Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
CloudFormation StackSets with AWS Organizations
Search
Takuro SASAKI
August 25, 2020
Technology
3
5.8k
CloudFormation StackSets with AWS Organizations
JAWS-UG朝会で発表した"CloudFormation StackSets × AWS Organizationsで設定の自動化"の発表資料です
Takuro SASAKI
August 25, 2020
Tweet
Share
More Decks by Takuro SASAKI
See All by Takuro SASAKI
技術書を書く技術 JAWS DAYS 2024
takuros
17
5.5k
パフォーマンスとコスト制約から考えるアーキテクチャ設計(JAWSUG東京ランチLT会#4)
takuros
2
1.2k
Storage-JAWS第0回 昔話で振り返るAWSの歴史 ~ストレージ編~
takuros
1
3.6k
エンジニアとしての自分とマネージャーとしての自分の狭間で、どう成長していくのか?(AWS DevDay 2023登壇資料)
takuros
30
13k
AWSで作るデータ分析基盤サービスの選定と設計のポイント
takuros
5
6.5k
JAWSUG初心者支部 IAMの「あ」の話
takuros
4
8.6k
Security-JAWS-Speciality-Study
takuros
0
5.5k
AWS認定セキュリティ - 専門知識 AWSのサービスを使って楽してセキュリティ向上!!
takuros
5
5.2k
AWSアカウントのセキュリティを守る IAM編
takuros
1
2.9k
Other Decks in Technology
See All in Technology
IoT x エッジAI - リアルタイ ムAI活用のPoCを今すぐ始め る方法 -
niizawat
0
130
AIがコード書きすぎ問題にはAIで立ち向かえ
jyoshise
4
1k
Wantedlyの開発組織における生成AIの浸透プロジェクトについて
kotominaga
2
130
企業の生成AIガバナンスにおけるエージェントとセキュリティ
lycorptech_jp
PRO
3
200
測りにくい成果を測る — BtoB SaaSにおける効果検証への挑戦 / Shirokane Kougyou vol 20
sansan_randd
2
140
複数サービスを支えるマルチテナント型Batch MLプラットフォーム
lycorptech_jp
PRO
1
1k
Autonomous Database - Dedicated 技術詳細 / adb-d_technical_detail_jp
oracle4engineer
PRO
4
10k
Snowflake×dbtを用いたテレシーのデータ基盤のこれまでとこれから
sagara
0
140
20250913_JAWS_sysad_kobe
takuyay0ne
2
260
メルカリIBISの紹介
0gm
0
860
KotlinConf 2025_イベントレポート
sony
1
140
Create Ruby native extension gem with Go
sue445
0
140
Featured
See All Featured
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.9k
Facilitating Awesome Meetings
lara
55
6.5k
YesSQL, Process and Tooling at Scale
rocio
173
14k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.5k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
9
820
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
358
30k
It's Worth the Effort
3n
187
28k
How to Ace a Technical Interview
jacobian
279
23k
The Art of Programming - Codeland 2020
erikaheidi
56
13k
Fireside Chat
paigeccino
39
3.6k
Thoughts on Productivity
jonyablonski
70
4.8k
Being A Developer After 40
akosma
90
590k
Transcript
$MPVE'PSNBUJPO4UBDL4FUTº "840SHBOJ[BUJPOTͰ ઃఆͷࣗಈԽ /3*ωοτίϜגࣜձࣾɹ ࠤʑ +"846(ேձୈճ #jawsug_asa
ࠤʑ CMPHIUUQTCMPHUBLVSPTOFU 5XJUUFS!ELGK ࣗݾհ #jawsug_asa
+BQBO"1/"NCBTTBEPS બग़͞Ε·ͨ͠ ࣗݾհ #jawsug_asa
ೝఆηΩϡϦςΟࢼݧͷରࡦຊ ཁཧ͔Β߈ུ͢Δ ʰ"84ೝఆηΩϡϦςΟઐࣝʱ IUUQTBN[OUP1,4D( "84ೝఆηΩϡϦςΟઐࣝͷษڧͷํͱ "84ͷηΩϡϦςΟͷΨΠυϒοΫͱͯࣥ͠චʢͨͭ͠Γʣ #jawsug_asa
ࠓ͢༰ "84ͷΞΧϯτηΩϡϦςΟ "84ͷηΩϡϦςΟαʔϏε $MPVE'PSNBUJPO4UBDL4FUTͱ"840SHBOJ[BUJPOT #jawsug_asa
ຊͷΰʔϧ "840SHBOJ[BUJPOTͱ $MPVE'PSNBUJPO4UBDL4FUTΛࣗͰͬͯΈΑ͏ 㱺ࣗͰखΛಈ͔͢ͷେࣄʂʂ #jawsug_asa
"84ͱηΩϡϦςΟ ͍Ζ͍ΖΔ͜ͱ͕ଟͯ͘ɺ ͍͜͠ͱࢥͬͨ͜ͱ͋Γ·ͤΜ͔ શମ૾ΛѲ͢ΔͨΊʹɺͬ͘͟Γͱ ྨͯ͠Έ·͠ΐ͏ #jawsug_asa
"84ͱηΩϡϦςΟ "84ͷηΩϡϦςΟ̏ͭͷ࣠Ͱߟ͑Δ ᶃ"84ʹߏஙͨ͠ωοτϫʔΫͱαʔόʔͷηΩϡϦςΟ ᶄ"84ૢ࡞ʹؔ͢Δݖݶʢ*".ʣ ᶅηΩϡϦςΟΛҡ࣋ཧ͢ΔͨΊͷ"84αʔϏε AWS Management Console Role VPC
AWS Cloud Subnet Internet gateway Amazon Simple Storage Service (S3) VPN gateway Endpoints User ૢ࡞ݖݶ Instance Instance Instance AWS Lambda Role ᶄ ᶃ AWS Command Line Interface AWS Config AWS Systems Manager AWS Service Catalog AWS Trusted Advisor AWS CloudTrail ᶅ ηΩϡϦςΟΛҡ࣋ ཧ͢ΔαʔϏε #jawsug_asa
ᶃ"84ʹߏஙͨ͠ωοτϫʔΫͱ αʔόʔͷηΩϡϦςΟ ڞ༗Ϟσϧͷͷ෦ ઃܭͷߟ͑ํΦϯϓϨͱେ͖͘ҧΘͳ͍͕ɺઃఆͷ ํ"84ͷྲّྀʹै͏ඞཁ͕͋Δ IUUQTBXTBNB[PODPNKQDPNQMJBODFTIBSFESFTQPOTJCJMJUZNPEFM #jawsug_asa
ᶄ"84ͷૢ࡞ʹؔ͢Δݖݶʢ*".ʣ "84ͷηΩϡϦςΟͷத֩ͷҰͭ ͲΜͳʹωοτϫʔΫαʔόʔͷηΩϡϦςΟΛڧݻʹ ͍ͯͯ͠ɺ"84Λૢ࡞͞ΕΔͱ͕݀։͚ΒΕΔ "84ͷബ͍ຊɹ*".ͷϚχΞοΫͳ IUUQTCPPUIQNKBJUFNT #jawsug_asa
ᶅηΩϡϦςΟΛҡ࣋ཧ͢Δ ɹͨΊͷ"84αʔϏε "84ಠࣗͷ෦ ར༻͠ͳͯ͘γεςϜΛηΩϡΞͳঢ়ଶΛҡ࣋Ͱ͖Δ͕ɺ ্ख͘׆༻͢ΔͱࣗྗͰΔΑΓഒָʹͳΔ "84ͷബ͍ຊᶘΞΧϯτηΩϡϦςΟͷϕʔγοΫηΦϦʔ IUUQTCPPUIQNKBJUFNT #jawsug_asa
ηΩϡϦςΟΛҡ࣋͢ΔͨΊͷ "84αʔϏε
ΨʔυϨʔϧͱ͍͏"84ͷઃܭࢥ ηΩϡϦςΟҰઃఆ͓ͯ͠ऴ͍Ͱͳ͍ɻ ڥશମʹܧଓతͳΨόφϯεΛఏڙ͢Δҝͷϧʔϧ͕ඞཁɻ"84 རศੑΛอͪͳ͕Βɺαϙʔτ͢ΔαʔϏεΛఏڙ͍ͯ͠Δ ᶃ༧ɹʜɹ*".4$1Ͱېࢭࣄ߲ͷૢ࡞ࣄ߲Λग़དྷͳ͘͢Δ͜ͱ ᶄݕɹʜɹېࢭࣄ߲ͷૢ࡞͕͞ΕͨΒؾ͕͚Δঢ়ଶʹ͢Δ͜ͱ ΨʔυϨʔϧ ؔॴ #jawsug_asa
$MPVE5SBJM AWS Management Console User AWS Command Line Interface AWS
CloudTrail Amazon Simple Storage Service (S3) Amazon CloudWatch "84Ϧιʔεͷૢ࡞ཤྺΛهɾ௨ ᶃϚωδϝϯτίϯιʔϧͱ"1*ͷૢ࡞ཤྺΛ4ʹอଘ ᶄ$MPVE8BUDI-PHTΛར༻ͯ͠4/4ܦ༝Ͱ௨Մೳ AWSϦιʔε #jawsug_asa
$POpH ఆˍΠϕϯτൃੜ࣌ʹ"84ͷঢ়ଶΛه ᶃ"84ͷঢ়ଶΛه͠ཧ͢ΔαʔϏε ᶄ$POpH3VMFTΛར༻͢Δ͜ͱʹΑΓɺ͋Δ͖ঢ়ଶ͔Β֎Ε ͨ͜ͱΛݕ͢Δ͜ͱ͕Ͱ͖Δ AWS Config User AWSϦιʔε ͷߏมߋ
ߏཧɾه ͷอଘ มߋޙͷߏͷ ධՁ ʢConfig Rulesʣ Amazon Simple Notification Service #jawsug_asa
(VBSE%VUZ ڴҖͷݕग़ ᶃηΩϡϦςΟ؍͔ΒͷڴҖϦεΫΛݕग़ ᶄϩάσʔλʢ71$'MPX-PHT $MPVE5SBJM&WFOU-PHT %/4-PHTʣΛੳ ᶅڴҖΛ"*ʹΑΓΠϯςϦδΣϯεʹݕग़ ѱҙͷ͋ΔεΩϟϯ ΠϯελϯεͷڴҖ ΞΧϯτͷڴҖ
Amazon GuardDuty Flow logs Event Logs DNS Logs ϩά ڴҖͷஅ Amazon Simple Notification Service Amazon CloudWatch Events ௨ #jawsug_asa
4FDVSJUZ)VC https://aws.amazon.com/jp/security-hub/ ηΩϡϦςΟΞϥʔτΛҰݩཧ ᶃ(VBSE%VUZ .BDJF *OTQFDUPSͷΞϥʔτΛ౷߹ͯ͠ཧ ᶄ֤छϩάΛݩʹίϯϓϥΠΞϯενΣοΫ ᶅαʔυύʔςΟπʔϧͱͷ࿈ܞɾෳ"84ΞΧϯτͷ౷߹ Մೳ #jawsug_asa
5SVTUFE"EWJTPS "84ͷར༻ঢ়گΛධՁ ᶃ̑ͭͷ؍ʢίετ࠷దԽɾύϑΥʔϚϯεɾηΩϡϦςΟɾ ϑΥʔϧττϨϥϯεɾαʔϏε੍ݶʣͰධՁ ᶄσϑΥϧτͰద༻͞Ε͍ͯΔͷͰɺҰݟͯΈΔ͜ͱ ᶅ௨ʢ&ϝʔϧͷΈʣՄೳ #jawsug_asa
$POUSPM5PXFS https://aws.amazon.com/jp/controltower/ ෳΞΧϯτͷηΩϡϦςΟઃఆͱࢹ ᶃ"84ͷϕετϓϥΫςΟεΛΓࠐΜͩઃఆͰɺ"84ΞΧ ϯτͷߏங ᶄΞΧϯτͷϙϦγʔΛܧଓతʹཧͱՄࢹԽ ᶅطଘͷΞΧϯτΛ$POUSPM5PXFSʹొ͢Δͷා͍ #jawsug_asa
ηΩϡϦςΟͷઃܭͷࢦ
/*45αΠόʔηΩϡϦςΟϑϨʔϜϫʔΫ ྨ ΧςΰϦʔ ಛఆ ʢ*EFOUJGZʣ ɾࢿ࢈ཧ ɾϏδωεڥ ɾΨόφϯε ɾϦεΫΞηεϝϯτɺϦεΫΞηεϝϯτཧ ɾαϓϥΠνΣʔϯϦεΫϚωδϝϯτ
ޚ ʢ1SPUFDUʣ ɾΞΫηε੍ޚ ɾҙ্͓ࣝΑͼτϨʔχϯά ɾσʔληΩϡϦςΟ ɾใΛอޢ͢ΔͨΊͷϓϩηε͓Αͼखॱ ɾอक ɾอޢٕज़ ݕ ʢ%FUFDUʣ ɾҟৗͱΠϕϯτ ɾηΩϡϦςΟͷܧଓతͳϞχλϦϯά ɾݕϓϩηε ରԠ ʢ3FTQPOEʣ ɾରԠܭըͷ࡞ ɾίϛϡχέʔγϣϯ ɾੳ ɾݮ ෮چ ʢ3FDPWFSʣ ɾ෮چܭըͷ࡞ ɾվળ ɾίϛχέʔγϣϯ IPA CSFίΞ https://www.ipa.go.jp/files/000071204.pdf
"848FMM"SDIJUFDUFEϑϨʔϜϫʔΫ ப ઃܭݪଇ ӡ༻্ͷ ༏लੑ ɾӡ༻Λίʔυͱͯ͠ӡ༻ ɾఆظతʹɺখنͳɺݩʹ͢͜ͱ͕Ͱ͖ΔมߋΛద༻͢Δ ɾӡ༻खॱΛఆظతʹվળ͢Δ ɾোΛ༧͢Δ ɾ͋ΒΏΔӡ༻্ͷো͔ΒֶͿ
ηΩϡϦςΟ ɾڧݻͳೝূج൫ͷ࣮ ɾτϨαϏϦςΟʔͷ࣮ݱ ɾશϨΠϠʔͷηΩϡϦςΟͷద༻ ɾηΩϡϦςΟͷϕετϓϥΫςΟεͷࣗಈԽ ɾૹத͓Αͼอதͷσʔλอޢ ɾσʔλʹਓͷखΛೖΕͳ͍ ɾηΩϡϦςΟΠϕϯτͷඋ͑ ৴པੑ ɾো͔Βࣗಈతʹ෮چ͢Δ ɾ෮چखॱΛςετ͢Δ ɾਫฏํʹεέʔϧͯ͠ू߹తͳϫʔΫϩʔυͷՄ༻ੑΛߴΊΔ ɾΩϟύγςΟʔΛײʹཔΒͳ͍ ɾࣗಈԽͰมߋΛཧ͢Δ ύϑΥʔϚϯεޮ ɾߴͳςΫϊϩδʔΛ୭Ͱ͑ΔΑ͏ʹ͢Δ ɾ͢Ͱάϩʔόϧʹల։͢Δ ɾαʔόʔϨεΞʔΩςΫνϟΛ༷͢Δ ɾΑΓසൟʹ࣮ݧ͢Δ ɾϝΧχΧϧγϯύγʔΛߟྀ͢Δ ίετ࠷దԽ ɾΫϥυͷࡒཧͷӡ༻ ɾফඅϞσϧΛಋೖ͢Δ ɾશମతͳޮΛଌఆ͢Δ ɾඅ༻Λੳ͠ɺؼ݁ͤ͞Δ AWS Well-Architected ϑϨʔϜϫʔΫ https://aws.amazon.com/jp/architecture/well-architected/
"84ͷηΩϡϦςΟαʔϏεΛ ׆༻ྫ
ϑϨʔϜϫʔΫʹͯΊͯΈΔͱʁ Lambda Systems Manager Automation CloudFormation Organizations SCP IAM SNS
Config CloudWatch Inspector Macie GuardDuty Shield Firewall Manager WAF VPC ༧ ޚ ݕ ରԠ ෮چ ௨ ࣗಈԽ Lambda CloudWatch ௐࠪ CloudWatch CloudTrail ౷߹ Security Hub #jawsug_asa
ΞʔΩςΫνϟʔผʹݟͯΈΔͱ Shield WAF CloudFront ELB ߈ܸରࡦ ରϦιʔε NACL Security Group
ωοτϫʔΫޚ ରϦιʔε ELB EC2 RDS KMS σʔλอޢ ରϦιʔε EC2 RDS S3 %%P4߈ܸ ΞϓϦέʔγϣϯ ߈ܸ ෆਖ਼ ωοτϫʔΫ ΞΫηε ෆਖ਼ ɹσʔλΞΫηε Inspector Systems Manager αʔόʔཧ Security Hub CloudTrail CloudWatch GuardDuty Config VPC Flow logs ՄࢹԽɾϞχλϦϯά ௨ ௨ SNS ௨ ӡ༻୲ ࢹ ɾશϨΠϠʔͷηΩϡϦςΟͷద༻ ɾτϨαϏϦςΟʔͷ࣮ݱ #jawsug_asa
γεςϜͷϨΠϠʔผʹͯΊΔͱ Ϛωδϝϯτ ίϯιʔϧ 71$Ծઐ༗ྖҬ &$04ྖҬ ϩʔΧϧσΟεΫ 3%4σʔλϕʔε 4ετϨʔδ $MPVE8BUDIࢹ %JSFDU$POOFDU/8
ηΩϡϦςΟͷରԠྫʢޚʣ ݕͷରԠྫ (VBSE%VUZ $POUSPM5PXFS 4FDVSJUZ)VC 'JSFXBMM.BOBHFS .BDJF 5SVTUFE"EWJTPS ɾ"84ΞΧϯτɿར༻੍ݶ ɾ*".Ϣʔβɿૢ࡞ݖݶͱଓݩ੍ݶ ɹར༻ՄೳϦιʔεʹର͢ΔΞΫηείϯτϩʔϧɺଟཁૉೝূͷಋೖ ɾຊ൪ڥɺ։ൃڥͱ͍ͬͨڥ୯ҐͰ71$ͷ ɾαϒωοτ୯ҐͰͷ௨৴੍ޚɺϧʔςΟϯάઃఆ ɾ71$ϑϩʔϩάͷऔಘ ɾ4FDVSJUZ(SPVQʹΑΔαʔόؒ௨৴੍ޚ ɾ4ZTUFNT.BOBHFSΛར༻ͯ͠ͷɺαʔόঢ়ଶͷѲͱҰׅύονͯ ɾαʔόͷϩάΠϯཧͷΈͱɺϩάूͷΈͷಋೖ ɾ҉߸ԽΦϓγϣϯʹΑΔσΟεΫશମͷ҉߸Խ $MPVE5SBJMʹΑΔ "84ૢ࡞ཤྺ τϥϑΟοΫϩά ֤छΞϓϦέʔγϣϯϩά 04ϩάΠϯཤྺ %#ࠪϩά "84αʔϏε֤छʹΑΔ ϩάɾΞϥʔτ ݕࠪ͢Δ͖ϩά ɾઐ༻ઢʢ%9ʣ71/Λར༻ͨ͠ܦ࿏҆શͷ֬อ ɾ5SBOTJU(BUFXBZΛར༻ͨ͠71$ɾܦ࿏ͷཧ ɾܦ࿏ͷԽʹΑΔࣄۀܧଓੑͷ֬อ ɾDBMSͷػೳʹΑΔςʔϒϧશମʢදྖҬʣͷ҉߸Խ ɾDBʹର͢ΔΞΫηεݖݶͷཧ ɾ҉߸ԽΦϓγϣϯʹΑΔετϨʔδશମͷ҉߸Խ ɾΫϥΠΞϯταΠυ҉߸ԽΩʔʹΑΓσʔλΛอޢ ɾCloudWatchʹΑΔAWSͷࢹͱɺӡ༻ࢹιϑτΣΞΛར༻ͨ͠αʔ ϏεɺΞϓϦέʔγϣϯࢹͷซ༻ *OTQFDUPS "84ͷར༻ঢ়گͷࠪ "84ΞΧϯτͷઃఆͱΨόφϯε ηΩϡϦςΟʔΞϥʔτͷूͱݕɾରԠ "84ͷෆਖ਼ར༻ͷݕ 04ɺΞϓϦͷηΩϡϦςΟධՁ 'JSFXBMMͷҰݩཧͱݕɾରԠ 4ͷػີใͷݕग़ɺྨɺอޢ 0SHBOJ[BUJPOT #jawsug_asa
༧త౷੍ͱൃݟత౷੍ ηΩϡϦςΟͷϕετϓϥΫςΟεͷҰͭ 0SHBOJ[BUJPO6OJU Automation AWS Systems Manager AWS Config Rule
ઃఆෆඋΛ ݕ म෮ࢦࣔ ༧త౷੍ ൃݟత౷੍ SCP AWS Organizations SCPΛར༻ͯ͠ ΞΧϯτશମʹ ېࢭࣄ߲ͷઃఆ AWSΞΧϯτ IAM User ྫʣ SPPUϢʔβʔͷΞΫηεΩʔͷ ࡞Λېࢭ͢Δ ྫʣ *".Ϣʔβʔͷ.'"͕༗ޮʹ ͳ͍ͬͯΔ͔νΣοΫ͢Δ Ұ࣌తʹ IAMϢʔβʔͷ ແޮԽ #jawsug_asa
αʔϏεΛ্ख͘׆༻͢Δͱ ӡ༻ָ͕ʹͳΔ
ηΩϡϦςΟͷઃఆΛखಈͰઃఆ͢Δͱʁ ̍ʙ̎ݸͩͱରԠՄೳ͕ͩɺΞΧϯτ ͕ݸ͋ͬͨͱͨ͠Βʁ ਓ͕ؒखͰΔͱϛεൈ͚࿙Ε͕ൃੜ͢Δɻ ͦΕҎલʹ໘͍͘͞ #jawsug_asa
"840SHBOJ[BUJPOTͷ׆༻
"840SHBOJ[BUJPOTͷ༻ޠ #jawsug_asa ཁૉ໊ ֓ཁ ৫ "840SHBOJ[BUJPOTͰཧ͢Δରͷશମ ࢀՃ͢Δ"84ΞΧϯτશͯ Ϛελʔ ΞΧϯτ "840SHBOJ[BUJPOTΛઃఆͨ͠"84ΞΧϯτ
ʢ৫ʹ̍ͭͷΈʣ ϝϯόʔ ΞΧϯτ ৫ͷϚελʔΞΧϯτҎ֎ͷશͯͷ"84ΞΧ ϯτ ৫୯Ґ ʢ06 ৫ͷཧతͳάϧʔϓ ཧ༻ϧʔτ ʢSPPUʣ ৫ͷ֊ͷ࠷্Ґ αʔϏείϯτϩ ʔϧϙϦγʔ ར༻Ͱ͖Δ"84αʔϏεͷ੍ޚΛهड़ͨ͠ϙϦγʔ
0SHBOJ[BUJPOTͷ֊ߏ Account Account Account Organizational unit Organizational unit 3PPU Account
RootԼʹ ΞΧϯτͷ ஔՄೳ ʢඇਪʣ OUͷ֊ߏ ઃఆՄೳ #jawsug_asa ৫୯Ґʢ06ʣͰཧ͞Εɺ্Ґͷઃఆ ԼҐʹܧঝ͞ΕΔ
αʔϏείϯτϩʔϧϙϦγʔʢ4$1ʣ 4$1Λ͏ͱ"84ΞΧϯτ୯ҐͰͷݖݶ੍ޚ͕Մೳ 4FSWJDF$POUSPM 1PMJDZʢ4$1ʣ *EFOUJUZCBTFE QPMJDZʢ*".ʣ ˓ ˓ ˓ ☓
☓ ༗ޮͳݖݶ *".ͷΈͳΒͣϧʔτΞΧϯτͷ੍ݶ Մೳʢ1FSNJTTJPOTόϯμϦʔΑΓڧྗʣ
4$1ͷ੍ޚͷܧঝ #jawsug_asa 0SHBOJ[BUJPOTͷ֊ͱݖݶͷܧঝ Account Account Account Organizational unit Organizational unit
SCP ΞΧϯτ୯Ґʹ ద༻ SCP OUશମʹ ద༻ 3PPU ΞΧϯτͰ*".ΛؤுΔΑΓɺ੍ޚ͞Εͨαϯυ ϘοΫεΞΧϯτΛ࡞Δ΄͏ָ͕͔͠Εͳ͍
$MPVE'PSNBUJPO4UBDL4FUT
$MPVE'PSNBUJPO4UBDL4FUT #jawsug_asa CloudFormation StackSets Stack ΞΧϯτAʢϝϯόʔΞΧϯτʣ ౦ژϦʔδϣϯ Stack ΦϋΠΦϦʔδϣϯ ΞΧϯτʢϚελʔΞΧϯτʣ
Stack ΞΧϯτBʢϝϯόʔΞΧϯτʣ ౦ژϦʔδϣϯ Stackͷ࡞ͱ࣮ߦ ෳͷ"84ΞΧϯτϦʔδϣϯʹର͠ $MPVE'PSNBUJPOͷελοΫΛ࡞Ͱ͖Δػೳ
0SHBOJ[BUJPOTº4UBDL4FUT #jawsug_asa AWS Account AWS Account OUʢ৫୯Ґʣ 3PPU CloudFormation StackSets
with Organizations AWS Account OUʹࢀՃ AWS Account ελοΫͷ࡞ ʢOUઃఆͷՃʣ ελοΫͷআ ʢOUઃఆͷআʣ OU͔Β 0SHBOJ[BUJPOTͱ࿈ܞͤͯ͞ɺ 06ࡿԼʹࣗಈతʹ4UBDL4FUTͷద༻ ΊͪΌͪ͘Όศར
"840SHBOJ[BUJPOT º $MPVE'PSNBUJPO4UBDL4FUT ࢼͯ͠ΈΑ͏ʂʂ
ࢧ͍ߦͬͯΔ͚Ͳʁ ࢧ͍ߦͰ"840SHBOJ[BUJPOTͷػೳ͕ ར༻Մೳͳϓϥϯ͕͋Γ·͢ /3*ωοτίϜɹʲ"840SHBOJ[BUJPOTରԠʳ "84ࢧ͍ߦαʔϏε IUUQTXXXOSJOFUDPNQSPEVDUTBXTQBZNFOU #jawsug_asa
·ͱΊ
ࠓͨ͠༰ "84ͷΞΧϯτηΩϡϦςΟ "84ͷηΩϡϦςΟαʔϏε $MPVE'PSNBUJPO4UBDL4FUTͱ"840SHBOJ[BUJPOT #jawsug_asa
ຊͷΰʔϧ "840SHBOJ[BUJPOTͱ $MPVE'PSNBUJPO4UBDL4FUTΛࣗͰͬͯΈΑ͏ 㱺ͬͯΈͨ͘ͳΓ·͔ͨ͠ʁ ɹ-FU`͂5SZʂʂ #jawsug_asa