JAWS-UG #14 
 11 AWS re:Inforce 20 2 3 2 0 23 . 7 . 23 @seike 4 60 1

@seike 460 - - @seike 46 0 - Fusic - / - / - - JAWS Days - AWS Dev Day - Serverless Days - - JAWS Festa 2023 in Kyushu Staff - ServerlessDays 2 023 Organizer 2

Agenda 1 . 2 . 3 .IAM 4 . 5 . 3

1

AWS 5 
 
 AWS Lambda 
 AWS


 6


 
 -> 
 7

API 21,172/ -> 1,543,602/ 
 S 3 Select 
 1,000 / 600 2000 rps 8

9 
 
 


2 


11 
 API Gateway API KEY 
 API KEY 
 


12 AWS WAF 
 SQL 
 IP DOS 
 IP 
 


3 IAM

AWS Lambda IAM Role 14 AWS Lambda 
 AWS Lambda AWS 
 
 IAM 
 IAM Role 


IAM 15 SES S 3 DynamoDB 
 


DynamoDB 16 DynamoDB 
 IAM GetItem PutItem { "Version": " 2 012 - 1 0 - 17 ", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:PutItem" ], "Resource": "arn:aws:dynamodb:us- west- 2 : 123 4567 890 1 2 :table/ExampleTable" } ] }

S 3 17 S 3 IAM GetObject PutObject 
 { "Version": " 2 0 12 - 1 0 - 17 ", "Statement": [ { "Effect": "Allow", "Action": [ "s 3 :GetObject", "s 3 :PutObject" ], "Resource": "arn:aws:s 3 :::examplebucket/*" } ] }

SES 18 SES IAM 
 { "Version": " 2 0 12 - 1 0 - 17 ", "Statement": [ { "Effect": "Allow", "Action": [ "ses:SendEmail", "ses:SendRawEmail" ], "Resource": "arn:aws:ses:us- west- 2 : 1 234 5 6 7 89 01 2 :identity/ example.com" } ] }

IAM 19 AdministratorAccess 


4

21 
 
 HTML Javascript 
 
 
 
 NG

22 Secret 
 
 Secret 
 Secret Manager Secret

5

24 Security Hub CloudTrail AWS Config 


25 Point 1 IAM AdministratorAccess Point 2 Secret Point 3 Point 4

No content

Serverless Days Tokyo 2023 27

Thank You We are Hiring ! https://recruit.fusic.co.jp/