Upgrade to Pro — share decks privately, control downloads, hide ads and more …

サーバレスVulsアーキテクチャ再び / serverless-vuls-again

E8ac626646da35420ffba5da02f4787d?s=47 Shuichi Ohsawa
October 19, 2017
Technology
1
2.4k

サーバレスVulsアーキテクチャ再び / serverless-vuls-again

E8ac626646da35420ffba5da02f4787d?s=128

Shuichi Ohsawa

October 19, 2017
Tweet

More Decks by Shuichi Ohsawa

See All by Shuichi Ohsawa
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
0
480
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
0
1.8k
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
3
440
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
0
410
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
9
2.5k
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
0
970
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
0
660
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
0
830
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
0
220

Other Decks in Technology

See All in Technology
46342ba2b13fb202412adeb6ed13528e?s=48 natsusan
0
200
F593efb2c199100c8086dbf130c71ffa?s=48 helayoty
0
140
9e7a653ed313b3da4b263a772bfc5026?s=48 clustervr
0
210
9df0566fad9c9ca3bf669917848878fe?s=48 i35_267
0
260
E7c0cdb6e91562ab5995348cd2b2110e?s=48 gkzz
0
160
246b59bbea7c40cbbbcbf94bfc6720ff?s=48 ozuma
0
110
86e4f6731e81df0591bd9cb66ddbd347?s=48 sugimomoto
1
380
405fe9ab689473f267e2cfbd95f78c75?s=48 kyonmm
1
2.4k
74948d1118cd84528f7861a3069dd8d9?s=48 qryuu
0
280
3115a782126be714b5f94d24073c957d?s=48 oracle4engineer
0
2.7k
B1dca90d4b3ffd2ccd918774e1ba170d?s=48 hmatsu47
0
170
Bcbc80799bc32840662a366768318a9b?s=48 koba789
0
450

Featured

See All Featured
3d4519fd34b76fb265fc0237f3792bd4?s=48 danielanewman
1
480
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
187
14k
D83926c323d4f9289f947b4b4e76b939?s=48 jensimmons
207
10k
56c4053438af8e8b90d6f53cbb7573be?s=48 jakevdp
775
200k
Fde6c3a50ca518a909ef35c22c0ee0e4?s=48 destraynor
223
47k
C51b39fa3c79ccb99dcb8a076bc98287?s=48 brianwarren
83
4.7k
B6a8f005f39d23ffc930508ac9da68b9?s=48 vanstee
116
4.8k
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
190
17k
4262b9cfacfb6b2c77f23e1d0310cd3e?s=48 myddelton
109
11k
Fe6b81005d1553accd6b2a28f6a2bef1?s=48 phodgson
87
3.9k
245cee81a9c424266e5e401d844ea881?s=48 lara
16
2.6k
25c7c18223fb42a4c6ae1c8db6f50f9b?s=48 mojombo
358
62k

Transcript

  1. αʔόϨεVulsΞʔΩςΫνϟ࠶ͼ VulsࡇΓ #3 Shuichi Ohsawa (@ohsawa0515) 1/9

  2. ࣗݾ঺հ • େᖒलҰ • http://blog.jicoman.info/ • @shu1_0515 • Sansanגࣜձࣾ •

    σʔλԽγεςϜͷΠϯϑϥΛ୲౰ • Πϯϑϥߏஙɾӡ༻ɾվળɺ։ൃج൫ͷվળͳͲ 2/9

  3. લճͷVulsࡇΓͰαʔόϨεͰVulsεΩϟϯ ͢Δ࿩Λ͠·ͨ͠ https://speakerdeck.com/ohsawa0515/vuls-serverless- architecture ࠓճ͸ͦͷଓ͖ʹ͍ͭͯ࿩͠·͢ɻ (εϥΠυݟ͍ͯͳ͍ਓ͸ཁνΣοΫ) 3/9

  4. CloudFormationςϯϓϨʔτͭ͘Γ·ͨ͠ ! • https://github.com/ohsawa0515/serverless-vuls • લճͷVulsࡇΓͷͱ͖ʹͳΔૣͰެ։͢Δͱݴ͍ͬͯ·͕ͨ͠ Α͏΍͘ެ։͠·ͨ͠ ! • READMEͱ͔ෆ଍͍ͯ͠Δͱ͜Ζ͕͋ΔͷͰޙʑ௥ه͍ͯ͠·

    ͢ 4/9

  5. 5/9

  6. KMSͰ҉߸Խɾ෮߸ • DBύεϫʔυɺSSHൿີ伴 • CloudFormationͷΧελϜϦιʔεͰ҉߸Խɾ෮߸ΛLambda ؔ਺Ͱ࣮ߦ • εΩϟϯ༻Lambdaؔ਺ʹ҉߸Խ͞ΕͨσʔλΛ؀ڥม਺Ͱ౉͠ ͯɺLambdaؔ਺಺Ͱ෮߸ 6/9

  7. Step FunctionsͰLambdaؔ਺ͷϧʔϓ࣮ߦ • go-cve-dictionary ͰCVE৘ใΛDBʹ֨ೲ͢Δ • Lambdaͷ࣮ߦ࣌ؒ(5෼)Λ௒͑ͳ͍Α͏ʹ1೥ຖʹ۠੾࣮ͬͯߦ 7/9

  8. ec2-vuls-config ͰεΩϟϯର৅Λબఆ • https://github.com/ohsawa0515/ec2-vuls-config • EC2λά(vuls:scan)Λ෇͚ͨΠϯελϯε৘ใΛVulsͷίϯϑΟάϑΝΠ ϧʹॻ͖ࠐΉ • Vuls v0.4.0

    ͔ΒσϑΥϧτͰ֎෦SSHΛ࢖͏Α͏ʹͳΓɺϗετΩʔν ΣοΫ͕ඞਢʹ • සൟʹEC2Πϯελϯε͕ೖΕସΘΔ؀ڥʹ͓͍ͯ͸૬ੑ͕ѱ͍ • -ssh-native-insecure ͰϗετΩʔνΣοΫ͕ೖΒͳ͍ 8/9

  9. ͥͻࢼͯ͠Έ͍ͯͩ͘͞ ! • όά͕͋Γ·ͨ͠ΒPR͍͚ͨͩΔͱॿ͔Γ·͢ ! ! • αϯϓϧ༻ͷεΩϟϯ؀ڥ(VPCɺEC2ͳͲ)Λߏங͢Δ CloudFormationςϯϓϨʔτ΋͋ΔͷͰ·ͬ͞ΒͳAWS؀ڥͰ ΋ࢼ͢͜ͱ͕Ͱ͖·͢ʂ

    9/9