Upgrade to Pro — share decks privately, control downloads, hide ads and more …

サーバーレスなマルチテナントSaaSの権限管理 / Serverless Multitenan...

Avatar for ykarakita ykarakita
August 31, 2018
Technology
3
2k

サーバーレスなマルチテナントSaaSの権限管理 / Serverless Multitenant SaaS Auth Management

2018/08/31 Serverless Meetup Tokyo #10

Avatar for ykarakita

ykarakita

August 31, 2018
Tweet

More Decks by ykarakita

See All by ykarakita
ユーザー企業における サーバーレスな Web APIバックエンド開発 / Developping serverless Web API Backend
Avatar for ykarakita ykarakita
2
2.5k
Fitbit APIのススメ / Effective usage of fitbit API
Avatar for ykarakita ykarakita
0
720
Fitbit ✕ Music 〜Fitbit APIで最高のトレーニングを〜 / Great Training with Fitbit API
Avatar for ykarakita ykarakita
5
920

Other Decks in Technology

See All in Technology
「全員プロダクトマネージャー」を実現する、Cursorによる仕様検討の自動運転
Avatar for Michiru Kato applism118
22
12k
ブロックテーマ時代における、テーマの CSS について考える Toro_Unit / 2025.09.13 @ Shinshu WordPress Meetup
Avatar for Toro_Unit (Hiroshi Urabe) torounit
0
130
Autonomous Database - Dedicated 技術詳細 / adb-d_technical_detail_jp
Avatar for oracle4engineer oracle4engineer
PRO
4
10k
まずはマネコンでちゃちゃっと作ってから、それをCDKにしてみよか。
Avatar for ヤマダ(北野) yamada_r
2
120
AWSを利用する上で知っておきたい名前解決のはなし(10分版)
Avatar for nagisa_53 nagisa53
10
3.2k
MagicPod導入から半年、オープンロジQAチームで実際にやったこと
Avatar for joko tjoko
0
110
OCI Oracle Database Services新機能アップデート(2025/06-2025/08)
Avatar for oracle4engineer oracle4engineer
PRO
0
180
Apache Spark もくもく会
Avatar for Takaaki Yayoi taka_aki
0
140
AWSで始める実践Dagster入門
Avatar for キタガワ kitagawaz
1
750
なぜテストマネージャの視点が 必要なのか? 〜 一歩先へ進むために 〜
Avatar for Sammy(MoritaMasami) moritamasami
0
240
バイブスに「型」を!Kent Beckに学ぶ、AI時代のテスト駆動開発
Avatar for amixedcolor amixedcolor
3
590
20250910_障害注入から効率的復旧へ_カオスエンジニアリング_生成AIで考えるAWS障害対応.pdf
Avatar for sh_fk2 sh_fk2
3
280

Featured

See All Featured
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
15
1.7k
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
54
11k
Performance Is Good for Brains [We Love Speed 2024]
Avatar for Tammy Everts tammyeverts
12
1.1k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
53
3k
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
656
61k
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
30
9.7k
Designing Dashboards & Data Visualisations in Web Apps
Avatar for Des Traynor destraynor
231
53k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
246
12k
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
368
19k
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
273
40k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
Avatar for Tammy Everts tammyeverts
8
530
Navigating Team Friction
Avatar for Lara Hogan lara
189
15k

Transcript

  1. αʔόʔϨεͳ ϚϧνςφϯτSaaSͷݖݶ؅ཧ Serverless Meetup Tokyo #10 2018/08/31 @ykarakita

  2. Profile ඦ໦ా ༤྄ʢYusuke Karakitaʣ ϋϯζϥϘגࣜձࣾʗαʔϏε։ൃνʔϜ ୲౰ɿΠϯϑϥઃܭɺAPIόοΫΤϯυ։ൃ @ykarakita

  3. ը૾Ͱ΋ͬͱɺച৔ͱͭͳ͕Δ ίϛϡχέʔγϣϯαʔϏε

  4. ϚϧνςφϯτΞϓϦέʔγϣϯ

  5. ϚϧνςφϯτΞϓϦέʔγϣϯ • ҰͭͷΞϓϦέʔγϣϯϓϥοτϑΥʔϜΛ ෳ਺ͷ૊৫Ͱڞ༗ γεςϜ ∟૊৫A ∟ϢʔβʔA ∟ϢʔβʔB ∟૊৫B ∟ϢʔβʔC

    ∟ϢʔβʔD

  6. ϚϧνςφϯτΞϓϦέʔγϣϯ Ͱߟྀ͕ඞཁͳ͜ͱ

  7. Ϛϧνςφϯτͷߟྀ఺ • ݖݶ؅ཧ • ςφϯτ؅ཧʢϓϥϯͷมߋͳͲʣ • σʔλྖҬʢσʔλ෼཭ʣ • Ϧιʔε؅ཧʢϝϞϦɺσΟεΫɺCPUͳͲʣ •

    ͳͲ

  8. ࠓ೔ͷ಺༰ αʔόʔϨεͰϚϧνςφϯτ ΞϓϦΛߏங͢Δ্Ͱͷ ݖݶ؅ཧͷϊ΢ϋ΢

  9. ϚϧνςφϯτΞϓϦͷ ݖݶ؅ཧͬͯͲΜͳײ͡ʁ

  10. Ϛϧνςφϯτͷݖݶ؅ཧ • Ϣʔβʔͷෳ਺ͷଐੑ͔ΒΞΫηεՄೳͳϦ ιʔε͕ܾఆ͢Δ ɾςφϯτ →tenant-Aɺtenant-B… ɾςφϯτͷར༻ϓϥϯ →freeɺstandardɺpremium… ɾϢʔβʔ →User-AɺUser-B…

    ɾϢʔβʔͷϩʔϧ →AdminɺUser… ɾϢʔβʔͷͦͷଞͷଐੑʢॴଐΤϦΞͳͲʣ →Area-AɺArea-B…

  11. ϚϧνςφϯτΞϓϦͷ ηΩϡϦςΟཁ݅ • ex1) σʔλ΁ͷΞΫηεͷೝՄ • tenant-Aʹଐ͢ΔϢʔβʔ͸tenant-Aͷσʔ λͷΈΞΫηε͕ڐՄ͞ΕΔ • ex2)

    API ͷೝՄ • AdminϩʔϧͷϢʔβʔ͸͢΂ͯͷAPIϦΫ Τετ͕ڐՄ͞ΕΔ͕UserϩʔϧͷϢʔβʔ ͸GETϝιουͷΈΞΫηε͕ڐՄ͞ΕΔ

  12. ͭ·ΓϚϧνςφϯτΞϓϦ͸ ɾڞ௨ͷγεςϜͷதͰ ɾϢʔβʔͷଐੑ͝ͱʹ ɾΞΫηε੍ޚ͕ඞཁ

  13. Ұൠతʹ͸ɾɾ • WebϑϨʔϜϫʔΫ΍ϛυϧ΢ΣΞϨϕϧͰ੍ޚ

  14. αʔόʔϨεͰϚϧνςφϯτɾɾ ɾɾશવࣄྫͳ͍ʘ(^o^)ʗ

  15. AWSωΠςΟϒͳΞϓϦͳΒ Cognito + IAM Ͱ࣮ݱͰ͖Δ

  16. Ϣʔβʔ΁ͷݖݶ෇༩ ϢʔβʔʹΑͬͯΞΫηεՄೳͳϦιʔε͕ҟͳΔͨΊɺ LambdaϑΝϯΫγϣϯ΁ݖݶΛ෇༩͢ΔͷͰ͸ͳ͘ɺ Ϣʔβʔࣗ਎ʹݖݶΛ෇͚Δ ݖݶ෇༩

  17. Cognito User Pool άϧʔϓͷઃఆ Cognito Tenant-A User Group Admin Group

    Billing Group tenant_a_user_role tenant_a_billing_role tenant_a_admin_role Cognito Tenant-B Cognito Tenant-C • ςφϯτ͝ͱʹUser PoolΛ࡞੒͠ɺͦͷதʹΞϓϦͰͷϩʔϧ͝ͱʹCognitoά ϧʔϓΛ࡞੒͢Δɻάϧʔϓʹ͸IAMϩʔϧΛΞλονɻ

  18. άϧʔϓͷIAMϩʔϧ tenant_a_admin_role ɹɹɹɹɹɹɹɹộ { "Action": [ "s3:GetObject" "s3:PutObject" ], "Resource":

    “arn:aws:s3:::myapp/tenant_a/*”, "Effect": "Allow" }, ɹɹɹɹɹɹɹɹộ tenant_a_user_role ɹɹɹɹɹɹɹɹộ { "Action": [ "s3:GetObject" ], "Resource": “arn:aws:s3:::myapp/tenant_a/*”, "Effect": "Allow" }, ɹɹɹɹɹɹɹɹộ ΞΫηεՄೳͳϦιʔεΛ੍ݶ ΞϓϦ಺Ͱͷϩʔϧผʹ࣮ߦՄೳͳૢ࡞Λ੍ݶ

  19. API GatewayͷೝՄ ᶃLogin with username & password ᶄReturn Token(JWT) ᶅAPI

    Request with ID Token(JWT) ᶆJWTͷ༗ޮੑΛ֬ೝʢॺ໊νΣοΫɾ༗ޮظݶνΣοΫʣ ᶇJWT͔ΒϢʔβʔͷଐੑΛऔಘ ᶈೝՄ͢ΔAPIΛܾఆ CognitoʹΧελϜଐੑͱͯ͠tierͳͲΛઃఆ͓ͯ͘͜͠ͱͰɺ ϓϥϯͳͲʹΑΔݖݶܾఆϩδοΫΛ૊ΈࠐΉ͜ͱ΋Մೳ Custom Authorizer ᶉೝՄ͞Εͨૢ࡞ͳΒ ϦΫΤετଓߦ

  20. Ϧιʔε΁ͷΞΫηε JWT Token JWT Token JWT Token Token͔ΒҰ࣌ೝূ৘ใΛੜ੒ Ұ࣌ೝূ৘ใΛ࢖ͬͯΞΫηε ίϯϐϡʔτࣗ਎ͷϩʔϧʹ͸S3΁ͷΞΫηεݖݶΛ෇༩͍ͯ͠ͳ͍

    ͢΂ͯͷϦιʔεΞΫηεΛϢʔβʔʹ෇༩͞ΕͨϩʔϧΛ࢖ͬ ࣮ͯߦ͢Δ͜ͱͰΠϯϑϥϨϕϧͰͷΞΫηε੍ޚ͕Մೳʹ

  21. "1*(BUFXBZ 4FSWJDF" 4FSWJDF# 4FSWJDF$ ϚΠΫϩαʔϏεͰಈ͍ͯ·͢ • Shared API Gateway •

    API GatewayͱΧελϜΦʔιϥΠβʔΛαʔ Ϗεڞ௨Ͱ࢖༻

  22. ϚΠΫϩαʔϏεؒͷ΍ΓͱΓ͸Πϕϯτ υϦϒϯ • αʔόʔϨεͷϙςϯγϟϧΛ࠷େݶʹҾ͖ग़͢ ͨΊʹ͸ΠϕϯτυϦϒϯͳΞʔΩςΫνϟ͕࠷ ద 4FSWJDF" Pub Sub SNS

    Topic 4FSWJDF# Pub SNS Topic ඇಉظͰૄ݁߹ͳΞʔΩςΫνϟ✨✨ඒ͍͠ɾɾ

  23. 4FSWJDF" ΠϕϯτυϦϒϯ • αʔϏεؒͰ࿈ܞ͕ඞཁͳ৔߹͸ඇಉظతʹॲཧ͢Δ • ଞͷαʔϏεͷσʔλ͕ඞཁ৔߹͸ɺऔಘଆ͕੹೚Λ࣋ͬͯ Sub͢Δ • Πϕϯτσʔλͷઃܭ͸ࣄલʹ͔ͬ͠Γ΍Βͳ͍ͱޙʑେม 4FSWJDF#

    4FSWJDF$ Pub Pub Pub Sub Sub SNS Topic

  24. 4FSWJDF" ͔͠͠ɺ 4FSWJDF# 4FSWJDF$ Pub Pub Pub Sub Sub SNS

    Topic ͲͷLambdaϑΝϯΫγϣϯ΋ϦιʔεΞΫηεݖݶΛ࣋ͨͳ͍

  25. IDτʔΫϯΛҾ͖ͣΓճ͢ 4FSWJDF" 4FSWJDF# Pub Pub Sub JWT Token • Πϕϯτσʔλʹ͸ඞͣIDτʔΫϯΛؚΊΔ

    • Ͳ͜·Ͱ΋Ҿ͖ͣΓճ͢ • τʔΫϯͷ༗ޮظݶʹ஫ҙ͢Δʢ̍࣌ؒʣ JWT Token