Upgrade to Pro — share decks privately, control downloads, hide ads and more …

自由でセキュアな環境のつくりかた / Building free and secure clo...

Avatar for Hokuto Hoshi Hokuto Hoshi
November 08, 2018
Technology
1
5.2k

自由でセキュアな環境のつくりかた / Building free and secure cloud environment

Avatar for Hokuto Hoshi

Hokuto Hoshi

November 08, 2018
Tweet

More Decks by Hokuto Hoshi

See All by Hokuto Hoshi
AIとともに歩む情報セキュリティ / Information Security with AI
Avatar for Hokuto Hoshi kanny
5
4.2k
開発も運用もビジネス部門も! クラウドで実現する「つらくない」統制とセキュリティ / Effortless Governance and Security Enabled by the Cloud
Avatar for Hokuto Hoshi kanny
5
4.6k
転生CISOサバイバル・ガイド / CISO Career Transition Survival Guide
Avatar for Hokuto Hoshi kanny
4
2.6k
Connecting organisation with Technology
Avatar for Hokuto Hoshi kanny
0
340
Why Slack - 5 years of Cookpad with Slack
Avatar for Hokuto Hoshi kanny
0
170
Security by builders - セキュリティ監視をクラウドで「つくる」 / Security by builders
Avatar for Hokuto Hoshi kanny
7
2.8k
セキュリティ担当者から見た re:Invent と AWS Security Hub / Impression of re:Invent and AWS Security Hub
Avatar for Hokuto Hoshi kanny
2
4.3k
事例でわかる、AWS 運用を支える
サポート活用方法と
エンタープライズサポートという選択 / AWS Enterprise Support and Cookpad
Avatar for Hokuto Hoshi kanny
2
2.6k
AWS で加速する機械学習 / Accelerate Machine Learning with AWS
Avatar for Hokuto Hoshi kanny
1
1.1k

Other Decks in Technology

See All in Technology
頼れる Agentic AI を支える Datadog のオブザーバビリティ / Powering Reliable Agentic AI with Datadog Observability
Avatar for Kento Kimura aoto
PRO
0
240
事例から紐解くSHIFT流QA支援 ~大規模プロジェクトの品質管理支援、QA組織立ち上げ~ / 20260320 Nozomu Koketsu
Avatar for SHIFT EVOLVE shift_evolve
PRO
0
110
Copilot 宇宙へ 〜生成AIで「専門データの壁」を壊す方法〜
Avatar for なかしょ nakasho
0
130
[2] Power BI Deep Dive [2026-03]
Avatar for Ohata Masatoshi ohata_bi
0
110
A Casual Introduction to RISC-V
Avatar for Masanori Ogino omasanori
0
510
Cortex Code CLI と一緒に進めるAgentic Data Engineering
Avatar for あれ __allllllllez__
0
550
スケールアップ企業でQA組織が機能し続けるための組織設計と仕組み〜ボトムアップとトップダウンを両輪としたアプローチ〜

Avatar for tarappo tarappo
3
290
Phase04_ターミナル基礎
Avatar for overflow ,Inc overflowinc
0
640
20260321_エンベディングってなに?RAGってなに?エンベディングの説明とGemini Embedding 2 の紹介
Avatar for tsho tsho
0
130
エンジニアリングマネージャーの仕事
Avatar for YuheiNakasaka yuheinakasaka
0
120
詳解 強化学習 / In-depth Guide to Reinforcement Learning
Avatar for PRIN Lab prinlab
0
340
ガバメントクラウドにおけるAWSの長期継続割引について
Avatar for takeda_h takeda_h
2
5.4k

Featured

See All Featured
Google's AI Overviews - The New Search
Avatar for Barry Adams badams
0
940
Data-driven link building: lessons from a $708K investment (BrightonSEO talk)
Avatar for Szymon Słowik szymonslowik
1
980
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
275
41k
Designing for Timeless Needs
Avatar for Cassini Nazir cassininazir
0
170
Exploring the relationship between traditional SERPs and Gen AI search
Avatar for Ray Grieselhuber raygrieselhuber
PRO
2
3.7k
sira's awesome portfolio website redesign presentation
Avatar for ElsiraPls elsirapls
0
200
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
Avatar for Sophie Logan marketingsoph
0
110
How to train your dragon (web standard)
Avatar for Monica Dinculescu notwaldorf
97
6.6k
We Are The Robots
Avatar for Honza Javorek honzajavorek
0
200
Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline
Avatar for Tech SEO Connect techseoconnect
PRO
0
140
The Limits of Empathy - UXLibs8
Avatar for Cassini Nazir cassininazir
1
270
Building Applications with DynamoDB
Avatar for Matt Wood mza
96
7k

Transcript

  1. ࣗ༝ͰηΩϡΞͳ؀ڥͷ
 ͭ͘Γ͔ͨ Hokuto Hoshi Head of Infrastructure, Cookpad Inc. [email protected]

  2. ੕ ๺ే (΄͠ ΄͘ͱ) / @kani_b • ΫοΫύουגࣜձࣾ
 ΠϯϑϥετϥΫνϟʔ෦ ෦௕


    ݉ ίʔϙϨʔτΤϯδχΞϦϯά෦
 ݉ ؂ࠪҕһձ ؂ࠪิॿऀ • SRE, ηΩϡϦςΟΤϯδχΞ • AWS ೝఆ SA, DevOps ΤϯδχΞ (Professional)

  3. https://speakerdeck.com/kanny

  4. None

  5. Ϩγϐ਺ ໿ສ඼ ࠃ಺ͷ݄ؒར༻ऀ਺ ໿ ສਓ

  6. ରԠݴޠ ݴޠΧࠃ ւ֎ͷ݄ؒར༻ऀ਺ ໿ ສਓ

  7. ৽͍͠औΓ૊Έ • cookpadTV https://www.cookpad.tv/ • Cookpad DO! https://cookpad.do/ • OiCy

    https://oicy.cookpad.com/ • komerco https://komer.co/ • etc…

  8. ΫοΫύουͱΫϥ΢υ • 2011೥ʹ DC ͔Β׬શҠߦ͠ϑϧΫϥ΢υԽ • ଟ͘ͷαʔϏε͕ AWS ͰՔಇ •

    Ұ෦ͷαʔϏε͸ Google Firebase ্ͰՔಇ

  9. എܠ • ػೳɺࣄۀͳͲ৽͍͠औΓ૊ΈΛՃ଎͍ͨ͠

  10. ౰࣌ͷ૊৫ߏ଄ • ࣄۀ෦ + ػೳԣஅ෦ॺ (e.g. Πϯϑϥ෦) • Πϯϑϥͷ؅ཧ͸શͯΠϯϑϥ෦͕ߦ͏
 (=

    AWS ͷ؅ཧ͸શͯΠϯϑϥ෦) • AWS ʹؔ͢Δϊ΢ϋ΢͸શͯΠϯϑϥ෦ʹू໿ • ηΩϡϦςΟରࡦ΋΄΅Πϯϑϥ෦͕ओಋ ࣄۀ෦ Πϯϑϥ෦ ࣄۀ෦ ࣄۀ෦

  11. தԝ؅ཧͷݶք • ςετ༻Πϯελϯε΍ϦιʔεΛ࡞Δͷʹ
 Πϯϑϥ෦Ͱ࡞ۀΛߦ͏ඞཁ͕͋ͬͨ • ηΩϡϦςΟͷϨϏϡʔ΋ • ʮͦ΋ͦ΋ AWS ͷྑ͞Λࡴͯ͠ΔͷͰ͸ʁʁʁʁʁʁʯ

    • αʔϏεͷ҆ఆੑ΍ηΩϡϦςΟΛଛͳΘͣʹ࣮ݱ͍ͨ͠

  12. ؅ཧํ਑ͷస׵ • ݖݶͱ੹೚Λ֤։ൃऀʹҠৡ͢Δํ޲ʹγϑτ • ؅ཧ͢΂͖෦෼Λ͓͑ͯ͞Ҡৡ͍ͯ͘͠

  13. ։ൃऀ༻ΞΧ΢ϯτ • ։ൃऀͰ͋Ε͹୭Ͱ΋ࣗ༝ʹར༻Ͱ͖Δ AWS ΞΧ΢ϯτ • ຊ൪ͷ AWS ΞΧ΢ϯτͱ෼཭͞Ε͍ͯΔ •

    AWS IAM ͷۭؒΛ෼ׂ͢Δ͜ͱ͕Ͱ͖Δ • ϩάΠϯ͸ SAML ܦ༝

  14. ݖݶ؅ཧ • ඞཁͳαʔϏεͷ Admin ݖݶΛ޿͘෇༩ • “ಛఆαʔϏεͷΈڐՄ͠ ͳ͍” ϙϦγʔ \

    7FSTJPO  4UBUFNFOU< \ &⒎FDU"MMPX  /PU"DUJPO< DMPVEUSBJM   DPOpH   EJSFDUDPOOFDU   SPVUF   SPVUFEPNBJOT   BXTQPSUBM.PEJGZ"DDPVOU  BXTQPSUBM.PEJGZ#JMMJOH  BXTQPSUBM.PEJGZ1BZNFOU.FUIPET  JBN$SFBUF6TFS  FD$SFBUF7QD >  3FTPVSDF  ^ > ^

  15. ϩάͷه࿥ • CloudTrail, VPC Flow Logs • AWS શମͷ API

    ϩά΍ VPC ͷ௨৴ϩάΛه࿥Ͱ͖Δ • ຊ൪ΞΧ΢ϯτͷ S3 όέοτʹอ࣋ • ϩάͷมߋ΍࡟আ͸Ͱ͖ͳ͘ͳΔ

  16. ϩάͷ෼ੳ • Graylog ʹऔΓࠐΈ෼ੳͰ͖ΔΑ͏ʹ https://speakerdeck.com/mizutani/ohuisuawshuan-jing-wosekiyuritei-jian-shi-surutamefalserokushou-ji

  17. AWS Config • EC2 ΍֤छϦιʔεͷมߋཤྺΛه࿥Ͱ͖Δ

  18. ࢖͍ํ • Output ઌΛຊ൪ΞΧ΢ϯτ (CloudTrail ͱಉ͡) ʹηοτͯ͠༗ޮԽ • “͜Εมߋͨ͠ͷ୭ͩΖ͏ʁ” Λ୳͢ࡍʹར༻

    • ಛఆͷΠϯελϯε΍ηΩϡϦςΟάϧʔϓͳͲʹඥ͚ͮͯ୳ͤΔ ͷͰศར

  19. AWS Config Rules • ઃఆมߋΛτϦΨͱͯ͠ lambda function ͰઃఆΛνΣοΫͰ͖Δ • ηΩϡϦςΟάϧʔϓͷΠϯλʔωοτղ์ͳͲΛνΣοΫ

    • Fail ͨ͠৔߹ Slack ͳͲʹ௨஌ͤ͞Δ • શαʔϏεରԠͯ͠΄͍͠…
  20. None

  21. awslabs/aws-config-rules • ศརϨϙδτϦ • https://github.com/awslabs/aws-config-rules • Config Rules ʹ࢖͑Δ Lambda

    function ͕͍Ζ͍Ζ͋Δ • EBS ͸҉߸Խ͞Ε͍ͯΔ͔ʁ • IAM Ϣʔβͷ MFA ͸༗ޮԽʁ • etc…

  22. Amazon GuardDuty • CloudTrail ΍ VPC FlowLog Λ෼ੳͯ͠Ξϥʔτ • Ξϥʔτͷྫ

    • ීஈ࢖ΘΕͳ͍ IP ͔Βͷ API ίʔϧ • Πϯελϯεͷ௨৴ઌ͕͍ͭ΋ͱҧ͏ • Πϯελϯεͷ௨৴ઌ͕ C&C ͬΆ͍αʔό

  23. ΫοΫύουͰͷ࢖͍ํ • Ξϥʔτ͸ GitHub -> PagerDuty ܦ༝Ͱൃใ͠
 ηΩϡϦςΟνʔϜ͕؂ࢹ • ௐࠪ෼ੳʹ

    CloudTrail ΍ Config Λ࢖͏ • ϩά͸ Graylog ʹ஝ੵ • ͪΐͬͱաහͳͷ͕࠷ۙͷ೰Έ

  24. ωοτϫʔΫߏ੒ • ౿Έ୆ SSH αʔό͕͋Δ VPC (ຊ൪ΞΧ΢ϯτ) ͔Β
 VPC Peering

    ܦ༝Ͱ઀ଓͰ͖ΔΑ͏ʹ͢Δ • ౿Έ୆Λू໿ (TOTP ΍ FIDO U2F ʹ΋ରԠ͍ͯͯ͠ศར) • Name λάΛ࢖ͬͨਖ਼Ҿ͖ɺٯҾ͖Λఏڙ

  25.    https://speakerdeck.com/kanny/machine-learning-ops-at-cookpad

  26. ։ൃऀΞΧ΢ϯτͷಛ௃ • “໰୊Λະવʹ๷͙” ͜ͱΑΓ “໰୊Λ͋ͱ͔ΒͰ΋͍͍ͷͰݕग़ Ͱ͖Δ” ରࡦʹϑΥʔΧε • ΞΧ΢ϯτʹٻΊΒΕΔॊೈੑͳͲ͔Βߟ͑ͨ݁Ռ •

    AWS αʔϏεΛׂͱૉ๿ʹ࢖ͬͨߏ੒ • ͜͏͍͏ͱ͜Ζ·ͰͰ͖ΔΑ͏ʹͳͬͨɺͱ͍͑Δ

  27. ࣮ࡍͷӡ༻ • ։ൃऀΞΧ΢ϯτ͔ΒͷΞϥʔτ͸ଟ͘͸ͳ͍ঢ়گ • ར༻ͷ૯ྔ͸ଟ͍ • EC2 ΠϯελϯεΛىಈͯ͠ͷ࣮ݧ • AWS

    ৽αʔϏεͳͲͷݕূ

  28. ·ͱΊ • ηΩϡϦςΟͱࣗ༝͞Λཱ྆ͤͨ͞։ൃ؀ڥΛͭ͘Δ࿩ • ͍ΘΏΔ “ηΩϡϦςΟଆ” ͕Ͳ͏ߟ͑ΒΕΔ͔ʹΑͬͯ
 ࣮ݱͰ͖Δࣗ༝౓͕มΘͬͯ͘Δ • AWS

    αʔϏεΛϑϧʹ࢖ͬͯΈΔ͚ͩͰ΋ׂͱ৭ʑͰ͖Δ • ʮ͏ͪͰ͸͜͏͍͏ײ͡ʯͳͲ͕͋Ε͹ڭ͑ͯ΄͍͠Ͱ͢

  29. PR

  30. We’re Hiring!!! • Software Engineer (Security) • Software Engineer (Site

    Reliability) • ͦͷଞͷϙδγϣϯ΋͍Ζ͍Ζ͋Γ·͢ • https://cookpad.jobs/

  31. Q?