Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ここが嬉しいABAC ここが辛いよABAC #再解説+補足編

Avatar for MasahiroKawahara MasahiroKawahara
April 17, 2024
Technology
1
660

ここが嬉しいABAC ここが辛いよABAC #再解説+補足編

Avatar for MasahiroKawahara

MasahiroKawahara

April 17, 2024
Tweet

More Decks by MasahiroKawahara

See All by MasahiroKawahara
Amazon DevOps Guru のベースラインを整備して1ヶ月ほど運用してみた #jawsug_asa / Amazon DevOps Guru trial
Avatar for MasahiroKawahara masahirokawahara
3
250
DuckDB MCPサーバーを使ってAWSコストを分析させてみた / AWS cost analysis with DuckDB MCP server
Avatar for MasahiroKawahara masahirokawahara
0
1.8k
セキュリティ系アップデート全体像と AWS Organizations 新ポリシー「宣言型ポリシー」を紹介 / reGrowth 2024 Security
Avatar for MasahiroKawahara masahirokawahara
0
880
わたしとトラックポイント / TrackPoint tips
Avatar for MasahiroKawahara masahirokawahara
1
430
AWS CLIとシェルスクリプト、いつ使う?活用できる場面とTips紹介 #devio2024 / AWS CLI and Shell Tips
Avatar for MasahiroKawahara masahirokawahara
0
1.3k
EC2の脆弱性対応で何が使える? Inspector や SSM あたりを整理する #nakanoshima_dev
Avatar for MasahiroKawahara masahirokawahara
2
2.2k
SSM Inventory を使って便利に EC2 棚卸し(ハマりどころを添えて)
Avatar for MasahiroKawahara masahirokawahara
2
1.2k
疲弊しない!AWSセキュリティ統制の考え方 #devio_osakaday1
Avatar for MasahiroKawahara masahirokawahara
6
8.5k
セキュリティ系アップデートの全体像とSecurity Hub深掘り #AWSreInvent #cmregrowth
Avatar for MasahiroKawahara masahirokawahara
0
1.8k

Other Decks in Technology

See All in Technology
本部長の代わりに提案書レビュー! KDDI営業が毎日使うAIエージェント「A-BOSS」開発秘話
Avatar for みのるん minorun365
PRO
14
1.7k
API の仕様から紐解く「MCP 入門」 ~MCP の「コンテキスト」って何だ?~
Avatar for CData Software Japan cdataj
0
150
原則から考える保守しやすいComposable関数設計
Avatar for Mori Atsushi moriatsushi
2
330
Javalinの紹介
Avatar for Nobuhiro Oto notoh
0
100
"SaaS is Dead" は本当か!? 生成AI時代の医療 Vertical SaaS のリアル
Avatar for KAKEHASHI kakehashi
PRO
3
190
「伝える」を加速させるCursor術
Avatar for Naomi Shiraishi naomix
0
620
技術職じゃない私がVibe Codingで感じた、AGIが身近になる未来
Avatar for ayane blueb
0
120
Tenstorrent HW/SW 概要説明
Avatar for Tenstorrent Japan tenstorrent_japan
0
390
ゆるSRE #11 LT
Avatar for Kaoru okaru
1
590
Workflows から Agents へ ~ 生成 AI アプリの成長過程とアプローチ~
Avatar for Belong inc. belongadmin
3
150
VCpp Link and Library - C++ breaktime 2025 Summer
Avatar for Akiko Kawai harukasao
0
150
What's new in OpenShift 4.19
Avatar for Red Hat Livestreaming redhatlivestreaming
1
230

Featured

See All Featured
Keith and Marios Guide to Fast Websites
Avatar for Keith Pitt keithpitt
411
22k
Mobile First: as difficult as doing things right
Avatar for Swwweet swwweet
223
9.6k
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
407
66k
The Web Performance Landscape in 2024 [PerfNow 2024]
Avatar for Tammy Everts tammyeverts
8
650
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
PRO
20
1.3k
Bootstrapping a Software Product
Avatar for Garrett Dimon garrettdimon
PRO
307
110k
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
39
1.8k
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
30
5.8k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
PRO
181
53k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
71
11k
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.3k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
34
3k

Transcript

  1. ͕͜͜خ͍͠"#"$ ͕͜͜ਏ͍Α"#"$ ࠶ղઆ ิ଍ฤ

  2. ࣗݾ঺հ ઒ݪ੐େ LBXBIBSBNBTBIJSP ˔ $MBTTNFUIPE"84ࣄۀຊ෦ίϯαϧςΟϯά෦ ˔ ೥͔Β"84ηΩϡϦςΟ౷੍Λ͝ࢧԉ ˓ 0SHBOJ[BUJPOT $POUSPM5PXFS

    ˓ 4FDVSJUZ)VC (VBSE%VUZͳͲ ˔ "1/"845PQ&OHJOFFST 4FSWJDF ˔ +BQBO"845PQ&OHJOFFST 4FDVSJUZ https://dev.classmethod.jp/author/kawahara-masahiro/ 2

  3. 📝 ࿩͢಺༰ ˔ ࠷ॳʹ·ͱΊ ॻ͍ͨഎܠ ˔ 3#"$Λͬ͘͟Γͱ࠶આ໌ ˔ "#"$Λͬ͘͟Γͱ࠶આ໌ ˔

    "#"$PO"84ͷਏΈΛͬ͘͟Γͱ࠶આ໌ ˔ ิ଍

  4. ࠷ॳʹ·ͱΊ ॻ͍ͨഎܠ

  5. ϒϩάͷαϚϦʔ ˔ "#"$͸ 3#"$ͷ՝୊Λղܾ͢Δखஈ ˓ ϓϩδΣΫτ΍νʔϜ਺ͷεέʔϧʹڧ͍ ˓ ͖Ίࡉ͔ͳΞΫηε੍ޚ ˔ Ͱ΋"84؀ڥʹ͓͍ͯ͸

    ਏ͍͜ͱ͕ଟ͍ ˓ *".ϙϦγʔઃܭ ˓ ଐੑ λά ͷӡ༻ ˔ ·ͣ͸"84ΞΧ΢ϯτ෼཭ͰରԠͰ͖ͳ͍͔ɺݕ౼͍ͨ͠ "84ʹ͓͚Δ"#"$ͷخ͠͞ɺਏ͞ΛޠΓ·ͨ͠ ",*#""84c%FWFMPQFST*0 IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBLJCBBXTJBNBCBD

  6. ॻ͍ͨഎܠ *".ઃܭͷ͝ࢧԉΛաڈʹ࣮ࢪ ͭͷ"84ΞΧ΢ϯτ಺ʹڞ௨తʹར༻͢ΔαʔϏε͕༗Γɺ ෳ਺ϓϩδΣΫτ͕ࠞࡏ͍ͯ͠Δ؀ڥ ޓ͍ʹผϓϩδΣΫτͷϦιʔεʹׯবͰ͖ͳ͍Α͏ʹ͍ͨ͠ ˠ"#"$Λ࢖͑ͳ͍͔ʁ ͍Ζ͍Ζͱઃܭɾ࣮૷ͨ݁͠Ռɺྑ͍ͱ͜Ζ΋͋Γͳ͕Βɺ ʮਏ͍ͱ͜Ζ🌶ʯ ΋୔ࢁ͋ͬͨ ͦͷ಺༰Λڞ༗ͨ͠΋ͷ

    "84ʹ͓͚Δ"#"$ͷخ͠͞ɺਏ͞ΛޠΓ·ͨ͠ ",*#""84c%FWFMPQFST*0 IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBLJCBBXTJBNBCBD

  7. 3#"$Λͬ͘͟Γͱ࠶આ໌

  8. *".ϙϦγʔઃܭ OPU3#"$

  9. *".ϙϦγʔઃܭ 3#"$

  10. 3#"$ͱ͸ ˔ 3PMF#BTFE"DDFTT$POUSPM ໾ׂϕʔεͷΞΫηε੍ޚ ˔ ϓϦϯγύϧͷ໾ׂ 3PMF ʹج͍ͮͯϙϦγʔઃܭΛߦ͏

  11. 3#"$ͷಛ௃ ˔ ώτͱݖݶ ϙϦγʔ ͷؒʹ ໾ׂΛڬΉ ˔ ݖݶ ϙϦγʔ ͕ώτʹࠨӈ͞Εͳ͍

    ˔ *".ϙϦγʔઃܭͷ࠷΋جຊ ˔ ઃܭӡ༻͕γϯϓϧɺ෼͔Γ΍͍͢ ˓ ໾ׂΛચ͍ग़͢ ˓ ໾ׂʹରԠ͢ΔϙϦγʔΛઃܭ͢Δ ˓ ໾ׂͱϢʔβʔΛඥ෇͚Δ

  12. "#"$Λͬ͘͟Γͱ࠶આ໌

  13. ˛ൺֱ

  14. "#"$ͱ͸ ˔ "UUSJCVUF#BTFE"DDFTT$POUSPM ଐੑϕʔεͷΞΫηε੍ޚ ˔ ϓϦϯγύϧͷଐੑʹج͍ͮͯϙϦγʔઃܭΛߦ͏

  15. "#"$ͷಛ௃ ˔ ϓϦϯγύϧ ΞΫηεઌϦιʔε ʹଐੑΛ෇༩͢Δ ˔ ؅ཧ͢ΔϙϦγʔ਺͕গͳ͘ͳΔ ˔ ϓϩδΣΫτ΍νʔϜ਺ͷεέʔϧʹڧ͍ ˓

    3#"$͸ʮώτʯʹࠨӈ͞Εͳ͍ ➔ "#"$͸ʮ໾ׂʯʹࠨӈ͞Εͳ͍ ˔ ͖Ίࡉ͔ͳΞΫηε੍ޚΛ࣮ݱͰ͖Δ ˓ ෳ਺ͷଐੑΛ෇༩ͯ͠ɺΑΓॊೈ ෳࡶ ͳ੍ޚ΋Մೳ

  16. "84ͷ"#"$ "84ͷ"#"$͸ʰλάʱΛ׆༻

  17. "#"$PO"84ͷਏΈΛ ͬ͘͟Γͱ࠶આ໌

  18. "#"$PO"84ͷਏ͍ͱ͜Ζ ˔ ϙϦγʔઃܭ͕ਏ͍ ਏ͞🌶 ˓ ΑΓҰ૚"84υΩϡϝϯτΛಡΈࠐΉ ˓ ͦ΋ͦ΋ "#"$ʹରԠ͍ͯ͠ͳ͍αʔϏε͕͋Δ ˓

    $POEJUJPOઃܭͰপʹϋϚΓ͕ͪ ˠ࣍ͰϐοΫΞοϓ ˔ λάӡ༻͕ਏ͍ ਏ͞🌶🌶🌶 ˓ ʮλά͸ࣗ༝౓͕ߴ͗͢ΔʯͷͰ੍ޚ͕େม ˓ ܧଓతͳλά؂ࢹ͕ඞਢ

  19. l*".$POEJUJPOઃܭͷপz ྫ AWS IAMポリシーのConditionを書くときの勘所 #devio2022 | DevelopersIO IUUQTEFWDMBTTNFUIPEKQBSUJDMFTEFWJPJBNDPOEJUJPO

  20. l*".$POEJUJPOઃܭͷপz ྫ AWS IAMポリシーのConditionを書くときの勘所 #devio2022 | DevelopersIO IUUQTEFWDMBTTNFUIPEKQBSUJDMFTEFWJPJBNDPOEJUJPO

  21. վΊͯϒϩάͷαϚϦʔΛ࠶ܝ ˔ "#"$͸ 3#"$ͷ՝୊Λղܾ͢Δखஈ ˓ ϓϩδΣΫτ΍νʔϜ਺ͷεέʔϧʹڧ͍ ˓ ͖Ίࡉ͔ͳΞΫηε੍ޚ ˔ Ͱ΋"84؀ڥʹ͓͍ͯ͸

    ਏ͍͜ͱ͕ଟ͍ ˓ *".ϙϦγʔઃܭ ˓ ଐੑ λά ͷӡ༻ ˔ ·ͣ͸"84ΞΧ΢ϯτ෼཭ͰରԠͰ͖ͳ͍͔ɺݕ౼͍ͨ͠ "84ʹ͓͚Δ"#"$ͷخ͠͞ɺਏ͞ΛޠΓ·ͨ͠ ",*#""84c%FWFMPQFST*0 IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBLJCBBXTJBNBCBD

  22. ิ଍

  23. ཧ૝͸ʮجຊ3#"$ νϣοτμέ"#"$ʯ ˔ େ࿮ͷݖݶઃܭ͸ 3#"$ Λϕʔεʹ͢Δ ˔ ہॴతͳࡉ੍͔͍ޚΛ "#"$ Ͱ࣮૷͢Δ

    ˔ lνϣοτμέz ͷྫ ˓ ಛఆλά͕෇͍ͨ&$ΠϯελϯεͷΈىಈɾఀࢭͰ͖ΔΑ͏ʹ͢Δ ˓ ಛఆλά͕෇͍ͨ4FDSFUTͷΈಡΈऔΕΔ ˓ ಛఆλά͕෇͍ͨ-BNCEBؔ਺ͷΈىಈͰ͖Δ ˓ 

  24. "#"$ؔ܎ͳ͍࿩ ಡऔઐ༻ΞΫηεΛ༻ҙͯ͠·͔͢ʁ ؅ཧऀ͸ߋ৽࡞ۀ༻ͷΞΫηεͱಡऔઐ༻ͷΞΫηεΛఏڙͯ͋͛͠Α͏ ར༻ऀ͸ߋ৽͢Δͱ͖Ҏ֎͸ɺ ಡऔ༻ͷΞΫηεͰ"84؀ڥʹೖΔΑ͏ʹ৺͕͚Α͏ ʮ࢓૊Έ 3#"$΍"#"$ ʯͱʮݸʑਓͷηΩϡϦςΟҙࣝʯͷ྆ํ͔Β࠷খݖݶΛ࣮ݱ͠Α͏

  25. 25