Scalaã‹ã‚‰AWS CDKã‚’å©ã„ã¦ã‚¤ãƒ³ãƒ•ãƒ©ã‚’構築ã™ã‚‹
モãƒãƒ™ãƒ¼ã‚·ãƒ§ãƒ³
先日ã€TypeScriptã¨Pythonå‘ã‘ã« AWS Cloud Development Kit ãŒGAã«ãªã‚Šã¾ã—ãŸã€‚
ç¾åœ¨GAã§ã¯ãªã„ã®ã§ã™ãŒã€Javaã‚‚ã“ã®AWS CDKã®å¯¾è±¡è¨€èªžã¨ãªã£ã¦ã„ã¾ã™ã€‚
ã˜ã‚ƒã‚ã€Javaã§ã§ãã‚‹ãªã‚‰Scalaã§ã‚‚ã§ãるよã?(決ã¾ã‚Šæ–‡å¥)
Scalaã§ã‚¤ãƒ³ãƒ•ãƒ©ã‚³ãƒ¼ãƒ‰ã‚’書ã‘ã‚‹ã®ã¯å¬‰ã—ãã†ã€‚
ã¨ã„ã†ã‚ã‘ã§Scalaã‹ã‚‰AWS CDKã‚’å©ã‘ã‚‹ã‹è©¦ã—ã¦ã¿ã¾ã—ãŸã€‚
セットアップ
AWS CDKã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«
npm install -g aws-cdk
Ammoniteã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«
今回ã¯Scalaスクリプトを使ã£ã¦AWS CDKã®APIã‚’å©ã„ã¦ã¿ã¾ã™ã€‚
以下ã¯åŸ·ç†æ™‚ã®æœ€æ–°ç‰ˆã‚’インストールã—ã¦ã„ã¾ã™ã€‚
sudo sh -c '(echo "#!/usr/bin/env sh" && curl -L https://github.com/lihaoyi/Ammonite/releases/download/1.6.9/2.13-1.6.9) > /usr/local/bin/amm && chmod +x /usr/local/bin/amm' && amm
実行ファイルをプãƒã‚¸ã‚§ã‚¯ãƒˆä¸‹ã«ç½®ã„ã¦ãŠãã¨ã€ä»–ã®äººãŒAmmoniteをインストールã™ã‚‹å¿…è¦ãŒãªããªã‚‹ã®ã§ãŠã™ã™ã‚。
sudo cp /usr/local/bin/amm /path/to/your_project/amm
Scalaスクリプトã®å®Ÿè£…
AWS CDKã®APIã‚’å©ãScalaスクリプトを実装ã—ã¾ã™ã€‚
リソースã®å®šç¾©ãªã©ã¯å…¬å¼ã®ã‚µãƒ³ãƒ—ルãªã©ã‚’å‚考ã«ã—ã¦ãã ã•ã„。
// ä¾å˜ãƒ©ã‚¤ãƒ–ãƒ©ãƒªã‚’è¿½åŠ import $ivy.`software.amazon.awscdk:core:1.0.0.DEVPREVIEW` import $ivy.`software.amazon.awscdk:s3:1.0.0.DEVPREVIEW` import software.amazon.awscdk.core.{App, Construct, Stack, StackProps} import software.amazon.awscdk.services.s3.{Bucket, BucketProps} class ExampleStack(parent: Construct, id: String, props: StackProps = null) extends Stack(parent, id, props) { new Bucket(this, "aws-cdk-scala-script-example-bucket", BucketProps.builder().build()) } // CDKアプリケーションを定義 val app = new App() // CloudFormationã®ã‚¹ã‚¿ãƒƒã‚¯ã‚’作æˆã€‚appã«è¿½åŠ 。 new ExampleStack(app, "example-stack") // CloudFormationã®ãƒ†ãƒ³ãƒ—レートを生æˆã‚’明示的ã«è¡Œã†ã€‚ // 本æ¥ã¯æš—黙的ã«ç”Ÿæˆã‚’è¡Œã†ã‚ˆã†ã§ã“ã‚Œã¯ãƒ¯ãƒ¼ã‚¯ã‚¢ãƒ©ã‚¦ãƒ³ãƒ‰ã€‚IssueãŒä¸ŠãŒã£ã¦ã„る。 // https://github.com/aws/jsii/issues/456 app.synth()
cdk.json ã§CDKアプリケーションã®å®Ÿè¡Œæ–¹æ³•ã‚’è¨å®š
今回ã¯ScalaスクリプトãŒCDKアプリケーションã¨ã„ã†ã“ã¨ã«ãªã‚‹ã®ã§ã€å…ˆç¨‹ã®ã‚¹ã‚¯ãƒªãƒ—トをAmmoniteã§å®Ÿè¡Œã™ã‚‹ã‚ˆã†è¨å®šã—ã¾ã™ã€‚
{ "app": "./amm aws-cdk-example.sc" }
CDKアプリケーションã§ä½œæˆã—ãŸã‚¹ã‚¿ãƒƒã‚¯ã‚’デプãƒã‚¤ã™ã‚‹
スタックã®ä¸€è¦§
cdk list ( or ls ) コマンドã§CDKアプリケーションã§å®šç¾©ã—ãŸã‚¹ã‚¿ãƒƒã‚¯ã®ä¸€è¦§ãŒè¡¨ç¤ºã§ãã¾ã™ã€‚
ã“ã“ã§ã¯ã€ä¸Šè¨˜ã§è¨å®šã—ãŸScalaスクリプトã®ã‚³ãƒ³ãƒ‘イルã¨å®Ÿè¡ŒãŒè¡Œã‚ã‚Œã¾ã™ã€‚
$ cdk ls Compiling /home/blacky/projects/scala/aws-cdk-scala-script/aws-cdk-example.sc example-stack
cdk.out ディレクトリ以下ã«ã¯CDKアプリケーションã‹ã‚‰ä½œæˆã•ã‚ŒãŸãƒ†ãƒ³ãƒ—レートãªã©ãŒã§ãã¦ã„ã¾ã™ã€‚
tree cdk.out/
cdk.out/
├── cdk.out
├── example-stack.template.json
└── manifest.json
0 directories, 3 files
$ cat cdk.out/example-stack.template.json
{
"Resources": {
"awscdkscalascriptexamplebucketD9CE1DF9": {
"Type": "AWS::S3::Bucket",
"UpdateReplacePolicy": "Retain",
"DeletionPolicy": "Retain",
"Metadata": {
"aws:cdk:path": "example-stack/aws-cdk-scala-script-example-bucket/Resource"
}
},
"awscdkscalaD5F5E654": {
"Type": "AWS::IAM::User",
"Metadata": {
"aws:cdk:path": "example-stack/aws-cdk-scala/Resource"
}
},
"awscdkscalaDefaultPolicyF833299D": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"s3:GetObject*",
"s3:GetBucket*",
"s3:List*",
"s3:DeleteObject*",
"s3:PutObject*",
"s3:Abort*"
],
"Effect": "Allow",
"Resource": [
{
"Fn::GetAtt": [
"awscdkscalascriptexamplebucketD9CE1DF9",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"awscdkscalascriptexamplebucketD9CE1DF9",
"Arn"
]
},
"/*"
]
]
}
]
}
],
"Version": "2012-10-17"
},
"PolicyName": "awscdkscalaDefaultPolicyF833299D",
"Users": [
{
"Ref": "awscdkscalaD5F5E654"
}
]
},
"Metadata": {
"aws:cdk:path": "example-stack/aws-cdk-scala/DefaultPolicy/Resource"
}
}
}
}
スタックã®ãƒ‡ãƒ—ãƒã‚¤
cdk deploy ã§ã‚¹ã‚¿ãƒƒã‚¯ã®ãƒ‡ãƒ—ãƒã‚¤ã‚’è¡Œã„ã¾ã™ã€‚
$ cdk deploy example-stack # 今回スタックã¯ã²ã¨ã¤ãªã®ã§ `example-stack` ã¯çœç•¥å¯ example-stack: deploying... example-stack: creating CloudFormation changeset... 0/3 | 18:42:21 | CREATE_IN_PROGRESS | AWS::CDK::Metadata | CDKMetadata 0/3 | 18:42:22 | CREATE_IN_PROGRESS | AWS::S3::Bucket | aws-cdk-scala-script-example-bucket (awscdkscalascriptexamplebucketD9CE1DF9) 0/3 | 18:42:24 | CREATE_IN_PROGRESS | AWS::S3::Bucket | aws-cdk-scala-script-example-bucket (awscdkscalascriptexamplebucketD9CE1DF9) Resource creation Initiated 0/3 | 18:42:24 | CREATE_IN_PROGRESS | AWS::CDK::Metadata | CDKMetadata Resource creation Initiated 1/3 | 18:42:24 | CREATE_COMPLETE | AWS::CDK::Metadata | CDKMetadata 2/3 | 18:42:44 | CREATE_COMPLETE | AWS::S3::Bucket | aws-cdk-scala-script-example-bucket (awscdkscalascriptexamplebucketD9CE1DF9) 3/3 | 18:42:46 | CREATE_COMPLETE | AWS::CloudFormation::Stack | example-stack ✅ example-stack Stack ARN: arn:aws:cloudformation:ap-northeast-1:012345678912:stack/example-stack/a7f50010-xxxx-yyyy-zzzz-012345678912
スタックã®ãƒ‡ãƒ—ãƒã‚¤ã¨é©ç”¨ãŒã§ãã¾ã—ãŸ!
実際ã«ãƒªã‚½ãƒ¼ã‚¹ãŒä½œæˆã•ã‚Œã¦ã„ã‚‹ã‹ç¢ºã‹ã‚ã¦ã¿ã¾ã—ょã†ã€‚
確ã‹ã«S3ãƒã‚±ãƒƒãƒˆãŒä½œæˆã•ã‚Œã¦ã„ã‚‹ã®ãŒã‚ã‹ã‚Šã¾ã™!
スタックã®æ›´æ–°
ã›ã£ã‹ããªã®ã§ä»–ã®ãƒªã‚½ãƒ¼ã‚¹ã‚‚作ã£ã¦ã¿ã¾ã—ょã†ã€‚
Scalaスクリプトを書ãæ›ãˆã¾ã™ã€‚
import $ivy.`software.amazon.awscdk:core:1.0.0.DEVPREVIEW` import $ivy.`software.amazon.awscdk:s3:1.0.0.DEVPREVIEW` import $ivy.`software.amazon.awscdk:iam:1.0.0.DEVPREVIEW` // è¿½åŠ import software.amazon.awscdk.core.{App, Construct, Stack, StackProps} import software.amazon.awscdk.services.iam.User import software.amazon.awscdk.services.s3.{Bucket, BucketProps} class ExampleStack(parent: Construct, id: String, props: StackProps = null) extends Stack(parent, id, props) { val bucket = new Bucket(this, "aws-cdk-scala-script-example-bucket", BucketProps.builder().build()) // ユーザーã®å®šç¾© val user = new User(this, "aws-cdk-scala") // ãƒã‚±ãƒƒãƒˆã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’許å¯ã™ã‚‹ bucket.grantReadWrite(user) } val app = new App() new ExampleStack(app, "example-stack") app.synth()
書ãæ›ãˆãŸã‚‰ã€ cdk diff を実行ã—ã¦ã¿ã¾ã—ょã†ã€‚
ã“ã‚Œã¯ç¾åœ¨ã®ã‚¹ã‚¿ãƒƒã‚¯ã®çŠ¶æ…‹ã¨ã®å·®åˆ†ã‚’表示ã™ã‚‹ã‚³ãƒžãƒ³ãƒ‰ã§ã™ã€‚
$ cdk diff example-stack
Stack example-stack
IAM Statement Changes
┌───┬────────────────────────────────────────────────────────────────────────────────────────┬────────┬──────────────────────────────────────────────────────────────────────────┬──────────────────────┬───────────â”
│ │ Resource │ Effect │ Action │ Principal │ Condition │
├───┼────────────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────────────────────────────────────────────────────────────────┼──────────────────────┼───────────┤
│ + │ ${aws-cdk-scala-script-example-bucket.Arn} │ Allow │ s3:Abort* │ AWS:${aws-cdk-scala} │ │
│ │ ${aws-cdk-scala-script-example-bucket.Arn}/* │ │ s3:DeleteObject* │ │ │
│ │ │ │ s3:GetBucket* │ │ │
│ │ │ │ s3:GetObject* │ │ │
│ │ │ │ s3:List* │ │ │
│ │ │ │ s3:PutObject* │ │ │
└───┴────────────────────────────────────────────────────────────────────────────────────────┴────────┴──────────────────────────────────────────────────────────────────────────┴──────────────────────┴───────────┘
(NOTE: There may be security-related changes not in this list. See http://bit.ly/cdk-2EhF7Np)
Resources
[+] AWS::IAM::User aws-cdk-scala awscdkscalaD5F5E654
[+] AWS::IAM::Policy aws-cdk-scala/DefaultPolicy awscdkscalaDefaultPolicyF833299D
è¿½åŠ ã—ãŸãƒªã‚½ãƒ¼ã‚¹ã¨IAMã®ãƒãƒªã‚·ãƒ¼ã®è©³ç´°ãŒè¡¨ç¤ºã•ã‚Œã¦ã„ã‚‹ã®ãŒã‚ã‹ã‚Šã¾ã™ã€‚
変更を確èªã—ãŸã‚‰ãƒ‡ãƒ—ãƒã‚¤ã—ã¾ã—ょã†ã€‚
$ cdk deploy example-stack
This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).
Please confirm you intend to make the following modifications:
IAM Statement Changes
┌───┬────────────────────────────────────────────────────────────────────────────────────────┬────────┬──────────────────────────────────────────────────────────────────────────┬──────────────────────┬───────────â”
│ │ Resource │ Effect │ Action │ Principal │ Condition │
├───┼────────────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────────────────────────────────────────────────────────────────┼──────────────────────┼───────────┤
│ + │ ${aws-cdk-scala-script-example-bucket.Arn} │ Allow │ s3:Abort* │ AWS:${aws-cdk-scala} │ │
│ │ ${aws-cdk-scala-script-example-bucket.Arn}/* │ │ s3:DeleteObject* │ │ │
│ │ │ │ s3:GetBucket* │ │ │
│ │ │ │ s3:GetObject* │ │ │
│ │ │ │ s3:List* │ │ │
│ │ │ │ s3:PutObject* │ │ │
└───┴────────────────────────────────────────────────────────────────────────────────────────┴────────┴──────────────────────────────────────────────────────────────────────────┴──────────────────────┴───────────┘
(NOTE: There may be security-related changes not in this list. See http://bit.ly/cdk-2EhF7Np)
Do you wish to deploy these changes (y/n)? y
example-stack: deploying...
example-stack: creating CloudFormation changeset...
0/3 | 19:03:03 | CREATE_IN_PROGRESS | AWS::IAM::User | aws-cdk-scala (awscdkscalaD5F5E654)
0/3 | 19:03:04 | CREATE_IN_PROGRESS | AWS::IAM::User | aws-cdk-scala (awscdkscalaD5F5E654) Resource creation Initiated
0/3 Currently in progress: awscdkscalaD5F5E654
1/3 | 19:03:40 | CREATE_COMPLETE | AWS::IAM::User | aws-cdk-scala (awscdkscalaD5F5E654)
1/3 | 19:03:42 | CREATE_IN_PROGRESS | AWS::IAM::Policy | aws-cdk-scala/DefaultPolicy (awscdkscalaDefaultPolicyF833299D)
1/3 | 19:03:44 | CREATE_IN_PROGRESS | AWS::IAM::Policy | aws-cdk-scala/DefaultPolicy (awscdkscalaDefaultPolicyF833299D) Resource creation Initiated
2/3 | 19:03:52 | CREATE_COMPLETE | AWS::IAM::Policy | aws-cdk-scala/DefaultPolicy (awscdkscalaDefaultPolicyF833299D)
2/3 | 19:03:54 | UPDATE_COMPLETE_CLEA | AWS::CloudFormation::Stack | example-stack
3/3 | 19:03:55 | UPDATE_COMPLETE | AWS::CloudFormation::Stack | example-stack
✅ example-stack
Stack ARN:
arn:aws:cloudformation:ap-northeast-1:012345678912:stack/example-stack/a7f50010-xxxx-yyyy-zzzz-012345678912
無事ã€IAMユーザã¨ãƒãƒªã‚·ãƒ¼ã®è¨å®šãŒã§ãã¾ã—ãŸ!
ã¾ã¨ã‚
Scalaã§AWSã®ã‚¤ãƒ³ãƒ•ãƒ©ä½œæˆãŒã§ãるよã†ã«ãªã‚Šã¾ã—ãŸã€‚激アツã§ã™ã!
Terraformã®ã‚ˆã†ãªHCLã®æ›¸ã方を覚ãˆã‚‹å¿…è¦ãŒãªã„ã§ã™ã—ã€æ…£ã‚ŒãŸè¨€èªžã‚„IDEã®æ©æµã‚’å—ã‘ãªãŒã‚‰ã‚¬ãƒ„ガツインフラを書ã‘ã‚‹ã®ã¯å¤¢ãŒã‚ã‚Šãã†ã§ã™ã€‚
ãŸã ã—ã€æ°—ã«ãªã‚‹ã¨ã“ã‚ã¯ã„ãã¤ã‹ã‚ã£ã¦ã€
- AWS以外ã®ã‚¤ãƒ³ãƒ•ãƒ©ã‚‚ä½µã›ã¦ä½œæˆã™ã‚‹å ´åˆã«ã¯ç´ ç›´ã«Terraformãªã©ã‚’使ã£ãŸã»ã†ãŒè‰¯ã•ãã†ã€‚
- Javaã®ãƒ“ルダーパターンã«ã‚ˆã‚‹ãƒªã‚½ãƒ¼ã‚¹ã®å®šç¾©ãŒè‹¥å¹²é¬±é™¶ã—ã„
- AWS CDK Javaã¯ã¾ã 開発段階
- コンパイル時ã«ãƒªã‚½ãƒ¼ã‚¹å®šç¾©ã®èª¤ã‚Š(å¿…é ˆãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãŒè¶³ã‚Šãªã„ãªã©)ã¯æ¤œå‡ºã•ã‚Œãªã„。
- ãƒãƒªãƒ‡ãƒ¼ã‚·ãƒ§ãƒ³ã«æŠœã‘ãŒã‚ã£ã¦ã€ã‚¹ã‚¿ãƒƒã‚¯ã®é©ç”¨æ™‚ã«ã‚¨ãƒ©ãƒ¼ã«ãªã‚‹ã€‚
ãªã©ã€ã“ã‚Œã‹ã‚‰ã«æœŸå¾…ã¨ã„ã†æ„Ÿã˜ã§ã—ょã†ã‹ã€‚
ウッ… pic.twitter.com/wUSa7uYg8w
— blac_k_ey (@blac_k_ey) July 13, 2019
ã‚ーã£â€¦ã“ã†ã„ã†ã®ã‚³ãƒ³ãƒ‘イルã§å¼¾ã„ã¦ã»ã—ã‹ã£ãŸâ€¦ pic.twitter.com/Z6QM4OWWWh
— blac_k_ey (@blac_k_ey) July 13, 2019
ãµã‡ã‡â€¦ãƒãƒªãƒ‡ãƒ¼ã‚·ãƒ§ãƒ³ã‚¨ãƒ©ãƒ¼ã©ã“ã‚ã‹ãƒ©ãƒ³ã‚¿ã‚¤ãƒ エラーã§ãŸã‚ˆâ€¦ pic.twitter.com/imuisg6HNP
— blac_k_ey (@blac_k_ey) July 13, 2019
今回ã®æˆæžœç‰©
余談
AWS CDK Javaã¯jsiiã¨ã„ã†ãƒ©ã‚¤ãƒ–ラリ使ã£ã¦Javaã‹ã‚‰TypeScriptã®ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã‚’呼ã³å‡ºã—ã¦ã„るらã—ã„ã§ã™ã€‚
