{"id":2232,"date":"2025-03-24T08:47:56","date_gmt":"2025-03-23T23:47:56","guid":{"rendered":"https:\/\/dexall.co.jp\/articles\/?p=2232"},"modified":"2025-03-24T08:48:21","modified_gmt":"2025-03-23T23:48:21","slug":"aws-cdk%e3%81%a7%e5%ae%9f%e7%8f%be%e3%81%99%e3%82%8b%ef%bc%815%e3%81%a4%e3%81%ae%e5%8a%b9%e7%8e%87%e7%9a%84%e3%81%aa%e3%82%a4%e3%83%b3%e3%83%95%e3%83%a9%e6%a7%8b%e7%af%89%e3%83%86%e3%82%af%e3%83%8b","status":"publish","type":"post","link":"https:\/\/dexall.co.jp\/articles\/?p=2232","title":{"rendered":"AWS CDK\u3067\u5b9f\u73fe\u3059\u308b\uff015\u3064\u306e\u52b9\u7387\u7684\u306a\u30a4\u30f3\u30d5\u30e9\u69cb\u7bc9\u30c6\u30af\u30cb\u30c3\u30af\u30102024\u5e74\u4fdd\u5b58\u7248\u3011"},"content":{"rendered":"\n<div class=\"toc\"><br \/>\n<b>Warning<\/b>:  Undefined array key \"is_admin\" in <b>\/home\/xs392991\/dexall.co.jp\/public_html\/articles\/wp-content\/themes\/sango-theme\/library\/gutenberg\/dist\/classes\/Toc.php<\/b> on line <b>116<\/b><br \/>\n<br \/>\n<b>Warning<\/b>:  Undefined array key \"is_category_top\" in <b>\/home\/xs392991\/dexall.co.jp\/public_html\/articles\/wp-content\/themes\/sango-theme\/library\/gutenberg\/dist\/classes\/Toc.php<\/b> on line <b>121<\/b><br \/>\n<br \/>\n<b>Warning<\/b>:  Undefined array key \"is_top\" in <b>\/home\/xs392991\/dexall.co.jp\/public_html\/articles\/wp-content\/themes\/sango-theme\/library\/gutenberg\/dist\/classes\/Toc.php<\/b> on line <b>128<\/b><br \/>\n    <div id=\"toc_container\" class=\"sgb-toc--bullets js-smooth-scroll\" data-dialog-title=\"\u76ee\u6b21\">\n      <p class=\"toc_title\">\u76ee\u6b21 <\/p>\n      <ul class=\"toc_list\">  <li class=\"first\">    <a href=\"#i-0\">AWS CDK \u3068\u306f\uff1f\u521d\u5fc3\u8005\u3067\u3082\u308f\u304b\u308b\u57fa\u790e\u77e5\u8b58<\/a>    <ul class=\"menu_level_1\">      <li class=\"first\">        <a href=\"#i-1\">Infra Structure as Code \u3092\u9769\u65b0\u3059\u308b AWS CDK<\/a>      <\/li>      <li>        <a href=\"#i-2\">CloudFormation \u3068\u306e\u6c7a\u5b9a\u7684\u306a\u9055\u30443\u3064<\/a>      <\/li>      <li class=\"last\">        <a href=\"#i-3\">TypeScript \u3067\u59cb\u3081\u308b AWS CDK<\/a>      <\/li>    <\/ul>  <\/li>  <li>    <a href=\"#i-4\">AWS CDK \u958b\u767a\u74b0\u5883\u69cb\u7bc9\u306e\u5b8c\u5168\u30ac\u30a4\u30c9<\/a>    <ul class=\"menu_level_1\">      <li class=\"first\">        <a href=\"#i-5\">Node.js \u3068 AWS CDK \u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u624b\u9806<\/a>      <\/li>      <li>        <a href=\"#i-6\">VSCode\u306b\u3088\u308b\u52b9\u7387\u7684\u306a\u958b\u767a\u74b0\u5883\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7<\/a>      <\/li>      <li class=\"last\">        <a href=\"#i-7\">\u521d\u3081\u3066\u306eCDK\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u4f5c\u6210\u65b9\u6cd5<\/a>      <\/li>    <\/ul>  <\/li>  <li>    <a href=\"#i-8\">\u5b9f\u8df5\uff01AWS CDK\u306b\u3088\u308b\u30a4\u30f3\u30d5\u30e9\u69cb\u7bc9\u306e5\u3064\u306e\u30c6\u30af\u30cb\u30c3\u30af<\/a>    <ul class=\"menu_level_1\">      <li class=\"first\">        <a href=\"#i-9\">VPC\u3068\u30b5\u30d6\u30cd\u30c3\u30c8\u306e\u52b9\u7387\u7684\u306a\u5b9a\u7fa9\u65b9\u6cd5<\/a>      <\/li>      <li>        <a href=\"#i-10\">EC2\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306e\u67d4\u8edf\u306a\u30c7\u30d7\u30ed\u30a4\u6226\u7565<\/a>      <\/li>      <li>        <a href=\"#i-11\">S3\u30d0\u30b1\u30c3\u30c8\u306e\u30bb\u30ad\u30e5\u30a2\u306a\u69cb\u7bc9\u65b9\u6cd5<\/a>      <\/li>      <li>        <a href=\"#i-12\">Lambda\u95a2\u6570\u306e\u30b9\u30de\u30fc\u30c8\u306a\u30c7\u30d7\u30ed\u30a4<\/a>      <\/li>      <li class=\"last\">        <a href=\"#i-13\">IAM\u30dd\u30ea\u30b7\u30fc\u306e\u5805\u5b9f\u306a\u7ba1\u7406\u65b9\u6cd5<\/a>      <\/li>    <\/ul>  <\/li>  <li>    <a href=\"#i-14\">AWS CDK\u306e\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b92024<\/a>    <ul class=\"menu_level_1\">      <li class=\"first\">        <a href=\"#i-15\">\u30b9\u30bf\u30c3\u30af\u5206\u5272\u306b\u3088\u308b\u30e1\u30f3\u30c6\u30ca\u30f3\u30b9\u6027\u306e\u5411\u4e0a<\/a>      <\/li>      <li>        <a href=\"#i-16\">\u30ab\u30b9\u30bf\u30e0\u30b3\u30f3\u30b9\u30c8\u30e9\u30af\u30c8\u3092\u6d3b\u7528\u3057\u305f\u518d\u5229\u7528\u6027\u306e\u5b9f\u73fe<\/a>      <\/li>      <li class=\"last\">        <a href=\"#i-17\">\u52b9\u679c\u7684\u306a\u30c6\u30b9\u30c8\u6226\u7565\u306e\u5b9f\u73fe\u65b9\u6cd5<\/a>      <\/li>    <\/ul>  <\/li>  <li class=\"last\">    <a href=\"#i-18\">\u30c1\u30fc\u30e0\u958b\u767a\u3067\u306eAWS CDK\u6d3b\u7528\u8853<\/a>    <ul class=\"menu_level_1\">      <li class=\"first\">        <a href=\"#i-19\">GitHub\u3092\u4f7f\u7528\u3057\u305f\u30d0\u30fc\u30b8\u30e7\u30f3\u7ba1\u7406\u306e\u5b9f\u8df5<\/a>      <\/li>      <li>        <a href=\"#i-20\">CI\/CD\u30d1\u30a4\u30d7\u30e9\u30a4\u30f3\u306e\u69cb\u7bc9\u65b9\u6cd5<\/a>      <\/li>      <li class=\"last\">        <a href=\"#i-21\">\u30b3\u30fc\u30c9\u30ec\u30d3\u30e5\u30fc\u306e\u30dd\u30a4\u30f3\u30c8\u3068\u6ce8\u610f\u70b9<\/a>      <\/li>    <\/ul>  <\/li><\/ul>\n      <a href=\"#\" class=\"sgb-toc-button js-toc-button\" rel=\"nofollow\" data-open-dialog=\"true\"><i class=\"fa fa-list\"><\/i><span class=\"sgb-toc-button__text\">\u76ee\u6b21\u3078<\/span><\/a>\n    <\/div><\/div><h2 class=\"wp-block-heading\" id=\"i-0\">AWS CDK \u3068\u306f\uff1f\u521d\u5fc3\u8005\u3067\u3082\u308f\u304b\u308b\u57fa\u790e\u77e5\u8b58<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-1\">Infra Structure as Code \u3092\u9769\u65b0\u3059\u308b AWS CDK<\/h3>\n\n\n\n<p>AWS Cloud Development Kit\uff08AWS CDK\uff09\u306f\u3001\u30d7\u30ed\u30b0\u30e9\u30df\u30f3\u30b0\u8a00\u8a9e\u3092\u4f7f\u7528\u3057\u3066AWS\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u30b3\u30fc\u30c9\u3068\u3057\u3066\u5b9a\u7fa9\u3067\u304d\u308b\u9769\u65b0\u7684\u306a\u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\u3067\u3059\u3002\u5f93\u6765\u306eYAML\u3084JSON\u30d9\u30fc\u30b9\u306e\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u8a18\u8ff0\u304b\u3089\u8131\u5374\u3057\u3001TypeScript\u3001Python\u3001Java\u3001C#\u306a\u3069\u306e\u4f7f\u3044\u6163\u308c\u305f\u30d7\u30ed\u30b0\u30e9\u30df\u30f3\u30b0\u8a00\u8a9e\u3067\u30a4\u30f3\u30d5\u30e9\u3092\u5b9a\u7fa9\u3067\u304d\u308b\u3053\u3068\u304c\u6700\u5927\u306e\u7279\u5fb4\u3067\u3059\u3002<\/p>\n\n\n\n<p>AWS CDK\u306e\u4e3b\u306a\u7279\u5fb4\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u578b\u5b89\u5168\u6027<\/strong>: \u30b3\u30f3\u30d1\u30a4\u30eb\u6642\u306b\u30a8\u30e9\u30fc\u3092\u691c\u51fa\u53ef\u80fd<\/li>\n\n\n\n<li><strong>\u81ea\u52d5\u88dc\u5b8c<\/strong>: IDE\u306e\u30a4\u30f3\u30c6\u30ea\u30b8\u30a7\u30f3\u30b9\u6a5f\u80fd\u304c\u6d3b\u7528\u53ef\u80fd<\/li>\n\n\n\n<li><strong>\u30e2\u30b8\u30e5\u30fc\u30eb\u5316<\/strong>: \u30b3\u30fc\u30c9\u306e\u518d\u5229\u7528\u304c\u5bb9\u6613<\/li>\n\n\n\n<li><strong>\u62bd\u8c61\u5316<\/strong>: \u8907\u96d1\u306a\u30a4\u30f3\u30d5\u30e9\u69cb\u6210\u3092\u30b7\u30f3\u30d7\u30eb\u306b\u8a18\u8ff0\u53ef\u80fd<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-2\">CloudFormation \u3068\u306e\u6c7a\u5b9a\u7684\u306a\u9055\u30443\u3064<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>\u958b\u767a\u4f53\u9a13\u306e\u5411\u4e0a<\/strong><\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CloudFormation\uff1a<br><code>yaml Resources: MyBucket: Type: AWS::S3::Bucket Properties: BucketName: my-unique-bucket-name VersioningConfiguration: Status: Enabled<\/code><\/li>\n\n\n\n<li>AWS CDK\uff08TypeScript\uff09\uff1a <code>import * as s3 from 'aws-cdk-lib\/aws-s3'; const bucket = new s3.Bucket(this, 'MyBucket', { bucketName: 'my-unique-bucket-name', versioned: true });<\/code><\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>\u30ed\u30b8\u30c3\u30af\u306e\u7d44\u307f\u8fbc\u307f<\/strong><\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u6761\u4ef6\u5206\u5c90\u3084\u30eb\u30fc\u30d7\u304c\u81ea\u7136\u306b\u8a18\u8ff0\u53ef\u80fd<\/li>\n\n\n\n<li>\u30e6\u30fc\u30c6\u30a3\u30ea\u30c6\u30a3\u95a2\u6570\u306e\u4f5c\u6210\u3068\u518d\u5229\u7528\u304c\u5bb9\u6613<\/li>\n\n\n\n<li>\u74b0\u5883\u5909\u6570\u3084\u30d1\u30e9\u30e1\u30fc\u30bf\u306e\u53d6\u308a\u6271\u3044\u304c\u67d4\u8edf<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>\u30ab\u30b9\u30bf\u30e0\u30b3\u30f3\u30b9\u30c8\u30e9\u30af\u30c8<\/strong><\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u8907\u6570\u306eAWS\u30ea\u30bd\u30fc\u30b9\u30921\u3064\u306e\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u3068\u3057\u3066\u5b9a\u7fa9\u53ef\u80fd<\/li>\n\n\n\n<li>\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u3092\u7d44\u7e54\u5185\u3067\u5171\u6709\u53ef\u80fd<\/li>\n\n\n\n<li>\u30b5\u30fc\u30c9\u30d1\u30fc\u30c6\u30a3\u88fd\u306e\u30b3\u30f3\u30b9\u30c8\u30e9\u30af\u30c8\u30e9\u30a4\u30d6\u30e9\u30ea\u304c\u5229\u7528\u53ef\u80fd<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-3\">TypeScript \u3067\u59cb\u3081\u308b AWS CDK<\/h3>\n\n\n\n<p>TypeScript\u306f\u3001AWS CDK\u3067\u6700\u3082\u4eba\u6c17\u306e\u3042\u308b\u8a00\u8a9e\u3067\u3059\u3002\u305d\u306e\u7406\u7531\u3068\u57fa\u672c\u7684\u306a\u4f7f\u3044\u65b9\u3092\u898b\u3066\u3044\u304d\u307e\u3057\u3087\u3046\u3002<\/p>\n\n\n\n<p><strong>TypeScript\u3092\u9078\u3076\u7406\u7531\uff1a<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u5f37\u529b\u306a\u578b\u30b7\u30b9\u30c6\u30e0<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u30ea\u30bd\u30fc\u30b9\u306e\u30d7\u30ed\u30d1\u30c6\u30a3\u540d\u3084\u5024\u306e\u578b\u30c1\u30a7\u30c3\u30af<\/li>\n\n\n\n<li>\u30b3\u30f3\u30d1\u30a4\u30eb\u6642\u306e\u30a8\u30e9\u30fc\u691c\u51fa<\/li>\n\n\n\n<li>IDE\u306b\u3088\u308b\u512a\u308c\u305f\u30b3\u30fc\u30c9\u88dc\u5b8c<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u8c4a\u5bcc\u306a\u30a8\u30b3\u30b7\u30b9\u30c6\u30e0<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>npm \u30d1\u30c3\u30b1\u30fc\u30b8\u306e\u6d3b\u7528<\/li>\n\n\n\n<li>\u591a\u6570\u306e\u30b5\u30fc\u30c9\u30d1\u30fc\u30c6\u30a3\u30e9\u30a4\u30d6\u30e9\u30ea<\/li>\n\n\n\n<li>\u30b3\u30df\u30e5\u30cb\u30c6\u30a3\u30b5\u30dd\u30fc\u30c8<\/li>\n<\/ul>\n\n\n\n<p><strong>\u57fa\u672c\u7684\u306a\u69cb\u6587\u4f8b\uff1a<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">import * as cdk from 'aws-cdk-lib';\nimport * as ec2 from 'aws-cdk-lib\/aws-ec2';\nimport * as s3 from 'aws-cdk-lib\/aws-s3';\n\nexport class MyInfraStack extends cdk.Stack {\n  constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {\n    super(scope, id, props);\n\n    \/\/ VPC\u306e\u4f5c\u6210\n    const vpc = new ec2.Vpc(this, 'MyVPC', {\n      maxAzs: 2,\n      natGateways: 1\n    });\n\n    \/\/ S3\u30d0\u30b1\u30c3\u30c8\u306e\u4f5c\u6210\n    const bucket = new s3.Bucket(this, 'MyBucket', {\n      versioned: true,\n      encryption: s3.BucketEncryption.S3_MANAGED\n    });\n  }\n}<\/pre>\n\n\n\n<p>\u3053\u306e\u30b3\u30fc\u30c9\u306f\u4ee5\u4e0b\u306e\u8981\u7d20\u3067\u69cb\u6210\u3055\u308c\u3066\u3044\u307e\u3059\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>import\u6587<\/strong>: \u5fc5\u8981\u306aCDK\u30e2\u30b8\u30e5\u30fc\u30eb\u306e\u30a4\u30f3\u30dd\u30fc\u30c8<\/li>\n\n\n\n<li><strong>Stack\u30af\u30e9\u30b9<\/strong>: \u30a4\u30f3\u30d5\u30e9\u5b9a\u7fa9\u306e\u57fa\u672c\u5358\u4f4d<\/li>\n\n\n\n<li><strong>\u30b3\u30f3\u30b9\u30c8\u30e9\u30af\u30c8<\/strong>: VPC\u3084S3\u30d0\u30b1\u30c3\u30c8\u306a\u3069\u306eAWS\u30ea\u30bd\u30fc\u30b9<\/li>\n\n\n\n<li><strong>\u30d7\u30ed\u30d1\u30c6\u30a3<\/strong>: \u30ea\u30bd\u30fc\u30b9\u306e\u8a2d\u5b9a\u5024<\/li>\n<\/ul>\n\n\n\n<p>AWS CDK\u306f\u3001\u3053\u306eTypeScript\u30b3\u30fc\u30c9\u3092\u81ea\u52d5\u7684\u306bCloudFormation\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u306b\u5909\u63db\u3057\u3001AWS\u30ea\u30bd\u30fc\u30b9\u3092\u30c7\u30d7\u30ed\u30a4\u3057\u307e\u3059\u3002\u3053\u306e\u30d7\u30ed\u30bb\u30b9\u306b\u3088\u308a\u3001\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u7ba1\u7406\u3001\u30c6\u30b9\u30c8\u3001\u518d\u5229\u7528\u304c\u5bb9\u6613\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"i-4\">AWS CDK \u958b\u767a\u74b0\u5883\u69cb\u7bc9\u306e\u5b8c\u5168\u30ac\u30a4\u30c9<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-5\">Node.js \u3068 AWS CDK \u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u624b\u9806<\/h3>\n\n\n\n<p>AWS CDK\u3092\u4f7f\u7528\u3059\u308b\u305f\u3081\u306e\u74b0\u5883\u69cb\u7bc9\u3092\u3001\u9806\u3092\u8ffd\u3063\u3066\u8aac\u660e\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Node.js\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/strong><\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/nodejs.org\/\">Node.js\u516c\u5f0f\u30b5\u30a4\u30c8<\/a>\u304b\u3089\u6700\u65b0\u306eLTS\u7248\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9<\/li>\n\n\n\n<li>\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u5f8c\u3001\u30bf\u30fc\u30df\u30ca\u30eb\u3067\u52d5\u4f5c\u78ba\u8a8d<br><code>bash node --version npm --version<\/code><\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>AWS CDK\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">   # \u30b0\u30ed\u30fc\u30d0\u30eb\u306bAWS CDK\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\n   npm install -g aws-cdk\n\n   # \u30d0\u30fc\u30b8\u30e7\u30f3\u78ba\u8a8d\n   cdk --version<\/pre>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li><strong>AWS\u8a8d\u8a3c\u60c5\u5831\u306e\u8a2d\u5b9a<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">   # AWS CLI\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\uff08\u307e\u3060\u306e\u5834\u5408\uff09\n   pip install awscli\n\n   # \u8a8d\u8a3c\u60c5\u5831\u306e\u8a2d\u5b9a\n   aws configure<\/pre>\n\n\n\n<p>\u5fc5\u8981\u306a\u60c5\u5831\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AWS Access Key ID<\/li>\n\n\n\n<li>AWS Secret Access Key<\/li>\n\n\n\n<li>Default region name<\/li>\n\n\n\n<li>Default output format<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-6\">VSCode\u306b\u3088\u308b\u52b9\u7387\u7684\u306a\u958b\u767a\u74b0\u5883\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7<\/h3>\n\n\n\n<p>VSCode\u3067AWS CDK\u3092\u5feb\u9069\u306b\u958b\u767a\u3059\u308b\u305f\u3081\u306e\u8a2d\u5b9a\u3092\u7d39\u4ecb\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>\u5fc5\u9808\u62e1\u5f35\u6a5f\u80fd\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/strong><\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AWS Toolkit<\/li>\n\n\n\n<li>TypeScript and JavaScript Language Features<\/li>\n\n\n\n<li>ESLint<\/li>\n\n\n\n<li>Prettier<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>\u63a8\u5968\u3059\u308bVSCode\u8a2d\u5b9a<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">   {\n     \"editor.formatOnSave\": true,\n     \"editor.codeActionsOnSave\": {\n       \"source.fixAll.eslint\": true\n     },\n     \"typescript.updateImportsOnFileMove.enabled\": \"always\",\n     \"javascript.updateImportsOnFileMove.enabled\": \"always\"\n   }<\/pre>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li><strong>\u30c7\u30d0\u30c3\u30b0\u8a2d\u5b9a<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">   {\n     \"version\": \"0.2.0\",\n     \"configurations\": [\n       {\n         \"type\": \"node\",\n         \"request\": \"launch\",\n         \"name\": \"Debug CDK App\",\n         \"program\": \"${workspaceRoot}\/bin\/your-app.ts\",\n         \"preLaunchTask\": \"tsc: build - tsconfig.json\",\n         \"outFiles\": [\"${workspaceRoot}\/cdk.out\/**\/*.js\"],\n         \"console\": \"integratedTerminal\"\n       }\n     ]\n   }<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-7\">\u521d\u3081\u3066\u306eCDK\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u4f5c\u6210\u65b9\u6cd5<\/h3>\n\n\n\n<p>\u65b0\u898f\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u306e\u4f5c\u6210\u304b\u3089\u521d\u671f\u8a2d\u5b9a\u307e\u3067\u3092\u89e3\u8aac\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u306e\u521d\u671f\u5316<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">   # \u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u4f5c\u6210\n   mkdir my-cdk-project\n   cd my-cdk-project\n\n   # CDK\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u306e\u521d\u671f\u5316\uff08TypeScript\u4f7f\u7528\uff09\n   cdk init app --language typescript<\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><strong>\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u69cb\u9020\u306e\u7406\u89e3<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">   my-cdk-project\/\n   \u251c\u2500\u2500 bin\/\n   \u2502   \u2514\u2500\u2500 my-cdk-project.ts    # \u30a8\u30f3\u30c8\u30ea\u30fc\u30dd\u30a4\u30f3\u30c8\n   \u251c\u2500\u2500 lib\/\n   \u2502   \u2514\u2500\u2500 my-cdk-project-stack.ts    # \u30e1\u30a4\u30f3\u306e\u30b9\u30bf\u30c3\u30af\u5b9a\u7fa9\n   \u251c\u2500\u2500 test\/\n   \u2502   \u2514\u2500\u2500 my-cdk-project.test.ts    # \u30c6\u30b9\u30c8\u30d5\u30a1\u30a4\u30eb\n   \u251c\u2500\u2500 cdk.json    # CDK\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\n   \u251c\u2500\u2500 package.json\n   \u2514\u2500\u2500 tsconfig.json<\/pre>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li><strong>\u4f9d\u5b58\u30d1\u30c3\u30b1\u30fc\u30b8\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">   # \u5fc5\u8981\u306a\u30d1\u30c3\u30b1\u30fc\u30b8\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\n   npm install @aws-cdk\/assert @types\/jest @types\/node typescript<\/pre>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li><strong>\u521d\u671f\u8a2d\u5b9a\u306e\u78ba\u8a8d\u3068\u4fee\u6b63<\/strong><\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>cdk.json<\/code>\u306e\u78ba\u8a8d<br><code>json { \"app\": \"npx ts-node --prefer-ts-exts bin\/my-cdk-project.ts\", \"context\": { \"@aws-cdk\/core:enableDiffNoFail\": \"true\", \"@aws-cdk\/core:newStyleStackSynthesis\": \"true\" } }<\/code><\/li>\n<\/ul>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li><strong>\u52d5\u4f5c\u78ba\u8a8d<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">   # \u30b3\u30fc\u30c9\u306e\u30d3\u30eb\u30c9\n   npm run build\n\n   # \u30b9\u30bf\u30c3\u30af\u306e\u4e00\u89a7\u8868\u793a\n   cdk ls\n\n   # \u30c7\u30d7\u30ed\u30a4\u524d\u306e\u5909\u66f4\u78ba\u8a8d\n   cdk diff\n\n   # \u30c7\u30d7\u30ed\u30a4\uff08\u521d\u56de\u306f bootstrap \u304c\u5fc5\u8981\uff09\n   cdk bootstrap\n   cdk deploy<\/pre>\n\n\n\n<p>\u3053\u306e\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7\u306b\u3088\u308a\u3001AWS CDK\u3092\u4f7f\u7528\u3057\u305f\u958b\u767a\u3092\u5373\u5ea7\u306b\u958b\u59cb\u3067\u304d\u308b\u74b0\u5883\u304c\u6574\u3044\u307e\u3059\u3002\u6b21\u306e\u30b9\u30c6\u30c3\u30d7\u3067\u306f\u3001\u3053\u306e\u74b0\u5883\u3092\u4f7f\u7528\u3057\u3066\u5b9f\u969b\u306e\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u30b3\u30fc\u30c9\u3092\u66f8\u3044\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"i-8\">\u5b9f\u8df5\uff01AWS CDK\u306b\u3088\u308b\u30a4\u30f3\u30d5\u30e9\u69cb\u7bc9\u306e5\u3064\u306e\u30c6\u30af\u30cb\u30c3\u30af<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-9\">VPC\u3068\u30b5\u30d6\u30cd\u30c3\u30c8\u306e\u52b9\u7387\u7684\u306a\u5b9a\u7fa9\u65b9\u6cd5<\/h3>\n\n\n\n<p>VPC\u306e\u69cb\u7bc9\u306f\u591a\u304f\u306eAWS\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306e\u57fa\u76e4\u3068\u306a\u308a\u307e\u3059\u3002AWS CDK\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3067\u3001\u8907\u96d1\u306aVPC\u69cb\u6210\u3082\u7c21\u5358\u306b\u5b9a\u7fa9\u3067\u304d\u307e\u3059\u3002<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">import * as ec2 from 'aws-cdk-lib\/aws-ec2';\n\n\/\/ \u57fa\u672c\u7684\u306aVPC\u69cb\u6210\nconst vpc = new ec2.Vpc(this, 'MainVPC', {\n  maxAzs: 2,  \/\/ \u4f7f\u7528\u3059\u308bAZ\u306e\u6570\n  natGateways: 1,  \/\/ \u30b3\u30b9\u30c8\u6700\u9069\u5316\u306e\u305f\u30811\u3064\u306eNAT\u30b2\u30fc\u30c8\u30a6\u30a7\u30a4\u3092\u4f7f\u7528\n  subnetConfiguration: [\n    {\n      name: 'Public',\n      subnetType: ec2.SubnetType.PUBLIC,\n      cidrMask: 24,\n    },\n    {\n      name: 'Private',\n      subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS,\n      cidrMask: 24,\n    },\n    {\n      name: 'Isolated',\n      subnetType: ec2.SubnetType.PRIVATE_ISOLATED,\n      cidrMask: 28,\n    }\n  ]\n});\n\n\/\/ VPC\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306e\u8ffd\u52a0\nvpc.addInterfaceEndpoint('SecretsEndpoint', {\n  service: ec2.InterfaceVpcEndpointAwsService.SECRETS_MANAGER\n});<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-10\">EC2\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306e\u67d4\u8edf\u306a\u30c7\u30d7\u30ed\u30a4\u6226\u7565<\/h3>\n\n\n\n<p>EC2\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306e\u30c7\u30d7\u30ed\u30a4\u3067\u306f\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7\u3084IAM\u30ed\u30fc\u30eb\u306a\u3069\u3082\u542b\u3081\u3066\u7d71\u5408\u7684\u306b\u7ba1\u7406\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">import * as ec2 from 'aws-cdk-lib\/aws-ec2';\nimport * as iam from 'aws-cdk-lib\/aws-iam';\n\n\/\/ \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7\u306e\u5b9a\u7fa9\nconst securityGroup = new ec2.SecurityGroup(this, 'WebServerSG', {\n  vpc,\n  description: 'Allow web traffic',\n  allowAllOutbound: true\n});\n\nsecurityGroup.addIngressRule(\n  ec2.Peer.anyIpv4(),\n  ec2.Port.tcp(80),\n  'Allow HTTP traffic'\n);\n\n\/\/ IAM\u30ed\u30fc\u30eb\u306e\u5b9a\u7fa9\nconst role = new iam.Role(this, 'WebServerRole', {\n  assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'),\n  managedPolicies: [\n    iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonSSMManagedInstanceCore')\n  ]\n});\n\n\/\/ EC2\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306e\u4f5c\u6210\nconst instance = new ec2.Instance(this, 'WebServer', {\n  vpc,\n  vpcSubnets: {\n    subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS\n  },\n  role,\n  securityGroup,\n  instanceType: ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.MICRO),\n  machineImage: new ec2.AmazonLinuxImage({\n    generation: ec2.AmazonLinuxGeneration.AMAZON_LINUX_2\n  }),\n  userData: ec2.UserData.forLinux()\n});\n\n\/\/ User Data\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u8ffd\u52a0\ninstance.userData.addCommands(\n  'yum update -y',\n  'yum install -y httpd',\n  'systemctl start httpd',\n  'systemctl enable httpd'\n);<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-11\">S3\u30d0\u30b1\u30c3\u30c8\u306e\u30bb\u30ad\u30e5\u30a2\u306a\u69cb\u7bc9\u65b9\u6cd5<\/h3>\n\n\n\n<p>S3\u30d0\u30b1\u30c3\u30c8\u3067\u306f\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3068\u30b3\u30f3\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u3092\u8003\u616e\u3057\u305f\u8a2d\u5b9a\u304c\u91cd\u8981\u3067\u3059\u3002<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">import * as s3 from 'aws-cdk-lib\/aws-s3';\nimport * as kms from 'aws-cdk-lib\/aws-kms';\n\n\/\/ KMS\u30ad\u30fc\u306e\u4f5c\u6210\nconst key = new kms.Key(this, 'BucketKey', {\n  enableKeyRotation: true,\n  description: 'Key for S3 bucket encryption'\n});\n\n\/\/ \u30bb\u30ad\u30e5\u30a2\u306aS3\u30d0\u30b1\u30c3\u30c8\u306e\u4f5c\u6210\nconst bucket = new s3.Bucket(this, 'SecureBucket', {\n  encryption: s3.BucketEncryption.KMS,\n  encryptionKey: key,\n  versioned: true,\n  blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,\n  removalPolicy: cdk.RemovalPolicy.RETAIN,\n  lifecycleRules: [\n    {\n      transitions: [\n        {\n          storageClass: s3.StorageClass.INTELLIGENT_TIERING,\n          transitionAfter: Duration.days(90)\n        }\n      ],\n      noncurrentVersionExpiration: Duration.days(90)\n    }\n  ]\n});\n\n\/\/ \u30d0\u30b1\u30c3\u30c8\u30dd\u30ea\u30b7\u30fc\u306e\u8ffd\u52a0\nbucket.addToResourcePolicy(new iam.PolicyStatement({\n  effect: iam.Effect.DENY,\n  actions: ['s3:*'],\n  resources: [bucket.arnForObjects('*')],\n  principals: [new iam.AnyPrincipal()],\n  conditions: {\n    'Bool': {\n      'aws:SecureTransport': false\n    }\n  }\n}));<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-12\">Lambda\u95a2\u6570\u306e\u30b9\u30de\u30fc\u30c8\u306a\u30c7\u30d7\u30ed\u30a4<\/h3>\n\n\n\n<p>Lambda\u95a2\u6570\u306e\u30c7\u30d7\u30ed\u30a4\u3067\u306f\u3001\u4f9d\u5b58\u95a2\u4fc2\u306e\u7ba1\u7406\u3084IAM\u6a29\u9650\u306e\u8a2d\u5b9a\u304c\u91cd\u8981\u3067\u3059\u3002<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">import * as lambda from 'aws-cdk-lib\/aws-lambda';\nimport * as path from 'path';\n\n\/\/ Lambda\u95a2\u6570\u306e\u4f5c\u6210\nconst handler = new lambda.Function(this, 'MyHandler', {\n  runtime: lambda.Runtime.NODEJS_18_X,\n  handler: 'index.handler',\n  code: lambda.Code.fromAsset(path.join(__dirname, 'lambda')),\n  environment: {\n    BUCKET_NAME: bucket.bucketName,\n  },\n  tracing: lambda.Tracing.ACTIVE,  \/\/ X-Ray \u30c8\u30ec\u30fc\u30b7\u30f3\u30b0\u306e\u6709\u52b9\u5316\n  timeout: Duration.seconds(30),\n  memorySize: 256,\n  architecture: lambda.Architecture.ARM_64,  \/\/ Graviton\u30d7\u30ed\u30bb\u30c3\u30b5\u306e\u4f7f\u7528\n});\n\n\/\/ \u30d0\u30b1\u30c3\u30c8\u30a2\u30af\u30bb\u30b9\u6a29\u9650\u306e\u4ed8\u4e0e\nbucket.grantRead(handler);\n\n\/\/ \u30ab\u30b9\u30bf\u30e0\u30e1\u30c8\u30ea\u30af\u30b9\u306e\u8ffd\u52a0\nhandler.addFunctionUrl({\n  authType: lambda.FunctionUrlAuthType.IAM,\n  cors: {\n    allowedOrigins: ['*'],\n    allowedMethods: [lambda.HttpMethod.ALL],\n    allowedHeaders: ['*']\n  }\n});<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-13\">IAM\u30dd\u30ea\u30b7\u30fc\u306e\u5805\u5b9f\u306a\u7ba1\u7406\u65b9\u6cd5<\/h3>\n\n\n\n<p>\u6700\u5c0f\u6a29\u9650\u306e\u539f\u5247\u306b\u57fa\u3065\u3044\u305fIAM\u30dd\u30ea\u30b7\u30fc\u306e\u7ba1\u7406\u65b9\u6cd5\u3092\u793a\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">import * as iam from 'aws-cdk-lib\/aws-iam';\n\n\/\/ \u30ab\u30b9\u30bf\u30de\u30fc\u7ba1\u7406\u30dd\u30ea\u30b7\u30fc\u306e\u4f5c\u6210\nconst customPolicy = new iam.ManagedPolicy(this, 'CustomPolicy', {\n  statements: [\n    new iam.PolicyStatement({\n      effect: iam.Effect.ALLOW,\n      actions: [\n        's3:GetObject',\n        's3:PutObject'\n      ],\n      resources: [\n        bucket.arnForObjects('*')\n      ],\n      conditions: {\n        'StringEquals': {\n          'aws:PrincipalTag\/Environment': ['prod', 'dev']\n        }\n      }\n    })\n  ]\n});\n\n\/\/ IAM\u30ed\u30fc\u30eb\u306e\u4f5c\u6210\u3068\u95a2\u9023\u4ed8\u3051\nconst role = new iam.Role(this, 'CustomRole', {\n  assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),\n  managedPolicies: [\n    customPolicy,\n    iam.ManagedPolicy.fromAwsManagedPolicyName('service-role\/AWSLambdaBasicExecutionRole')\n  ]\n});\n\n\/\/ \u30a4\u30f3\u30e9\u30a4\u30f3\u30dd\u30ea\u30b7\u30fc\u306e\u8ffd\u52a0\nrole.addToPolicy(new iam.PolicyStatement({\n  effect: iam.Effect.ALLOW,\n  actions: ['kms:Decrypt'],\n  resources: [key.keyArn]\n}));<\/pre>\n\n\n\n<p>\u3053\u308c\u3089\u306e\u30c6\u30af\u30cb\u30c3\u30af\u3092\u7d44\u307f\u5408\u308f\u305b\u308b\u3053\u3068\u3067\u3001\u30bb\u30ad\u30e5\u30a2\u3067\u7ba1\u7406\u3057\u3084\u3059\u3044\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092\u69cb\u7bc9\u3067\u304d\u307e\u3059\u3002\u5404\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u306f\u518d\u5229\u7528\u53ef\u80fd\u306a\u30e2\u30b8\u30e5\u30fc\u30eb\u3068\u3057\u3066\u8a2d\u8a08\u3055\u308c\u3066\u304a\u308a\u3001\u7570\u306a\u308b\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u3084\u74b0\u5883\u3067\u306e\u518d\u5229\u7528\u3082\u5bb9\u6613\u3067\u3059\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"i-14\">AWS CDK\u306e\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b92024<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-15\">\u30b9\u30bf\u30c3\u30af\u5206\u5272\u306b\u3088\u308b\u30e1\u30f3\u30c6\u30ca\u30f3\u30b9\u6027\u306e\u5411\u4e0a<\/h3>\n\n\n\n<p>\u5927\u898f\u6a21\u306a\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3092CDK\u3067\u7ba1\u7406\u3059\u308b\u5834\u5408\u3001\u9069\u5207\u306a\u30b9\u30bf\u30c3\u30af\u5206\u5272\u304c\u91cd\u8981\u3067\u3059\u3002<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>\u8cac\u52d9\u306b\u57fa\u3065\u304f\u30b9\u30bf\u30c3\u30af\u5206\u5272<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">\/\/ networking-stack.ts\nexport class NetworkingStack extends cdk.Stack {\n  public readonly vpc: ec2.Vpc;\n\n  constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {\n    super(scope, id, props);\n\n    this.vpc = new ec2.Vpc(this, 'MainVPC', {\n      maxAzs: 2,\n      natGateways: 1\n    });\n  }\n}\n\n\/\/ database-stack.ts\ninterface DatabaseStackProps extends cdk.StackProps {\n  vpc: ec2.Vpc;\n}\n\nexport class DatabaseStack extends cdk.Stack {\n  public readonly cluster: rds.DatabaseCluster;\n\n  constructor(scope: cdk.App, id: string, props: DatabaseStackProps) {\n    super(scope, id, props);\n\n    this.cluster = new rds.DatabaseCluster(this, 'Database', {\n      engine: rds.DatabaseClusterEngine.auroraPostgres({\n        version: rds.AuroraPostgresEngineVersion.VER_13_4\n      }),\n      vpc: props.vpc,\n      instanceType: ec2.InstanceType.of(\n        ec2.InstanceClass.T3,\n        ec2.InstanceSize.MEDIUM\n      )\n    });\n  }\n}\n\n\/\/ app.ts\nconst app = new cdk.App();\nconst networkingStack = new NetworkingStack(app, 'NetworkingStack');\nconst databaseStack = new DatabaseStack(app, 'DatabaseStack', {\n  vpc: networkingStack.vpc\n});<\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><strong>\u74b0\u5883\u5225\u306e\u30b9\u30bf\u30c3\u30af\u7ba1\u7406<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">\/\/ config\/environment-config.ts\nexport interface EnvironmentConfig {\n  readonly environment: string;\n  readonly instanceType: ec2.InstanceType;\n  readonly minCapacity: number;\n  readonly maxCapacity: number;\n}\n\nexport const environmentConfigs: { [key: string]: EnvironmentConfig } = {\n  dev: {\n    environment: 'dev',\n    instanceType: ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.SMALL),\n    minCapacity: 1,\n    maxCapacity: 2\n  },\n  prod: {\n    environment: 'prod',\n    instanceType: ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.LARGE),\n    minCapacity: 2,\n    maxCapacity: 10\n  }\n};<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-16\">\u30ab\u30b9\u30bf\u30e0\u30b3\u30f3\u30b9\u30c8\u30e9\u30af\u30c8\u3092\u6d3b\u7528\u3057\u305f\u518d\u5229\u7528\u6027\u306e\u5b9f\u73fe<\/h3>\n\n\n\n<p>\u30ab\u30b9\u30bf\u30e0\u30b3\u30f3\u30b9\u30c8\u30e9\u30af\u30c8\u3092\u4f5c\u6210\u3059\u308b\u3053\u3068\u3067\u3001\u5171\u901a\u306e\u30a4\u30f3\u30d5\u30e9\u30d1\u30bf\u30fc\u30f3\u3092\u518d\u5229\u7528\u53ef\u80fd\u306b\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>\u57fa\u672c\u7684\u306a\u30ab\u30b9\u30bf\u30e0\u30b3\u30f3\u30b9\u30c8\u30e9\u30af\u30c8<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">\/\/ constructs\/secure-bucket.ts\nexport interface SecureBucketProps {\n  readonly bucketName?: string;\n  readonly lifecycleDays?: number;\n  readonly logRetention?: number;\n}\n\nexport class SecureBucket extends Construct {\n  public readonly bucket: s3.Bucket;\n\n  constructor(scope: Construct, id: string, props?: SecureBucketProps) {\n    super(scope, id);\n\n    \/\/ KMS\u30ad\u30fc\u306e\u4f5c\u6210\n    const key = new kms.Key(this, 'BucketKey', {\n      enableKeyRotation: true,\n      description: `Key for ${id} bucket encryption`\n    });\n\n    \/\/ \u30bb\u30ad\u30e5\u30a2\u306a\u30d0\u30b1\u30c3\u30c8\u306e\u4f5c\u6210\n    this.bucket = new s3.Bucket(this, 'Bucket', {\n      bucketName: props?.bucketName,\n      encryption: s3.BucketEncryption.KMS,\n      encryptionKey: key,\n      versioned: true,\n      blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,\n      lifecycleRules: props?.lifecycleDays ? [\n        {\n          expiration: Duration.days(props.lifecycleDays)\n        }\n      ] : undefined\n    });\n\n    \/\/ \u30a2\u30af\u30bb\u30b9\u30ed\u30b0\u306e\u8a2d\u5b9a\n    if (props?.logRetention) {\n      new logs.LogGroup(this, 'AccessLogs', {\n        retention: props.logRetention\n      });\n    }\n  }\n}<\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><strong>L3\u30b3\u30f3\u30b9\u30c8\u30e9\u30af\u30c8\u306e\u4f5c\u6210<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">\/\/ constructs\/web-application.ts\nexport interface WebApplicationProps {\n  readonly vpc: ec2.Vpc;\n  readonly domain: string;\n  readonly env: string;\n}\n\nexport class WebApplication extends Construct {\n  constructor(scope: Construct, id: string, props: WebApplicationProps) {\n    super(scope, id);\n\n    \/\/ ALB\u306e\u4f5c\u6210\n    const alb = new elbv2.ApplicationLoadBalancer(this, 'ALB', {\n      vpc: props.vpc,\n      internetFacing: true\n    });\n\n    \/\/ ECS\u30af\u30e9\u30b9\u30bf\u30fc\u306e\u4f5c\u6210\n    const cluster = new ecs.Cluster(this, 'Cluster', {\n      vpc: props.vpc,\n      containerInsights: true\n    });\n\n    \/\/ Farge\u30b5\u30fc\u30d3\u30b9\u306e\u4f5c\u6210\n    const fargateService = new ecs_patterns.ApplicationLoadBalancedFargateService(this, 'Service', {\n      cluster,\n      loadBalancer: alb,\n      desiredCount: 2,\n      taskImageOptions: {\n        image: ecs.ContainerImage.fromAsset('.\/docker'),\n        environment: {\n          NODE_ENV: props.env\n        }\n      }\n    });\n\n    \/\/ Auto Scaling\u306e\u8a2d\u5b9a\n    const scaling = fargateService.service.autoScaleTaskCount({\n      maxCapacity: 4,\n      minCapacity: 1\n    });\n\n    scaling.scaleOnCpuUtilization('CpuScaling', {\n      targetUtilizationPercent: 70\n    });\n  }\n}<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-17\">\u52b9\u679c\u7684\u306a\u30c6\u30b9\u30c8\u6226\u7565\u306e\u5b9f\u73fe\u65b9\u6cd5<\/h3>\n\n\n\n<p>CDK\u306e\u30c6\u30b9\u30c8\u306f\u3001\u30e6\u30cb\u30c3\u30c8\u30c6\u30b9\u30c8\u3001\u30b9\u30ca\u30c3\u30d7\u30b7\u30e7\u30c3\u30c8\u30c6\u30b9\u30c8\u3001\u30a2\u30b5\u30fc\u30b7\u30e7\u30f3\u30c6\u30b9\u30c8\u306e3\u3064\u306e\u30ec\u30d9\u30eb\u3067\u5b9f\u65bd\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>\u30e6\u30cb\u30c3\u30c8\u30c6\u30b9\u30c8<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">\/\/ test\/secure-bucket.test.ts\nimport { Template } from 'aws-cdk-lib\/assertions';\nimport * as cdk from 'aws-cdk-lib';\nimport { SecureBucket } from '..\/lib\/constructs\/secure-bucket';\n\ndescribe('SecureBucket', () =&gt; {\n  test('creates encrypted bucket', () =&gt; {\n    const app = new cdk.App();\n    const stack = new cdk.Stack(app, 'TestStack');\n    new SecureBucket(stack, 'TestBucket', {\n      bucketName: 'test-bucket'\n    });\n\n    const template = Template.fromStack(stack);\n\n    template.hasResourceProperties('AWS::S3::Bucket', {\n      BucketName: 'test-bucket',\n      VersioningConfiguration: {\n        Status: 'Enabled'\n      },\n      PublicAccessBlockConfiguration: {\n        BlockPublicAcls: true,\n        BlockPublicPolicy: true,\n        IgnorePublicAcls: true,\n        RestrictPublicBuckets: true\n      }\n    });\n  });\n});<\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><strong>\u30b9\u30ca\u30c3\u30d7\u30b7\u30e7\u30c3\u30c8\u30c6\u30b9\u30c8<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">\/\/ test\/stack.test.ts\nimport * as cdk from 'aws-cdk-lib';\nimport { Template } from 'aws-cdk-lib\/assertions';\nimport * as MyStack from '..\/lib\/my-stack';\n\ntest('Stack creates expected resources', () =&gt; {\n  const app = new cdk.App();\n  const stack = new MyStack.MyStack(app, 'MyTestStack');\n  const template = Template.fromStack(stack);\n\n  expect(template.toJSON()).toMatchSnapshot();\n});<\/pre>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li><strong>\u30ab\u30b9\u30bf\u30e0\u30a2\u30b5\u30fc\u30b7\u30e7\u30f3<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">\/\/ test\/assertions.ts\nexport function hasSecureS3Bucket(template: Template, bucketName: string) {\n  template.hasResourceProperties('AWS::S3::Bucket', {\n    BucketName: bucketName,\n    BucketEncryption: {\n      ServerSideEncryptionConfiguration: [\n        {\n          ServerSideEncryptionByDefault: {\n            SSEAlgorithm: 'aws:kms'\n          }\n        }\n      ]\n    },\n    PublicAccessBlockConfiguration: {\n      BlockPublicAcls: true,\n      BlockPublicPolicy: true,\n      IgnorePublicAcls: true,\n      RestrictPublicBuckets: true\n    },\n    VersioningConfiguration: {\n      Status: 'Enabled'\n    }\n  });\n}<\/pre>\n\n\n\n<p>\u3053\u308c\u3089\u306e\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u3092\u9069\u7528\u3059\u308b\u3053\u3068\u3067\u3001\u30e1\u30f3\u30c6\u30ca\u30f3\u30b9\u6027\u304c\u9ad8\u304f\u3001\u518d\u5229\u7528\u53ef\u80fd\u3067\u3001\u54c1\u8cea\u306e\u62c5\u4fdd\u3055\u308c\u305fCDK\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u3092\u5b9f\u73fe\u3067\u304d\u307e\u3059\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"i-18\">\u30c1\u30fc\u30e0\u958b\u767a\u3067\u306eAWS CDK\u6d3b\u7528\u8853<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-19\">GitHub\u3092\u4f7f\u7528\u3057\u305f\u30d0\u30fc\u30b8\u30e7\u30f3\u7ba1\u7406\u306e\u5b9f\u8df5<\/h3>\n\n\n\n<p>\u30c1\u30fc\u30e0\u958b\u767a\u306b\u304a\u3044\u3066GitHub\u3092\u52b9\u679c\u7684\u306b\u6d3b\u7528\u3057\u3001AWS CDK\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u3092\u7ba1\u7406\u3059\u308b\u65b9\u6cd5\u3092\u89e3\u8aac\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>\u52b9\u679c\u7684\u306a\u30ea\u30dd\u30b8\u30c8\u30ea\u69cb\u6210<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">project-root\/\n\u251c\u2500\u2500 bin\/\n\u2502   \u2514\u2500\u2500 app.ts                # \u30a8\u30f3\u30c8\u30ea\u30fc\u30dd\u30a4\u30f3\u30c8\n\u251c\u2500\u2500 lib\/\n\u2502   \u251c\u2500\u2500 constructs\/          # \u5171\u6709\u30b3\u30f3\u30b9\u30c8\u30e9\u30af\u30c8\n\u2502   \u2502   \u251c\u2500\u2500 secure-bucket.ts\n\u2502   \u2502   \u2514\u2500\u2500 web-service.ts\n\u2502   \u251c\u2500\u2500 stacks\/             # \u74b0\u5883\u5225\u30b9\u30bf\u30c3\u30af\n\u2502   \u2502   \u251c\u2500\u2500 network-stack.ts\n\u2502   \u2502   \u2514\u2500\u2500 app-stack.ts\n\u2502   \u2514\u2500\u2500 configs\/            # \u74b0\u5883\u8a2d\u5b9a\n\u2502       \u251c\u2500\u2500 dev.ts\n\u2502       \u2514\u2500\u2500 prod.ts\n\u251c\u2500\u2500 test\/                   # \u30c6\u30b9\u30c8\u30b3\u30fc\u30c9\n\u251c\u2500\u2500 .github\/               # GitHub\u95a2\u9023\u8a2d\u5b9a\n\u2514\u2500\u2500 cdk.json              # CDK\u8a2d\u5b9a<\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><strong>\u30d6\u30e9\u30f3\u30c1\u6226\u7565\u306e\u5b9f\u88c5<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">\/\/ lib\/configs\/base-config.ts\nexport interface EnvironmentConfig {\n  readonly environment: string;\n  readonly tags: { [key: string]: string };\n  readonly vpc: {\n    readonly maxAzs: number;\n    readonly natGateways: number;\n  };\n}\n\n\/\/ lib\/configs\/dev.ts\nimport { EnvironmentConfig } from '.\/base-config';\n\nexport const devConfig: EnvironmentConfig = {\n  environment: 'development',\n  tags: {\n    Environment: 'dev',\n    Team: 'infrastructure'\n  },\n  vpc: {\n    maxAzs: 2,\n    natGateways: 1\n  }\n};<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-20\">CI\/CD\u30d1\u30a4\u30d7\u30e9\u30a4\u30f3\u306e\u69cb\u7bc9\u65b9\u6cd5<\/h3>\n\n\n\n<p>AWS CDK\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u306e\u7d99\u7d9a\u7684\u30a4\u30f3\u30c6\u30b0\u30ec\u30fc\u30b7\u30e7\u30f3\/\u30c7\u30ea\u30d0\u30ea\u30fc\u3092\u5b9f\u73fe\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>\u30c7\u30d7\u30ed\u30a4\u30e1\u30f3\u30c8\u30d1\u30a4\u30d7\u30e9\u30a4\u30f3<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">import * as cdk from 'aws-cdk-lib';\nimport * as pipelines from 'aws-cdk-lib\/pipelines';\n\nexport class CdkPipelineStack extends cdk.Stack {\n  constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {\n    super(scope, id, props);\n\n    const pipeline = new pipelines.CodePipeline(this, 'Pipeline', {\n      synth: new pipelines.ShellStep('Synth', {\n        input: pipelines.CodePipelineSource.gitHub('owner\/repo', 'main'),\n        commands: [\n          'npm ci',\n          'npm run build',\n          'npx cdk synth'\n        ]\n      })\n    });\n\n    \/\/ \u958b\u767a\u74b0\u5883\u306e\u30c7\u30d7\u30ed\u30a4\u30b9\u30c6\u30fc\u30b8\n    const devStage = new ApplicationStage(this, 'Dev', {\n      env: { account: '111111111111', region: 'ap-northeast-1' }\n    });\n\n    pipeline.addStage(devStage, {\n      pre: [\n        new pipelines.ShellStep('UnitTest', {\n          commands: ['npm test']\n        })\n      ]\n    });\n  }\n}<\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><strong>\u74b0\u5883\u5225\u30c7\u30d7\u30ed\u30a4\u30e1\u30f3\u30c8\u8a2d\u5b9a<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">\/\/ lib\/stage.ts\nexport class ApplicationStage extends cdk.Stage {\n  constructor(scope: Construct, id: string, props?: cdk.StageProps) {\n    super(scope, id, props);\n\n    const config = loadConfig(props?.env?.account);\n\n    const networkStack = new NetworkStack(this, 'Network', {\n      env: props?.env,\n      config: config.network\n    });\n\n    new ApplicationStack(this, 'Application', {\n      env: props?.env,\n      vpc: networkStack.vpc,\n      config: config.application\n    });\n  }\n}<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"i-21\">\u30b3\u30fc\u30c9\u30ec\u30d3\u30e5\u30fc\u306e\u30dd\u30a4\u30f3\u30c8\u3068\u6ce8\u610f\u70b9<\/h3>\n\n\n\n<p>\u52b9\u679c\u7684\u306a\u30b3\u30fc\u30c9\u30ec\u30d3\u30e5\u30fc\u306e\u305f\u3081\u306b\u3001\u4ee5\u4e0b\u306e\u70b9\u306b\u6ce8\u610f\u3092\u6255\u3044\u307e\u3059\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>\u30a2\u30fc\u30ad\u30c6\u30af\u30c1\u30e3\u30ec\u30d9\u30eb\u306e\u30ec\u30d3\u30e5\u30fc<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">\/\/ \u63a8\u5968\u30d1\u30bf\u30fc\u30f3\nexport class WebServiceStack extends cdk.Stack {\n  constructor(scope: Construct, id: string, props?: cdk.StackProps) {\n    super(scope, id, props);\n\n    \/\/ VPC\u306e\u4f5c\u6210\u306f\u5225\u30b9\u30bf\u30c3\u30af\u3067\u884c\u3044\u3001\u53c2\u7167\u3068\u3057\u3066\u53d7\u3051\u53d6\u308b\n    const vpc = ec2.Vpc.fromLookup(this, 'VPC', {\n      vpcId: props.vpcId\n    });\n\n    \/\/ \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7\u306e\u5b9a\u7fa9\n    const securityGroup = new ec2.SecurityGroup(this, 'WebSG', {\n      vpc,\n      description: 'Security group for web servers',\n      allowAllOutbound: false  \/\/ \u660e\u793a\u7684\u306a\u30a2\u30a6\u30c8\u30d0\u30a6\u30f3\u30c9\u30eb\u30fc\u30eb\u306e\u5b9a\u7fa9\n    });\n\n    \/\/ \u5fc5\u8981\u6700\u5c0f\u9650\u306e\u6a29\u9650\u3092\u6301\u3064IAM\u30ed\u30fc\u30eb\n    const role = new iam.Role(this, 'WebServerRole', {\n      assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'),\n      managedPolicies: [\n        iam.ManagedPolicy.fromAwsManagedPolicyName(\n          'AmazonSSMManagedInstanceCore'\n        )\n      ]\n    });\n  }\n}<\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><strong>\u30b3\u30b9\u30c8\u6700\u9069\u5316\u306e\u30ec\u30d3\u30e5\u30fc<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">\/\/ \u30b3\u30b9\u30c8\u6700\u9069\u5316\u306e\u4f8b\nexport class OptimizedStack extends cdk.Stack {\n  constructor(scope: Construct, id: string, props?: cdk.StackProps) {\n    super(scope, id, props);\n\n    \/\/ Auto Scaling\u306e\u9069\u5207\u306a\u8a2d\u5b9a\n    const asg = new autoscaling.AutoScalingGroup(this, 'ASG', {\n      vpc,\n      minCapacity: 1,\n      maxCapacity: 3,\n      instanceType: ec2.InstanceType.of(\n        ec2.InstanceClass.T3A,  \/\/ ARM\u7248\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306e\u4f7f\u7528\n        ec2.InstanceSize.SMALL\n      )\n    });\n\n    \/\/ \u30b9\u30b1\u30fc\u30ea\u30f3\u30b0\u30dd\u30ea\u30b7\u30fc\u306e\u8a2d\u5b9a\n    asg.scaleOnCpuUtilization('CpuScaling', {\n      targetUtilizationPercent: 70,\n      cooldown: cdk.Duration.seconds(300)\n    });\n  }\n}<\/pre>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li><strong>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ec\u30d3\u30e5\u30fc\u306e\u30dd\u30a4\u30f3\u30c8<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">\/\/ \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\nexport class SecureStack extends cdk.Stack {\n  constructor(scope: Construct, id: string, props?: cdk.StackProps) {\n    super(scope, id, props);\n\n    \/\/ \u6697\u53f7\u5316\u306e\u6709\u52b9\u5316\n    const bucket = new s3.Bucket(this, 'DataBucket', {\n      encryption: s3.BucketEncryption.KMS_MANAGED,\n      enforceSSL: true,\n      versioned: true,\n      blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL\n    });\n\n    \/\/ \u30bb\u30ad\u30e5\u30a2\u306a\u30d0\u30b1\u30c3\u30c8\u30dd\u30ea\u30b7\u30fc\n    bucket.addToResourcePolicy(new iam.PolicyStatement({\n      effect: iam.Effect.DENY,\n      principals: [new iam.AnyPrincipal()],\n      actions: ['s3:*'],\n      resources: [bucket.arnForObjects('*')],\n      conditions: {\n        'Bool': {\n          'aws:SecureTransport': false\n        }\n      }\n    }));\n  }\n}<\/pre>\n\n\n\n<p>\u3053\u308c\u3089\u306e\u5b9f\u8df5\u306b\u3088\u308a\u3001\u30c1\u30fc\u30e0\u3067\u306eAWS CDK\u958b\u767a\u3092\u52b9\u7387\u7684\u304b\u3064\u5b89\u5168\u306b\u9032\u3081\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u5b9a\u671f\u7684\u306a\u30b3\u30fc\u30c9\u30ec\u30d3\u30e5\u30fc\u3068\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u306e\u5171\u6709\u3092\u901a\u3058\u3066\u3001\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u306e\u54c1\u8cea\u3092\u7d99\u7d9a\u7684\u306b\u5411\u4e0a\u3055\u305b\u308b\u3053\u3068\u304c\u91cd\u8981\u3067\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Warning: Undefined array key &#8220;is_admin&#8221; in \/home\/xs392991\/dexall.co.jp\/public_html\/articles\/wp-content\/themes\/ &#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":{"0":"post-2232","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-aws","7":"nothumb"},"_links":{"self":[{"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=\/wp\/v2\/posts\/2232","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2232"}],"version-history":[{"count":1,"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=\/wp\/v2\/posts\/2232\/revisions"}],"predecessor-version":[{"id":2233,"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=\/wp\/v2\/posts\/2232\/revisions\/2233"}],"wp:attachment":[{"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2232"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2232"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dexall.co.jp\/articles\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2232"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}