Tweet
Tweet

Slide 1

Slide 1 text

&$4ͱ424Ͱ εέʔϥϒϧͳόονΛ࡞ͬͨ ٢ాوจ ![FQIJSBOTBT Ϋϥεϝιουגࣜձࣾ

Slide 2

Slide 2 text

εϥΠυ͸ޙͰೖख͢Δ͜ͱ͕ग़དྷ·͢ͷͰ ൃදதͷ಺༰ΛϝϞ͢Δඞཁ͸͋Γ·ͤΜɻ ࣸਅࡱӨΛ͢Δ৔߹͸ ϑϥογϡɾγϟολʔԻ͕ग़ͳ͍Α͏ʹ͝഑ྀ͍ͩ͘͞ Attention

Slide 3

Slide 3 text

#jawsug #jawsoka #soracomug

Slide 4

Slide 4 text

ࣗݾ঺հ ٢ాوจ ![FQIJSBOTBT wΫϥεϝιουגࣜձࣾ w$9ࣄۀຊ෦αʔόαΠυΤϯδχΞ wԬࢁ+BWBϢʔβձ୅දΦʔϓϯη ϛφʔԬࢁ࣮ߦҕһ w޷͖ͳ"84ͷαʔϏε w&$4 %ZOBNP%#

Slide 5

Slide 5 text

ΞδΣϯμ wΞʔΩςΫνϟ֓ཁ w4XJUDI3PMFʹ͍ͭͯ w424Ͱ΍ͬͨ͜ͱ w&$4Ͱ΍ͬͨ͜ͱ w΍ͬͯΈͨ

Slide 6

Slide 6 text

ΞʔΩςΫνϟ֓ཁ

Slide 7

Slide 7 text

΍Γ͍ͨ͜ͱ wσʔλͷҰׅߋ৽ wݩσʔλ͸$47 wσʔλྔ͸े਺ສ݅ఔ౓ w*%ͱɺߋ৽಺༰͕ೖ͍ͬͯΔ wߋ৽ʹ͸֎෦ͷ"1*Λୟ͘

Slide 8

Slide 8 text

Slide 9

Slide 9 text

Switch RoleͰ ΍ͬͨ͜ͱ

Slide 10

Slide 10 text

w424΁ͷσʔλૹ৴ॲཧͰ4XJUDI3PMF͍ͨ͠ w4XJUDI3PMF͢Δʹ͸.'"ඞਢ wBXTDMJͰ͋Ε͹్தͰτʔΫϯΛೖྗͰ͖Δ w4%,ͩͱࣗલͰΫϨσϯγϟϧΛऔಘͯ͠΍ Δඞཁ͕͋Δ

Slide 11

Slide 11 text

BXTDPOpH [default] region = ap-northeast-1 output = json [profile hoge] region = ap-northeast-1 source_profile = default role_arn = arn:aws:iam::ACCOUNT_ID:role/john-doe mfa_serial = arn:aws:iam::ACCOUNT_ID:mfa/john-doe

Slide 12

Slide 12 text

BXTDMJͰ4XJUDI3PMF͢Δ৔߹ $ AWS_PROFILE=hoge aws s3 ls Enter MFA code for arn:aws:iam::ACCOUNT_ID:mfa/john-doe [MFAτʔΫϯΛೖྗ͢Δ]

Slide 13

Slide 13 text

"3/ɺ.'"τʔΫϯɺTUTΫϥΠΞϯτ sts_client = Aws::STS::Client.new(region: 'ap-northeast-1') role_arn = `aws configure get role_arn --profile hoge`.chomp serial_number = `aws configure get mfa_serial --profile hoge`.chomp puts "Input MFA token code..." token_code = gets.chomp

Slide 14

Slide 14 text

ΫϨσϯγϟϧੜ੒͠424ΫϥΠΞϯτΛ࡞੒ role_credentials = Aws::AssumeRoleCredentials.new( client: sts_client, role_arn: role_arn, role_session_name: "hoge_session", serial_number: serial_number, token_code: token_code) Aws::SQS::Client.new(credentials: role_credentials)

Slide 15

Slide 15 text

w؀ڥม਺"84@130'*-&͸ར༻͠ͳ͍ wBXTDPOpHVSFHFUͰඞཁͳ"3/Λऔಘ͢Δ w.'"τʔΫϯ͸ผ్ɺೖྗͤ͞Δ wTUTΫϥΠΞϯτΛ࡞੒͠ɺ "TTVNF3PMF$SFEFOUJBMTͰɺΫϨσϯγϟϧ Λऔಘ͢Δ

Slide 16

Slide 16 text

SQSͰ΍ͬͨ͜ͱ

Slide 17

Slide 17 text

wෳ਺ͷλεΫ͔ΒΞΫηε͞ΕΔͷͰɺ͜ΕΛ ͍͍ײ͡ʹॲཧͰ͖Δ wॲཧͰ͖ͳ͔ͬͨσʔλΛɺผΩϡʔʹҠͯ͠ ϦτϥΠ͠΍͘͢͢Δ w424ͷ%FBE-FUUFS2VFVFͷ࢓૊ΈΛ࢖͏

Slide 18

Slide 18 text

Slide 19

Slide 19 text

#PEZ 3FDFJWF$PVOU 7JTJCMF 536&

Slide 20

Slide 20 text

#PEZ 3FDFJWF$PVOU 7JTJCMF '"-4&

Slide 21

Slide 21 text

#PEZ 3FDFJWF$PVOU 7JTJCMF 536& VisibilityTimeoutΛա͗ͯ΋Delete͞Εͳ͔ͬͨ৔߹

Slide 22

Slide 22 text

#PEZ 3FDFJWF$PVOU 7JTJCMF Receive Count͕࠷େReceive CountΛ௒͑ͨ৔߹ #PEZ 3FDFJWF$PVOU 7JTJCMF 536& DLQ΁Ҡಈ

Slide 23

Slide 23 text

ECSͰ΍ͬͨ͜ͱ

Slide 24

Slide 24 text

w'BSHBUFͰϦιʔε؅ཧͷखؒΛݮΒ͍ͨ͠ wฒྻͰ࣮ߦͰ͖ΔΑ͏ʹ͍ͨ͠ wঢ়گʹԠͯ͡ɺλεΫͷ਺Λௐ੔͍ͨ͠ w$MJFOU4FDSFUͳͲΛ҆શʹѻ͍͍ͨ

Slide 25

Slide 25 text

Slide 26

Slide 26 text

ύϥϝʔλετΞʹઃఆ஋Λ֨ೲ aws ssm put-parameter \ --name /ClientId \ --value CLIENT_ID_XXXX \ --type String

Slide 27

Slide 27 text

λεΫఆ͔ٛΒࢀর ContainerDefinitions: - Name: app ... Secrets: - Name: CLIENT_ID ValueFrom: !Sub "arn:aws:ssm:ap-northeast-1:${AWS::AccountId}:parameter/ClientId" - Name: CLIENT_SECRET ValueFrom: !Sub "arn:aws:ssm:ap-northeast-1:${AWS::AccountId}:parameter/ClientSecret" λεΫ಺ͷ؀ڥม਺Ͱ஋ΛऔಘͰ͖Δ

Slide 28

Slide 28 text

΍ͬͯΈͨ

Slide 29

Slide 29 text

wର৅σʔλສ݅ w424΁ͷσʔλૹ৴ʹ࣌ؒ wʢͳΜ͔վળ͍ͨ͠ؾ͕͢Δ w&$4ͷόονॲཧ͕࣌ؒະຬͰऴྃ

Slide 30

Slide 30 text

w4%,Ͱ4XJUDI3PMF͢Δʹ͸ͻͱखؒඞཁ w424͸࢓૊ΈΛཧղ͔ͯͭ͑͠͹ɺ͘͢͝ศ ར w&$4ͷฒྻλεΫΛ࢖ͬͯɺεέʔϥϒϧʹ͠ Α͏

Slide 31

Slide 31 text

No content