mackerel-plugin-aws-waf をつくった

Transcript

1. mackerel-plugin- aws-waf Λͭͬͨ͘ 2017.03.22 Mackerel Drink Up #4 Hidekazu Tanaka

2. ࣗݾ঺հ • ాதल࿨ • φϏϓϥεגࣜձࣾαʔϏε౷ׅ෦ • ԼهͷαʔϏεͷ։ൃɾӡ༻ɾอक୲౰ • NaviPlus Ϩίϝϯυ

   • NaviPlus ϨϏϡʔ • ޷͖ͳݴޠ͸ Ruby

3. ΞδΣϯμ • AWS WAF ʹ͍ͭͯ • mackerel-plugin-aws-waf ʹ͍ͭͯ • Mackerel

   ΁ͷཁ๬

4. AWS WAF ʹ͍ͭͯ

5. AWS WAF • AWS ͕ఏڙ͢Δ΢ΣϒΞϓϦέʔγϣϯϑΝΠΞ΢Υʔϧ • Cloudfront ·ͨ͸ ALB ͱ࿈ܞ͢Δ͜ͱͰར༻Մೳ

   • WebACL • ϧʔϧΛଋͶΔઃఆ • Cloudfront ·ͨ͸ ALB ʹઃఆ • ϧʔϧ • SQL ΠϯδΣΫγϣϯ΍ XSS ౳ͷڐՄ·ͨ͸ڋ൱ઃఆ

6. mackerel-plugin-aws- waf ʹ͍ͭͯ

7. mackerel-plugin-aws-waf • AWS WAF ͷϝτϦοΫεΛऩू͢ΔϓϥάΠϯ • WebACL ʹઃఆ͞ΕͨϧʔϧͷϝτϦοΫεΛऩू • AllowedRequests

   • BlockedRequests • CountedRequests • ݱࡏ͸ Cloudfront ͷΈʹରԠ
8. None

9. ࡞੒ཧ༝ • Mackerel Ͱ AWS WAF ͷϝτϦοΫεΛ֬ೝ͔ͨͬͨ͠ • AWS WAF

   ͚ͩϓϥάΠϯ͕ͳ͔ͬͨ • Mackerel ʹߩݙ͔ͨͬͨ͠ • ΤʔδΣϯτ΍ެࣜϓϥάΠϯू͕ OSS Ͱެ։͞Ε͍ͯ ΔͷͰߩݙ͠΍͍͢ • Go ݴޠͷษڧΛ͔ͨͬͨ͠

10. ۤ࿑ͨ͠఺ • ϓϥάΠϯ࡞੒༻ͷϔϧύʔϥΠϒϥϦ͕2ݸ͋Δ • go-mackerel-plugin • go-mackerel-plugin-helper • AWS WAF

    ͷ API ͸ Cloudfront ͱ ALB Ͱ෼͔Ε͍ͯΔ • AWS WAF : Cloudfront • AWS WAF Regional : ALB

11. ࠓޙ • ALB ͷରԠ • AWS WAF ͷ API Λ੾Γସ͑Δඞཁ͕͋Γ

    • Cloudfront : AWS WAF • ALB : AWS WAF Regional • ݱ࣌఺Ͱ͸ ALB ରԠͷ༏ઌ౓͸௿͍ • ެࣜϓϥάΠϯूͷͻͱͭͳͷͰ……

12. Mackerel ΁ͷཁ๬

13. ཁ๬ • AWS ΠϯςάϨʔγϣϯ • ରԠαʔϏεͷ௥Ճ • Amazon Cloudfront •

    Amazon Elasticsearch Service • Aurora ͷϝτϦοΫεͷ௥Ճ • εϧʔϓοτ΍ϨΠςϯγʔ

14. ཁ๬ • ֎ܗ؂ࢹʹ͓͚ΔϨεϙϯελΠϜΛৄࡉʹ֬ೝ͍ͨ͠ • ઀ଓ࣌ؒ • Ԡ౴࣌ؒ • ϝλσʔλ؅ཧը໘্Ͱ΋֬ೝ͍ͨ͠ •

    άϥϑΞϊςʔγϣϯΛϗετϖʔδͰ΋֬ೝ͍ͨ͠