Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AWS Organizationsでマルチアカウント戦略を始めよう
Search
MasahiroKawahara
February 08, 2023
Technology
1
3.3k
AWS Organizationsでマルチアカウント戦略を始めよう
MasahiroKawahara
February 08, 2023
Tweet
Share
More Decks by MasahiroKawahara
See All by MasahiroKawahara
ここが嬉しいABAC ここが辛いよABAC #再解説+補足編
masahirokawahara
1
290
疲弊しない!AWSセキュリティ統制の考え方 #devio_osakaday1
masahirokawahara
6
7k
セキュリティ系アップデートの全体像とSecurity Hub深掘り #AWSreInvent #cmregrowth
masahirokawahara
0
1.3k
AWSのマルチアカウント管理を始めよう #AWSSummit
masahirokawahara
1
1.1k
AWS IAMポリシーのConditionを書くときの勘所
masahirokawahara
0
5.6k
AWSのマルチアカウント戦略...ってなに?
masahirokawahara
3
19k
AWS Organizations で始めるマルチアカウント管理
masahirokawahara
0
3k
AWSのABAC「ここが嬉しいよ、ここが辛いよ」
masahirokawahara
7
8.1k
[社内勉強会] AWS Organizations の基礎
masahirokawahara
0
4.7k
Other Decks in Technology
See All in Technology
生成AIの変革の時代に、直近1年で直面した課題とその解決策
ktc_wada
0
510
データベース02: データベースの概念
trycycle
0
180
MixIT 2024 - Pulumi : Gérer son infra avec son langage de programmation préféré
ju_hnny5
1
120
Building a RAG-poweredAI chat appwith Python and VS Code
pamelafox
0
140
今年のRubyKaigiはProfiler Year🤘
osyoyu
0
310
Tellus の衛星データを見てみよう #mf_fukuoka
kongmingstrap
0
260
FrontDoorとWebAppsを組み合わせた際のリダイレクト処理の注意点
kenichirokimura
1
700
Babylon.js JAPAN活動紹介 (2024/4)
limes2018
1
110
本当のAWS基礎
toru_kubota
1
610
Cracking the KubeCon CfP
inductor
2
270
KubeConにproposalを送りたい人へのアドバイス
sat
PRO
3
270
The AI Revolution Will Not Be Monopolized: Behind the scenes
inesmontani
PRO
1
150
Featured
See All Featured
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
13
8.3k
Designing Experiences People Love
moore
136
23k
Automating Front-end Workflow
addyosmani
1357
200k
Become a Pro
speakerdeck
PRO
12
4.6k
What's in a price? How to price your products and services
michaelherold
238
11k
GitHub's CSS Performance
jonrohan
1025
450k
Making Projects Easy
brettharned
109
5.5k
Testing 201, or: Great Expectations
jmmastey
29
6.4k
How to name files
jennybc
65
93k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
155
14k
A Philosophy of Restraint
colly
197
16k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
33
6k
Transcript
"840SHBOJ[BUJPOTͰ ϚϧνΞΧϯτઓུΛ࢝ΊΑ͏ ݪେ
εϥΠυޙʹೖखՄೳͰ͢ ൃදதͷ༰ΛϝϞ͢Δඞཁ͋Γ·ͤΜ Attention
Έͳ͞Μ͕ৗͰ͍ͬͯΔ AWSΞΧϯτΛࢥ͍ු͔͍ͯͩ͘͞
EC2Πϯελϯεͷ ϦιʔεҰཡը໘
Α͍ͬͯ͘Δ IAMϢʔβʔIAMϩʔϧ
AWSར༻ͷٻใ
͜Μͳײ͡ʹͳ͍ͬͯ·ͤΜ͔ʁ
͍ΖΜͳϓϩδΣΫτ/ڥͷ EC2Πϯελϯε͕ͪ͝Ό·ͥ
IAMϙϦγʔਫ਼ࠪʹർฐ͍ͯ͠Δ
ٯʹաͳIAMϙϦγʔΛ༩͍ͯ͠Δ
৭ΜͳϓϩδΣΫτͷ ίετ͕ͪ͝Ό·ͥ
ͯ·Δํɾɾɾ ͥͻϚϧνΞΧϯτઓུ with AWS OrganizationsΛʂ
͜Ε͔Β͢͜ͱ ɾϚϧνΞΧϯτઓུͳͥඞཁʁ ɾ"840SHBOJ[BUJPOTͳͥඞཁʁ ɾϚϧνΞΧϯτઓུɺԿ͔Β࢝ΊΔʁ ݪ େ ɾΫϥεϝιου ɾAWSࣄۀຊ෦ ίϯαϧςΟϯά෦ॴଐ
ɾ͖ͳAWSαʔϏε: AWS IAM ɾ2022 APN AWS Top Engineers (Service) https://dev.classmethod.jp/author/kawahara-masahiro/
ϚϧνΞΧϯτઓུͳͥඞཁʁ
ͦͦ ϚϧνΞΧϯτઓུͱʁ
"84ͷϚϧνΞΧϯτઓུ ʰಛఆͷ୯Ґج४Ͱ"84ΞΧϯτΛ͚Δʱઓུ
ͳͥඞཁʁ
AWSΞΧϯτͷಛੑΛ͏·͘׆༻ͯ͠ ΞδϦςΟͱΨόφϯεΛཱ྆ͤ͞ΔͨΊ Q. AWSϚϧνΞΧϯτઓུͳͥඞཁʁ
ϚϧνΞΧϯτઓུͷϝϦοτ
ϝϦοτηΩϡϦςΟ্ "84ΞΧϯτηΩϡϦςΟͷڥքઢ lશͳݖݶzΛ࣮ݱ
ϝϦοτ։ൃεϐʔυͷଅਐ "84ΞΧϯτϦιʔεͷڥքઢ ଞϦιʔεͱͷlґଘؔzΛഉআ
ϝϦοτίετ࠷దԽ "84ΞΧϯτίετͷڥքઢ l؆୯ʹz͔ͭlݫີʹzίετྨ
͜͜·Ͱͷ·ͱΊ ϚϧνΞΧϯτઓུͰʰಛఆͷ୯Ґج४ʱͰ "84ΞΧϯτΛׂͯ͠ӡ༻͍ͯ͘͠ɻ ΞδϦςΟͱΨόφϯεΛཱ྆ͤ͞ΔͨΊʹඞཁɻ "84ΞΧϯτͷಛੑ ༷ʑͳڥքઢ Λ͏·͘׆༻ɻ
AWS Organizationsͳͥඞཁʁ
"840SHBOJ[BUJPOT ෳ"84ΞΧϯτΛ৫Խͯ͠৭ʑͰ͖ΔΑ͏ʹ͢ΔαʔϏε ը૾Ҿ༻: AWS Organizations ͷ༻ޠͱ֓೦ - AWS Organizations
ͳͥඞཁʁ
ϚϧνΞΧϯτઓུͷಛੑ্ ౷੍͕ࡶʹͳΓ͕ͪͳ෦Λ αϙʔτ͢ΔͨΊ Q. AWS Organizationsͳͥඞཁʁ
AWS Organizations͕αϙʔτ͢Δ͜ͱ #ϐοΫΞοϓ
ྫٻͷ؆ૉԽ ϚϧνΞΧϯτઓུlΞΧϯτຖͷٻཧz͕ࡶʹͳΓ͕ͪ ➔lཧΞΧϯτzٻΛू 5JQT "840SHBOJ[BUJPOTͰ छྨͷ"84ΞΧϯτΛఆΊ·͢ ཧΞΧϯτ ͭ
0SHBOJ[BUJPOTΛ༗ޮԽͨ͠ΞΧϯτ ϝϯόʔΞΧϯτ ෳ ཧΞΧϯτʹཧ͞ΕΔΞΧϯτ 📝
ϚϧνΞΧϯτઓུlϩά౷੍z͕ࡶʹͳΓ͕ͪ ➔l"840SHBOJ[BUJPOT࿈ܞzͰ؆୯ʹूɺूதཧ ྫϩά ূ ͷूͱूதཧ 5JQT "840SHBOJ[BUJPOTଟ͘ͷ"84αʔϏεͱ ࿈ܞ͍ͯ͠·͢ɻ 📝
ྫΞΫηε੍ޚͷҰׅઃఆ ϚϧνΞΧϯτઓུlηΩϡϦςΟ౷੍z͕ࡶʹͳΓ͕ͪ ➔αʔϏείϯτϩʔϧϙϦγʔ 4$1 ͰҰׅΞΫηε੍ޚ 5JQT 0SHBOJ[BUJPOBM6OJU ৫୯Ґ06
ϝϯόʔΞΧϯτΛάϧʔϓԽ֊Խ ͢ΔͨΊͷ αʔϏείϯτϩʔϧϙϦγʔ 4$1 06ΞΧϯτ୯ҐͰద༻͢ΔϙϦγʔ 📝
ྫϢʔβʔͱΞΫηεͷूதཧ ϚϧνΞΧϯτઓུlϢʔβʔɾΞΫηεཧz͕ࡶʹͳΓ͕ͪ ➔l"84*".*EFOUJUZ$FOUFSzͰूதཧ
͜͜·Ͱͷ·ͱΊ "840SHBOJ[BUJPOTෳͷ"84ΞΧϯτΛ৫ Խͯ͠ɺ৭ʑͰ͖ΔΑ͏ʹ͢ΔαʔϏεɻ ϚϧνΞΧϯτઓུͰ౷੍͕ࡶʹͳΓ͕ͪͳ෦Λ αϙʔτ͢Δɻ
ϚϧνΞΧϯτઓུɺԿ͔Β࢝ΊΔʁ
͓͢͢Ίεςοϓ ᶃ"84ΞΧϯτׂํΛܾΊΑ͏ ᶄαʔϏείϯτϩʔϧϙϦγʔ 4$1 Λ׆༻͠Α͏ ᶅ"84*".*EFOUJUZ$FOUFSΛ׆༻͠Α͏ ᶆ৭Μͳ0SHBOJ[BUJPOT࿈ܞαʔϏεΛ׆༻͠Α͏
ᶃ"84ΞΧϯτׂํΛܾΊΑ͏ "84ΞΧϯτΛׂ͢Δج४ΛఆΊ·͠ΐ͏ ͦΕʹ͋Θͤͨ৫୯Ґ 06 ઃܭΛߦ͍·͢
ᶃ"84ΞΧϯτׂํΛܾΊΑ͏ ΞΧϯτׂ06ઃܭͷϞσϧέʔε
ᶃ"84ΞΧϯτׂํΛܾΊΑ͏ ΞΧϯτׂ06ઃܭͷϞσϧέʔε ΞΧϯτԣஅͰ ηΩϡϦςΟӡ༻͢ΔͨΊͷ "84ΞΧϯτ ΞΧϯτԣஅͰ ϩάΛूதཧ͢ΔͨΊͷ "84ΞΧϯτ →
↑ ݕূ ඇຊ൪ ϫʔΫϩʔυͷ "84ΞΧϯτΛஔ͢Δ06 ↓ ຊ൪ϫʔΫϩʔυͷ "84ΞΧϯτΛஔ͢Δ06 ↓
ᶄαʔϏείϯτϩʔϧϙϦγʔ 4$1 Λ׆༻͠Α͏ ༧తΨʔυϨʔϧͱͯ͠ϑϧ׆༻ ˝Α͋͘Δ੍ޚྫ ɾΘͳ͍ϦʔδϣϯͰͷૢ࡞ېࢭ ɾηΩϡϦςΟαʔϏεͷແޮԽېࢭFUD ࢀߟ: αʔϏείϯτϩʔϧϙϦγʔͷྫ
- AWS Organizations
ᶅ"84*".*EFOUJUZ$FOUFSΛ׆༻͠Α͏ l୭͕ͲͷΞΧϯτʹͲͷݖݶͰΞΫηε͢Δ͔zΛूதཧ ֤"84ΞΧϯτʹ*".ϢʔβʔΛ࡞Δඞཁ͕ແ͘ͳΓ·͢
ᶆ৭Μͳ0SHBOJ[BUJPOT࿈ܞαʔϏεΛ׆༻͠Α͏ શͯΛ׆༻͍ͯ͘͠ඞཁແ͠ ˝͓͢͢Ί0SHBOJ[BUJPOT࿈ܞαʔϏε ɾ"84$MPVE5SBJM৫ϨϕϧͰূΛཧ ɾ"84$MPVE'PSNBUJPO06୯ҐͰϦιʔεΛల։ ɾ"NB[PO(VBSE%VUZ "844FDVSJUZ)VC ࣍εϥΠυ
"NB[PO(VBSE%VUZ "844FDVSJUZ)VC ηΩϡϦςΟαʔϏεΛΞΧϯτԣஅͰཧɾӡ༻ ࢀߟ: ɾOrganizations ڥͰ Amazon GuardDuty ΛશϦʔδϣϯ؆୯ηοτΞοϓͯ͠ΈΔ
| DevelopersIO ɾOrganizations ڥͰ AWS Security Hub ΛશϦʔδϣϯ؆୯ηοτΞοϓ͢Δ | DevelopersIO
͓ΘΓʹ
͓ΘΓʹ "84ΞΧϯτͷಛੑΛ্ख͘׆༻ͯ͠ɺϚϧνΞΧ ϯτઓུΛਪਐ͠·͠ΐ͏ɻ ਪਐαϙʔτʹ"840SHBOJ[BUJPOT͕ศརͰ͢ɻ lεϞʔϧελʔτzɺl·ͣ৮ͬͯΈΔzΛҙࣝ͠· ͠ΐ͏ʂ
࠷ޙʹએ$MBTTNFUIPE$MPVE(VJEFCPPL ʮ৫తͳ"84׆༻ͷͨΊͷϊϋʯΛ·ͱΊͨφϨοδू Ϋϥεϝιουϝϯόʔζ͚ʹແঈެ։தͰ͢📚 ˛"84αʔϏεͷϕετϓϥΫςΟε ˛"84ར༻ΨΠυϥΠϯͷαϯϓϧ ˞্ه༰ߋ৽͞ΕΔՄೳੑ͕͋Γɺ࣮ࡍͷϖʔδͱҟͳΔ߹͕͋Γ·͢ Ϋϥεϝιουϝϯόʔζϙʔλϧɿ ʮཱ͓ͪใʯˠʮ৫తͳ"84׆༻ͷͨΊͷϊϋʯ
None