Upgrade to Pro — share decks privately, control downloads, hide ads and more …

サーバレスVulsアーキテクチャ再び / serverless-vuls-again

E8ac626646da35420ffba5da02f4787d?s=47 Shuichi Ohsawa
October 19, 2017
Technology
1
2.5k

サーバレスVulsアーキテクチャ再び / serverless-vuls-again

E8ac626646da35420ffba5da02f4787d?s=128

Shuichi Ohsawa

October 19, 2017
Tweet

More Decks by Shuichi Ohsawa

See All by Shuichi Ohsawa
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
0
85
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
0
460
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
12
3.8k
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
0
870
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
0
2k
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
3
470
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
0
480
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
9
2.8k
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
0
1.2k

Other Decks in Technology

See All in Technology
2d1ae5ea9354a50d87b46f4503d11f4e?s=48 tuhin1729
0
340
73c9d1065e0075a9da6e404e08fe77fb?s=48 siroitori0413
0
140
3235eeacb4ddecfba39e1eee75069da2?s=48 taksan0
0
130
A1b4b398630bbd32b77a82cbc37fae9a?s=48 freekmurze
0
160
7cd783377515bdf8207062840b7b2f4e?s=48 soracom
PRO
0
120
A64ac825509279a770c13c6fc517f11a?s=48 kawaguti
PRO
0
110
394797f95420c4da4c84379f0d0b11c9?s=48 mkheck
0
180
46839cf590a549efe13547c17a6b2fde?s=48 isaoshimizu
2
200
928ee4c919a0d47835d3dffda7bec566?s=48 yutongsong
0
120
79dcb04101764d7bf66f898dd446838e?s=48 tsukubachallenge
0
240
98fd7d759e70809e826fd3a35e9fe2cb?s=48 hisaotsu
2
210
7fb060398b26ed622d34921bd64e4f5d?s=48 yoshiakiyamasaki
0
140

Featured

See All Featured
864a009ac73600c7c02e1f26629dd989?s=48 paigeccino
0
76
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
PRO
55
4.7k
48c098b6579220a67a6ba949be6e4b5a?s=48 revolveconf
203
9.9k
F57e2136eb9895eb95ff5dc8a1c02677?s=48 zakiwarfel
91
3.6k
95d9f37115fbb0d13135d0f77132f856?s=48 morganepeng
29
1.7k
245cee81a9c424266e5e401d844ea881?s=48 lara
175
10k
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
91
8.9k
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
15
1k
Fe6b81005d1553accd6b2a28f6a2bef1?s=48 phodgson
92
4.1k
E14f55d3f939977cecbf51b64ff6f861?s=48 keithpitt
404
20k
1b75d89772b7eea1f6c89fbf362607d9?s=48 moore
128
22k
E190023b66e2b8aa73a842b106920c93?s=48 zenorocha
302
40k

Transcript

  1. αʔόϨεVulsΞʔΩςΫνϟ࠶ͼ VulsࡇΓ #3 Shuichi Ohsawa (@ohsawa0515) 1/9

  2. ࣗݾ঺հ • େᖒलҰ • http://blog.jicoman.info/ • @shu1_0515 • Sansanגࣜձࣾ •

    σʔλԽγεςϜͷΠϯϑϥΛ୲౰ • Πϯϑϥߏஙɾӡ༻ɾվળɺ։ൃج൫ͷվળͳͲ 2/9

  3. લճͷVulsࡇΓͰαʔόϨεͰVulsεΩϟϯ ͢Δ࿩Λ͠·ͨ͠ https://speakerdeck.com/ohsawa0515/vuls-serverless- architecture ࠓճ͸ͦͷଓ͖ʹ͍ͭͯ࿩͠·͢ɻ (εϥΠυݟ͍ͯͳ͍ਓ͸ཁνΣοΫ) 3/9

  4. CloudFormationςϯϓϨʔτͭ͘Γ·ͨ͠ ! • https://github.com/ohsawa0515/serverless-vuls • લճͷVulsࡇΓͷͱ͖ʹͳΔૣͰެ։͢Δͱݴ͍ͬͯ·͕ͨ͠ Α͏΍͘ެ։͠·ͨ͠ ! • READMEͱ͔ෆ଍͍ͯ͠Δͱ͜Ζ͕͋ΔͷͰޙʑ௥ه͍ͯ͠·

    ͢ 4/9

  5. 5/9

  6. KMSͰ҉߸Խɾ෮߸ • DBύεϫʔυɺSSHൿີ伴 • CloudFormationͷΧελϜϦιʔεͰ҉߸Խɾ෮߸ΛLambda ؔ਺Ͱ࣮ߦ • εΩϟϯ༻Lambdaؔ਺ʹ҉߸Խ͞ΕͨσʔλΛ؀ڥม਺Ͱ౉͠ ͯɺLambdaؔ਺಺Ͱ෮߸ 6/9

  7. Step FunctionsͰLambdaؔ਺ͷϧʔϓ࣮ߦ • go-cve-dictionary ͰCVE৘ใΛDBʹ֨ೲ͢Δ • Lambdaͷ࣮ߦ࣌ؒ(5෼)Λ௒͑ͳ͍Α͏ʹ1೥ຖʹ۠੾࣮ͬͯߦ 7/9

  8. ec2-vuls-config ͰεΩϟϯର৅Λબఆ • https://github.com/ohsawa0515/ec2-vuls-config • EC2λά(vuls:scan)Λ෇͚ͨΠϯελϯε৘ใΛVulsͷίϯϑΟάϑΝΠ ϧʹॻ͖ࠐΉ • Vuls v0.4.0

    ͔ΒσϑΥϧτͰ֎෦SSHΛ࢖͏Α͏ʹͳΓɺϗετΩʔν ΣοΫ͕ඞਢʹ • සൟʹEC2Πϯελϯε͕ೖΕସΘΔ؀ڥʹ͓͍ͯ͸૬ੑ͕ѱ͍ • -ssh-native-insecure ͰϗετΩʔνΣοΫ͕ೖΒͳ͍ 8/9

  9. ͥͻࢼͯ͠Έ͍ͯͩ͘͞ ! • όά͕͋Γ·ͨ͠ΒPR͍͚ͨͩΔͱॿ͔Γ·͢ ! ! • αϯϓϧ༻ͷεΩϟϯ؀ڥ(VPCɺEC2ͳͲ)Λߏங͢Δ CloudFormationςϯϓϨʔτ΋͋ΔͷͰ·ͬ͞ΒͳAWS؀ڥͰ ΋ࢼ͢͜ͱ͕Ͱ͖·͢ʂ

    9/9