Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up
for free
reinforce-2019-recap-lt
ryo nakamaru
July 30, 2019
Programming
2
3.8k
reinforce-2019-recap-lt
ryo nakamaru
July 30, 2019
Tweet
Share
More Decks by ryo nakamaru
See All by ryo nakamaru
pottava
1
680
pottava
1
130
pottava
11
4.1k
pottava
1
270
pottava
12
2.2k
pottava
3
790
pottava
4
1.8k
pottava
0
330
pottava
2
440
Other Decks in Programming
See All in Programming
konstantin_diener
0
130
keiichihirobe
1
110
kentatada
0
400
kgmyshin
1
440
mizotake
1
230
grapecity_dev
0
170
sters
2
130
takara9
0
150
morimorihoge
1
150
deepflow
8
2.4k
ryosukes
0
1.3k
manfredsteyer
PRO
0
120
Featured
See All Featured
brianwarren
82
4.7k
jnunemaker
PRO
40
4.6k
addyosmani
311
21k
samanthasiow
56
6.4k
jeffersonlam
329
15k
schacon
145
6.6k
holman
288
130k
holman
448
130k
brettharned
93
3k
maggiecrowley
10
500
reverentgeek
27
2k
mza
80
4.1k
Transcript
How do you reinforce yourself ? AWS re:Inforce 2019 re:Cap
@ July 30th Ryo Nakamaru, SUPINF Inc.
தؙ ྑ @pottava - SUPINF ͱ͍͏डୗ։ൃӡ༻ձࣾͰΤϯδχΞͯ͠·͢ - ւ֎ΧϯϑΝϨϯε 2 ճఔ
- ӳޠͣͬͱΈͷछ Profile
SUPINF Inc !3 ※ Mac ͷࣙॻΑΓҾ༻
SUPINF Inc !4 ※ Mac ͷࣙॻΑΓҾ༻ ηΩϡϦςΟ ؔͳ͍ͷ͔ɾɾ
SUPINF Inc 5 re:Inforce Ͳ͏ͩͬͨͷ
SUPINF Inc 6 ࠷ͬߴͰͨ͠ɻ ΄Μͱָ͔ͬͨ͠
SUPINF Inc 7 ɾԿ͕࠷ߴͩͬͨͷ͔ recap ɾདྷώϡʔετϯʹ͚ͯ
SUPINF Inc ࠷ߴͩͬͨ͜ͱ
SUPINF Inc ࠷ߴͦͷɹ (AWS ͷ) ॏཁ֓೦ͷཧղ͕ਂ·Δ 9 1: ࢦ͖͢ɺϏδωεͷΞδϦςΟ ͱ
Ψόφϯε Λ ཱ྆͢Δ ͜ͱ https://www.youtube.com/watch?v=2t-VkWt0rKk
SUPINF Inc 10 ͦͷͨΊʹɺΨʔυϨʔϧ ͱ ϥϯσΟϯάκʔϯ ͑͋͞Ε͍͍ɻ ͋ͱϓϩδΣΫτνʔϜʹɺࣗ༝ʹΒͤΑ͏ʂ https://www.youtube.com/watch?v=2t-VkWt0rKk
SUPINF Inc 11 ग़య: ϏϧμʔʹඞཁͳηΩϡϦςΟʮ൪ʯͰͳ͘ʮΨʔυϨʔϧʯ https://weekly.ascii.jp/elem/000/000/425/425592/
SUPINF Inc 12 ֓೦Λ࠲ֶͰֶΜͩΒ
SUPINF Inc 13 . AWS ͰͷΨʔυϨʔϧ࣮ͱͯ͠ɺاۀͷηΩϡϦςΟϙϦγʔΛ ʮAWS Organizations ͷ SCPʯʮIAM
ͷ Permissions Boundaryʯͷ ซ༻Ͱ࣮ݱͰ͖ͦ͏Ͱ͢ɻ͋ͳͨͳΒɺͲͷΑ͏ʹ࣮͠·͔͢ʁ
SUPINF Inc 14 https://identity-round-robin.awssecworkshops.com/permission-boundaries/presentation.pdf ͍͏ͪʹɺϫʔΫγϣοϓͰమ͕ଧͯΔɻʢΘ͔Βͳ͍͜ͱ͕Θ͔Δʣ
SUPINF Inc AWS ΧϯϑΝϨϯεͷ͓͢͢Ί 15 • ηογϣϯΑΓϫʔΫγϣοϓ ε ‣ ࡢࠓɺ΄ͱΜͲͷηογϣϯ
YouTube Ͱެ։͞Ε·͢ ‣ Ϣʔβࣄྫ ͍ؾ࣋ͪΛݺͼى͍ͨ͜͠ ߹ผ ‣ ਓؾ ϫʔΫγϣοϓ͙͢ຒ·Δ ͷͰҙʂʂ • ηογϣϯΑΓϒʔεΛ·ΘΖ͏
SUPINF Inc ࠷ߴͦͷɹ ະདྷͷ͕Ͱ͖Δ / ະདྷ͕Έ͑Δ 16 2: AWS ύʔτφʔاۀ͋ΔҙຯɺAWS
ΑΓଟগઌߦ͍ͯ͠Δ͔ʁʁ
SUPINF Inc 17 ʮ͔ͨ͠ʹ͜Εۀָ͕ʹͳΔ ʯ ʮ͜ͷػೳɺAWS དྷ͖ͩͯͦ͠͏ʯ
SUPINF Inc 18 ͑ʁຊʹཧళͳ͍ͷʁ ͬͯΈ͍ͨΜ͚ͩͲʁ·͓ͣࢼ͠Ͱɻ ͍͍Αɺ͡Ό͋དྷि NDA ݁ͼͭͭ ΧϯϑΝϨϯείʔϧͰઆ໌ͤͯ͞ʂ ϒʔεͰͷΑ͋͘ΔྲྀΕ
SUPINF Inc 19 ͓͠Ζ͍ 2 ࣾΛ͝հ
SUPINF Inc 20
SUPINF Inc Aporeto 21 • Identity-based access control ε ‣
ΦϯϓϨ͔ΒΫϥυͰͷαʔόʔϨε·ͰɻϋΠϒϦουɻ ‣ ಛఆͷϥϕϧ͕͍ͭͨϦιʔεʹͷΈΞΫηεΛڐՄ ‣ γϛϡϨʔγϣϯ / ݕূ / ຊ൪ར༻ͷ҆৺εςοϓ • ωοτϫʔΫͷࢹͱڧ੍ ε ‣ ϗετʹΠϯετʔϧ͢Δ Enforcer ͕શ௨৴ΛѲɾ੍ޚ ‣ ՄࢹԽτϨʔε͕ Web UI ͔Β͔ΜͨΜʹ
SUPINF Inc 22 Ϋϥυ࣌ͷΨόφϯεɾɾʁ → ΄΅΄΅ AWS ͷ֓೦ͷԆ ɹʢ͍͍ҙຯͰͶɻ૬ੑΑͦ͞͏ʣ
SUPINF Inc 23 AWS re:Inforce 2019: Governance for the Cloud
Age (DEM12-R1) https://youtu.be/y3WmHnavuN8
SUPINF Inc དྷͷώϡʔετϯ Ͱָ͠ΉͨΊʹ
SUPINF Inc 25 ϫʔΫγϣοϓࢀՃ AWS ͷதͷਓ ࣭͍ͨ͠ɺΛཧղ͍ͨ͠
SUPINF Inc Tips ͦͷɹ ࣄલʹ४උ͢Δ 26 1: • AWS ͷւ֎ΧϯϑΝϨϯε҆͘ͳ͍
‣ ຊͰΘ͔Δ͜ͱ ௐ͍ͯ͘ ‣ Security Specialty ͱ SA Pro ͬͯͯΑ͏͘ Hello Worldʁ • ϒʔεΛճΔ ‣ ࣗͷࣄۀͱࠔ͍ͬͯΔϙΠϯτΛ ӳޠͰ આ໌ͯ͠ΈΔ ‣ Λฉ͍ͯΈ͍ͨ SaaS ʹࣄલʹΞϙΛͱͬͯΈΔ
SUPINF Inc Tips ͦͷɹ ຊʹ͍Δ͍͋ͩʹਓ຺Λ͛Δ 27 2: • ࠓνϟϯεͰ͢ ‣
AWS Japan ͞Μ͔Βͷใൃ৴ΛੵۃతʹऔΓʹ ‣ ͢Ͱʹ࣮ફ͍ͯ͠Δਓ͔ΒΓํΛฉ͍ͯ͠·͏ • ݱ ‣ Ϙον൧ͷϦεΫ ‣ հͰΞϙ͕ೖΔͱΓɺձ͍͍͢ʢ͋ͨΓ·͑ʣ
SUPINF Inc 28 ͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ :) ࢀߟɿ • AWS re:Inforce 2019:
Using AWS Control Tower to Govern Multi- Account AWS Environments (GRC313-R) https://www.youtube.com/ watch?v=2t-VkWt0rKk • ϏϧμʔʹඞཁͳηΩϡϦςΟʮ൪ʯͰͳ͘ʮΨʔυϨʔϧʯ - िץΞεΩʔ https://weekly.ascii.jp/elem/000/000/425/425592/ • Identity Round Robin Workshop Permissions Boundaries https:// identity-round-robin.awssecworkshops.com/permission-boundaries/ presentation.pdf • Aporeto https://www.aporeto.com • Turbot https://turbot.com
SUPINF
Our Works ϏδωεΤϦΞͷ͝հ ্ྲྀϑΣʔζ͔ΒɺԼྲྀϑΣʔζ ·Ͱ ͯ͢ड͚Δࣄ͕ՄೳͰ͢ɻ SES ฐࣾͰߏஙޙͪΖΜɺطʹՔ ಇ͍ͯ͠ΔαʔϏεʹ͍ͭͯ αϙʔτ͠·͢ɻ
MSP ओʹӦۀಉߦͱͯ͠ͷɹ ٕज़తͳαϙʔτΛ͍ͯ͠·͢ɻ Sales Support ॳظߏஙͷࢼࢉ෦͚ͩͰͳ͘ αʔόʔҠߦɾϓϩάϥϜҠߦ ରԠ͠·͢ɻ POC PMOʹΔ෦ͪΖΜͷ͜ ͱɺࣾεΩϧΛߴΊ͍ͨͱݴͬ ͨߨशߦ͍ͬͯ·͢ɻ Consulting
(C) SUPINF Inc., All Rights Reserved. < CONFIDENTIAL > "84ϚωʔδυαʔϏεΛ౷߹͢Δ͜ͱͰ֦ுੑ
ٴͼӡ༻ੑೳͷߴ͍γεςϜΛ࣮ݱ $PHOJUPɺ"1*(BUFXBZʹΑΔೝূج൫ 424ɺ-BNCEBɺ"84#BUDIΛ Έ߹Θͤͨ൚༻δϣϒཧγεςϜ ΦϯϓϨϛεͱͷϋΠϒϦουڥ ฐࣾ୲ΤϦΞ ⾣طଘۀγεςϜͷ3&45"1*Խ ⾣ϓϥοτϑΥʔϜͷઃܭ ߏங Ϛϧνςφϯτ / SaaS ܕ - API ϓϥοτϑΥʔϜ
Kubernetes ʹΑΔϋΠϒϦουػցֶशڥ (C) SUPINF Inc., All Rights Reserved. < CONFIDENTIAL
> ΦϯϓϨϛε༏ઌɺࣾγεςϜͱͷ౷߹ %PDLFSϨδετϦϑΝΠϧετϨʔδΦϯϓϨ ηΩϡϦςΟϨϕϧʹԠͨ͡ϑΝΠϧసૹ੍ޚ %(9 LT ࣾೝূγεςϜ౷߹ֶशج൫ "1*ͳͲΛ௨ͨ݁͡ՌϦιʔεঢ়ଶͷՄࢹԽ εέʔϧઌͱͯ͠"84ͷ(16αʔόʔΛར༻ ,VCFSOFUFTͷϊʔυͱͯ͠%9ઌͷΫϥυΛ ฐࣾ୲ΤϦΞ ⾣Πϯϑϥͷઃܭ ߏங corporate data center AWS cloud ֶशΫϥελ ֶशΫϥελ & ΦϯϓϨϛεڥ ߴੑೳετϨʔδ
౦ژौ୩۠ौ୩2-11-5 03-6427-6517 https://www.facebook.com/supinf/ @supinf_pr CONTACT US And thank you for
your time