Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
CloudFormation StackSets with AWS Organizations
Search
Takuro SASAKI
August 25, 2020
Technology
3
5.6k
CloudFormation StackSets with AWS Organizations
JAWS-UG朝会で発表した"CloudFormation StackSets × AWS Organizationsで設定の自動化"の発表資料です
Takuro SASAKI
August 25, 2020
Tweet
Share
More Decks by Takuro SASAKI
See All by Takuro SASAKI
技術書を書く技術 JAWS DAYS 2024
takuros
16
5.2k
パフォーマンスとコスト制約から考えるアーキテクチャ設計(JAWSUG東京ランチLT会#4)
takuros
2
1.1k
Storage-JAWS第0回 昔話で振り返るAWSの歴史 ~ストレージ編~
takuros
1
3.5k
エンジニアとしての自分とマネージャーとしての自分の狭間で、どう成長していくのか?(AWS DevDay 2023登壇資料)
takuros
30
13k
AWSで作るデータ分析基盤サービスの選定と設計のポイント
takuros
5
6.1k
JAWSUG初心者支部 IAMの「あ」の話
takuros
4
8.5k
Security-JAWS-Speciality-Study
takuros
0
5.4k
AWS認定セキュリティ - 専門知識 AWSのサービスを使って楽してセキュリティ向上!!
takuros
5
5k
AWSアカウントのセキュリティを守る IAM編
takuros
1
2.8k
Other Decks in Technology
See All in Technology
エンジニアのためのドキュメント力基礎講座〜構造化思考から始めよう〜(2025/02/15jbug広島#15発表資料)
yasuoyasuo
18
7.1k
【Developers Summit 2025】プロダクトエンジニアから学ぶ、 ユーザーにより高い価値を届ける技術
niwatakeru
2
1.6k
TAMとre:Capセキュリティ編 〜拡張脅威検出デモを添えて〜
fujiihda
2
360
クラウドサービス事業者におけるOSS
tagomoris
3
950
Apache Iceberg Case Study in LY Corporation
lycorptech_jp
PRO
0
140
抽象化をするということ - 具体と抽象の往復を身につける / Abstraction and concretization
soudai
27
14k
2.5Dモデルのすべて
yu4u
2
940
株式会社EventHub・エンジニア採用資料
eventhub
0
4.3k
コンピュータビジョンの社会実装について考えていたらゲームを作っていた話
takmin
1
480
Helm , Kustomize に代わる !? 次世代 k8s パッケージマネージャー Glasskube 入門 / glasskube-entry
parupappa2929
0
270
AIエージェント元年
shukob
0
120
PHPで印刷所に入稿できる名札データを作る / Generating Print-Ready Name Tag Data with PHP
tomzoh
0
140
Featured
See All Featured
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
114
50k
The Cost Of JavaScript in 2023
addyosmani
47
7.3k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
7k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.4k
Documentation Writing (for coders)
carmenintech
67
4.6k
4 Signs Your Business is Dying
shpigford
182
22k
GraphQLとの向き合い方2022年版
quramy
44
13k
Fireside Chat
paigeccino
34
3.2k
The Cult of Friendly URLs
andyhume
78
6.2k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
29
1k
Statistics for Hackers
jakevdp
797
220k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
175
52k
Transcript
$MPVE'PSNBUJPO4UBDL4FUTº "840SHBOJ[BUJPOTͰ ઃఆͷࣗಈԽ /3*ωοτίϜגࣜձࣾɹ ࠤʑ +"846(ேձୈճ #jawsug_asa
ࠤʑ CMPHIUUQTCMPHUBLVSPTOFU 5XJUUFS!ELGK ࣗݾհ #jawsug_asa
+BQBO"1/"NCBTTBEPS બग़͞Ε·ͨ͠ ࣗݾհ #jawsug_asa
ೝఆηΩϡϦςΟࢼݧͷରࡦຊ ཁཧ͔Β߈ུ͢Δ ʰ"84ೝఆηΩϡϦςΟઐࣝʱ IUUQTBN[OUP1,4D( "84ೝఆηΩϡϦςΟઐࣝͷษڧͷํͱ "84ͷηΩϡϦςΟͷΨΠυϒοΫͱͯࣥ͠චʢͨͭ͠Γʣ #jawsug_asa
ࠓ͢༰ "84ͷΞΧϯτηΩϡϦςΟ "84ͷηΩϡϦςΟαʔϏε $MPVE'PSNBUJPO4UBDL4FUTͱ"840SHBOJ[BUJPOT #jawsug_asa
ຊͷΰʔϧ "840SHBOJ[BUJPOTͱ $MPVE'PSNBUJPO4UBDL4FUTΛࣗͰͬͯΈΑ͏ 㱺ࣗͰखΛಈ͔͢ͷେࣄʂʂ #jawsug_asa
"84ͱηΩϡϦςΟ ͍Ζ͍ΖΔ͜ͱ͕ଟͯ͘ɺ ͍͜͠ͱࢥͬͨ͜ͱ͋Γ·ͤΜ͔ શମ૾ΛѲ͢ΔͨΊʹɺͬ͘͟Γͱ ྨͯ͠Έ·͠ΐ͏ #jawsug_asa
"84ͱηΩϡϦςΟ "84ͷηΩϡϦςΟ̏ͭͷ࣠Ͱߟ͑Δ ᶃ"84ʹߏஙͨ͠ωοτϫʔΫͱαʔόʔͷηΩϡϦςΟ ᶄ"84ૢ࡞ʹؔ͢Δݖݶʢ*".ʣ ᶅηΩϡϦςΟΛҡ࣋ཧ͢ΔͨΊͷ"84αʔϏε AWS Management Console Role VPC
AWS Cloud Subnet Internet gateway Amazon Simple Storage Service (S3) VPN gateway Endpoints User ૢ࡞ݖݶ Instance Instance Instance AWS Lambda Role ᶄ ᶃ AWS Command Line Interface AWS Config AWS Systems Manager AWS Service Catalog AWS Trusted Advisor AWS CloudTrail ᶅ ηΩϡϦςΟΛҡ࣋ ཧ͢ΔαʔϏε #jawsug_asa
ᶃ"84ʹߏஙͨ͠ωοτϫʔΫͱ αʔόʔͷηΩϡϦςΟ ڞ༗Ϟσϧͷͷ෦ ઃܭͷߟ͑ํΦϯϓϨͱେ͖͘ҧΘͳ͍͕ɺઃఆͷ ํ"84ͷྲّྀʹै͏ඞཁ͕͋Δ IUUQTBXTBNB[PODPNKQDPNQMJBODFTIBSFESFTQPOTJCJMJUZNPEFM #jawsug_asa
ᶄ"84ͷૢ࡞ʹؔ͢Δݖݶʢ*".ʣ "84ͷηΩϡϦςΟͷத֩ͷҰͭ ͲΜͳʹωοτϫʔΫαʔόʔͷηΩϡϦςΟΛڧݻʹ ͍ͯͯ͠ɺ"84Λૢ࡞͞ΕΔͱ͕݀։͚ΒΕΔ "84ͷബ͍ຊɹ*".ͷϚχΞοΫͳ IUUQTCPPUIQNKBJUFNT #jawsug_asa
ᶅηΩϡϦςΟΛҡ࣋ཧ͢Δ ɹͨΊͷ"84αʔϏε "84ಠࣗͷ෦ ར༻͠ͳͯ͘γεςϜΛηΩϡΞͳঢ়ଶΛҡ࣋Ͱ͖Δ͕ɺ ্ख͘׆༻͢ΔͱࣗྗͰΔΑΓഒָʹͳΔ "84ͷബ͍ຊᶘΞΧϯτηΩϡϦςΟͷϕʔγοΫηΦϦʔ IUUQTCPPUIQNKBJUFNT #jawsug_asa
ηΩϡϦςΟΛҡ࣋͢ΔͨΊͷ "84αʔϏε
ΨʔυϨʔϧͱ͍͏"84ͷઃܭࢥ ηΩϡϦςΟҰઃఆ͓ͯ͠ऴ͍Ͱͳ͍ɻ ڥશମʹܧଓతͳΨόφϯεΛఏڙ͢Δҝͷϧʔϧ͕ඞཁɻ"84 རศੑΛอͪͳ͕Βɺαϙʔτ͢ΔαʔϏεΛఏڙ͍ͯ͠Δ ᶃ༧ɹʜɹ*".4$1Ͱېࢭࣄ߲ͷૢ࡞ࣄ߲Λग़དྷͳ͘͢Δ͜ͱ ᶄݕɹʜɹېࢭࣄ߲ͷૢ࡞͕͞ΕͨΒؾ͕͚Δঢ়ଶʹ͢Δ͜ͱ ΨʔυϨʔϧ ؔॴ #jawsug_asa
$MPVE5SBJM AWS Management Console User AWS Command Line Interface AWS
CloudTrail Amazon Simple Storage Service (S3) Amazon CloudWatch "84Ϧιʔεͷૢ࡞ཤྺΛهɾ௨ ᶃϚωδϝϯτίϯιʔϧͱ"1*ͷૢ࡞ཤྺΛ4ʹอଘ ᶄ$MPVE8BUDI-PHTΛར༻ͯ͠4/4ܦ༝Ͱ௨Մೳ AWSϦιʔε #jawsug_asa
$POpH ఆˍΠϕϯτൃੜ࣌ʹ"84ͷঢ়ଶΛه ᶃ"84ͷঢ়ଶΛه͠ཧ͢ΔαʔϏε ᶄ$POpH3VMFTΛར༻͢Δ͜ͱʹΑΓɺ͋Δ͖ঢ়ଶ͔Β֎Ε ͨ͜ͱΛݕ͢Δ͜ͱ͕Ͱ͖Δ AWS Config User AWSϦιʔε ͷߏมߋ
ߏཧɾه ͷอଘ มߋޙͷߏͷ ධՁ ʢConfig Rulesʣ Amazon Simple Notification Service #jawsug_asa
(VBSE%VUZ ڴҖͷݕग़ ᶃηΩϡϦςΟ؍͔ΒͷڴҖϦεΫΛݕग़ ᶄϩάσʔλʢ71$'MPX-PHT $MPVE5SBJM&WFOU-PHT %/4-PHTʣΛੳ ᶅڴҖΛ"*ʹΑΓΠϯςϦδΣϯεʹݕग़ ѱҙͷ͋ΔεΩϟϯ ΠϯελϯεͷڴҖ ΞΧϯτͷڴҖ
Amazon GuardDuty Flow logs Event Logs DNS Logs ϩά ڴҖͷஅ Amazon Simple Notification Service Amazon CloudWatch Events ௨ #jawsug_asa
4FDVSJUZ)VC https://aws.amazon.com/jp/security-hub/ ηΩϡϦςΟΞϥʔτΛҰݩཧ ᶃ(VBSE%VUZ .BDJF *OTQFDUPSͷΞϥʔτΛ౷߹ͯ͠ཧ ᶄ֤छϩάΛݩʹίϯϓϥΠΞϯενΣοΫ ᶅαʔυύʔςΟπʔϧͱͷ࿈ܞɾෳ"84ΞΧϯτͷ౷߹ Մೳ #jawsug_asa
5SVTUFE"EWJTPS "84ͷར༻ঢ়گΛධՁ ᶃ̑ͭͷ؍ʢίετ࠷దԽɾύϑΥʔϚϯεɾηΩϡϦςΟɾ ϑΥʔϧττϨϥϯεɾαʔϏε੍ݶʣͰධՁ ᶄσϑΥϧτͰద༻͞Ε͍ͯΔͷͰɺҰݟͯΈΔ͜ͱ ᶅ௨ʢ&ϝʔϧͷΈʣՄೳ #jawsug_asa
$POUSPM5PXFS https://aws.amazon.com/jp/controltower/ ෳΞΧϯτͷηΩϡϦςΟઃఆͱࢹ ᶃ"84ͷϕετϓϥΫςΟεΛΓࠐΜͩઃఆͰɺ"84ΞΧ ϯτͷߏங ᶄΞΧϯτͷϙϦγʔΛܧଓతʹཧͱՄࢹԽ ᶅطଘͷΞΧϯτΛ$POUSPM5PXFSʹొ͢Δͷා͍ #jawsug_asa
ηΩϡϦςΟͷઃܭͷࢦ
/*45αΠόʔηΩϡϦςΟϑϨʔϜϫʔΫ ྨ ΧςΰϦʔ ಛఆ ʢ*EFOUJGZʣ ɾࢿ࢈ཧ ɾϏδωεڥ ɾΨόφϯε ɾϦεΫΞηεϝϯτɺϦεΫΞηεϝϯτཧ ɾαϓϥΠνΣʔϯϦεΫϚωδϝϯτ
ޚ ʢ1SPUFDUʣ ɾΞΫηε੍ޚ ɾҙ্͓ࣝΑͼτϨʔχϯά ɾσʔληΩϡϦςΟ ɾใΛอޢ͢ΔͨΊͷϓϩηε͓Αͼखॱ ɾอक ɾอޢٕज़ ݕ ʢ%FUFDUʣ ɾҟৗͱΠϕϯτ ɾηΩϡϦςΟͷܧଓతͳϞχλϦϯά ɾݕϓϩηε ରԠ ʢ3FTQPOEʣ ɾରԠܭըͷ࡞ ɾίϛϡχέʔγϣϯ ɾੳ ɾݮ ෮چ ʢ3FDPWFSʣ ɾ෮چܭըͷ࡞ ɾվળ ɾίϛχέʔγϣϯ IPA CSFίΞ https://www.ipa.go.jp/files/000071204.pdf
"848FMM"SDIJUFDUFEϑϨʔϜϫʔΫ ப ઃܭݪଇ ӡ༻্ͷ ༏लੑ ɾӡ༻Λίʔυͱͯ͠ӡ༻ ɾఆظతʹɺখنͳɺݩʹ͢͜ͱ͕Ͱ͖ΔมߋΛద༻͢Δ ɾӡ༻खॱΛఆظతʹվળ͢Δ ɾোΛ༧͢Δ ɾ͋ΒΏΔӡ༻্ͷো͔ΒֶͿ
ηΩϡϦςΟ ɾڧݻͳೝূج൫ͷ࣮ ɾτϨαϏϦςΟʔͷ࣮ݱ ɾશϨΠϠʔͷηΩϡϦςΟͷద༻ ɾηΩϡϦςΟͷϕετϓϥΫςΟεͷࣗಈԽ ɾૹத͓Αͼอதͷσʔλอޢ ɾσʔλʹਓͷखΛೖΕͳ͍ ɾηΩϡϦςΟΠϕϯτͷඋ͑ ৴པੑ ɾো͔Βࣗಈతʹ෮چ͢Δ ɾ෮چखॱΛςετ͢Δ ɾਫฏํʹεέʔϧͯ͠ू߹తͳϫʔΫϩʔυͷՄ༻ੑΛߴΊΔ ɾΩϟύγςΟʔΛײʹཔΒͳ͍ ɾࣗಈԽͰมߋΛཧ͢Δ ύϑΥʔϚϯεޮ ɾߴͳςΫϊϩδʔΛ୭Ͱ͑ΔΑ͏ʹ͢Δ ɾ͢Ͱάϩʔόϧʹల։͢Δ ɾαʔόʔϨεΞʔΩςΫνϟΛ༷͢Δ ɾΑΓසൟʹ࣮ݧ͢Δ ɾϝΧχΧϧγϯύγʔΛߟྀ͢Δ ίετ࠷దԽ ɾΫϥυͷࡒཧͷӡ༻ ɾফඅϞσϧΛಋೖ͢Δ ɾશମతͳޮΛଌఆ͢Δ ɾඅ༻Λੳ͠ɺؼ݁ͤ͞Δ AWS Well-Architected ϑϨʔϜϫʔΫ https://aws.amazon.com/jp/architecture/well-architected/
"84ͷηΩϡϦςΟαʔϏεΛ ׆༻ྫ
ϑϨʔϜϫʔΫʹͯΊͯΈΔͱʁ Lambda Systems Manager Automation CloudFormation Organizations SCP IAM SNS
Config CloudWatch Inspector Macie GuardDuty Shield Firewall Manager WAF VPC ༧ ޚ ݕ ରԠ ෮چ ௨ ࣗಈԽ Lambda CloudWatch ௐࠪ CloudWatch CloudTrail ౷߹ Security Hub #jawsug_asa
ΞʔΩςΫνϟʔผʹݟͯΈΔͱ Shield WAF CloudFront ELB ߈ܸରࡦ ରϦιʔε NACL Security Group
ωοτϫʔΫޚ ରϦιʔε ELB EC2 RDS KMS σʔλอޢ ରϦιʔε EC2 RDS S3 %%P4߈ܸ ΞϓϦέʔγϣϯ ߈ܸ ෆਖ਼ ωοτϫʔΫ ΞΫηε ෆਖ਼ ɹσʔλΞΫηε Inspector Systems Manager αʔόʔཧ Security Hub CloudTrail CloudWatch GuardDuty Config VPC Flow logs ՄࢹԽɾϞχλϦϯά ௨ ௨ SNS ௨ ӡ༻୲ ࢹ ɾશϨΠϠʔͷηΩϡϦςΟͷద༻ ɾτϨαϏϦςΟʔͷ࣮ݱ #jawsug_asa
γεςϜͷϨΠϠʔผʹͯΊΔͱ Ϛωδϝϯτ ίϯιʔϧ 71$Ծઐ༗ྖҬ &$04ྖҬ ϩʔΧϧσΟεΫ 3%4σʔλϕʔε 4ετϨʔδ $MPVE8BUDIࢹ %JSFDU$POOFDU/8
ηΩϡϦςΟͷରԠྫʢޚʣ ݕͷରԠྫ (VBSE%VUZ $POUSPM5PXFS 4FDVSJUZ)VC 'JSFXBMM.BOBHFS .BDJF 5SVTUFE"EWJTPS ɾ"84ΞΧϯτɿར༻੍ݶ ɾ*".Ϣʔβɿૢ࡞ݖݶͱଓݩ੍ݶ ɹར༻ՄೳϦιʔεʹର͢ΔΞΫηείϯτϩʔϧɺଟཁૉೝূͷಋೖ ɾຊ൪ڥɺ։ൃڥͱ͍ͬͨڥ୯ҐͰ71$ͷ ɾαϒωοτ୯ҐͰͷ௨৴੍ޚɺϧʔςΟϯάઃఆ ɾ71$ϑϩʔϩάͷऔಘ ɾ4FDVSJUZ(SPVQʹΑΔαʔόؒ௨৴੍ޚ ɾ4ZTUFNT.BOBHFSΛར༻ͯ͠ͷɺαʔόঢ়ଶͷѲͱҰׅύονͯ ɾαʔόͷϩάΠϯཧͷΈͱɺϩάूͷΈͷಋೖ ɾ҉߸ԽΦϓγϣϯʹΑΔσΟεΫશମͷ҉߸Խ $MPVE5SBJMʹΑΔ "84ૢ࡞ཤྺ τϥϑΟοΫϩά ֤छΞϓϦέʔγϣϯϩά 04ϩάΠϯཤྺ %#ࠪϩά "84αʔϏε֤छʹΑΔ ϩάɾΞϥʔτ ݕࠪ͢Δ͖ϩά ɾઐ༻ઢʢ%9ʣ71/Λར༻ͨ͠ܦ࿏҆શͷ֬อ ɾ5SBOTJU(BUFXBZΛར༻ͨ͠71$ɾܦ࿏ͷཧ ɾܦ࿏ͷԽʹΑΔࣄۀܧଓੑͷ֬อ ɾDBMSͷػೳʹΑΔςʔϒϧશମʢදྖҬʣͷ҉߸Խ ɾDBʹର͢ΔΞΫηεݖݶͷཧ ɾ҉߸ԽΦϓγϣϯʹΑΔετϨʔδશମͷ҉߸Խ ɾΫϥΠΞϯταΠυ҉߸ԽΩʔʹΑΓσʔλΛอޢ ɾCloudWatchʹΑΔAWSͷࢹͱɺӡ༻ࢹιϑτΣΞΛར༻ͨ͠αʔ ϏεɺΞϓϦέʔγϣϯࢹͷซ༻ *OTQFDUPS "84ͷར༻ঢ়گͷࠪ "84ΞΧϯτͷઃఆͱΨόφϯε ηΩϡϦςΟʔΞϥʔτͷूͱݕɾରԠ "84ͷෆਖ਼ར༻ͷݕ 04ɺΞϓϦͷηΩϡϦςΟධՁ 'JSFXBMMͷҰݩཧͱݕɾରԠ 4ͷػີใͷݕग़ɺྨɺอޢ 0SHBOJ[BUJPOT #jawsug_asa
༧త౷੍ͱൃݟత౷੍ ηΩϡϦςΟͷϕετϓϥΫςΟεͷҰͭ 0SHBOJ[BUJPO6OJU Automation AWS Systems Manager AWS Config Rule
ઃఆෆඋΛ ݕ म෮ࢦࣔ ༧త౷੍ ൃݟత౷੍ SCP AWS Organizations SCPΛར༻ͯ͠ ΞΧϯτશମʹ ېࢭࣄ߲ͷઃఆ AWSΞΧϯτ IAM User ྫʣ SPPUϢʔβʔͷΞΫηεΩʔͷ ࡞Λېࢭ͢Δ ྫʣ *".Ϣʔβʔͷ.'"͕༗ޮʹ ͳ͍ͬͯΔ͔νΣοΫ͢Δ Ұ࣌తʹ IAMϢʔβʔͷ ແޮԽ #jawsug_asa
αʔϏεΛ্ख͘׆༻͢Δͱ ӡ༻ָ͕ʹͳΔ
ηΩϡϦςΟͷઃఆΛखಈͰઃఆ͢Δͱʁ ̍ʙ̎ݸͩͱରԠՄೳ͕ͩɺΞΧϯτ ͕ݸ͋ͬͨͱͨ͠Βʁ ਓ͕ؒखͰΔͱϛεൈ͚࿙Ε͕ൃੜ͢Δɻ ͦΕҎલʹ໘͍͘͞ #jawsug_asa
"840SHBOJ[BUJPOTͷ׆༻
"840SHBOJ[BUJPOTͷ༻ޠ #jawsug_asa ཁૉ໊ ֓ཁ ৫ "840SHBOJ[BUJPOTͰཧ͢Δରͷશମ ࢀՃ͢Δ"84ΞΧϯτશͯ Ϛελʔ ΞΧϯτ "840SHBOJ[BUJPOTΛઃఆͨ͠"84ΞΧϯτ
ʢ৫ʹ̍ͭͷΈʣ ϝϯόʔ ΞΧϯτ ৫ͷϚελʔΞΧϯτҎ֎ͷશͯͷ"84ΞΧ ϯτ ৫୯Ґ ʢ06 ৫ͷཧతͳάϧʔϓ ཧ༻ϧʔτ ʢSPPUʣ ৫ͷ֊ͷ࠷্Ґ αʔϏείϯτϩ ʔϧϙϦγʔ ར༻Ͱ͖Δ"84αʔϏεͷ੍ޚΛهड़ͨ͠ϙϦγʔ
0SHBOJ[BUJPOTͷ֊ߏ Account Account Account Organizational unit Organizational unit 3PPU Account
RootԼʹ ΞΧϯτͷ ஔՄೳ ʢඇਪʣ OUͷ֊ߏ ઃఆՄೳ #jawsug_asa ৫୯Ґʢ06ʣͰཧ͞Εɺ্Ґͷઃఆ ԼҐʹܧঝ͞ΕΔ
αʔϏείϯτϩʔϧϙϦγʔʢ4$1ʣ 4$1Λ͏ͱ"84ΞΧϯτ୯ҐͰͷݖݶ੍ޚ͕Մೳ 4FSWJDF$POUSPM 1PMJDZʢ4$1ʣ *EFOUJUZCBTFE QPMJDZʢ*".ʣ ˓ ˓ ˓ ☓
☓ ༗ޮͳݖݶ *".ͷΈͳΒͣϧʔτΞΧϯτͷ੍ݶ Մೳʢ1FSNJTTJPOTόϯμϦʔΑΓڧྗʣ
4$1ͷ੍ޚͷܧঝ #jawsug_asa 0SHBOJ[BUJPOTͷ֊ͱݖݶͷܧঝ Account Account Account Organizational unit Organizational unit
SCP ΞΧϯτ୯Ґʹ ద༻ SCP OUશମʹ ద༻ 3PPU ΞΧϯτͰ*".ΛؤுΔΑΓɺ੍ޚ͞Εͨαϯυ ϘοΫεΞΧϯτΛ࡞Δ΄͏ָ͕͔͠Εͳ͍
$MPVE'PSNBUJPO4UBDL4FUT
$MPVE'PSNBUJPO4UBDL4FUT #jawsug_asa CloudFormation StackSets Stack ΞΧϯτAʢϝϯόʔΞΧϯτʣ ౦ژϦʔδϣϯ Stack ΦϋΠΦϦʔδϣϯ ΞΧϯτʢϚελʔΞΧϯτʣ
Stack ΞΧϯτBʢϝϯόʔΞΧϯτʣ ౦ژϦʔδϣϯ Stackͷ࡞ͱ࣮ߦ ෳͷ"84ΞΧϯτϦʔδϣϯʹର͠ $MPVE'PSNBUJPOͷελοΫΛ࡞Ͱ͖Δػೳ
0SHBOJ[BUJPOTº4UBDL4FUT #jawsug_asa AWS Account AWS Account OUʢ৫୯Ґʣ 3PPU CloudFormation StackSets
with Organizations AWS Account OUʹࢀՃ AWS Account ελοΫͷ࡞ ʢOUઃఆͷՃʣ ελοΫͷআ ʢOUઃఆͷআʣ OU͔Β 0SHBOJ[BUJPOTͱ࿈ܞͤͯ͞ɺ 06ࡿԼʹࣗಈతʹ4UBDL4FUTͷద༻ ΊͪΌͪ͘Όศར
"840SHBOJ[BUJPOT º $MPVE'PSNBUJPO4UBDL4FUT ࢼͯ͠ΈΑ͏ʂʂ
ࢧ͍ߦͬͯΔ͚Ͳʁ ࢧ͍ߦͰ"840SHBOJ[BUJPOTͷػೳ͕ ར༻Մೳͳϓϥϯ͕͋Γ·͢ /3*ωοτίϜɹʲ"840SHBOJ[BUJPOTରԠʳ "84ࢧ͍ߦαʔϏε IUUQTXXXOSJOFUDPNQSPEVDUTBXTQBZNFOU #jawsug_asa
·ͱΊ
ࠓͨ͠༰ "84ͷΞΧϯτηΩϡϦςΟ "84ͷηΩϡϦςΟαʔϏε $MPVE'PSNBUJPO4UBDL4FUTͱ"840SHBOJ[BUJPOT #jawsug_asa
ຊͷΰʔϧ "840SHBOJ[BUJPOTͱ $MPVE'PSNBUJPO4UBDL4FUTΛࣗͰͬͯΈΑ͏ 㱺ͬͯΈͨ͘ͳΓ·͔ͨ͠ʁ ɹ-FU`͂5SZʂʂ #jawsug_asa