Upgrade to Pro — share decks privately, control downloads, hide ads and more …

やはりタグ。タグは全てを解決する

Kengo Suzuki
November 04, 2021
Technology
2
8k

 やはりタグ。タグは全てを解決する

Kengo Suzuki

November 04, 2021
Tweet

More Decks by Kengo Suzuki

See All by Kengo Suzuki
同志諸君よ、ゼロトラストを撃て_CloudNativeDays2022
ken5scal
2
2.7k
なぜLayerXのセキュリティでSoftware指向が重視されているか
ken5scal
0
140
暇だしDevSecOpsやってみた - CodePipeline Now and Then
ken5scal
3
5k
サプライチェーン・セキュリティ Infra Study 2nd #4「セキュリティエンジニアリングの世界」
ken5scal
4
1.8k
外部Identityから考える Azure ADの向かい先
ken5scal
1
710
俺たちはマルチステークホルダー間のセキュリティインシデントから何を学ぶのか
ken5scal
9
4.5k
Zero Trust上から見るか?下から見るか?
ken5scal
8
13k
AWS IAMどうしましょ
ken5scal
9
10k
Device Identity as Yet Untold
ken5scal
4
4.1k

Other Decks in Technology

See All in Technology
CloudWatchでバレる 「君、仕事中にyo〇tube観てたよね?」
kadogen_0527
0
250
データマネジメント研修【MIXI 23新卒技術研修】
mixi_engineers
PRO
0
200
Антихрупкость в IT или как полюбить изменения
alexanderbyndyu
0
200
ChatGPTとこころを整理してみる
nagauta
0
340
日浅流、 エンジニアリングマネージャーのしごと
takahia1988
0
110
TrivyでAWSセキュリティをシフトレフトしよう
bitkey
PRO
1
540
AWS WAFおよびWafCharmを複数サービスに導入した結果と課題
iwamot
0
180
新リリース:microCMSテンプレート
microcms
1
340
『AWSではじめるクラウドセキュリティ』の裏側を。
ryohatanmonolog
2
200
競プロ作問を支える技術
tsutaj
0
210
株式会社オプティム_採用会社紹介資料 / optim-recruit
optim
0
9.5k
CyberAgent AI事業本部MLOps研修応用編
nsakki55
36
18k

Featured

See All Featured
Code Review Best Practice
trishagee
52
12k
Gamification - CAS2011
davidbonilla
75
4.2k
What the flash - Photography Introduction
edds
64
10k
RailsConf 2023
tenderlove
0
93
Building Your Own Lightsaber
phodgson
96
5k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
46
15k
The Brand Is Dead. Long Live the Brand.
mthomps
48
3.9k
The Web Native Designer (August 2011)
paulrobertlloyd
78
2.3k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
226
16k
Testing 201, or: Great Expectations
jmmastey
26
5.9k
Code Reviewing Like a Champion
maltzj
508
38k
BBQ
matthewcrist
75
8.2k

Transcript

  1. ΍͸Γλάɹλά͸શͯΛղܾ͢Δ

    1
    BXTEFWEBZ

    View Slide

  2. ໊લླ໦ݚޗ !LFOTDBM

    ॴଐ
    -BZFS9גࣜձࣾ$50ࣨ
    ࡾҪ෺࢈σδλϧΞηοτɾϚωδϝϯτग़޲
    དྷྺ
    ূ݊޲͚.BOBHFE4FDVSJUZ4FSWJDFɺՈܭ฽ɾΫϥ΢υձܭɺূ݊ձࣾ
    ݸਓͷ׆ಈ
    ಉਓʮ4FDVSFཱྀஂʯʹͯ1PEDBTUʮ4FDVSF-JBJTPOʯ΍ಉਓࢽ࡞੒
    िץʮ๩͍͠ਓͷͨΊͷηΩϡϦςΟɾΠϯςϦδΣϯεʯൃߦ
    1PE$BTUʮ4FDVSF-JBJTPOʯΛʢ΄΅ʣ8FFLMZͰϦϦʔε
    ॻ੶
    0`3FJMMZʮ;FSP5SVTU/FUXPSLʯ؂༁
    ΠϯϓϨε3%ʮΞΠσϯςΟςΟ͸ͩΕͷ΋ͷʁ)ZQFSMFEHFS*OEZ"SJFTͰ࣮ݱ͢Δ෼ࢄΞΠσϯςΟςΟʯஶ࡞
    ॴଐઌ঺հࣗݾ঺հ
    2

    View Slide

  3. Ϧετ
    Ϧετ
    Ϧετ
    Ϧετͷڧௐจࣈ
    Ϧετ
    ݟग़͠
    3

    View Slide

  4. ϒϩοΫνΣʔϯͷձࣾ
    Ͱ͸ͳ͍Ͱ͢
    4
    IUUQTOPUFDPNGVLLZZOOGFECD

    View Slide

  5. ॴଐઌͦͷᶃ
    5

    View Slide

  6. Ϧετ
    Ϧετ
    Ϧετ
    Ϧετͷڧௐจࣈ
    Ϧετ
    ݟग़͠
    6

    View Slide

  7. Ϧετ
    Ϧετ
    Ϧετ
    Ϧετͷڧௐจࣈ
    Ϧετ
    ݟग़͠
    7

    View Slide

  8. ॴଐઌͦͷᶄ
    8

    View Slide

  9. ॴଐઌͦͷᶄ
    9

    View Slide

  10. ॴଐઌͦͷᶄ
    10

    View Slide

  11. ॴଐઌͦͷᶄ
    11

    View Slide

  12. ຊ೔ͷ͓࿩
    12
    $50ࣨ԰୆ࠎΤϯδχΞ

    View Slide

  13. ຊ೔ͷ͓࿩
    13
    $50ࣨ԰୆ࠎΤϯδχΞ
    ࢿ࢈؅ཧ

    View Slide

  14. ຊ೔ͷ͓࿩
    14
    $50ࣨ԰୆ࠎΤϯδχΞ
    ࢿ࢈؅ཧ
    "84

    View Slide

  15. ຊ೔ͷ͓࿩
    15
    $50ࣨ԰୆ࠎΤϯδχΞ
    ࢿ࢈؅ཧ
    "84
    λά

    View Slide

  16. ຊ೔ͷ͓࿩
    16
    $50ࣨ԰୆ࠎΤϯδχΞ
    ࢿ࢈؅ཧ
    "84
    λά

    View Slide

  17. ຊ೔ͷ͓࿩
    17
    $50ࣨ԰୆ࠎΤϯδχΞ
    ࢿ࢈؅ཧ
    "84
    λά

    View Slide

  18. ࿩͢͜ͱ
    ౰ࣾͷλά؅ཧͷมભ
    ࿩͞ͳ͍͜ͱ
    ౰ࣾͷλάΛ׆༻ͨ͠ӡ༻
    ࿩͞ͳ͍͜ͱ
    18

    View Slide

  19. 8IZλά؅ཧ
    ౰ࣾͷλά؅ཧ
    5BHWFS
    5BHWFS
    5BHWFS
    5BHWFS ະདྷͷ࿩ʣ
    ΞδΣϯμ
    19

    View Slide

  20. 8IZλά؅ཧ
    20

    View Slide

  21. ʢ͍͖ͳΓ୤ઢʣθϩτϥετ
    21

    View Slide

  22. ୈࡾͷࢦ਑͸ɺθϩτϥετͷ֓೦
    ͸ɺอޢର৅ͷγεςϜͱσʔλͷ૊
    ৫తՁ஋ʹ͋Θͤͯద༻͢Δඞཁ͕͋
    Δͱ͍͏͜ͱͰ͢
    22
    θϩτϥετΞʔΩςΫνϟ"84ͷࢹ఺

    View Slide

  23. ୈࡾͷࢦ਑͸ɺθϩτϥετͷ֓೦
    ͸ɺอޢର৅ͷγεςϜͱσʔλͷ૊
    ৫తՁ஋ʹ͋Θͤͯద༻͢Δඞཁ͕͋
    Δͱ͍͏͜ͱͰ͢
    23
    θϩτϥετΞʔΩςΫνϟ"84ͷࢹ఺
    อޢର৅ͷ
    γεςϜͱσʔλʹ͍ͭͯ
    Կ΋Θ͔ΒΜ৔߹͸ʁ

    View Slide

  24. ࢿ࢈؅ཧ
    ༧࣮؅ཧ
    ΞΫηε؅ཧ
    ʢฏ࣌ͷʣϦεΫ؅ཧ
    ΠϯγσϯτରԠ
    ࣗಈԽ
    ର৅͕ط஌Ͱͳ͍ͱͰ͖ͳ͍͜ͱ
    24

    View Slide

  25. UPNPWFUP;5" BOFOUFSQSJTFNVTUIBWFB
    TZTUFNUPEJTDPWFSBOESFDPSEQIZTJDBMBOE
    WJSUVBMBTTFUTUPDSFBUFBVTBCMFJOWFOUPSZ
    /*4541ʮθϩτϥετɾΞʔΩςΫνϟʯ
    25

    View Slide

  26. ֤Ϧιʔεʹ෇༩͞Εͨϝλσʔ
    λ
    ֤छӡ༻ʹ͓͚ΔඞཁෆՄܽͳࢀ
    রઌσʔλ
    ૊৫ಛ༗ͷϦιʔε*EFOUJUZΛߏ
    ங͢Δ$MBJN
    "84ͷλάͱ͸ʁ
    26
    ๻͸͜ͷ
    ؀ڥͰ࢖ΘΕ·͢
    ๻ͷ؅ཧऀ͸
    43&νʔϜͰ͢
    ܦӦ؅ཧ෦ͷ
    ͓ࡒ෍͔͍ͭ·͢
    ػີ৘ใ
    ͔͍͋ͭ·͢
    %9αʔϏεͰ
    ࢖ΘΕ·͢
    EFWEYFDͱਃ͠·͢

    View Slide

  27. ֤Ϧιʔεʹ෇༩͞Εͨϝλσʔ
    λ
    ֤छӡ༻ʹ͓͚ΔඞཁෆՄܽͳࢀ
    রઌσʔλ
    ૊৫ಛ༗ͷϦιʔε*EFOUJUZΛߏ
    ங͢Δ$MBJN
    "84ͷλάͱ͸ʁ
    27
    ๻͸͜ͷ
    ؀ڥͰ࢖ΘΕ·͢
    ๻ͷ؅ཧऀ͸
    43&νʔϜͰ͢
    ܦӦ؅ཧ෦ͷ
    ͓ࡒ෍͔͍ͭ·͢
    ػີ৘ใ
    ͔͍͋ͭ·͢
    %9αʔϏεͰ
    ࢖ΘΕ·͢
    EFWEYFDͱਃ͠·͢

    View Slide

  28. αʔόʔʹՍۭͷσʔλΛ෇༩Ͱ͖ΔΑ͏ʹͳͬͨ
    ʮໝ૝ͱ͍͏໊ͷ૝૾ྗ͕ϗϞɾαϐΤϯεΛਐԽͤͨ͞ʯ
    ͨ͘͞Μ͚ͭΒΕΔʢd

    Ωʔɾ஋ͷࣗ༝౓͕ߴ͍ʢʙ VOJDPEFจࣈɺDBTFTFOTJUJWF ه߸ར༻Խʣ
    ϫʔΫϩʔυͷಈ࡞ʹ௚઀తͳӨڹΛ༩͑Δ͜ͱͳ͘ӡ༻Ͱ͖Δ
    71$ͷ/BNFλάʜ ஌Γ·ͤΜͶʜ
    "1*؅ཧͰ͖Δ
    σʔλΛ࣮ࡍͷϦιʔεʹࣄલຒΊࠐΜ্ͩͰɺࢿ࢈؅ཧ%#΍ΤΫηϧΛิ׬Ͱ͖Δ
    ٯํ޲΋Մ
    ؅ཧऀʹΑΔ౷੍΋Ͱ͖Δ
    λά͸͍͢͝
    28

    View Slide

  29. λά͔͠উͨΜ
    29

    View Slide

  30. ౰ࣾͷ࿩
    30

    View Slide

  31. 5BH7FS
    31

    View Slide

  32. #$ίϯαϧࣄۀ͕ϝΠϯͩͬͨͨΊɺ۩ମతͳظؒݶఆతͳϫʔ
    Ϋϩʔυ͔͠ͳ͔ͬͨ
    1P$ϓϩδΣΫτʹ൐͏୹ظతͳ৘ใࢿ࢈͔͠ͳ͔ͬͨʢ"84্
    Ͱ͸ʣ
    Πϯϑϥత੔උΛ̎ਓͰ࣮ࢪ
    ΏΔʙ͘ᯂΑΓ࢝ΊΑ
    ʢӨڹ΋ͳ͍͠ʣΨϯΨϯ͍͜͏ͥ
    5BHWFS

    32

    View Slide

  33. ମ੍ ੲ

    33

    View Slide

  34. ࢀߟจݙY

    View Slide

  35. ϕεϓϥ
    $BTFTFOTJUJWF
    Ϧιʔε΁ͷΞΫηείϯτϩʔϧ
    λά؅ཧͷࣗಈԽ
    λά͸গͳ͍ΑΓɺଟ͍ํ͕ϕλʔ
    ओʹλάΧςΰϦΛࢀর
    "845BHHJOH4USBUFHJFT
    35
    IUUQTEBXTTUBUJDDPNBXTBOTXFST"[email protected]@4USBUFHJFTQEG

    View Slide

  36. 5BHHJOH#FTU1SBDUJDFT
    "845BHHJOH4USBUFHJFTΛΑ
    ΓৄࡉԽ
    IUUQTEPDTBXTBNB[PODPNXIJUFQBQFSTMBUFTUUBHHJOHCFTUQSBDUJDFTJOUSPEVDUJPOUBHHJOHVTFDBTFTIUNM

    View Slide

  37. Ϧετ
    Ϧετ
    Ϧετ
    Ϧετͷڧௐจࣈ
    Ϧετ
    37
    ͦΜͳʹλάͷ஋ʹͭΊ͜·ΜͰ΋Α͘ͳ͍ʜ

    View Slide

  38. ౰ࣾಠࣗΧελϚΠζᶃ
    38
    ݴͬͯΔ͜ͱ͕ҧ͏ͷͰɺ
    ʮେ͸খΛ݉ͶΔʯͱ͍͏͜ͱͰ
    ޙ͔Βม͑Δ͜ͱ্౳Ͱ͚ͭ·͘Δ͜ͱʹͨ͠ɻ
    λάมߋͰ͋Ε͹Өڹ͸ͳ͘ɼ
    ͔ͭɺݱࡏͷ༧࣮؅ཧͰ͸ͦ͜·ͰλάΛ׆༻ͯ͠ͳ͍ͨΊ

    View Slide

  39. 5BHHJOH#FTU1SBDUJDFT
    "845BHHJOH4USBUFHJFTΛΑ
    ΓৄࡉԽ
    IUUQTEPDTBXTBNB[PODPNXIJUFQBQFSTMBUFTUUBHHJOHCFTUQSBDUJDFTJOUSPEVDUJPOUBHHJOHVTFDBTFTIUNM
    ϏϛϣʔʹݴͬͯΔ͜ͱ͕ҧ͏ͷͰ
    5BHHJOH#FTU1SBDUJDFTͷߟ͑ํΛجʹɺ
    5BHHJOH4USBUFHJFTͷ࣮૷ํ๏ΛϝΠϯʹ࣮૷

    View Slide

  40. λά໋໊نଇέόϒέʔεεωʔΫέʔε
    ΠϯϕϯτϦͬͯ%#ͩ͠ɺ͡Ό͋εωʔΫέʔεͩΑͶ
    5FSSBGPSNͷϕεϓϥ΋Ξϯείͩ͠ɻ
    Ϧιʔε໊نଇ
    \FOWJSPONFOU^\[email protected]^\Ϧιʔεಛ༗ͷ஋^
    4΍"-#ʹ͍ͭͯ͸OBNFλάͷΑ͏ͳޠ۟ؒΛ@ͳܗࣜͩ
    ͱͰ͖ͳ͍ͷͰɺͰͭͳ͛Δɻ
    ౰ࣾಠࣗΧελϚΠζᶄ
    40 IUUQTXXXUFSSBGPSNCFTUQSBDUJDFTDPNOBNJOH

    View Slide

  41. ౰ࣾಠࣗΧελϚΠζᶅ
    41
    λά؅ཧΛ
    ड͚࣋ͭ

    View Slide

  42. ౰ࣾಠࣗΧελϚΠζᶆ

    View Slide

  43. 43
    λά໊ ΧςΰϦ ඞਢ ྫ
    name Ϧιʔε໊ ○ ${service_id}.${environment}.${service_role}.$
    {name}
    service_id ΞϓϦɾαʔϏεID ○ dx
    service_role αʔϏε಺ͷ໾ׂ ○ web, db, log_storage
    cluster ecs Ϋϥελʔͱ͔
    environment ؀ڥ ○ dev, stg, prd
    version
    owner ੹೚ઌ ○
    cost_center ○ xxx, yyy, layerx (ސ٬໊)
    project ϓϩδΣΫτ໊ ○
    customer ಛఆͷ͓٬༷޲͚༻ Τϯϓϥϓϥϯʹ͸͓٬༷ઐ༻αʔόΛఏڙ
    ͠·͢...తͳͱ͖
    con
    fi
    dentiality ػີ౓߹͍ ○
    managed_by ͲͷIaC͔ ○ manual(σϑΥϧτ), terraform, cfn
    compliance ن੍ɾίϯϓϥ PII, [pii, iso27002]

    View Slide

  44. $PNNFSDJBMEBUBDMBTTJ
    fi
    DBUJPO
    4FOTJUJWF $PO
    fi
    EFOUJBM 1SJWBUF 1VCMJD
    IUUQTEPDTNJDSPTPGUDPNKBKQ
    TFDVSJUZVQEBUFT
    QMBOOJOHBOEJNQMFNFOUBUJPOHVJEF

    $PO
    fi
    EFOUJBMJUZʹؔ͢Δิ଍
    44

    View Slide

  45. 5BH7FS
    45

    View Slide

  46. ࣄۀ෦੍΁
    Ӭଓతͳ৘ใࢿ࢈͕ൃੜͨ͠
    Πϯϑϥత੔උΛ͢Δ̎ਓ͸ࣄۀ෦ʹ೿ݣ΁
    5BHWFS

    46

    View Slide

  47. ମ੍ /PX

    47

    View Slide

  48. ڞ༗ձ
    48

    View Slide

  49. [email protected]ͷ஋ʹ֤ࣄۀ෦͕ೖΔΑ͏ʹ
    OBNFλάΛഇࢭ
    λά໊ MBZFSYλά໊
    ͷQSF
    fi
    YΛഇࢭ
    EJGGGSPNWFS
    49

    View Slide

  50. 5BH7FS
    50

    View Slide

  51. 5FSSBGPSNQSPWJEFSW
    $50ަ୅
    *4.4औಘ։࢝
    5BHW

    51

    View Slide

  52. ମ੍ /PX

    52

    View Slide

  53. ڞ༗ձ
    53

    View Slide

  54. 5FSSBGPSN"841SPWJEFSWͷϦϦʔε
    54
    provider "aws"
    {

    region = var.regio
    n

    default_tags { tags = var.default_tags
    }

    }

    resource "aws_kms_key" "cloudtrail"
    {

    description = "key to encrypt/decrypt cloudtrail
    "

    tags =
    {

    service_role = var.service_role.km
    s

    }

    }
    resource "aws_kms_key" "cloudtrail"
    {

    description = "key to encrypt/decrypt cloudtrail
    "

    tags =
    {

    environment = pr
    d

    service_role = var.service_role.km
    s

    project = guardrai
    l

    service_id = guardrai
    l

    cost_center = layer
    X

    Owner = sr
    e

    managed_by = terrafor
    m

    github_repository - guardrai
    l

    }

    }
    [email protected]͍͜͞ʔ

    View Slide

  55. [email protected]௥Ճ
    ৘ใ۠෼ͷݟ௚͠
    લTFOTJUJWF DPO
    fi
    EFOUJBM QSJWBUF QSPQSJFUBSZ QVCMJD
    ޙDPO
    fi
    EFOUJBM QSJWBUF QVCMJD
    [email protected]Λ࣮ଶͰ͋ΔϦιʔεͷཻ౓ʹ͋ΘͤΔ
    ྫTFDSFUTNBOBHFSWBVMU
    EJGGGSPNWFS
    55

    View Slide

  56. ࠓޙ
    56

    View Slide

  57. λά౷੍
    λάFWFSZXIFSF
    λά؅ཧͷ؅ཧ
    λά΁ͷΞΫηε؅ཧΛ៛ີԽ
    λάΛ࢖ͬͨ"#"$ʁ
    ਖ਼௚͋·ΓϝϦοτΛײͯ͡ͳ͍ʜ
    5BHW GVUVSF

    57

    View Slide

  58. ࠾༻ͯ͠·͢
    ݸਓΧδϡΞϧ໘ஊ͔ΒͰ
    ΋0,
    58

    View Slide

  59. 59
    ࠾༻͸ͪ͜Β
    IUUQTIFSQDBSFFSTWMBZFSY
    ΧδϡΞϧ໘ஊ͸ͪ͜Β
    IUUQTNFFUZOFUBSUJDMFTUXXKK

    View Slide

  60. 60
    IUUQTNFFUZOFUNBUDIFTK"C
    ff
    [W-RK/B
    IUUQTIFSQDBSFFSTWMBZFSYZSR)(513Y

    View Slide

  61. 5IBOLZPV
    61

    View Slide