Save 37% off PRO during our Black Friday Sale! »

サーバレスVulsアーキテクチャ再び / serverless-vuls-again

E8ac626646da35420ffba5da02f4787d?s=47 Shuichi Ohsawa
October 19, 2017
Technology
1
2.6k

サーバレスVulsアーキテクチャ再び / serverless-vuls-again

E8ac626646da35420ffba5da02f4787d?s=128

Shuichi Ohsawa

October 19, 2017
Tweet

More Decks by Shuichi Ohsawa

See All by Shuichi Ohsawa
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
0
95
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
0
510
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
12
3.9k
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
0
960
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
0
2k
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
3
480
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
0
510
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
9
2.9k
E8ac626646da35420ffba5da02f4787d?s=48 ohsawa0515
0
1.3k

Other Decks in Technology

See All in Technology
8fa31051503b09846584c49cd53d2f80?s=48 asei
0
280
5c4a9121473a13463ca3d8c0cf6d3152?s=48 o3
2
380
0e3cc0e218e5bcb4c4da827fb5668f5a?s=48 stopendy
1
140
8d80af14296180866264212adbfb587e?s=48 godan
0
160
57e80b356ed7005ee31e3494cdbfd02c?s=48 biatunky
1
170
0b238801605070def81a98cfe8061aee?s=48 shonansurvivors
2
420
D65ac1a4aacb7a449bb61cef10fb7143?s=48 yamanoku
3
1.2k
33ef4c1ebe619115b552db9a9f9a3509?s=48 sadnessojisan
4
1.5k
53850955f15249a1a9dc49df6113e400?s=48 line_developers
PRO
0
240
950776c7623253d1ccd37e3cd32fa58f?s=48 indigolain
2
990
3933b943fb70400bbc26f3cb78d8204c?s=48 sakiengineer
2
880
590fe37e032309f0f2657135085e395d?s=48 kmotohas
0
380

Featured

See All Featured
E14f55d3f939977cecbf51b64ff6f861?s=48 keithpitt
405
20k
0438ae60cde4c7add6f9da48f28c15cc?s=48 chrisshort
6
28k
7559f6cff1f5efc2d210965febd4d71c?s=48 bermonpainter
349
27k
864a009ac73600c7c02e1f26629dd989?s=48 paigeccino
7
400
1519587b1a0febb658c36c94f6272b0d?s=48 roundedbygravity
85
8.2k
25c7c18223fb42a4c6ae1c8db6f50f9b?s=48 mojombo
364
63k
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
PRO
56
4.9k
Ba530e786553390f3fb271848485681c?s=48 3n
169
23k
2bb923c57a1fdc3a2eb484bb8d565fd2?s=48 ufuk
61
7.3k
Aebc2d07a50011e2a30d38435fde564a?s=48 jrom
120
7.5k
4262b9cfacfb6b2c77f23e1d0310cd3e?s=48 myddelton
110
11k
Ded01cdab114abe4ec13511e4c25b9bb?s=48 andyhume
67
4.6k

Transcript

  1. αʔόϨεVulsΞʔΩςΫνϟ࠶ͼ VulsࡇΓ #3 Shuichi Ohsawa (@ohsawa0515) 1/9

  2. ࣗݾ঺հ • େᖒलҰ • http://blog.jicoman.info/ • @shu1_0515 • Sansanגࣜձࣾ •

    σʔλԽγεςϜͷΠϯϑϥΛ୲౰ • Πϯϑϥߏஙɾӡ༻ɾվળɺ։ൃج൫ͷվળͳͲ 2/9

  3. લճͷVulsࡇΓͰαʔόϨεͰVulsεΩϟϯ ͢Δ࿩Λ͠·ͨ͠ https://speakerdeck.com/ohsawa0515/vuls-serverless- architecture ࠓճ͸ͦͷଓ͖ʹ͍ͭͯ࿩͠·͢ɻ (εϥΠυݟ͍ͯͳ͍ਓ͸ཁνΣοΫ) 3/9

  4. CloudFormationςϯϓϨʔτͭ͘Γ·ͨ͠ ! • https://github.com/ohsawa0515/serverless-vuls • લճͷVulsࡇΓͷͱ͖ʹͳΔૣͰެ։͢Δͱݴ͍ͬͯ·͕ͨ͠ Α͏΍͘ެ։͠·ͨ͠ ! • READMEͱ͔ෆ଍͍ͯ͠Δͱ͜Ζ͕͋ΔͷͰޙʑ௥ه͍ͯ͠·

    ͢ 4/9

  5. 5/9

  6. KMSͰ҉߸Խɾ෮߸ • DBύεϫʔυɺSSHൿີ伴 • CloudFormationͷΧελϜϦιʔεͰ҉߸Խɾ෮߸ΛLambda ؔ਺Ͱ࣮ߦ • εΩϟϯ༻Lambdaؔ਺ʹ҉߸Խ͞ΕͨσʔλΛ؀ڥม਺Ͱ౉͠ ͯɺLambdaؔ਺಺Ͱ෮߸ 6/9

  7. Step FunctionsͰLambdaؔ਺ͷϧʔϓ࣮ߦ • go-cve-dictionary ͰCVE৘ใΛDBʹ֨ೲ͢Δ • Lambdaͷ࣮ߦ࣌ؒ(5෼)Λ௒͑ͳ͍Α͏ʹ1೥ຖʹ۠੾࣮ͬͯߦ 7/9

  8. ec2-vuls-config ͰεΩϟϯର৅Λબఆ • https://github.com/ohsawa0515/ec2-vuls-config • EC2λά(vuls:scan)Λ෇͚ͨΠϯελϯε৘ใΛVulsͷίϯϑΟάϑΝΠ ϧʹॻ͖ࠐΉ • Vuls v0.4.0

    ͔ΒσϑΥϧτͰ֎෦SSHΛ࢖͏Α͏ʹͳΓɺϗετΩʔν ΣοΫ͕ඞਢʹ • සൟʹEC2Πϯελϯε͕ೖΕସΘΔ؀ڥʹ͓͍ͯ͸૬ੑ͕ѱ͍ • -ssh-native-insecure ͰϗετΩʔνΣοΫ͕ೖΒͳ͍ 8/9

  9. ͥͻࢼͯ͠Έ͍ͯͩ͘͞ ! • όά͕͋Γ·ͨ͠ΒPR͍͚ͨͩΔͱॿ͔Γ·͢ ! ! • αϯϓϧ༻ͷεΩϟϯ؀ڥ(VPCɺEC2ͳͲ)Λߏங͢Δ CloudFormationςϯϓϨʔτ΋͋ΔͷͰ·ͬ͞ΒͳAWS؀ڥͰ ΋ࢼ͢͜ͱ͕Ͱ͖·͢ʂ

    9/9