§ã™ã€‚
- npmã‚„pipãªã©ãƒ©ã‚¤ãƒ–ラリã®åŒæ¢±ã«ã¤ã„ã¦è€ƒãˆã‚‹å¿…è¦ãŒãªã„
- 手元ã®ç’°å¢ƒã§ã‚‚CI/Atlantis環境ã§ã‚‚デプãƒã‚¤ç”¨ã®ãƒã‚¤ãƒŠãƒªã®ã‚¯ãƒã‚¹ã‚³ãƒ³ãƒ‘イルãŒã§ãã‚‹
- Go 1.21以é™ã§å†ç¾å¯èƒ½ãªãƒ“ルドãŒã§ãるよã†ã«ãªã£ãŸã®ã§ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰ã®å¤‰æ›´ã ã‘をトリガã«ãƒ‡ãƒ—ãƒã‚¤ã§ãã‚‹
- 共有ライブラリã¸ã®ä¾å˜ã‚’é¿ã‘ã‚„ã™ã„
ãªã©ãŒGo Lambdaã®è‰¯ã„点ã§ã™ã€‚
terraformã§ã®å®šç¾©ã¯
/
├── lambda.tf
└── lambda
├── main.go
├── go.mod
└── go.sum
data "lambdazip_files_sha256" "triggers" { files = ["lambda/*.go", "lambda/go.mod", "lambda/go.sum"] } resource "lambdazip_file" "app" { base_dir = "lambda" sources = ["bootstrap"] output = "lambda.zip" before_create = "GOOS=linux GOARCH=amd64 go build -o bootstrap main.go" triggers = data.lambdazip_files_sha256.triggers.map } resource "aws_lambda_function" "app" { filename = lambdazip_file.app.output function_name = "my_func" role = aws_iam_role.lambda_app_role.arn handler = "my-handler" source_code_hash = lambdazip_file.app.base64sha256 runtime = "provided.al2023" }
ã®ã‚ˆã†ã«ãªã‚Šã¾ã™ã€‚
以下ã€æ¥å‹™ã§ä½¿ç”¨ã—ã¦ã„ã‚‹Go Lambdaã®ä¸€ä¾‹ã§ã™ã€‚
例: リザーブドインスタンスã®æœŸé™ã®ãƒ¡ãƒˆãƒªã‚¯ã‚¹åŒ–
インフラコスト削減ãŸã‚AWS RDSã‚„OpenSearchã®ãƒªã‚¶ãƒ¼ãƒ–ドインスタンスを利用ã—ã¦ã„ã‚‹ã®ã§ã™ãŒã€AWS Cost ExplorerãŒæä¾›ã—ã¦ã„る期é™åˆ‡ã‚Œã‚¢ãƒ©ãƒ¼ãƒˆã¯Eメールã¸ã®é€šçŸ¥ã®ã¿ã§ã€ã¾ãŸ7æ—¥å‰ãƒ»30æ—¥å‰ãƒ»60æ—¥å‰ã¨æ±ºã‚られãŸã‚¿ã‚¤ãƒŸãƒ³ã‚°ã«ã—ã‹é€šçŸ¥ã‚’é€ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“。
カンムã®ã‚¤ãƒ³ãƒ•ãƒ©ã®ã‚¢ãƒ©ãƒ¼ãƒˆã¯ã»ã¨ã‚“ã©ãŒDatadogã§ç®¡ç†ã•ã‚Œã¦ãŠã‚Šãƒªã‚¶ãƒ¼ãƒ–ドインスタンスã®æœŸé™åˆ‡ã‚Œã‚¢ãƒ©ãƒ¼ãƒˆã‚‚ãªã‚‹ã¹ãDatadogã«é›†ç´„ã—ãŸã„ã€ã¾ãŸé€šçŸ¥ã®ã‚¿ã‚¤ãƒŸãƒ³ã‚°ä»¥å¤–ã«ã‚‚複数ã®ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®ãƒªã‚¶ãƒ¼ãƒ–ドインスタンスã®æœŸé™ãŒã©ã®ç¨‹åº¦è¿«ã£ã¦ã„ã‚‹ã®ã‹ç°¡å˜ã«æŠŠæ¡ã—ãŸã„ã€ã¨ã„ã£ãŸãƒ¢ãƒãƒ™ãƒ¼ã‚·ãƒ§ãƒ³ãŒã‚ã‚ŠGo Lambdaを使ã£ã¦ãƒªã‚¶ãƒ¼ãƒ–ドインスタンスã®æœŸé™ã‚’Datadogã®ãƒ¡ãƒˆãƒªã‚¯ã‚¹ã«ã—ã¦ã¿ã¾ã—ãŸã€‚
main.go
Goã®å®Ÿè£…ã¯GetReservationUtilization APIを呼ã³å‡ºã—ã¦ã€Datadogã«ãƒ¡ãƒˆãƒªã‚¯ã‚¹ã‚’é€ã‚‹ã ã‘ã®å˜ç´”ãªã‚‚ã®ã§ã™ã€‚ AWS Organizationsã®è¦ªã‚¢ã‚«ã‚¦ãƒ³ãƒˆã§GetReservationUtilizationを呼ã³å‡ºã™ã¨ã€åアカウントã®RIã®æƒ…å ±ã‚’å–å¾—ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚
package main import ( "context" "fmt" "log" "os" "time" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" "github.com/aws/aws-lambda-go/lambda" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/config" "github.com/aws/aws-sdk-go-v2/service/costexplorer" "github.com/aws/aws-sdk-go-v2/service/costexplorer/types" "github.com/aws/aws-sdk-go-v2/service/secretsmanager" ) var ( TARGET_SERVICES = []string{ "Amazon Relational Database Service", "Amazon OpenSearch Service", } DD_API_KEY_FROM = os.Getenv("DD_API_KEY_FROM") DD_APP_KEY_FROM = os.Getenv("DD_APP_KEY_FROM") ) const ( METRIC_NAME = "costexplor.reservation.days_to_expiry" ) func main() { lambda.Start(HandleRequest) } func HandleRequest(ctx context.Context, event any) error { now := time.Now() output, err := getReservationUtilization(ctx, now) if err != nil { return fmt.Errorf("failed to getReservationUtilization: %w", err) } if len(output.UtilizationsByTime) == 0 { log.Println("No data") return nil } utilizations := output.UtilizationsByTime[0] for _, g := range utilizations.Groups { endDateTime, err := time.Parse("2006-01-02T15:04:05.000Z", g.Attributes["endDateTime"]) if err != nil { return fmt.Errorf("failed to parse endDateTime: %w", err) } daysToExpiry := endDateTime.Sub(now).Hours() / 24 if daysToExpiry < -10 { // 10日以上経ã£ãŸéŽåŽ»ã®Reservationã¯ç„¡è¦– continue } tags := []string{ "account_name:" + g.Attributes["accountName"], "service:" + g.Attributes["service"], "lease_id:" + g.Attributes["leaseId"], } submitMetrics(ctx, now.Unix(), daysToExpiry, tags) } return nil } func getReservationUtilization(ctx context.Context, now time.Time) (*costexplorer.GetReservationUtilizationOutput, error) { cfg, err := config.LoadDefaultConfig(ctx) if err != nil { return nil, err } client := costexplorer.NewFromConfig(cfg) input := &costexplorer.GetReservationUtilizationInput{ TimePeriod: &types.DateInterval{ Start: aws.String(now.AddDate(0, 0, -90).Format("2006-01-02")), End: aws.String(now.Format("2006-01-02")), }, Filter: &types.Expression{ Dimensions: &types.DimensionValues{ Key: "SERVICE", Values: TARGET_SERVICES, }, }, GroupBy: []types.GroupDefinition{ { Type: "DIMENSION", Key: aws.String("SUBSCRIPTION_ID"), }, }, } return client.GetReservationUtilization(ctx, input) } func submitMetrics(ctx context.Context, ts int64, daysToExpiry float64, tags []string) error { ddApiKey, err := getSecretValue(ctx, DD_API_KEY_FROM) if err != nil { return err } ddAppKey, err := getSecretValue(ctx, DD_APP_KEY_FROM) if err != nil { return err } body := datadogV2.MetricPayload{ Series: []datadogV2.MetricSeries{ { Metric: METRIC_NAME, Type: datadogV2.METRICINTAKETYPE_GAUGE.Ptr(), Unit: datadog.PtrString("day"), Points: []datadogV2.MetricPoint{ { Timestamp: datadog.PtrInt64(ts), Value: datadog.PtrFloat64(daysToExpiry), }, }, Tags: tags, }, }, } configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewMetricsApi(apiClient) ctx = context.WithValue(ctx, datadog.ContextAPIKeys, map[string]datadog.APIKey{ "apiKeyAuth": {Key: ddApiKey}, "appKeyAuth": {Key: ddAppKey}, }) _, _, err = api.SubmitMetrics(ctx, body, *datadogV2.NewSubmitMetricsOptionalParameters()) if err != nil { return fmt.Errorf("Error when calling `MetricsApi.SubmitMetrics`: %w\n", err) } log.Printf("Put metric value=%.2f tags=%v ", daysToExpiry, tags) return nil } func getSecretValue(ctx context.Context, secretId string) (string, error) { cfg, err := config.LoadDefaultConfig(ctx) if err != nil { return "", err } input := &secretsmanager.GetSecretValueInput{ SecretId: aws.String(secretId), } client := secretsmanager.NewFromConfig(cfg) output, err := client.GetSecretValue(ctx, input) if err != nil { return "", err } return aws.ToString(output.SecretString), nil }
tfファイル
å‰è¿°ã®é€šã‚Šterraformã§Lambdaを定義ã—ã€EventBridge Schedulerã§ä¸€æ™‚é–“ã”ã¨ã«ãƒ¡ãƒˆãƒªã‚¯ã‚¹ã‚’é€ä¿¡ã—ã¾ã™ã€‚
data "lambdazip_files_sha256" "dd_ce_reservation_days_to_expiry" { files = [ "./lambda/dd-ce-reservation-days-to-expiry/main.go", "./lambda/dd-ce-reservation-days-to-expiry/go.mod", "./lambda/dd-ce-reservation-days-to-expiry/go.sum", ] } resource "lambdazip_file" "dd_ce_reservation_days_to_expiry" { base_dir = "./lambda/dd-ce-reservation-days-to-expiry" sources = ["bootstrap"] output = "lambda.zip" before_create = "GOOS=linux GOARCH=amd64 go build -o bootstrap main.go" triggers = data.lambdazip_files_sha256.dd_ce_reservation_days_to_expiry.map } resource "aws_lambda_function" "dd_ce_reservation_days_to_expiry" { function_name = "dd-ce-reservation-days-to-expiry" runtime = "provided.al2023" role = aws_iam_role.lambda_dd_ce_reservation_days_to_expiry.arn handler = "bootstrap" filename = lambdazip_file.dd_ce_reservation_days_to_expiry.output source_code_hash = lambdazip_file.dd_ce_reservation_days_to_expiry.base64sha256 timeout = 300 environment { variables = { DD_API_KEY_FROM = aws_secretsmanager_secret.datadog_DD_API_KEY.name DD_APP_KEY_FROM = aws_secretsmanager_secret.datadog_DD_APP_KEY.name } } depends_on = [ aws_cloudwatch_log_group.lambda_dd_ce_reservation_days_to_expiry, ] } # (ç•¥) resource "aws_scheduler_schedule" "dd_ce_reservation_days_to_expiry" { name = "dd-ce-reservation-days-to-expiry" schedule_expression = "rate(1 hour)" schedule_expression_timezone = "Asia/Tokyo" state = "ENABLED" flexible_time_window { mode = "OFF" } target { arn = aws_lambda_function.dd_ce_reservation_days_to_expiry.arn role_arn = aws_iam_role.dd_ce_reservation_days_to_expiry_schedule.arn } }
表示例
Datadogã§ãƒ¡ãƒˆãƒªã‚¯ã‚¹ã‚’表示ã™ã‚‹ã¨ã€ã©ã®ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®ã©ã®RIãŒã©ã®ç¨‹åº¦æ®‹ã£ã¦ã„ã‚‹ã®ã‹ãŒä¸€ç›®ã§ã‚ã‹ã‚Šã¾ã™ã€‚
ã¾ã¨ã‚
terraformã§Go Lambdaをデプãƒã‚¤ã§ãã‚‹ã¨ã€ã¡ã‚‡ã£ã¨ã—ãŸå‡¦ç†ã‚’ãƒãƒƒãƒåŒ–ã™ã‚‹ã®ãŒã¨ã¦ã‚‚楽ã«ãªã‚Šã€ã‚¤ãƒ³ãƒ•ãƒ©ç’°å¢ƒã®æ”¹å–„ãŒé€²ã¿ã¾ã™ã€‚ ã•ã‚‰ã«Atlantisã¨ã®çµ„ã¿åˆã‚ã›ã§ã€PR上ã§Lambdaã®ãƒ‡ãƒ—ãƒã‚¤ãŒå¯èƒ½ã«ãªã‚Šã€é–‹ç™ºä½“験もéžå¸¸ã«è‰¯ã„ã§ã™ã€‚
今後も引ã続ã環境ã®æ”¹å–„ã«å‹™ã‚ã¦ã„ããŸã„ã¨ã“ã‚ã§ã™ã€‚
*1:リソースã®archive_fileã‚‚ã‚ã‚‹ã®ã§ã™ãŒdeprecatedã§ã™
*2:RP上ã§terraformを実行ã§ãるツールã§ã™ https://www.runatlantis.io/
