Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWS Organizationsでマルチアカウント戦略を始めよう

AWS Organizationsでマルチアカウント戦略を始めよう

MasahiroKawahara

February 08, 2023
Tweet

More Decks by MasahiroKawahara

Other Decks in Technology

Transcript

  1. "840SHBOJ[BUJPOTͰ
    ϚϧνΞΧ΢ϯτઓུΛ࢝ΊΑ͏

    ઒ݪ੐େ

    View full-size slide

  2. εϥΠυ͸ޙʹೖखՄೳͰ͢


    ൃදதͷ಺༰ΛϝϞ͢Δඞཁ͸͋Γ·ͤΜ
    Attention

    View full-size slide


  3. Έͳ͞Μ͕೔ৗͰ࢖͍ͬͯΔ


    AWSΞΧ΢ϯτΛࢥ͍ු͔΂͍ͯͩ͘͞

    View full-size slide


  4. EC2Πϯελϯεͷ


    ϦιʔεҰཡը໘

    View full-size slide


  5. Α͘࢖͍ͬͯΔ


    IAMϢʔβʔ΍IAMϩʔϧ

    View full-size slide


  6. AWSར༻ͷ੥ٻ৘ใ

    View full-size slide


  7. ͜Μͳײ͡ʹͳ͍ͬͯ·ͤΜ͔ʁ

    View full-size slide


  8. ͍ΖΜͳϓϩδΣΫτ/؀ڥͷ


    EC2Πϯελϯε͕ͪ͝Ό·ͥ

    View full-size slide


  9. IAMϙϦγʔਫ਼ࠪʹർฐ͍ͯ͠Δ

    View full-size slide


  10. ٯʹա৒ͳIAMϙϦγʔΛ෇༩͍ͯ͠Δ

    View full-size slide


  11. ৭ΜͳϓϩδΣΫτͷ


    ίετ͕ͪ͝Ό·ͥ

    View full-size slide

  12. ౰ͯ͸·Δํ͸ɾɾɾ
    ͥͻϚϧνΞΧ΢ϯτઓུ


    with AWS OrganizationsΛʂ

    View full-size slide

  13. ͜Ε͔Β࿩͢͜ͱ
    ɾϚϧνΞΧ΢ϯτઓུ͸ͳͥඞཁʁ
    ɾ"840SHBOJ[BUJPOT͸ͳͥඞཁʁ
    ɾϚϧνΞΧ΢ϯτઓུɺԿ͔Β࢝ΊΔʁ
    ઒ݪ ੐େ


    ɾΫϥεϝιου


    ɾAWSࣄۀຊ෦ ίϯαϧςΟϯά෦ॴଐ


    ɾ޷͖ͳAWSαʔϏε: AWS IAM


    ɾ2022 APN AWS Top Engineers (Service)
    https://dev.classmethod.jp/author/kawahara-masahiro/

    View full-size slide


  14. ϚϧνΞΧ΢ϯτઓུ͸ͳͥඞཁʁ

    View full-size slide


  15. ͦ΋ͦ΋


    ϚϧνΞΧ΢ϯτઓུͱ͸ʁ

    View full-size slide

  16. "84ͷϚϧνΞΧ΢ϯτઓུ
    ʰಛఆͷ୯Ґج४Ͱ"84ΞΧ΢ϯτΛ෼͚Δʱઓུ

    View full-size slide


  17. ͳͥඞཁʁ

    View full-size slide


  18. AWSΞΧ΢ϯτͷಛੑΛ͏·͘׆༻ͯ͠


    ΞδϦςΟͱΨόφϯεΛཱ྆ͤ͞ΔͨΊ
    Q. AWSϚϧνΞΧ΢ϯτઓུ͸ͳͥඞཁʁ

    View full-size slide


  19. ϚϧνΞΧ΢ϯτઓུͷϝϦοτ

    View full-size slide

  20. ϝϦοτηΩϡϦςΟ޲্
    "84ΞΧ΢ϯτ͸ηΩϡϦςΟͷڥքઢ
    l׬શͳݖݶ෼཭zΛ࣮ݱ

    View full-size slide

  21. ϝϦοτ։ൃεϐʔυͷଅਐ
    "84ΞΧ΢ϯτ͸Ϧιʔεͷڥքઢ
    ଞϦιʔεͱͷlґଘؔ܎zΛഉআ

    View full-size slide

  22. ϝϦοτίετ࠷దԽ
    "84ΞΧ΢ϯτ͸ίετͷڥքઢ
    l؆୯ʹz͔ͭlݫີʹzίετ෼ྨ

    View full-size slide

  23. ͜͜·Ͱͷ·ͱΊ
    ϚϧνΞΧ΢ϯτઓུͰ͸ʰಛఆͷ୯Ґج४ʱͰ
    "84ΞΧ΢ϯτΛ෼ׂͯ͠ӡ༻͍ͯ͘͠ɻ
    ΞδϦςΟͱΨόφϯεΛཱ྆ͤ͞ΔͨΊʹඞཁɻ
    "84ΞΧ΢ϯτͷಛੑ ༷ʑͳڥքઢ
    Λ͏·͘׆༻ɻ

    View full-size slide


  24. AWS Organizations͸ͳͥඞཁʁ

    View full-size slide

  25. "840SHBOJ[BUJPOT
    ෳ਺"84ΞΧ΢ϯτΛ૊৫Խͯ͠৭ʑͰ͖ΔΑ͏ʹ͢ΔαʔϏε
    ը૾Ҿ༻: AWS Organizations ͷ༻ޠͱ֓೦ - AWS Organizations

    View full-size slide


  26. ͳͥඞཁʁ

    View full-size slide


  27. ϚϧνΞΧ΢ϯτઓུͷಛੑ্


    ౷੍͕൥ࡶʹͳΓ͕ͪͳ෦෼Λ


    αϙʔτ͢ΔͨΊ
    Q. AWS Organizations͸ͳͥඞཁʁ

    View full-size slide


  28. AWS Organizations͕αϙʔτ͢Δ͜ͱ


    #ϐοΫΞοϓ

    View full-size slide

  29. ྫ੥ٻͷ؆ૉԽ
    ϚϧνΞΧ΢ϯτઓུ͸lΞΧ΢ϯτຖͷ੥ٻ؅ཧz͕൥ࡶʹͳΓ͕ͪ
    ➔l؅ཧΞΧ΢ϯτz΁੥ٻΛू໿
    5JQT
    "840SHBOJ[BUJPOTͰ͸
    छྨͷ"84ΞΧ΢ϯτΛఆΊ·͢
    ؅ཧΞΧ΢ϯτ ͭ

    0SHBOJ[BUJPOTΛ༗ޮԽͨ͠ΞΧ΢ϯτ
    ϝϯόʔΞΧ΢ϯτ ෳ਺

    ؅ཧΞΧ΢ϯτʹ؅ཧ͞ΕΔΞΧ΢ϯτ
    📝

    View full-size slide

  30. ϚϧνΞΧ΢ϯτઓུ͸lϩά౷੍z͕൥ࡶʹͳΓ͕ͪ
    ➔l"840SHBOJ[BUJPOT࿈ܞzͰ؆୯ʹू໿ɺूத؅ཧ
    ྫϩά ূ੻
    ͷू໿ͱूத؅ཧ
    5JQT
    "840SHBOJ[BUJPOT͸ଟ͘ͷ"84αʔϏεͱ
    ࿈ܞ͍ͯ͠·͢ɻ
    📝

    View full-size slide

  31. ྫΞΫηε੍ޚͷҰׅઃఆ
    ϚϧνΞΧ΢ϯτઓུ͸lηΩϡϦςΟ౷੍z͕൥ࡶʹͳΓ͕ͪ
    ➔αʔϏείϯτϩʔϧϙϦγʔ 4$1
    ͰҰׅΞΫηε੍ޚ
    5JQT
    0SHBOJ[BUJPOBM6OJU ૊৫୯Ґ06

    ϝϯόʔΞΧ΢ϯτΛάϧʔϓԽ֊૚Խ
    ͢ΔͨΊͷ࿮
    αʔϏείϯτϩʔϧϙϦγʔ 4$1

    06ΞΧ΢ϯτ୯ҐͰద༻͢ΔϙϦγʔ
    📝

    View full-size slide

  32. ྫϢʔβʔͱΞΫηεͷूத؅ཧ
    ϚϧνΞΧ΢ϯτઓུ͸lϢʔβʔɾΞΫηε؅ཧz͕൥ࡶʹͳΓ͕ͪ
    ➔l"84*".*EFOUJUZ$FOUFSzͰूத؅ཧ

    View full-size slide

  33. ͜͜·Ͱͷ·ͱΊ
    "840SHBOJ[BUJPOT͸ෳ਺ͷ"84ΞΧ΢ϯτΛ૊৫
    Խͯ͠ɺ৭ʑͰ͖ΔΑ͏ʹ͢ΔαʔϏεɻ
    ϚϧνΞΧ΢ϯτઓུͰ౷੍͕൥ࡶʹͳΓ͕ͪͳ෦෼Λ
    αϙʔτ͢Δɻ

    View full-size slide


  34. ϚϧνΞΧ΢ϯτઓུɺԿ͔Β࢝ΊΔʁ

    View full-size slide

  35. ͓͢͢Ίεςοϓ
    ᶃ"84ΞΧ΢ϯτ෼ׂํ਑ΛܾΊΑ͏
    ᶄαʔϏείϯτϩʔϧϙϦγʔ 4$1
    Λ׆༻͠Α͏
    ᶅ"84*".*EFOUJUZ$FOUFSΛ׆༻͠Α͏
    ᶆ৭Μͳ0SHBOJ[BUJPOT࿈ܞαʔϏεΛ׆༻͠Α͏

    View full-size slide

  36. ᶃ"84ΞΧ΢ϯτ෼ׂํ਑ΛܾΊΑ͏
    "84ΞΧ΢ϯτΛ෼ׂ͢Δج४ΛఆΊ·͠ΐ͏
    ͦΕʹ͋Θͤͨ૊৫୯Ґ 06
    ઃܭΛߦ͍·͢

    View full-size slide

  37. ᶃ"84ΞΧ΢ϯτ෼ׂํ਑ΛܾΊΑ͏
    ΞΧ΢ϯτ෼ׂ06ઃܭͷϞσϧέʔε

    View full-size slide

  38. ᶃ"84ΞΧ΢ϯτ෼ׂํ਑ΛܾΊΑ͏
    ΞΧ΢ϯτ෼ׂ06ઃܭͷϞσϧέʔε
    ΞΧ΢ϯτԣஅͰ
    ηΩϡϦςΟӡ༻͢ΔͨΊͷ
    "84ΞΧ΢ϯτ
    ΞΧ΢ϯτԣஅͰ
    ϩάΛूத؅ཧ͢ΔͨΊͷ
    "84ΞΧ΢ϯτ


    ݕূ ඇຊ൪
    ϫʔΫϩʔυͷ
    "84ΞΧ΢ϯτΛ഑ஔ͢Δ06

    ຊ൪ϫʔΫϩʔυͷ
    "84ΞΧ΢ϯτΛ഑ஔ͢Δ06

    View full-size slide

  39. ᶄαʔϏείϯτϩʔϧϙϦγʔ 4$1
    Λ׆༻͠Α͏
    ༧๷తΨʔυϨʔϧͱͯ͠ϑϧ׆༻
    ˝Α͋͘Δ੍ޚྫ
    ɾ࢖Θͳ͍ϦʔδϣϯͰͷૢ࡞ېࢭ
    ɾηΩϡϦςΟαʔϏεͷແޮԽېࢭFUD
    ࢀߟ: αʔϏείϯτϩʔϧϙϦγʔͷྫ - AWS Organizations

    View full-size slide

  40. ᶅ"84*".*EFOUJUZ$FOUFSΛ׆༻͠Α͏
    l୭͕ͲͷΞΧ΢ϯτʹͲͷݖݶͰΞΫηε͢Δ͔zΛूத؅ཧ
    ֤"84ΞΧ΢ϯτʹ*".ϢʔβʔΛ࡞Δඞཁ͕ແ͘ͳΓ·͢

    View full-size slide

  41. ᶆ৭Μͳ0SHBOJ[BUJPOT࿈ܞαʔϏεΛ׆༻͠Α͏
    શͯΛ׆༻͍ͯ͘͠ඞཁ͸ແ͠
    ˝͓͢͢Ί0SHBOJ[BUJPOT࿈ܞαʔϏε
    ɾ"84$MPVE5SBJM૊৫ϨϕϧͰূ੻Λ؅ཧ
    ɾ"84$MPVE'PSNBUJPO06୯ҐͰϦιʔεΛల։
    ɾ"NB[PO(VBSE%VUZ "844FDVSJUZ)VC ࣍εϥΠυ

    View full-size slide

  42. "NB[PO(VBSE%VUZ "844FDVSJUZ)VC
    ηΩϡϦςΟαʔϏεΛΞΧ΢ϯτԣஅͰ؅ཧɾӡ༻
    ࢀߟ:


    ɾOrganizations ؀ڥͰ Amazon GuardDuty ΛશϦʔδϣϯ΁؆୯ηοτΞοϓͯ͠ΈΔ | DevelopersIO


    ɾOrganizations ؀ڥͰ AWS Security Hub ΛશϦʔδϣϯ΁؆୯ηοτΞοϓ͢Δ | DevelopersIO

    View full-size slide

  43. ͓ΘΓʹ
    "84ΞΧ΢ϯτͷಛੑΛ্ख͘׆༻ͯ͠ɺϚϧνΞΧ
    ΢ϯτઓུΛਪਐ͠·͠ΐ͏ɻ
    ਪਐαϙʔτʹ͸"840SHBOJ[BUJPOT͕ศརͰ͢ɻ
    lεϞʔϧελʔτzɺl·ͣ͸৮ͬͯΈΔzΛҙࣝ͠·
    ͠ΐ͏ʂ

    View full-size slide

  44. ࠷ޙʹએ఻$MBTTNFUIPE$MPVE(VJEFCPPL
    ʮ૊৫తͳ"84׆༻ͷͨΊͷϊ΢ϋ΢ʯΛ·ͱΊͨφϨοδू
    Ϋϥεϝιουϝϯόʔζ޲͚ʹແঈެ։தͰ͢📚
    ˛"84αʔϏεͷϕετϓϥΫςΟε ˛"84ར༻ΨΠυϥΠϯͷαϯϓϧ
    ˞্ه಺༰͸౎౓ߋ৽͞ΕΔՄೳੑ͕͋Γɺ࣮ࡍͷϖʔδͱҟͳΔ৔߹͕͋Γ·͢
    Ϋϥεϝιουϝϯόʔζϙʔλϧɿ
    ʮ͓໾ཱͪ৘ใʯˠʮ૊৫తͳ"84׆༻ͷͨΊͷϊ΢ϋ΢ʯ

    View full-size slide