Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
サーバーレスなマルチテナントSaaSの権限管理 / Serverless Multitenan...
Search
ykarakita
August 31, 2018
Technology
3
2k
サーバーレスなマルチテナントSaaSの権限管理 / Serverless Multitenant SaaS Auth Management
2018/08/31 Serverless Meetup Tokyo #10
ykarakita
August 31, 2018
Tweet
Share
More Decks by ykarakita
See All by ykarakita
ユーザー企業における サーバーレスな Web APIバックエンド開発 / Developping serverless Web API Backend
ykarakita
2
2.5k
Fitbit APIのススメ / Effective usage of fitbit API
ykarakita
0
720
Fitbit ✕ Music 〜Fitbit APIで最高のトレーニングを〜 / Great Training with Fitbit API
ykarakita
5
920
Other Decks in Technology
See All in Technology
「全員プロダクトマネージャー」を実現する、Cursorによる仕様検討の自動運転
applism118
22
12k
ブロックテーマ時代における、テーマの CSS について考える Toro_Unit / 2025.09.13 @ Shinshu WordPress Meetup
torounit
0
130
Autonomous Database - Dedicated 技術詳細 / adb-d_technical_detail_jp
oracle4engineer
PRO
4
10k
まずはマネコンでちゃちゃっと作ってから、それをCDKにしてみよか。
yamada_r
2
120
AWSを利用する上で知っておきたい名前解決のはなし(10分版)
nagisa53
10
3.2k
MagicPod導入から半年、オープンロジQAチームで実際にやったこと
tjoko
0
110
OCI Oracle Database Services新機能アップデート(2025/06-2025/08)
oracle4engineer
PRO
0
180
Apache Spark もくもく会
taka_aki
0
140
AWSで始める実践Dagster入門
kitagawaz
1
750
なぜテストマネージャの視点が 必要なのか? 〜 一歩先へ進むために 〜
moritamasami
0
240
バイブスに「型」を!Kent Beckに学ぶ、AI時代のテスト駆動開発
amixedcolor
3
590
20250910_障害注入から効率的復旧へ_カオスエンジニアリング_生成AIで考えるAWS障害対応.pdf
sh_fk2
3
280
Featured
See All Featured
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
15
1.7k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.1k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
53
3k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
61k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
30
9.7k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
What's in a price? How to price your products and services
michaelherold
246
12k
Building Better People: How to give real-time feedback that sticks.
wjessup
368
19k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
8
530
Navigating Team Friction
lara
189
15k
Transcript
αʔόʔϨεͳ ϚϧνςφϯτSaaSͷݖݶཧ Serverless Meetup Tokyo #10 2018/08/31 @ykarakita
Profile ඦా ༤྄ʢYusuke Karakitaʣ ϋϯζϥϘגࣜձࣾʗαʔϏε։ൃνʔϜ ୲ɿΠϯϑϥઃܭɺAPIόοΫΤϯυ։ൃ @ykarakita
ը૾Ͱͬͱɺചͱͭͳ͕Δ ίϛϡχέʔγϣϯαʔϏε
ϚϧνςφϯτΞϓϦέʔγϣϯ
ϚϧνςφϯτΞϓϦέʔγϣϯ • ҰͭͷΞϓϦέʔγϣϯϓϥοτϑΥʔϜΛ ෳͷ৫Ͱڞ༗ γεςϜ ∟৫A ∟ϢʔβʔA ∟ϢʔβʔB ∟৫B ∟ϢʔβʔC
∟ϢʔβʔD
ϚϧνςφϯτΞϓϦέʔγϣϯ Ͱߟྀ͕ඞཁͳ͜ͱ
Ϛϧνςφϯτͷߟྀ • ݖݶཧ • ςφϯτཧʢϓϥϯͷมߋͳͲʣ • σʔλྖҬʢσʔλʣ • ϦιʔεཧʢϝϞϦɺσΟεΫɺCPUͳͲʣ •
ͳͲ
ࠓͷ༰ αʔόʔϨεͰϚϧνςφϯτ ΞϓϦΛߏங͢Δ্Ͱͷ ݖݶཧͷϊϋ
ϚϧνςφϯτΞϓϦͷ ݖݶཧͬͯͲΜͳײ͡ʁ
Ϛϧνςφϯτͷݖݶཧ • Ϣʔβʔͷෳͷଐੑ͔ΒΞΫηεՄೳͳϦ ιʔε͕ܾఆ͢Δ ɾςφϯτ →tenant-Aɺtenant-B… ɾςφϯτͷར༻ϓϥϯ →freeɺstandardɺpremium… ɾϢʔβʔ →User-AɺUser-B…
ɾϢʔβʔͷϩʔϧ →AdminɺUser… ɾϢʔβʔͷͦͷଞͷଐੑʢॴଐΤϦΞͳͲʣ →Area-AɺArea-B…
ϚϧνςφϯτΞϓϦͷ ηΩϡϦςΟཁ݅ • ex1) σʔλͷΞΫηεͷೝՄ • tenant-Aʹଐ͢ΔϢʔβʔtenant-Aͷσʔ λͷΈΞΫηε͕ڐՄ͞ΕΔ • ex2)
API ͷೝՄ • AdminϩʔϧͷϢʔβʔͯ͢ͷAPIϦΫ Τετ͕ڐՄ͞ΕΔ͕UserϩʔϧͷϢʔβʔ GETϝιουͷΈΞΫηε͕ڐՄ͞ΕΔ
ͭ·ΓϚϧνςφϯτΞϓϦ ɾڞ௨ͷγεςϜͷதͰ ɾϢʔβʔͷଐੑ͝ͱʹ ɾΞΫηε੍ޚ͕ඞཁ
Ұൠతʹɾɾ • WebϑϨʔϜϫʔΫϛυϧΣΞϨϕϧͰ੍ޚ
αʔόʔϨεͰϚϧνςφϯτɾɾ ɾɾશવࣄྫͳ͍ʘ(^o^)ʗ
AWSωΠςΟϒͳΞϓϦͳΒ Cognito + IAM Ͱ࣮ݱͰ͖Δ
Ϣʔβʔͷݖݶ༩ ϢʔβʔʹΑͬͯΞΫηεՄೳͳϦιʔε͕ҟͳΔͨΊɺ LambdaϑΝϯΫγϣϯݖݶΛ༩͢ΔͷͰͳ͘ɺ ϢʔβʔࣗʹݖݶΛ͚Δ ݖݶ༩
Cognito User Pool άϧʔϓͷઃఆ Cognito Tenant-A User Group Admin Group
Billing Group tenant_a_user_role tenant_a_billing_role tenant_a_admin_role Cognito Tenant-B Cognito Tenant-C • ςφϯτ͝ͱʹUser PoolΛ࡞͠ɺͦͷதʹΞϓϦͰͷϩʔϧ͝ͱʹCognitoά ϧʔϓΛ࡞͢ΔɻάϧʔϓʹIAMϩʔϧΛΞλονɻ
άϧʔϓͷIAMϩʔϧ tenant_a_admin_role ɹɹɹɹɹɹɹɹộ { "Action": [ "s3:GetObject" "s3:PutObject" ], "Resource":
“arn:aws:s3:::myapp/tenant_a/*”, "Effect": "Allow" }, ɹɹɹɹɹɹɹɹộ tenant_a_user_role ɹɹɹɹɹɹɹɹộ { "Action": [ "s3:GetObject" ], "Resource": “arn:aws:s3:::myapp/tenant_a/*”, "Effect": "Allow" }, ɹɹɹɹɹɹɹɹộ ΞΫηεՄೳͳϦιʔεΛ੍ݶ ΞϓϦͰͷϩʔϧผʹ࣮ߦՄೳͳૢ࡞Λ੍ݶ
API GatewayͷೝՄ ᶃLogin with username & password ᶄReturn Token(JWT) ᶅAPI
Request with ID Token(JWT) ᶆJWTͷ༗ޮੑΛ֬ೝʢॺ໊νΣοΫɾ༗ޮظݶνΣοΫʣ ᶇJWT͔ΒϢʔβʔͷଐੑΛऔಘ ᶈೝՄ͢ΔAPIΛܾఆ CognitoʹΧελϜଐੑͱͯ͠tierͳͲΛઃఆ͓ͯ͘͜͠ͱͰɺ ϓϥϯͳͲʹΑΔݖݶܾఆϩδοΫΛΈࠐΉ͜ͱՄೳ Custom Authorizer ᶉೝՄ͞Εͨૢ࡞ͳΒ ϦΫΤετଓߦ
ϦιʔεͷΞΫηε JWT Token JWT Token JWT Token Token͔ΒҰ࣌ೝূใΛੜ Ұ࣌ೝূใΛͬͯΞΫηε ίϯϐϡʔτࣗͷϩʔϧʹS3ͷΞΫηεݖݶΛ༩͍ͯ͠ͳ͍
ͯ͢ͷϦιʔεΞΫηεΛϢʔβʔʹ༩͞ΕͨϩʔϧΛͬ ࣮ͯߦ͢Δ͜ͱͰΠϯϑϥϨϕϧͰͷΞΫηε੍ޚ͕Մೳʹ
"1*(BUFXBZ 4FSWJDF" 4FSWJDF# 4FSWJDF$ ϚΠΫϩαʔϏεͰಈ͍ͯ·͢ • Shared API Gateway •
API GatewayͱΧελϜΦʔιϥΠβʔΛαʔ Ϗεڞ௨Ͱ༻
ϚΠΫϩαʔϏεؒͷΓͱΓΠϕϯτ υϦϒϯ • αʔόʔϨεͷϙςϯγϟϧΛ࠷େݶʹҾ͖ग़͢ ͨΊʹΠϕϯτυϦϒϯͳΞʔΩςΫνϟ͕࠷ ద 4FSWJDF" Pub Sub SNS
Topic 4FSWJDF# Pub SNS Topic ඇಉظͰૄ݁߹ͳΞʔΩςΫνϟ✨✨ඒ͍͠ɾɾ
4FSWJDF" ΠϕϯτυϦϒϯ • αʔϏεؒͰ࿈ܞ͕ඞཁͳ߹ඇಉظతʹॲཧ͢Δ • ଞͷαʔϏεͷσʔλ͕ඞཁ߹ɺऔಘଆ͕Λ࣋ͬͯ Sub͢Δ • Πϕϯτσʔλͷઃܭࣄલʹ͔ͬ͠ΓΒͳ͍ͱޙʑେม 4FSWJDF#
4FSWJDF$ Pub Pub Pub Sub Sub SNS Topic
4FSWJDF" ͔͠͠ɺ 4FSWJDF# 4FSWJDF$ Pub Pub Pub Sub Sub SNS
Topic ͲͷLambdaϑΝϯΫγϣϯϦιʔεΞΫηεݖݶΛ࣋ͨͳ͍
IDτʔΫϯΛҾ͖ͣΓճ͢ 4FSWJDF" 4FSWJDF# Pub Pub Sub JWT Token • ΠϕϯτσʔλʹඞͣIDτʔΫϯΛؚΊΔ
• Ͳ͜·ͰҾ͖ͣΓճ͢ • τʔΫϯͷ༗ޮظݶʹҙ͢Δʢ̍࣌ؒʣ JWT Token