Save 37% off PRO during our Black Friday Sale! »

AWS WAFのログが3時間しか見れないのでなんとかしてみる

C97900102deff1d3359eb64c9a00b080?s=47 Tmorinaga
February 14, 2017
Technology
3
3.6k

AWS WAFのログが3時間しか見れないのでなんとかしてみる

Ops JAWS #10

C97900102deff1d3359eb64c9a00b080?s=128

Tmorinaga

February 14, 2017
Tweet

More Decks by Tmorinaga

See All by Tmorinaga
C97900102deff1d3359eb64c9a00b080?s=48 tmorinaga
1
2.8k
C97900102deff1d3359eb64c9a00b080?s=48 tmorinaga
0
660
C97900102deff1d3359eb64c9a00b080?s=48 tmorinaga
2
3.1k
C97900102deff1d3359eb64c9a00b080?s=48 tmorinaga
0
1.7k
C97900102deff1d3359eb64c9a00b080?s=48 tmorinaga
1
520
C97900102deff1d3359eb64c9a00b080?s=48 tmorinaga
1
3k
C97900102deff1d3359eb64c9a00b080?s=48 tmorinaga
1
1.5k
C97900102deff1d3359eb64c9a00b080?s=48 tmorinaga
3
1.3k

Other Decks in Technology

See All in Technology
7602f2751868682b296171f58589c851?s=48 lyrixx
3
240
46839cf590a549efe13547c17a6b2fde?s=48 isaoshimizu
5
1.5k
D0a6969000c3715087b3a00abd646d20?s=48 timeseriesfr
0
210
Dd228ece3eac622c0b1b5f71f54b29ea?s=48 chisaton
0
220
D0a6969000c3715087b3a00abd646d20?s=48 timeseriesfr
0
200
Fc815be82d09a2e922d4000b65b9f83b?s=48 74th
0
370
6271a2c3d1c1f6d23f0d758bdf47626c?s=48 sunaotabata
17
30k
966e29b84ae7dbde170f66b0bc75b7a6?s=48 ishiayaya
0
1k
2a67c9a199a83a5eada6276f20630cb1?s=48 ohr486
2
140
4a545656ecacd1cde3548bf3e1b66f07?s=48 seputaratote
0
9.2k
33ef4c1ebe619115b552db9a9f9a3509?s=48 sadnessojisan
4
1.6k
8d0803aa4572615f7bce5f5288e6b716?s=48 mochan_tk
0
950

Featured

See All Featured
56c4053438af8e8b90d6f53cbb7573be?s=48 jakevdp
778
200k
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
74
1.7k
D67fff74178013024d833b3eec6cf27f?s=48 lynnandtonic
277
17k
B83d5b590577969ee79a5ad845411a7d?s=48 ammeep
660
55k
027d1ebf66cc039a0bd3b55eeadbe75d?s=48 sachag
270
17k
245cee81a9c424266e5e401d844ea881?s=48 lara
27
3.5k
Af6a12710770ad9a7cfd08c97efd40d3?s=48 pedronauck
655
120k
828ace851b606e1206900f26459f55ad?s=48 speakerdeck
PRO
2
480
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
191
14k
Fde6c3a50ca518a909ef35c22c0ee0e4?s=48 destraynor
148
20k
44b54d2ffcb7857004071cc6795dde11?s=48 cassininazir
350
20k
Ba530e786553390f3fb271848485681c?s=48 3n
169
23k

Transcript

  1. AWS WAFͷϩά͕ 3͔࣌ؒ͠ݟΕͳ͍ͷͰ ͳΜͱ͔ͯ͠ΈΔ Ϋϥεϝιουגࣜձࣾ ιϦϡʔγϣϯΞʔΩςΫτ ৿Ӭେࢤ

  2. ࣗݾ঺հ

  3. ɹɹɹɹɹɹ৿Ӭ େࢤ(@morimoritaitai) AWSࣄۀ෦ ιϦϡʔγϣϯΞʔΩςΫτ ✦ झຯ : ήʔϜ / ञ

    / Χϝϥ ✦ ڵຯ : Security / OpsࣗಈԽ ✦ ޷͖:Config/CloudTrail/IAM/PHD ✦ ྘৭ͷαʔϏε͕޷͖ͳϑϨϯζ ✦ AWSೝఆࢿ֨5ף

  4. ձࣾ঺հ

  5. ϒϩάͷձࣾ

  6. AWS WAF࢖ͬͯ·͔͢ʁ

  7. AWS WAFͱ͸ • CloudFrontͱALBʹ࢓ࠐΊΔϚωʔδυWAF • IPΞυϨε੍ݶ/จࣈྻ੍ݶ/SQLΠϯδΣΫ γϣϯ/XSSରࡦͳͲجຊతͳWAFཁ݅͸ຬͨ ͤΔ • ͦΜͳʹෳࡶͳઃఆ͸ग़དྷͳ͍͚Ͳ؆қͳ

    WAF͕΄͍͠ͳΒ͘͢͝ศར

  8. AWS WAFศརͳΜͰ͕͢ɺ 1఺͍͚ͨͩͳ͍͜ͱ͕…

  9. Πϕϯτϩά͕3͔࣌ؒ͠ ݟΕͳ͍໰୊

  10. ४ϦΞϧλΠϜͷ ΠϯγσϯτରԠͱߟ͑Ε͹ ෼͔Βͳ͘͸ͳ͍

  11. Ͱ΋΍ͬͺΓΠϕϯτϩά͸ ޙ͔Β֬ೝͰ͖ΔΑ͏ʹ͍ͨ͠

  12. ͳΜͱ͔ͯ͠ΈΔ

  13. ߏ੒Λߟ͑Δ • AWS WAFͷΠϕϯτ͸CloudWatchͰݕ஌ • CloudWatchͷΞϥʔτΛSNSͰൃใ • SNSͰLambdaΛൃՐ • Lambda͕AWS

    WAFͷϩάΛऔಘ͠S3΁อଘ

  14. ߏ੒ਤ ᶃ Πϕϯτൃੜ ᶄΞϥʔϜൃใ ᶅ SNS௨஌ ᶆ ϩάऔಘ ᶇ ϩάอ؅

    WAF CloudWatch SNS Lambda S3

  15. SNSτϐοΫ࡞੒

  16. CloudWatchΞϥʔτ࡞੒ 1ͭͰ΋ϒϩοΫ͕͋Ε͹ SNSͰ௨஌

  17. ϩάอ؅༻S3όέοτ࡞੒

  18. Lambda༻IAMϩʔϧ࡞੒ • AmazonS3FullAccess • AWSWAFReadOnlyAccess • AWSLambdaBasicExecutionRole

  19. LambdaϑΝϯΫγϣϯ࡞੒ • https://github.com/Tmorinaga/aws-waf-logger/blob/master/aws-waf-logger.py

  20. LambdaϑΝϯΫγϣϯ࡞੒ SNSΛΠϕϯτιʔεʹ

  21. LambdaϑΝϯΫγϣϯ࡞੒ ؀ڥม਺ͰS3όέοτ໊ࢦఆ ࡞੒ͨ͠IAM RoleΛࢦఆ

  22. ࢼ͢ Α͋͘ΔSQLΠϯδΣΫγϣϯྫ

  23. ࢼ͢ ϒϩοΫ͞Εͨ

  24. 5෼ޙ

  25. ࢼ͢ S3ʹϩά͕֨ೲ͞Εͨʂ͢͝ʔ͍ʂ

  26. ஫ҙ఺ • AWS WAFଆͷ࢓༷ͰPOSTͷத਎͸ݟΕͳ͍ • ݟΕΔΑ͏ʹͳΓ·ͤΜ͔Ͷɻɻɻʁ • Sample Requests͸100͔݅͠औΕͳ͍ͷͰɺ Ұؾʹ100݅Ҏ্ͷ߈ܸ͕དྷΔͱऔಘ࿙ΕΔ

  27. ࠷ޙʹ • ͍ͭެࣜରԠͯ͠΋͓͔͘͠ͳ͍ͷͰυΩυ Ω͠ͳ͕ΒίʔυΛॻ͍ͯ·ͨ͠ • POSTͷத਎Λه࿥͍ͨ͠…ʂ • ϓϧϦΫ͍ͩ͘͞ • https://github.com/Tmorinaga/aws-waf-

    logger/blob/master/aws-waf-logger.py

  28. JAWS DAYS2017ʹొஃ͠·͢ • Security JAWSͷҰһͱͯ͠AWS Configʹ͍ͭͯ೤͘ޠΓ·͢ • ଞʹ΋Sec-JAWSϝϯόʔ͕ొஃͯ͠WAFʹ͍ͭͯ΋஻Γ·͢

  29. None