ヤプリにおけるAWS Control Towerの活用 / Using AWS ControlTower in Yappli

AWS Control Tower SESSION 04

@modokkin 2018 Youtube 🙇 https://www.youtube.com/c/timesyappliradio

INDEX 01 02 03 04 05 AWS AWS Control Tower
AWS Control Tower AWS Control Tower

01 AWS

AWS CloudTrail AWS AWS Con fi g AWS AWS Organizations
AWS IAM Identity Center (AWS Single Sign-On )

AWS Production Staging Production Account Develop AWS CloudTrail AWS Con
fi g

Production Staging Production Account Develop Develop Account AWS CloudTrail AWS
Con fi g AWS CloudTrail AWS Con fi g

Production Staging Production Corporate AWS CloudTrail AWS Con fi g
Develop Corporate Develop AWS CloudTrail AWS Con fi g AWS CloudTrail AWS Con fi g

Production Staging Production etc. Develop Develop Corporate Corporate

AWS Organizations Workloads OU Production OU SCP Staging OU Develop
OU SCP SCP Security OU SCP SCP Exceptions OU SCP

AWS IAM Identity Center (AWS Single Sign-On ) IAM User
IAM AWS IAM Identity Center okta

AWS IAM Identity Center IAM AWS Organizations ( OU SCP
) SCP( ) 1 AWS Config

02 AWS Control Tower

AWS : https://aws.amazon.com/jp/controltower/

Guardrails( ) AWS Control Tower   Amazon S 3  
SSH DB

Landing Zone ( ) • AWS ( ) AWS Control
Tower H

AWS CloudTrail AWS Con fi g AWS Organizations AWS ControlTower

1 . AWS 2 . 3. AWS 4 . AWS
Control Tower 5 . 6 . Control Tower Workshops https://controltower.aws-management.tools/ja/

( ) AWS Control Tower 🤗

AWS Control Tower

• https://docs.aws.amazon.com/ja_jp/controltower/latest/userguide/accounts.html AWS Organizations

AWS CloudTrail Amazon S3 🆕 KMS

AWS IAM MFA Amazon S3  

Slack AWS Chat Bot Amazon CloudWatch

Okta 築 • AWS Control Tower AWS IAM Identity Center(AWS
SSO) • Okta Okta Okta AWS IAM Identity Center 築

AWS Control Tower AWS AWS Control Tower

AWS Control Tower Yappli Tech Blog https://tech.yappli.io/entry/ yapplitechconf2022-sre

More Decks by MotokiHabuchi