AWS Lambdas with a Static Outgoing IP

AWS�Lambdas�with�a�Static�Outgoing�IP

2017.�Mar.�8.�한종원�(addnull@hbsmith.io)

발표자�소개

• 한종원�

• https://www.linkedin.com/in/addnull/�

• Python과�Cloud�Infra,�Lean/Agile�방법론�그리고�애플의�제품을�사랑.�

• 2012년�석사�학위를�마치고,�스타트업을�시작�(이때부터�AWS를�production�level에서�사용)�

• '의미가�있는�일을,�올바르게�하고�싶다.'�

• 경력�

• (현)�DevOps�전문�스타트업�‘HB�Smith’�대표�(https://hbsmith.io)�

• (2016)�택시�O2O�서비스�스타트업�‘Kanizsa�Lab’의�backend�server�/�infra�devops�담당�

• (2015)�Cloud�computing�전문�스타트업�'A2�company'�co-founder�(‘KINX’에�인수합병)�

• (2012)�Samsung�Software�Membership�(대전)�

• (2010)�Samsung�Software�Membership�(수원)�

• (2007)�NEXON�'MapleStory�국내�Live�Team'에서�DBA,�SA로�근무�(산업�기능�요원)

발표�내용

• Requirements�

• System�Architecture�

• Live�Demo�

• Wrap�Up�

• QnA�

• (예상�발표시간:�25~30분)

Requirements

• IP�whitelist가�적용된�서버에�요청을�보내야함�

• 단,�이런�요청을�매우�낮은�빈도로�보냄�

• 즉,�EC2를�쓰기엔�비용이�아까우니,�Lambda를�고려�

• 그럼,�Lambda가�실행되는�VM의�IP�address를특정�EIP로�고정할�수�있을까?

Requirements

• 그런데,�Lambda�설정에�EIP�지정�옵션이�없음

Requirements

• 대신에�Lambda를�VPC�안에서�실행되게�만들�수�있음�

• 오늘�발표는�Lambda를�가장한,�VPC�발표�

• [Reference]http://techblog.financialengines.com/2016/09/26/aws-lambdas-with-a-static-outgoing-ip/

System�Architecture

• VPC�resources�

• 1�public�subnet�

• private�subnets�

• NAT�GW�

• Internet�GW�

• EIP�

• Route�tables�

• Security�groups�

• IAM�resources�

• 1�IAM�role�

• IAM�role�polices

• Network�flow�(녹색)�

• Lambda�(Private�subnet) ->�Router->�NAT�GW(Public�subnet) ->�Router->�Internet�GW

• Network�flow�(step�by�step)�

• Step�1.�

• 원하는�trigger로�Lambda�실행�요청�

• private�1�또는�2에서�Lambda가�실행됨�

• Lambda에서�VPC�외부(Internet)로�접근

• Step�2.�

• 해당�Lambda의�private�subnet의�route�table에�의해서NAT�GW가�있는�public�subnet으로�routing

• Step�3.�

• NAT�GW의�public�subnet의�route�table에�의해서 Internet�GW으로�routing�(즉,�외부�Internet�접근�성공)�

• 이때,�외부�Internet�에�노출되는�IP�address는Lambda가�실행되는�VM의�IP�address가�아니라�NAT�GW의�EIP

Live�Demo

• ‘자,�어디서�시작할까?’

Live�Demo

• Project�‘Johanna’(‘Tiamat’의�CLI)의�수정�버전(git�branch�‘live-demo-20170308’)�

• https://github.com/HardBoiledSmith/johanna/tree/live-demo-20170308�

• Live�demo�resources�

• ‘config.json.sample’�

• run�script�(python3)�for�create/terminate�VPC�

• AWS�IAM�role�and�polices�

• AWS�Lambda�sample�code�(print�outgoing�IP�address)

Live�Demo

• Step�by�step�

• Step�1.�

• ‘config.json’�생성(‘config.json.sample’�참고)�

• https://github.com/HardBoiledSmith/johanna/blob/live-demo-20170308/config.json.sample

Live�Demo

• Step�2.�

• ‘./run.py�create’�

• 약�1~2분�후,�VPC�와�필요한�AWS�resource�생성�완료(left:�생성�이전,�right:�생성�이후)�

Live�Demo

• Step�3.�

• ‘Lambda’�생성(‘sample_lambda/get_ip_address.js’�참고)�

• https://github.com/HardBoiledSmith/johanna/blob/live-demo-20170308/sample_lambda/get_ip_address.js�

• NAT�EIP�주소와�‘Lambda’�실행�결과�비교

Wrap�Up

• RequirementsEIP�지정할�수�없는�Lambda의�outgoing�IP�주소를�고정하고�싶다�

• System�ArchitectureVPC를�이용한�network�flow�

• Live�Demo‘Johanna’로�VPC�설정�및�실제�Lambda�실행�후�결과�확인�

• Wrap�Up�

• QnA

Q�n�A한종원�

addnull@hbsmith.io�010-9166-6855

AWS Lambdas with a Static Outgoing IP

Software

Brochure Outgoing Social Media

DESFĂȘURAREA MOBILITĂȚILOR OUTGOING · 2019. 12. 10. · page 1 of 20 procedurĂ privind organizarea Și desfĂȘurarea mobilitĂȚilor outgoing În cadrul programului erasmus

Java Streams und Lambdas

Java8 lambdas chapter1_2

Pemeliharaan Kubikel Outgoing PDL 06 Di Gardu Induk

Home - VOX - 本日のアジェンダ...AWS Transfer for SFTP AWS Snowball AWS Snowball Edge AWS DataSync AWS Snowmobile AWS Direct Connect AWS Marketplace 3rd Party Application Amazon

[AWSマイスターシリーズ] AWS OpsWorks

Unit 6 I’m more outgoing than my sister. Unit 6 I’m more outgoing than my sister

I'm more outgoing than my sister

Lambdas in Java 8

Security on AWS - resources.trendmicro.com IAM Amazon CloudWatch AWS CloudTrail AWS Config AWS CloudFormation AWS Trusted Advisor

Discovering Lambdas in Java 8

Erasmus outgoing 10 11

Annual report outgoing exchange aiesec cote d'ivoire 1314

Operadores outgoing no douro

Aws se-aws 경험기

Why Outgoing?

Update 10; the magic of the outgoing

Outgoing Broschüre 2010

AWS Black Belt Tech シリーズ 2015 - AWS CodeCommit & AWS CodePipeline & AWS CodeDeploy