reinforce-2019-recap-lt

 reinforce-2019-recap-lt

1e5a15f4dc65c207a04a1e82a3f92e92?s=128

ryo nakamaru

July 30, 2019
Tweet

Transcript

  1. How do you reinforce yourself ? AWS re:Inforce 2019 re:Cap

    @ July 30th Ryo Nakamaru, SUPINF Inc.
  2. தؙ ྑ @pottava - SUPINF ͱ͍͏डୗ։ൃӡ༻ձࣾͰΤϯδχΞͯ͠·͢ - ւ֎ΧϯϑΝϨϯε͸೥ 2 ճఔ౓

    - ӳޠ͸ͣͬͱ೰Έͷछ Profile
  3. SUPINF Inc !3 ※ Mac ͷࣙॻΑΓҾ༻

  4. SUPINF Inc !4 ※ Mac ͷࣙॻΑΓҾ༻ ηΩϡϦςΟ ؔ܎ͳ͍ͷ͔ɾɾ

  5. SUPINF Inc 5 re:Inforce Ͳ͏ͩͬͨͷ

  6. SUPINF Inc 6 ࠷ͬߴͰͨ͠ɻ ΄Μͱָ͔ͬͨ͠

  7. SUPINF Inc 7 ɾԿ͕࠷ߴͩͬͨͷ͔ recap ɾདྷ೥ώϡʔετϯʹ޲͚ͯ

  8. SUPINF Inc ࠷ߴͩͬͨ͜ͱ

  9. SUPINF Inc ࠷ߴͦͷɹ (AWS ͷ) ॏཁ֓೦ͷཧղ͕ਂ·Δ 9 1: ໨ࢦ͢΂͖͸ɺϏδωεͷΞδϦςΟ ͱ

    Ψόφϯε Λ ཱ྆͢Δ ͜ͱ https://www.youtube.com/watch?v=2t-VkWt0rKk
  10. SUPINF Inc 10 ͦͷͨΊʹ͸ɺΨʔυϨʔϧ ͱ ϥϯσΟϯάκʔϯ ͑͋͞Ε͹͍͍ɻ ͋ͱ͸ϓϩδΣΫτνʔϜʹɺࣗ༝ʹ૸ΒͤΑ͏ʂ https://www.youtube.com/watch?v=2t-VkWt0rKk

  11. SUPINF Inc 11 ग़య: ϏϧμʔʹඞཁͳηΩϡϦςΟ͸ʮ໳൪ʯͰ͸ͳ͘ʮΨʔυϨʔϧʯ https://weekly.ascii.jp/elem/000/000/425/425592/

  12. SUPINF Inc 12 ֓೦Λ࠲ֶͰֶΜͩΒ

  13. SUPINF Inc 13 ໰. AWS ͰͷΨʔυϨʔϧ࣮૷ͱͯ͠ɺاۀͷηΩϡϦςΟϙϦγʔΛ ʮAWS Organizations ͷ SCPʯ΍ʮIAM

    ͷ Permissions Boundaryʯͷ ซ༻Ͱ࣮ݱͰ͖ͦ͏Ͱ͢ɻ͋ͳͨͳΒɺͲͷΑ͏ʹ࣮૷͠·͔͢ʁ
  14. SUPINF Inc 14 https://identity-round-robin.awssecworkshops.com/permission-boundaries/presentation.pdf ೤͍͏ͪʹɺϫʔΫγϣοϓͰమ͕ଧͯΔɻʢΘ͔Βͳ͍͜ͱ͕Θ͔Δʣ

  15. SUPINF Inc AWS ΧϯϑΝϨϯεͷ͓͢͢Ί 15 • ηογϣϯΑΓ΋ϫʔΫγϣοϓ ε ‣ ࡢࠓɺ΄ͱΜͲͷηογϣϯ͸

    YouTube Ͱެ։͞Ε·͢ ‣ Ϣʔβࣄྫ ΍ ೤͍ؾ࣋ͪΛݺͼى͍ͨ͜͠ ৔߹͸ผ ‣ ਓؾ ϫʔΫγϣοϓ͙͢ຒ·Δ ͷͰ஫ҙʂʂ • ηογϣϯΑΓ΋ϒʔεΛ·ΘΖ͏
  16. SUPINF Inc ࠷ߴͦͷɹ ະདྷͷ࿩͕Ͱ͖Δ / ະདྷ͕Έ͑Δ 16 2: AWS ύʔτφʔاۀ͸͋ΔҙຯɺAWS

    ΑΓଟগઌߦ͍ͯ͠Δ͔΋ʁʁ
  17. SUPINF Inc 17 ʮ͔ͨ͠ʹ͜Ε͸ۀ຿ָ͕ʹͳΔ ʯ ʮ͜ͷػೳɺAWS དྷ೥͖ͩͯͦ͠͏ʯ

  18. SUPINF Inc 18 ͑ʁ೔ຊʹ୅ཧళͳ͍ͷʁ ࢖ͬͯΈ͍ͨΜ͚ͩͲʁ·ͣ͸͓ࢼ͠Ͱɻ ͍͍Αɺ͡Ό͋དྷि NDA ݁ͼͭͭ ΧϯϑΝϨϯείʔϧͰઆ໌ͤͯ͞ʂ ϒʔεͰͷΑ͋͘ΔྲྀΕ

  19. SUPINF Inc 19 ͓΋͠Ζ͍ 2 ࣾΛ͝঺հ

  20. SUPINF Inc 20

  21. SUPINF Inc Aporeto 21 • Identity-based access control ε ‣

    ΦϯϓϨ͔ΒΫϥ΢υͰͷαʔόʔϨε·ͰɻϋΠϒϦου΋ɻ ‣ ಛఆͷϥϕϧ͕͍ͭͨϦιʔεʹͷΈΞΫηεΛڐՄ ‣ γϛϡϨʔγϣϯ / ݕূ / ຊ൪ར༻ͷ҆৺εςοϓ • ωοτϫʔΫͷ؂ࢹͱڧ੍ ε ‣ ϗετʹΠϯετʔϧ͢Δ Enforcer ͕શ௨৴Λ೺Ѳɾ੍ޚ ‣ ՄࢹԽ΍τϨʔε͕ Web UI ͔Β͔ΜͨΜʹ
  22. SUPINF Inc 22 Ϋϥ΢υ࣌୅ͷΨόφϯεɾɾʁ → ΄΅΄΅ AWS ͷ֓೦ͷԆ௕ ɹʢ͍͍ҙຯͰͶɻ૬ੑΑͦ͞͏ʣ

  23. SUPINF Inc 23 AWS re:Inforce 2019: Governance for the Cloud

    Age (DEM12-R1) https://youtu.be/y3WmHnavuN8
  24. SUPINF Inc དྷ೥ͷώϡʔετϯ Ͱ΋ָ͠ΉͨΊʹ

  25. SUPINF Inc 25 ϫʔΫγϣοϓࢀՃ΍ AWS ͷதͷਓ΁ ࣭໰͍ͨ͠ɺ࿩Λཧղ͍ͨ͠

  26. SUPINF Inc Tips ͦͷɹ ࣄલʹ४උ͢Δ 26 1: • AWS ͷւ֎ΧϯϑΝϨϯε҆͘͸ͳ͍໰୊

    ‣ ೔ຊͰ΋Θ͔Δ͜ͱ͸ ௐ΂͍ͯ͘ ‣ Security Specialty ͱ SA Pro ΋ͬͯͯ΋Α͏΍͘ Hello Worldʁ • ϒʔεΛճΔ ‣ ࣗ෼ͷࣄۀͱࠔ͍ͬͯΔϙΠϯτΛ ӳޠͰ આ໌ͯ͠ΈΔ ‣ ࿩Λฉ͍ͯΈ͍ͨ SaaS ʹࣄલʹΞϙΛͱͬͯΈΔ
  27. SUPINF Inc Tips ͦͷɹ ೔ຊʹ͍Δ͍͋ͩʹਓ຺Λ޿͛Δ 27 2: • ࠓ೔͸νϟϯεͰ͢ ‣

    AWS Japan ͞Μ͔Βͷ৘ใൃ৴ΛੵۃతʹऔΓʹ ‣ ͢Ͱʹ࣮ફ͍ͯ͠Δਓ͔Β΍ΓํΛฉ͍ͯ͠·͏ • ݱ஍ ‣ Ϙον൧ͷϦεΫ ‣ ঺հͰΞϙ͕ೖΔͱ΍͸Γɺձ͍΍͍͢ʢ͋ͨΓ·͑ʣ
  28. SUPINF Inc 28 ͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ :) ࢀߟɿ • AWS re:Inforce 2019:

    Using AWS Control Tower to Govern Multi- Account AWS Environments (GRC313-R) https://www.youtube.com/ watch?v=2t-VkWt0rKk • ϏϧμʔʹඞཁͳηΩϡϦςΟ͸ʮ໳൪ʯͰ͸ͳ͘ʮΨʔυϨʔϧʯ - िץΞεΩʔ https://weekly.ascii.jp/elem/000/000/425/425592/ • Identity Round Robin Workshop Permissions Boundaries https:// identity-round-robin.awssecworkshops.com/permission-boundaries/ presentation.pdf • Aporeto https://www.aporeto.com • Turbot https://turbot.com
  29. SUPINF

  30. Our Works ϏδωεΤϦΞͷ͝঺հ ্ྲྀϑΣʔζ͔ΒɺԼྲྀϑΣʔζ ·Ͱ ͢΂ͯड͚Δࣄ͕ՄೳͰ͢ɻ SES ฐࣾͰߏஙޙ͸΋ͪΖΜɺطʹՔ ಇ͍ͯ͠ΔαʔϏεʹ͍ͭͯ΋ αϙʔτ͠·͢ɻ

    MSP ओʹӦۀಉߦͱͯ͠ͷɹ ٕज़తͳαϙʔτΛ͍ͯ͠·͢ɻ Sales Support ॳظߏஙͷࢼࢉ෦෼͚ͩͰ͸ͳ͘ αʔόʔҠߦɾϓϩάϥϜҠߦ΋ ରԠ͠·͢ɻ POC PMOʹ܎Δ෦෼͸΋ͪΖΜͷ͜ ͱɺࣾ಺εΩϧΛߴΊ͍ͨͱݴͬ ͨߨश΋ߦ͍ͬͯ·͢ɻ Consulting
  31. (C) SUPINF Inc., All Rights Reserved. < CONFIDENTIAL > "84ϚωʔδυαʔϏεΛ౷߹͢Δ͜ͱͰ֦ுੑ

    ٴͼӡ༻ੑೳͷߴ͍γεςϜΛ࣮ݱ $PHOJUPɺ"1*(BUFXBZʹΑΔೝূج൫ 424ɺ-BNCEBɺ"84#BUDIΛ ૊Έ߹Θͤͨ൚༻δϣϒ؅ཧγεςϜ ΦϯϓϨϛεͱͷϋΠϒϦου؀ڥ ฐࣾ୲౰ΤϦΞ ⾣طଘۀ຿γεςϜͷ3&45"1*Խ ⾣ϓϥοτϑΥʔϜͷઃܭ  ߏங Ϛϧνςφϯτ / SaaS ܕ - API ϓϥοτϑΥʔϜ
  32. Kubernetes ʹΑΔϋΠϒϦουػցֶश؀ڥ (C) SUPINF Inc., All Rights Reserved. < CONFIDENTIAL

    > ΦϯϓϨϛε༏ઌɺࣾ಺γεςϜͱͷ౷߹ %PDLFSϨδετϦϑΝΠϧετϨʔδ͸ΦϯϓϨ ηΩϡϦςΟϨϕϧʹԠͨ͡ϑΝΠϧసૹ੍ޚ %(9 LT ࣾ಺ೝূγεςϜ౷߹ֶशج൫ "1*ͳͲΛ௨ͨ݁͡Ռ΍Ϧιʔεঢ়ଶͷՄࢹԽ εέʔϧઌͱͯ͠"84ͷ(16αʔόʔΛར༻ ,VCFSOFUFTͷϊʔυͱͯ͠%9ઌͷΫϥ΢υΛ ฐࣾ୲౰ΤϦΞ ⾣Πϯϑϥͷઃܭ  ߏங corporate data center AWS cloud ֶशΫϥελ ֶशΫϥελ & ΦϯϓϨϛε؀ڥ ߴੑೳετϨʔδ
  33. ౦ژ౎ौ୩۠ौ୩2-11-5 03-6427-6517 https://www.facebook.com/supinf/ @supinf_pr CONTACT US And thank you for

    your time