Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWS WAFのログが3時間しか見れないのでなんとかしてみる

C97900102deff1d3359eb64c9a00b080?s=47 Tmorinaga
February 14, 2017
Technology
3
3.6k

AWS WAFのログが3時間しか見れないのでなんとかしてみる

Ops JAWS #10

C97900102deff1d3359eb64c9a00b080?s=128

Tmorinaga

February 14, 2017
Tweet

More Decks by Tmorinaga

See All by Tmorinaga
C97900102deff1d3359eb64c9a00b080?s=48 tmorinaga
1
2.7k
C97900102deff1d3359eb64c9a00b080?s=48 tmorinaga
0
640
C97900102deff1d3359eb64c9a00b080?s=48 tmorinaga
2
3k
C97900102deff1d3359eb64c9a00b080?s=48 tmorinaga
0
1.7k
C97900102deff1d3359eb64c9a00b080?s=48 tmorinaga
1
500
C97900102deff1d3359eb64c9a00b080?s=48 tmorinaga
1
2.8k
C97900102deff1d3359eb64c9a00b080?s=48 tmorinaga
1
1.4k
C97900102deff1d3359eb64c9a00b080?s=48 tmorinaga
3
1.2k

Other Decks in Technology

See All in Technology
6a87c9bfc71c805c3f5f248b359365d3?s=48 mu2in
0
230
96ae3b7224ad653bdcc80059fa10fd8a?s=48 kata_junn
1
110
928ee4c919a0d47835d3dffda7bec566?s=48 yutongsong
0
120
8d6c54ebb889a5fe3f77b763d563fd9f?s=48 serinuntius
0
370
5b61748fa09ac24e9dd2cbef044422a1?s=48 purabparihar
0
190
5b47136bedcba2799edf4fcd27ea66d7?s=48 yaegashi
3
600
2037978e199b5947c8304d0435de9944?s=48 irisuinwl
0
380
563dea298ceddda314223503683a66e3?s=48 tachibana
0
220
84907687e50c8ac2a09b02e0d1b36ab1?s=48 toricls
PRO
11
3k
00101a1274d1f92977f4e442ef73be86?s=48 ahana
0
110
C31510e1430372434b634a415c656988?s=48 bake0937
0
130
79dcb04101764d7bf66f898dd446838e?s=48 tsukubachallenge
0
240

Featured

See All Featured
Ded01cdab114abe4ec13511e4c25b9bb?s=48 andyhume
67
4.4k
F57e2136eb9895eb95ff5dc8a1c02677?s=48 zakiwarfel
91
3.6k
C86443373fbfe92996aa882d0d7a59f8?s=48 imathis
482
150k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
688
180k
E14f55d3f939977cecbf51b64ff6f861?s=48 keithpitt
404
20k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
498
130k
5f2da528927a2ec9ba4fec2069cbc958?s=48 kneath
224
15k
245cee81a9c424266e5e401d844ea881?s=48 lara
175
10k
91cefdf141106fa10674aae74ce05890?s=48 yeseniaperezcruz
306
32k
32de0bd2ba869609d26fd052a4622778?s=48 cromwellryan
107
6.5k
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
17
2.1k
C51b39fa3c79ccb99dcb8a076bc98287?s=48 brianwarren
87
5.3k

Transcript

  1. AWS WAFͷϩά͕ 3͔࣌ؒ͠ݟΕͳ͍ͷͰ ͳΜͱ͔ͯ͠ΈΔ Ϋϥεϝιουגࣜձࣾ ιϦϡʔγϣϯΞʔΩςΫτ ৿Ӭେࢤ

  2. ࣗݾ঺հ

  3. ɹɹɹɹɹɹ৿Ӭ େࢤ(@morimoritaitai) AWSࣄۀ෦ ιϦϡʔγϣϯΞʔΩςΫτ ✦ झຯ : ήʔϜ / ञ

    / Χϝϥ ✦ ڵຯ : Security / OpsࣗಈԽ ✦ ޷͖:Config/CloudTrail/IAM/PHD ✦ ྘৭ͷαʔϏε͕޷͖ͳϑϨϯζ ✦ AWSೝఆࢿ֨5ף

  4. ձࣾ঺հ

  5. ϒϩάͷձࣾ

  6. AWS WAF࢖ͬͯ·͔͢ʁ

  7. AWS WAFͱ͸ • CloudFrontͱALBʹ࢓ࠐΊΔϚωʔδυWAF • IPΞυϨε੍ݶ/จࣈྻ੍ݶ/SQLΠϯδΣΫ γϣϯ/XSSରࡦͳͲجຊతͳWAFཁ݅͸ຬͨ ͤΔ • ͦΜͳʹෳࡶͳઃఆ͸ग़དྷͳ͍͚Ͳ؆қͳ

    WAF͕΄͍͠ͳΒ͘͢͝ศར

  8. AWS WAFศརͳΜͰ͕͢ɺ 1఺͍͚ͨͩͳ͍͜ͱ͕…

  9. Πϕϯτϩά͕3͔࣌ؒ͠ ݟΕͳ͍໰୊

  10. ४ϦΞϧλΠϜͷ ΠϯγσϯτରԠͱߟ͑Ε͹ ෼͔Βͳ͘͸ͳ͍

  11. Ͱ΋΍ͬͺΓΠϕϯτϩά͸ ޙ͔Β֬ೝͰ͖ΔΑ͏ʹ͍ͨ͠

  12. ͳΜͱ͔ͯ͠ΈΔ

  13. ߏ੒Λߟ͑Δ • AWS WAFͷΠϕϯτ͸CloudWatchͰݕ஌ • CloudWatchͷΞϥʔτΛSNSͰൃใ • SNSͰLambdaΛൃՐ • Lambda͕AWS

    WAFͷϩάΛऔಘ͠S3΁อଘ

  14. ߏ੒ਤ ᶃ Πϕϯτൃੜ ᶄΞϥʔϜൃใ ᶅ SNS௨஌ ᶆ ϩάऔಘ ᶇ ϩάอ؅

    WAF CloudWatch SNS Lambda S3

  15. SNSτϐοΫ࡞੒

  16. CloudWatchΞϥʔτ࡞੒ 1ͭͰ΋ϒϩοΫ͕͋Ε͹ SNSͰ௨஌

  17. ϩάอ؅༻S3όέοτ࡞੒

  18. Lambda༻IAMϩʔϧ࡞੒ • AmazonS3FullAccess • AWSWAFReadOnlyAccess • AWSLambdaBasicExecutionRole

  19. LambdaϑΝϯΫγϣϯ࡞੒ • https://github.com/Tmorinaga/aws-waf-logger/blob/master/aws-waf-logger.py

  20. LambdaϑΝϯΫγϣϯ࡞੒ SNSΛΠϕϯτιʔεʹ

  21. LambdaϑΝϯΫγϣϯ࡞੒ ؀ڥม਺ͰS3όέοτ໊ࢦఆ ࡞੒ͨ͠IAM RoleΛࢦఆ

  22. ࢼ͢ Α͋͘ΔSQLΠϯδΣΫγϣϯྫ

  23. ࢼ͢ ϒϩοΫ͞Εͨ

  24. 5෼ޙ

  25. ࢼ͢ S3ʹϩά͕֨ೲ͞Εͨʂ͢͝ʔ͍ʂ

  26. ஫ҙ఺ • AWS WAFଆͷ࢓༷ͰPOSTͷத਎͸ݟΕͳ͍ • ݟΕΔΑ͏ʹͳΓ·ͤΜ͔Ͷɻɻɻʁ • Sample Requests͸100͔݅͠औΕͳ͍ͷͰɺ Ұؾʹ100݅Ҏ্ͷ߈ܸ͕དྷΔͱऔಘ࿙ΕΔ

  27. ࠷ޙʹ • ͍ͭެࣜରԠͯ͠΋͓͔͘͠ͳ͍ͷͰυΩυ Ω͠ͳ͕ΒίʔυΛॻ͍ͯ·ͨ͠ • POSTͷத਎Λه࿥͍ͨ͠…ʂ • ϓϧϦΫ͍ͩ͘͞ • https://github.com/Tmorinaga/aws-waf-

    logger/blob/master/aws-waf-logger.py

  28. JAWS DAYS2017ʹొஃ͠·͢ • Security JAWSͷҰһͱͯ͠AWS Configʹ͍ͭͯ೤͘ޠΓ·͢ • ଞʹ΋Sec-JAWSϝϯόʔ͕ొஃͯ͠WAFʹ͍ͭͯ΋஻Γ·͢

  29. None