Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
踏み台で環境にTeleportする.pdf
Search
Kengo Suzuki
December 05, 2018
Technology
1
380
踏み台で環境にTeleportする.pdf
#Teleport #Bastion
Kengo Suzuki
December 05, 2018
Tweet
Share
More Decks by Kengo Suzuki
See All by Kengo Suzuki
Pwned Labsのすゝめ
ken5scal
1
400
信頼性に挑む中で拡張できる・得られる1人のスキルセットとは?
ken5scal
3
870
Eventual Detection Engineering
ken5scal
0
2.1k
脆弱性対応をこの先生きのこるには
ken5scal
0
1.1k
LayerXとMDMのリスク評価と年次対応の実例(公開版)
ken5scal
2
1.3k
AWSだ! Google Cloudだ! Azureだ! 認証連携だ!
ken5scal
9
2.1k
適応し続けるプロダクトとセキュリティ
ken5scal
5
2.1k
同志諸君よ、ゼロトラストを撃て_CloudNativeDays2022
ken5scal
2
3.3k
なぜLayerXのセキュリティでSoftware指向が重視されているか
ken5scal
0
330
Other Decks in Technology
See All in Technology
大規模アジャイルフレームワークから学ぶエンジニアマネジメントの本質
staka121
PRO
3
1.1k
クラウドサービス事業者におけるOSS
tagomoris
4
1k
システム・ML活用を広げるdbtのデータモデリング / Expanding System & ML Use with dbt Modeling
i125
1
320
偏光画像処理ライブラリを作った話
elerac
1
170
サイト信頼性エンジニアリングとAmazon Web Services / SRE and AWS
ymotongpoo
7
1.5k
OPENLOGI Company Profile for engineer
hr01
1
20k
開発組織を進化させる!AWSで実践するチームトポロジー
iwamot
1
340
AIエージェント時代のエンジニアになろう #jawsug #jawsdays2025 / 20250301 Agentic AI Engineering
yoshidashingo
8
3.5k
日経のデータベース事業とElasticsearch
hinatades
PRO
0
230
設計を積み重ねてシステムを刷新する
sansantech
PRO
0
160
LINEギフトにおけるバックエンド開発
lycorptech_jp
PRO
0
270
Visualize, Visualize, Visualize and rclone
tomoaki0705
9
82k
Featured
See All Featured
We Have a Design System, Now What?
morganepeng
51
7.4k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
A Tale of Four Properties
chriscoyier
158
23k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.7k
Code Review Best Practice
trishagee
67
18k
The Language of Interfaces
destraynor
156
24k
Measuring & Analyzing Core Web Vitals
bluesmoon
6
250
YesSQL, Process and Tooling at Scale
rocio
172
14k
How to Think Like a Performance Engineer
csswizardry
22
1.4k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
27
1.6k
Build The Right Thing And Hit Your Dates
maggiecrowley
34
2.5k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Transcript
౿ΈͰڥʹTeleport͢Δ 2018/10/31 By @ken5scal
- Access Control - Environmental Separation - Separation of Duties
- Audit Bastion
- Teleport - Our Architecture - Deployment - TSURAMI Outline
Teleport
- OSS and CNCF - Browser Based Bastion - Session
Sharable - Byebye to SSH Teleport
OSS and CNCF
Browser Based (login)
Browser Based (Audit)
Session Sharable
- No local SSH private key required - Less Credential
in local - IdP Federated - SAML, OIDC SSO - So RBAC can be done - Makes user Identifiable Bye Bye to SSH
OpenSSH is still possible
- Teleport - Our Architecture - Deployment - TSURAMI Outline
Our Architecture
None
Emergency Bastion - Accessible from Internet - SSH Key Based
- Krypton - Save private key in Smart Phone - No local private key :)
Managed in Terraform Module - Terraform module - I'm not
a big fun of Ansible - But about to give up - TSURAMI
- Teleport - Our Architecture - Deployment - TSURAMI Outline
Deployment
- Terraform apply - and… Deployment
- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ
ݟग़͠ IUUQTXXXTFLBJSPDPNIUNM
Ts˒ura˒mi
- Multi-Deploy - Multi-Envs Manual Environment
- Multi-Deploy - Code Deploy - Multi-Envs Manual Environment
- Multi-Deploy - Multi-Envs - Trusted Clusters Manual Environment
- Min-privilege w/ 15-microservices - 5 different environments - No
centralized AuthZ service - Distributed but same config RBAC
- RBAC -> ABAC? - JWT base federation? - Controll
Plane? RBAC Solution?
- RBAC -> ABAC? - JWT base federation? - Controll
Plane? RBAC Solution? $POUSPM1MBOF
- Hard to read in Dynamo DB - Datadog log
Logs
Isolate, for real
͜͜ʹςΩετΛೖΕ·͢ɻ ͻͱͭͷεϥΠυʹ༰Λ٧Ί͗͢ ͳ͍Α͏ʹ͠·͠ΐ͏ɻ ʮ̍ຕͷεϥΠυʹ̍ͭͷҙຯʯ͕ εϥΠυ࡞ΓͷجຊͰ͢ɻ ݟग़͠
And More
͜͜ʹςΩετΛೖΕ·͢ɻ ͻͱͭͷεϥΠυʹ༰Λ٧Ί͗͢ ͳ͍Α͏ʹ͠·͠ΐ͏ɻ ʮ̍ຕͷεϥΠυʹ̍ͭͷҙຯʯ͕ εϥΠυ࡞ΓͷجຊͰ͢ɻ ݟग़͠
We are hiring!
Thank you @ken5scal
ಊʑͱͨ͠ݟग़͠
None