Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
踏み台で環境にTeleportする.pdf
Search
Kengo Suzuki
December 05, 2018
Technology
1
400
踏み台で環境にTeleportする.pdf
#Teleport #Bastion
Kengo Suzuki
December 05, 2018
Tweet
Share
More Decks by Kengo Suzuki
See All by Kengo Suzuki
Pwned Labsのすゝめ
ken5scal
2
820
信頼性に挑む中で拡張できる・得られる1人のスキルセットとは?
ken5scal
3
1k
Eventual Detection Engineering
ken5scal
0
2.3k
脆弱性対応をこの先生きのこるには
ken5scal
0
1.3k
LayerXとMDMのリスク評価と年次対応の実例(公開版)
ken5scal
2
1.3k
AWSだ! Google Cloudだ! Azureだ! 認証連携だ!
ken5scal
9
2.3k
適応し続けるプロダクトとセキュリティ
ken5scal
5
2.2k
同志諸君よ、ゼロトラストを撃て_CloudNativeDays2022
ken5scal
2
3.3k
なぜLayerXのセキュリティでSoftware指向が重視されているか
ken5scal
0
350
Other Decks in Technology
See All in Technology
United™️ Airlines®️ Customer®️ USA Contact Numbers: Complete 2025 Support Guide
flyunitedguide
0
800
How to Quickly Call American Airlines®️ U.S. Customer Care : Full Guide
flyaahelpguide
0
240
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
820
クラウド開発の舞台裏とSRE文化の醸成 / SRE NEXT 2025 Lunch Session
kazeburo
1
590
Talk to Someone At Delta Airlines™️ USA Contact Numbers
travelcarecenter
0
160
全部AI、全員Cursor、ドキュメント駆動開発 〜DevinやGeminiも添えて〜
rinchsan
10
5.1k
LLM拡張解体新書/llm-extension-deep-dive
oracle4engineer
PRO
23
6.3k
第64回コンピュータビジョン勉強会「The PanAf-FGBG Dataset: Understanding the Impact of Backgrounds in Wildlife Behaviour Recognition」
x_ttyszk
0
240
ロールが細分化された組織でSREは何をするか?
tgidgd
1
420
Amazon SNSサブスクリプションの誤解除を防ぐ
y_sakata
3
190
Delegating the chores of authenticating users to Keycloak
ahus1
0
190
QuickSight SPICE の効果的な運用戦略~S3 + Athena 構成での実践ノウハウ~/quicksight-spice-s3-athena-best-practices
emiki
0
290
Featured
See All Featured
Visualization
eitanlees
146
16k
4 Signs Your Business is Dying
shpigford
184
22k
Rebuilding a faster, lazier Slack
samanthasiow
83
9.1k
We Have a Design System, Now What?
morganepeng
53
7.7k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
138
34k
Site-Speed That Sticks
csswizardry
10
700
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
53
2.9k
The Power of CSS Pseudo Elements
geoffreycrofte
77
5.9k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
34
5.9k
Writing Fast Ruby
sferik
628
62k
KATA
mclloyd
30
14k
Fireside Chat
paigeccino
37
3.5k
Transcript
౿ΈͰڥʹTeleport͢Δ 2018/10/31 By @ken5scal
- Access Control - Environmental Separation - Separation of Duties
- Audit Bastion
- Teleport - Our Architecture - Deployment - TSURAMI Outline
Teleport
- OSS and CNCF - Browser Based Bastion - Session
Sharable - Byebye to SSH Teleport
OSS and CNCF
Browser Based (login)
Browser Based (Audit)
Session Sharable
- No local SSH private key required - Less Credential
in local - IdP Federated - SAML, OIDC SSO - So RBAC can be done - Makes user Identifiable Bye Bye to SSH
OpenSSH is still possible
- Teleport - Our Architecture - Deployment - TSURAMI Outline
Our Architecture
None
Emergency Bastion - Accessible from Internet - SSH Key Based
- Krypton - Save private key in Smart Phone - No local private key :)
Managed in Terraform Module - Terraform module - I'm not
a big fun of Ansible - But about to give up - TSURAMI
- Teleport - Our Architecture - Deployment - TSURAMI Outline
Deployment
- Terraform apply - and… Deployment
- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ
ݟग़͠ IUUQTXXXTFLBJSPDPNIUNM
Ts˒ura˒mi
- Multi-Deploy - Multi-Envs Manual Environment
- Multi-Deploy - Code Deploy - Multi-Envs Manual Environment
- Multi-Deploy - Multi-Envs - Trusted Clusters Manual Environment
- Min-privilege w/ 15-microservices - 5 different environments - No
centralized AuthZ service - Distributed but same config RBAC
- RBAC -> ABAC? - JWT base federation? - Controll
Plane? RBAC Solution?
- RBAC -> ABAC? - JWT base federation? - Controll
Plane? RBAC Solution? $POUSPM1MBOF
- Hard to read in Dynamo DB - Datadog log
Logs
Isolate, for real
͜͜ʹςΩετΛೖΕ·͢ɻ ͻͱͭͷεϥΠυʹ༰Λ٧Ί͗͢ ͳ͍Α͏ʹ͠·͠ΐ͏ɻ ʮ̍ຕͷεϥΠυʹ̍ͭͷҙຯʯ͕ εϥΠυ࡞ΓͷجຊͰ͢ɻ ݟग़͠
And More
͜͜ʹςΩετΛೖΕ·͢ɻ ͻͱͭͷεϥΠυʹ༰Λ٧Ί͗͢ ͳ͍Α͏ʹ͠·͠ΐ͏ɻ ʮ̍ຕͷεϥΠυʹ̍ͭͷҙຯʯ͕ εϥΠυ࡞ΓͷجຊͰ͢ɻ ݟग़͠
We are hiring!
Thank you @ken5scal
ಊʑͱͨ͠ݟग़͠
None