AWSでのセキュリティ対策全部盛り[初級から中級まで]

"84ͰͷηΩϡϦςΟରࡦશ෦੝Γ <ॳڃ͔Βதڃ·Ͱ> "84ࣄۀຊ෦ɹίϯαϧςΟϯά෦ ӓాՂ༞

ࣗݾ঺հ ӓాɹՂ༞ ɾΫϥεϝιουגࣜձࣾ ɾ"84ࣄۀຊ෦ ɹιϦϡʔγϣϯΞʔΩςΫτ ɹηΩϡϦςΟνʔϜϦʔμʔ ɾ4FDVSJUZ+"84ӡӦ ɾ޷͖ͳαʔϏε
ɹ"848"'Ϛωʔδυϧʔϧ AWS WAF

޿͘ઙ͘Ͱ͸ͳ͘ ΅ͪ΅ͪਂ͍͖͘·͢

௕͍લઆ

ηΩϡϦςΟରࡦͬͯେมͰ͢ΑͶ

ηΩϡϦςΟରࡦ͍Ζ͍Ζ αΠόʔηΩϡϦςΟ ػີੑ/׬શੑ/Մ༻ੑ ൃݟత౷੍ ϦεΫϚωδϝϯτ Ψόφϯε/ίϯϓϥΠΞϯε ೝূ/ೝՄ ੬ऑੑ؅ཧ
؂ࢹ ϩά෼ੳ ৵ೖ๷ޚ

͜ͷηογϣϯͷ໨త ͍ΖΜͳਓʹ໢ཏతʹ"84ͷηΩϡϦςΟΛ఻͑ͯগ ͠Ͱ΋ͨ͘͞Μ࣋ͬͯؼͬͯ΋Β͏࣮ફͯ͠΋Β͏ ର৅ऀ w ։ൃऀ w ӡ༻୲౰
w ηΩϡϦςΟ୲౰ w ΞφϦετ w $*40 w ؂ࠪ w ͳͲͳͲ w ͭ·Γ"84ʹؔΘΔਓ͢΂ͯ

࣋ͪؼͬͯ΄͍͜͠ͱ w ࢿྉ͸ެ։͞Ε͍ͯΔ͔Βޙ͔Βख़ಡɾࣾ಺ల։ w Ϋϥ΢υ͸෢ث w Ϋϥ΢υηΩϡϦςΟ΋෢ث w
ΞδϦςΟΛམͱ͞ͳ͍߈ΊͷηΩϡϦςΟ w ήʔτ͔ΒΨʔυϨʔϧ΁ w ͢΂ͯͷਓ͕#VJMEFST w ηΩϡϦςΟ͸ΈΜͳͰ΍ΔͷͰ௚઀ؔ܎ͳ͍ͱࢥ͏಺༰ ΋ฉ͍ͯΈͯ

ήʔτ͔ΒΨʔυϨʔϧ΁ ࠷ۙ"84͕Α͘ݴ͏ϝοηʔδ ηΩϡϦςΟ͸ϏδωεʹϒϨʔΩΛ͔͚ͯ͸͍͚ͳ͍ ΨʔυϨʔϧͷΑ͏ʹಓ͔ΒҳΕͳ͍Α͏ʹةͳ͍ૢ࡞Λग़ དྷͳ͍Α͏ʹͨ͠Γ͙͢ੋਖ਼Ͱ͖ΔΑ͏؂ࢹࣗಈम෮͢Δ ͱΓ͋͑ͣҰׅͰېࢭ͠ͳ͍

ΈΜͳ#VJMEFST w "84Ͱ͸αʔϏεʹؔΘΔશͯͷਓΛ#VJMEFSTͱݺͿ w ։ൃऀ͚ͩͰ͸ͳ͍ w ηΩϡϦςΟ୲౰ऀ΋ҙࢥܾఆऀ΋؂ࠪਓ΋"84ͷαʔϏε Λۦ࢖ͯ͠ηΩϡϦςΟΛߴΊͨΓαʔϏεͷ࣭ΛߴΊͨΓί
ϯϓϥΠΞϯενΣοΫΛࣗಈԽͨ͠ΓͰ͖Δ w ͔ͩΒΈΜͳ#VJMEFST w #VJMEFST͸"84Λ࢖͍͜ͳͨ͢Ίʹ͍ͬͺֶ͍ΜͰͩ͘͞ ͍

௕͍લઆ લఏ৘ใ

"84ηΩϡϦςΟͷલఏ੹೚ڞ༗Ϟσϧ कΔ΂͖෦෼͸໌֬

Ϩϕϧʹ߹ΘͤͨରࡦΫϥ΢υδϟʔχʔ Ϋϥ΢υରԠͷ੒ख़౓ʹ߹Θͤͯద੾ͳରࡦΛ $$P&౳Λத৺ʹͲ͜·Ͱ΍Δ͔ܾΊ·͠ΐ͏

ࢀߟʹ͢ΔυΩϡϝϯτ͍Ζ͍Ζ w /*45αΠόʔηΩϡϦςΟϑϨʔϜϫʔΫ $4' w IUUQTBXTBNB[PODPNKQCMPHTOFXTVQEBUFEXIJUFQBQFSOPXBWBJMBCMFBMJHOJOHUPUIFOJTU DZCFSTFDVSJUZGSBNFXPSLJOUIFBXTDMPVE
w "84ηΩϡϦςΟϕετϓϥΫςΟε w IUUQTEBXTTUBUJDDPNXIJUFQBQFST[email protected]+14FDVSJUZ"[email protected]@#[email protected]QEG w 8FMM"SDIJUFDUFEϑϨʔϜϫʔΫ w IUUQTBXTBNB[PODPNKQCMPHTOFXTBXTXFMMBSDIJUFDUFEXIJUFQBQFS w 1$*'*4$)*11"౳֤छίϯϓϥΠΞϯεͷυΩϡϝϯτ w IUUQTBXTBNB[PODPNKQDPNQMJBODFQSPHSBNT ͔͍ͭ·ΜͰղઆ

/*45αΠόʔηΩϡϦςΟϑϨʔϜϫʔΫ $4' w ੈք֤஍ͷ੓෎ɺ࢈ۀքɺ૊৫ʹ͓͍ͯࢀর͞Ε͍ͯ ΔαΠόʔηΩϡϦςΟͷਪ঑ϕʔεϥΠϯ w ΨʔτφʔࣾʹΑΕ͹ɺ$4'͸ถࠃͷຽؒηΫλʔ ͷ໿Ͱར༻
w ೔ຊͰ΋*1"ͷϗʔϜϖʔδ͔Β๜༁൛ΛೖखՄೳ w ίΞػೳ͸ͭ w ࣝผ๷ޚݕ஌ରԠ෮چ

"84Ͱͷ$4'ରԠද Ұྫ IUUQTQBHFTBXTDMPVEDPNST5;.JNBHFT%QEG

8FMM"SDIJUFDUFEϑϨʔϜϫʔΫ w "84ͷϕετϓϥΫςΟεू w ͭͷப͕͋Δ ӡ༻্ͷ༏लੑɺηΩϡϦςΟɺ৴པੑɺύϑΥʔ Ϛϯεޮ཰ɺίετ࠷దԽ
w ηΩϡϦςΟͷபͷதʹ΋ͭͷཁૉ w ΞΠσϯςΟςΟ w ൃݟత౷੍ w Πϯϑϥอޢ w σʔλอޢ w ΠϯγσϯτϨεϙϯε

લઆ͕௕͘ͳΓ·͕ͨ͠ࠓճͷਐΊํ ࠓճ͸Ϩϕϧॱ: ॳڃ->தڃͷྲྀΕͰઆ໌ W-A΍CSFͳͲͷࢀߟ੒෼͸ ͪ͝Ό·ͥͰઆ໌͠·͢ (͖Ε͍ʹ෼͚Εͳ͍ͷͰ)

ॳڃͷ಺༰ w "84ϨΠϠʔجૅ w 04ΞϓϦϨΠϠʔجૅ w ӡ༻

ॳڃ AWSϨΠϠʔجૅ

"84ϨΠϠʔجૅ w *". w $MPVE5SBJM"84$POpH w (VBSE%VUZ w
"844IJFME w 71$ w 4 w όοΫΞοϓ

͋ΘͤͯಡΈ͍ͨ "84ηΩϡϦςΟϕετϓϥΫςΟεͱͦͷิ଍ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTFYQMBOBUJPOBXT TFDVSJUZCFTUQSBDUJDFT

͋ΘͤͯಡΈ͍ͨ "84͝ར༻։࢝࣌ʹ࠷௿ݶ͓͓͖͍͑ͯͨ͞ͷ͜ͱ IUUQTXXXTMJEFTIBSFOFU"NB[PO8FC4FSWJDFT+BQBO EBZXJUIBNB[POXFCTFSWJDFTBXT

*".ͷ࠷ॏཁࣄ߲ w *".Ϣʔβʹ͸.'"ඞਢ w ΞΫηεΩʔΛίʔυʹຒΊࠐ·ͳ͍ *".ϩʔϧΛར ༻͢Δ
w ίʔυΛѻ͏୺຤͢΂ͯʹHJUTFDSFUTΛಋೖ͢Δ w ࠷খݖݶΛҙࣝ͢Δ w "84ར༻Ϣʔβ͢΂ͯʹ*".ͷѻ͍ʹ͍ͭͯڭҭ͢Δ

͋ΘͤͯಡΈ͍ͨ "84࠶ೖ໳"84*". *EFOUJUZBOE"DDFTT .BOBHFNFOU ฤ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTDNBEWFOUDBMFOEBSHFUUJOH TUBSUFEBHBJOBXTJBN "84Ϛωδϝϯτίϯιʔϧ্ͱ࿈ಈ͠ͳ͕Βઆ໌͞Ε͍ͯͯɺը໘Λ
৮ΔΠϝʔδ͕௫ΊΔͷͰΦεεϝ

͋ΘͤͯಡΈ͍ͨ *".ͷϕετϓϥΫςΟε IUUQTEPDTBXTBNB[PODPN[email protected]*".MBUFTU6TFS(VJEFCFTU QSBDUJDFTIUNM "84͕ग़͍ͯ͠Δ͞Βʹ*".ʹಛԽͨ͠ϕετ ϓϥΫςΟε ຊ౰ʹ͕ͬ͠Γ৘ใ͕٧·͍ͬͯΔͷͰͨ·ʹৼ ΓฦͬͯΈΔͱ͍͍Ͱ͢

͋ΘͤͯಡΈ͍ͨ "84ΞΫηεΩʔΛ(JUϦϙδτϦʹࠞೖͤ͞ͳ͍ͨΊʹ HJUTFDSFUTΛಋೖͨ͠ "84ͰҰ൪ଟ͍ࣄނΛ๷͛ΔͷͰඞਢ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTTUBSUVQHJUTFDSFUT

࠷ۙͷࣄނࣄྫ$BQJUBM0OF ݪҼͷೖΓޱ͸ಠࣗߏஙͨ͠&$্ͷ8"' ͔͠͠ྲྀग़ͨ͠ΫϨσϯγϟϧʹΛ௒͑Δ4 #VDLFUͷ৘ใΛऔಘ͢Δݖݶ͕͋Δ͜ͱ͕໰୊ ࠷খݖݶΛҙࣝ͢Δ QJZPMPH͞Μ͔Βआ༻ IUUQTQJZPMPHIBUFOBEJBSZKQFOUSZ

͋ΘͤͯಡΈ͍ͨ "84ͷബ͍ຊɹ*".ͷϚχΞοΫͳ࿩ ࠤʑ໦୓࿠ࢯ !ELGK ͷಉਓࢽ *".ͷجૅ͔ΒϙϦγʔͷൿ఻ͷλϨ·Ͱ ੯͠Έͳ͘঺հ͞Ε͍ͯΔҰ࡭ μ΢ϯϩʔυ൛͕͋ΔͷͰࠓ͙͢ߪೖ͢΂͠
IUUQTCPPUIQNKBJUFNT

ར༻։࢝࣌ʹ༗ޮԽ͢ΔαʔϏε w "84$MPVE5SBJM w "84ʹର͢Δ"1*ίʔϧΛه࿥͢Δ w "84$POpH w
"84ϦιʔεϕʔεͷมߋཤྺΛه࿥͢Δ w "NB[PO(VBSE%VUZ w "84ʹର͢Δෆ৹ͳಈ͖Λݕ஌͢Δ w ෆਖ਼ͳϩάΠϯ΍ίΠϯϚΠχϯάͳͲͷڴҖΛݕ஌ w ͜ΕΒ͸ଟগ͓͕͔͔ۚͬͯ΋ඞਢ Կ͔͋ͬͨΒऔΓฦ͕ͭ͠ ͔ͳ͍ͷͰ

͋ΘͤͯಡΈ͍ͨ ৽نΞΧ΢ϯτͰ΋͜ΕҰൃʂ$MPVE5SBJMΛશ ϦʔδϣϯͰ༗ޮԽ͢ΔεΫϦϓτΛॻ͍ͨ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTDMPVEUSBJMBDUJWBUF ·ͩ༗ޮʹͳ͍ͬͯͳ͍ΞΧ΢ϯτ͸ҰൃೖΕ͓͖ͯ·͠ΐ͏

͋ΘͤͯಡΈ͍ͨ "84$POpH͸ͱΓ͋͑ͣ༗ޮʹ͠Α͏ IUUQTEFWDMBTTNFUIPEKQDMPVEBXT BXTDPOpHTUBSU

͋ΘͤͯಡΈ͍ͨ ҰൃͰ(VBSE%VUZΛશϦʔδϣϯ༗ޮԽͯ͠௨஌ઃ ఆ͢ΔςϯϓϨʔτ࡞ͬͨ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTTFUHVBSEEVUZBMMSFHJPO ·ͣ͸Ұൃ༗ޮԽʂ

(VBSE%VUZ͸ίεύ࠷ڧ ʲશһඞਢʳ(VBSE%VUZ͕ίεύ࠷ڧͷڴҖݕ஌αʔϏε Ͱ͋Δ͜ͱΛূ໌ͯ͠Έͨ ΋͠Ͳ͏ͯ͠΋(VBSE%VUZͷಋೖΛ๦͛Δ΋ͷ͕ݱΕͨΒ ͜ͷϒϩάΛ͓࢖͍͍ͩ͘͞ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTHVBSEEVUZTJTUSPOHFTUUISFBEEFUFDUJPO

"844IJFME Ϛωʔδυͳ%%P4อޢαʔϏεͰ ແྉͰ࠷ॳ͔Β--Ϩϕϧ͕อޢ͞Ε͍ͯΔ 4UBOEBSEϓϥϯͱɺ"84ͷ%%P4ઐ໳νʔϜ ͱ࿈ܞͯ͠-΍େن໛ͳ%%P4ʹର߅͢Δ "EWBODFEϓϥϯ͕͋Δ 4UBOEBSE͸ͱ͘ʹઃఆͷඞཁͳ͠ AWS
Shield

71$ w ؀ڥ͝ͱʹ71$΍ΞΧ΢ϯτΛ෼ׂ͢Δ w "84ΞΧ΢ϯτ͝ͱ෼ׂ͢Ε͹*".΋෼͚ΕΔ w 4FDVSJUZ(SPVQͱ/"$-Λద੾ʹར༻͢Δ w
جຊ͸4FDVSJUZ(SPVQͰߜΔ w /"$-͸αϒωοτશମͰඞཁͳ΋ͷ͚ͩ w 71$಺͔Β"84αʔϏεΛར༻͢Δ৔߹͸71$ &OEQPJOU 1SJWBUF-JOL Λར༻͢Δ w ΠϯλʔωοτΛܦ༝͠ͳ͍"1*௨৴Λ࣮ݱ

͋ΘͤͯಡΈ͍ͨ "84ΞΧ΢ϯτͱ71$ɺ෼͚Δʁ෼͚ͳ͍ʁ෼ׂύ λʔϯͷϝϦοτɾσϝϦοτ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTBDDPVOUBOEWQDEJWJEJOHQBUUFSO ΞΧ΢ϯτ෼ׂ ઓུ ͷ఼ಊೖΓهࣄ

"845SVTUFE"EWJTPSͰηΩϡϦςΟϦεΫͷ؂ࢹ "845SVTUFE"EWJTPS͸ʮίετ࠷దԽʯɺʮύϑΥʔϚϯεʯɺ ʮηΩϡϦςΟʯɺʮϑΥʔϧττϨʔϥϯεʯͷ̐ͭͷ؍఺͔Βɺ ར༻ऀͷ"84؀ڥΛ"84͕ࣗಈͰਫ਼ࠪ͠ɺਪ঑ઃఆͷ͓஌ΒͤΛ͠ ͯ͘ΕΔػೳ *".΍4ͷઃఆͳͲ͕໰୊ͳ͍͔νΣοΫͯ͘͠ΕΔ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTDNBEWFOUDBMFOEBSHFUUJOHTUBSUFEBHBJOBXTUE

"84ηΩϡϦςΟʹ͍ͭͯ·ͱ·͍ͬͯΔࢿྉ +"84%":4ͷొஃࢿྉΛࢀߟʹͯ͘͠ ͍ͩ͞ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTKBXTEBZTJTFDVSJUZ

ҰൠతʹηΩϡΞͳߏ੒ w ࡾ૚ωοτϫʔΫ w ϑϩϯτҎ֎͸ϓϥΠϕʔτ w Ϛϧν"; w
"VUP4DBMJOH w ֎෦௨৴͸/"5ܦ༝ w ඞཁʹԠ͡$MPVE'SPOU΍ 8"'Λಋೖ

͋ΘͤͯಡΈ͍ͨ ʮ<ॳ৺ऀ޲͚>"84؀ڥͷηΩϡϦςΟӡ༻ ઃܭ Λ͸͡ΊͯΈ Α͏ʯ+"84%":4ొஃࢿྉ 71$पΓͷΞʔΩςΫνϟ΍ͦͷӡ༻ʹ͍ͭͯ͸ͪ͜Β IUUQTEFWDMBTTNFUIPEKQDMPVEBXTKBXTEBZTBTFDVSJUZ

4 w 4ͷΞΫηε੍ޚͷཁૉ͸େ͖ͭ͘ w *".ϙϦγʔ w όέοτϙϦγʔ w
"$- w ύϒϦοΫΞΫηεϒϩοΫ

4 w *".ϢʔβϩʔϧʹΞΫηεݖΛ༩͑Δ࣌͸3FTPVSDFͰό έοτΛ࠷খݶʹݶఆ͢Δ w ಛʹ&$-BNCEB w όέοτϙϦγʔͱ"$-Ͱ࠷খݖݶΛҙࣝ͢Δ
w *1੍ݶͳͲߜΓ͗ͯࣗ͢෼͕ΞΫηεͰ͖ͳ͘ͳΔͷ͸ؾΛ ͚ͭΔ w ύϒϦοΫΞΫηεϒϩοΫͰ֎෦͔ΒͷΞΫηεΛଟॏʹ๷ ͙

4ͷηΩϡϦςΟϕετϓϥΫςΟε IUUQTEPDTBXTBNB[PODPN[email protected]"NB[PO4 MBUFTUEFWTFDVSJUZCFTUQSBDUJDFTIUNM w "NB[PO4Ͱͷ༧๷తηΩϡϦςΟͷϕετϓϥ ΫςΟε w ΞΫηε੍ޚ΍҉߸ԽͳͲ
w "NB[PO4ͷϞχλϦϯάͱ؂ࠪͷϕετϓϥΫ ςΟε w ϩΪϯάͳͲ

͋ΘͤͯಡΈ͍ͨ 4Ͱޡͬͨσʔλͷެ։Λ๷͙ύϒϦοΫΞΫηεઃఆ ػೳ͕௥Ճ͞Ε·ͨ͠ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTT CMPDLQVCMJDBDDFTT

όοΫΞοϓ w &$΍3%4ͳͲͷόοΫΞοϓ͸͖ͪΜͱऔΖ͏ ΋ ͪΖΜ৑௕Խ΋ w ઌ೔ͷো֐Ͱ෮چ͠ͳ͘ͳͬͨ&#4͕͋ͬͨͷͰɺ
όοΫΞοϓઃఆ͸Ϣʔβ੹೚Ͱ͋Δ͜ͱΛڧ͘ҙࣝ ͢Δ w ࣗಈόοΫΞοϓʹ͸"NB[PO%-.΍"84 #BDLVQͳͲ͕͋Δ͕ɺฐࣾతʹ͸ฐࣾఏڙͷ 0QTXJUDI͕Φεεϝʂ

0QTXJUDIʢΦϓε΢Οονʣ w Ͱ͖Δ͜ͱ w όοΫΞοϓ࡞੒ w Πϯελϯεͷىಈఀࢭ w
Ϧʔδϣϯײίϐʔ w ϦιʔεࢭΊ๨ΕνΣοΫ w ॊೈͳεέδϡʔϧ࣮ߦ w ෳ਺"84ΞΧ΢ϯτΛ౷߹తʹ؅ཧͰ͖Δ w ΫϥεϝιουϝϯόʔζͷϓϨϛΞϜαʔϏεܖ໿ࡁΈͳΒ௥Ճ අ༻ແ͠Ͱར༻Մೳ

͋ΘͤͯಡΈ͍ͨ "84ӡ༻͔ΜͨΜࣗಈԽπʔϧʮPQTXJUDIʯʢΦϓε ΢ΟονʣΛ࢖ͬͯΈΑ͏ʂ ͲΜͳײ͔͡͸ͪ͜Β IUUQTEFWDMBTTNFUIPEKQFUDHFUTUBSUFEXJUIPQTXJUDI

͋ΘͤͯಡΈ͍ͨ IUUQTEFWDMBTTNFUIPEKQDMPVEFDTOBQTIPUCZBNB[POEMN IUUQTEFWDMBTTNFUIPEKQDMPVEBXTBXTCBDLVQ

ॳڃ OS/ΞϓϦϨΠϠʔجૅ

04ΞϓϦϨΠϠʔجૅ w ηΩϡΞͳ࣮૷ ίʔσΟϯάΞʔΩςΫνϟ w ෆਖ਼ϓϩάϥϜରࡦ w
੬ऑੑରࡦ w ίϯςφηΩϡϦςΟ w ΞΠσϯςΟςΟ

ηΩϡΞͳ࣮૷ ίʔσΟϯάΞʔΩςΫνϟ ͜͜Ͱ͸ৄࡉʹ৮Ε·ͤΜ͕ΞϓϦͷ࣮૷͸΋ͪΖΜ Ϣʔβ੹೚ͷൣғͰ͢ ΦϯϓϨϛεͰ΋Ϋϥ΢υͰ΋มΘΒͣରࡦ͠·͠ΐ͏ ͱΓ͋͑ͣಙؙຊஔ͍ͱ͖·͢Ͷ IUUQTXXXBNB[PODPKQEQ

ෆਖ਼ϓϩάϥϜରࡦ w 04ϨΠϠʔҎ্͸͓٬༷੹೚ൣғ Ͱɺಛʹαʔό಺෦ͷରࡦ͸αʔυ ύʔςΟ੡඼͕ඞਢ w 8FCαΠτͰ͸Πϯλʔωοτʹ৮ ΕΔαʔό͸߈ܸΛ࠷ॳʹड͚Δ෦
෼ͷͨΊରࡦඞਢ w ฐࣾͷఏҊͱͯ͠͸04಺Ͱෳ਺ϨΠ ϠʔͷػೳΛ࣋ͭ%FFQ4FDVSJUZ͕ ਪ঑ "84ͱͷ਌࿨ੑ͕ߴ͍ ෆਖ਼ϓϩάϥϜରࡦ ηΩϡϦςΟϩά؂ࢹ มߋ؂ࢹ ɾ IDS/IPS ΞϯνϚϧ΢ΣΞ

੬ऑੑରࡦ w ੬ऑੑ਍அ͸ϓϥοτϑΥʔϜ਍அͱ8FC ΞϓϦέʔγϣϯ਍அΛ྆ํ࣮ࢪ͢Δ w "NB[PO*OTQFDUPS͸ϓϥοτϑΥʔϜ਍ அͷΈͷͨΊɺఆৗతͳνΣοΫʹ͸޲͕͘ ϦϦʔεલͷશମνΣοΫʹ͸ྗෆ଍
w ؆қతͳ8FCαΠτ ݸਓ৘ใΛ࣋ͨͳ͍ɾ ෳࡶͳϩδοΫ͕ͳ͍ ͳΒ'4FDVSF 3"%"3 πʔϧͰͷ਍அ Ͱ͍͍ w ্هʹ౰ͯ͸·Βͳ͍৔߹ʹ͸ΠΤϥΤη ΩϡϦςΟͷΑ͏ʹखಈͰ਍அ͢ΔαʔϏε ਪ঑ ੬ऑੑରࡦ ੬ऑੑ਍அ ੬ऑੑ(ύον)؅ཧ ๷ޚ Inspector SSM

੬ऑੑରࡦ w ੬ऑੑ؅ཧ͸͢΂ͯͷαʔόͰඞਢ w 44.୯ମͰ΋Ͱ͖ͳ͘ͳ͍͕ɺύον ద༻ͷΈͷར༻͕޲͍͍ͯΔ w 04ϛυϧ΢ΣΞͷ੬ऑੑνΣοΫ͸
'VUVSF7VMT͕͍͍ɺӡ༻ʹدΓఴ͑Δ w 8FCεΩϟϯͱ੬ऑੑ؅ཧɺνέοτ ػೳ͕͋Γ"1*࿈ܞͰ$*$%αΠΫϧ ʹ'4FDVSF3"%"3Λ૊ΈࠐΊΔͷ ͰͦΕ΋ݕ౼ͯ͠ΈΔ ੬ऑੑରࡦ ੬ऑੑ਍அ ੬ऑੑ(ύον)؅ཧ ๷ޚ Inspector SSM

͋ΘͤͯಡΈ͍ͨ <਱ʹ͖ͨʂ>੬ऑੑ؅ཧπʔϧ'VUVSF7VMT͔Β௚઀ 44.Λར༻ͯ͠ύονద༻͕Ͱ͖ΔΑ͏ʹͳͬͨͷͰ ΍ͬͯΈͨ ੬ऑੑ؅ཧ͔Β௚઀ύονͷద༻·ͰͰ͖ͯӡ༻͕ஈҧ ͍ͰָʹͳΔͷͰ׆༻͢΂͠ IUUQTEFWDMBTTNFUIPEKQDMPVEBXT[email protected]@[email protected]@[email protected]@GVUVSFWVMT

͋ΘͤͯಡΈ͍ͨ ʲ'4FDVSF3BEBS"1* $PEF1JQFMJOFʳ8FC εΩϟϯͷ࣮ߦͱ݁Ռ൑ఆΛࣗಈԽͯ͠Έͨ $*$%ʹ8FCΞϓϦέʔγϣϯͷ੬ऑੑ਍அΛ૊Έࠐ Ήख๏Λ঺հ͍ͯ͠·͢ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTBVUPXFCTDBOXJUIQJQFMJOF

੬ऑੑରࡦ w ๷ޚ͸࢑ఆରॲͷͨΊ਍அ΍؅ཧΛ͠ ্ͨͰ׆༻ w %FFQ4FDVSJUZͰ04্Ͱͷରࡦ΋Մೳ ͕ͩɺՄೳͳΒલஈͰ8"'౳ͰࢭΊ͍ͨ w
"848"'͸ΞϓϥΠΞϯε8"'ΑΓ ΋ػೳ͸ݶఆత͕ͩεέʔϧ౳૬ੑ͸͍ ͍ͷͰΤϯτϦʔϨϕϧ͔Βݕ౼͢Δ w "848"'ӡ༻ͷφϨοδ͕ͳ͍৔߹ʹ ͸8BG$IBSNʹΑΔࣗಈӡ༻΋ݕ౼ ੬ऑੑରࡦ ੬ऑੑ਍அ ੬ऑੑ(ύον)؅ཧ ๷ޚ Inspector SSM

͋ΘͤͯಡΈ͍ͨ ࠃ࢈8"'ϕϯμʔ$4$͔Β৽͍͠"848"'Ϛωʔδυ ϧʔϧ͕ϦϦʔε͞ΕͨͷͰ࢖ͬͯΈͨ ϚωʔδυϧʔϧͲΕ࢖ͬͨΒྑ͍͔Θ͔Βͳ͔ͬͨΒͱΓ ͋͑ͣ͜Ε IUUQTEFWDMBTTNFUIPEKQDMPVEBXTDTDXBGNBOBHFESVMFSFMFBTF

ίϯςφͷෆਖ਼ϓϩάϥϜ΍੬ऑੑରࡦ w 'BSHBUFͳͲϗετΛૢ࡞Ͱ͖ͳ͍ ίϯςφܥͰ͸ಛʹηΩϡϦςΟ੡඼ ͸·ͩࢢ৔ʹग़ἧ͍ͬͯͳ͍ w "RVBͳΒϦϦʔεલͷίϯςφͷ੩ తεΩϟϯ΍ՔಇதͷಈతͳεΩϟϯ
ʹ΋ରԠ͍ͯ͠Δ ίϯςφ

͋ΘͤͯಡΈ͍ͨ ίϯςφηΩϡϦςΟΛ࢝ΊΔͷʹ༗༻ͳυΩϡϝϯτͭ ͱແྉπʔϧͭͷ঺հ ίϯςφηΩϡϦςΟ͸/*45ͷυΩϡϝϯτΛಡΉͱ͍͍ IUUQTEFWDMBTTNFUIPEKQUPPMEPDLFSDPOUBJOFSTFDVSJUZUPPMTBOEEPDT

͋ΘͤͯಡΈ͍ͨ ʲ௒଴๬Ξοϓσʔτʳ&$3ʹର͢Δ੬ऑੑεΩϟϯػೳ ͕ఏڙ͞Ε·ͨ͠ ίϯςφͷࣗಈεΩϟϯ͕Ͱ͖ΔΑ͏ʹͳ͍ͬͯ·͢ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTFDSSFQPTJUPSZTDBO

ΞΠσϯςΟςΟ w ΞϓϦέʔγϣϯͰͷΞΠσϯςΟςΟ؅ཧͷ࣮૷͸ େม w $PHOJUPͰೝূػೳΛར༻͢Δͷ΋Ұͭͷख w $PHOJUPͳΒ"EWBODFE4FDVSJUZͰϦεΫϕʔ
εͷೝূڧԽͳͲ΋Մೳ w ΑΓखܰʹڧྗͳػೳΛར༻͢ΔͳΒ"VUI

ॳڃ ӡ༻

ӡ༻ઃܭͨ͠ʁ ηΩϡϦςΟҎ֎΋ؚΊͯ ͓ئ͍͔ͩΒӡ༻ઃܭ͍ͯͩ͘͠͞(੾࣮)

ӡ༻ઃܭ ෯͕޿͗͢ΔͷͰ͔͍ͭ·ΜͰτϐοΫ͋͛·͢ w $MPVE8BUDIΛϕʔεʹ&$ͷࢮ׆؂ࢹ΍3PVUFͷ֎ܗ؂ࢹΛ࢖ͬͯ ΞϥʔτઃఆΛͯ͠ҟৗΛݕ஌͢Δ w ͦͷଞ࢖͍ͬͯΔαʔϏεͷϝτϦΫεͰԿΛݟΔ͔ɺΞϥʔττϦΨʔʹ ͢Δ͔ΛܾΊ͓ͯ͘
ԿΛো֐ͱ͢Δ͔ఆٛ͢Δ w ΞϓϦଆͷϝτϦΫεऔಘ΍ϩάͷ֎෦ग़ྗ 4΍$MPVE8BUDI-PHT Λ ߦ͏ w ݕ஌ޙͷ࣍੾Γ෼͚΍෮چϑϩʔΛ࡞͓ͬͯ͘ w Կճ΋ϑϩʔΛ࣮ࡍʹྲྀ͓ͯ͘͠ Ϋϥ΢υ͔ͩΒ΋͏Ұݸ؀ڥ࡞ͬͯ؆୯ʹ Ͱ͖·͢ w Ͱ͖Δ͚ͩࣗಈԽ͢Δ ྫ"VUP4DBMJOH࢖͏͚ͩͰ&$ͷ෮چΛࣗಈԽͰ ͖Δ

όοΫΞοϓ෮چͷࢼݧ͸΍Γ·͠ΐ͏ w ؆୯ʹόοΫΞοϓΠϝʔδ͔Β෮چͰ͖·͕͢ɺΘ ͔ͬͯͳ͍ͱ؆୯Ͱ͸ͳ͍Ͱ͢ w &$ͷ৔߹ɺ".*͔Βͷ෮چ͔&#4εφοϓ γϣοτ͔Βͷ෮چ͔ʁ w
*1ΞυϨεมΘΔ͜ͱ΋͋Δ͔Βେৎ෉͔ w 3%4ͳΒແ͘ͳΔσʔλͷ͜ͱ΋ߟ͑ͯ

෮چܭը΋͔ͬ͠Γ࡞Δ w ";ো֐͕ى͖ͨΒͲ͏͢Δ͔ w ϦʔδϣϯϨϕϧ΋ߟ͑Δͷ͔ w ؀ڥΛ࡞Γ௚͠΍͍͢Α͏ʹ$MPVE'PSNBUJPOͳͲ ͰςϯϓϨʔτԽ͢Δͱ͍͏ख΋͋Δ
w ͍ΘΏΔ*OGSBTUSVDUVSFBT$PEF *B$ w ԿͰ΋૊ΈࠐΈ͗͢ͳ͍Α͏ʹ໨తʹ߹Θͤͨ࡞Γํ Λ͢ΔΑ͏ʹ มߋͷ൓ө͕खؒʹͳΓ͗ͨ͢Βຊ຤స ౗

؂ࢹɾϩΪϯάɾ෼ੳ w ֤छϦιʔεͷϝτϦΫεͱϩάͷऔಘ͸ඞਢ w ϩά෼ੳ͸୯७ͳ8FCαΠτͳΒ༏ઌ౓͸௿Ίɻύ ϑΥʔϚϯε΍ηΩϡϦςΟཁ͕݅ߴ͍৔߹ʹ͸ݕ౼ ͢Δ w
ϩάʹ͍ͭͯอଘ͸جຊ4อଘɺ෼ੳΛݕ౼͢Δͳ Β$MPVE8BUDI-PHT&MBTUJD4FBSDI4VNP -PHJD͕બ୒ࢶʹͳΔ w ෼ੳΛॳΊͯߦ͏৔߹΍෼ੳʹूத͍ͨ͠৔߹ɺε έʔϧ͕ಡΊͳ͍৔߹ʹ͸4VNP-PHJD͕ॳظμο γϡϘʔυͱΠϯςάϨʔγϣϯʹ༏Ε͍ͯΔͷͰ͍ ͍ ϩΪϯάɾ෼ੳ CloudWatch Conﬁg CloudTrail ؂ࢹ CloudWatch

͋ΘͤͯಡΈ͍ͨ $MPVE8BUDIμογϡϘʔυΛར༻ͯ͠Φʔτεέʔ ϧ؀ڥͷՔಇঢ়ଶΛՄࢹԽͯ͠Έͨ ωਃͷμογϡϘʔυΛ׆༻͠·͠ΐ͏ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTBVUPTDBMMJOHXJUIDMPVEXBUDIEBTICPBSE

ͦͷଞ؂ࢹཁૉ w "VSPSBͷύϑΥʔϚϯεΠϯαΠτ͸Մࢹੑ͕ͪΐʔ্͕Δ w IUUQTEFWDMBTTNFUIPEKQDMPVEBXTXPSEQSFTTECQFSGPSNBODFJOTJHIU w &$4΍&,4ͷίϯςφΠϯαΠτ΋͍ͬͺ͍ݟ͑Δ w
IUUQTEFWDMBTTNFUIPEKQDMPVEBXTDPOUBJOFSJOTJHIUTHB

ͦͷଞ؂ࢹཁૉ w ",*#""84൪֎ฤʙ"846QEBUF-5େ ձʙͰʮ஌͍ͬͯΔ͔93BZͷΞοϓσʔτ Λʂʂʯͱ͍͏಺༰Ͱొஃ͠·ͨ͠BLJCBBXT w ΞϓϦଆ͸93BZΛ࢖͏ͱΑ͘ݟ͑Δ w
IUUQTEFWDMBTTNFUIPEKQDMPVEBXTBLJCBBXTYSBZ

ηΩϡϦςΟܥαʔϏεͷӡ༻ w Ξϥʔτ͕ग़ͨͱ͖ͷରԠ͸΅ͪ΅ͪେม͚ͩͲ֬ೝ ͢ΔϙΠϯτ͚ͩͰ΋·ͱΊ͓ͯ͘ w (VBSE%VUZ"848"'%FFQ4FDVSJUZ͸ ࢀߟ৘ใࡌ͓͖ͤͯ·͢

͋ΘͤͯಡΈ͍ͨ "NB[PO(VBSE%VUZʹΑΔٙΘ͍͠ωοτϫʔΫ௨৴ ͷݕ஌ͱॳಈରԠͷৼΓฦΓ ӡ༻࣌ͷରԠͷҰྫ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTHVBSEEVUZpSTUBDUJPO

͋ΘͤͯಡΈ͍ͨ "848"'Ϛωʔδυϧʔϧಋೖͱӡ༻ͷצॴ "848"'ӡ༻ͷࢀߟྫ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTIPXUPXBGNBOBHFESVMF

͋ΘͤͯಡΈ͍ͨ ͸͡Ίͯͷ%FFQ4FDVSJUZӡ༻ʹඞཁͳ৘ใ·ͱΊ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTEFFQTFDVSJUZpSTUTUFQXJUIDMBTTNFUIPE

$*$%͍ͭͰʹηΩϡϦςΟରࡦ w $*$%ͷϑϩʔ͕͋ΔͳΒ΍Γ·͠ΐ͏ w ͳͯ͘΋΍Γ͍ͨͳΒจԽͮ͘ΓͳͷͰཁ૬ஊ w ʮࣗ෼ͨͪͰ΍͍ͬͯͧ͘ʂʯͱ͍͏ҙࢥ͕ඞཁ

͋ΘͤͯಡΈ͍ͨ ʲ'4FDVSF3BEBS"1* $PEF1JQFMJOFʳ੬ऑ ੑ਍அͷ࣮ߦ͔Β݁Ռऔಘɺ൑ఆ·ͰશࣗಈͰ΍ͬͯΈ ͨ &$ͷ04ϛυϧ΢ΣΞͷࣗಈ਍அʹ༗ޮ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTBMMBVUPWVMTDBOXJUIQJQFMJOF

ॳڃ·ͱΊ w "84ϨΠϠʔͷηΩϡϦςΟ͸ΦϯϓϨϛεʹແ͍΋ ͷͳͷͰ͖ͪΜͱ֮͑Δ w 04ΞϓϦϨΠϠʔ͸ैདྷͲ͓Γ͚ͩͲɺ͜Ε·Ͱग़དྷ ͯͳ͔ͬͨͳΒؾʹ͢Δ ΦϯϓϨϛεΑΓ͸΍Γ΍͢
͍ʂ w ӡ༻Λ࠷ॳ͔ΒͪΌΜͱߟ͑Δ શ෦Λ΍Δඞཁ͸ͳ͍͔΋͠Εͳ͍͚Ͳݕ౼͸͠·͠ΐ͏

தڃͷ಺༰ w ൃݟత౷੍ΠϯγσϯτϨεϙϯε w (3$ ΨόφϯεϦεΫίϯϓϥΠΞϯε ࢹ໺Λ޿࣋ͬͯ͘ཉ͍ͬͯ͠࿩Ͱ͢ Ұਓ͡Όͳ͘૊৫ͰରԠ͍ͯ͘͠࿩

தڃ ൃݟత౷੍ / ΠϯγσϯτϨεϙϯε

ൃݟత౷੍ͱ͸ w %FUFDUJWF$POUSPM w ༧๷తίϯτϩʔϧͱରൺͯ͠࢖ΘΕΔࣄ͕ଟ͍ w ϦεΫϚωδϝϯτͷ༻ޠ w
8"'΍ύονద༻ͰΠϯγσϯτΛ༧๷͢Δ͚ͩͰͳ ͘ɺΠϯγσϯτ͕ى͖ͨ࣌ʹؾ෇͚ΔΑ͏ʹ͓ͯ͘͠ w ೔ຊͩͱൃݟత౷੍ͷମ੍͕ऑ͍ͱݴΘΕ·͢Ͷ

ΠϯγσϯτϨεϙϯε *3 ͱ͸ w Πϯγσϯτ ো֐ͱ͔ηΩϡϦςΟࣄނͱ͔ݦࡏԽ ͨ͠ڴҖͳͲ ͷରԠ
Ϩεϙϯε Λ͢Δ͜ͱ w "84ʹ͓͚ΔΠϯγσϯτϨεϙϯε͸֤छΞϥʔ τ౳͔Βݕ஌ͯ͠ɺϩά౳Λݟͯࣄ৅Λ֬ೝɺઃఆม ߋ΍؀ڥִ཭ɺ*".ͷ࡟আ౳Λߦ͍ͬͯ͘

ൃݟత౷੍ͷୈҰา(VBSE%VUZ w (VBSE%VUZ͸"84্Ͱى͜Δ͋ΒΏΔڴҖΛݕ஌ ͯ͘͠ΕΔ w ·ͣ͸͜ͷΞϥʔτ͔ΒରԠ͢Δମ੍Λ࡞Δ w ͲΜͳΞϥʔτ্͕͕Δ͔ͷྫ
w *".ͷΞΫηεΩʔ͕࿙Ӯͯ͠ෆਖ਼ར༻͞Ε͍ͯΔ w &$͕Ϛϧ΢ΣΞʹײછ͍ͯ͠Δ

(VBSE%VUZͷΞϥʔτΛड͚औΔ w (VBSE%VUZ͸༗ޮԽ͢Δ͚ͩͩͱΞϥʔτ͕ඈ͹ ͳ͍ w $MPVE8BUDI&WFOUTΛܦ༝ͯ͠4/4Ͱϝʔϧ΍ 4MBDL΁ͷνϟοτ΍#BDLMPH΁ͷνέοτΛඈ͹ ͢
w ϝʔϧΛड͚औͬͨΒ"84Ϛωδϝϯτίϯιʔϧ ʹϩάΠϯͯ͠ݟΔ KTPOΑΓݟ΍͍͢

(VBSE%VUZͷݟΔͱ͜Ζ w (VBSE%VUZը໘ͷ݁Ռ͔ΒબΜͰৄࡉը໘ w ॏཁ౓ͱର৅ͷϦιʔεΛνΣοΫ w ڴҖͷ಺༰͸-FBSO.PSF͔ΒৄࡉυΩϡϝϯτ΁ඈ΂Δ

(VBSE%VUZͷݟΔͱ͜Ζ w Ϧιʔε"1*"DUPS ૢ࡞ݩ ͳͲͷ৘ใ΋ w Ϣʔβ໊΍ૢ࡞͍ͯ͠Δ*1ɺࠃ͸Α͘࢖͏൑அࡐྉ

(VBSE%VUZͷରԠํ๏ w ݕ஌ͨ͠಺༰ʹΑΔ͕ΫϦςΟΧϧͳ΋ͷ͸छྨ w *".ෆਖ਼ར༻͸*".ΛແޮԽͯ͠Өڹௐࠪ w $MPVE5SBJMͰ֘౰ΫϨσϯγϟϧͰͷૢ࡞Λ͢΂ͯ֬ೝ w
"ENJOݖݶ͕৐ͬऔΒΕ͍ͯͨΒ࠷ѱΞΧ΢ϯτഁغ w &$͕৐ͬऔΒΕ͍ͯͨΒִ཭ɾϑΥϨϯδοΫ w JOPVU͢΂੍ͯݶͨ͠4FDVSJUZ(SPVQͰִ཭ w TTNBRVJSF౳ͷπʔϧΛ࢖͏ͱָ w ॏཁͳσʔλʹΞΫηε͍ͯ͠ͳ͍͔ͱ͔֬ೝ

͋ΘͤͯಡΈ͍ͨ w ϑΥϨϯδοΫπʔϧͷ44."DRVJSFΛ࢖ͬͯΈ ͨSFJOWFOU w ࣄલʹ४උ͓͚ͯ͠͹҆શʹɺઐ໳Ո͡Όͳͯ͘΋ඞ ཁͳσʔλΛऔಘͰ͖Δ w
IUUQTEFWDMBTTNFUIPEKQDMPVEBXTSFJOWFOUTTNBDRVJSF

࣮ࡍͷ(VBSE%VUZͷରԠ w ͪΌΜͱ΍͍ͬͯΕ͹ॏཁ౓ߴͷΞϥʔτ͸ͳ͍ w ॏཁ౓தҎԼ͸աݕ஌ͷ৔߹΋͋Δ w Ͱ΋಺༰͸֬ೝͯ͠Ͷ w
Α͋͘Δ಺༰ w 6OVTVBM"DDFTTීஈͱ͸ҧ͏৔ॴ͔ΒͷΞΫηε w 6TFS1FSNJTTJPOT*".ͷݖݶมߋ w ͜ΕΒ͸؀ڥʹΑͬͯ͸Α্͕͘Δ͕ɺͨͩͷաݕ஌ͳͷ͔͸ͬ͠ ͔Γ֬ೝ͢Δ w ݕ஌݁ՌͱͦͷରԠ๏ w IUUQTEPDTBXTBNB[PODPN[email protected]HVBSEEVUZMBUFTUVH[email protected]UZQFTBDUJWFIUNM

աݕ஌͕ଟ͍৔߹ͷରԠํ๏ w ·ͣϲ݄ఔ౓଴ͭ w ύλʔϯΛֶश͢ΔͨΊΑ͘ߦΘΕΔૢ࡞ͳΒݕ஌͞Εͳ͘ͳΔ w *1ΞυϨεͷϗϫΠτϦετొ࿥ w
Φεεϝ͠ͳ͍ w શ͘ݕ஌݁Ռ͕࢒Βͳ͍ͨΊ w ࣗಈΞʔΧΠϒ w (VBSE%VUZͷ࢓૊ΈΛ࢖͏ w ΋͘͠͸#BDLMPH౳νέοτγεςϜଆͱ࿈ܞͯ͠ΞʔΧΠϒ ͢Δ࢓૊ΈΛ࡞Δ

࣍ͷൃݟత౷੍$POpH3VMFT w มߋ؅ཧΛߦ͏"84$POpHͷػೳͷҰͭ w มߋ͞Εͨ಺༰͕ఆΊͨϧʔϧ͔Βҳ୤ͨ͠ΒΞϥʔ τΛग़͢ w ྫ4FDVSJUZ(SPVQΛ44)ϑϧΦʔϓϯ
Λઃఆ͢Δ w Ξϥʔτ͸4/4

$POpH3VMFTͷϧʔϧઃఆ w ϧʔϧ͸छྨ w "84͕༻ҙ͍ͯ͠ΔϚωʔδυϧʔϧ w ϢʔβͰ-BNCEBΛ࡞੒ͯ͠࡞ΔΧελϜϧʔϧ w
ϚωʔδυϧʔϧΛோΊͯඞཁͳ΋ͷΛಋೖ͢Δͱ͜ Ζ͔Β࢝ΊΔͷ͕Φεεϝ

͋ΘͤͯಡΈ͍ͨ ਪ঑ϧʔϧ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTSFDPNNFOEDPOpHSVMFTGPSBMMVTFS ࣗಈम෮ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTBVUPSFDPWFSZSFTUSJDUFETTIXJUIPVUMBNCEB

4FDVSJUZ)VC w (VBSE%VUZ*OTQFDUPS.BDJF΍αʔυύʔ ςΟπʔϧͷΞϥʔτΛ·ͱΊͯ؅ཧ͢Δ࢓૊Έ w ίϯϓϥΠΞϯενΣοΫػೳ΋͋Δ w IUUQTEFWDMBTTNFUIPEKQDMPVEBXTSFJOWFOUTFDVSJUZIVC

4FDVSJUZ)VCͷ࢖͍ํ w ΠϯαΠτͱ͍ͯ͠ΖΜͳ؍఺Ͱͷάϥϑ͕ݟΕΔ w Ξϥʔτ͕ଟ͍"84ΞΧ΢ϯτ΍Ϧιʔε౳ w ݟ͔͍ͭͬͯΔ಺༰ʹରͯ͠ΧελϜΞΫγϣϯΛ࣮ߦՄೳ w
νέοτىථͨ͠Γ&$Λִ཭ͨ͠Γ -BNCEBܦ༝

4FDVSJUZ)VCͷ༻్ w ΞΧ΢ϯτΛ·͕ͨͬͯ৘ใΛूΊΒΕΔͱ͜Ζ͸͍͍ w ίϯϓϥΠΞϯενΣοΫͱͯ͠࢖ͬͯ΋͍͍ w ͨͩݱঢ়ͷػೳͰ͸ݟ௨͕ͦ͠Μͳʹྑ͘ͳΒͳ͍ w
IUUQTEFWDMBTTNFUIPEKQDMPVEBXTTFDVSJUZIVCVTFDBTF

4VNP-PHJDʹΑΔϩά෼ੳ w গ͠Ξϓϩʔν͕มΘΔ͕Կ͕ى͖͍ͯΔ͔ΛݟΔ৔߹ʹ͸ ϩά෼ੳ4BB4ͷ4VNP-PHJDͷ׆༻͕Φεεϝ w $MPVE5SBJMϩάͳͲ͔Βෆ৹ͳಈ͖ΛΘ͔Γ΍͘͢ՄࢹԽ

(VBSE%VUZ΋ݟΕΔ Ͳ͜Ͱى͖͍ͯΔ͔ͷάϩʔόϧϚοϓ ط஌ͷڴҖIP݅਺

(VBSE%VUZ΋ݟΕΔ ಛʹةͳ͍ڴҖͷ݅਺ ॏཁ౓ຖͷ ݅਺ͷਪҠ

͋ΘͤͯಡΈ͍ͨ (VBSE%VUZͷݕ஌ঢ়گΛάϩʔόϧͱൺֱͰ͖Δ 4VNP-PHJDͷ৽μογϡϘʔυ࢖ͬͯΈͨ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTTVNPMPHJDHVBSEEVUZHJT

4VNP-PHJDͷεεϝ w "84ͷϩάΛ؆୯ʹڧྗʹՄࢹԽ σϑΥϧτͷμογϡ Ϙʔυ w ηΩϡϦςΟҎ֎ʹ΋ӡ༻Ͱ׆༻Ͱ͖Δ
w $MPVE'SPOU w "-# w -BNCEB w 3%4౳ʑ w ϛυϧ΢ΣΞͷϩάͳͲ΋μογϡϘʔυ͋Γ

"NB[PO$MPVE'SPOU w 8FCΦϖϨʔγϣϯ

"NB[PO$MPVE'SPOU w ๚໰ऀ౷ܭ

"QQMJDBUJPO-PBE#BMBODFS "-# w μογϡϘʔυ

"QQMJDBUJPO-PBE#BMBODFS "-# w ϨΠςϯγ෼ੳ

"QQMJDBUJPO-PBE#BMBODFS "-# ϦΫΤετ෼ੳ

"QQMJDBUJPO-PBE#BMBODFS "-# w εςʔλείʔυ෼ੳ

"84-BNCEB w Τϥʔ෼ੳ

"84-BNCEB w ύϑΥʔϚϯε෼ੳ

ΑΓਐΜͩൃݟత౷੍ ϦΫϧʔτςΫϊϩδʔζ༷ͷྫ͸ҰͭͷࢀߟʹͳΔ େن໛ΞΧ΢ϯτͷεέʔϧͳͷͰ΍Γ΍͍͢ͱ͜ΖΛ நग़ͯ͠࢖͍·͠ΐ͏ IUUQTTQFBLFSEFDLDPNSUFDILPVIPVEBHVJNPBXTHPOHUPOHKJQBOTIBOHGBMTFGBKJBOEFUPOH[IJIFGBMTFUJBP[IBO

தڃ GRC (Ψόφϯε / ϦεΫ / ίϯϓϥΠΞϯε)

(3$ͱ͸ w ΨόφϯεɾϦεΫϚωδϝϯτɾίϯϓϥΠΞϯε ͸ڞଘ͍ͯ͠Δ w Ψόφϯε͸Ϗδωεཁ݅ʹԠͨ͡ઓུ౳Λཱ֬ w ϦεΫϚωδϝϯτͰΨόφϯεͱධՁ͞ΕͨϦεΫ
Λඥ෇͚ͯ༏ઌॱҐ෇͚ w ίϯϓϥΠΞϯε͸ཁ݅ʹԠͨ͡౷੍ͷ९कͱ؂ࢹ

(3$ͷϑΟʔυόοΫϧʔϓ IUUQTBXTBNB[PODPNKQCMPHTTFDVSJUZTDBMJOHBHPWFSOBODFSJTLBOEDPNQMJBODFQSPHSBNGPSUIFDMPVE

೉ͦ͠͏͚ͩͲ؆୯ʹݴ͏ͱ Ϗδωεʹݟ߹͏ ϦεΫ؅ཧΛͯ͠ ద౓ʹ؂ࠪΛ͢Δ ͷΛঢ়گʹ߹Θͤͯͻͨ͢Βճ͢ Θ͔Γ΍͍͢ʁ

(3$ϧʔϓΛճͨ͢Ίʹ΍Δ͜ͱൈਮ w '*4$΍1$*ͳͲ४ڌ͢ΔίϯϓϥΠΞϯεཁ݅Λ֬ೝ w /*45$4'ͳͲͷద༻Ͱ͖ΔϑϨʔϜϫʔΫΛཧղ w $$P&࡞Δ w
γεςϜͱϏδωεΛϦϯΫͯ͠ϦεΫ؅ཧ w ؂ࢹɾΞϥʔτͷࣗಈԽ w ίϯϓϥΠΞϯεঢ়گͷՄࢹԽ

ࢀߟʹ͢ΔυΩϡϝϯτ͍Ζ͍Ζ࠶ܝ ίϯϓϥΠΞϯεཁ݅΍ϑϨʔϜϫʔΫ౳ w /*45αʔόʔηΩϡϦςΟϑϨʔϜϫʔΫ $4' w IUUQTBXTBNB[PODPNKQCMPHTOFXTVQEBUFEXIJUFQBQFSOPXBWBJMBCMFBMJHOJOHUPUIFOJTUDZCFSTFDVSJUZ
GSBNFXPSLJOUIFBXTDMPVE w "84ηΩϡϦςΟϕετϓϥΫςΟε w IUUQTEBXTTUBUJDDPNXIJUFQBQFST[email protected]+14FDVSJUZ"[email protected]@#[email protected]QEG w 8FMM"SDIJUFDUFEϑϨʔϜϫʔΫ w IUUQTBXTBNB[PODPNKQCMPHTOFXTBXTXFMMBSDIJUFDUFEXIJUFQBQFS w 1$*'*4$)*11"౳֤छίϯϓϥΠΞϯεͷυΩϡϝϯτ w IUUQTBXTBNB[PODPNKQDPNQMJBODFQSPHSBNT

$$P&࡞Δ w $MPVE$FOUFSPG&YDFMMFODFʢ$$P&ʣ w ଟ༷ͳઐ໳஌ࣝΛ࣋ͬͨνʔϜ w ૣ͍ஈ֊͔ΒΫϥ΢υʹऔΓ૊Έɺ੒ख़ͯ͠શମͷΫϥ΢υ ׆༻ͷࢧԉʹճΔ໾ׂ
w ෦ॺԣஅͰόʔνϟϧͳ૊৫ʹ͢Δ৔߹΋ w ਐΊํͷྫ w IUUQTBXTBNB[PODPNKQCMPHTFOUFSQSJTFTUSBUFHZVTJOHBDMPVEDFOUFSPGFYDFMMFODFDDPF UPUSBOTGPSNUIFFOUJSFFOUFSQSJTF

ίϯϓϥΠΞϯεɾΨόφϯεܥαʔϏε w ࠷௿ݶͷηΩϡϦςΟνΣοΫ͕Մೳͳ JOTJHIUXBUDI͸ແྉͷͨΊ͢΂ͯͷΞΧ΢ϯτͰ༗ ޮ׆༻ͯ͠΄͍͠ w "845SVTUFE"EWJTPS΋ඞͣνΣοΫ w
ΞϓϦن໛͕େ͖͍ɾεςʔΫϗϧμʔ͕ଟ͍ɾίϯ ϓϥΠΞϯε༻͕݅ߴ͍৔߹ʹ͸௥Ճͷ׆༻Λݕ౼ w %PNF͸1$*%44ͳͲͷίϯϓϥΠΞϯενΣοΫ ͕Ͱ͖Δଞɺ4FDVSJUZ(SPVQ͔ΒωοτϫʔΫΛՄ ࢹԽͨ͠Γ*".ͷ؅ཧΛߦ͑ΔͷͰେن໛ΞΧ΢ϯ τɾϚϧνΞΧ΢ϯτͷ؅ཧίετΛେ͖͘࡟ݮͰ͖ Δ ίϯϓϥΠΞϯεɾ Ψόφϯε Conﬁg Trusted Advisor Well-Arch SSM

ॳΊ΍͍͢ίϯϓϥΠΞϯε$*4#FODINBSL w $*4͸-JOVY΍"QBDIF౳༷ʑͳηΩϡϦςΟج४ Λ࡞੒͍ͯ͠Δஂମ w $*4"84'PVOEBUJPOT#FODINBSLͱͯ͠ "84ͷηΩϡϦςΟνΣοΫͷ۩ମతͳ߲໨Λఆٛ ͍ͯ͠Δ
w ฐࣾఏڙͷηΩϡϦςΟνΣοΫπʔϧ ʮJOTJHIUXBUDIʯͰແྉͰ਍அՄೳ

JOTJHIUXBUDI ʮখ͞ͳൃݟΛେ͖ͳ҆৺ʹʯΛίϯηϓτʹ"84؀ ڥΛ਍அ͠ϨϙʔτΛग़ྗ͢Δπʔϧ https://insightwatch.io/

JOTJHIUXBUDIΛͲ͏࢖͏ͱ͍͍͔ ৘γεʹ"84ͷηΩϡϦςΟΛߴΊΔํ๏Λฉ͍ͯΈͨʙ ΠϯαΠτ΢ΥονΠϯλϏϡʔγϦʔζୈ஄ʙ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTJOTJHIUXBUDI[email protected]

%PNFͰΑΓͨ͘͞ΜͷίϯϓϥΠΞϯεʹରԠ w %PNF͸ίϯϓϥΠΞϯεରԠ΍ΨόφϯεΛར͔ͤΔͨΊͷ4BB4 w ରԠίϯϓϥΠΞϯε w )*1"" w
1$*%44 w (%13 w /*45 w 'FE3".1 w *40 w $*4'PVOEBUJPOT#FODINBSL

͋ΘͤͯಡΈ͍ͨ %FWFMPQFST*0JO04","Ͱʮ%PNFͰ͸͡Ί Δ"84ηΩϡϦςΟϦεΫ؅ཧʯΛ࿩͠·ͨ͠DNEFWJP %PNFͷΑ͘෼͔Δղઆ ίϯϓϥΠΞϯεҎ֎ͷ*".4FDVSJUZ(SPVQ؅ཧػೳ΋ڧྗʂ IUUQTEFWDMBTTNFUIPEKQFUDEFWFMPQFSTJPJOPTBLBEPNFTFDVSJUZSJTLDPOUSPM

ΑΓେ͖ͳ؀ڥͰΨόφϯεΛར͔ͤΔ۩ମࡦ w Ωʔϫʔυ΍αʔϏε w ϚϧνΞΧ΢ϯτઓུ w "840SHBOJ[BUJPOT w
-BOEJOH;POF w $POUSPM5PXFS

࠶ܝ͋ΘͤͯಡΈ͍ͨ "84ΞΧ΢ϯτͱ71$ɺ෼͚Δʁ෼͚ͳ͍ʁ෼ׂύ λʔϯͷϝϦοτɾσϝϦοτ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTBDDPVOUBOEWQDEJWJEJOHQBUUFSO ΞΧ΢ϯτ෼ׂ ઓུ ͷ఼ಊೖΓهࣄ

ϚϧνΞΧ΢ϯτઓུ w ѻ͏"84؀ڥ͕ଟ͘ͳΔ৔߹ʹ͸ɺ؀ڥຖʹ"84ΞΧ΢ϯ τࣗମΛ෼͚Δ΄͏͕͍͍ w *".΍ωοτϫʔΫΛ׬શʹ੾Γ཭͢͜ͱ͕Ͱ͖Δ w ੹೚෼ք఺΍ηΩϡϦςΟͷڥք͕໌֬ʹͳΔ
w γεςϜຖ෼͚Δ͔ɺγεςϜ εςʔδ ։ൃݕূຊ ൪౳ Ͱ෼͚Δ w Φεεϝ͸γεςϜ εςʔδ w ։ൃ؀ڥͷηΩϡϦςΟ͕ΏΔͯ͘΍ΒΕΔύλʔϯ͕Α͘ ͋ΔͷͰɺ͔ͦ͜ΒӨڹ͕ຊ൪؀ڥ·Ͱ೾ٴ͠ͳ͍Α͏ʹ

ϚϧνΞΧ΢ϯτઓུ w ϚϧνΞΧ΢ϯτͰͷϢʔβ؅ཧ w ϚϧνΞΧ΢ϯτ࣌ͷ*".͸Օॴʹ·ͱΊͯ 4XJUDI3PMFΛར༻֤ͯ͠ΞΧ΢ϯτʹΞΫηε ͢Δ w
͋Δ͍͸0OF-PHJOͳͲͷ*E1ʹدͤΔ

"840SHBOJ[BUJPOT w ϚϧνΞΧ΢ϯτͷ؅ཧΛߦ͏αʔϏε w 06 ૊৫୯Ґ Λ֊૚తʹ࡞੒ͯ͠"84ΞΧ΢ϯτΛॴଐ͞ ͤΔࣄ͕Ͱ͖Δ
w αʔϏείϯτϩʔϧϙϦγʔ 4$1 Λར༻ͯ͠ར༻Մೳͳ ݖݶΛ੍ޚͰ͖Δ w ୅ཧళܦ༝ͷ"84ར༻ͷ৔߹੍໿͕͋Δ͜ͱ΋͋ΔͷͰ஫ҙ

-BOEJOH;POF w 0SHBOJ[BUJPOTΛϕʔεʹ༷ʑͳαʔ ϏεΛ૊Έ߹ΘͤͯϚϧνΞΧ΢ϯτͰΨ όφϯε΍ηΩϡϦςΟΛ֬อ͢Δߟ͑ํ w "84-BOEJOH;POFιϦϡʔγϣϯͱ ͯ͠$MPVE'PSNBUJPOςϯϓϨʔτͷ
ఏڙ΋͋Γ w 0SHBOJ[BUJPOTΛར༻͍ͯ͠Δͱ੍໿ ͕͋Δ৔߹͕͋Δ͕ɺ0SHBOJ[BUJPOT ແ͠Ͱ΋ಉ͡Α͏ͳϚϧνΞΧ΢ϯτ࿈ܞ ͸ՄೳͳͷͰࢀߟʹͳΔ

$POUSPM5PXFS w -BOEJOH;POFΛϚωʔδυͰఏڙ͢ΔαʔϏε w "84-BOEJOH;POFιϦϡʔγϣϯͱ͸গ͠ΞʔΩ ςΫνϟ͕ҧ͏ w μογϡϘʔυͰ֤ΞΧ΢ϯτͷίϯϓϥΠΞϯεঢ়گ
͕೺ѲͰ͖Δ w 0SHBOJ[BUJPOTΛར༻͢ΔͷͰಉ͡Α͏ͳ੍໿͋Γ w ͔ͭ৽ن0SHBOJ[BUJPOTΛ࡞੒͢Δඞཁ͕͋Δ w ݱঢ়౦ژϦʔδϣϯͰ͸ఏڙ͞Ε͍ͯͳ͍

$POUSPM5PXFSͷΞʔΩςΫνϟ

$POUSPM5PXFSͷΞʔΩςΫνϟ w ϚελʔΞΧ΢ϯτͰ$POUSPM5PXFS࡞੒ w 0SHBOJ[BUJPOT͕࡞੒͞Ε֤Ϣʔβ͸"84440Ͱ؅ཧ͞ ΕΔ w ؅ཧ༻ͷίΞΞΧ΢ϯτͭ࡞੒
w ϩάΞʔΧΠϒ5SBJM΍$POpHϩάू໿ w ؂ࠪ(VBSE%VUZ΍$POpH3VMFT౳֤छηΩϡϦςΟ Ξϥʔτू໿ ֤ΞΧ΢ϯτ΁ͷ"ENJOݖݶ w 4FSWJDF$BUBMPH͔ΒܾΊΒΕͨύλʔϯͷ"84ΞΧ΢ϯ τΛ෷͍ग़͢ 71$΍ίϯϓϥΠΞϯεઃఆೖΓ

͋ΘͤͯಡΈ͍ͨ "84$POUSPM5PXFSͷϥϘΛ΍Γͳ͕ΒֶΜͰΈͨ #ηοτΞοϓฤ νϡʔτϦΞϧΛ΍Γͳ͕ΒֶͿγϦʔζ IUUQTEFWDMBTTNFUIPEKQDMPVEBXTBXTDPOUSPMUPXFSMBCTC

$POUSPM5PXFS΁ͷظ଴ w ·ͩ·੍ͩ໿͕ଟ͍ w ୅ཧళܦ༝Ͱͷఏڙ͕ͮ͠Β͍ w ৽ن0SHBOJ[BUJPOTΛ࡞੒͠ͳ͍ͱ͍͚ͳ͍ w
౦ژʹདྷͯͳ͍ w ͜ͷล͕ղܾ͞ΕͨΒ͍͍ײ͡ʹϚϧνΞΧ΢ϯτͷ؅ཧ͕ ָʹͳΔ͔΋ w ͔͠͠ͳ͕Βɺݱঢ়Ͱ΋ಉ͡Α͏ͳ͜ͱ͸0SHBOJ[BUJPOT Λར༻͠ͳͯ͘΋Ͱ͖ΔͷͰࢀߟʹ͍ͯ͘͠

"84؀ڥͷ؂ࠪ w "84͸ΦϯϓϨϛεͱൺ΂ͯ৽͍͠ཁૉ͕୔ࢁ w ࣾ಺ͷ؂ࠪΛߦ͏෦ॺ େاۀʹ͔͠ແ͍͔΋͚ͩͲ ͸ݹ͍νΣοΫγʔτͷ··ɺݹ͍ߟ͑ํ ϙϦγʔ
ͷ··Ͱ͸ਖ਼ৗʹ؂ࠪͰ͖ͳ͍ w "84Λར༻͍ͯ͠Δ෦ॺͰઆ໌͢Ε͹0,͸؂ࠪ ͍ͯ͠ͳ͍ͷͱಉ͡ w ؂ࠪ෦໳΋Ϋϥ΢υδϟʔχʔΛ୧͍ͬͯ͘ඞཁ͕͋ Δ

"84؀ڥͳΒ؂ࠪ΋ਐԽͰ͖Δ w ؾ͕ॏ͍͔΋͠Εͳ͍͕ɺ࣮͸͍͢͝ϝϦοτ͕͋Δ w "84؀ڥ͸"1*Λۦ࢖ͯ͠؂͕ࠪͰ͖Δ w ίϯϓϥΠΞϯεཁ݅Λ৑௕ͰղऍʹΑͬͯϒϨ͕େ ͖͍จষͰఆٛ͢ΔͷͰ͸ͳ͘ɺίʔυͰఆٛͰ͖Δ
w ΑΓ໌֬ͳίϯϓϥΠΞϯεཁ݅ͱͳΔ w $PNQMJBODFBT$PEF $B$ ͱݺͿ

͋ΘͤͯಡΈ͍ͨ :PVSpSTUDPNQMJBODFBTDPEF(3$3 "84SF*OGPSDF SF*OGPSDFͰߦΘΕͨ$B$ηογϣϯ IUUQTXXXTMJEFTIBSFOFU"NB[PO8FC4FSWJDFTZPVSpSTUDPNQMJBODFBTDPEFHSDSBXTSFJOGPSDF

͋Θͤͯݟ͍ͨ "84SF*OGPSDF$MPVE$POUSPM'JUOFTT (3$ ͜Ε͔Β"84؀ڥͷ(3$Λ΍͍ͬͯ͘ΤϯτϦʔ޲͚ ηογϣϯ IUUQTXXXZPVUVCFDPNXBUDI WQ,EBEE

͋ΘͤͯಡΈ͍ͨ w SF*OGPSDFͷ஫໨ηογϣϯಈըҰཡ w δϟϯϧ w 4FDVSJUZ%FFQ%JWFMFBEFSTIJQTFTTJPO w
'PVOEBUJPOBM4FDVSJUZMFBEFSTIJQTFTTJPO w (PWFSOBODF 3JTL$PNQMJBODF MFBEFSTIJQTFTTJPO w "TQJSBUJPOBM4FDVSJUZMFBEFSTIJQTFTTJPO w IUUQTBXTBNB[PODPNKQCMPHTTFDVSJUZSFJOGPSDFXSBQVQBOETFTTJPOMJOLT

தڃ·ͱΊ w ൃݟత౷੍ΠϯγσϯτϨεϙϯεͷମ੍Λ࡞ͬͯͳ ʹ͔ى͖ͯ΋େৎ෉ͳΑ͏ʹ͢Δ w ೔ࠒ͔Β܇࿅͢Δ w (3$ͷ؍఺͸͘͢͝େࣄ
w ηΩϡϦςΟ͸ҰਓͰ΍Δ΋ͷͰ͸ͳ͍ͷͰΈΜͳר ͖ࠐΉ w ؂ࠪ΋ࣗಈԽͰ͖Δʂ w ߈ΊͷηΩϡϦςΟΛ࣮ફ͍ͯ͘͠

શମ·ͱΊ

࿩ͨ͠಺༰ w શൠ w ήʔτ͔ΒΨʔυϨʔϧ΁ w ͢΂ͯͷਓ͕#VJMEFST w
ࢀߟʹͳΔυΩϡϝϯτΛ࢖ͬͯࣗ෼ͨͪʹԠ༻ w ॳڃ w "84͸͖ͪΜͱ֮͑ͭͭ04ΞϓϦ͸ैདྷͲ͓Γ Ћ w ӡ༻ઃܭʂ w தڃ w ൃݟత౷੍*3ͷମ੍࡞Δ w (3$Λҙࣝ͢Δ

ߦಈʹҠͤΔΑ͏ʹ w ໢ཏతʹ৭Μͳཁૉʹ৮Ε·͕ͨ͠ؾʹͳΔ΋ͷ͸͋ Γ·͔ͨ͠ʁ w ٕज़తͳ࿩͔Β૊৫࿦·Ͱ࣋ͪग़ͯ͠Έ·ͨ͠ w ҰͭͰ΋ଟ࣋ͬͯ͘ؼ࣮ͬͯફ͍ͯͩ͘͠͞
w ࢿྉ͸ެ։͞Ε͍ͯΔͷͰ׆༻͍ͯͩ͘͠͞ w ࣗ෼ͷྖҬ͚ͩ͡Όͳͯ͘पΓΛר͖ࠐΜͰ߈Ί͍ͯ ͖·͠ΐ͏

఻͍͑ͨϝοηʔδ ߈ΊͷηΩϡϦςΟΛ ࣮ફ͍ͯ͜͠͏

ิ଍

֤छ৘ใऩू w #MBDL#FMU w IUUQTBXTBNB[PODPNKQBXTKQJOUSPEVDUJPO w "844FDVSJUZ#MPH w
IUUQTBXTBNB[PODPNKQCMPHTTFDVSJUZ w "84%FWFMPQFS'PSVNT4FDVSJUZ$BUFHPSZ 344 w IUUQTEFWDMBTTNFUIPEKQDMPVEBXTBXTSTTGFFET w "-"4 "NB[PO-JOVY4FDVSJUZ$FOUFS w IUUQTBMBTBXTBNB[PODPN

֤छ৘ใऩू w SF*OWFOUSF*OGPSDF w "84࠷େͷΠϕϯτ࠷େͷηΩϡϦςΟΠϕϯτ w ݱ஍ࢀՃ͸ಛʹܹࢗతʂ w
+"846( ೔ຊͷ"84Ϣʔβʔάϧʔϓ w IUUQTKBXTVHKQ w 4FDVSJUZ+"84 ηΩϡϦςΟಛԽͷࢧ෦ w IUUQTTKBXTEPPSLFFQFSKQ w +"84%":4 ೥ʹҰ౓ͷ+"84࠷େΠϕϯτ w IUUQTKBXTEBZTKBXTVHKQ

AWSでのセキュリティ対策全部盛り[初級から中級まで]

AWSでのセキュリティ対策全部盛り[初級から中級まで]

More Decks by cm-usuda-keisuke

Other Decks in Technology

Featured

Transcript