Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
セキュリティ系アップデート全体像と AWS Organizations 新ポリシー「宣言型ポリ...
Search
MasahiroKawahara
December 11, 2024
Technology
1.4k
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
セキュリティ系アップデート全体像と AWS Organizations 新ポリシー「宣言型ポリシー」を紹介 / reGrowth 2024 Security
MasahiroKawahara
December 11, 2024
More Decks by MasahiroKawahara
See All by MasahiroKawahara
【セミナー資料】Claude Code をセキュアに使うための考え方と設定の勘どころ / Claude Code Webinar 20260616
masahirokawahara
2
550
Claude Code で使える DuckDB Skills を試してみた / DuckDB Skills and Claude Code
masahirokawahara
2
2.6k
Claude Code を安全に使おう勉強会 / Claude Code Security Basics
masahirokawahara
20
47k
Claude Code Skills 勉強会 (DevelersIO向けに調整済み) / claude code skills for devio
masahirokawahara
1
33k
新 Security HubがついにGA!仕組みや料金を深堀り #AWSreInvent #regrowth / AWS Security Hub Advanced GA
masahirokawahara
1
4k
AWS環境のリソース調査を Claude Code で効率化 / aws investigate with cc devio2025
masahirokawahara
2
2.1k
ここ一年のCCoEとしてのAWSコスト最適化を振り返る / CCoE AWS Cost Optimization devio2025
masahirokawahara
1
2.6k
生まれ変わった AWS Security Hub (Preview) を紹介 #reInforce_osaka / reInforce New Security Hub
masahirokawahara
0
1.7k
Amazon DevOps Guru のベースラインを整備して1ヶ月ほど運用してみた #jawsug_asa / Amazon DevOps Guru trial
masahirokawahara
3
890
Other Decks in Technology
See All in Technology
デジタル・デザイン:次の50年を描く「進化する青写真」
y150saya
0
800
型は壁、Rustでもバグを直すな、表現できなくせよ
nwiizo
5
390
飲食店もAIで。レジ締めやハンディシステムをつくってる話 / Using AI for restaurant management
vtryo
0
240
10x Speed With QA Agent Platform - How we scaled adoption from individual effort to organizational capability
lycorptech_jp
PRO
0
130
Why is RC4 still being used?
tamaiyutaro
0
280
5分でわかる Amazon Connect_20260608
hwangbyeonghun
0
180
フルAIで個人開発して学んだあれこれ / yuruai vol.1
isaoshimizu
0
170
『AIに負けない』より『AIと遊ぶ』」〜ワクワクが最強のテスト・QA学習戦略_公開用
odan611
1
370
どうして今サーバーサイドKotlinを選択したのか
nealle
0
190
認証認可だけじゃない! ID管理の構成要素と ライフサイクルを意識しよう
ritou
1
460
きのこカンファレンス2026_肩書きを外したとき私は誰か
yamasatimi
1
130
AI時代における最適なQA組織の作り方
ymty
3
350
Featured
See All Featured
Exploring the relationship between traditional SERPs and Gen AI search
raygrieselhuber
PRO
2
4.1k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.8k
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
270
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
800
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
2
340
Agile Actions for Facilitating Distributed Teams - ADO2019
mkilby
0
220
The Limits of Empathy - UXLibs8
cassininazir
1
380
RailsConf 2023
tenderlove
30
1.5k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2.3k
Discover your Explorer Soul
emna__ayadi
2
1.2k
SEOcharity - Dark patterns in SEO and UX: How to avoid them and build a more ethical web
sarafernandez
0
220
Transcript
ηΩϡϦςΟܥΞοϓσʔτͷશମ૾ 0SHBOJ[BUJPOTͷ৽ϙϦγʔΛհ
SFHSPXUI@PTBLB ࣗݾհ ݪେ LBXBIBSBNBTBIJSP ˔ $MBTTNFUIPE"84ࣄۀຊ෦ ίϯαϧςΟϯά෦ ˔ d"845PQ&OHJOFFST ˔
SF*OWFOUݱࢀՃ ˓ ,3BDF͕շͰͨ͠
SFHSPXUI@PTBLB ࠓ͢͜ͱ ˔ ηΩϡϦςΟܥΞοϓσʔτΛ͓͞Β͍ ˔ "840SHBOJ[BUJPOTͷΞϓσΛհ ˔ ↳ એݴܕϙϦγʔΛਂງΓ ˔
↳ ͜Ε͔Βͷ༧తΨʔυϨʔϧ
ηΩϡϦςΟܥΞοϓσʔτ ͬ͘͟Γͱ͓͞Β͍
SFHSPXUI@PTBLB ߋ৽ͷ͋ͬͨ"84αʔϏε ˞༧બམؚͪΉ
SFHSPXUI@PTBLB ߋ৽ͷ͋ͬͨ"84αʔϏε ˞༧બམؚͪΉ <"843FTPVSDF&YQMPSFS> ɾػೳ֦ॆɻηΩϡϦςΟίετͷใΛҰݩతʹݕࡧɾཧՄೳʹ <"844ZTUFNT.BOBHFS> ɾϚϧνΞΧϯτϚϧνϦʔδϣϯͷϊʔυѲɺཧ͕ҰݩԽ <"844FDVSJUZ-BLF> ɾ৽͍͠ύʔτφʔೝఆ "NB[PO4FDVSJUZ-BLF3FBEZ4QFDJBMJ[BUJPO͕ൃද
ɾ0QFO4FBSDI4FSWJDFͱͷ [FSP&5-౷߹Λαϙʔτ <"84$MPVE5SBJM> ɾػೳڧԽɻแׅతͳμογϡϘʔυՃͱΫϩεΞΧϯτͰͷσʔλετΞڞ༗ ɾ"*ػೳΛՃɻࣗવݴޠͰͷΫΤϦੜͱΫΤϦ݁Ռͷཁػೳ <*"."DDFTT"OBMZ[FS> ɾະ༻ΞΫηεੳʹͯɺΞΧϯτ*%ϩʔϧλάʹΑΔείʔϓબ͕Մೳʹ
SFHSPXUI@PTBLB ߋ৽ͷ͋ͬͨ"84αʔϏε ˞༧બམؚͪΉ <"84*".> ɾ0SHBOJ[BUJPOTͷϝϯόʔΞΧϯτͷϧʔτΞΫηε ΛҰݩཧՄೳʹ <"840SHBOJ[BUJPOT> ɾએݴܕϙϦγʔ %FDMBSBUJWFQPMJDZ ͕Ճ
ɾ3$1 3FTPVSDFDPOUSPMQPMJDZ ͕Ճ <"84$POUSPM5PXFS> ɾએݴܕϙϦγʔΛ༻ͨ͠༧ίϯτϩʔϧ͕Ճ ɾ3$1Λ༻ͨ͠༧ίϯτϩʔϧ͕Ճ ɾ"84#BDLVQͱ౷߹ɻਪόοΫΞοϓઃఆΛҰׅద ༻Մೳʹ
SFHSPXUI@PTBLB ߋ৽ͷ͋ͬͨ"84αʔϏε ˞༧બམؚͪΉ <"NB[PO71$> ɾ71$ͷϒϩοΫύϒϦοΫΞΫηε #1" Λൃද ɾ$MPVE'SPOU͕71$ΦϦδϯʹରԠ <"84/FUXPSL'JSFXBMM> ɾ)551ɺ26*$ɺ1PTUHSF42-ͳͲͷ৽ϓϩτίϧݕ
ग़ʹରԠ <"847FSJGJFE"DDFTT> ɾ5$144)ɺ3%1ͳͲͷඇ)551 4 Ϧιʔεͷθϩ τϥετΞΫηε͕Մೳʹ
SFHSPXUI@PTBLB ߋ৽ͷ͋ͬͨ"84αʔϏε ˞༧બམؚͪΉ <"NB[PO(VBSE%VUZ> ɾߴͳڴҖݕग़ػೳ͕Ճɻෳεςʔδͷ߈ܸΛࣗಈݕग़ <"844FDVSJUZ*ODJEFOU3FTQPOTF> ɾ༗ਓͰηΩϡϦςΟΠϯγσϯτʹରԠͯ͘͠ΔαʔϏε͕(" ˞࠷ֹ݄ྉۚ υϧ͔Β ɾ"844FDVSJUZ*ODJEFOU3FTQPOTFͷ৽͍͠ύʔτφʔϓϩάϥϜ
"840SHBOJ[BUJPOTͷ ΞοϓσʔτΛհ
"840SHBOJ[BUJPOTΛ ͞Βͬͱ͓͞Β͍
SFHSPXUI@PTBLB 0SHBOJ[BUJPOTϚϧνΞΧϯτཧͰཱͭαʔϏε <ओͳಛ> ˔ શ"84ΞΧϯτͷٻΛू ˔ "84ΞΧϯτΛ֊Խͯ͠ཧɺ੍ޚ ˔ ͞·͟·ͳ"84αʔϏεͱ࿈ܞ ը૾Ҿ༻"840SHBOJ[BUJPOTͷ֓೦ͱ༻ޠ
"840SHBOJ[BUJPOT
SFHSPXUI@PTBLB ֤छ ϙϦγʔΛͬͯෳΞΧϯτΛ੍ޚͰ͖Δ ˔ 4$1 4FSWJDFDPOUSPMQPMJDZ ˔ λάϙϦγʔ ˔ όοΫΞοϓϙϦγʔ
˔ ͑ΔϙϦγʔͷৄࡉҎԼΛࢀর ˠ5FSNJOPMPHZBOEDPODFQUTGPS"840SHBOJ[BUJPOT "840SHBOJ[BUJPOT
"840SHBOJ[BUJPOTͷ SF*OWFOUΞοϓσʔτ
SFHSPXUI@PTBLB SF*OWFOUʹͯɺͭͷ৽ϙϦγʔ͕ొʂ ˔ <OFX>3$1 3FTPVSDFDPOUSPMQPMJDZ ˔ <OFX>એݴܕϙϦγʔ %FDMBSBUJWFQPMJDZ
એݴܕϙϦγʔ %FDMBSBUJWF1PMJDZ
SFHSPXUI@PTBLB αʔϏεϨϕϧͰ l·͍͠ઃఆz Λఆٛద༻Ͱ͖Δ ˔ એݴܕϙϦγʔ৽͍͠ʮαʔϏεϨϕϧ ͷϙϦγʔʯ ˔ ৫ͷ"84ΞΧϯτʹ͓͍ͯɺಛఆ αʔϏεଐੑΛඪ४ԽͰ͖Δ
˔ ΤϥʔϝοηʔδΛΧελϚΠζՄೳ <ݱࡏαϙʔτ͍ͯ͠Δଐੑ> ˔ 71$ ˓ 71$ϒϩοΫύϒϦοΫΞΫηε ˔ &$ ˓ γϦΞϧίϯιʔϧΞΫηε ˓ ".*ϒϩοΫύϒϦοΫΞΫηε ˓ ڐՄ͞Εͨ".*ͷར༻ ˓ *.%4ͷσϑΥϧτઃఆ ˔  ˓ εφοϓγϣοτͷϒϩοΫύϒϦοΫΞΫηε
SFHSPXUI@PTBLB ΫϦοΫͰ؆୯ʹઃఆͰ͖Δ ը૾Ҿ༻ʲΞοϓσʔτʳ৽ͨʹൃද͞ΕͨEFDMBSBUJWFQPMJDJFTʢએݴܕϙϦγʔʣΛͨΊͯ͠Έͨ "84SF*OWFOUc%FWFMPQFST*0
ͦͦએݴతͬͯͳΜͩΖ͏ʁ
SFHSPXUI@PTBLB ʮ݁ہԿ͕͍ͨ͠ͷ͔ʯͱ͍͏త͚ͩΛઆ໌͢Δ͜ͱ Ҿ༻એݴతʁ %FDMBSBUJWF Ͳ͏͍͏͜ͱʁ !)JSPZVLJ@04",* 2JJUB
SFHSPXUI@PTBLB lεφοϓγϣοτͷϒϩοΫύϒϦοΫΞΫηεz Λྫʹߟ͑ͯΈΔ εφοϓγϣοτΛύϒϦοΫʹͨ͘͠ͳ͍Μʂ త
SFHSPXUI@PTBLB ʙએݴܕϙϦγʔ͕ͳ͍ͱ͖ʙ εφοϓγϣοτΛύϒϦοΫʹͨ͘͠ͳ͍Μʂ త ˞ͳ͍Ͱ͢ తͷୡํ๏
SFHSPXUI@PTBLB ʙએݴܕϙϦγʔ͕͋Δͱ͖ʙ εφοϓγϣοτΛύϒϦοΫʹͨ͘͠ͳ͍Μʂ త తͷୡํ๏
͜Ε͔Βͷ༧తΨʔυϨʔϧ
SFHSPXUI@PTBLB ࠓɺओཁͳ༧తΨʔυϨʔϧ͕Ұؾʹ૿͑ͨʂ ͜Ε·Ͱͷ<"84ͷ༧తΨʔυϨʔϧͱ͍͑> ˔ 4$1 4FSWJDFDPOUSPMQPMJDZ ͜Ε͔Βͷ<"84ͷ༧తΨʔυϨʔϧͱ͍͑> ˔ 4$1 4FSWJDFDPOUSPMQPMJDZ
˔ 3$1 3FTPVSDFDPOUSPMQPMJDZ ˔ એݴܕϙϦγʔ %FDMBSBUJWFQPMJDZ
SFHSPXUI@PTBLB <Πϝʔδ>͜Ε·Ͱͷ༧తΨʔυϨʔϧ
SFHSPXUI@PTBLB <Πϝʔδ>༧తΨʔυϨʔϧͷ͜Ε͔Β
SFHSPXUI@PTBLB <Πϝʔδ>༧తΨʔυϨʔϧͷ͜Ε͔Β ˞3$1͕αϙʔτ͍ͯ͠ΔαʔϏε ɾ4 ɾ454 ɾ,.4 ɾ424 ɾ4FDSFUT.BOBHFS ˞એݴܕϙϦγʔͷαϙʔτൣғ ɾ71$ϒϩοΫύϒϦοΫΞΫηε
ɾ&$γϦΞϧίϯιʔϧΞΫηε ɾ&$".*ϒϩοΫύϒϦοΫΞΫηε ɾ&$ڐՄ͞Εͨ".*ͷར༻ ɾ&$*.%4ͷσϑΥϧτઃఆ ɾεφοϓγϣοτͷϒϩοΫύϒϦοΫΞΫηε
͓ΘΓʹ
SFHSPXUI@PTBLB ͨ͜͠ͱ ˔ ηΩϡϦςΟܥΞοϓσʔτΛ͓͞Β͍ ˔ "840SHBOJ[BUJPOTͷΞϓσΛհ ˔ ↳ એݴܕϙϦγʔΛਂງΓ ˓
αʔϏεϨϕϧͰʮ·͍͠ઃఆʯΛఆٛద༻ ˓ ΫϦοΫͰ؆୯ʹઃఆͰ͖Δ ˔ ↳ ͜Ε͔Βͷ༧తΨʔυϨʔϧ ˓ ·ͣ એݴܕϙϦγʔ<OFX>Λద༻Ͱ͖ͳ͍͔ ˓ ࣍ʹैདྷ௨Γ 4$1Λ͏ ˓ ิతʹ 3$1<OFX>Λ͏
SFHSPXUI@PTBLB ࢀߟ ˔ 4JNQMJGZHPWFSOBODFXJUIEFDMBSBUJWFQPMJDJFTc"84/FXT#MPH ˔ <Ξοϓσʔτ>"840SHBOJ[BUJPOTͰએݴܕϙϦγʔ EFDMBSBUJWFQPMJDJFT ͕ར༻Մೳʹͳ Γ·ͨ͠ "84SF*OWFOUc%FWFMPQFST*0
˔ ʲΞοϓσʔτʳ৽ͨʹൃද͞ΕͨEFDMBSBUJWFQPMJDJFTʢએݴܕϙϦγʔʣΛͨΊͯ͠Έͨ "84SF*OWFOUc%FWFMPQFST*0 ˔ એݴతʁ %FDMBSBUJWF Ͳ͏͍͏͜ͱʁ !)JSPZVLJ@04",* 2JJUB
SFHSPXUI@PTBLB ࢀߟ • 識別 ◦ Introducing the Amazon Security Lake
Ready Specialization - AWS ◦ Amazon OpenSearch Service zero-ETL integration with Amazon Security Lake - AWS ◦ Find security, compliance, and operating metrics in AWS Resource Explorer - AWS ◦ AWS CloudTrail Lake launches enhanced analytics and cross-account data access - AWS ◦ AWS CloudTrail Lake enhances log analysis with AI-powered features - AWS ◦ The new AWS Systems Manager experience: Simplifying node management - AWS ◦ Customize scope of IAM Access Analyzer unused access analysis - AWS • 防御 ◦ Centrally manage root access in AWS Identity and Access Management (IAM) - AWS ◦ Amazon Web Services announces declarative policies - AWS ◦ Introducing resource control policies (RCPs) to centrally restrict access to AWS resources - AWS ◦ AWS Control Tower launches managed controls using declarative policies - AWS ◦ AWS Control Tower launches configurable managed controls implemented using resource control policies - AWS ◦ AWS Control Tower adds prescriptive backup plans to landing zone capabilities - AWS ◦ AWS announces Block Public Access for Amazon Virtual Private Cloud - AWS ◦ Amazon CloudFront announces VPC origins - AWS ◦ AWS Network Firewall expands the list of supported protocols and keywords in firewall rules - AWS ◦ AWS Verified Access now supports secure access to resources over non-HTTP(S) protocols (Preview) - AWS • 検知/対応 ◦ AWS announces AWS Security Incident Response for general availability - AWS ◦ Respond and recovery more quickly with AWS Security Incident Response Partners - AWS ◦ Amazon GuardDuty introduces GuardDuty Extended Threat Detection - AWS
None