Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
reinforce-2019-recap-lt
Search
ryo nakamaru
July 30, 2019
Programming
4.2k
2
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
reinforce-2019-recap-lt
ryo nakamaru
July 30, 2019
More Decks by ryo nakamaru
See All by ryo nakamaru
AWSで楽をするサービスメッシュ入門/appmesh-trial
pottava
1
1.7k
ScaleShift-jp-2019-summer
pottava
1
230
Firecracker とは何か/what is Firecracker
pottava
12
5.7k
ハイブリッド並列 on Kubernetes/hybrid-parallel-program-on-kubernetes
pottava
1
460
AWS Fargate + Code 兄弟で始める継続的デリバリー / Continuous Delivery with AWS Fargate and Code brothers
pottava
12
3.3k
Singularity と NVIDIA GPU Cloud で作る ハイブリッド機械学習環境の構築 / Building a hybrid environment for Machine Learning with Singularity and NGC
pottava
3
1.5k
明日から始めるちょい足し λ / get-started-with-aws-lambda
pottava
4
2.5k
NGC と Singularity によるハイブリッド機械学習環境 / A hybrid environment for Machine Learning with NGC and Singularity
pottava
0
540
NGC × Singularity での機械学習環境/MachineLearning environment with NGC and Singularity
pottava
2
880
Other Decks in Programming
See All in Programming
jQueryをバージョンアップする前に使いたいjQuery Migrate
matsuo_atsushi
0
590
Make SRE Operations Easier with Azure SRE Agent
kkamegawa
0
7.9k
ECSアプリログをFireLensでコスト削減しようとしたけど諦めた話 in Fargate×Node.js
akihisaikeda
2
4.2k
フロントエンドとバックエンドで「1文字」を揃えよう
youkidearitai
PRO
0
740
Observability in Practice:Grafana 與 Edge Device SRE 的那些事
blueswen
0
170
並列実装の現場、2ヶ月間実務でAIを使い倒したAIもPCも私も限界が近い
ming_ayami
0
130
セキュリティの専門家じゃなくてもできる。「セキュリティ意識」をアップデートして サプライチェーン攻撃への耐性を高めよう。
tk3fftk
5
920
AIだと陥りがちなJakarta EE最新技術への移行時の落とし穴と解決策
tnagao7
0
120
正しくソフトウェアを作る、前提を疑うための認知の視点 / doubt-premise
minodriven
21
7k
Hunting Vulnerabilities in Symfony with LLMs
vinceamstoutz
0
560
代数的データ型って何が嬉しいの? #frontend_phpcon_do
kajitack
8
3.8k
Lessons from Spec-Driven Development
simas
PRO
0
220
Featured
See All Featured
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
3.5k
The Invisible Side of Design
smashingmag
301
52k
Balancing Empowerment & Direction
lara
6
1.2k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
360
30k
Statistics for Hackers
jakevdp
799
230k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
23k
Prompt Engineering for Job Search
mfonobong
0
350
Design of three-dimensional binary manipulators for pick-and-place task avoiding obstacles (IECON2024)
konakalab
0
470
YesSQL, Process and Tooling at Scale
rocio
174
15k
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
66
55k
Utilizing Notion as your number one productivity tool
mfonobong
4
330
Visual Storytelling: How to be a Superhuman Communicator
reverentgeek
2
560
Transcript
How do you reinforce yourself ? AWS re:Inforce 2019 re:Cap
@ July 30th Ryo Nakamaru, SUPINF Inc.
தؙ ྑ @pottava - SUPINF ͱ͍͏डୗ։ൃӡ༻ձࣾͰΤϯδχΞͯ͠·͢ - ւ֎ΧϯϑΝϨϯε 2 ճఔ
- ӳޠͣͬͱΈͷछ Profile
SUPINF Inc !3 ※ Mac ͷࣙॻΑΓҾ༻
SUPINF Inc !4 ※ Mac ͷࣙॻΑΓҾ༻ ηΩϡϦςΟ ؔͳ͍ͷ͔ɾɾ
SUPINF Inc 5 re:Inforce Ͳ͏ͩͬͨͷ
SUPINF Inc 6 ࠷ͬߴͰͨ͠ɻ ΄Μͱָ͔ͬͨ͠
SUPINF Inc 7 ɾԿ͕࠷ߴͩͬͨͷ͔ recap ɾདྷώϡʔετϯʹ͚ͯ
SUPINF Inc ࠷ߴͩͬͨ͜ͱ
SUPINF Inc ࠷ߴͦͷɹ (AWS ͷ) ॏཁ֓೦ͷཧղ͕ਂ·Δ 9 1: ࢦ͖͢ɺϏδωεͷΞδϦςΟ ͱ
Ψόφϯε Λ ཱ྆͢Δ ͜ͱ https://www.youtube.com/watch?v=2t-VkWt0rKk
SUPINF Inc 10 ͦͷͨΊʹɺΨʔυϨʔϧ ͱ ϥϯσΟϯάκʔϯ ͑͋͞Ε͍͍ɻ ͋ͱϓϩδΣΫτνʔϜʹɺࣗ༝ʹΒͤΑ͏ʂ https://www.youtube.com/watch?v=2t-VkWt0rKk
SUPINF Inc 11 ग़య: ϏϧμʔʹඞཁͳηΩϡϦςΟʮ൪ʯͰͳ͘ʮΨʔυϨʔϧʯ https://weekly.ascii.jp/elem/000/000/425/425592/
SUPINF Inc 12 ֓೦Λ࠲ֶͰֶΜͩΒ
SUPINF Inc 13 . AWS ͰͷΨʔυϨʔϧ࣮ͱͯ͠ɺاۀͷηΩϡϦςΟϙϦγʔΛ ʮAWS Organizations ͷ SCPʯʮIAM
ͷ Permissions Boundaryʯͷ ซ༻Ͱ࣮ݱͰ͖ͦ͏Ͱ͢ɻ͋ͳͨͳΒɺͲͷΑ͏ʹ࣮͠·͔͢ʁ
SUPINF Inc 14 https://identity-round-robin.awssecworkshops.com/permission-boundaries/presentation.pdf ͍͏ͪʹɺϫʔΫγϣοϓͰమ͕ଧͯΔɻʢΘ͔Βͳ͍͜ͱ͕Θ͔Δʣ
SUPINF Inc AWS ΧϯϑΝϨϯεͷ͓͢͢Ί 15 • ηογϣϯΑΓϫʔΫγϣοϓ ε ‣ ࡢࠓɺ΄ͱΜͲͷηογϣϯ
YouTube Ͱެ։͞Ε·͢ ‣ Ϣʔβࣄྫ ͍ؾ࣋ͪΛݺͼى͍ͨ͜͠ ߹ผ ‣ ਓؾ ϫʔΫγϣοϓ͙͢ຒ·Δ ͷͰҙʂʂ • ηογϣϯΑΓϒʔεΛ·ΘΖ͏
SUPINF Inc ࠷ߴͦͷɹ ະདྷͷ͕Ͱ͖Δ / ະདྷ͕Έ͑Δ 16 2: AWS ύʔτφʔاۀ͋ΔҙຯɺAWS
ΑΓଟগઌߦ͍ͯ͠Δ͔ʁʁ
SUPINF Inc 17 ʮ͔ͨ͠ʹ͜Εۀָ͕ʹͳΔ ʯ ʮ͜ͷػೳɺAWS དྷ͖ͩͯͦ͠͏ʯ
SUPINF Inc 18 ͑ʁຊʹཧళͳ͍ͷʁ ͬͯΈ͍ͨΜ͚ͩͲʁ·͓ͣࢼ͠Ͱɻ ͍͍Αɺ͡Ό͋དྷि NDA ݁ͼͭͭ ΧϯϑΝϨϯείʔϧͰઆ໌ͤͯ͞ʂ ϒʔεͰͷΑ͋͘ΔྲྀΕ
SUPINF Inc 19 ͓͠Ζ͍ 2 ࣾΛ͝հ
SUPINF Inc 20
SUPINF Inc Aporeto 21 • Identity-based access control ε ‣
ΦϯϓϨ͔ΒΫϥυͰͷαʔόʔϨε·ͰɻϋΠϒϦουɻ ‣ ಛఆͷϥϕϧ͕͍ͭͨϦιʔεʹͷΈΞΫηεΛڐՄ ‣ γϛϡϨʔγϣϯ / ݕূ / ຊ൪ར༻ͷ҆৺εςοϓ • ωοτϫʔΫͷࢹͱڧ੍ ε ‣ ϗετʹΠϯετʔϧ͢Δ Enforcer ͕શ௨৴ΛѲɾ੍ޚ ‣ ՄࢹԽτϨʔε͕ Web UI ͔Β͔ΜͨΜʹ
SUPINF Inc 22 Ϋϥυ࣌ͷΨόφϯεɾɾʁ → ΄΅΄΅ AWS ͷ֓೦ͷԆ ɹʢ͍͍ҙຯͰͶɻ૬ੑΑͦ͞͏ʣ
SUPINF Inc 23 AWS re:Inforce 2019: Governance for the Cloud
Age (DEM12-R1) https://youtu.be/y3WmHnavuN8
SUPINF Inc དྷͷώϡʔετϯ Ͱָ͠ΉͨΊʹ
SUPINF Inc 25 ϫʔΫγϣοϓࢀՃ AWS ͷதͷਓ ࣭͍ͨ͠ɺΛཧղ͍ͨ͠
SUPINF Inc Tips ͦͷɹ ࣄલʹ४උ͢Δ 26 1: • AWS ͷւ֎ΧϯϑΝϨϯε҆͘ͳ͍
‣ ຊͰΘ͔Δ͜ͱ ௐ͍ͯ͘ ‣ Security Specialty ͱ SA Pro ͬͯͯΑ͏͘ Hello Worldʁ • ϒʔεΛճΔ ‣ ࣗͷࣄۀͱࠔ͍ͬͯΔϙΠϯτΛ ӳޠͰ આ໌ͯ͠ΈΔ ‣ Λฉ͍ͯΈ͍ͨ SaaS ʹࣄલʹΞϙΛͱͬͯΈΔ
SUPINF Inc Tips ͦͷɹ ຊʹ͍Δ͍͋ͩʹਓ຺Λ͛Δ 27 2: • ࠓνϟϯεͰ͢ ‣
AWS Japan ͞Μ͔Βͷใൃ৴ΛੵۃతʹऔΓʹ ‣ ͢Ͱʹ࣮ફ͍ͯ͠Δਓ͔ΒΓํΛฉ͍ͯ͠·͏ • ݱ ‣ Ϙον൧ͷϦεΫ ‣ հͰΞϙ͕ೖΔͱΓɺձ͍͍͢ʢ͋ͨΓ·͑ʣ
SUPINF Inc 28 ͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ :) ࢀߟɿ • AWS re:Inforce 2019:
Using AWS Control Tower to Govern Multi- Account AWS Environments (GRC313-R) https://www.youtube.com/ watch?v=2t-VkWt0rKk • ϏϧμʔʹඞཁͳηΩϡϦςΟʮ൪ʯͰͳ͘ʮΨʔυϨʔϧʯ - िץΞεΩʔ https://weekly.ascii.jp/elem/000/000/425/425592/ • Identity Round Robin Workshop Permissions Boundaries https:// identity-round-robin.awssecworkshops.com/permission-boundaries/ presentation.pdf • Aporeto https://www.aporeto.com • Turbot https://turbot.com
SUPINF
Our Works ϏδωεΤϦΞͷ͝հ ্ྲྀϑΣʔζ͔ΒɺԼྲྀϑΣʔζ ·Ͱ ͯ͢ड͚Δࣄ͕ՄೳͰ͢ɻ SES ฐࣾͰߏஙޙͪΖΜɺطʹՔ ಇ͍ͯ͠ΔαʔϏεʹ͍ͭͯ αϙʔτ͠·͢ɻ
MSP ओʹӦۀಉߦͱͯ͠ͷɹ ٕज़తͳαϙʔτΛ͍ͯ͠·͢ɻ Sales Support ॳظߏஙͷࢼࢉ෦͚ͩͰͳ͘ αʔόʔҠߦɾϓϩάϥϜҠߦ ରԠ͠·͢ɻ POC PMOʹΔ෦ͪΖΜͷ͜ ͱɺࣾεΩϧΛߴΊ͍ͨͱݴͬ ͨߨशߦ͍ͬͯ·͢ɻ Consulting
(C) SUPINF Inc., All Rights Reserved. < CONFIDENTIAL > "84ϚωʔδυαʔϏεΛ౷߹͢Δ͜ͱͰ֦ுੑ
ٴͼӡ༻ੑೳͷߴ͍γεςϜΛ࣮ݱ $PHOJUPɺ"1*(BUFXBZʹΑΔೝূج൫ 424ɺ-BNCEBɺ"84#BUDIΛ Έ߹Θͤͨ൚༻δϣϒཧγεςϜ ΦϯϓϨϛεͱͷϋΠϒϦουڥ ฐࣾ୲ΤϦΞ ⾣طଘۀγεςϜͷ3&45"1*Խ ⾣ϓϥοτϑΥʔϜͷઃܭ ߏங Ϛϧνςφϯτ / SaaS ܕ - API ϓϥοτϑΥʔϜ
Kubernetes ʹΑΔϋΠϒϦουػցֶशڥ (C) SUPINF Inc., All Rights Reserved. < CONFIDENTIAL
> ΦϯϓϨϛε༏ઌɺࣾγεςϜͱͷ౷߹ %PDLFSϨδετϦϑΝΠϧετϨʔδΦϯϓϨ ηΩϡϦςΟϨϕϧʹԠͨ͡ϑΝΠϧసૹ੍ޚ %(9 LT ࣾೝূγεςϜ౷߹ֶशج൫ "1*ͳͲΛ௨ͨ݁͡ՌϦιʔεঢ়ଶͷՄࢹԽ εέʔϧઌͱͯ͠"84ͷ(16αʔόʔΛར༻ ,VCFSOFUFTͷϊʔυͱͯ͠%9ઌͷΫϥυΛ ฐࣾ୲ΤϦΞ ⾣Πϯϑϥͷઃܭ ߏங corporate data center AWS cloud ֶशΫϥελ ֶशΫϥελ & ΦϯϓϨϛεڥ ߴੑೳετϨʔδ
౦ژौ୩۠ौ୩2-11-5 03-6427-6517 https://www.facebook.com/supinf/ @supinf_pr CONTACT US And thank you for
your time