やはりタグ。タグは全てを解決する

΍͸Γλάɹλά͸શͯΛղܾ͢Δ 1 BXTEFWEBZ

໊લླ໦ݚޗ !LFOTDBM ॴଐ -BZFS9גࣜձࣾ$50ࣨ ࡾҪ෺࢈σδλϧΞηοτɾϚωδϝϯτग़޲
དྷྺ ূ݊޲͚.BOBHFE4FDVSJUZ4FSWJDFɺՈܭ฽ɾΫϥ΢υձܭɺূ݊ձࣾ ݸਓͷ׆ಈ ಉਓʮ4FDVSFཱྀஂʯʹͯ1PEDBTUʮ4FDVSF-JBJTPOʯ΍ಉਓࢽ࡞੒ िץʮ๩͍͠ਓͷͨΊͷηΩϡϦςΟɾΠϯςϦδΣϯεʯൃߦ 1PE$BTUʮ4FDVSF-JBJTPOʯΛʢ΄΅ʣ8FFLMZͰϦϦʔε ॻ੶ 0`3FJMMZʮ;FSP5SVTU/FUXPSLʯ؂༁ ΠϯϓϨε3%ʮΞΠσϯςΟςΟ͸ͩΕͷ΋ͷʁ)ZQFSMFEHFS*OEZ"SJFTͰ࣮ݱ͢Δ෼ࢄΞΠσϯςΟςΟʯஶ࡞ ॴଐઌ঺հࣗݾ঺հ 2

Ϧετ Ϧετ Ϧετ Ϧετͷڧௐจࣈ Ϧετ
ݟग़͠ 3

ϒϩοΫνΣʔϯͷձࣾ Ͱ͸ͳ͍Ͱ͢ 4 IUUQTOPUFDPNGVLLZZOOGFECD

ॴଐઌͦͷᶃ 5

ݟग़͠ 6

ݟग़͠ 7

ॴଐઌͦͷᶄ 8

ॴଐઌͦͷᶄ 9

ॴଐઌͦͷᶄ 10

ॴଐઌͦͷᶄ 11

ຊ೔ͷ͓࿩ 12 $50ࣨ԰୆ࠎΤϯδχΞ

ຊ೔ͷ͓࿩ 13 $50ࣨ԰୆ࠎΤϯδχΞ ࢿ࢈؅ཧ

ຊ೔ͷ͓࿩ 14 $50ࣨ԰୆ࠎΤϯδχΞ ࢿ࢈؅ཧ "84

ຊ೔ͷ͓࿩ 15 $50ࣨ԰୆ࠎΤϯδχΞ ࢿ࢈؅ཧ "84 λά

ຊ೔ͷ͓࿩ 16 $50ࣨ԰୆ࠎΤϯδχΞ ࢿ࢈؅ཧ "84 λά

ຊ೔ͷ͓࿩ 17 $50ࣨ԰୆ࠎΤϯδχΞ ࢿ࢈؅ཧ "84 λά

࿩͢͜ͱ ౰ࣾͷλά؅ཧͷมભ ࿩͞ͳ͍͜ͱ ౰ࣾͷλάΛ׆༻ͨ͠ӡ༻ ࿩͞ͳ͍͜ͱ 18

8IZλά؅ཧ ౰ࣾͷλά؅ཧ 5BHWFS 5BHWFS 5BHWFS
5BHWFS ະདྷͷ࿩ʣ ΞδΣϯμ 19

8IZλά؅ཧ 20

ʢ͍͖ͳΓ୤ઢʣθϩτϥετ 21

ୈࡾͷࢦ਑͸ɺθϩτϥετͷ֓೦ ͸ɺอޢର৅ͷγεςϜͱσʔλͷ૊ ৫తՁ஋ʹ͋Θͤͯద༻͢Δඞཁ͕͋ Δͱ͍͏͜ͱͰ͢ 22 θϩτϥετΞʔΩςΫνϟ"84ͷࢹ఺

ୈࡾͷࢦ਑͸ɺθϩτϥετͷ֓೦ ͸ɺอޢର৅ͷγεςϜͱσʔλͷ૊ ৫తՁ஋ʹ͋Θͤͯద༻͢Δඞཁ͕͋ Δͱ͍͏͜ͱͰ͢ 23 θϩτϥετΞʔΩςΫνϟ"84ͷࢹ఺ อޢର৅ͷ γεςϜͱσʔλʹ͍ͭͯ Կ΋Θ͔ΒΜ৔߹͸ʁ

ࢿ࢈؅ཧ ༧࣮؅ཧ ΞΫηε؅ཧ ʢฏ࣌ͷʣϦεΫ؅ཧ ΠϯγσϯτରԠ
ࣗಈԽ ର৅͕ط஌Ͱͳ͍ͱͰ͖ͳ͍͜ͱ 24

UPNPWFUP;5" BOFOUFSQSJTFNVTUIBWFB TZTUFNUPEJTDPWFSBOESFDPSEQIZTJDBMBOE WJSUVBMBTTFUTUPDSFBUFBVTBCMFJOWFOUPSZ /*4541ʮθϩτϥετɾΞʔΩςΫνϟʯ 25

֤Ϧιʔεʹ෇༩͞Εͨϝλσʔ λ ֤छӡ༻ʹ͓͚ΔඞཁෆՄܽͳࢀ রઌσʔλ ૊৫ಛ༗ͷϦιʔε*EFOUJUZΛߏ ங͢Δ$MBJN "84ͷλάͱ͸ʁ
26 ๻͸͜ͷ ؀ڥͰ࢖ΘΕ·͢ ๻ͷ؅ཧऀ͸ 43&νʔϜͰ͢ ܦӦ؅ཧ෦ͷ ͓ࡒ෍͔͍ͭ·͢ ػີ৘ใ ͔͍͋ͭ·͢ %9αʔϏεͰ ࢖ΘΕ·͢ EFWEYFDͱਃ͠·͢

֤Ϧιʔεʹ෇༩͞Εͨϝλσʔ λ ֤छӡ༻ʹ͓͚ΔඞཁෆՄܽͳࢀ রઌσʔλ ૊৫ಛ༗ͷϦιʔε*EFOUJUZΛߏ ங͢Δ$MBJN "84ͷλάͱ͸ʁ
27 ๻͸͜ͷ ؀ڥͰ࢖ΘΕ·͢ ๻ͷ؅ཧऀ͸ 43&νʔϜͰ͢ ܦӦ؅ཧ෦ͷ ͓ࡒ෍͔͍ͭ·͢ ػີ৘ใ ͔͍͋ͭ·͢ %9αʔϏεͰ ࢖ΘΕ·͢ EFWEYFDͱਃ͠·͢

αʔόʔʹՍۭͷσʔλΛ෇༩Ͱ͖ΔΑ͏ʹͳͬͨ ʮໝ૝ͱ͍͏໊ͷ૝૾ྗ͕ϗϞɾαϐΤϯεΛਐԽͤͨ͞ʯ ͨ͘͞Μ͚ͭΒΕΔʢd Ωʔɾ஋ͷࣗ༝౓͕ߴ͍ʢʙ VOJDPEFจࣈɺDBTFTFOTJUJWF
ه߸ར༻Խʣ ϫʔΫϩʔυͷಈ࡞ʹ௚઀తͳӨڹΛ༩͑Δ͜ͱͳ͘ӡ༻Ͱ͖Δ 71$ͷ/BNFλάʜ ஌Γ·ͤΜͶʜ "1*؅ཧͰ͖Δ σʔλΛ࣮ࡍͷϦιʔεʹࣄલຒΊࠐΜ্ͩͰɺࢿ࢈؅ཧ%#΍ΤΫηϧΛิ׬Ͱ͖Δ ٯํ޲΋Մ ؅ཧऀʹΑΔ౷੍΋Ͱ͖Δ λά͸͍͢͝ 28

λά͔͠উͨΜ 29

౰ࣾͷ࿩ 30

5BH7FS 31

#$ίϯαϧࣄۀ͕ϝΠϯͩͬͨͨΊɺ۩ମతͳظؒݶఆతͳϫʔ Ϋϩʔυ͔͠ͳ͔ͬͨ 1P$ϓϩδΣΫτʹ൐͏୹ظతͳ৘ใࢿ࢈͔͠ͳ͔ͬͨʢ"84্ Ͱ͸ʣ Πϯϑϥత੔උΛ̎ਓͰ࣮ࢪ ΏΔʙ͘ᯂΑΓ࢝ΊΑ
ʢӨڹ΋ͳ͍͠ʣΨϯΨϯ͍͜͏ͥ 5BHWFS 32

ମ੍ ੲ 33

ࢀߟจݙY

ϕεϓϥ $BTFTFOTJUJWF Ϧιʔε΁ͷΞΫηείϯτϩʔϧ λά؅ཧͷࣗಈԽ λά͸গͳ͍ΑΓɺଟ͍ํ͕ϕλʔ
ओʹλάΧςΰϦΛࢀর "845BHHJOH4USBUFHJFT 35 IUUQTEBXTTUBUJDDPNBXTBOTXFST"84@5BHHJOH@4USBUFHJFTQEG

5BHHJOH#FTU1SBDUJDFT "845BHHJOH4USBUFHJFTΛΑ ΓৄࡉԽ IUUQTEPDTBXTBNB[PODPNXIJUFQBQFSTMBUFTUUBHHJOHCFTUQSBDUJDFTJOUSPEVDUJPOUBHHJOHVTFDBTFTIUNM

37 ͦΜͳʹλάͷ஋ʹͭΊ͜·ΜͰ΋Α͘ͳ͍ʜ

౰ࣾಠࣗΧελϚΠζᶃ 38 ݴͬͯΔ͜ͱ͕ҧ͏ͷͰɺ ʮେ͸খΛ݉ͶΔʯͱ͍͏͜ͱͰ ޙ͔Βม͑Δ͜ͱ্౳Ͱ͚ͭ·͘Δ͜ͱʹͨ͠ɻ λάมߋͰ͋Ε͹Өڹ͸ͳ͘ɼ ͔ͭɺݱࡏͷ༧࣮؅ཧͰ͸ͦ͜·ͰλάΛ׆༻ͯ͠ͳ͍ͨΊ

5BHHJOH#FTU1SBDUJDFT "845BHHJOH4USBUFHJFTΛΑ ΓৄࡉԽ IUUQTEPDTBXTBNB[PODPNXIJUFQBQFSTMBUFTUUBHHJOHCFTUQSBDUJDFTJOUSPEVDUJPOUBHHJOHVTFDBTFTIUNM ϏϛϣʔʹݴͬͯΔ͜ͱ͕ҧ͏ͷͰ 5BHHJOH#FTU1SBDUJDFTͷߟ͑ํΛجʹɺ 5BHHJOH4USBUFHJFTͷ࣮૷ํ๏ΛϝΠϯʹ࣮૷

λά໋໊نଇέόϒέʔεεωʔΫέʔε ΠϯϕϯτϦͬͯ%#ͩ͠ɺ͡Ό͋εωʔΫέʔεͩΑͶ 5FSSBGPSNͷϕεϓϥ΋Ξϯείͩ͠ɻ Ϧιʔε໊نଇ \FOWJSPONFOU^\TFSWJDF@JE^\Ϧιʔεಛ༗ͷ஋^
4΍"-#ʹ͍ͭͯ͸OBNFλάͷΑ͏ͳޠ۟ؒΛ@ͳܗࣜͩ ͱͰ͖ͳ͍ͷͰɺͰͭͳ͛Δɻ ౰ࣾಠࣗΧελϚΠζᶄ 40 IUUQTXXXUFSSBGPSNCFTUQSBDUJDFTDPNOBNJOH

౰ࣾಠࣗΧελϚΠζᶅ 41 λά؅ཧΛ ड͚࣋ͭ

౰ࣾಠࣗΧελϚΠζᶆ

43 λά໊ ΧςΰϦ ඞਢ ྫ name Ϧιʔε໊ ◦ ${service_id}.${environment}.${service_role}.$ {name}
service_id ΞϓϦɾαʔϏεID ◦ dx service_role αʔϏε಺ͷ໾ׂ ◦ web, db, log_storage cluster ecs Ϋϥελʔͱ͔ environment ؀ڥ ◦ dev, stg, prd version owner ੹೚ઌ ◦ cost_center ◦ xxx, yyy, layerx (ސ٬໊) project ϓϩδΣΫτ໊ ◦ customer ಛఆͷ͓٬༷޲͚༻ Τϯϓϥϓϥϯʹ͸͓٬༷ઐ༻αʔόΛఏڙ ͠·͢...తͳͱ͖ con fi dentiality ػີ౓߹͍ ◦ managed_by ͲͷIaC͔ ◦ manual(σϑΥϧτ), terraform, cfn compliance ن੍ɾίϯϓϥ PII, [pii, iso27002]

$PNNFSDJBMEBUBDMBTTJ fi DBUJPO 4FOTJUJWF $PO fi EFOUJBM 1SJWBUF
1VCMJD IUUQTEPDTNJDSPTPGUDPNKBKQ TFDVSJUZVQEBUFT QMBOOJOHBOEJNQMFNFOUBUJPOHVJEF $PO fi EFOUJBMJUZʹؔ͢Δิ଍ 44

5BH7FS 45

ࣄۀ෦੍΁ Ӭଓతͳ৘ใࢿ࢈͕ൃੜͨ͠ Πϯϑϥత੔උΛ͢Δ̎ਓ͸ࣄۀ෦ʹ೿ݣ΁ 5BHWFS 46

ମ੍ /PX 47

ڞ༗ձ 48

DPTU@DFOUFSͷ஋ʹ֤ࣄۀ෦͕ೖΔΑ͏ʹ OBNFλάΛഇࢭ λά໊ MBZFSYλά໊ ͷQSF fi YΛഇࢭ
EJGGGSPNWFS 49

5BH7FS 50

5FSSBGPSNQSPWJEFSW $50ަ୅ *4.4औಘ։࢝ 5BHW 51

ମ੍ /PX 52

ڞ༗ձ 53

5FSSBGPSN"841SPWJEFSWͷϦϦʔε 54 provider "aws" { region = var.regio n default_tags
{ tags = var.default_tags } } resource "aws_kms_key" "cloudtrail" { description = "key to encrypt/decrypt cloudtrail " tags = { service_role = var.service_role.km s } } resource "aws_kms_key" "cloudtrail" { description = "key to encrypt/decrypt cloudtrail " tags = { environment = pr d service_role = var.service_role.km s project = guardrai l service_id = guardrai l cost_center = layer X Owner = sr e managed_by = terrafor m github_repository - guardrai l } } EFGBVMU@UBHT͍͜͞ʔ

HJUIVC@SFQPTJUPSZ௥Ճ ৘ใ۠෼ͷݟ௚͠ લTFOTJUJWF DPO fi EFOUJBM QSJWBUF
QSPQSJFUBSZ QVCMJD ޙDPO fi EFOUJBM QSJWBUF QVCMJD TFSWJDF@SPMFΛ࣮ଶͰ͋ΔϦιʔεͷཻ౓ʹ͋ΘͤΔ ྫTFDSFUTNBOBHFSWBVMU EJGGGSPNWFS 55

ࠓޙ 56

λά౷੍ λάFWFSZXIFSF λά؅ཧͷ؅ཧ λά΁ͷΞΫηε؅ཧΛ៛ີԽ λάΛ࢖ͬͨ"#"$ʁ
ਖ਼௚͋·ΓϝϦοτΛײͯ͡ͳ͍ʜ 5BHW GVUVSF 57

࠾༻ͯ͠·͢ ݸਓΧδϡΞϧ໘ஊ͔ΒͰ ΋0, 58

59 ࠾༻͸ͪ͜Β IUUQTIFSQDBSFFSTWMBZFSY ΧδϡΞϧ໘ஊ͸ͪ͜Β IUUQTNFFUZOFUBSUJDMFTUXXKK

60 IUUQTNFFUZOFUNBUDIFTK"C ff [W-RK/B IUUQTIFSQDBSFFSTWMBZFSYZSR)(513Y

5IBOLZPV 61

やはりタグ。タグは全てを解決する

やはりタグ。タグは全てを解決する

More Decks by Kengo Suzuki

Other Decks in Technology

Featured

Transcript