インフラ・IaC・CI/CD（AWS / Terraform）の設計ガイド

インフラは「壊れない・安い・安全」を、宣言的なコードと最小権限で実現する領域です。ECS/EKSの選定、FinOpsによるコスト最適化、Terraformの責務分離とステート運用・ドリフト検知、OIDCによる鍵レスCI/CD、WAFの多層防御——スタートアップが運用に耐えるIaCの作り方を扱います。ECS on Fargateそのものの本番運用（タスク設計・ネットワーキング・デプロイ・オートスケール・コスト・トラブルシュート）は『ECS on Fargate 本番運用』クラスタにまとめています。脅威検知（GuardDuty）の本番運用は『Amazon GuardDuty 本番運用』クラスタにまとめています。

5 articles in total

Foundational guide (start here)

AWS

AWS ECS on Fargate vs EKS: 7 Evaluation Axes a Startup Should Decide in 3 Months, and an Implementation-Cost Comparison

The decision-making process for choosing container orchestration, practiced in developing a Minister of Economy, Trade and Industry Award-winning product. For startup CTOs torn over ECS/EKS, I share 7 evaluation axes, concrete cost estimates, and Terraform code examples.

1/10/202511 min read

インフラ・IaC・CI/CD（AWS / Terraform）の設計ガイド

AWS ECS on Fargate vs EKS: 7 Evaluation Axes a Startup Should Decide in 3 Months, and an Implementation-Cost Comparison

Related practical articles

Making GitHub Actions Keyless with OIDC: Throwing Away Long-Lived Keys with AWS IAM Roles and GCP Workload Identity Federation

Terraform Module Design and State Operations: Building 'IaC That Doesn't Break' with Separation of Concerns, stg/prod State Splitting, and Drift Detection

Designing Defense-in-Depth with a WAF: Rolling Out AWS WAF / Cloud Armor's OWASP Countermeasures, Rate Limiting, and DDoS Mitigation to Production Without False Positives

You Can Halve Your Server Bill with 'Design': A Terraform × FinOps Practical Guide to Cutting a Startup's AWS Monthly Bill by 30–50%