Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AWS WAFのログが3時間しか見れないのでなんとかしてみる
Search
Tmorinaga
February 14, 2017
Technology
3
4.3k
AWS WAFのログが3時間しか見れないのでなんとかしてみる
Ops JAWS #10
Tmorinaga
February 14, 2017
Tweet
Share
More Decks by Tmorinaga
See All by Tmorinaga
OpsJAWS#13 IAMベストプラクティス
tmorinaga
1
3.9k
Developers.IO 2017 E3
tmorinaga
0
1.3k
JAWS DAYS 2017 Security-JAWS発表資料
tmorinaga
2
4.7k
re:Growth 2016 in Tokyo
tmorinaga
0
2.2k
Developers.IO 2016 in Fukuoka
tmorinaga
1
840
【エンジニア編】AWS活用を考えているなら”必ず!"知っておくべきセキュリティの話
tmorinaga
1
4.4k
【ビジネス編】AWS活用を考えているなら”必ず!"知っておくべきセキュリティの話
tmorinaga
1
2.3k
OpsJAWS#4 CloudWatch Events Hands-on
tmorinaga
3
1.8k
Other Decks in Technology
See All in Technology
Zephyr RTOSを使った開発コンペに参加した件
iotengineer22
0
150
FOSS4G 2025 KANSAI QGISで点群データをいろいろしてみた
kou_kita
0
240
KubeCon + CloudNativeCon Japan 2025 Recap Opening & Choose Your Own Adventureシリーズまとめ
mmmatsuda
0
230
論文紹介:LLMDet (CVPR2025 Highlight)
tattaka
0
240
Amazon S3標準/ S3 Tables/S3 Express One Zoneを使ったログ分析
shigeruoda
5
590
PHP開発者のためのSOLID原則再入門 #phpcon / PHP Conference Japan 2025
shogogg
4
930
Lazy application authentication with Tailscale
bluehatbrit
0
110
Understanding_Thread_Tuning_for_Inference_Servers_of_Deep_Models.pdf
lycorptech_jp
PRO
0
150
OPENLOGI Company Profile for engineer
hr01
1
33k
自律的なスケーリング手法FASTにおけるVPoEとしてのアカウンタビリティ / dev-productivity-con-2025
yoshikiiida
0
480
生成AI活用の組織格差を解消する 〜ビジネス職のCursor導入が開発効率に与えた好循環〜 / Closing the Organizational Gap in AI Adoption
upamune
5
4.6k
Liquid Glass革新とSwiftUI/UIKit進化
fumiyasac0921
0
300
Featured
See All Featured
Agile that works and the tools we love
rasmusluckow
329
21k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.5k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
138
34k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
229
22k
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Stop Working from a Prison Cell
hatefulcrawdad
270
20k
GraphQLの誤解/rethinking-graphql
sonatard
71
11k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
181
53k
How to train your dragon (web standard)
notwaldorf
94
6.1k
Measuring & Analyzing Core Web Vitals
bluesmoon
7
500
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
The Cult of Friendly URLs
andyhume
79
6.5k
Transcript
AWS WAFͷϩά͕ 3͔࣌ؒ͠ݟΕͳ͍ͷͰ ͳΜͱ͔ͯ͠ΈΔ Ϋϥεϝιουגࣜձࣾ ιϦϡʔγϣϯΞʔΩςΫτ Ӭେࢤ
ࣗݾհ
ɹɹɹɹɹɹӬ େࢤ(@morimoritaitai) AWSࣄۀ෦ ιϦϡʔγϣϯΞʔΩςΫτ ✦ झຯ : ήʔϜ / ञ
/ Χϝϥ ✦ ڵຯ : Security / OpsࣗಈԽ ✦ ͖:Config/CloudTrail/IAM/PHD ✦ ৭ͷαʔϏε͕͖ͳϑϨϯζ ✦ AWSೝఆࢿ֨5ף
ձࣾհ
ϒϩάͷձࣾ
AWS WAFͬͯ·͔͢ʁ
AWS WAFͱ • CloudFrontͱALBʹࠐΊΔϚωʔδυWAF • IPΞυϨε੍ݶ/จࣈྻ੍ݶ/SQLΠϯδΣΫ γϣϯ/XSSରࡦͳͲجຊతͳWAFཁ݅ຬͨ ͤΔ • ͦΜͳʹෳࡶͳઃఆग़དྷͳ͍͚Ͳ؆қͳ
WAF͕΄͍͠ͳΒ͘͢͝ศར
AWS WAFศརͳΜͰ͕͢ɺ 1͍͚ͨͩͳ͍͜ͱ͕…
Πϕϯτϩά͕3͔࣌ؒ͠ ݟΕͳ͍
४ϦΞϧλΠϜͷ ΠϯγσϯτରԠͱߟ͑Ε ͔Βͳ͘ͳ͍
ͰͬͺΓΠϕϯτϩά ޙ͔Β֬ೝͰ͖ΔΑ͏ʹ͍ͨ͠
ͳΜͱ͔ͯ͠ΈΔ
ߏΛߟ͑Δ • AWS WAFͷΠϕϯτCloudWatchͰݕ • CloudWatchͷΞϥʔτΛSNSͰൃใ • SNSͰLambdaΛൃՐ • Lambda͕AWS
WAFͷϩάΛऔಘ͠S3อଘ
ߏਤ ᶃ Πϕϯτൃੜ ᶄΞϥʔϜൃใ ᶅ SNS௨ ᶆ ϩάऔಘ ᶇ ϩάอ
WAF CloudWatch SNS Lambda S3
SNSτϐοΫ࡞
CloudWatchΞϥʔτ࡞ 1ͭͰϒϩοΫ͕͋Ε SNSͰ௨
ϩάอ༻S3όέοτ࡞
Lambda༻IAMϩʔϧ࡞ • AmazonS3FullAccess • AWSWAFReadOnlyAccess • AWSLambdaBasicExecutionRole
LambdaϑΝϯΫγϣϯ࡞ • https://github.com/Tmorinaga/aws-waf-logger/blob/master/aws-waf-logger.py
LambdaϑΝϯΫγϣϯ࡞ SNSΛΠϕϯτιʔεʹ
LambdaϑΝϯΫγϣϯ࡞ ڥมͰS3όέοτ໊ࢦఆ ࡞ͨ͠IAM RoleΛࢦఆ
ࢼ͢ Α͋͘ΔSQLΠϯδΣΫγϣϯྫ
ࢼ͢ ϒϩοΫ͞Εͨ
5ޙ
ࢼ͢ S3ʹϩά͕֨ೲ͞Εͨʂ͢͝ʔ͍ʂ
ҙ • AWS WAFଆͷ༷ͰPOSTͷதݟΕͳ͍ • ݟΕΔΑ͏ʹͳΓ·ͤΜ͔Ͷɻɻɻʁ • Sample Requests100͔݅͠औΕͳ͍ͷͰɺ Ұؾʹ100݅Ҏ্ͷ߈ܸ͕དྷΔͱऔಘ࿙ΕΔ
࠷ޙʹ • ͍ͭެࣜରԠ͓͔ͯ͘͠͠ͳ͍ͷͰυΩυ Ω͠ͳ͕ΒίʔυΛॻ͍ͯ·ͨ͠ • POSTͷதΛه͍ͨ͠…ʂ • ϓϧϦΫ͍ͩ͘͞ • https://github.com/Tmorinaga/aws-waf-
logger/blob/master/aws-waf-logger.py
JAWS DAYS2017ʹొஃ͠·͢ • Security JAWSͷҰһͱͯ͠AWS Configʹ͍ͭͯ͘ޠΓ·͢ • ଞʹSec-JAWSϝϯόʔ͕ొஃͯ͠WAFʹ͍ͭͯΓ·͢
None
tmorinaga
iotengineer22
kou_kita
mmmatsuda
tattaka
shigeruoda
shogogg
bluehatbrit
lycorptech_jp
hr01
yoshikiiida
upamune
fumiyasac0921
rasmusluckow
eileencodes
danielanewman
jlugia
hatefulcrawdad
sonatard
soudai
notwaldorf
bluesmoon
cassininazir
andyhume
