Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ここが嬉しいABAC ここが辛いよABAC #再解説+補足編

Avatar for MasahiroKawahara MasahiroKawahara
April 17, 2024
Technology
1
770

ここが嬉しいABAC ここが辛いよABAC #再解説+補足編

Avatar for MasahiroKawahara

MasahiroKawahara

April 17, 2024
Tweet

More Decks by MasahiroKawahara

See All by MasahiroKawahara
新 Security HubがついにGA!仕組みや料金を深堀り #AWSreInvent #regrowth / AWS Security Hub Advanced GA
Avatar for MasahiroKawahara masahirokawahara
1
2.7k
AWS環境のリソース調査を Claude Code で効率化 / aws investigate with cc devio2025
Avatar for MasahiroKawahara masahirokawahara
2
1.7k
ここ一年のCCoEとしてのAWSコスト最適化を振り返る / CCoE AWS Cost Optimization devio2025
Avatar for MasahiroKawahara masahirokawahara
1
1.9k
生まれ変わった AWS Security Hub (Preview) を紹介 #reInforce_osaka / reInforce New Security Hub
Avatar for MasahiroKawahara masahirokawahara
0
1.2k
Amazon DevOps Guru のベースラインを整備して1ヶ月ほど運用してみた #jawsug_asa / Amazon DevOps Guru trial
Avatar for MasahiroKawahara masahirokawahara
3
510
DuckDB MCPサーバーを使ってAWSコストを分析させてみた / AWS cost analysis with DuckDB MCP server
Avatar for MasahiroKawahara masahirokawahara
0
2.4k
セキュリティ系アップデート全体像と AWS Organizations 新ポリシー「宣言型ポリシー」を紹介 / reGrowth 2024 Security
Avatar for MasahiroKawahara masahirokawahara
0
1.1k
わたしとトラックポイント / TrackPoint tips
Avatar for MasahiroKawahara masahirokawahara
1
590
AWS CLIとシェルスクリプト、いつ使う?活用できる場面とTips紹介 #devio2024 / AWS CLI and Shell Tips
Avatar for MasahiroKawahara masahirokawahara
0
1.5k

Other Decks in Technology

See All in Technology
[PR] はじめてのデジタルアイデンティティという本を書きました
Avatar for ritou ritou
1
800
AWS re:Inventre:cap ~AmazonNova 2 Omniのワークショップを体験してきた~
Avatar for NRI Netcom nrinetcom
PRO
0
140
投資戦略を量産せよ 2 - マケデコセミナー(2025/12/26)
Avatar for tomo gamella
1
640
次世代AIコーディング:OpenAI Codex の最新動向 進行スライド/nikkei-tech-talk-40
Avatar for 日本経済新聞社 エンジニア採用事務局 nikkei_engineer_recruiting
0
140
フルカイテン株式会社 エンジニア向け採用資料
Avatar for FULL KAITEN fullkaiten
0
10k
テストセンター受験、オンライン受験、どっちなんだい?
Avatar for Yuuki Yamashita yama3133
0
210
20251225_たのしい出張報告&IgniteRecap!
Avatar for ponponmikan ponponmikankan
0
110
プロンプトエンジニアリングを超えて:自由と統制のあいだでつくる Platform × Context Engineering
Avatar for yuriemori yuriemori
0
410
Eight Engineering Unit 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
6.2k
AIエージェントを5分で一気におさらい! AIエージェント「構築」元年に備えよう
Avatar for やくも yakumo
1
150
Sansan Engineering Unit 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
3.6k
Bill One 開発エンジニア 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
4
17k

Featured

See All Featured
Marketing Yourself as an Engineer | Alaka | Gurzu
Avatar for Gurzu gurzu
0
110
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
77
5.2k
Typedesign – Prime Four
Avatar for Hannes Fritz hannesfritz
42
2.9k
Ruling the World: When Life Gets Gamed
Avatar for Sebastian Deterding codingconduct
0
120
AI: The stuff that nobody shows you
Avatar for John Nunemaker jnunemaker
PRO
2
160
AI Search:
Where Are We & What Can We Do About It?
Avatar for Aleyda Solis aleyda
0
6.8k
Chasing Engaging Ingredients in Design
Avatar for Sebastian Deterding codingconduct
0
97
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
74
11k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
55
3.2k
Leadership Guide Workshop - DevTernity 2021
Avatar for David Neal reverentgeek
1
180
The Cost Of JavaScript in 2023
Avatar for Addy Osmani addyosmani
55
9.4k
Digital Ethics as a Driver of Design Innovation
Avatar for Per Axbom axbom
PRO
0
140

Transcript

  1. ͕͜͜خ͍͠"#"$ ͕͜͜ਏ͍Α"#"$ ࠶ղઆ ิ଍ฤ

  2. ࣗݾ঺հ ઒ݪ੐େ LBXBIBSBNBTBIJSP ˔ $MBTTNFUIPE"84ࣄۀຊ෦ίϯαϧςΟϯά෦ ˔ ೥͔Β"84ηΩϡϦςΟ౷੍Λ͝ࢧԉ ˓ 0SHBOJ[BUJPOT $POUSPM5PXFS

    ˓ 4FDVSJUZ)VC (VBSE%VUZͳͲ ˔ "1/"845PQ&OHJOFFST 4FSWJDF ˔ +BQBO"845PQ&OHJOFFST 4FDVSJUZ https://dev.classmethod.jp/author/kawahara-masahiro/ 2

  3. 📝 ࿩͢಺༰ ˔ ࠷ॳʹ·ͱΊ ॻ͍ͨഎܠ ˔ 3#"$Λͬ͘͟Γͱ࠶આ໌ ˔ "#"$Λͬ͘͟Γͱ࠶આ໌ ˔

    "#"$PO"84ͷਏΈΛͬ͘͟Γͱ࠶આ໌ ˔ ิ଍

  4. ࠷ॳʹ·ͱΊ ॻ͍ͨഎܠ

  5. ϒϩάͷαϚϦʔ ˔ "#"$͸ 3#"$ͷ՝୊Λղܾ͢Δखஈ ˓ ϓϩδΣΫτ΍νʔϜ਺ͷεέʔϧʹڧ͍ ˓ ͖Ίࡉ͔ͳΞΫηε੍ޚ ˔ Ͱ΋"84؀ڥʹ͓͍ͯ͸

    ਏ͍͜ͱ͕ଟ͍ ˓ *".ϙϦγʔઃܭ ˓ ଐੑ λά ͷӡ༻ ˔ ·ͣ͸"84ΞΧ΢ϯτ෼཭ͰରԠͰ͖ͳ͍͔ɺݕ౼͍ͨ͠ "84ʹ͓͚Δ"#"$ͷخ͠͞ɺਏ͞ΛޠΓ·ͨ͠ ",*#""84c%FWFMPQFST*0 IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBLJCBBXTJBNBCBD

  6. ॻ͍ͨഎܠ *".ઃܭͷ͝ࢧԉΛաڈʹ࣮ࢪ ͭͷ"84ΞΧ΢ϯτ಺ʹڞ௨తʹར༻͢ΔαʔϏε͕༗Γɺ ෳ਺ϓϩδΣΫτ͕ࠞࡏ͍ͯ͠Δ؀ڥ ޓ͍ʹผϓϩδΣΫτͷϦιʔεʹׯবͰ͖ͳ͍Α͏ʹ͍ͨ͠ ˠ"#"$Λ࢖͑ͳ͍͔ʁ ͍Ζ͍Ζͱઃܭɾ࣮૷ͨ݁͠Ռɺྑ͍ͱ͜Ζ΋͋Γͳ͕Βɺ ʮਏ͍ͱ͜Ζ🌶ʯ ΋୔ࢁ͋ͬͨ ͦͷ಺༰Λڞ༗ͨ͠΋ͷ

    "84ʹ͓͚Δ"#"$ͷخ͠͞ɺਏ͞ΛޠΓ·ͨ͠ ",*#""84c%FWFMPQFST*0 IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBLJCBBXTJBNBCBD

  7. 3#"$Λͬ͘͟Γͱ࠶આ໌

  8. *".ϙϦγʔઃܭ OPU3#"$

  9. *".ϙϦγʔઃܭ 3#"$

  10. 3#"$ͱ͸ ˔ 3PMF#BTFE"DDFTT$POUSPM ໾ׂϕʔεͷΞΫηε੍ޚ ˔ ϓϦϯγύϧͷ໾ׂ 3PMF ʹج͍ͮͯϙϦγʔઃܭΛߦ͏

  11. 3#"$ͷಛ௃ ˔ ώτͱݖݶ ϙϦγʔ ͷؒʹ ໾ׂΛڬΉ ˔ ݖݶ ϙϦγʔ ͕ώτʹࠨӈ͞Εͳ͍

    ˔ *".ϙϦγʔઃܭͷ࠷΋جຊ ˔ ઃܭӡ༻͕γϯϓϧɺ෼͔Γ΍͍͢ ˓ ໾ׂΛચ͍ग़͢ ˓ ໾ׂʹରԠ͢ΔϙϦγʔΛઃܭ͢Δ ˓ ໾ׂͱϢʔβʔΛඥ෇͚Δ

  12. "#"$Λͬ͘͟Γͱ࠶આ໌

  13. ˛ൺֱ

  14. "#"$ͱ͸ ˔ "UUSJCVUF#BTFE"DDFTT$POUSPM ଐੑϕʔεͷΞΫηε੍ޚ ˔ ϓϦϯγύϧͷଐੑʹج͍ͮͯϙϦγʔઃܭΛߦ͏

  15. "#"$ͷಛ௃ ˔ ϓϦϯγύϧ ΞΫηεઌϦιʔε ʹଐੑΛ෇༩͢Δ ˔ ؅ཧ͢ΔϙϦγʔ਺͕গͳ͘ͳΔ ˔ ϓϩδΣΫτ΍νʔϜ਺ͷεέʔϧʹڧ͍ ˓

    3#"$͸ʮώτʯʹࠨӈ͞Εͳ͍ ➔ "#"$͸ʮ໾ׂʯʹࠨӈ͞Εͳ͍ ˔ ͖Ίࡉ͔ͳΞΫηε੍ޚΛ࣮ݱͰ͖Δ ˓ ෳ਺ͷଐੑΛ෇༩ͯ͠ɺΑΓॊೈ ෳࡶ ͳ੍ޚ΋Մೳ

  16. "84ͷ"#"$ "84ͷ"#"$͸ʰλάʱΛ׆༻

  17. "#"$PO"84ͷਏΈΛ ͬ͘͟Γͱ࠶આ໌

  18. "#"$PO"84ͷਏ͍ͱ͜Ζ ˔ ϙϦγʔઃܭ͕ਏ͍ ਏ͞🌶 ˓ ΑΓҰ૚"84υΩϡϝϯτΛಡΈࠐΉ ˓ ͦ΋ͦ΋ "#"$ʹରԠ͍ͯ͠ͳ͍αʔϏε͕͋Δ ˓

    $POEJUJPOઃܭͰপʹϋϚΓ͕ͪ ˠ࣍ͰϐοΫΞοϓ ˔ λάӡ༻͕ਏ͍ ਏ͞🌶🌶🌶 ˓ ʮλά͸ࣗ༝౓͕ߴ͗͢ΔʯͷͰ੍ޚ͕େม ˓ ܧଓతͳλά؂ࢹ͕ඞਢ

  19. l*".$POEJUJPOઃܭͷপz ྫ AWS IAMポリシーのConditionを書くときの勘所 #devio2022 | DevelopersIO IUUQTEFWDMBTTNFUIPEKQBSUJDMFTEFWJPJBNDPOEJUJPO

  20. l*".$POEJUJPOઃܭͷপz ྫ AWS IAMポリシーのConditionを書くときの勘所 #devio2022 | DevelopersIO IUUQTEFWDMBTTNFUIPEKQBSUJDMFTEFWJPJBNDPOEJUJPO

  21. վΊͯϒϩάͷαϚϦʔΛ࠶ܝ ˔ "#"$͸ 3#"$ͷ՝୊Λղܾ͢Δखஈ ˓ ϓϩδΣΫτ΍νʔϜ਺ͷεέʔϧʹڧ͍ ˓ ͖Ίࡉ͔ͳΞΫηε੍ޚ ˔ Ͱ΋"84؀ڥʹ͓͍ͯ͸

    ਏ͍͜ͱ͕ଟ͍ ˓ *".ϙϦγʔઃܭ ˓ ଐੑ λά ͷӡ༻ ˔ ·ͣ͸"84ΞΧ΢ϯτ෼཭ͰରԠͰ͖ͳ͍͔ɺݕ౼͍ͨ͠ "84ʹ͓͚Δ"#"$ͷخ͠͞ɺਏ͞ΛޠΓ·ͨ͠ ",*#""84c%FWFMPQFST*0 IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBLJCBBXTJBNBCBD

  22. ิ଍

  23. ཧ૝͸ʮجຊ3#"$ νϣοτμέ"#"$ʯ ˔ େ࿮ͷݖݶઃܭ͸ 3#"$ Λϕʔεʹ͢Δ ˔ ہॴతͳࡉ੍͔͍ޚΛ "#"$ Ͱ࣮૷͢Δ

    ˔ lνϣοτμέz ͷྫ ˓ ಛఆλά͕෇͍ͨ&$ΠϯελϯεͷΈىಈɾఀࢭͰ͖ΔΑ͏ʹ͢Δ ˓ ಛఆλά͕෇͍ͨ4FDSFUTͷΈಡΈऔΕΔ ˓ ಛఆλά͕෇͍ͨ-BNCEBؔ਺ͷΈىಈͰ͖Δ ˓ 

  24. "#"$ؔ܎ͳ͍࿩ ಡऔઐ༻ΞΫηεΛ༻ҙͯ͠·͔͢ʁ ؅ཧऀ͸ߋ৽࡞ۀ༻ͷΞΫηεͱಡऔઐ༻ͷΞΫηεΛఏڙͯ͋͛͠Α͏ ར༻ऀ͸ߋ৽͢Δͱ͖Ҏ֎͸ɺ ಡऔ༻ͷΞΫηεͰ"84؀ڥʹೖΔΑ͏ʹ৺͕͚Α͏ ʮ࢓૊Έ 3#"$΍"#"$ ʯͱʮݸʑਓͷηΩϡϦςΟҙࣝʯͷ྆ํ͔Β࠷খݖݶΛ࣮ݱ͠Α͏

  25. 25