Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
踏み台で環境にTeleportする.pdf
Search
Kengo Suzuki
December 05, 2018
Technology
1
400
踏み台で環境にTeleportする.pdf
#Teleport #Bastion
Kengo Suzuki
December 05, 2018
Tweet
Share
More Decks by Kengo Suzuki
See All by Kengo Suzuki
Pwned Labsのすゝめ
ken5scal
2
800
信頼性に挑む中で拡張できる・得られる1人のスキルセットとは?
ken5scal
3
1k
Eventual Detection Engineering
ken5scal
0
2.3k
脆弱性対応をこの先生きのこるには
ken5scal
0
1.3k
LayerXとMDMのリスク評価と年次対応の実例(公開版)
ken5scal
2
1.3k
AWSだ! Google Cloudだ! Azureだ! 認証連携だ!
ken5scal
9
2.3k
適応し続けるプロダクトとセキュリティ
ken5scal
5
2.2k
同志諸君よ、ゼロトラストを撃て_CloudNativeDays2022
ken5scal
2
3.3k
なぜLayerXのセキュリティでSoftware指向が重視されているか
ken5scal
0
350
Other Decks in Technology
See All in Technology
自律的なスケーリング手法FASTにおけるVPoEとしてのアカウンタビリティ / dev-productivity-con-2025
yoshikiiida
1
17k
Should Our Project Join the CNCF? (Japanese Recap)
whywaita
PRO
0
340
AIの全社活用を推進するための安全なレールを敷いた話
shoheimitani
2
530
Lakebaseを使ったAIエージェントを実装してみる
kameitomohiro
0
130
American airlines ®️ USA Contact Numbers: Complete 2025 Support Guide
airhelpsupport
0
390
マネジメントって難しい、けどおもしろい / Management is tough, but fun! #em_findy
ar_tama
7
1.1k
OSSのSNSツール「Misskey」をさわってみよう(右下ワイプで私のOSCの20年を振り返ります) / 20250705-osc2025-do
akkiesoft
0
170
What’s new in Android development tools
yanzm
0
320
LLM時代の検索
shibuiwilliam
2
180
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
27k
さくらのIaaS基盤のモニタリングとOpenTelemetry/OSC Hokkaido 2025
fujiwara3
3
450
MobileActOsaka_250704.pdf
akaitadaaki
0
130
Featured
See All Featured
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.5k
The Cult of Friendly URLs
andyhume
79
6.5k
Adopting Sorbet at Scale
ufuk
77
9.5k
Reflections from 52 weeks, 52 projects
jeffersonlam
351
20k
Producing Creativity
orderedlist
PRO
346
40k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
32
2.4k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
34
5.9k
Being A Developer After 40
akosma
90
590k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
Rebuilding a faster, lazier Slack
samanthasiow
82
9.1k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.4k
A designer walks into a library…
pauljervisheath
207
24k
Transcript
౿ΈͰڥʹTeleport͢Δ 2018/10/31 By @ken5scal
- Access Control - Environmental Separation - Separation of Duties
- Audit Bastion
- Teleport - Our Architecture - Deployment - TSURAMI Outline
Teleport
- OSS and CNCF - Browser Based Bastion - Session
Sharable - Byebye to SSH Teleport
OSS and CNCF
Browser Based (login)
Browser Based (Audit)
Session Sharable
- No local SSH private key required - Less Credential
in local - IdP Federated - SAML, OIDC SSO - So RBAC can be done - Makes user Identifiable Bye Bye to SSH
OpenSSH is still possible
- Teleport - Our Architecture - Deployment - TSURAMI Outline
Our Architecture
None
Emergency Bastion - Accessible from Internet - SSH Key Based
- Krypton - Save private key in Smart Phone - No local private key :)
Managed in Terraform Module - Terraform module - I'm not
a big fun of Ansible - But about to give up - TSURAMI
- Teleport - Our Architecture - Deployment - TSURAMI Outline
Deployment
- Terraform apply - and… Deployment
- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ
ݟग़͠ IUUQTXXXTFLBJSPDPNIUNM
Ts˒ura˒mi
- Multi-Deploy - Multi-Envs Manual Environment
- Multi-Deploy - Code Deploy - Multi-Envs Manual Environment
- Multi-Deploy - Multi-Envs - Trusted Clusters Manual Environment
- Min-privilege w/ 15-microservices - 5 different environments - No
centralized AuthZ service - Distributed but same config RBAC
- RBAC -> ABAC? - JWT base federation? - Controll
Plane? RBAC Solution?
- RBAC -> ABAC? - JWT base federation? - Controll
Plane? RBAC Solution? $POUSPM1MBOF
- Hard to read in Dynamo DB - Datadog log
Logs
Isolate, for real
͜͜ʹςΩετΛೖΕ·͢ɻ ͻͱͭͷεϥΠυʹ༰Λ٧Ί͗͢ ͳ͍Α͏ʹ͠·͠ΐ͏ɻ ʮ̍ຕͷεϥΠυʹ̍ͭͷҙຯʯ͕ εϥΠυ࡞ΓͷجຊͰ͢ɻ ݟग़͠
And More
͜͜ʹςΩετΛೖΕ·͢ɻ ͻͱͭͷεϥΠυʹ༰Λ٧Ί͗͢ ͳ͍Α͏ʹ͠·͠ΐ͏ɻ ʮ̍ຕͷεϥΠυʹ̍ͭͷҙຯʯ͕ εϥΠυ࡞ΓͷجຊͰ͢ɻ ݟग़͠
We are hiring!
Thank you @ken5scal
ಊʑͱͨ͠ݟग़͠
None