Embed Size (px)
Citation preview
발표자�소개
• 한종원�
• https://www.linkedin.com/in/addnull/�
• Python과�Cloud�Infra,�Lean/Agile�방법론�그리고�애플의�제품을�사랑.�
• 2012년�석사�학위를�마치고,�스타트업을�시작�(이때부터�AWS를�production�level에서�사용)�
• '의미가�있는�일을,�올바르게�하고�싶다.'�
• 경력�
• (현)�DevOps�전문�스타트업�‘HB�Smith’�대표�(https://hbsmith.io)�
• (2016)�택시�O2O�서비스�스타트업�‘Kanizsa�Lab’의�backend�server�/�infra�devops�담당�
• (2015)�Cloud�computing�전문�스타트업�'A2�company'�co-founder�(‘KINX’에�인수합병)�
• (2012)�Samsung�Software�Membership�(대전)�
• (2010)�Samsung�Software�Membership�(수원)�
• (2007)�NEXON�'MapleStory�국내�Live�Team'에서�DBA,�SA로�근무�(산업�기능�요원)
2
발표�내용
• Requirements�
• System�Architecture�
• Live�Demo�
• Wrap�Up�
• QnA�
• (예상�발표시간:�25~30분)
3
Requirements
Requirements
• IP�whitelist가�적용된�서버에�요청을�보내야함�
• 단,�이런�요청을�매우�낮은�빈도로�보냄�
• 즉,�EC2를�쓰기엔�비용이�아까우니,�Lambda를�고려�
• 그럼,�Lambda가�실행되는�VM의�IP�address를특정�EIP로�고정할�수�있을까?
5
Requirements
• 그런데,�Lambda�설정에�EIP�지정�옵션이�없음
6
Requirements
• 대신에�Lambda를�VPC�안에서�실행되게�만들�수�있음�
• 오늘�발표는�Lambda를�가장한,�VPC�발표�
• [Reference]http://techblog.financialengines.com/2016/09/26/aws-lambdas-with-a-static-outgoing-ip/
7
System�Architecture
System�Architecture
• VPC�resources�
• 1�public�subnet�
• private�subnets�
• NAT�GW�
• Internet�GW�
• EIP�
• Route�tables�
• Security�groups�
• IAM�resources�
• 1�IAM�role�
• IAM�role�polices
9
System�Architecture
• Network�flow�(녹색)�
• Lambda�(Private�subnet) ->�Router->�NAT�GW(Public�subnet) ->�Router->�Internet�GW
10
System�Architecture
• Network�flow�(step�by�step)�
• Step�1.�
• 원하는�trigger로�Lambda�실행�요청�
• private�1�또는�2에서�Lambda가�실행됨�
• Lambda에서�VPC�외부(Internet)로�접근
11
System�Architecture
• Step�2.�
• 해당�Lambda의�private�subnet의�route�table에�의해서NAT�GW가�있는�public�subnet으로�routing
12
System�Architecture
• Step�3.�
• NAT�GW의�public�subnet의�route�table에�의해서 Internet�GW으로�routing�(즉,�외부�Internet�접근�성공)�
• 이때,�외부�Internet�에�노출되는�IP�address는Lambda가�실행되는�VM의�IP�address가�아니라�NAT�GW의�EIP
13
Live�Demo
Live�Demo
• ‘자,�어디서�시작할까?’
15
Live�Demo
• Project�‘Johanna’(‘Tiamat’의�CLI)의�수정�버전(git�branch�‘live-demo-20170308’)�
• https://github.com/HardBoiledSmith/johanna/tree/live-demo-20170308�
• Live�demo�resources�
• ‘config.json.sample’�
• run�script�(python3)�for�create/terminate�VPC�
• AWS�IAM�role�and�polices�
• AWS�Lambda�sample�code�(print�outgoing�IP�address)
16
Live�Demo
• Step�by�step�
• Step�1.�
• ‘config.json’�생성(‘config.json.sample’�참고)�
• https://github.com/HardBoiledSmith/johanna/blob/live-demo-20170308/config.json.sample
17
Live�Demo
• Step�by�step�
• Step�2.�
• ‘./run.py�create’�
• 약�1~2분�후,�VPC�와�필요한�AWS�resource�생성�완료(left:�생성�이전,�right:�생성�이후)�
18
Live�Demo
• Step�by�step�
• Step�3.�
• ‘Lambda’�생성(‘sample_lambda/get_ip_address.js’�참고)�
• https://github.com/HardBoiledSmith/johanna/blob/live-demo-20170308/sample_lambda/get_ip_address.js�
• NAT�EIP�주소와�‘Lambda’�실행�결과�비교
19
Wrap�Up
Wrap�Up
• RequirementsEIP�지정할�수�없는�Lambda의�outgoing�IP�주소를�고정하고�싶다�
• System�ArchitectureVPC를�이용한�network�flow�
• Live�Demo‘Johanna’로�VPC�설정�및�실제�Lambda�실행�후�결과�확인�
• Wrap�Up�
• QnA
21
![[AWSマイスターシリーズ] AWS CLI / AWS Tools for Windows PowerShell](https://img.pdfslide.tips/doc/110x75/54c666a74a795928268b45ac/aws-aws-cli-aws-tools-for-windows-powershell.jpg)
