AuthzCtx - Alp社内共有会

Slide 1

Slide 1 text

Authz 2 0 2 2 / 0 4 / 2 2 υ ϝ Π ϯ ڞ ༗ ձ M A C H U

Slide 2

Slide 2 text

2 ΞδΣϯμ • ೝՄ೉͍͠ͱ͜Ζ͓͞Β͍ • ೝՄج൫v1ͰରԠ͍ͯͨ͠෦෼͓͞Β͍ • v1ͰԿ͕Ͱ͖͍ͯͳ͔͔ͬͨ • Scope෇༩ํ๏ղઆ • ࡉ͔͍࢓૊Έ • ϑϩϯτͱͷ΍ΓͱΓ • SATͷ࡞Γํ • ࠓޙͷԠ༻ • ࠷ޙʹ

Slide 3

Slide 3 text

3 ೝՄ೉͍͠ͱ͜Ζ͓͞Β͍

Slide 4

Slide 4 text

4 ೝՄͷ೉͍͠఺ ద༻ൣғ͕޿͍ Operator,System,Token,֤ Ctx,Adpt,UseCase,Domain etc… ೝՄͷ֓೦͕ᐆດͰɺ ѻ͍͕೉͍͠ ϩδοΫͱ ີʹͳΓ΍͍͢

Slide 5

Slide 5 text

5 ద༻ൣғ͕޿͍ Presenter Controller Repository(DB etc..) UseCase Domain Masking item Execute endpoint Filter resource read/write auhorization Execute UseCase Ramification domainLogic Execute domainLogic ֤૚ͰೝՄΛద༻͍ͨ͠৔໘͕͜Ε͚ͩ͋Γ·͢ɻ͜ΕΒΛผʑͷ࢓૊ΈͰ࣮૷ͯ͠͠·͏ͱ ख਺͕ଟ͘ͳΓ͗͢Δ͠ɺ࢓૊Έಉ࢜ͷ੔߹ੑΛઁΔ͜ͱ΋೉͘͠ͳΓ·͢ɻ

Slide 6

Slide 6 text

6 ద༻ൣғ͕޿͍ Presenter Controller Repository(DB etc..) UseCase Domain Presenter Controller Repository(DB etc..) UseCase Domain Presenter Controller Repository(DB etc..) UseCase Domain Ctx-A Ctx-B Ctx-C ͔͠΋ɺͦͷ૚͕ෳ਺ͷίϯςΩετʹ·͕ͨΓ·͢ɻ ౷ҰతʹऔΓѻ͏ೝՄج൫͕ͳ͍ͱख਺͕૿͑͗͢Δ͠ɺظ଴ͨ͠ڍಈΛಘΔͷ΋อͭͷ΋೉͘͠ͳΓ·͢ɻ ·ͨɺॲཧͷϑϩʔ΋ෳࡶԽ͕ͪ͠Ͱ͢ɻ

Slide 7

Slide 7 text

7 ೝՄͷ֓೦͕ᐆດͰɺѻ͍͕೉͍͠ Presenter Controller Repository(DB etc..) UseCase Domain Masking item Execute endpoint Filter resource read/write auhorization Execute UseCase Ramification domainLogic Execute domainLogic ͜Ε͚֤ͩ૚ʹ͓͍༷ͯʑͳ࡞༻͕͋ΔͷͰɺͲͷΑ͏ͳ֓೦ͱͯ͠औΓѻ͏͔೉͍͠໰୊͕ ͋Γ·͢ɻ

Slide 8

Slide 8 text

8 ϩδοΫͱີʹͳΓ΍͍͢ ୯७ʹॻ͘ͱɺݖݶ͕ଘࡏ͢Δ͔ͷνΣοΫΛ৭ʑͳͱ͜Ζʹ࢓ࠐΉ͜ͱʹͳΓ·͢ `If (Operator.policy. fi nd(_ == CanWriteContract)) ~ ` ͱ͍ͬͨ۩߹Ͱ͢ɻ ͜Ε͚ͩͳΒ·ͩϚγͰ͕͢ɺ࣮ࡍ͸ `If ( (Operator.policy.exixts(_ == AllAllow) || Operator.policy.exixts(_ == CanWriteContract)) && Operator.policy.exixts(_ != AllDeny)) )` ͳͲɺͲΜͲΜංେԽ͍͖ͯ͠ɺͦΕ͕৭ʑͳͱ͜Ζʹࢄ Β͹ͬͯ͠·͍·͢ɻϑϩϯτʹ·ͰඈͼՐͯ͠ີʹͳΓ·͢ɻ

Slide 9

Slide 9 text

9 ೝՄج൫v1ͰରԠ͍ͯͨ͠෦෼͓͞Β͍

Slide 10

Slide 10 text

1 0 ෼ੳػೳ΁෦෼తʹద༻͍ͯͨ͠ೝՄج൫v1Ͱ ΋ɺ͜ΕΒͷ໰୊ʹ͸͋Δఔ౓ରԠͰ͖͍ͯͨ

Slide 11

Slide 11 text

11 ద༻ൣғ͕޿͍ Operator,System,Token,֤ Ctx,UseCase,Domain etc… ൒؀ߏ଄ʹΑΔॊೈͳදݱ PrincipalIdʹΑΔೝՄओମந৅Խ

Slide 12

Slide 12 text

1 2 AuthzCtxͷ੾Γग़͠ͱɺ ೝՄؔ࿈Ϟσϧͷlib഑ஔ ೝՄͷ֓೦͕ᐆດͰɺ ѻ͍͕೉͍͠

Slide 13

Slide 13 text

1 3 - EffͰͷΤϑΣΫτந৅ԽʹΑΔؔ৺෼཭ - AuthzCtx෼཭ʹΑΔɺSupport,Manage,Decideͱɺ Enforceͷ෼཭ ϩδοΫͱີʹͳΓ΍ ͍͢

Slide 14

Slide 14 text

1 4 Support,Manage,DecideͱɺEnforceͷ෼཭ͱ͸ ‘XACML Reference Architecture’ ʹ ͋Δ஌ݟͰɺೝՄͷ෼཭ͷ୯ҐΛ͜ͷ4ͭʹ෼͚͍ͯΔ ScalebaseͰ͸ Decide,ManageΛAuthzCtxʹด͡ࠐΊɺAuthzIOͰૢ ࡞ͷίϚϯυΛΤϑΣΫτந৅Խ Enforce,Support͸جຊతͳ൑ఆ͸AuthzCtxʹدͤɺ BooleanΛฦ͢͜ͱʹΑͬͯ൒؀ߏ଄Λར༻֤ͯ͠Ctx Ͱͷ൑ఆͱ߹੒ͯ͠൑ఆ͕Ͱ͖ΔΑ͏ʹ͍ͯ͠Δ ※Support͸AuthzCtxܦ༝ʹ͢Δύλʔϯ΋͋ΔͷͰ ࠓޙศརͳํΛબ୒͍ͯ͘͠

Slide 15

Slide 15 text

1 5 ͜ͷล͸👇ͷࢿྉΛࢀর͍ͩ͘͞🙏 https://speakerdeck.com/ma2k8/authz

Slide 16

Slide 16 text

1 6 v1ͰԿ͕Ͱ͖͍ͯͳ͔͔ͬͨ

Slide 17

Slide 17 text

1 7 ͡Ό͋Կ͕Ͱ͖ͯͳ͔ͬͨΜ͚ͩͬ

Slide 18

Slide 18 text

1 8 ೝՄج൫v1ͷΧόʔൣғ Presenter Controller Repository(DB etc..) UseCase Domain Masking item Execute endpoint Filter resource read/write auhorization Execute UseCase Ramification domainLogic Execute domainLogic

Slide 19

Slide 19 text

1 9 ೝՄج൫v2(ࠓ΍ͬͯΔ΍ͭ)ͷΧόʔൣғ Presenter Controller Repository(DB etc..) UseCase Domain Masking item Execute endpoint Filter resource read/write auhorization Execute UseCase Ramification domainLogic Execute domainLogic ※͜͜͸PresenterΛEffʹੵΊ͹Ͱ͖ΔΑ͏ʹͳΔ

Slide 20

Slide 20 text

2 0 ࠩ෼ Execute endpoint read/write auhorization Execute UseCase ͕

Slide 21

Slide 21 text

2 1 ͷঢ়ଶͱ͸ දݱ͸Ͱ͖Δ͕ɺہॴతͳݖݶ൑ఆ͕͔ͳ Γͷྔʹͳͬͯ͠·͍ɺӡ༻͕ਏ͍ for { hasViewerPermission <- AuthzIO.requestBoolPolicy[R]( ActionComposing.Literal( principalId = operatorId.toPrincipalId, action = DashboardAnalysisView, resourceIds = Nil ) ) hasExplorerPermission <- AuthzIO.requestBoolPolicy[R]( ActionComposing.Literal( principalId = operatorId.toPrincipalId, action = DashboardAnalysisExplore, resourceIds = Nil ) ) lookerRole <- fromPpError[R, LookerRole] { if (hasViewerPermission) Right(SimpleViewer) else if (hasExplorerPermission) Right(SimpleExplorer) else Left(PpError.UnauthorizedError()) } …

Slide 22

Slide 22 text

2 2 ࠓճͷཁ݅

Slide 23

Slide 23 text

2 3 ReadOnlyͳݖݶ

Slide 24

Slide 24 text

2 4 ద༻ൣғ͕޿͍ʂ

Slide 25

Slide 25 text

2 5 ·͞ʹɹ͕ϒοࢗ͞Δཁ݅

Slide 26

Slide 26 text

2 6 ͜Ε·ͰͷScalebaseͷॲཧશͯʹ ͜ͷ෼ذΛ଍͢ͷ͸ɺେਓ਺Ͱ͔͠ճͤͳ͍γεςϜ΁ͷ ೖΓޱͱͳΓ͏Δ͠ɺγϯϓϧʹઈରόάΔɻආ͚͍ͨɻ

Slide 27

Slide 27 text

2 7 υϝΠϯϩδοΫͷݖݶ൑ఆ΍෼ذ͸ʮہॴతͰͳ͚Ε͹ͳΒͳ͍ʯ͕ɺ ΑΓେ͖ͳείʔϓతͳ֓೦͸ɺ೚ҙͷείʔϓΛઃఆͨ͠Βউखʹద༻͞Εͯ΄͍͠ͳ͊ ɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹ

Slide 28

Slide 28 text

2 8 ࡞Γ·ͨ͠

Slide 29

Slide 29 text

2 9 Scope෇༩ํ๏ղઆ

Slide 30

Slide 30 text

3 0 ·ͣ͸Contractʹ είʔϓ෇༩͢ΔܗͰղઆ͠·͢

Slide 31

Slide 31 text

3 1 ؆୯ 4εςοϓ

Slide 32

Slide 32 text

3 2 ᶃContractͷRead/WriteʹඞཁͳScopeΛ෇༩ implicit val scopeAllocator: ScopeAllocator[ContractId] = ScopeAllocator.allocate( readScope = List(Action.ContractRead), writeScope = List(Action.ContractWrite) ) domain૚ʹ͋ΔɺContractIdͱContractͷίϯύχΦϯΦϒδΣΫτʹscopeAllocatorΛઃఆ͠ ·͢ɻ

Slide 33

Slide 33 text

3 3 ᶄContractRepositoryͷγάχνϟʹͯ ฦΓ஋ΛࢦఆͷܕͰғ͏ def findById[R: _authzio: _trantask]( providerId: ProviderId, id: ContractId ): Eff[R, ReadAuthzScopeRepoFilter[Option[Contract]]] def store[R: _authzio: _trantask: _clockm: _ppErrorEither]( entity: Contract ): Eff[R, WriteAuthzScope[Contract]] ReadScopeΛར༻͢ΔRepositoryͷϝιου͸ ReadAuthzScopeRepoFilterɺ WriteScopeΛར༻͢Δϝιου͸ɺWriteAuthzScope Ͱғ͍·͢ Repository͸ɺ͜ͷΠϯλʔϑΣʔεʹͳ͍ͬͯͳ͍ͱίϯύΠϧΤϥʔʹ͢Δscala fi xϧʔϧ ΋༻ҙͯ͠ΔͷͰྑ͖λΠϛϯάͰద༻͍͖͍ͯͨ͠ͱࢥ͍ͬͯ·͢ɻ

Slide 34

Slide 34 text

3 4 ᶅContractRepositoryImplʹͯ ࢦఆͷܕͰғͬͯฦ͢ // ReadScopeͷ෇༩͸ A => ReadAuthzScopeRepoFilter[A] yield ReadAuthzScopeRepoFilter(maybe) // WriteScopeͷ෇༩͸ A => Eff[R, WriteAuthzScope[A]] contract <- fromPpError(stored.toRight(ResourceNotFoundError(resourceName = "contract", identifier = entity.id))) contractWithScope <- WriteAuthzScope(contract) Write͸ɺReadAuthzScopeRepoFilter.apply ͰWriteAuthzScopeͰแΉࡍʹscopeΛ෇༩͍ͯ͠ΔͷͰ A => Eff[R, WriteAuthzScope[A]] ͱͳΔͷͰforࣜ಺Ͱapply͠·͢ɻ Read͸ɺReadAuthzScopeRepoFilter. fi lteredValueͰ஋ΛऔΓग़͢ࡍʹscopeΛ෇༩͍ͯ͠ΔͷͰɺA => ReadAuthzScopeRepoFilter[A]ͱͳΔͷͰyieldͳͲͰapply͠·͢ɻ

Slide 35

Slide 35 text

3 5 ᶆ࠷ޙʹPrimaryAdapterͰrun! runAuthz or runAll Ͱ࣮ߦ͢ΔͱɺࢦఆͷScopeʹର͢ΔݖݶΛ͍࣋ͬͯͳ͚Ε͹ `ೝՄΤϥʔ` ʹͳΓ·͢ɻ BatchAdapterͰ͸ɺೝՄΛεΩοϓ͍ͨ͠ͷͰ runAuthzIOWithoutRequest or runAllWithoutAuthzIORequestͱ͢ΔͱೝՄΛεΩοϓ͢Δ͜ͱ΋Ͱ͖·͢ɻ

Slide 36

Slide 36 text

3 6 ͜Ε͚ͩͰ౷Ұతͳ είʔϓ੍͕ޚ͕ߦ͑·͢

Slide 37

Slide 37 text

3 7 ؆୯Ͱ͢Ͷʂ

Slide 38

Slide 38 text

3 8 Scopeͷࡉ͔͍࢓૊Έ

Slide 39

Slide 39 text

3 9 ScopeΛStateͰදݱ͠ɺ ΤϑΣΫτελοΫʹಥͬࠐΜͰ͍Δ ೝՄScope͕෇༩͞Ε͍ͯΔ͜ͱΛࣔ͢ܕΫϥεͷapply࣌ʹɺimplictlyͰScopeAllocatorΛಋग़ ͠ɺStateʹScopeΛੵΜͰ͍·͢ɻ

Slide 40

Slide 40 text

4 0 ݱঢ়͸RepositoryͷΈ͕ͩͲ͜Ͱ΋ੵΊΔ ͠ɺͲ͜ͰੵΜͰ΋ಉ͡StateͰ؅ཧͰ͖Δ Presenter Controller Repository(DB etc..) UseCase Domain Set Scope A Set Scope B Set Scope C,D Set Scope E Set Scope F State[List[A,B,C,D,E,F], X] ΋ͪΖΜɺෳ਺ͷRepositoryΛ࢖ͬͯ΋ͦΕͧΕͰඞཁͳScope͕ηοτ͞ΕͨState͕खʹೖΓ ·͢ɻ

Slide 41

Slide 41 text

4 1 Principal΋StateͰ؅ཧ͍ͯ͠Δ HttpAdapterͷOperatorExtractorͱ͍͏JWTτʔΫϯ͔ΒOperatorIdΛExtract͢ΔॲཧͷதͰɺ PrincipalΛηοτ͍ͯ͠·͢ɻ ݱঢ়͸OperatorͷΈͰ͕͢ɺTokenͳͲ΋͜ͷํ๏ͰTokenId(?)ͳͲΛηοτ͠·͢ɻ   _ <- AuthzIO.setPrincipal[R](operator.id.toPrincipalId)

Slide 42

Slide 42 text

4 2 runAuthzIO࣌ʹ ೝՄνΣοΫͷίϚϯυΛ࢓ࠐΉ Runͷॲཧ͸ɺࣜʹରͯ͠Ұ౓͔͠ߦΘΕͳ͍ͷͰೝՄνΣοΫͷ໋ྩΛڬΉλΠϛϯάͱ͠ ͔ͯͳΓద੾Ͱ͢ɻ͜ΕʹΑͬͯԣஅతͳείʔϓͷνΣοΫΛҰ౓ͷॲཧͰޮ཰తʹߦ͏͜ ͱ͕Ͱ͖·͢ɻ

Slide 43

Slide 43 text

4 3 ͋ͱ͸ೝՄνΣοΫͷίϚϯυ Λॲཧ͢Δ͚ͩ ೝՄRequestͷίϚϯυ಺ͰɺPrincipalIdͱScopeΛState͔ΒऔΓग़͠ɺPrincipalIdΛݩʹAuthzCtx͔Β AttachedPolicyΛऔಘ͠ɺScopeͱಥ߹͠ɺAllow/DenyΛ൑ఆ͠·͢ɻ RejectionͳͲͷॲཧ΋͋ΔͷͰׂͱෳࡶͰ͕͢ɺૄʹอ͍ͯͯ·͢ɻ(͜Ε͕֤ॴʹࢄΔͷ͸ׂͱ͋Γ͕ͪ…)

Slide 44

Slide 44 text

4 4 ౎౓ɺॲཧΛ଍ͨ͠Γมߋ͢ΔͨͼʹೝՄΛҙࣝ͢Δඞཁ͕ͳ͘ ͳΓɺυϝΠϯϞσϧ௥Ճ࣌ʹ͚ͩҙࣝ͢Ε͹Α͘ͳͬͨ υϝΠϯϞσϧ௥Ճ࣌΋ɺߟྀ͕࿙ΕͨΒίϯύΠϧΤϥʔͰݕ ஌Ͱ͖ΔΑ͏ʹͳͬͨ(scala fi x࠷ߴ)

Slide 45

Slide 45 text

4 5 Ϙϒ͓͡͞Μ͕ʮηΩϡϦςΟ͸ΞϓϦέʔγϣϯಛ༗ͷؔ৺͝ ͱͰ͋ΓɺϏδωεΦϒδΣΫτ͸͜ͷ͜ͱʹ͍ͭͯҙࣝ͠ͳ ͍ʯతͳ͜ͱΛݴ͍ͬͯ·͕ͨ͠ɺݸਓతʹ͸ʮͦͷέʔε΋͋ Γɺͦ͏Ͱͳ͍έʔε΋͋Δʯͱߟ͍͑ͯ·͢ɻ

Slide 46

Slide 46 text

4 6 υϝΠϯϩδοΫͷ෼ذ΍ɺॲཧ಺༰ͦͷ΋ͷʹؔ༩͢Δέʔε ͱɺϏδωεΦϒδΣΫτ͕ҙࣝ͠ͳͯ͘ྑ͍Scopeͱ͍͏ܗͷ ྆ํΛόϥϯεΑ͘දݱͰ͖͍ͯΔ

Slide 47

Slide 47 text

4 7 ϑϩϯτͱͷ΍ΓͱΓ

Slide 48

Slide 48 text

4 8 ·ͣ͸ FEͱBEͷೝՄͷϞνϕࠩ෼ʹ ͍ͭͯղઆ

Slide 49

Slide 49 text

4 9 BEͷೝՄͷϞνϕ - ೝՄ͸ઈରͷ੍໿ - ͜Ε͕कΒΕͳ͔ͬͨΒଈηΩϡϦςΟϦεΫ - ࠷ޙͷཁ

Slide 50

Slide 50 text

5 0 FEͷೝՄͷϞνϕ - Ϣʔβʔͷೝ஌ෆՄΛԼ͛ɺମݧΛΑ͘͢ΔͨΊʹBEଆͰઃఆ͞Ε͍ͯΔೝՄ৘ใΛར༻͠ ͍ͨ - ࡉ͔͍ೝՄଐੑ৘ใΛ஌Δඞཁ͸ͳ͘ɺʮΤϯυϙΠϯτ͕͚ͨͨΔݖݶΛ༗͢Δ͔൱͔ʯ ͘Β͍ͷཻ౓Ͱ෼͔Ε͹ɺίϯϙʔωϯτͷඇ׆ੑԽʹ࢖͑Δ - ࠷ѱɺඇ׆ੑԽ͞Εͳͯ͘΋BEଆͰೝՄΤϥʔͱͳΕ͹OK

Slide 51

Slide 51 text

5 1 BEଆͰ؅ཧ͍ͯ͠Δࡉ͔͍ೝՄଐੑΛFEͰ൑ఆʹ࢖͏ͱɺFE,BEͷ ີ݁߹ʹ΋ͭͳ͕ΓؾָʹೝՄଐੑΛมߋ͠ʹ͍͘ঢ়ଶʹͳΔɻ Կ͔Ұͭɺ͔·͍ͤͨ

Slide 52

Slide 52 text

5 2 ϑϩϯτଆ͕ղऍ͠΍͍͢ ܗʹೝՄ৘ใΛՃ޻͢Δ

Slide 53

Slide 53 text

5 3 SAT (Scalebase Authorization target)

Slide 54

Slide 54 text

5 4 ཁ͸IAMͷScalebase൛Ͱ͢ - ΤϯυϙΠϯτͱ1-1ͰରԠ͢ΔrouteNameͱɺprincipalͷ৘ใΛදݱ͠·͢

Slide 55

Slide 55 text

5 5 SATͷ࡞Γํ

Slide 56

Slide 56 text

5 6 ΤϯυϙΠϯτΛ௥Ճ͢Δࡍʹ RPCΛఆٛ͢Δ ͜Ε·Ͱɺrequest,response͚ͩఆٛͯ͠·͕ͨ͠ɺrpc΋ఆٛ͢ΔΑ͏ʹ͠·͢ɻ ͜ͷrpcͰBEͷRouteҰཡΛFEͱڞ༗͠·͢ɻ BEଆͰ΋SATͷ૊Έཱͯ࣌ʹར༻͠·͢ɻ

Slide 57

Slide 57 text

5 7 SATConverterͰม׵ FE͸ΦϖϨʔλʔʹඥ͍ͮͨSATΛOperatorPolicyAPIͰऔಘ͠ɺݖݶͷͳ͍ػೳ΁ͷಋઢΛඇ ׆ੑԽͨ͠Γ͠·͢ɻ ΤϯυϙΠϯτΛ௥Ճͨ͠ΒRPCͷϓϩόϑͱɺSATConverterΛ͍͡Δඞཁ͕͋ΔͷͰ஫ҙ ʢ͜ͷล͸ࣗಈͰΑ͠ͳʹ͍ͨ͠ɾɾɾ͕ɺ࠷ѱ࿙Εͯ΋BE͸ೝՄΤϥʔʹͳΔͷͰηΩϡϦ ςΟϦεΫʹ͸ͳΒͳ͍ʣ

Slide 58

Slide 58 text

5 8 ϑϩϯτଆͷରԠ ͻ·ͷ͕͋γϡοͱ͚ͭΒΕΔΑ͏ʹͯ͘͠Ε͍ͯΔɻ

Slide 59

Slide 59 text

5 9 ੍ޚ͍ͨ͠ίϯϙʔωϯτΛ PermissionͰғ͏͚ͩ https://www.notion.so/alpinc/ADR-1667a3385947474e926567413512cf91?p=252d0ed6f3634037b78b704e8ead87ba https://www.notion.so/alpinc/ADR-1667a3385947474e926567413512cf91?p=2c7e0b82c44646feb8f15ba6cc411a0e ৄ͍͠࢖͍ํ͸👇👇👇

Slide 60

Slide 60 text

6 0 StorybookͰ΋֬ೝͰ͖ΔΑ͏ʹͳ͍ͬͯΔɻ Allowed/Denied ProviderΛఆٛ͢Δ͚ͩ

Slide 61

Slide 61 text

6 1 ࠓޙͷԠ༻

Slide 62

Slide 62 text

6 2 ResourceIdϑΟϧλͷޮ཰Խ ݅਺͕ଟ͘ͳΔͱϑΟϧλΛΞϓϦଆͰ΍Δͷ͸͔ͳΓඇޮ཰ͳͷͰɺDao΋EffʹੵΈɺSQL ͷwhere۟ʹresoruceIdΛ࢓ࠐΊΔΑ͏ʹ͍ͨ͠

Slide 63

Slide 63 text

6 3 PresenterͷEffԽ PresenterΛEffʹੵΉͱɺPresenterͷॲཧ಺ͰAuthz͕γʔϜϨεʹར༻Ͱ͖ΔΑ͏ʹͳΔͷ Ͱɺͨͱ͑͹ʮಛఆͷ৘ใΛϚεΫ͍ͨ͠ʯͳͲͷཁ݅ʹ΋؆୯ʹରԠͰ͖ΔΑ͏ʹͳΓ· ͢ɻཁ͕݅ग़͖ͯͨΒ΍͍͖͍ͬͯͨɻ

Slide 64

Slide 64 text

6 4 ݖݶ؅ཧը໘ ݖݶ؅ཧը໘ɺ݁ߏΉ͍ͣɻϑϩϯτʹ͸ೝՄͷৄࡉΛ఻͑Δඞཁ͕ͳ͍ͷͰSATΛ༻ҙ͠· ͕ͨ͠ɺOperatorʹ͸ࡉ͔͘఻͑Δඞཁ͕͋Δɻ AWSͷIAMΤσΟλΛࢀߟʹ࡞͍͖͍͍͍͍͍ͬͯͨɻʢݱঢ়͸ɺOperator࡞੒࣌ʹͳΜͰ΋Ͱ ͖ΔݖݶΛ෇༩͍ͯ͠Δ + όονͰݖݶ௥ՃͰ͖ΔΑ͏ʹ͍ͯ͠·͢ɻʣ