Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

サーバーレスなマルチテナントSaaSの権限管理 / Serverless Multitenan...

Avatar for ykarakita ykarakita
August 31, 2018
Technology
3
2k

サーバーレスなマルチテナントSaaSの権限管理 / Serverless Multitenant SaaS Auth Management

2018/08/31 Serverless Meetup Tokyo #10

Avatar for ykarakita

ykarakita

August 31, 2018
Tweet

More Decks by ykarakita

See All by ykarakita
ユーザー企業における サーバーレスな Web APIバックエンド開発 / Developping serverless Web API Backend
Avatar for ykarakita ykarakita
2
2.5k
Fitbit APIのススメ / Effective usage of fitbit API
Avatar for ykarakita ykarakita
0
720
Fitbit ✕ Music 〜Fitbit APIで最高のトレーニングを〜 / Great Training with Fitbit API
Avatar for ykarakita ykarakita
5
920

Other Decks in Technology

See All in Technology
Database イノベーショントークを振り返る/reinvent-2025-database-innovation-talk-recap
Avatar for emi emiki
0
220
Haskell を武器にして挑む競技プログラミング ─ 操作的思考から意味モデル思考へ
Avatar for Naoya Ito naoya
6
1.6k
30分であなたをOmniのファンにしてみせます~分析画面のクリック操作をそのままコード化できるAI-ReadyなBIツール~
Avatar for Sagara sagara
0
180
Reinforcement Fine-tuning 基礎〜実践まで
Avatar for Morita ch6noota
0
190
SQLだけでマイグレーションしたい!
Avatar for MakKi makki_d
0
220
新 Security HubがついにGA!仕組みや料金を深堀り #AWSreInvent #regrowth / AWS Security Hub Advanced GA
Avatar for MasahiroKawahara masahirokawahara
1
2.1k
20251218_AIを活用した開発生産性向上の全社的な取り組みの進め方について / How to proceed with company-wide initiatives to improve development productivity using AI
Avatar for yayoi_dd yayoi_dd
0
110
AI-DLCを現場にインストールしてみた:プロトタイプ開発で分かったこと・やめたこと
Avatar for Recruit recruitengineers
PRO
2
150
IAMユーザーゼロの運用は果たして可能なのか
Avatar for Yuuki Yamashita yama3133
1
460
AI駆動開発における設計思想 認知負荷を下げるフロントエンドアーキテクチャ/ 20251211 Teppei Hanai
Avatar for SHIFT EVOLVE shift_evolve
PRO
2
420
re:Invent 2025 ふりかえり 生成AI版
Avatar for TakaakiKakei takaakikakei
1
220
AIプラットフォームにおけるMLflowの利用について
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
1
170

Featured

See All Featured
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
37
2.6k
Keith and Marios Guide to Fast Websites
Avatar for Keith Pitt keithpitt
413
23k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
Avatar for Marc Duiker marcduiker
35
2.3k
How Fast Is Fast Enough? [PerfNow 2025]
Avatar for Tammy Everts tammyeverts
3
390
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
132
19k
It's Worth the Effort
Avatar for 3n 3n
187
29k
Agile that works and the tools we love
Avatar for Rasmus Luckow-Nielsen rasmusluckow
331
21k
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1032
470k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
35
3.3k
Building a Modern Day 
E-commerce SEO Strategy
Avatar for Aleyda Solis aleyda
45
8.3k
Visualization
Avatar for Eitan Lees eitanlees
150
16k
Bootstrapping a Software Product
Avatar for Garrett Dimon garrettdimon
PRO
307
120k

Transcript

  1. αʔόʔϨεͳ ϚϧνςφϯτSaaSͷݖݶ؅ཧ Serverless Meetup Tokyo #10 2018/08/31 @ykarakita

  2. Profile ඦ໦ా ༤྄ʢYusuke Karakitaʣ ϋϯζϥϘגࣜձࣾʗαʔϏε։ൃνʔϜ ୲౰ɿΠϯϑϥઃܭɺAPIόοΫΤϯυ։ൃ @ykarakita

  3. ը૾Ͱ΋ͬͱɺച৔ͱͭͳ͕Δ ίϛϡχέʔγϣϯαʔϏε

  4. ϚϧνςφϯτΞϓϦέʔγϣϯ

  5. ϚϧνςφϯτΞϓϦέʔγϣϯ • ҰͭͷΞϓϦέʔγϣϯϓϥοτϑΥʔϜΛ ෳ਺ͷ૊৫Ͱڞ༗ γεςϜ ∟૊৫A ∟ϢʔβʔA ∟ϢʔβʔB ∟૊৫B ∟ϢʔβʔC

    ∟ϢʔβʔD

  6. ϚϧνςφϯτΞϓϦέʔγϣϯ Ͱߟྀ͕ඞཁͳ͜ͱ

  7. Ϛϧνςφϯτͷߟྀ఺ • ݖݶ؅ཧ • ςφϯτ؅ཧʢϓϥϯͷมߋͳͲʣ • σʔλྖҬʢσʔλ෼཭ʣ • Ϧιʔε؅ཧʢϝϞϦɺσΟεΫɺCPUͳͲʣ •

    ͳͲ

  8. ࠓ೔ͷ಺༰ αʔόʔϨεͰϚϧνςφϯτ ΞϓϦΛߏங͢Δ্Ͱͷ ݖݶ؅ཧͷϊ΢ϋ΢

  9. ϚϧνςφϯτΞϓϦͷ ݖݶ؅ཧͬͯͲΜͳײ͡ʁ

  10. Ϛϧνςφϯτͷݖݶ؅ཧ • Ϣʔβʔͷෳ਺ͷଐੑ͔ΒΞΫηεՄೳͳϦ ιʔε͕ܾఆ͢Δ ɾςφϯτ →tenant-Aɺtenant-B… ɾςφϯτͷར༻ϓϥϯ →freeɺstandardɺpremium… ɾϢʔβʔ →User-AɺUser-B…

    ɾϢʔβʔͷϩʔϧ →AdminɺUser… ɾϢʔβʔͷͦͷଞͷଐੑʢॴଐΤϦΞͳͲʣ →Area-AɺArea-B…

  11. ϚϧνςφϯτΞϓϦͷ ηΩϡϦςΟཁ݅ • ex1) σʔλ΁ͷΞΫηεͷೝՄ • tenant-Aʹଐ͢ΔϢʔβʔ͸tenant-Aͷσʔ λͷΈΞΫηε͕ڐՄ͞ΕΔ • ex2)

    API ͷೝՄ • AdminϩʔϧͷϢʔβʔ͸͢΂ͯͷAPIϦΫ Τετ͕ڐՄ͞ΕΔ͕UserϩʔϧͷϢʔβʔ ͸GETϝιουͷΈΞΫηε͕ڐՄ͞ΕΔ

  12. ͭ·ΓϚϧνςφϯτΞϓϦ͸ ɾڞ௨ͷγεςϜͷதͰ ɾϢʔβʔͷଐੑ͝ͱʹ ɾΞΫηε੍ޚ͕ඞཁ

  13. Ұൠతʹ͸ɾɾ • WebϑϨʔϜϫʔΫ΍ϛυϧ΢ΣΞϨϕϧͰ੍ޚ

  14. αʔόʔϨεͰϚϧνςφϯτɾɾ ɾɾશવࣄྫͳ͍ʘ(^o^)ʗ

  15. AWSωΠςΟϒͳΞϓϦͳΒ Cognito + IAM Ͱ࣮ݱͰ͖Δ

  16. Ϣʔβʔ΁ͷݖݶ෇༩ ϢʔβʔʹΑͬͯΞΫηεՄೳͳϦιʔε͕ҟͳΔͨΊɺ LambdaϑΝϯΫγϣϯ΁ݖݶΛ෇༩͢ΔͷͰ͸ͳ͘ɺ Ϣʔβʔࣗ਎ʹݖݶΛ෇͚Δ ݖݶ෇༩

  17. Cognito User Pool άϧʔϓͷઃఆ Cognito Tenant-A User Group Admin Group

    Billing Group tenant_a_user_role tenant_a_billing_role tenant_a_admin_role Cognito Tenant-B Cognito Tenant-C • ςφϯτ͝ͱʹUser PoolΛ࡞੒͠ɺͦͷதʹΞϓϦͰͷϩʔϧ͝ͱʹCognitoά ϧʔϓΛ࡞੒͢Δɻάϧʔϓʹ͸IAMϩʔϧΛΞλονɻ

  18. άϧʔϓͷIAMϩʔϧ tenant_a_admin_role ɹɹɹɹɹɹɹɹộ { "Action": [ "s3:GetObject" "s3:PutObject" ], "Resource":

    “arn:aws:s3:::myapp/tenant_a/*”, "Effect": "Allow" }, ɹɹɹɹɹɹɹɹộ tenant_a_user_role ɹɹɹɹɹɹɹɹộ { "Action": [ "s3:GetObject" ], "Resource": “arn:aws:s3:::myapp/tenant_a/*”, "Effect": "Allow" }, ɹɹɹɹɹɹɹɹộ ΞΫηεՄೳͳϦιʔεΛ੍ݶ ΞϓϦ಺Ͱͷϩʔϧผʹ࣮ߦՄೳͳૢ࡞Λ੍ݶ

  19. API GatewayͷೝՄ ᶃLogin with username & password ᶄReturn Token(JWT) ᶅAPI

    Request with ID Token(JWT) ᶆJWTͷ༗ޮੑΛ֬ೝʢॺ໊νΣοΫɾ༗ޮظݶνΣοΫʣ ᶇJWT͔ΒϢʔβʔͷଐੑΛऔಘ ᶈೝՄ͢ΔAPIΛܾఆ CognitoʹΧελϜଐੑͱͯ͠tierͳͲΛઃఆ͓ͯ͘͜͠ͱͰɺ ϓϥϯͳͲʹΑΔݖݶܾఆϩδοΫΛ૊ΈࠐΉ͜ͱ΋Մೳ Custom Authorizer ᶉೝՄ͞Εͨૢ࡞ͳΒ ϦΫΤετଓߦ

  20. Ϧιʔε΁ͷΞΫηε JWT Token JWT Token JWT Token Token͔ΒҰ࣌ೝূ৘ใΛੜ੒ Ұ࣌ೝূ৘ใΛ࢖ͬͯΞΫηε ίϯϐϡʔτࣗ਎ͷϩʔϧʹ͸S3΁ͷΞΫηεݖݶΛ෇༩͍ͯ͠ͳ͍

    ͢΂ͯͷϦιʔεΞΫηεΛϢʔβʔʹ෇༩͞ΕͨϩʔϧΛ࢖ͬ ࣮ͯߦ͢Δ͜ͱͰΠϯϑϥϨϕϧͰͷΞΫηε੍ޚ͕Մೳʹ

  21. "1*(BUFXBZ 4FSWJDF" 4FSWJDF# 4FSWJDF$ ϚΠΫϩαʔϏεͰಈ͍ͯ·͢ • Shared API Gateway •

    API GatewayͱΧελϜΦʔιϥΠβʔΛαʔ Ϗεڞ௨Ͱ࢖༻

  22. ϚΠΫϩαʔϏεؒͷ΍ΓͱΓ͸Πϕϯτ υϦϒϯ • αʔόʔϨεͷϙςϯγϟϧΛ࠷େݶʹҾ͖ग़͢ ͨΊʹ͸ΠϕϯτυϦϒϯͳΞʔΩςΫνϟ͕࠷ ద 4FSWJDF" Pub Sub SNS

    Topic 4FSWJDF# Pub SNS Topic ඇಉظͰૄ݁߹ͳΞʔΩςΫνϟ✨✨ඒ͍͠ɾɾ

  23. 4FSWJDF" ΠϕϯτυϦϒϯ • αʔϏεؒͰ࿈ܞ͕ඞཁͳ৔߹͸ඇಉظతʹॲཧ͢Δ • ଞͷαʔϏεͷσʔλ͕ඞཁ৔߹͸ɺऔಘଆ͕੹೚Λ࣋ͬͯ Sub͢Δ • Πϕϯτσʔλͷઃܭ͸ࣄલʹ͔ͬ͠Γ΍Βͳ͍ͱޙʑେม 4FSWJDF#

    4FSWJDF$ Pub Pub Pub Sub Sub SNS Topic

  24. 4FSWJDF" ͔͠͠ɺ 4FSWJDF# 4FSWJDF$ Pub Pub Pub Sub Sub SNS

    Topic ͲͷLambdaϑΝϯΫγϣϯ΋ϦιʔεΞΫηεݖݶΛ࣋ͨͳ͍

  25. IDτʔΫϯΛҾ͖ͣΓճ͢ 4FSWJDF" 4FSWJDF# Pub Pub Sub JWT Token • Πϕϯτσʔλʹ͸ඞͣIDτʔΫϯΛؚΊΔ

    • Ͳ͜·Ͱ΋Ҿ͖ͣΓճ͢ • τʔΫϯͷ༗ޮظݶʹ஫ҙ͢Δʢ̍࣌ؒʣ JWT Token