SREがセキュアなWebシステムを構築、維持するためにやれることはなにか / What can SRE do to build and maintain a secure Web system?

46839cf590a549efe13547c17a6b2fde?s=47 Isao Shimizu
January 25, 2020

SREがセキュアなWebシステムを構築、維持するためにやれることはなにか / What can SRE do to build and maintain a secure Web system?

SRE NEXT 2020
2020.1.25

"セキュリティ専門のエンジニアが組織にいない場合、古くなったソフトウェアのメンテナンス、鍵の管理、ファイアウォールの管理を誰が行うのか。それが曖昧な状況が長く続くとサービスが脆弱となり、やがて問題を引き起こすことでしょう。
サービスとシステムの信頼性に対してSREが責任を持つ組織においては、SREが中心となってセキュリティの問題を把握し、安全で堅牢な状態を維持する必要があります。Webアプリケーションやクラウドを使ったシステムをセキュアに保つためにできることは多くあります。
新しくサービスを開発する時、サービスの規模が大きくなってきた時など、セキュリティを意識すべきフェーズで何をすべきなのか、戸惑うことは少なくありません。セキュアなWebシステムを構築、維持するために、最低限知っておきたい知識、応用的な事例について、今までの経験をもとにお話したいと思います。"

46839cf590a549efe13547c17a6b2fde?s=128

Isao Shimizu

January 25, 2020
Tweet

Transcript

  1. 43&͕ηΩϡΞͳ8FCγεςϜΛߏஙɺ ҡ࣋͢ΔͨΊʹ΍ΕΔ͜ͱ͸ͳʹ͔ *TBP4IJNJ[V NJYJ *OD 43&/&95*/50,:0 

  2. ਗ਼ਫ܄ʢ͠Έ͍͓ͣ͞ʣ!JTBPTIJNJ[V ॴଐ w גࣜձࣾϛΫγΟ7BOUBHFελδΦΈͯͶࣄۀ෦։ൃάϧʔϓ43&νʔϜ ܦྺ w 4*FSͰडୗ։ൃɺϓϩμΫτ։ൃΛܦݧޙɺ೥ʹגࣜձࣾϛΫγΟ΁ೖࣾ w 4/4ӡ༻ɺϞϯελʔετϥΠΫͷ43&ΛܦͯɺݱࡏʮՈ଒ΞϧόϜΈͯͶʯͷ43& w

    ೥݄4PGUXBSF%FTJHO೥݄߸دߘ 43&ͬͯɼͳʹΛ΍Ε͹͍͍ͷʁઌۦऀʹ㘤͘ɼ୭͕ͨΊͷ৴པੑ w ೥݄"844VNNJU5PLZP ίϯςφҠߦͬͯ͜ΜͳʹେมʁʙʮՈ଒ΞϧόϜΈͯͶʯΛࢧ͑ΔΠϯϑϥͷཪଆʙ w ͦͷଞʮ43&5FDI5BMLTʯʮICTUVEZʯʮ*OUFSOFU8FFLʯ౳ 2 ࣗݾ঺հ
  3. ΞδΣϯμ  ʮՈ଒ΞϧόϜΈͯͶʯʹ͍ͭͯ  ͸͡Ίʹ  43&ʹ͍ͭͯ  43&ͱηΩϡϦςΟ 

    ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ  Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ηΩϡϦςΟରࡦʢ"84ฤʣ  ·ͱΊ 3
  4. 1Ո଒ΞϧόϜΈͯͶ 4

  5. ࢠͲ΋ͷࣸਅɾಈըΛɺແྉɾແ੍ݶʹڞ༗Ͱ͖ΔΞϓϦ ೥αʔϏεϦϦʔε ݱࡏɺࠃ಺֎ͷར༻ऀ਺ສਓҎ্ ଟݴޠରԠʢ೔ຊޠɺӳޠɺؖࠃޠɺൟମࣈʣ "QQ4UPSFϨϏϡʔ˒ (PPHMF1MBZετΞϨϏϡʔ˒ 5 ʮՈ଒ΞϧόϜΈͯͶʯʹ͍ͭͯ

  6. 6 ւ֎Ͱͷड৆ྺ 5)&8&##:"8"3%4 ࠃࡍσδλϧܳज़ՊֶΞΧσϛʔ *"%"4 ʹΑͬͯຖ೥ओ࠵͞Εɺ༏ΕͨΠϯλʔωοτʹଃΒΕΔ৆ /"5*0/"-1BSFOUJOH1SPEVDU /"11" "8"3%4 Ո଒ʹϑΥʔΧεͨ͠৆ʢ͓΋ͪΌ΍Ո଒޲͚ͷ঎඼ʹಛԽʣ

    ʮՈ଒ΞϧόϜΈͯͶʯʹ͍ͭͯ
  7. ʮΈͯͶϓϨϛΞϜʯΛ೥݄ϦϦʔε ֹ݄՝ۚܕͷ༗ྉϓϥϯ ֹ݄ԁ w ϒϥ΢β͔Βࣸਅ΍ಈըͷΞοϓϩʔυ͕Մೳʹ w ඵಈըͷຖ݄೥ؒ൛഑৴ w શ঎඼͕ૹྉແྉʢՈ଒શһʣ w

    ެ։ൣғΛࡉ͔͘ઃఆՄೳ w ಈըΞοϓϩʔυͷ੍࣌ؒݶΛԆ௕෼͔Β෼΁ ΈͯͶΛ͓࢖͍ͷํɺͥͻ͓ࢼ͍ͩ͘͠͞ʂ 7 ʮՈ଒ΞϧόϜΈͯͶʯʹ͍ͭͯ
  8. 8 ʮՈ଒ΞϧόϜΈͯͶʯʹ͍ͭͯ AWS Cloud AWS OpsWorks Availability Zone VPC Availability

    Zone Availability Zone AWS Cloud Availability Zone VPC Availability Zone Availability Zone Amazon Elastic Kubernetes Service Amazon Elastic Container Registry Auto Scaling group EC2 Instances EC2 Instances EC2 Instances Kubernetes Nodes Kubernetes Nodes Kubernetes Nodes Classic Load Balancer Application Load Balancer Before After ΈͯͶͷΠϯϑϥ͸,VCFSOFUFTʢ"NB[PO&,4ʣ΁ͷҠߦத
  9. ͸͡Ίʹ 9 2

  10. ͜ͷൃදʹ͍ͭͯ w 43&͕ηΩϡϦςΟʹͲ͏औΓ૊Ήͱྑ͍͔ʹϑΥʔΧε͓ͯ͠࿩͠·͢ɻ w ηΩϡϦςΟ͕ͳͥॏཁͳͷ͔ʹ͍ͭͯ͸͋·Γ࿩͠·ͤΜɻ w ΈͯͶͰͷऔΓ૊Έͷࣄྫʹ͍ͭͯҰ෦঺հ͠·͢ɻ w ΈͯͶͷΠϯϑϥ΍ΞϓϦέʔγϣϯ։ൃͷৄࡉʹ͍ͭͯ͸औΓ্͛·ͤΜɻ w

    "84Λ࢖͍ͬͯΔؔ܎Ͱɺ"84ʹಛԽͨ͠಺༰͕͋Γ·͕ྃ͢͝ঝ͍ͩ͘͞ɻ w ϋογϡλάTSFOFYUTSFOFYU" 10 ͸͡Ίʹ
  11. ຊ೔͓࣋ͪؼΓ͍͖͍ͨͩͨ͜ͱ w 43&ʹ͍ͭͯͷجຊతͳ͜ͱ w 43&ͱηΩϡϦςΟʹؔ͢Δ֤छϓϥΫςΟε w ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ͔Βͷֶͼ 11 ͸͡Ίʹ

  12. 43&ʹ͍ͭͯ 12 3

  13. %FW0QTͱͷҧ͍ 13 43&ʹ͍ͭͯ

  14. class SRE implements DevOps 14 43&ʹ͍ͭͯ 43&WT%FW0QTDPNQFUJOHTUBOEBSETPSDMPTFGSJFOET  IUUQTDMPVEHPPHMFDPNCMPHQSPEVDUTHDQTSFWTEFWPQTDPNQFUJOHTUBOEBSETPSDMPTFGSJFOET w

    l%FW0QTΛϓϩάϥϛϯάݴޠʹ͓͚ΔΠϯλʔϑΣʔεͱଊ͑ΔͱɺΫϥε 43&͸%FW0QTͷ࣮૷Ͱ͋Δɻz w l43&ʹ͸ɺ%FW0QTͷΠϯλʔϑΣʔεͷ෦෼ʹݶΒͳ͍௥ՃͷϓϥΫςΟεͱ ਪ঑ࣄؚ߲͕·ΕΔɻ
  15. DevOps and SRE are not two competing methods for software

    development and operations, but rather close friends designed to break down organizational barriers to deliver better software faster. l%FW0QTͱ43&͸ɺιϑτ΢ΣΞ։ൃͱӡ༻͕ڝ߹͢ΔΑ͏ͳख๏Ͱ͸ͳ͘ɺ ΑΓྑ͍ιϑτ΢ΣΞΛΑΓ଎͘ఏڙ͢ΔͨΊʹ૊৫ͷোนΛଧഁ͢ΔΑ͏ʹ ઃܭ͞Εͨ਌ີͳ΋ͷͰ͋Δɻz 15 43&WT%FW0QTDPNQFUJOHTUBOEBSETPSDMPTFGSJFOET  IUUQTDMPVEHPPHMFDPNCMPHQSPEVDUTHDQTSFWTEFWPQTDPNQFUJOHTUBOEBSETPSDMPTFGSJFOET 43&ʹ͍ͭͯ
  16. 16 %FpOJOHUIF3PMFPGB43& IUUQTEFWPQTDPNEFpOJOHUIFSPMFPGBTJUFSFMJBCJMJUZFOHJOFFSTSF 43&ʹ͍ͭͯ

  17. Site reliability engineering (SRE) is a relatively new discipline, having

    only been in existence for about 15 years. It originated at Google and has gained popularity recently with more companies advertising SRE positions or trying to implement SRE practices. In the technology field, 15 years may seem like an eternity, but the SRE role is very much still in its infancy. There are still challenges defining the role and understanding exactly what it is. Just look through one of the 1,000-plus job listings on LinkedIn for an SRE in the United States—you will see many different job expectations and requirements. l43&͸ൺֱత৽͍͠෼໺Ͱɺ໿೥͔͠ଘࡏ͍ͯ͠·ͤΜɻ(PPHMFͰ࢝·Γɺ࠷ۙͰ͸ 43&ͷ৬छΛએ఻ͨ͠Γɺ43&ͷϓϥΫςΟεΛ࣮૷͠Α͏ͱ͢Δاۀ͕૿͍͑ͯ·͢ɻ ςΫϊϩδʔ෼໺Ͱ͸ɺ೥͸௕͍࣌ؒͷΑ͏ʹࢥ͑Δ͔΋͠Ε·ͤΜ͕ɺ43&ͷ໾ׂ ͸·ͩॳظஈ֊ʹ͋Γ·͢ɻ໾ׂΛఆٛ͠ɺͦΕ͕ԿͰ͋Δ͔Λਖ਼֬ʹཧղ͢Δͱ͍͏՝ ୊͕·ͩ͋Γ·͢ɻ-JOLFE*Oͷ Λ௒͑ΔٻਓϦετͷͭͰ๺ถͷ43&Λௐ΂Δͩ ͚Ͱɺ͞·͟·ͳٻਓͱཁ͕݅දࣔ͞Ε·͢ɻz 17 43&ʹ͍ͭͯ %FpOJOHUIF3PMFPGB43& IUUQTEFWPQTDPNEFpOJOHUIFSPMFPGBTJUFSFMJBCJMJUZFOHJOFFSTSF
  18. An SRE must possess a blend of technical as well

    as soft skills and, perhaps most of all, must be adept at communicating effectively and inspiring a teamwide approach to excellence. l43&͸ٕज़తεΩϧͱιϑτεΩϧͷ྆ํΛඋ͍͑ͯΔඞཁ͕͋Γɺ͓ͦ Β͘ԿΑΓ΋ɺޮՌతͳίϛϡχέʔγϣϯʹख़ୡ͍ͯ͠Δ͜ͱ΍ɺνʔϜ શମͷ୎ӽੑ΁ͷΞϓϩʔνΛଅ͢͜ͱ͕Ͱ͖ͳ͚Ε͹ͳΓ·ͤΜɻz 18 43&ʹ͍ͭͯ %FpOJOHUIF3PMFPGB43& IUUQTEFWPQTDPNEFpOJOHUIFSPMFPGBTJUFSFMJBCJMJUZFOHJOFFSTSF
  19. 19 43&ʹ͍ͭͯ /(*/9$POG4JUF3FMJBCJMJUZ&OHJOFFSJOH1BOFM-JOLFE*O %FMM BOE(SFNMJO IUUQTXXXZPVUVCFDPNXBUDI W00%);%H. Ashi Sareen Director

    of Engineering, Site Reliability LinkedIn “A lot is people are just renaming their ops teams to call SRE. I don’t think that’s the right approach. SRE discipline requires investment it has a very clear set of practices set of team dynamics that makes a successful SRE team.” lଟ͘ͷਓ͸ɺӡ༻νʔϜͷ໊લΛมߋͯ͠43&ͱݺΜͰ͍Δ͚ͩͰ͢ɻࢲ͸ͦΕ͕ ਖ਼͍͠Ξϓϩʔνͩͱ͸ࢥ͍·ͤΜɻ43&ͷ౷੍ʹ͸ɺ43&νʔϜΛ੒ޭͤ͞Δ໌ ֬ͳνʔϜμΠφϛΫεͷϓϥΫςΟεηοτ͕ඞཁͰ͢ɻz
  20. 443&ͱηΩϡϦςΟ 20

  21. 21 43&ͱηΩϡϦςΟ 43&DPO ೥ʹʙճ։࠵͞ΕΔάϩʔόϧͳ43&ΧϯϑΝϨϯε "NFSJDBT8FTU "TJB1BDJpD &VSPQF.JEEMF&BTU"GSJDB "NFSJDBT&BTU "NFSJDBT "TJB1BDJpD

    &VSPQF.JEEMF&BTU"GSJDB
  22. 22 43&ͱηΩϡϦςΟ 43&DPOʹ͓͚ΔηΩϡϦςΟؔ࿈ηογϣϯʢൈਮʣ

  23. 23 43&ͱηΩϡϦςΟ 43&DPO"NFSJDB.BSDIr -JOLFE*O 4FDVSJUZBOE43&/BUVSBM'PSDF.VMUJQMJFST IUUQTXXXVTFOJYPSHDPOGFSFODFTSFDPOBNFSJDBTQSFTFOUBUJPOTDPUU 'BDFCPPL 4FDVSJUZBTB4FSWJDF IUUQTXXXVTFOJYPSHDPOGFSFODFTSFDPOBNFSJDBTQSFTFOUBUJPOXPKUZOJBL “Remove

    single points of security failure like you do for availability” “Understand your threats. Defense in depth. Make it simple And stable.”
  24. 24 43&ͱηΩϡϦςΟ 43&DPO"NFSJDB.BSDIr 1JWPUBM &YUFOEJOHUIF&SSPS#VEHFU.PEFMUP4FDVSJUZBOE 'FBUVSF'SFTIOFTT IUUQTXXXVTFOJYPSHDPOGFSFODFTSFDPOBNFSJDBTQSFTFOUBUJPOUIPNTPO “Vulnerability budget: How

    long can we afford to be vulnerable to CVEs in our dependencies? Legacy budget: New enough that it gets support; and not so old that no- one wants to use it.”
  25. 25 43&ͱηΩϡϦςΟ 43&DPO"TJB+VOF 1BZ1BM &OTVSJOH4JUF3FMJBCJMJUZUISPVHI4FDVSJUZ$POUSPMT IUUQTXXXVTFOJYPSHDPOGFSFODFTSFDPOBTJBQSFTFOUBUJPOKBOBLJSBNBO “1/5th of internet traffic

    is bad! Layer 7 Application Defense is the most effective mechanism to detect & mitigate bad traffic”
  26. 26 43&ͱηΩϡϦςΟ 43&DPO&VSPQF.JEEMF&BTU"GSJDBr0DUPCFS .*5 "4ZTUFNT"QQSPBDIUP4BGFUZBOE $ZCFSTFDVSJUZ IUUQTXXXVTFOJYPSHDPOGFSFODFTSFDPOFNFBQSFTFOUBUJPOMFWFTPO “Looks at system

    as whole, not just components. Takes s larger view of causes than just failures.”
  27. 27 43&ͱηΩϡϦςΟ 43&DPO"NFSJDBT8FTU 4"/5"$-"3" $" 64".BSDIr  43&DPO"TJB1BDJpD 4:%/&: "6453"-*"+VOFr

     43&DPO&VSPQF.JEEMF&BTU"GSJDB ".45&3%". /&5)&3-"/%4 43&DPO"NFSJDBT&BTU #0450/ ." 64"
  28. 28 43&ͱηΩϡϦςΟ #VJMEJOH4FDVSF3FMJBCMF4ZTUFNT 43&BOE4FDVSJUZ#FTU1SBDUJDFTz

  29. 29 43&ͱηΩϡϦςΟ 5XFFUIUUQTUXJUUFSDPNHPPHMFTSFTUBUVT ެࣜIUUQTMBOEJOHHPPHMFDPNTSFSFTPVSDFTGPVOEBUJPOTBOEQSJODJQMFTTSTCPPL "NB[PODPNIUUQTXXXBNB[PODPN#VJMEJOH4FDVSF3FMJBCMF4ZTUFNT1SBDUJDFTEQ

  30. 30 43&ͱηΩϡϦςΟ #VJMEJOH4FDVSF3FMJBCMF4ZTUFNT 43&BOE4FDVSJUZ#FTU1SBDUJDFz&BSMZ3FMFBTF w ηΩϡϦςΟʔͱ৴པੑΛςʔϚʹͨ͠ॻ੶ɻ w (PPHMFͷΤϯδχΞ໊ʹΑΔࣥචɻ w &BSMZ3FMFBTFͷνϟϓλʔ͸ҎԼͷͭͷΈʢͦͷଞͷষ͸ݱࡏෆ໌ʣ

    w 5IF*OUFSTFDUJPOPG4FDVSJUZBOE3FMJBCJMJUZ w 6OEFSTUBOEJOH"EWFSTBSJFT w 5FTUJOH$PEF
  31. 31 43&ͱηΩϡϦςΟ $IBQUFS 5IF*OUFSTFDUJPOPG4FDVSJUZBOE3FMJBCJMJUZ ͷཁ఺·ͱΊ

  32. 32 43&ͱηΩϡϦςΟ w ৴པੑͱηΩϡϦςΟ͸ɺιϑτ΢ΣΞͱγεςϜͷϥΠϑαΠΫϧʹෆ ՄܽͰ͋Δɻ w ৴པੑͱηΩϡϦςΟΛཱ྆ͨ͠γεςϜΛߏங͢Δͷ͸؆୯Ͱ͸ͳ͍ɻ w ͲͪΒ΋͋ͱͰ࣮૷͠Α͏ͱ͢Δͷ͸೉͍͠ɻ w

    ॳظ͔ΒߟྀͰ͖͍ͯΔ͜ͱ͕๬·͍͠ɻ w ໰୊͕ى͖ͳ͍ͱίετΛ͔͚ͳ͍ྖҬɻ w ໰୊͕ى͖͔ͯΒͩͱਂࠁʹͳΓ͕ͪɻ w γϯϓϧͳઃܭɺ࠷খԽ͞Εͨݖݶ؅ཧ͕ॏཁͰ͋Δɻ
  33. 33 43&ͱηΩϡϦςΟ w Α͘Ͱ͖ͨϩΪϯά͸ڴҖͷݕग़ͱো֐΁ͷඋ͑ͱͳΔɻ w ༗ࣄͷࡍͷࢦشܥ౷ɺνΣοΫϦετɺϓϨΠϒοΫɺϓϩτίϧ͸ॏཁɻ w ੬ऑੑύον͸ૉૣ͍ద༻͕ॏཁɻ w ύονͷ಺༰ʹ࣍ୈͰ͸໰୊ʢόάɺੑೳྼԽͳͲʣΛى͜͢Մೳੑ΋͋Δɻ

    w ϦεΫΛߟྀͯ͠ɺద༻λΠϛϯάʹ͍ͭͯϏδωεαΠυͱ΋ௐ੔͢Δɻ ଞʹ΋༷ʑͳϓϥΫςΟε͕ࡌ͍ͬͯΔͷͰڵຯͷ͋Δํ͸͓ಡΈ͍ͩ͘͞ɻ w ୈষॳΊͷʮ0OQBTTXPSETBOEQPXFSESJMMTʯɻ w &BSMZ3FMFBTF൛ͳͷͰग़൛࣌ʹ͸಺༰ʹมߋ͕͋ΔՄೳੑ͕͋Γ·͢ɻ
  34. 5 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ 34

  35. 43&νʔϜ͸૊৫಺ͷ༷ʑͳνʔϜͱ࿈ܞͯ͠ ༷ʑͳ՝୊ʹऔΓ૊Ή 35 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ

  36. νʔϜؒʹ͓͚Δίϛϡχέʔγϣϯ͸ͱͯ΋େࣄ 36 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ

  37. 43&νʔϜʹ͓͚Δίϛϡχέʔγϣϯͷݪଇ 37 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ

  38. ʢࢲ͕ߟ͑Δʣ43&νʔϜʹ͓͚Δίϛϡχέʔγϣϯͷݪଇ w ։ൃνʔϜͳͲɺଞνʔϜͱͷؒʹนΛ࡞Βͳ͍ w ԡ͠෇͚߹Θͳ͍ w ྫྷ੩ʹ͔ͬ͠Γͱٞ࿦͢Δ w ͓ޓ͍ͷঢ়گͷཧղ͠߹͏ w

    Ϗδωε΍ࣄۀʹͱͬͯ༏ઌ͢΂͖͔Ͳ͏͔࿩͠߹͏ 38 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ
  39. ηΩϡϦςΟͷ޲্ʹߩݙͰ͖Δࢪࡦࣄྫ 39 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ

  40. ηΩϡϦςΟͷ޲্ʹߩݙͰ͖Δࢪࡦࣄྫ w ։ൃνʔϜ΁ͷώΞϦϯά w *OGSBTUSVDUVSFBT$PEF w ϩάऩूͱݕࡧ w Ξοϓσʔτ w

    ϞχλϦϯάɺఆظϨϙʔτ w ϙετϞʔςϜ 40 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ
  41. 43&νʔϜ͕։ൃνʔϜʹରͯ͠ ਵ࣌ώΞϦϯάΛ࣮ࢪ ʢྫ৽ػೳ΍৽αʔϏεΛ։ൃ͢Δ࣌ͳͲʣ 41 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ

  42. ώΞϦϯά಺༰ͷྫʢʣ w ͲΜͳϥΠϒϥϦΛ࢖༻͍ͯ͠Δ͔ w ϢʔβʔͷτʔΫϯͷऔΓѻ͍ w ༗ޮظݶ w อଘ৔ॴ͸Ͳ͔͜ w

    Ұൠతͳ944ɺ$43'ͷରࡦ͸Ͱ͖͍ͯΔ͔ w "1*ͷύϥϝʔλΛ௚઀มߋͯ͠ɺଞਓͷσʔλΛݟΔ͜ͱ ͸Ͱ͖ͳ͍͔ 42 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ
  43. ώΞϦϯά಺༰ͷྫʢʣ w ΞϓϦέʔγϣϯ಺෦ʹൿಗ৘ใΛ͍࣋ͬͯͳ͍͔Ͳ͏͔ w Ϣʔβʔ؅ཧͷύεϫʔυ w ฏจͰอଘ͍ͯ͠ͳ͍͔ w ฏจͰૹ৴ʢϝʔϧͳͲʣ͍ͯ͠ͳ͍͔ w

    ύεϫʔυͷڧ౓ʢจࣈ਺ɺจࣈछͳͲʣ͸ద੾͔ w ϦϚΠϯμͷख๏͸ͲΜͳ΋ͷ͔ 43 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ
  44. ώΞϦϯά಺༰ͷྫʢʣ w ΫϥΠΞϯτɾαʔόʔؒͷ௨৴ʹ5-4WҎ߱ͷϓϩτ ίϧΛ࢖͍ͬͯΔ͔ w ΫϥΠΞϯτʹอ࣋͞ΕΔσʔλ w ϥΠϑλΠϜ͸Ͳͷ͘Β͍͔ w σʔλͷอଘ৔ॴ͸Ͳ͔͜

    44 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ
  45. ώΞϦϯά಺༰ͷྫʢʣ w ΞΫηεϩά͸ϢʔβʔΛಛఆͰ͖ΔܗͰ࢒͍ͯ͠Δ͔ w ϩά্ͷݸਓ৘ใʢࢯ໊ɺϝʔϧΞυϨεɺॅॴͳͲʣ͸ϚεΫ ॲཧ͍ͯ͠Δ͔ w ύεϫʔυ૯౰Γ߈ܸΛݕ஌ग़དྷΔ͔ w ΞϓϦଆʹ੬ऑੑ͕ݟ͔ͭͬͨͱ͖౳ɺΞοϓσʔτΛڧ੍Ͱ͖

    ΔΑ͏ʹͳ͍ͬͯΔ͔ w Ͳ͜ͷܾࡁαʔϏεΛ࢖͍ͬͯΔ͔ w ͲΜͳ࣮૷ʹͳ͍ͬͯΔ͔ 45 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ
  46. *OGSBTUSVDUVSFBT$PEF 46 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ

  47. *OGSBTUSVDUVSFBT$PEF *B$  w ΠϯϑϥͷߏஙΛख࡞ۀͰ΍Βͳ͍ w ଐਓతɺมߋ؅ཧɺઃఆ΍υΩϡϝϯτͷൈ͚࿙ΕͳͲͷ໰୊͕ى͖΍͍͢ w *B$ͷπʔϧΛ࢖͏ʢ5FSSBGPSNɺ$MPVE'PSNBUJPOͳͲʣ w

    1VMM3FRVFTUΛ࡞ΓɺίʔυϨϏϡʔΛड͚Δ w ྫ*".΍ηΩϡϦςΟάϧʔϓ͕࠷খݶͱͳ͍ͬͯΔ͔ w $*πʔϧͱ࿈ܞͯ͠ESZSVOΛ࣮ߦ͢Δ w 1VMM3FRVFTUͷϚʔδʹΑͬͯΠϯϑϥʹద༻͢Δ 47 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ
  48. ϩάऩूͱݕࡧ 48 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ

  49. ϩάऩूͱݕࡧ w ҟৗͳΞΫηεɺτϥϑΟοΫͷݕग़ w ΞΫηεݩͷڴҖݕग़ w ϩάʹ͸ೝূ৘ใ΍ݸਓ৘ใͳͲͷػີ৘ใ͸ࡌͤͳ͍ w ϩάͷྔ͸ίετʹӨڹ͠΍͍͢ʢҰ࣌อଘઌɺ௕ظอଘઌʣ w

    ෆཁͳϩά͕ͳ͍͔Ͳ͏͔ఆظతʹνΣοΫ͢Δ w Ϋϥ΢υଆͷϩάʢྫ4ɺ$MPVE'SPOUɺ&-#ͳͲʣ΋Ͱ͖Δ͚ͩ༗ޮԽ w ϩάΛऩूɺݕࡧͰ͖Δ4BB4ར༻΋ݕ౼͢Δ 49 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ
  50. Ξοϓσʔτ 50 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ

  51. Ξοϓσʔτର৅ͷྫ w ΞϓϦέʔγϣϯʹґଘ͢ΔϥΠϒϥϦ w 04ɺ.Z42-ɺ3FEJTɺ/HJOYɺ'MVFOUEͳͲͷϛυϧ΢ΣΞɺ֤छύοέʔδ w ϞχλϦϯάͳͲৗ࣌ىಈ͍ͯ͠ΔΤʔδΣϯτιϑτ΢ΣΞ w ,VCFSOFUFTΫϥελɺ)FMNνϟʔτ w

    5FSSBGPSNɺϞδϡʔϧ ੬ऑੑ͸ఆظతʹൃݟ͞Εमਖ਼͞ΕΔɻ͍ͣΕ΋ࣗಈԽ͠ͳ͍ͱ์ஔ͞Ε͕ͪɻ ࣗಈԽ͕ࠔ೉ͳ৔߹ɺఆظతͳΞοϓσʔτͷ࢓૊Έ࡞Γ͕େࣄɻ 51 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ
  52. ϞχλϦϯάɺఆظϨϙʔτ 52 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ

  53. ϞχλϦϯάɺఆظϨϙʔτͷྫ w ωοτϫʔΫτϥϑΟοΫ΍σʔλϕʔεͷෛՙͳͲɺҙਤ͠ͳ͍ෛՙ͕ ൃੜ͍ͯ͠ͳ͍͔ఆظతʹ֬ೝɻ w ೝূͷࣦഊճ਺ɺ͖͍͠஋Λ௒͑ͨճ਺ΛఆظϨϙʔτ͢Δɻ ϩάʹ͸อଘ͍ͯ͠Δ͕ɺखಈͰຖճूܭ͢Δͷ͸๨Ε͕ͪʹͳΔɻ ࣗಈͰఆظతʹूܭͯ͠άϥϑԽ͢ΔͳͲ޻෉͢Δͷ͕͓͢͢Ίɻ 53 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ

  54. ϙετϞʔςϜ 54 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ

  55. ϙετϞʔςϜ w ো֐΍໰୊͕ൃੜͨ͠ࡍʹࣄ৅΍ରԠΛه࿥͢Δɻ w ηΩϡϦςΟʹݶఆͨ͠΋ͷͰ͸ͳ͍ɻ w αʔϏε΁ͷӨڹͷ༗ແʹؔΘΒͣɺੵۃతʹ࡞੒͢Δɻ w ϙετϞʔςϜͷ࡞੒ऀΛশࢍ͢ΔจԽΛ࡞Δɻ w

    ઈରʹ੹ΊͨΓɺ൷൑͠ͳ͍ɻ 43&Ҏ֎ʢͰ͖Δ্͚ͩͷ໾৬ͷਓ͕Α͍ʣ΋ר͖ࠐΜͰɺఆظతʹ ϙετϞʔςϜΛৼΓฦΓɺվળΛଓ͚Δ͜ͱ͕ཧ૝ɻ 55 ηΩϡϦςΟ΁ͷऔΓ૊Έࣄྫ
  56. 6 Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ ηΩϡϦςΟରࡦʢ"84ฤʣ 56

  57. 57 ʢྫʣ"84ͷηΩϡϦςΟجຊίϯηϓτ l"84͸೥͔ΒΫϥ΢υίϯϐϡʔςΟϯάͷઌۦऀͱͯ͠ηΩϡ ΞͳγεςϜΛߏங͠ɺ͓٬༷ͷΠϊϕʔγϣϯʹਝ଎ʹରԠՄೳͳΫϥ ΢υΠϯϑϥετϥΫνϟΛ૑଄͖ͯ͠·ͨ͠ɻΫϥ΢υηΩϡϦςΟ͸ "84ͷ࠷༏ઌࣄ߲Ͱ͢ɻ"84Ͱ͸ηΩϡϦςΟ΍ίϯϓϥΠΞϯε্ͷ ౷੍Λ࣮૷ɺΦʔτϝʔγϣϯɾγεςϜΛߏங͠ɺୈࡾऀ؂ࠪʹΑΔη ΩϡϦςΟ΍ίϯϓϥΠΞϯεʹ͍ͭͯͷݕূ͕࣮ࢪ͞Ε͍ͯ·͢ɻz IUUQTBXTBNB[PODPNKQBXTUFOSFBTPOT Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ηΩϡϦςΟରࡦʢ"84ฤʣ

  58. 58 "848FMM"SDIJUFDUFE'SBNFXPSL https://aws.amazon.com/jp/architecture/well-architected/ lΫϥ΢υΞʔΩςΫτ͕ΞϓϦέʔγϣϯ޲͚ʹ࣮૷Մೳͳɺ ҆શͰߴ͍ύϑΥʔϚϯεɺো֐଱ੑΛඋ͑ɺޮ཰తͳΠϯϑϥ ετϥΫνϟΛߏங͢ΔͷΛαϙʔτ͢Δ໨తͰ։ൃz Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ηΩϡϦςΟରࡦʢ"84ฤʣ

  59. 59 "848FMM"SDIJUFDUFE'SBNFXPSL ͭͷப w ӡ༻্ͷ༏लੑ w ηΩϡϦςΟ w ৴པੑ w

    ύϑΥʔϚϯεޮ཰ w ίετ࠷దԽ Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ηΩϡϦςΟରࡦʢ"84ฤʣ
  60. 60 "848FMM"SDIJUFDUFE'SBNFXPSLʮηΩϡϦςΟʯ  ΞΠσϯςΟςΟ؅ཧͱΞΫηε؅ཧ  ൃݟత౷੍  ΠϯϑϥετϥΫνϟอޢ  σʔλอޢ

     ΠϯγσϯτରԠ Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ηΩϡϦςΟରࡦʢ"84ฤʣ
  61. 61 ΞΠσϯςΟςΟ؅ཧͱΞΫηε؅ཧ w 4&$ೝূ৘ใͱೝূΛͲͷΑ͏ʹ؅ཧ͍ͯ͠·͔͢  w 4&$ਓҝతͳΞΫηεΛͲͷΑ͏ʹ੍ޚ͍ͯ͠·͔͢  w 4&$ϓϩάϥϜʹΑΔΞΫηεΛͲͷΑ͏ʹ੍ޚ͍ͯ͠·͔͢

     ൃݟత౷੍ w 4&$ηΩϡϦςΟΠϕϯτΛͲͷΑ͏ʹݕग़͠ɺௐ͍ࠪͯ͠·͔͢ʁ w 4&$৽͍͠ηΩϡϦςΟڴҖʹରͯ͠ͲͷΑ͏ʹ๷ޚ͍ͯ͠·͔͢  w Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ηΩϡϦςΟରࡦʢ"84ฤʣ
  62. 62 ΠϯϑϥετϥΫνϟอޢ w 4&$ωοτϫʔΫΛͲͷΑ͏ʹอޢ͍ͯ͠·͔͢  w 4&$ίϯϐϡʔςΟϯάϦιʔεΛͲͷΑ͏ʹอޢ͍ͯ͠·͔͢  σʔλอޢ w

    4&$σʔλΛͲͷΑ͏ʹ෼ྨ͍ͯ͠·͔͢  w 4&$อ؅தͷσʔλΛͲͷΑ͏ʹอޢ͍ͯ͠·͔͢  w 4&$఻ૹதͷσʔλΛͲͷΑ͏ʹอޢ͍ͯ͠·͔͢  ΠϯγσϯτରԠ w 4&$ηΩϡϦςΟΠϯγσϯτʹͲͷΑ͏ʹରԠ͍ͯ͠·͔͢ Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ηΩϡϦςΟରࡦʢ"84ฤʣ
  63. 63 ֤߲໨ͷରԠঢ়گΛఆظతʹνΣοΫ͠ ඞཁ͕͋Ε͹ࠓޙͷରԠͷ༏ઌ౓Λݕ౼͢Δ Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ηΩϡϦςΟରࡦʢ"84ฤʣ

  64. "84Λѻ͏ࡍʹؾΛ͚ͭΔ΂͖جຊతͳϙΠϯτ 64 Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ηΩϡϦςΟରࡦʢ"84ฤʣ

  65. "84Λѻ͏ࡍʹؾΛ͚ͭΔ΂͖جຊతͳϙΠϯτ ಺༰ʹ͍ͭͯ w هࡌͷ಺༰͸ͲΕ΋جຊతͳ΋ͷͰ͢ɻ w "84͕ެࣜʹਪ঑͍ͯ͠Δ΋ͷͰ͸͋Γ·ͤΜɻ w ࠓ·Ͱͷӡ༻ܦݧ΍"84ͷυΩϡϝϯτͳͲΛࢀߟʹ͍ͯ͠·͢ɻ w ࠓޙͷ"84ͷΞοϓσʔτʹΑͬͯɺ಺༰͕มΘΔՄೳੑ͕͋Γ·͢ɻ

    w .645͔4)06-%͔Ͳ͏͔͸ࣗ਎ʹͯ͝൑அ͍ͩ͘͞ɻ 65 Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ηΩϡϦςΟରࡦʢ"84ฤʣ
  66. ηΩϡϦςΟαʔϏε w "84$MPVE5SBJMɺ"NB[PO(VBSE%VUZɺ"84$POpHͷ༗ޮԽ͢Δɻ w "845SVTUFE"EWJTPSͰఆظతʹηΩϡϦςΟνΣοΫ͢Δɻ w "84$FSUJpDBUF.BOBHFSͰൃߦͨ͠5-4ূ໌ॻΛ࢖͏ɻ w "848FMM"SDIJUFDUFEϨϏϡʔΛड͚Δɻ w

    "NB[PO&$3ͷ੬ऑੑεΩϟϯΛ࢖͏ɻ 66 Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ηΩϡϦςΟରࡦʢ"84ฤʣ
  67. 71$ɺηΩϡϦςΟάϧʔϓ w σϑΥϧτ71$ɺσϑΥϧτηΩϡϦςΟάϧʔϓ͸࢖Θͳ͍ɻ w ηΩϡϦςΟάϧʔϓͷ໋໊نଇΛઃ͚Δɻ w ύϒϦοΫαϒωοτͱϓϥΠϕʔταϒωοτΛ෼͚Δɻ w 5$1൪ϙʔτΛ࢖ͬͨ44)ΞΫηεΛ΍Ίͯɺ4FTTJPO.BOBHFSΛ࢖ͬͨ 44)ΞΫηεʹ͢Δɻ

    67 Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ηΩϡϦςΟରࡦʢ"84ฤʣ
  68. *". w ιʔεϨϙδτϦ಺ʹΞΫηεΩʔɺγʔΫϨοτΩʔΛอ࣋͠ͳ͍ɻ w Ϛωʔδϝϯτίϯιʔϧ΁ϩάΠϯͰ͖Δ*".Ϣʔβʔ͸.'"Λઃఆ͢Δɻ w ୀ৬ऀҟಈऀͳͲར༻͠ͳ͘ͳͬͨ*".ϢʔβʔΞΫηεΩʔ͸࡟আ͢Δɻ w ϧʔτϢʔβʔʹ.'"Λઃఆ͢Δɻ w

    ΞΫηεΩʔɺγʔΫϨοτΩʔΛڞ༗͠ͳ͍ɻ w ֎෦αʔϏεʹΞΫηεΩʔɺγʔΫϨοτΩʔΛઃఆ͠ͳ͍ɻ w "84ΞΧ΢ϯτΛ؀ڥ͝ͱʹ෼͚Δɻ w εΠονϩʔϧ͢Δ৔߹͸.'"Λඞਢͱ͢Δɻ 68 Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ηΩϡϦςΟରࡦʢ"84ฤʣ
  69. ͦͷଞʢʣ w ग़ॴෆ໌ͷύϒϦοΫ".*Λ࢖Θͳ͍ɻ w Ͱ͖Δ͚ͩ৽͍͠όʔδϣϯͷ".*Λ࢖͏ɻ w 4όέοτΛ௚઀Πϯλʔωοτʹެ։͠ͳ͍ɻ w $MPVE'SPOUΩʔϖΞϑΝΠϧΛιʔείʔυϨϙδτϦʹؚΊͳ͍ɻ w

    $MPVE'SPOUͷ5-4ηΩϡϦςΟϙϦγʔ͸5-4WҎ߱Λ࢖͏ɻ 69 Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ηΩϡϦςΟରࡦʢ"84ฤʣ
  70. ͦͷଞʢʣ w 3%4͸Πϯλʔωοτ͔ΒΞΫηεͤ͞ͳ͍ɻ w 3%4ͷύονΛఆظతʹద༻͢Δɻ w &$4ίϯςφΤʔδΣϯτΛఆظతʹΞοϓσʔτ͢Δɻ w &,4ΫϥελΛఆظతʹΞοϓσʔτ͢Δɻ w

    "84ΞΧ΢ϯτΛ؀ڥ͝ͱʹ෼͚Δɻ 70 Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ηΩϡϦςΟରࡦʢ"84ฤʣ
  71. "84ʹݶΒͣ΍ͬͨ΄͏͕Α͍͜ͱ΋·ͱΊ͓ͯ͘ͱʜ w ੹೚ڞ༗ϞσϧΛཧղ͢ΔʢΫϥ΢υ಺ͷηΩϡϦςΟ͸Ϣʔβʔͷ੹೚ʣɻ w Ϋϥ΢υʹ༻ҙ͞Ε͍ͯΔηΩϡϦςΟιϦϡʔγϣϯΛ׆༻͢Δɻ w ωοτϫʔΫΛ෼཭͢ΔʢΠϯλʔωοτ͔ΒͷΞΫηε͸࠷খݶʹʣɻ w ෆཁͳϙʔτ͸ۭ͚ͳ͍ɻ w

    ࠷খݶͷ*".ϙϦγʔΛઃఆ͢Δɻ w ΞοϓσʔτͰ͖Δ΋ͷ͸ఆظతʹΞοϓσʔτ͢Δɻ 71 Ϋϥ΢υΛѻ͏ࡍʹऔΓ૊Ή΂͖ηΩϡϦςΟରࡦʢ"84ฤʣ
  72. 7 ·ͱΊ 72

  73. w 43&͕ηΩϡϦςΟʹߩݙͰ͖Δ͜ͱ͸ͨ͘͞Μ͋Δɻ w ৴པੑʢ3FMJBCJMJUZʣͱηΩϡϦςΟ͸Ͱ͖Δཱ͚͍ͩ྆ͤͨ͞ɻ w ΠϯϑϥɺΞϓϦέʔγϣϯͲͪΒ΋ૣ͍ஈ֊͔ΒηΩϡϦςΟΛߟྀͰ ͖Δ͜ͱ͕ཧ૝తɻ w ηΩϡϦςΟʹؔ͢Δ՝୊΍໰୊΁ͷରॲ͸Ͱ͖Δ͚ͩૣ͍΄͏͕ྑ͍ɻ w

    ໰୊Λൃݟ͠΍͍͢؀ڥͮ͘Γ͕େࣄɻ w ख͕͔͔ؒΔ͜ͱ͸ޙճ͠ʹ͞Ε΍͍͢ͷͰɺͰ͖ΔݶΓࣗಈԽ͢Δɻ w Ϋϥ΢υͰ༻ҙ͞Ε͍ͯΔηΩϡϦςΟιϦϡʔγϣϯΛ׆༻͢Δɻ 73 ·ͱΊ
  74. None