Slide 1

Slide 1 text

How do you reinforce yourself ? AWS re:Inforce 2019 re:Cap @ July 30th Ryo Nakamaru, SUPINF Inc.

Slide 2

Slide 2 text

தؙ ྑ @pottava - SUPINF ͱ͍͏डୗ։ൃӡ༻ձࣾͰΤϯδχΞͯ͠·͢ - ւ֎ΧϯϑΝϨϯε͸೥ 2 ճఔ౓ - ӳޠ͸ͣͬͱ೰Έͷछ Profile

Slide 3

Slide 3 text

SUPINF Inc !3 ※ Mac ͷࣙॻΑΓҾ༻

Slide 4

Slide 4 text

SUPINF Inc !4 ※ Mac ͷࣙॻΑΓҾ༻ ηΩϡϦςΟ ؔ܎ͳ͍ͷ͔ɾɾ

Slide 5

Slide 5 text

SUPINF Inc 5 re:Inforce Ͳ͏ͩͬͨͷ

Slide 6

Slide 6 text

SUPINF Inc 6 ࠷ͬߴͰͨ͠ɻ ΄Μͱָ͔ͬͨ͠

Slide 7

Slide 7 text

SUPINF Inc 7 ɾԿ͕࠷ߴͩͬͨͷ͔ recap ɾདྷ೥ώϡʔετϯʹ޲͚ͯ

Slide 8

Slide 8 text

SUPINF Inc ࠷ߴͩͬͨ͜ͱ

Slide 9

Slide 9 text

SUPINF Inc ࠷ߴͦͷɹ (AWS ͷ) ॏཁ֓೦ͷཧղ͕ਂ·Δ 9 1: ໨ࢦ͢΂͖͸ɺϏδωεͷΞδϦςΟ ͱ Ψόφϯε Λ ཱ྆͢Δ ͜ͱ https://www.youtube.com/watch?v=2t-VkWt0rKk

Slide 10

Slide 10 text

SUPINF Inc 10 ͦͷͨΊʹ͸ɺΨʔυϨʔϧ ͱ ϥϯσΟϯάκʔϯ ͑͋͞Ε͹͍͍ɻ ͋ͱ͸ϓϩδΣΫτνʔϜʹɺࣗ༝ʹ૸ΒͤΑ͏ʂ https://www.youtube.com/watch?v=2t-VkWt0rKk

Slide 11

Slide 11 text

SUPINF Inc 11 ग़య: ϏϧμʔʹඞཁͳηΩϡϦςΟ͸ʮ໳൪ʯͰ͸ͳ͘ʮΨʔυϨʔϧʯ https://weekly.ascii.jp/elem/000/000/425/425592/

Slide 12

Slide 12 text

SUPINF Inc 12 ֓೦Λ࠲ֶͰֶΜͩΒ

Slide 13

Slide 13 text

SUPINF Inc 13 ໰. AWS ͰͷΨʔυϨʔϧ࣮૷ͱͯ͠ɺاۀͷηΩϡϦςΟϙϦγʔΛ ʮAWS Organizations ͷ SCPʯ΍ʮIAM ͷ Permissions Boundaryʯͷ ซ༻Ͱ࣮ݱͰ͖ͦ͏Ͱ͢ɻ͋ͳͨͳΒɺͲͷΑ͏ʹ࣮૷͠·͔͢ʁ

Slide 14

Slide 14 text

SUPINF Inc 14 https://identity-round-robin.awssecworkshops.com/permission-boundaries/presentation.pdf ೤͍͏ͪʹɺϫʔΫγϣοϓͰమ͕ଧͯΔɻʢΘ͔Βͳ͍͜ͱ͕Θ͔Δʣ

Slide 15

Slide 15 text

SUPINF Inc AWS ΧϯϑΝϨϯεͷ͓͢͢Ί 15 • ηογϣϯΑΓ΋ϫʔΫγϣοϓ ε ‣ ࡢࠓɺ΄ͱΜͲͷηογϣϯ͸ YouTube Ͱެ։͞Ε·͢ ‣ Ϣʔβࣄྫ ΍ ೤͍ؾ࣋ͪΛݺͼى͍ͨ͜͠ ৔߹͸ผ ‣ ਓؾ ϫʔΫγϣοϓ͙͢ຒ·Δ ͷͰ஫ҙʂʂ • ηογϣϯΑΓ΋ϒʔεΛ·ΘΖ͏

Slide 16

Slide 16 text

SUPINF Inc ࠷ߴͦͷɹ ະདྷͷ࿩͕Ͱ͖Δ / ະདྷ͕Έ͑Δ 16 2: AWS ύʔτφʔاۀ͸͋ΔҙຯɺAWS ΑΓଟগઌߦ͍ͯ͠Δ͔΋ʁʁ

Slide 17

Slide 17 text

SUPINF Inc 17 ʮ͔ͨ͠ʹ͜Ε͸ۀ຿ָ͕ʹͳΔ ʯ ʮ͜ͷػೳɺAWS དྷ೥͖ͩͯͦ͠͏ʯ

Slide 18

Slide 18 text

SUPINF Inc 18 ͑ʁ೔ຊʹ୅ཧళͳ͍ͷʁ ࢖ͬͯΈ͍ͨΜ͚ͩͲʁ·ͣ͸͓ࢼ͠Ͱɻ ͍͍Αɺ͡Ό͋དྷि NDA ݁ͼͭͭ ΧϯϑΝϨϯείʔϧͰઆ໌ͤͯ͞ʂ ϒʔεͰͷΑ͋͘ΔྲྀΕ

Slide 19

Slide 19 text

SUPINF Inc 19 ͓΋͠Ζ͍ 2 ࣾΛ͝঺հ

Slide 20

Slide 20 text

SUPINF Inc 20

Slide 21

Slide 21 text

SUPINF Inc Aporeto 21 • Identity-based access control ε ‣ ΦϯϓϨ͔ΒΫϥ΢υͰͷαʔόʔϨε·ͰɻϋΠϒϦου΋ɻ ‣ ಛఆͷϥϕϧ͕͍ͭͨϦιʔεʹͷΈΞΫηεΛڐՄ ‣ γϛϡϨʔγϣϯ / ݕূ / ຊ൪ར༻ͷ҆৺εςοϓ • ωοτϫʔΫͷ؂ࢹͱڧ੍ ε ‣ ϗετʹΠϯετʔϧ͢Δ Enforcer ͕શ௨৴Λ೺Ѳɾ੍ޚ ‣ ՄࢹԽ΍τϨʔε͕ Web UI ͔Β͔ΜͨΜʹ

Slide 22

Slide 22 text

SUPINF Inc 22 Ϋϥ΢υ࣌୅ͷΨόφϯεɾɾʁ → ΄΅΄΅ AWS ͷ֓೦ͷԆ௕ ɹʢ͍͍ҙຯͰͶɻ૬ੑΑͦ͞͏ʣ

Slide 23

Slide 23 text

SUPINF Inc 23 AWS re:Inforce 2019: Governance for the Cloud Age (DEM12-R1) https://youtu.be/y3WmHnavuN8

Slide 24

Slide 24 text

SUPINF Inc དྷ೥ͷώϡʔετϯ Ͱ΋ָ͠ΉͨΊʹ

Slide 25

Slide 25 text

SUPINF Inc 25 ϫʔΫγϣοϓࢀՃ΍ AWS ͷதͷਓ΁ ࣭໰͍ͨ͠ɺ࿩Λཧղ͍ͨ͠

Slide 26

Slide 26 text

SUPINF Inc Tips ͦͷɹ ࣄલʹ४උ͢Δ 26 1: • AWS ͷւ֎ΧϯϑΝϨϯε҆͘͸ͳ͍໰୊ ‣ ೔ຊͰ΋Θ͔Δ͜ͱ͸ ௐ΂͍ͯ͘ ‣ Security Specialty ͱ SA Pro ΋ͬͯͯ΋Α͏΍͘ Hello Worldʁ • ϒʔεΛճΔ ‣ ࣗ෼ͷࣄۀͱࠔ͍ͬͯΔϙΠϯτΛ ӳޠͰ આ໌ͯ͠ΈΔ ‣ ࿩Λฉ͍ͯΈ͍ͨ SaaS ʹࣄલʹΞϙΛͱͬͯΈΔ

Slide 27

Slide 27 text

SUPINF Inc Tips ͦͷɹ ೔ຊʹ͍Δ͍͋ͩʹਓ຺Λ޿͛Δ 27 2: • ࠓ೔͸νϟϯεͰ͢ ‣ AWS Japan ͞Μ͔Βͷ৘ใൃ৴ΛੵۃతʹऔΓʹ ‣ ͢Ͱʹ࣮ફ͍ͯ͠Δਓ͔Β΍ΓํΛฉ͍ͯ͠·͏ • ݱ஍ ‣ Ϙον൧ͷϦεΫ ‣ ঺հͰΞϙ͕ೖΔͱ΍͸Γɺձ͍΍͍͢ʢ͋ͨΓ·͑ʣ

Slide 28

Slide 28 text

SUPINF Inc 28 ͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ :) ࢀߟɿ • AWS re:Inforce 2019: Using AWS Control Tower to Govern Multi- Account AWS Environments (GRC313-R) https://www.youtube.com/ watch?v=2t-VkWt0rKk • ϏϧμʔʹඞཁͳηΩϡϦςΟ͸ʮ໳൪ʯͰ͸ͳ͘ʮΨʔυϨʔϧʯ - िץΞεΩʔ https://weekly.ascii.jp/elem/000/000/425/425592/ • Identity Round Robin Workshop Permissions Boundaries https:// identity-round-robin.awssecworkshops.com/permission-boundaries/ presentation.pdf • Aporeto https://www.aporeto.com • Turbot https://turbot.com

Slide 29

Slide 29 text

SUPINF

Slide 30

Slide 30 text

Our Works ϏδωεΤϦΞͷ͝঺հ ্ྲྀϑΣʔζ͔ΒɺԼྲྀϑΣʔζ ·Ͱ ͢΂ͯड͚Δࣄ͕ՄೳͰ͢ɻ SES ฐࣾͰߏஙޙ͸΋ͪΖΜɺطʹՔ ಇ͍ͯ͠ΔαʔϏεʹ͍ͭͯ΋ αϙʔτ͠·͢ɻ MSP ओʹӦۀಉߦͱͯ͠ͷɹ ٕज़తͳαϙʔτΛ͍ͯ͠·͢ɻ Sales Support ॳظߏஙͷࢼࢉ෦෼͚ͩͰ͸ͳ͘ αʔόʔҠߦɾϓϩάϥϜҠߦ΋ ରԠ͠·͢ɻ POC PMOʹ܎Δ෦෼͸΋ͪΖΜͷ͜ ͱɺࣾ಺εΩϧΛߴΊ͍ͨͱݴͬ ͨߨश΋ߦ͍ͬͯ·͢ɻ Consulting

Slide 31

Slide 31 text

(C) SUPINF Inc., All Rights Reserved. < CONFIDENTIAL > "84ϚωʔδυαʔϏεΛ౷߹͢Δ͜ͱͰ֦ுੑ ٴͼӡ༻ੑೳͷߴ͍γεςϜΛ࣮ݱ $PHOJUPɺ"1*(BUFXBZʹΑΔೝূج൫ 424ɺ-BNCEBɺ"84#BUDIΛ ૊Έ߹Θͤͨ൚༻δϣϒ؅ཧγεςϜ ΦϯϓϨϛεͱͷϋΠϒϦου؀ڥ ฐࣾ୲౰ΤϦΞ ⾣طଘۀ຿γεςϜͷ3&45"1*Խ ⾣ϓϥοτϑΥʔϜͷઃܭ ߏங Ϛϧνςφϯτ / SaaS ܕ - API ϓϥοτϑΥʔϜ

Slide 32

Slide 32 text

Kubernetes ʹΑΔϋΠϒϦουػցֶश؀ڥ (C) SUPINF Inc., All Rights Reserved. < CONFIDENTIAL > ΦϯϓϨϛε༏ઌɺࣾ಺γεςϜͱͷ౷߹ %PDLFSϨδετϦϑΝΠϧετϨʔδ͸ΦϯϓϨ ηΩϡϦςΟϨϕϧʹԠͨ͡ϑΝΠϧసૹ੍ޚ %(9LTࣾ಺ೝূγεςϜ౷߹ֶशج൫ "1*ͳͲΛ௨ͨ݁͡Ռ΍Ϧιʔεঢ়ଶͷՄࢹԽ εέʔϧઌͱͯ͠"84ͷ(16αʔόʔΛར༻ ,VCFSOFUFTͷϊʔυͱͯ͠%9ઌͷΫϥ΢υΛ ฐࣾ୲౰ΤϦΞ ⾣Πϯϑϥͷઃܭ ߏங corporate data center AWS cloud ֶशΫϥελ ֶशΫϥελ & ΦϯϓϨϛε؀ڥ ߴੑೳετϨʔδ

Slide 33

Slide 33 text

౦ژ౎ौ୩۠ौ୩2-11-5 03-6427-6517 https://www.facebook.com/supinf/ @supinf_pr CONTACT US And thank you for your time