Amazon CloudFront ã¯äœã¬ã€ãã³ã·ãŒã®é«é転éã«ããããŒã¿ããããªãã¢ããªã±ãŒã·ã§ã³ãAPI ããã¥ãŒã¯ãŒã«å®å šã«é ä¿¡ããã°ããŒãã«ã³ã³ãã³ãé ä¿¡ãããã¯ãŒã¯ (CDN) ãµãŒãã¹ã§ããCloudFront ã®ç©ççãªãã±ãŒã·ã§ã³ã¯ AWS ã°ããŒãã«ã€ã³ãã©ã¹ãã©ã¯ãã£ã«çŽæ¥æ¥ç¶ãããŠãããšããæå³ã§ AWS ã«çµ±åãããŠããŸãããŸããDDoS æ»æãç·©åãã AWS Shieldãã¢ããªã±ãŒã·ã§ã³ã®ãªãªãžã³ãšããŠã® Amazon S3ãElastic Load BalancingãAmazon Ec2ãããã³ãã¥ãŒã¯ãŒã®è¿ãã§ã«ã¹ã¿ã ã³ãŒããå®è¡ãã Lambda@Edge ãªã©ã®ãµãŒãã¹ãšã·ãŒã ã¬ã¹ã«é£æºãããœãããŠã§ã¢ãšããæå³ã§ããCloudFront 㯠AWS ã«çµ±åãããŠããŸãã
APIãAWS ãããžã¡ã³ãã³ã³ãœãŒã«ãAWS CloudFormationãCLIãSDK ãªã©ã®æ¢ã«äœ¿ãæ
£ãã AWS ããŒã«ã䜿ã£ãŠãæ°åã§ CloudFront ã®äœ¿çšãéå§ã§ããŸããCloudFront ã«ã¯ãåæãæéãé·æå¥çŽãå¿
èŠãšããªããã·ã³ãã«ãªåŸéå¶æéã¢ãã«ãæ¡çšãããŠããŸãããŸããCloudFront ã®ãµããŒãã¯æ¢åã® AWS ãµããŒããµãã¹ã¯ãªãã·ã§ã³ã«å«ãŸããŠããŸãã
AWS re:Invent åç»: Introduction to Amazon CloudFront and Lambda@Edge
ã°ããŒãã«ã«æ¡å€§ããã³ã³ãã³ãé
ä¿¡ãããã¯ãŒã¯
Amazon CloudFront ã³ã³ãã³ãé ä¿¡ãããã¯ãŒã¯ã¯ãçŸåš 18 ã®å°ççãªãŒãžã§ã³å ã« 54 ã®ã¢ãã€ã©ããªãã£ãŒãŸãŒã³ãæããæ¡å€§ãç¶ããã°ããŒãã« AWS ã€ã³ãã©ã¹ãã©ã¯ãã£ãåºç€ãšããŠæ§ç¯ãããŠããŸããAmazon ã§ã¯ãããã« 12 ã®ã¢ãã€ã©ããªãã£ãŒãŸãŒã³ãš 4 ã€ã®ãªãŒãžã§ã³ (ããŒã¬ãŒã³ãéŠæž¯ç¹å¥è¡æ¿åºãã¹ãŠã§ãŒãã³ã«å ããç±³åœã§ 2 çªç®ã® AWS GovCloud ãªãŒãžã§ã³) ã远å ããäºå®ã§ããAmazon CloudFront ã«ã¯ã25 ãåœ 56 éœåžã« 117 ã®æ¥ç¶ãã€ã³ã (106 ã®ãšããžãã±ãŒã·ã§ã³ãš 11 ã®ãªãŒãžã§ã³å¥ãšããžãã£ãã·ã¥) ããããŸãããšããžãã±ãŒã·ã§ã³ã®ãããã¯ãŒã¯ã«ãããã¢ããªã±ãŒã·ã§ã³ã®å©çšè ãäžçã®ã©ãã«ããŠããé«ãå¯çšæ§ãã¹ã±ãŒã©ããªãã£ãããã©ãŒãã³ã¹ãæäŸã§ããŸãã
ãšããžã«ããå®å
šãªã³ã³ãã³ã
Amazon CloudFront ã¯ããããã¯ãŒã¯ã¬ãã«ã®ä¿è·ãšã¢ããªã±ãŒã·ã§ã³ã¬ãã«ã®ä¿è·ã®äž¡æ¹ãçšæãããŠãããå®å šæ§ã®é«ãã³ã³ãã³ãé ä¿¡ãããã¯ãŒã¯ (CDN) ã§ãããã¹ãŠã® CloudFront ã®ã客æ§ãã远å ã³ã¹ããªãã§ AWS Shield Standard ã®ä¿è·ã®é©çšãèªåçã«åããããšãã§ããŸããCloudFront 㯠AWS WAF ããã³ AWS Shield Advanced ãšãã·ãŒã ã¬ã¹ã«çµ±åãããŠãããããã¯ã¢ããªã±ãŒã·ã§ã³ãããè€éãªè åšã DDoS æ»æããå®ãããã«åœ¹ç«ã¡ãŸããCloudFront ã®ã€ã³ãã©ã¹ãã©ã¯ãã£ãšããã»ã¹ã¯ãããã PCIãDSSãHIPAAãISO ã«æºæ ããŠãããæ©å¯æ§ã®æãé«ãããŒã¿ã§ãå®å šã«é ä¿¡ã§ããŸããSSL/TLS ã䜿çšããŠå®å šãª API ãã¢ããªã±ãŒã·ã§ã³ãé ä¿¡ã§ããé«åºŠãª SSL æ©èœãèªåçã«æå¹ã«ãªããŸãã AWS Certificate Manager (ACM) ã䜿çšããŠãç¬èª SSL èšŒææžãããã€ã§ãå¿ èŠãªåã®ã¿ç°¡åã«äœæã§ããã³ã¹ããå¢ããããšãªãå³åº§ã« CloudFront ãã£ã¹ããªãã¥ãŒã·ã§ã³ã«ãããã€ã§ããŸããèšŒææžã®æŽæ°ã¯ ACM ã«ãã£ãŠèªåçã«åŠçããããããæåæŽæ°ããã»ã¹ã®è«žè²»çšãç¯çŽã§ããŸãã
ããã°ã©ã å¯èœãª CDN
Lambda@Edge ã䜿çšãããšãäžçäžã® AWS ãšããžãã±ãŒã·ã§ã³ã§ã³ãŒããç°¡åã«å®è¡ã§ããŸããããã«ããããšã³ããŠãŒã¶ãŒãžã®å¿çã§çããã¬ã€ãã³ã·ãŒãæäœéã«æããããšãã§ããŸãããªãªãžã³ãµãŒããŒããã¥ãŒã¯ãŒããã®ãªã¯ãšã¹ãããã³ãããã«å¯Ÿããå¿çãªã©ã® Amazon CloudFront ã€ãã³ãã«ãã£ãŠã³ãŒããããªã¬ãŒããããšãã§ããŸããNode.js ã³ãŒãã AWS Lambda ã«ã¢ããããŒãããã°ãLambda ã«ãã£ãŠèªåçã«ã³ãŒãã®ã¬ããªã±ãŒã·ã§ã³ãã«ãŒãã£ã³ã°ãã¹ã±ãŒãªã³ã°ãè¡ããããšã³ããŠãŒã¶ãŒã«è¿ã AWS ãšããžãã±ãŒã·ã§ã³ã§ã®é«å¯çšæ§ãå®çŸããŸãã課éã¯å®éã«äœ¿çšããã³ã³ãã¥ãŒãã£ã³ã°æéã«å¯ŸããŠã®ã¿çºçããã³ãŒããå®è¡ãããŠããªããšãã¯æéãçºçããŸãããAmazon CloudFront ã®æ©èœã¯ãAPI ã AWS ãããžã¡ã³ãã³ã³ãœãŒã«ã䜿çšããŠããã°ã©ã ã§èšå®ã§ããŸããAWS ã®ãã®ä»ã®ãµãŒãã¹ãšåæ§ãCloudFront ãå¿
èŠã«å¿ããŠèªåçã«ã¹ã±ãŒã«ããŸãããŸããAWS CloudFormationãAWS CLIãSDKãAWS CloudWatch ãšãã£ã AWS ã®æ¢åã®ããŒã«ããªãœãŒã¹ãšã®é£æºã«ãã£ãŠ Amazon CloudFront ã®é
ä¿¡ããã©ãŒãã³ã¹ãã¢ãã¿ãªã³ã°ã§ããŸãã
髿§èœ
Amazon CloudFront ã³ã³ãã³ãé ä¿¡ãããã¯ãŒã¯ã¯ãäœã¬ã€ãã³ã·ãŒã®é«é転éã«æé©åãããŠããŸããCloudFront ã®ã€ã³ããªãžã§ã³ããªã«ãŒãã£ã³ã°ã¯ãAmazon.com ãå«ãèåãªã€ã³ã¿ãŒããããµã€ãããç¶ç¶çã«åéããããçŸå®äžçã§ã®ã¬ã€ãã³ã·ãŒæž¬å®å€ã«åºã¥ããŠããŸããCloudFront ã¯äœçŸãã®ãšã³ããŠãŒã¶ãŒ ISP ã«çŽæ¥æ¥ç¶ãããŠãããã³ã³ãã³ãã®ãšã³ãããŒãšã³ãã®é ä¿¡ãé«éåããããã« AWS ã®ããã¯ããŒã³ãããã¯ãŒã¯ãå©çšããŸãããŸããCloudFront ã§ã¯æšæºãµãŒãã¹ã®äžéšãšããŠãªãŒãžã§ã³å¥ãšããžãã£ãã·ã¥ãã±ãŒã·ã§ã³ãæäŸãããŠãããäžçäžã§é«ããã£ãã·ã¥ãããçãç¶æã§ããŸãã
é«ãè²»çšå¯Ÿå¹æ
Amazon CloudFront ã®æéäœç³»ã¯ã·ã³ãã«ã§ãã顧客ãžã®ã³ã³ãã³ãé ä¿¡ã«äœ¿çšãããããŒã¿è»¢éãšãªã¯ãšã¹ãã«å¯ŸããŠã®ã¿æ¯æããçºçããŸããCloudFront ã«åæãæéããã©ãããã©ãŒã ã®åºå®æéãé·æäœ¿çšå¥çŽãåçã³ã³ãã³ãã®å²å¢æéã¯ãããŸããããŸãã䜿çšéå§æã®å°éçãªãµãŒãã¹ãäžèŠã§ããAmazon S3 ã Elastic Load Balancing ãšãã£ã AWS ãªãªãžã³ã䜿çšããå Žåãæ¯æãã®ã¯ã¹ãã¬ãŒãžã³ã¹ãã®ã¿ã§ããããã®ãµãŒãã¹ãš CloudFront ãšã®éã®ããŒã¿è»¢éã«ã¯æéãçºçããŸãããäœããããCloudFront ã¯ç¡æã§äœ¿çšéå§ã§ããŸãã
AWS ã®äž»èŠãµãŒãã¹ãšã®å¯æ¥ãªçµ±å
Amazon CloudFront 㯠AWS ã®äººæ°ã®é«ããµãŒãã¹ãšå¯æ¥ã«çµ±åããã飿ºããããæé©åãããŠããŸããããã«ã¯ãAmazon Simple Storage Service (Amazon S3)ãAmazon Elastic Compute Cloud (Amazon EC2)ãElastic Load Balancingãããã³ CloudFront ã§é
ä¿¡ãããã¢ããªã±ãŒã·ã§ã³ã® DNS 解決ã®é«éåã«åœ¹ç«ã€ Amazon Route 53 ãªã©ãå«ãŸããŸããAWS Lambda ãšã®çµ±åã«ãã£ãŠãAWS ã°ããŒãã«ãããã¯ãŒã¯ã®ã©ãã§ã§ãã«ã¹ã¿ã ããžãã¯ãå®è¡ã§ããŸãããµãŒããŒã®ããããžã§ã³ã管çã¯äžèŠã§ããAmazon API Gateway ã䜿ãã°ãAPI ã®é
ä¿¡ãããã«é«éåã§ããŸãã
éçã¢ã»ããã®ãã£ãã·ã¥
Amazon CloudFront ã«ãã£ãŠãéçã³ã³ãã³ã (ç»åãã¹ã¿ã€ã«ã·ãŒããJavaScript ãªã©) ãäžçäžã®ãã¥ãŒã¯ãŒã«ãããé«éã«é
ä¿¡ã§ããŸããCloudFront ã«ã¯è€æ°å±€ã®ãã£ãã·ã¥ãããšããžã«ãã£ãã·ã¥ãããŠããªããªããžã§ã¯ãã®ã¬ã€ãã³ã·ãŒåäžãšãªãªãžã³ãµãŒããŒã®è² è·è»œæžã«åœ¹ç«ã€ããªãŒãžã§ã³å¥ãšããžãã£ãã·ã¥ãããã©ã«ãã§æäŸãããŠããŸããéçã³ã³ãã³ãããã£ãã·ã¥ããããšã§ããŠã§ããµã€ãã®ãã¥ãŒã¯ãŒã«é«éã§ç¢ºããªäœéšãæäŸããããã®ããã©ãŒãã³ã¹ãšã¹ã±ãŒã«ãå®çŸã§ããŸãã
ã©ã€ãããã³ãªã³ããã³ãã®ã¹ããªãŒãã³ã°
Amazon CloudFront CDN ã§ã¯ãé²ç»æžã¿ã®ãã¡ã€ã«ãã©ã€ãã€ãã³ããã¹ããªãŒãã³ã°é
ä¿¡ããããã®ããŸããŸãªãªãã·ã§ã³ãçšæãããŠããŸãã4K é
ä¿¡ã«æ±ããããé«ã¹ã«ãŒãããã§ãäžçäžã®ãã¥ãŒã¯ãŒã«éåããããšãªãåç»ãé
ä¿¡ã§ããŸãããªã³ããã³ãã¹ããªãŒãã³ã°ã§ã¯ãCloudFront ã䜿çšããŠãã©ã®ãããªããã€ã¹ã«ã Microsoft SmoothãHLSãHDSãMPEG-DASH ã®ãã©ãŒãããã§ãã«ããããã¬ãŒãã®é©å¿åã¹ããªãŒãã³ã°ãè¡ããŸããã©ã€ãã¹ããªãŒã ã®ãããŒããã£ã¹ãã§ã¯ãCloudFront ã䜿çšããŠã¡ãã£ã¢ã®ãã©ã°ã¡ã³ãããšããžã«ãã£ãã·ã¥ãããããã§ã¹ããã¡ã€ã«ã®è€æ°ãªã¯ãšã¹ãããŸãšããããšã§ãªãªãžã³ã®è² è·ã軜æžã§ããŸãã
ã»ãã¥ãªãã£ãš DDoS ä¿è·
CloudFront ã¯ãã¬ã€ã€ãŒ 3 ããã³ã¬ã€ã€ãŒ 4 ã® DDoS ãç·©åãã AWS Shieldãã¬ã€ã€ãŒ 7 ãä¿è·ãã AWS WAF ãšã·ãŒã ã¬ã¹ã«çµ±åãããŠããŸããããã«ãCloudFront ã§ã¯æé«åºŠã®ã»ãã¥ãªãã£æå·åã䜿ã£ãŠ TLS æ¥ç¶ã®ããŽã·ãšãŒããè¡ããããã¥ãŒã¯ãŒã¯çœ²åä»ã URL ã§èªèšŒãããŸãããŸããé«åºŠãªæ©èœã§ãããã£ãŒã«ãã¬ãã«ã®æå·åã䜿çšããã°ãäŒæ¥å
šäœã§æãæ©å¯æ§ãé«ãããŒã¿ãä¿è·ã§ããŸããããã«ãããã¢ããªã±ãŒã·ã§ã³ã¹ã¿ãã¯ã§ç¹å®ã®ã³ã³ããŒãã³ãããµãŒãã¹ã䜿çšããå Žåã®ã¿ããããã®æ
å ±ãé²èЧã§ããŸããCloudFront ã¯ãã¢ã¯ã»ã¹ãå¶åŸ¡ãã AWS Identity and Access Management (IAM)ãèšå®å
容ãžã®ã¢ã¯ã»ã¹ãã°ãèšé²ãã AWS CloudTrailãèªåçã«èšŒææžãæŽæ°ãã Amazon Certificate Manager (ACM) ãšãçµ±åãããŠããŸãã
åçã³ã³ãã³ããšã«ã¹ã¿ãã€ãºãããã³ã³ãã³ã
Amazon CloudFront ã«ã¯ãããã¯ãŒã¯æé©åæ©èœãçµã¿èŸŒãŸããŠãããã¢ããªã±ãŒã·ã§ã³å
ã§é »ç¹ã«æŽæ°ãããåçã³ã³ãã³ããšåãã¥ãŒã¯ãŒã«ããŒãœãã©ã€ãºãããã³ã³ãã³ãã®ããã©ãŒãã³ã¹ãä¿¡é Œæ§ãåäžãããäžççãªå±éãå®çŸããã®ã«åœ¹ç«ã¡ãŸããCloudFront 㯠Amazon EC2 ãèªç€ŸããŒã¿ã»ã³ã¿ãŒã§åäœããæ¢åã®ãŠã§ããµãŒããŒãšã·ãŒã ã¬ã¹ã«é£æºããŸããã¢ãŒããã¯ãã£ããã¡ã€ã³åã®å€æŽã¯å¿
èŠãããŸãããã«ã¹ã¿ã ããžãã¯ããCloudFront ã®ãªã¯ãšã¹ããå¿çã«åãããŠã°ããŒãã«ã«å®è¡ããã Lambda 颿°ãšããŠãªãããŒãããããšãã§ããŸããLambda@Edge ã®è©³çްã«ã€ããŠã芧ãã ããã
API ã®é«éå
Amazon CloudFront ã¯ãAPI ã³ãŒã«ã®ä¿è·ãé«éåã«ã䜿çšã§ããŸããCloudFront ã§ã¯ãããã·ã¡ãœãã (POSTãPUTãOPTIONSãDELETEãPATCH) ããµããŒããããŠãããããã©ã«ãã§ Amazon API Gateway ãšçµ±åãããŠããŸããCloudFront ã§ã¯ãã¯ã©ã€ã¢ã³ããšã® TLS æ¥ç¶ã¯ä»è¿ã®ãšããžãã±ãŒã·ã§ã³ã§äžæãããåŸãæé©åããã AWS ããã¯ããŒã³ãããã¯ãŒã¯ãã¹ã CloudFront ã«ãã£ãŠéžæãããã»ãã¥ã¢ã« API ãµãŒããŒãžãšå°éããŸããCloudFront API ã®äœ¿çšã«é¢ãã詳现ã確èªããŠãã ããã
ãœãããŠã§ã¢ãã£ã¹ããªãã¥ãŒã·ã§ã³
Amazon CloudFront ã¯ãäžçäžã«æ£ãã°ã£ãŠããã¯ã©ã€ã¢ã³ãã«ãããœãããŠã§ã¢æŽæ°ã®ããŠã³ããŒãã«åãããŠãèªåçã«ã¹ã±ãŒã«ãããŸããã³ã³ãã³ãé
ä¿¡ãããã¯ãŒã¯ãçµç±ãããŠãŒã¶ãŒã®ããå Žæã®ãšããžã§ãœãããŠã§ã¢ãå©çšã§ããããã«ãªããŸããCloudFront ã®é«éããŒã¿è»¢éã«ãããã€ããªã®é
ä¿¡é床ãåäžããã«ã¹ã¿ããŒãšã¯ã¹ããªãšã³ã¹ã®åäžãšã³ã¹ãåæžãå®çŸã§ããŸãã




