Upgrade to Pro — share decks privately, control downloads, hide ads and more …

サーバーレスのセキュリティを考える / Consider serverless security.

サーバーレスのセキュリティを考える / Consider serverless security.

JAWS-UG 福岡 #14:11度目はちょっと濃い目にAWS re:Inforce 2023を振り返ろう
https://jaws-ug-kyushu.doorkeeper.jp/events/157035

shiro seike

July 23, 2023
Tweet

More Decks by shiro seike

Other Decks in Programming

Transcript

  1. JAWS-UG #14 
 11 AWS re:Inforce 20 2 3 2

    0 23 . 7 . 23 @seike 4 60 1
  2. @seike 460 - - @seike 46 0 - Fusic -

    / - / - - JAWS Days - AWS Dev Day - Serverless Days - - JAWS Festa 2023 in Kyushu Staff - ServerlessDays 2 023 Organizer 2
  3. 1

  4. AWS Lambda IAM Role 14 AWS Lambda 
 AWS Lambda

    AWS 
 
 IAM 
 IAM Role 

  5. DynamoDB 16 DynamoDB 
 IAM GetItem PutItem { "Version": "

    2 012 - 1 0 - 17 ", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:PutItem" ], "Resource": "arn:aws:dynamodb:us- west- 2 : 123 4567 890 1 2 :table/ExampleTable" } ] }
  6. S 3 17 S 3 IAM GetObject PutObject 
 {

    "Version": " 2 0 12 - 1 0 - 17 ", "Statement": [ { "Effect": "Allow", "Action": [ "s 3 :GetObject", "s 3 :PutObject" ], "Resource": "arn:aws:s 3 :::examplebucket/*" } ] }
  7. SES 18 SES IAM 
 { "Version": " 2 0

    12 - 1 0 - 17 ", "Statement": [ { "Effect": "Allow", "Action": [ "ses:SendEmail", "ses:SendRawEmail" ], "Resource": "arn:aws:ses:us- west- 2 : 1 234 5 6 7 89 01 2 :identity/ example.com" } ] }
  8. 4

  9. 5