Save 37% off PRO during our Black Friday Sale! »

やはりタグ。タグは全てを解決する

406ea2cac59924cedae4629c3c6c84fb?s=47 Kengo Suzuki
November 04, 2021

 やはりタグ。タグは全てを解決する

406ea2cac59924cedae4629c3c6c84fb?s=128

Kengo Suzuki

November 04, 2021
Tweet

Transcript

  1. ΍͸Γλάɹλά͸શͯΛղܾ͢Δ  1 BXTEFWEBZ

  2.  ໊લླ໦ݚޗ !LFOTDBM   ॴଐ  -BZFS9גࣜձࣾ$50ࣨ  ࡾҪ෺࢈σδλϧΞηοτɾϚωδϝϯτग़޲

     དྷྺ  ূ݊޲͚.BOBHFE4FDVSJUZ4FSWJDFɺՈܭ฽ɾΫϥ΢υձܭɺূ݊ձࣾ  ݸਓͷ׆ಈ  ಉਓʮ4FDVSFཱྀஂʯʹͯ1PEDBTUʮ4FDVSF-JBJTPOʯ΍ಉਓࢽ࡞੒  िץʮ๩͍͠ਓͷͨΊͷηΩϡϦςΟɾΠϯςϦδΣϯεʯൃߦ  1PE$BTUʮ4FDVSF-JBJTPOʯΛʢ΄΅ʣ8FFLMZͰϦϦʔε  ॻ੶  0`3FJMMZʮ;FSP5SVTU/FUXPSLʯ؂༁  ΠϯϓϨε3%ʮΞΠσϯςΟςΟ͸ͩΕͷ΋ͷʁ)ZQFSMFEHFS*OEZ"SJFTͰ࣮ݱ͢Δ෼ࢄΞΠσϯςΟςΟʯஶ࡞ ॴଐઌ঺հࣗݾ঺հ 2
  3.  Ϧετ  Ϧετ  Ϧετ  Ϧετͷڧௐจࣈ  Ϧετ

    ݟग़͠ 3
  4. ϒϩοΫνΣʔϯͷձࣾ Ͱ͸ͳ͍Ͱ͢ 4 IUUQTOPUFDPNGVLLZZOOGFECD

  5. ॴଐઌͦͷᶃ 5

  6.  Ϧετ  Ϧετ  Ϧετ  Ϧετͷڧௐจࣈ  Ϧετ

    ݟग़͠ 6
  7.  Ϧετ  Ϧετ  Ϧετ  Ϧετͷڧௐจࣈ  Ϧετ

    ݟग़͠ 7
  8. ॴଐઌͦͷᶄ 8

  9. ॴଐઌͦͷᶄ 9

  10. ॴଐઌͦͷᶄ 10

  11. ॴଐઌͦͷᶄ 11

  12. ຊ೔ͷ͓࿩ 12 $50ࣨ԰୆ࠎΤϯδχΞ

  13. ຊ೔ͷ͓࿩ 13 $50ࣨ԰୆ࠎΤϯδχΞ ࢿ࢈؅ཧ

  14. ຊ೔ͷ͓࿩ 14 $50ࣨ԰୆ࠎΤϯδχΞ ࢿ࢈؅ཧ "84

  15. ຊ೔ͷ͓࿩ 15 $50ࣨ԰୆ࠎΤϯδχΞ ࢿ࢈؅ཧ "84 λά

  16. ຊ೔ͷ͓࿩ 16 $50ࣨ԰୆ࠎΤϯδχΞ ࢿ࢈؅ཧ "84 λά

  17. ຊ೔ͷ͓࿩ 17 $50ࣨ԰୆ࠎΤϯδχΞ ࢿ࢈؅ཧ "84 λά

  18.  ࿩͢͜ͱ  ౰ࣾͷλά؅ཧͷมભ  ࿩͞ͳ͍͜ͱ  ౰ࣾͷλάΛ׆༻ͨ͠ӡ༻ ࿩͞ͳ͍͜ͱ 18

  19.  8IZλά؅ཧ  ౰ࣾͷλά؅ཧ  5BHWFS  5BHWFS  5BHWFS

     5BHWFS ະདྷͷ࿩ʣ ΞδΣϯμ 19
  20. 8IZλά؅ཧ 20

  21. ʢ͍͖ͳΓ୤ઢʣθϩτϥετ 21

  22. ୈࡾͷࢦ਑͸ɺθϩτϥετͷ֓೦ ͸ɺอޢର৅ͷγεςϜͱσʔλͷ૊ ৫తՁ஋ʹ͋Θͤͯద༻͢Δඞཁ͕͋ Δͱ͍͏͜ͱͰ͢ 22 θϩτϥετΞʔΩςΫνϟ"84ͷࢹ఺

  23. ୈࡾͷࢦ਑͸ɺθϩτϥετͷ֓೦ ͸ɺอޢର৅ͷγεςϜͱσʔλͷ૊ ৫తՁ஋ʹ͋Θͤͯద༻͢Δඞཁ͕͋ Δͱ͍͏͜ͱͰ͢ 23 θϩτϥετΞʔΩςΫνϟ"84ͷࢹ఺ อޢର৅ͷ γεςϜͱσʔλʹ͍ͭͯ Կ΋Θ͔ΒΜ৔߹͸ʁ

  24.  ࢿ࢈؅ཧ  ༧࣮؅ཧ  ΞΫηε؅ཧ  ʢฏ࣌ͷʣϦεΫ؅ཧ  ΠϯγσϯτରԠ

     ࣗಈԽ ର৅͕ط஌Ͱͳ͍ͱͰ͖ͳ͍͜ͱ 24
  25.  UPNPWFUP;5" BOFOUFSQSJTFNVTUIBWFB TZTUFNUPEJTDPWFSBOESFDPSEQIZTJDBMBOE WJSUVBMBTTFUTUPDSFBUFBVTBCMFJOWFOUPSZ /*4541ʮθϩτϥετɾΞʔΩςΫνϟʯ 25

  26.  ֤Ϧιʔεʹ෇༩͞Εͨϝλσʔ λ  ֤छӡ༻ʹ͓͚ΔඞཁෆՄܽͳࢀ রઌσʔλ  ૊৫ಛ༗ͷϦιʔε*EFOUJUZΛߏ ங͢Δ$MBJN "84ͷλάͱ͸ʁ

    26 ๻͸͜ͷ ؀ڥͰ࢖ΘΕ·͢ ๻ͷ؅ཧऀ͸ 43&νʔϜͰ͢ ܦӦ؅ཧ෦ͷ ͓ࡒ෍͔͍ͭ·͢ ػີ৘ใ ͔͍͋ͭ·͢ %9αʔϏεͰ ࢖ΘΕ·͢ EFWEYFDͱਃ͠·͢
  27.  ֤Ϧιʔεʹ෇༩͞Εͨϝλσʔ λ  ֤छӡ༻ʹ͓͚ΔඞཁෆՄܽͳࢀ রઌσʔλ  ૊৫ಛ༗ͷϦιʔε*EFOUJUZΛߏ ங͢Δ$MBJN "84ͷλάͱ͸ʁ

    27 ๻͸͜ͷ ؀ڥͰ࢖ΘΕ·͢ ๻ͷ؅ཧऀ͸ 43&νʔϜͰ͢ ܦӦ؅ཧ෦ͷ ͓ࡒ෍͔͍ͭ·͢ ػີ৘ใ ͔͍͋ͭ·͢ %9αʔϏεͰ ࢖ΘΕ·͢ EFWEYFDͱਃ͠·͢
  28.  αʔόʔʹՍۭͷσʔλΛ෇༩Ͱ͖ΔΑ͏ʹͳͬͨ  ʮໝ૝ͱ͍͏໊ͷ૝૾ྗ͕ϗϞɾαϐΤϯεΛਐԽͤͨ͞ʯ  ͨ͘͞Μ͚ͭΒΕΔʢd   Ωʔɾ஋ͷࣗ༝౓͕ߴ͍ʢʙ VOJDPEFจࣈɺDBTFTFOTJUJWF

    ه߸ར༻Խʣ  ϫʔΫϩʔυͷಈ࡞ʹ௚઀తͳӨڹΛ༩͑Δ͜ͱͳ͘ӡ༻Ͱ͖Δ  71$ͷ/BNFλάʜ ஌Γ·ͤΜͶʜ  "1*؅ཧͰ͖Δ  σʔλΛ࣮ࡍͷϦιʔεʹࣄલຒΊࠐΜ্ͩͰɺࢿ࢈؅ཧ%#΍ΤΫηϧΛิ׬Ͱ͖Δ  ٯํ޲΋Մ  ؅ཧऀʹΑΔ౷੍΋Ͱ͖Δ λά͸͍͢͝ 28
  29. λά͔͠উͨΜ 29

  30. ౰ࣾͷ࿩ 30

  31. 5BH7FS 31

  32.  #$ίϯαϧࣄۀ͕ϝΠϯͩͬͨͨΊɺ۩ମతͳظؒݶఆతͳϫʔ Ϋϩʔυ͔͠ͳ͔ͬͨ  1P$ϓϩδΣΫτʹ൐͏୹ظతͳ৘ใࢿ࢈͔͠ͳ͔ͬͨʢ"84্ Ͱ͸ʣ  Πϯϑϥత੔උΛ̎ਓͰ࣮ࢪ  ΏΔʙ͘ᯂΑΓ࢝ΊΑ

     ʢӨڹ΋ͳ͍͠ʣΨϯΨϯ͍͜͏ͥ 5BHWFS  32
  33. ମ੍ ੲ 33

  34. ࢀߟจݙY

  35.  ϕεϓϥ  $BTFTFOTJUJWF  Ϧιʔε΁ͷΞΫηείϯτϩʔϧ  λά؅ཧͷࣗಈԽ  λά͸গͳ͍ΑΓɺଟ͍ํ͕ϕλʔ

     ओʹλάΧςΰϦΛࢀর "845BHHJOH4USBUFHJFT 35 IUUQTEBXTTUBUJDDPNBXTBOTXFST"84@5BHHJOH@4USBUFHJFTQEG
  36. 5BHHJOH#FTU1SBDUJDFT  "845BHHJOH4USBUFHJFTΛΑ ΓৄࡉԽ IUUQTEPDTBXTBNB[PODPNXIJUFQBQFSTMBUFTUUBHHJOHCFTUQSBDUJDFTJOUSPEVDUJPOUBHHJOHVTFDBTFTIUNM

  37.  Ϧετ  Ϧετ  Ϧετ  Ϧετͷڧௐจࣈ  Ϧετ

    37 ͦΜͳʹλάͷ஋ʹͭΊ͜·ΜͰ΋Α͘ͳ͍ʜ
  38. ౰ࣾಠࣗΧελϚΠζᶃ 38 ݴͬͯΔ͜ͱ͕ҧ͏ͷͰɺ ʮେ͸খΛ݉ͶΔʯͱ͍͏͜ͱͰ ޙ͔Βม͑Δ͜ͱ্౳Ͱ͚ͭ·͘Δ͜ͱʹͨ͠ɻ λάมߋͰ͋Ε͹Өڹ͸ͳ͘ɼ ͔ͭɺݱࡏͷ༧࣮؅ཧͰ͸ͦ͜·ͰλάΛ׆༻ͯ͠ͳ͍ͨΊ

  39. 5BHHJOH#FTU1SBDUJDFT  "845BHHJOH4USBUFHJFTΛΑ ΓৄࡉԽ IUUQTEPDTBXTBNB[PODPNXIJUFQBQFSTMBUFTUUBHHJOHCFTUQSBDUJDFTJOUSPEVDUJPOUBHHJOHVTFDBTFTIUNM ϏϛϣʔʹݴͬͯΔ͜ͱ͕ҧ͏ͷͰ 5BHHJOH#FTU1SBDUJDFTͷߟ͑ํΛجʹɺ 5BHHJOH4USBUFHJFTͷ࣮૷ํ๏ΛϝΠϯʹ࣮૷

  40.  λά໋໊نଇέόϒέʔεεωʔΫέʔε  ΠϯϕϯτϦͬͯ%#ͩ͠ɺ͡Ό͋εωʔΫέʔεͩΑͶ  5FSSBGPSNͷϕεϓϥ΋Ξϯείͩ͠ɻ  Ϧιʔε໊نଇ  \FOWJSPONFOU^\TFSWJDF@JE^\Ϧιʔεಛ༗ͷ஋^

     4΍"-#ʹ͍ͭͯ͸OBNFλάͷΑ͏ͳޠ۟ؒΛ@ͳܗࣜͩ ͱͰ͖ͳ͍ͷͰɺͰͭͳ͛Δɻ ౰ࣾಠࣗΧελϚΠζᶄ 40 IUUQTXXXUFSSBGPSNCFTUQSBDUJDFTDPNOBNJOH
  41. ౰ࣾಠࣗΧελϚΠζᶅ 41 λά؅ཧΛ ड͚࣋ͭ

  42. ౰ࣾಠࣗΧελϚΠζᶆ

  43. 43 λά໊ ΧςΰϦ ඞਢ ྫ name Ϧιʔε໊ ◦ ${service_id}.${environment}.${service_role}.$ {name}

    service_id ΞϓϦɾαʔϏεID ◦ dx service_role αʔϏε಺ͷ໾ׂ ◦ web, db, log_storage cluster ecs Ϋϥελʔͱ͔ environment ؀ڥ ◦ dev, stg, prd version owner ੹೚ઌ ◦ cost_center ◦ xxx, yyy, layerx (ސ٬໊) project ϓϩδΣΫτ໊ ◦ customer ಛఆͷ͓٬༷޲͚༻ Τϯϓϥϓϥϯʹ͸͓٬༷ઐ༻αʔόΛఏڙ ͠·͢...తͳͱ͖ con fi dentiality ػີ౓߹͍ ◦ managed_by ͲͷIaC͔ ◦ manual(σϑΥϧτ), terraform, cfn compliance ن੍ɾίϯϓϥ PII, [pii, iso27002]
  44.  $PNNFSDJBMEBUBDMBTTJ fi DBUJPO  4FOTJUJWF $PO fi EFOUJBM 1SJWBUF

    1VCMJD  IUUQTEPDTNJDSPTPGUDPNKBKQ TFDVSJUZVQEBUFT QMBOOJOHBOEJNQMFNFOUBUJPOHVJEF  $PO fi EFOUJBMJUZʹؔ͢Δิ଍ 44
  45. 5BH7FS 45

  46.  ࣄۀ෦੍΁  Ӭଓతͳ৘ใࢿ࢈͕ൃੜͨ͠  Πϯϑϥత੔උΛ͢Δ̎ਓ͸ࣄۀ෦ʹ೿ݣ΁ 5BHWFS  46

  47. ମ੍ /PX 47

  48. ڞ༗ձ 48

  49.  DPTU@DFOUFSͷ஋ʹ֤ࣄۀ෦͕ೖΔΑ͏ʹ  OBNFλάΛഇࢭ  λά໊ MBZFSYλά໊ ͷQSF fi YΛഇࢭ

    EJGGGSPNWFS 49
  50. 5BH7FS 50

  51.  5FSSBGPSNQSPWJEFSW  $50ަ୅  *4.4औಘ։࢝ 5BHW  51

  52. ମ੍ /PX 52

  53. ڞ༗ձ 53

  54. 5FSSBGPSN"841SPWJEFSWͷϦϦʔε 54 provider "aws" { region = var.regio n default_tags

    { tags = var.default_tags } } resource "aws_kms_key" "cloudtrail" { description = "key to encrypt/decrypt cloudtrail " tags = { service_role = var.service_role.km s } } resource "aws_kms_key" "cloudtrail" { description = "key to encrypt/decrypt cloudtrail " tags = { environment = pr d service_role = var.service_role.km s project = guardrai l service_id = guardrai l cost_center = layer X Owner = sr e managed_by = terrafor m github_repository - guardrai l } }  EFGBVMU@UBHT͍͜͞ʔ
  55.  HJUIVC@SFQPTJUPSZ௥Ճ  ৘ใ۠෼ͷݟ௚͠  લTFOTJUJWF DPO fi EFOUJBM QSJWBUF

    QSPQSJFUBSZ QVCMJD  ޙDPO fi EFOUJBM QSJWBUF QVCMJD  TFSWJDF@SPMFΛ࣮ଶͰ͋ΔϦιʔεͷཻ౓ʹ͋ΘͤΔ  ྫTFDSFUTNBOBHFSWBVMU EJGGGSPNWFS 55
  56. ࠓޙ 56

  57.  λά౷੍  λάFWFSZXIFSF  λά؅ཧͷ؅ཧ  λά΁ͷΞΫηε؅ཧΛ៛ີԽ  λάΛ࢖ͬͨ"#"$ʁ

     ਖ਼௚͋·ΓϝϦοτΛײͯ͡ͳ͍ʜ 5BHW GVUVSF 57
  58. ࠾༻ͯ͠·͢ ݸਓΧδϡΞϧ໘ஊ͔ΒͰ ΋0, 58

  59. 59 ࠾༻͸ͪ͜Β IUUQTIFSQDBSFFSTWMBZFSY ΧδϡΞϧ໘ஊ͸ͪ͜Β IUUQTNFFUZOFUBSUJDMFTUXXKK

  60. 60 IUUQTNFFUZOFUNBUDIFTK"C ff [W-RK/B IUUQTIFSQDBSFFSTWMBZFSYZSR)(513Y

  61. 5IBOLZPV 61