Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWS WAFのログが3時間しか見れないのでなんとかしてみる

Tmorinaga
February 14, 2017
Technology
3
3.8k

AWS WAFのログが3時間しか見れないのでなんとかしてみる

Ops JAWS #10

Tmorinaga

February 14, 2017
Tweet

More Decks by Tmorinaga

See All by Tmorinaga
OpsJAWS#13 IAMベストプラクティス
tmorinaga
1
3.3k
Developers.IO 2017 E3
tmorinaga
0
930
JAWS DAYS 2017 Security-JAWS発表資料
tmorinaga
2
3.7k
re:Growth 2016 in Tokyo
tmorinaga
0
1.9k
Developers.IO 2016 in Fukuoka
tmorinaga
1
610
【エンジニア編】AWS活用を考えているなら”必ず!"知っておくべきセキュリティの話
tmorinaga
1
3.6k
【ビジネス編】AWS活用を考えているなら”必ず!"知っておくべきセキュリティの話
tmorinaga
1
1.9k
OpsJAWS#4 CloudWatch Events Hands-on
tmorinaga
3
1.5k

Other Decks in Technology

See All in Technology
What to talk about when you have nothing to talk about
moyheen
0
110
AWS Direct Connectと愉快なGWたちのおさらい
minorun365
5
1.1k
金融系子会社でレガシーシステムしか作ったことないけど、モダン開発に挑戦してみた
marikashiotsuki
1
130
Microsoft Build 2023 ふりかえり - IoT と AI 周りを中心に
mode86
0
170
WWDC「間」を復習しよう
line_developers
PRO
0
360
JUnitテストをCI環境で並列で実行する方法とその速度, スケーラビリティ
nabedge
4
280
async-profilerによるスタックトレースタイムトラベル - Kafkaのパフォーマンス問題調査での応用例
line_developers
PRO
1
150
GLOBIS データサイエンスチームのご紹介/ GLOBIS Data Science Team is hiring.
globis_gdp
0
1.9k
Virtual Threads - 導入の背景と、効果的な使い方 -
skrb
2
330
Transit Gatewayを使わなければならない場面を改めて考えてみる #dx_osarai
non97
0
3.2k
OCI Data Integration技術情報 / ocidi_technical_jp
oracle4engineer
PRO
0
460
Sprasia, Inc. - Sprasia Engineers Culture Deck
sprasiainc
0
110

Featured

See All Featured
Large-scale JavaScript Application Architecture
addyosmani
500
110k
Designing with Data
zakiwarfel
92
4.3k
Typedesign – Prime Four
hannesfritz
34
1.6k
The World Runs on Bad Software
bkeepers
PRO
59
5.9k
Building Effective Engineering Teams - LeadDev
addyosmani
5
600
Become a Pro
speakerdeck
PRO
7
3.4k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
350
28k
The Mythical Team-Month
searls
211
41k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
32
8.4k
Building Better People: How to give real-time feedback that sticks.
wjessup
346
18k
The Straight Up "How To Draw Better" Workshop
denniskardys
226
130k
Designing Experiences People Love
moore
131
22k

Transcript

  1. AWS WAFͷϩά͕
    3͔࣌ؒ͠ݟΕͳ͍ͷͰ
    ͳΜͱ͔ͯ͠ΈΔ
    Ϋϥεϝιουגࣜձࣾ
    ιϦϡʔγϣϯΞʔΩςΫτ ৿Ӭେࢤ

    View Slide

  2. ࣗݾ঺հ

    View Slide

  3. ɹɹɹɹɹɹ৿Ӭ େࢤ(@morimoritaitai)
    AWSࣄۀ෦ ιϦϡʔγϣϯΞʔΩςΫτ
    ✦ झຯ : ήʔϜ / ञ / Χϝϥ
    ✦ ڵຯ : Security / OpsࣗಈԽ
    ✦ ޷͖:Config/CloudTrail/IAM/PHD
    ✦ ྘৭ͷαʔϏε͕޷͖ͳϑϨϯζ
    ✦ AWSೝఆࢿ֨5ף

    View Slide

  4. ձࣾ঺հ

    View Slide

  5. ϒϩάͷձࣾ

    View Slide

  6. AWS WAF࢖ͬͯ·͔͢ʁ

    View Slide

  7. AWS WAFͱ͸
    • CloudFrontͱALBʹ࢓ࠐΊΔϚωʔδυWAF
    • IPΞυϨε੍ݶ/จࣈྻ੍ݶ/SQLΠϯδΣΫ
    γϣϯ/XSSରࡦͳͲجຊతͳWAFཁ݅͸ຬͨ
    ͤΔ
    • ͦΜͳʹෳࡶͳઃఆ͸ग़དྷͳ͍͚Ͳ؆қͳ
    WAF͕΄͍͠ͳΒ͘͢͝ศར

    View Slide

  8. AWS WAFศརͳΜͰ͕͢ɺ
    1఺͍͚ͨͩͳ͍͜ͱ͕…

    View Slide

  9. Πϕϯτϩά͕3͔࣌ؒ͠
    ݟΕͳ͍໰୊

    View Slide

  10. ४ϦΞϧλΠϜͷ
    ΠϯγσϯτରԠͱߟ͑Ε͹
    ෼͔Βͳ͘͸ͳ͍

    View Slide

  11. Ͱ΋΍ͬͺΓΠϕϯτϩά͸
    ޙ͔Β֬ೝͰ͖ΔΑ͏ʹ͍ͨ͠

    View Slide

  12. ͳΜͱ͔ͯ͠ΈΔ

    View Slide

  13. ߏ੒Λߟ͑Δ
    • AWS WAFͷΠϕϯτ͸CloudWatchͰݕ஌
    • CloudWatchͷΞϥʔτΛSNSͰൃใ
    • SNSͰLambdaΛൃՐ
    • Lambda͕AWS WAFͷϩάΛऔಘ͠S3΁อଘ

    View Slide

  14. ߏ੒ਤ
    ᶃ Πϕϯτൃੜ
    ᶄΞϥʔϜൃใ
    ᶅ SNS௨஌
    ᶆ ϩάऔಘ
    ᶇ ϩάอ؅
    WAF CloudWatch SNS
    Lambda
    S3

    View Slide

  15. SNSτϐοΫ࡞੒

    View Slide

  16. CloudWatchΞϥʔτ࡞੒
    1ͭͰ΋ϒϩοΫ͕͋Ε͹
    SNSͰ௨஌

    View Slide

  17. ϩάอ؅༻S3όέοτ࡞੒

    View Slide

  18. Lambda༻IAMϩʔϧ࡞੒
    • AmazonS3FullAccess
    • AWSWAFReadOnlyAccess
    • AWSLambdaBasicExecutionRole

    View Slide

  19. LambdaϑΝϯΫγϣϯ࡞੒
    • https://github.com/Tmorinaga/aws-waf-logger/blob/master/aws-waf-logger.py

    View Slide

  20. LambdaϑΝϯΫγϣϯ࡞੒
    SNSΛΠϕϯτιʔεʹ

    View Slide

  21. LambdaϑΝϯΫγϣϯ࡞੒
    ؀ڥม਺ͰS3όέοτ໊ࢦఆ
    ࡞੒ͨ͠IAM RoleΛࢦఆ

    View Slide

  22. ࢼ͢
    Α͋͘ΔSQLΠϯδΣΫγϣϯྫ

    View Slide

  23. ࢼ͢
    ϒϩοΫ͞Εͨ

    View Slide

  24. 5෼ޙ

    View Slide

  25. ࢼ͢
    S3ʹϩά͕֨ೲ͞Εͨʂ͢͝ʔ͍ʂ

    View Slide

  26. ஫ҙ఺
    • AWS WAFଆͷ࢓༷ͰPOSTͷத਎͸ݟΕͳ͍
    • ݟΕΔΑ͏ʹͳΓ·ͤΜ͔Ͷɻɻɻʁ
    • Sample Requests͸100͔݅͠औΕͳ͍ͷͰɺ
    Ұؾʹ100݅Ҏ্ͷ߈ܸ͕དྷΔͱऔಘ࿙ΕΔ

    View Slide

  27. ࠷ޙʹ
    • ͍ͭެࣜରԠͯ͠΋͓͔͘͠ͳ͍ͷͰυΩυ
    Ω͠ͳ͕ΒίʔυΛॻ͍ͯ·ͨ͠
    • POSTͷத਎Λه࿥͍ͨ͠…ʂ
    • ϓϧϦΫ͍ͩ͘͞
    • https://github.com/Tmorinaga/aws-waf-
    logger/blob/master/aws-waf-logger.py

    View Slide

  28. JAWS DAYS2017ʹొஃ͠·͢
    • Security JAWSͷҰһͱͯ͠AWS Configʹ͍ͭͯ೤͘ޠΓ·͢
    • ଞʹ΋Sec-JAWSϝϯόʔ͕ొஃͯ͠WAFʹ͍ͭͯ΋஻Γ·͢

    View Slide

  29. View Slide