$30 off During Our Annual Pro Sale. View Details »

サーバーレスのセキュリティを考える / Consider serverless security.

shiro seike
PRO
July 23, 2023
Programming
0
100

サーバーレスのセキュリティを考える / Consider serverless security.

JAWS-UG 福岡 #14:11度目はちょっと濃い目にAWS re:Inforce 2023を振り返ろう
https://jaws-ug-kyushu.doorkeeper.jp/events/157035

shiro seike
PRO

July 23, 2023
Tweet

More Decks by shiro seike

See All by shiro seike
supabaseとSvelteKitで作るバックエンドレスなサーバーレスWebサイト / Creating with supabase and SvelteKit Backend-less serverless websites
seike460
PRO
3
1.6k
ディレクターを助ける為のBacklog API / Backlog API to help directors
seike460
PRO
0
30
決済のその先へ、顧客DBとして考えるStripe / Beyond payments, Stripe as a customer DB
seike460
PRO
0
170
アンチパターンに踏み込む -作って理解するサーバーレスPHPフレームワーク / Stepping into anti-patterns -Serverless PHP frameworks to build and understand -.
seike460
PRO
1
240
理解して導入するWebフレームワーク ~解決すべき課題に着目する~ / Understanding and implementing web frameworks ~focusing on the problems to be solved~
seike460
PRO
3
1.3k
Serverless PHPの中身に迫る Brefの中身を覗いてみよう / A look inside Serverless PHP Take a peek inside Bref
seike460
PRO
1
110
Supabaseって何?PHPから触ってみる / What is Supabase, and how to touch it from PHP?
seike460
PRO
0
19
フルサーバーレスのすゝめ / Practice of full serverless
seike460
PRO
0
210
フルサーバーレスアーキテクチャが支える運用とその価値 / Operations and the value supported by a full serverless architecture
seike460
PRO
0
140

Other Decks in Programming

See All in Programming
ブランチ運用とデプロイフローを見直してリリースを楽にする
syukai
3
390
DIY Python Debugger
parttimenerd
0
790
Immutability Against The Machine
miciek
0
190
LLMを使ったアプリケーション開発の基本とLangChain超入門
os1ma
16
6.3k
​고군분투 LLM 프로덕트 적용기: Blind Prompting 부터 Agent까지
huffon
1
900
アクセシビリティを理解するとフロントエンドのテストが楽になる!
nano72mkn
1
1.7k
Angular Architectures with Signals
manfredsteyer
PRO
2
250
Next.js App Router での MPA フロントエンド刷新
mugi_uno
26
8.5k
Java 8 から 21 へのバージョンアップでどう変わる?:実アプリケーションで学ぶ実装のポイント / 20231111 Key Implementation Points from Java 8 to 21
mackey0225
6
520
Open Source Malware Hunting Lab
disconinja
1
440
Better Code Design in PHP
afilina
PRO
1
350
Postman CLI で Integration Test
codemountains
1
290

Featured

See All Featured
GraphQLの誤解/rethinking-graphql
sonatard
45
8.7k
Building a Scalable Design System with Sketch
lauravandoore
453
32k
Thoughts on Productivity
jonyablonski
55
3.5k
Scaling GitHub
holman
455
140k
Done Done
chrislema
178
15k
How GitHub (no longer) Works
holman
299
140k
The MySQL Ecosystem @ GitHub 2015
samlambert
241
11k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
5
740
Designing Experiences People Love
moore
133
23k
Pencils Down: Stop Designing & Start Developing
hursman
115
11k
Making Projects Easy
brettharned
105
5.2k
Rebuilding a faster, lazier Slack
samanthasiow
71
7.9k

Transcript

  1. JAWS-UG #14

    11 AWS re:Inforce
    20 2
    3
    2
    0
    23
    .
    7
    .
    23



    @seike
    4
    60
    1

    View Slide

  2. @seike
    460
    -


    - @seike
    46
    0

    - Fusic


    - /


    - /


    -


    - JAWS Days


    - AWS Dev Day


    - Serverless Days


    -


    - JAWS Festa
    2023
    in Kyushu Staff


    - ServerlessDays
    2
    023
    Organizer
    2

    View Slide

  3. Agenda
    1
    .


    2
    .


    3
    .IAM


    4
    .


    5
    .
    3

    View Slide

  4. 1

    View Slide

  5. AWS
    5 
 

    AWS Lambda

    AWS

    View Slide








  6. 6

    View Slide






  7. ->

    7

    View Slide

  8. API


    21,172/ -> 1,543,602/



    S
    3
    Select



    1,000 /


    600 2000 rps
    8

    View Slide

  9. 9 



    View Slide

  10. 2 


    View Slide

  11. 11




    API Gateway API KEY

    API KEY



    View Slide

  12. 12
    AWS WAF



    SQL


    IP


    DOS

    IP




    View Slide

  13. 3
    IAM

    View Slide

  14. AWS Lambda IAM Role
    14
    AWS Lambda



    AWS Lambda AWS




    IAM

    IAM Role

    View Slide

  15. IAM
    15
    SES S
    3
    DynamoDB





    View Slide

  16. DynamoDB
    16
    DynamoDB

    IAM


    GetItem PutItem
    {


    "Version": "
    2
    012
    -
    1 0
    -
    17
    ",


    "Statement": [


    {


    "Effect": "Allow",


    "Action": [


    "dynamodb:GetItem",


    "dynamodb:PutItem"


    ],


    "Resource": "arn:aws:dynamodb:us-
    west-
    2
    :
    123
    4567
    890
    1 2
    :table/ExampleTable"


    }


    ]


    }

    View Slide

  17. S
    3
    17
    S
    3
    IAM


    GetObject PutObject

    {


    "Version": "
    2
    0 12
    -
    1
    0
    -
    17
    ",


    "Statement": [


    {


    "Effect": "Allow",


    "Action": [


    "s
    3
    :GetObject",


    "s
    3
    :PutObject"


    ],


    "Resource":
    "arn:aws:s
    3
    :::examplebucket/*"


    }


    ]


    }

    View Slide

  18. SES
    18
    SES IAM



    {


    "Version": "
    2
    0 12
    -
    1
    0
    -
    17
    ",


    "Statement": [


    {


    "Effect": "Allow",


    "Action": [


    "ses:SendEmail",


    "ses:SendRawEmail"


    ],


    "Resource": "arn:aws:ses:us-
    west-
    2
    :
    1
    234 5 6
    7 89 01
    2
    :identity/
    example.com"


    }


    ]


    }

    View Slide

  19. IAM
    19


    AdministratorAccess

    View Slide

  20. 4

    View Slide

  21. 21 


    HTML Javascript






    NG

    View Slide

  22. 22
    Secret





    Secret

    Secret Manager Secret

    View Slide

  23. 5

    View Slide

  24. 24
    Security Hub CloudTrail AWS Config


    View Slide

  25. 25
    Point
    1
    IAM AdministratorAccess
    Point
    2
    Secret
    Point
    3
    Point
    4

    View Slide

  26. View Slide

  27. Serverless Days Tokyo
    2023
    27

    View Slide

  28. Thank You
    We are Hiring !


    https://recruit.fusic.co.jp/

    View Slide