CloudFormation StackSets with AWS Organizations

$MPVE'PSNBUJPO4UBDL4FUTº
"840SHBOJ[BUJPOTͰ
ઃఆͷࣗಈԽ
/3*ωοτίϜגࣜձࣾɹ
ࠤʑ໦୓࿠

+"846(ேձୈճ
#jawsug_asa

View Slide

ࠤʑ໦୓࿠
CMPHIUUQTCMPHUBLVSPTOFU
5XJUUFS!ELGK
ࣗݾ঺հ #jawsug_asa

View Slide

+BQBO"1/"NCBTTBEPS
બग़͞Ε·ͨ͠
ࣗݾ঺հ #jawsug_asa

View Slide

ೝఆηΩϡϦςΟࢼݧͷରࡦຊ
ཁ఺੔ཧ͔Β߈ུ͢Δ
ʰ"84ೝఆηΩϡϦςΟઐ໳஌ࣝʱ
IUUQTBN[OUP1,4D(
"84ೝఆηΩϡϦςΟઐ໳஌ࣝͷษڧͷ࢓ํͱ
"84ͷηΩϡϦςΟͷΨΠυϒοΫͱͯࣥ͠චʢͨͭ͠΋Γʣ
#jawsug_asa

View Slide

ࠓ೔࿩͢಺༰
"84ͷΞΧ΢ϯτηΩϡϦςΟ
"84ͷηΩϡϦςΟαʔϏε
$MPVE'PSNBUJPO4UBDL4FUTͱ"840SHBOJ[BUJPOT
#jawsug_asa

View Slide

ຊ೔ͷΰʔϧ
"840SHBOJ[BUJPOTͱ
$MPVE'PSNBUJPO4UBDL4FUTΛࣗ෼Ͱ࢖ͬͯΈΑ͏
㱺ࣗ෼ͰखΛಈ͔͢ͷେࣄʂʂ
#jawsug_asa

View Slide

"84ͱηΩϡϦςΟ
͍Ζ͍Ζ΍Δ͜ͱ͕ଟͯ͘ɺ
΍΍͍͜͠ͱࢥͬͨ͜ͱ͋Γ·ͤΜ͔
શମ૾Λ೺Ѳ͢ΔͨΊʹɺͬ͘͟Γͱ
෼ྨͯ͠Έ·͠ΐ͏
#jawsug_asa

View Slide

"84ͱηΩϡϦςΟ
"84ͷηΩϡϦςΟ͸̏ͭͷ࣠Ͱߟ͑Δ
ᶃ"84಺ʹߏஙͨ͠ωοτϫʔΫͱαʔόʔͷηΩϡϦςΟ
ᶄ"84ૢ࡞ʹؔ͢Δݖݶʢ*".ʣ
ᶅηΩϡϦςΟΛҡ࣋؅ཧ͢ΔͨΊͷ"84αʔϏε
AWS Management
Console
Role
VPC
AWS Cloud
Subnet
Internet gateway
Amazon Simple Storage
Service (S3)
VPN gateway
Endpoints
User
ૢ࡞ݖݶ
Instance Instance Instance
AWS Lambda
Role
ᶄ
ᶃ
AWS Command Line
Interface
AWS Config AWS Systems Manager
AWS Service Catalog AWS Trusted Advisor AWS CloudTrail
ᶅ
ηΩϡϦςΟΛҡ࣋
؅ཧ͢ΔαʔϏε
#jawsug_asa

View Slide

ᶃ"84಺ʹߏஙͨ͠ωοτϫʔΫͱ
αʔόʔͷηΩϡϦςΟ
੹೚ڞ༗Ϟσϧͷ੺࿮ͷ෦෼
ઃܭͷߟ͑ํ͸ΦϯϓϨͱେ͖͘ҧΘͳ͍͕ɺઃఆͷ࢓
ํ͸"84ͷྲّྀʹै͏ඞཁ͕͋Δ
IUUQTBXTBNB[PODPNKQDPNQMJBODFTIBSFESFTQPOTJCJMJUZNPEFM
#jawsug_asa

View Slide

ᶄ"84ͷૢ࡞ʹؔ͢Δݖݶʢ*".ʣ
"84ͷηΩϡϦςΟͷத֩ͷҰͭ
ͲΜͳʹωοτϫʔΫ΍αʔόʔͷηΩϡϦςΟΛڧݻʹ
͍ͯͯ͠΋ɺ"84Λ௚઀ૢ࡞͞ΕΔͱ͕݀։͚ΒΕΔ
"84ͷബ͍ຊɹ*".ͷϚχΞοΫͳ࿩
IUUQTCPPUIQNKBJUFNT
#jawsug_asa

View Slide

ᶅηΩϡϦςΟΛҡ࣋؅ཧ͢Δ
ɹͨΊͷ"84αʔϏε
"84ಠࣗͷ෦෼
ར༻͠ͳͯ͘΋γεςϜΛηΩϡΞͳঢ়ଶΛҡ࣋Ͱ͖Δ͕ɺ
্ख͘׆༻͢ΔͱࣗྗͰ΍ΔΑΓഒָʹͳΔ
"84ͷബ͍ຊᶘΞΧ΢ϯτηΩϡϦςΟͷϕʔγοΫηΦϦʔ
IUUQTCPPUIQNKBJUFNT
#jawsug_asa

View Slide

ηΩϡϦςΟΛҡ࣋͢ΔͨΊͷ
"84αʔϏε

View Slide

ΨʔυϨʔϧͱ͍͏"84ͷઃܭࢥ૝
ηΩϡϦςΟ͸Ұ౓ઃఆ͓ͯ͠ऴ͍Ͱ͸ͳ͍ɻ
؀ڥશମʹܧଓతͳΨόφϯεΛఏڙ͢Δҝͷϧʔϧ͕ඞཁɻ"84͸
རศੑΛอͪͳ͕Βɺαϙʔτ͢ΔαʔϏεΛఏڙ͍ͯ͠Δ
ᶃ༧๷ɹʜɹ*".΍4$1Ͱېࢭࣄ߲ͷૢ࡞ࣄ߲Λग़དྷͳ͘͢Δ͜ͱ
ᶄݕ஌ɹʜɹېࢭࣄ߲ͷૢ࡞͕͞ΕͨΒؾ͕෇͚Δঢ়ଶʹ͢Δ͜ͱ
ΨʔυϨʔϧ
ؔॴ
#jawsug_asa

View Slide

$MPVE5SBJM
AWS Management
Console
User
AWS Command Line
Interface
AWS CloudTrail
Amazon Simple Storage
Service (S3)
Amazon CloudWatch
"84Ϧιʔεͷૢ࡞ཤྺΛه࿥ɾ௨஌
ᶃϚωδϝϯτίϯιʔϧͱ"1*ͷૢ࡞ཤྺΛ4ʹอଘ
ᶄ$MPVE8BUDI-PHTΛར༻ͯ͠4/4ܦ༝Ͱ௨஌΋Մೳ
AWSϦιʔε
#jawsug_asa

View Slide

$POpH
ఆ఺ˍΠϕϯτൃੜ࣌ʹ"84ͷঢ়ଶΛه࿥
ᶃ"84ͷঢ়ଶΛه࿥͠؅ཧ͢ΔαʔϏε
ᶄ$POpH3VMFTΛར༻͢Δ͜ͱʹΑΓɺ͋Δ΂͖ঢ়ଶ͔Β֎Ε
ͨ͜ͱΛݕ஌͢Δ͜ͱ͕Ͱ͖Δ
AWS Config
User
AWSϦιʔε
ͷߏ੒มߋ
ߏ੒؅ཧɾه࿥
ͷอଘ
มߋޙͷߏ੒ͷ
ධՁ
ʢConfig Rulesʣ
Amazon Simple
Notification Service
#jawsug_asa

View Slide

(VBSE%VUZ
ڴҖͷݕग़
ᶃηΩϡϦςΟ؍఺͔ΒͷڴҖϦεΫΛݕग़
ᶄϩάσʔλʢ71$'MPX-PHT $MPVE5SBJM&WFOU-PHT %/4-PHTʣΛ෼ੳ
ᶅڴҖΛ"*ʹΑΓΠϯςϦδΣϯεʹݕग़
ѱҙͷ͋ΔεΩϟϯ
Πϯελϯε΁ͷڴҖ
ΞΧ΢ϯτ΁ͷڴҖ
Amazon GuardDuty
Flow logs
Event Logs
DNS Logs
ϩά
ڴҖͷ൑அ
Amazon Simple
Notification Service
Amazon CloudWatch
Events
௨஌
#jawsug_asa

View Slide

4FDVSJUZ)VC
https://aws.amazon.com/jp/security-hub/
ηΩϡϦςΟΞϥʔτΛҰݩ؅ཧ
ᶃ(VBSE%VUZ .BDJF *OTQFDUPSͷΞϥʔτΛ౷߹ͯ͠؅ཧ
ᶄ֤छϩάΛݩʹίϯϓϥΠΞϯενΣοΫ
ᶅαʔυύʔςΟπʔϧͱͷ࿈ܞɾෳ਺"84ΞΧ΢ϯτͷ౷߹
΋Մೳ
#jawsug_asa

View Slide

5SVTUFE"EWJTPS
"84ͷར༻ঢ়گΛධՁ
ᶃ̑ͭͷ؍఺ʢίετ࠷దԽɾύϑΥʔϚϯεɾηΩϡϦςΟɾ
ϑΥʔϧττϨϥϯεɾαʔϏε੍ݶʣͰධՁ
ᶄσϑΥϧτͰద༻͞Ε͍ͯΔͷͰɺҰ౓ݟͯΈΔ͜ͱ
ᶅ௨஌ʢ&ϝʔϧͷΈʣ΋Մೳ
#jawsug_asa

View Slide

$POUSPM5PXFS
https://aws.amazon.com/jp/controltower/
ෳ਺ΞΧ΢ϯτͷηΩϡϦςΟઃఆͱ؂ࢹ
ᶃ"84ͷϕετϓϥΫςΟεΛ੝ΓࠐΜͩઃఆͰɺ"84ΞΧ΢
ϯτͷߏங
ᶄΞΧ΢ϯτͷϙϦγʔΛܧଓతʹ؅ཧͱՄࢹԽ
ᶅطଘͷΞΧ΢ϯτΛ$POUSPM5PXFSʹొ࿥͢Δͷා͍
#jawsug_asa

View Slide

ηΩϡϦςΟͷઃܭͷࢦ਑

View Slide

/*45αΠόʔηΩϡϦςΟϑϨʔϜϫʔΫ
෼ྨ ΧςΰϦʔ
ಛఆ
ʢ*EFOUJGZʣ
ɾࢿ࢈؅ཧ
ɾϏδωε؀ڥ
ɾΨόφϯε
ɾϦεΫΞηεϝϯτɺϦεΫΞηεϝϯτ؅ཧ
ɾαϓϥΠνΣʔϯϦεΫϚωδϝϯτ
๷ޚ
ʢ1SPUFDUʣ
ɾΞΫηε੍ޚ
ɾҙࣝ޲্͓ΑͼτϨʔχϯά
ɾσʔληΩϡϦςΟ
ɾ৘ใΛอޢ͢ΔͨΊͷϓϩηε͓Αͼखॱ
ɾอक
ɾอޢٕज़
ݕ஌
ʢ%FUFDUʣ
ɾҟৗͱΠϕϯτ
ɾηΩϡϦςΟͷܧଓతͳϞχλϦϯά
ɾݕ஌ϓϩηε
ରԠ
ʢ3FTQPOEʣ
ɾରԠܭըͷ࡞੒
ɾίϛϡχέʔγϣϯ
ɾ෼ੳ
ɾ௿ݮ
෮چ
ʢ3FDPWFSʣ
ɾ෮چܭըͷ࡞੒
ɾվળ
ɾίϛχέʔγϣϯ
IPA CSFίΞ
https://www.ipa.go.jp/files/000071204.pdf

View Slide

"848FMM"SDIJUFDUFEϑϨʔϜϫʔΫ
ப ઃܭݪଇ
ӡ༻্ͷ
༏लੑ
ɾӡ༻Λίʔυͱͯ͠ӡ༻
ɾఆظతʹɺখن໛ͳɺݩʹ໭͢͜ͱ͕Ͱ͖ΔมߋΛద༻͢Δ
ɾӡ༻खॱΛఆظతʹվળ͢Δ
ɾো֐Λ༧૝͢Δ
ɾ͋ΒΏΔӡ༻্ͷো֐͔ΒֶͿ
ηΩϡϦςΟ
ɾڧݻͳೝূج൫ͷ࣮૷
ɾτϨαϏϦςΟʔͷ࣮ݱ
ɾશϨΠϠʔ΁ͷηΩϡϦςΟͷద༻
ɾηΩϡϦςΟͷϕετϓϥΫςΟεͷࣗಈԽ
ɾ఻ૹத͓Αͼอ؅தͷσʔλอޢ
ɾσʔλʹਓͷखΛೖΕͳ͍
ɾηΩϡϦςΟΠϕϯτ΁ͷඋ͑
৴པੑ
ɾো֐͔Βࣗಈతʹ෮چ͢Δ
ɾ෮چखॱΛςετ͢Δ
ɾਫฏํ޲ʹεέʔϧͯ͠ू߹తͳϫʔΫϩʔυͷՄ༻ੑΛߴΊΔ
ɾΩϟύγςΟʔΛײʹཔΒͳ͍
ɾࣗಈԽͰมߋΛ؅ཧ͢Δ
ύϑΥʔϚϯεޮ཰
ɾߴ౓ͳςΫϊϩδʔΛ୭Ͱ΋࢖͑ΔΑ͏ʹ͢Δ
ɾ͢෼Ͱάϩʔόϧʹల։͢Δ
ɾαʔόʔϨεΞʔΩςΫνϟΛ࢓༷͢Δ
ɾΑΓසൟʹ࣮ݧ͢Δ
ɾϝΧχΧϧγϯύγʔΛߟྀ͢Δ
ίετ࠷దԽ
ɾΫϥ΢υͷࡒ຿؅ཧͷӡ༻
ɾফඅϞσϧΛಋೖ͢Δ
ɾશମతͳޮ཰Λଌఆ͢Δ
ɾඅ༻Λ෼ੳ͠ɺؼ݁ͤ͞Δ
AWS Well-Architected ϑϨʔϜϫʔΫ
https://aws.amazon.com/jp/architecture/well-architected/

View Slide

"84ͷηΩϡϦςΟαʔϏεΛ
׆༻ྫ

View Slide

ϑϨʔϜϫʔΫʹ౰ͯ͸ΊͯΈΔͱʁ
Lambda
Systems Manager Automation
CloudFormation
Organizations SCP
IAM
SNS
Config
CloudWatch
Inspector
Macie
GuardDuty
Shield
Firewall Manager
WAF
VPC
༧๷ ๷ޚ ݕ஌ ରԠ ෮چ
௨஌
ࣗಈԽ
Lambda
CloudWatch
ௐࠪ
CloudWatch
CloudTrail
౷߹
Security Hub
#jawsug_asa

View Slide

ΞʔΩςΫνϟʔผʹݟͯΈΔͱ
Shield
WAF
CloudFront
ELB
߈ܸରࡦ ର৅Ϧιʔε
NACL
Security
Group
ωοτϫʔΫ๷ޚ ର৅Ϧιʔε
ELB EC2
RDS
KMS
σʔλอޢ ର৅Ϧιʔε
EC2
RDS
S3
%%P4߈ܸ
ΞϓϦέʔγϣϯ
߈ܸ
ෆਖ਼
ωοτϫʔΫ
ΞΫηε
ෆਖ਼
ɹσʔλΞΫηε
Inspector
Systems
Manager
αʔόʔ؅ཧ
Security Hub CloudTrail CloudWatch
GuardDuty Config VPC
Flow logs
ՄࢹԽɾϞχλϦϯά
௨஌
௨஌
SNS
௨஌
ӡ༻୲౰
؂ࢹ
ɾશϨΠϠʔ΁ͷηΩϡϦςΟͷద༻
ɾτϨαϏϦςΟʔͷ࣮ݱ
#jawsug_asa

View Slide

γεςϜͷϨΠϠʔผʹ౰ͯ͸ΊΔͱ
Ϛωδϝϯτ
ίϯιʔϧ
71$Ծ૝ઐ༗ྖҬ
&$04ྖҬ
ϩʔΧϧσΟεΫ
3%4σʔλϕʔε
4ετϨʔδ
$MPVE8BUDI؂ࢹ
%JSFDU$POOFDU/8
ηΩϡϦςΟͷରԠྫʢ๷ޚʣ
ݕ஌ͷରԠྫ
(VBSE%VUZ
$POUSPM5PXFS
4FDVSJUZ)VC
'JSFXBMM.BOBHFS
.BDJF
5SVTUFE"EWJTPS
ɾ"84ΞΧ΢ϯτɿར༻੍ݶ
ɾ*".Ϣʔβɿૢ࡞ݖݶͱ઀ଓݩ੍ݶ
ɹར༻ՄೳϦιʔεʹର͢ΔΞΫηείϯτϩʔϧɺଟཁૉೝূͷಋೖ
ɾຊ൪؀ڥɺ։ൃ؀ڥͱ͍ͬͨ؀ڥ୯ҐͰ71$ͷ෼཭
ɾαϒωοτ୯ҐͰͷ௨৴੍ޚɺϧʔςΟϯάઃఆ
ɾ71$ϑϩʔϩάͷऔಘ
ɾ4FDVSJUZ(SPVQʹΑΔαʔόؒ௨৴੍ޚ
ɾ4ZTUFNT.BOBHFS౳Λར༻ͯ͠ͷɺαʔόঢ়ଶͷ೺ѲͱҰׅύον౰ͯ
ɾαʔόͷϩάΠϯ؅ཧͷ࢓૊Έͱɺϩάू໿ͷ࢓૊Έͷಋೖ
ɾ҉߸ԽΦϓγϣϯʹΑΔσΟεΫશମͷ҉߸Խ
$MPVE5SBJMʹΑΔ
"84ૢ࡞ཤྺ
τϥϑΟοΫϩά
֤छΞϓϦέʔγϣϯϩά
04ϩάΠϯཤྺ
%#؂ࠪϩά
"84αʔϏε֤छʹΑΔ
ϩάɾΞϥʔτ
ݕࠪ͢Δ΂͖ϩά
ɾઐ༻ઢʢ%9ʣ΍71/Λར༻ͨ͠ܦ࿏҆શͷ֬อ
ɾ5SBOTJU(BUFXBZΛར༻ͨ͠71$ɾܦ࿏ͷ؅ཧ
ɾܦ࿏ͷ৑௕ԽʹΑΔࣄۀܧଓੑͷ֬อ
ɾDBMSͷػೳʹΑΔςʔϒϧશମʢදྖҬʣͷ҉߸Խ
ɾDBʹର͢ΔΞΫηεݖݶͷ؅ཧ
ɾ҉߸ԽΦϓγϣϯʹΑΔετϨʔδશମͷ҉߸Խ
ɾΫϥΠΞϯταΠυ͸҉߸ԽΩʔʹΑΓσʔλΛอޢ
ɾCloudWatchʹΑΔAWSͷ؂ࢹͱɺӡ༻؂ࢹιϑτ΢ΣΞΛར༻ͨ͠αʔ
ϏεɺΞϓϦέʔγϣϯ؂ࢹͷซ༻
*OTQFDUPS
"84ͷར༻ঢ়گͷ؂ࠪ
"84ΞΧ΢ϯτͷઃఆͱΨόφϯε
ηΩϡϦςΟʔΞϥʔτͷू໿ͱݕ஌ɾରԠ
"84ͷෆਖ਼ར༻ͷݕ஌
04ɺΞϓϦͷηΩϡϦςΟධՁ
'JSFXBMMͷҰݩ؅ཧͱݕ஌ɾରԠ
4಺ͷػີ৘ใͷݕग़ɺ෼ྨɺอޢ
0SHBOJ[BUJPOT
#jawsug_asa

View Slide

༧๷త౷੍ͱൃݟత౷੍
ηΩϡϦςΟͷϕετϓϥΫςΟεͷҰͭ
0SHBOJ[BUJPO6OJU
Automation
AWS Systems Manager
AWS Config
Rule
ઃఆෆඋΛ
ݕ஌
म෮ࢦࣔ
༧๷త౷੍
ൃݟత౷੍
SCP
AWS Organizations
SCPΛར༻ͯ͠
ΞΧ΢ϯτશମʹ
ېࢭࣄ߲ͷઃఆ
AWSΞΧ΢ϯτ
IAM User
ྫʣ
SPPUϢʔβʔͷΞΫηεΩʔͷ
࡞੒Λېࢭ͢Δ
ྫʣ
*".Ϣʔβʔͷ.'"͕༗ޮʹ
ͳ͍ͬͯΔ͔νΣοΫ͢Δ
Ұ࣌తʹ
IAMϢʔβʔͷ
ແޮԽ
#jawsug_asa

View Slide

αʔϏεΛ্ख͘׆༻͢Δͱ
ӡ༻ָ͕ʹͳΔ

View Slide

ηΩϡϦςΟͷઃఆΛखಈͰઃఆ͢Δͱʁ
̍ʙ̎ݸͩͱରԠՄೳ͕ͩɺΞΧ΢ϯτ
͕ݸ͋ͬͨͱͨ͠Βʁ
ਓ͕ؒखͰ΍Δͱϛε΍ൈ͚࿙Ε͕ൃੜ͢Δɻ
ͦΕҎલʹ໘౗͍͘͞
#jawsug_asa

View Slide

"840SHBOJ[BUJPOTͷ׆༻

View Slide

"840SHBOJ[BUJPOTͷ༻ޠ
#jawsug_asa
ཁૉ໊ ֓ཁ
૊৫
"840SHBOJ[BUJPOTͰ؅ཧ͢Δର৅ͷશମ
ࢀՃ͢Δ"84ΞΧ΢ϯτશͯ
Ϛελʔ
ΞΧ΢ϯτ
"840SHBOJ[BUJPOTΛઃఆͨ͠"84ΞΧ΢ϯτ
ʢ૊৫಺ʹ̍ͭͷΈʣ
ϝϯόʔ
ΞΧ΢ϯτ
૊৫಺ͷϚελʔΞΧ΢ϯτҎ֎ͷશͯͷ"84ΞΧ΢
ϯτ
૊৫୯Ґ
ʢ06

૊৫಺ͷ࿦ཧతͳάϧʔϓ
؅ཧ༻ϧʔτ
ʢSPPUʣ
૊৫಺ͷ֊૚ͷ࠷্Ґ
αʔϏείϯτϩ
ʔϧϙϦγʔ
ར༻Ͱ͖Δ"84αʔϏεͷ੍ޚΛهड़ͨ͠ϙϦγʔ

View Slide

0SHBOJ[BUJPOTͷ֊૚ߏ଄
Account Account Account
Organizational unit Organizational unit
3PPU
Account
Root௚Լʹ
ΞΧ΢ϯτͷ
഑ஔ΋Մೳ
ʢඇਪ঑ʣ
OUͷ֊૚ߏ଄΋
ઃఆՄೳ
#jawsug_asa
૊৫୯Ґʢ06ʣͰ؅ཧ͞Εɺ্Ґͷઃఆ͸
ԼҐʹܧঝ͞ΕΔ

View Slide

αʔϏείϯτϩʔϧϙϦγʔʢ4$1ʣ
4$1Λ࢖͏ͱ"84ΞΧ΢ϯτ୯ҐͰͷݖݶ੍ޚ͕Մೳ
4FSWJDF$POUSPM
1PMJDZʢ4$1ʣ
*EFOUJUZCBTFE
QPMJDZʢ*".ʣ
˓
˓
˓
☓
☓
༗ޮͳݖݶ
*".ͷΈͳΒͣϧʔτΞΧ΢ϯτͷ੍ݶ΋
Մೳʢ1FSNJTTJPOTό΢ϯμϦʔΑΓڧྗʣ

View Slide

4$1ͷ੍ޚͷܧঝ #jawsug_asa
0SHBOJ[BUJPOTͷ֊૚ͱݖݶͷܧঝ
Account Account Account
Organizational unit Organizational unit
SCP
ΞΧ΢ϯτ୯Ґʹ
ద༻
SCP
OUશମʹ
ద༻
3PPU
ΞΧ΢ϯτ಺Ͱ*".ΛؤுΔΑΓɺ੍ޚ͞Εͨαϯυ
ϘοΫεΞΧ΢ϯτΛ࡞Δ΄͏ָ͕͔΋͠Εͳ͍

View Slide

$MPVE'PSNBUJPO4UBDL4FUT

View Slide

$MPVE'PSNBUJPO4UBDL4FUT #jawsug_asa
CloudFormation
StackSets
Stack
ΞΧ΢ϯτAʢϝϯόʔΞΧ΢ϯτʣ
౦ژϦʔδϣϯ
Stack
ΦϋΠΦϦʔδϣϯ
਌ΞΧ΢ϯτʢϚελʔΞΧ΢ϯτʣ
Stack
ΞΧ΢ϯτBʢϝϯόʔΞΧ΢ϯτʣ
౦ژϦʔδϣϯ
Stackͷ࡞੒ͱ࣮ߦ
ෳ਺ͷ"84ΞΧ΢ϯτ΍Ϧʔδϣϯʹର͠
$MPVE'PSNBUJPOͷελοΫΛ࡞੒Ͱ͖Δػೳ

View Slide

0SHBOJ[BUJPOTº4UBDL4FUT
#jawsug_asa
AWS Account
AWS Account
OUʢ૊৫୯Ґʣ
3PPU
CloudFormation
StackSets
with
Organizations
AWS Account
OUʹࢀՃ
AWS Account
ελοΫͷ࡞੒
ʢOUઃఆͷ௥Ճʣ
ελοΫͷ࡟আ
ʢOUઃఆͷ࡟আʣ
OU͔Β཭୤
0SHBOJ[BUJPOTͱ࿈ܞͤͯ͞ɺ
06ࡿԼʹࣗಈతʹ4UBDL4FUTͷద༻
ΊͪΌͪ͘Όศར

View Slide

"840SHBOJ[BUJPOT
º
$MPVE'PSNBUJPO4UBDL4FUT
ࢼͯ͠ΈΑ͏ʂʂ

View Slide

ࢧ෷͍୅ߦ࢖ͬͯΔ͚Ͳʁ
ࢧ෷͍୅ߦͰ΋"840SHBOJ[BUJPOTͷػೳ͕
ར༻Մೳͳϓϥϯ͕͋Γ·͢
/3*ωοτίϜɹʲ"840SHBOJ[BUJPOTରԠʳ
"84ࢧ෷͍୅ߦαʔϏε
IUUQTXXXOSJOFUDPNQSPEVDUTBXTQBZNFOU
#jawsug_asa

View Slide

·ͱΊ

View Slide

ࠓ೔࿩ͨ͠಺༰
"84ͷΞΧ΢ϯτηΩϡϦςΟ
"84ͷηΩϡϦςΟαʔϏε
$MPVE'PSNBUJPO4UBDL4FUTͱ"840SHBOJ[BUJPOT
#jawsug_asa

View Slide

ຊ೔ͷΰʔϧ
"840SHBOJ[BUJPOTͱ
$MPVE'PSNBUJPO4UBDL4FUTΛࣗ෼Ͱ࢖ͬͯΈΑ͏
㱺࢖ͬͯΈͨ͘ͳΓ·͔ͨ͠ʁ
ɹ-FU`͂5SZʂʂ
#jawsug_asa

View Slide

CloudFormation StackSets with AWS Organizations

CloudFormation StackSets with AWS Organizations

Takuro SASAKI

More Decks by Takuro SASAKI

Other Decks in Technology

Featured

Transcript