Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ここが嬉しいABAC ここが辛いよABAC #再解説+補足編

Avatar for MasahiroKawahara MasahiroKawahara
April 17, 2024
Technology
1
780

ここが嬉しいABAC ここが辛いよABAC #再解説+補足編

Avatar for MasahiroKawahara

MasahiroKawahara

April 17, 2024
Tweet

More Decks by MasahiroKawahara

See All by MasahiroKawahara
新 Security HubがついにGA!仕組みや料金を深堀り #AWSreInvent #regrowth / AWS Security Hub Advanced GA
Avatar for MasahiroKawahara masahirokawahara
1
2.9k
AWS環境のリソース調査を Claude Code で効率化 / aws investigate with cc devio2025
Avatar for MasahiroKawahara masahirokawahara
2
1.8k
ここ一年のCCoEとしてのAWSコスト最適化を振り返る / CCoE AWS Cost Optimization devio2025
Avatar for MasahiroKawahara masahirokawahara
1
2k
生まれ変わった AWS Security Hub (Preview) を紹介 #reInforce_osaka / reInforce New Security Hub
Avatar for MasahiroKawahara masahirokawahara
0
1.3k
Amazon DevOps Guru のベースラインを整備して1ヶ月ほど運用してみた #jawsug_asa / Amazon DevOps Guru trial
Avatar for MasahiroKawahara masahirokawahara
3
540
DuckDB MCPサーバーを使ってAWSコストを分析させてみた / AWS cost analysis with DuckDB MCP server
Avatar for MasahiroKawahara masahirokawahara
0
2.4k
セキュリティ系アップデート全体像と AWS Organizations 新ポリシー「宣言型ポリシー」を紹介 / reGrowth 2024 Security
Avatar for MasahiroKawahara masahirokawahara
0
1.1k
わたしとトラックポイント / TrackPoint tips
Avatar for MasahiroKawahara masahirokawahara
1
610
AWS CLIとシェルスクリプト、いつ使う?活用できる場面とTips紹介 #devio2024 / AWS CLI and Shell Tips
Avatar for MasahiroKawahara masahirokawahara
0
1.6k

Other Decks in Technology

See All in Technology
制約が導く迷わない設計 〜 信頼性と運用性を両立するマイナンバー管理システムの実践 〜
Avatar for ないとー bwkw
2
840
ZOZOにおけるAI活用の現在 ~開発組織全体での取り組みと試行錯誤~
Avatar for ZOZO Developers zozotech
PRO
4
4.8k
What happened to RubyGems and what can we learn?
Avatar for Mike McQuaid mikemcquaid
0
240
ClickHouseはどのように大規模データを活用したAIエージェントを全社展開しているのか
Avatar for Miki Matsumoto mikimatsumoto
0
190
All About Sansan – for New Global Engineers
Avatar for Sansan, Inc. sansan33
PRO
1
1.3k
SREが向き合う大規模リアーキテクチャ 〜信頼性とアジリティの両立〜
Avatar for Kuniaki Moriya zepprix
0
390
2人で作ったAIダッシュボードが、開発組織の次の一手を照らした話― Cursor × SpecKit × 可視化の実践 ― Qiita AI Summit
Avatar for NOBORU ITOU noalisaai
1
370
茨城の思い出を振り返る ~CDKのセキュリティを添えて~ / 20260201 Mitsutoshi Matsuo
Avatar for SHIFT EVOLVE shift_evolve
PRO
1
180
Meshy Proプラン課金した
Avatar for henjin0 henjin0
0
240
顧客との商談議事録をみんなで読んで顧客解像度を上げよう
Avatar for shibayu36 shibayu36
0
150
CDKで始めるTypeScript開発のススメ
Avatar for つくぼし tsukuboshi
1
310
仕様書駆動AI開発の実践: Issue→Skill→PRテンプレで 再現性を作る
Avatar for 西岡 賢一郎 (Kenichiro Nishioka) knishioka
2
580

Featured

See All Featured
16th Malabo Montpellier Forum Presentation
Avatar for AKADEMIYA2063 akademiya2063
PRO
0
47
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
74
11k
Faster Mobile Websites
Avatar for Dean Hume deanohume
310
31k
Discover your Explorer Soul
Avatar for Emna emna__ayadi
2
1.1k
The Director’s Chair: Orchestrating AI for Truly Effective Learning
Avatar for Mike Taylor tmiket
1
96
Leadership Guide Workshop - DevTernity 2021
Avatar for David Neal reverentgeek
1
200
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
370
20k
Un-Boring Meetings
Avatar for Sebastian Deterding codingconduct
0
200
30 Presentation Tips
Avatar for Ian Lurie portentint
PRO
1
210
Ethics towards AI in product and experience design
Avatar for Skipper Chong Warson skipperchong
2
190
The Impact of AI in SEO - AI Overviews June 2024 Edition
Avatar for Aleyda Solis aleyda
5
730
Reality Check: Gamification 10 Years Later
Avatar for Sebastian Deterding codingconduct
0
2k

Transcript

  1. ͕͜͜خ͍͠"#"$ ͕͜͜ਏ͍Α"#"$ ࠶ղઆ ิ଍ฤ

  2. ࣗݾ঺հ ઒ݪ੐େ LBXBIBSBNBTBIJSP ˔ $MBTTNFUIPE"84ࣄۀຊ෦ίϯαϧςΟϯά෦ ˔ ೥͔Β"84ηΩϡϦςΟ౷੍Λ͝ࢧԉ ˓ 0SHBOJ[BUJPOT $POUSPM5PXFS

    ˓ 4FDVSJUZ)VC (VBSE%VUZͳͲ ˔ "1/"845PQ&OHJOFFST 4FSWJDF ˔ +BQBO"845PQ&OHJOFFST 4FDVSJUZ https://dev.classmethod.jp/author/kawahara-masahiro/ 2

  3. 📝 ࿩͢಺༰ ˔ ࠷ॳʹ·ͱΊ ॻ͍ͨഎܠ ˔ 3#"$Λͬ͘͟Γͱ࠶આ໌ ˔ "#"$Λͬ͘͟Γͱ࠶આ໌ ˔

    "#"$PO"84ͷਏΈΛͬ͘͟Γͱ࠶આ໌ ˔ ิ଍

  4. ࠷ॳʹ·ͱΊ ॻ͍ͨഎܠ

  5. ϒϩάͷαϚϦʔ ˔ "#"$͸ 3#"$ͷ՝୊Λղܾ͢Δखஈ ˓ ϓϩδΣΫτ΍νʔϜ਺ͷεέʔϧʹڧ͍ ˓ ͖Ίࡉ͔ͳΞΫηε੍ޚ ˔ Ͱ΋"84؀ڥʹ͓͍ͯ͸

    ਏ͍͜ͱ͕ଟ͍ ˓ *".ϙϦγʔઃܭ ˓ ଐੑ λά ͷӡ༻ ˔ ·ͣ͸"84ΞΧ΢ϯτ෼཭ͰରԠͰ͖ͳ͍͔ɺݕ౼͍ͨ͠ "84ʹ͓͚Δ"#"$ͷخ͠͞ɺਏ͞ΛޠΓ·ͨ͠ ",*#""84c%FWFMPQFST*0 IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBLJCBBXTJBNBCBD

  6. ॻ͍ͨഎܠ *".ઃܭͷ͝ࢧԉΛաڈʹ࣮ࢪ ͭͷ"84ΞΧ΢ϯτ಺ʹڞ௨తʹར༻͢ΔαʔϏε͕༗Γɺ ෳ਺ϓϩδΣΫτ͕ࠞࡏ͍ͯ͠Δ؀ڥ ޓ͍ʹผϓϩδΣΫτͷϦιʔεʹׯবͰ͖ͳ͍Α͏ʹ͍ͨ͠ ˠ"#"$Λ࢖͑ͳ͍͔ʁ ͍Ζ͍Ζͱઃܭɾ࣮૷ͨ݁͠Ռɺྑ͍ͱ͜Ζ΋͋Γͳ͕Βɺ ʮਏ͍ͱ͜Ζ🌶ʯ ΋୔ࢁ͋ͬͨ ͦͷ಺༰Λڞ༗ͨ͠΋ͷ

    "84ʹ͓͚Δ"#"$ͷخ͠͞ɺਏ͞ΛޠΓ·ͨ͠ ",*#""84c%FWFMPQFST*0 IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBLJCBBXTJBNBCBD

  7. 3#"$Λͬ͘͟Γͱ࠶આ໌

  8. *".ϙϦγʔઃܭ OPU3#"$

  9. *".ϙϦγʔઃܭ 3#"$

  10. 3#"$ͱ͸ ˔ 3PMF#BTFE"DDFTT$POUSPM ໾ׂϕʔεͷΞΫηε੍ޚ ˔ ϓϦϯγύϧͷ໾ׂ 3PMF ʹج͍ͮͯϙϦγʔઃܭΛߦ͏

  11. 3#"$ͷಛ௃ ˔ ώτͱݖݶ ϙϦγʔ ͷؒʹ ໾ׂΛڬΉ ˔ ݖݶ ϙϦγʔ ͕ώτʹࠨӈ͞Εͳ͍

    ˔ *".ϙϦγʔઃܭͷ࠷΋جຊ ˔ ઃܭӡ༻͕γϯϓϧɺ෼͔Γ΍͍͢ ˓ ໾ׂΛચ͍ग़͢ ˓ ໾ׂʹରԠ͢ΔϙϦγʔΛઃܭ͢Δ ˓ ໾ׂͱϢʔβʔΛඥ෇͚Δ

  12. "#"$Λͬ͘͟Γͱ࠶આ໌

  13. ˛ൺֱ

  14. "#"$ͱ͸ ˔ "UUSJCVUF#BTFE"DDFTT$POUSPM ଐੑϕʔεͷΞΫηε੍ޚ ˔ ϓϦϯγύϧͷଐੑʹج͍ͮͯϙϦγʔઃܭΛߦ͏

  15. "#"$ͷಛ௃ ˔ ϓϦϯγύϧ ΞΫηεઌϦιʔε ʹଐੑΛ෇༩͢Δ ˔ ؅ཧ͢ΔϙϦγʔ਺͕গͳ͘ͳΔ ˔ ϓϩδΣΫτ΍νʔϜ਺ͷεέʔϧʹڧ͍ ˓

    3#"$͸ʮώτʯʹࠨӈ͞Εͳ͍ ➔ "#"$͸ʮ໾ׂʯʹࠨӈ͞Εͳ͍ ˔ ͖Ίࡉ͔ͳΞΫηε੍ޚΛ࣮ݱͰ͖Δ ˓ ෳ਺ͷଐੑΛ෇༩ͯ͠ɺΑΓॊೈ ෳࡶ ͳ੍ޚ΋Մೳ

  16. "84ͷ"#"$ "84ͷ"#"$͸ʰλάʱΛ׆༻

  17. "#"$PO"84ͷਏΈΛ ͬ͘͟Γͱ࠶આ໌

  18. "#"$PO"84ͷਏ͍ͱ͜Ζ ˔ ϙϦγʔઃܭ͕ਏ͍ ਏ͞🌶 ˓ ΑΓҰ૚"84υΩϡϝϯτΛಡΈࠐΉ ˓ ͦ΋ͦ΋ "#"$ʹରԠ͍ͯ͠ͳ͍αʔϏε͕͋Δ ˓

    $POEJUJPOઃܭͰপʹϋϚΓ͕ͪ ˠ࣍ͰϐοΫΞοϓ ˔ λάӡ༻͕ਏ͍ ਏ͞🌶🌶🌶 ˓ ʮλά͸ࣗ༝౓͕ߴ͗͢ΔʯͷͰ੍ޚ͕େม ˓ ܧଓతͳλά؂ࢹ͕ඞਢ

  19. l*".$POEJUJPOઃܭͷপz ྫ AWS IAMポリシーのConditionを書くときの勘所 #devio2022 | DevelopersIO IUUQTEFWDMBTTNFUIPEKQBSUJDMFTEFWJPJBNDPOEJUJPO

  20. l*".$POEJUJPOઃܭͷপz ྫ AWS IAMポリシーのConditionを書くときの勘所 #devio2022 | DevelopersIO IUUQTEFWDMBTTNFUIPEKQBSUJDMFTEFWJPJBNDPOEJUJPO

  21. վΊͯϒϩάͷαϚϦʔΛ࠶ܝ ˔ "#"$͸ 3#"$ͷ՝୊Λղܾ͢Δखஈ ˓ ϓϩδΣΫτ΍νʔϜ਺ͷεέʔϧʹڧ͍ ˓ ͖Ίࡉ͔ͳΞΫηε੍ޚ ˔ Ͱ΋"84؀ڥʹ͓͍ͯ͸

    ਏ͍͜ͱ͕ଟ͍ ˓ *".ϙϦγʔઃܭ ˓ ଐੑ λά ͷӡ༻ ˔ ·ͣ͸"84ΞΧ΢ϯτ෼཭ͰରԠͰ͖ͳ͍͔ɺݕ౼͍ͨ͠ "84ʹ͓͚Δ"#"$ͷخ͠͞ɺਏ͞ΛޠΓ·ͨ͠ ",*#""84c%FWFMPQFST*0 IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBLJCBBXTJBNBCBD

  22. ิ଍

  23. ཧ૝͸ʮجຊ3#"$ νϣοτμέ"#"$ʯ ˔ େ࿮ͷݖݶઃܭ͸ 3#"$ Λϕʔεʹ͢Δ ˔ ہॴతͳࡉ੍͔͍ޚΛ "#"$ Ͱ࣮૷͢Δ

    ˔ lνϣοτμέz ͷྫ ˓ ಛఆλά͕෇͍ͨ&$ΠϯελϯεͷΈىಈɾఀࢭͰ͖ΔΑ͏ʹ͢Δ ˓ ಛఆλά͕෇͍ͨ4FDSFUTͷΈಡΈऔΕΔ ˓ ಛఆλά͕෇͍ͨ-BNCEBؔ਺ͷΈىಈͰ͖Δ ˓ 

  24. "#"$ؔ܎ͳ͍࿩ ಡऔઐ༻ΞΫηεΛ༻ҙͯ͠·͔͢ʁ ؅ཧऀ͸ߋ৽࡞ۀ༻ͷΞΫηεͱಡऔઐ༻ͷΞΫηεΛఏڙͯ͋͛͠Α͏ ར༻ऀ͸ߋ৽͢Δͱ͖Ҏ֎͸ɺ ಡऔ༻ͷΞΫηεͰ"84؀ڥʹೖΔΑ͏ʹ৺͕͚Α͏ ʮ࢓૊Έ 3#"$΍"#"$ ʯͱʮݸʑਓͷηΩϡϦςΟҙࣝʯͷ྆ํ͔Β࠷খݖݶΛ࣮ݱ͠Α͏

  25. 25