March. 16, 2013

Hirotomo OiTwitter: @hiroohi

/ Ambrotype Co-/ newsHUB

2007Recruit Web Services/

AWSRDS

AWS

Agenda

G

http://mtl.recruit.co.jp

R&D

R&D

MTL

MTL

(C)toC

AWS

AWS?

toC

toC

SNSYahoo!

toC

SNSYahoo!

toC

SNSYahoo!

toC

SNSYahoo!

PDCA

PDCA

PDCA

iOS

AWS

AWS

AWS

Multi-AZ, Regions, Route53, S3

AWS

Multi-AZ, Regions, Route53, S3

AWS

Multi-AZ, Regions, Route53, S3

S3, RDS

AWS

R&D

R&D

MTL

MTL

R&D

MTL

MTL

AWS

30

30

no infra specialist

ACLssh

ACLsshELB

ACLsshELBAuto Scaling

NW

IP

IP

IP

IP

IPIP

SSH 0.0.0.0/0orz...

ACL

IPSecurityGroup

SSL

SecurityGroupssh

IP

IP

ssh

Remove from Security Group$ec2 = new AmazonEC2();$ec2->set_region($AWS_REGION);$response = $ec2->describe_security_groups(array('GroupName' => $groupName));$ip_rows = $response->body->securityGroupInfo->item->ipPermissions->to_array();$ipranges = array();foreach($ip_rows as $ip_row){ foreach($ip_row as $row){ if(!($row["ipProtocol"] == "tcp" && $row["fromPort"] == "22")){continue;} foreach($row["ipRanges"] as $iprange){ foreach($iprange as $range){ if(is_array($range)){ $ipvalue = $range['cidrIp']; }else{ $ipvalue = $range; } $response = $ec2->revoke_security_group_ingress(array( 'GroupName' => $groupName, 'IpPermissions' => array( array( 'IpProtocol' => 'tcp', 'FromPort' => '22', 'ToPort' => '22', 'IpRanges' => array( array('CidrIp' => $ipvalue), ) ) ) )); } } }}

Remove from Security Group$ec2 = new AmazonEC2();$ec2->set_region($AWS_REGION);$response = $ec2->describe_security_groups(array('GroupName' => $groupName));$ip_rows = $response->body->securityGroupInfo->item->ipPermissions->to_array();$ipranges = array();foreach($ip_rows as $ip_row){ foreach($ip_row as $row){ if(!($row["ipProtocol"] == "tcp" && $row["fromPort"] == "22")){continue;} foreach($row["ipRanges"] as $iprange){ foreach($iprange as $range){ if(is_array($range)){ $ipvalue = $range['cidrIp']; }else{ $ipvalue = $range; } $response = $ec2->revoke_security_group_ingress(array( 'GroupName' => $groupName, 'IpPermissions' => array( array( 'IpProtocol' => 'tcp', 'FromPort' => '22', 'ToPort' => '22', 'IpRanges' => array( array('CidrIp' => $ipvalue), ) ) ) )); } } }}

describe_security_groups()sg

Remove from Security Group$ec2 = new AmazonEC2();$ec2->set_region($AWS_REGION);$response = $ec2->describe_security_groups(array('GroupName' => $groupName));$ip_rows = $response->body->securityGroupInfo->item->ipPermissions->to_array();$ipranges = array();foreach($ip_rows as $ip_row){ foreach($ip_row as $row){ if(!($row["ipProtocol"] == "tcp" && $row["fromPort"] == "22")){continue;} foreach($row["ipRanges"] as $iprange){ foreach($iprange as $range){ if(is_array($range)){ $ipvalue = $range['cidrIp']; }else{ $ipvalue = $range; } $response = $ec2->revoke_security_group_ingress(array( 'GroupName' => $groupName, 'IpPermissions' => array( array( 'IpProtocol' => 'tcp', 'FromPort' => '22', 'ToPort' => '22', 'IpRanges' => array( array('CidrIp' => $ipvalue), ) ) ) )); } } }}

describe_security_groups()sg

revoke_security_group_ingress()

WEBAMIiptableshosts.allow/denyssh

Security GroupsshACL

WEBAMIiptableshosts.allow/denyssh

Security GroupsshACL

sshACLscript

S3Glacier1

ELB

ELB

Auto Scaling

AMI

AMI

basic archtecture

http/https

ssh

Availability Zone

Availability Zone

EC2(web) 1sshACLAutoScale

EC2(ACL)ssh

ELBhttp/https1

Ambrotype

Cameran

newsHUB

Ambrotype

Cameran

newsHUB

DevOps

http://ambrotype.com

1827

200

10%

20%

...

Ambrotype=

DEMO

Re-fetchingyour photosfrom theseserivices

Sort bydate

Automatically

Notify a photo of your

memoriesdaily

= Serendipity

Communication

Make albumby Face

recognition

Make album by Geo

Make aGreeting Card

Make aGreeting Card

Ambrotype AWS

AmbrotypeSNSAPI

API

API

UGC Ambrotype

days

photos

AmbrotypeAPI

(2012.6)

EC2

Route 53

ELB

RDS RDS Standby

iPhone App

EC2EC2Auto scaling Group

AZ1 AZ2

ap-northeast-1

Web/App/Crawler

Web/App/Crawler

Crawler

Auto Scaling>=1

(2012.6)

EC2

Route 53

ELB

RDS RDS Standby

iPhone App

EC2EC2Auto scaling Group

AZ1 AZ2

ap-northeast-1

Web/App/Crawler

Web/App/Crawler

Crawler

Multi-AZ

Auto Scaling>=1

(2012.6)

EC2

Route 53

ELB

RDS RDS Standby

iPhone App

EC2EC2Auto scaling Group

AZ1 AZ2

ap-northeast-1

Web/App/Crawler

Web/App/Crawler

Crawler

CDN

CDN

Country CDN

Facebook US

Flickr US

Picasa US

mixi JP

Instagram US (CloudFront)

Twitter

CDN

CDN

(2012.6)

EC2

Route 53

ELB

RDS RDS Standby

App

EC2EC2Auto scaling Group

AZ1 AZ2

ap-northeast-1

Web/App/Crawler

Web/App/Crawler

Crawler

(2012.11)

EC2

Route 53

ELB

RDS RDS Standby

App

EC2EC2Auto scaling Group

AZ1 AZ2

ap-northeast-1

Web/App/Crawler

Web/App/Crawler

Crawler

EC2

Face

S3

CloudFront

newsHUB()

3/11

1

DEMO

newsHUB AWS

newsHUBID

newsHUBAPI

EC2

Route 53

ELB

RDS RDS Standby

App

EC2EC2Auto scaling Group

AZ1 AZ2

ap-northeast-1

Web/App Web/AppCrawlerPush

S3

JSON

EC2

Route 53

ELB

RDS RDS Standby

App

EC2EC2Auto scaling Group

AZ1 AZ2

ap-northeast-1

Web/App Web/AppCrawlerPush

S3

JSON

cameran

No.1

10100DL5280DL

DEMO

cameran AWS

cameranID

newsHUBAPISNSWEB

EC2

Route 53

ELB

DynamoDB

App

EC2Auto scaling Group

AZ1 AZ2

ap-northeast-1

Web/App Web/App

S3

Images

DynamoDBPushURL

key-value

60

Thank you

question?