Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWS IAM の知っておくべき話と知らなくてもいい話 DevIO2023/ AWS IAM ...

YukihiroChiba
July 27, 2023
0
3.2k

AWS IAM の知っておくべき話と知らなくてもいい話 DevIO2023/ AWS IAM DevIO 2023

YukihiroChiba

July 27, 2023
Tweet

More Decks by YukihiroChiba

See All by YukihiroChiba
わたしの業務の中に住み着いたCacoo/Cacoo has taken up residence in my work routine
yukihirochiba
0
820
Amazon VPCでの IPv6利用に向けた はじめの一歩/first-step-towards-using-ipv6-in-amazon-vpc
yukihirochiba
0
310
AWS IAM の結果整合性を避けるためセッションポリシーを用いてポリシーの動作確認を行う、を解説する
yukihirochiba
0
710
SSMエージェントはIAMロールの夢を見るか/ Do SSM Agents Dream Of IAM Roles?
yukihirochiba
0
2.2k
デジタルアイデンティティWGミニウェビナー第4回「IaaSとアイデンティティ」/ jnsa-iaas-identity
yukihirochiba
0
640
学習エンジンがうなりを上げているチームの作り方 / How to build a team with a learning engine humming along
yukihirochiba
0
3.8k
Amazon Route 53 Application Recovery Controller zonal shift 試してみた
yukihirochiba
0
1.7k
re:Growth 2022 Amazon Verified Permissions/妄想を膨らませる_チバユキ
yukihirochiba
0
5.1k
どこで動いてるの?AWS IAM のコントロールプレーンとデータプレーンに思いを馳せる/iam-background
yukihirochiba
0
4.8k

Featured

See All Featured
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
Fireside Chat
paigeccino
32
3k
Keith and Marios Guide to Fast Websites
keithpitt
408
22k
Building Applications with DynamoDB
mza
90
6.1k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
7.9k
Adopting Sorbet at Scale
ufuk
73
9k
Making Projects Easy
brettharned
115
5.9k
Art, The Web, and Tiny UX
lynnandtonic
296
20k
Optimizing for Happiness
mojombo
376
69k
Measuring & Analyzing Core Web Vitals
bluesmoon
1
39
Docker and Python
trallard
40
3.1k

Transcript

  1. "84*".ͷ஌͓ͬͯ͘΂͖࿩ͱ ஌Βͳͯ͘΋͍͍࿩  "84ࣄۀຊ෦νόϢΩ

  2. ࣗݾ঺հ  ઍ༿ ޾޺ (νόϢΩ) •2020೥ೖࣾ •޷͖ͳAWSαʔϏεɿIAM •޷͖ͳΞΫγϣϯɿsts:AssumeRole IUUQTEFWDMBTTNFUIPEKQBVUIPSDIJCBZVLJIJSP

  3. ࠓ೔ͷҙؾࠐΈ  w ͜ͷ࣌ؒ͸ʮνϣʔΫτʔΫʯͰ͢ w Θ͕ͨ͠Ұํతʹ஻ΔͷͰ͸ͳ͘ɺͥͻ૒ํ޲Ͱ΍ΓऔΓ͠·͠ΐ͏ w །Ұͷਖ਼ղ͕͋Δ΋ͷͰ͸͋Γ·ͤΜ w ʮΈΜͳ͸Ͳ͏ͯ͠ΔΜͩΖ͏ʯΛڞ༗ͨ͠Γ

    w ʮͲ͏͢Δͷ͕ΑΓྑ͍ͩΖ͏ʯΛҰॹʹߟ͑ͨΓ͠·͠ΐ͏

  4. ࠓ೔ͷ͓໿ଋ  w Έͳ͞Μʹݺͼ͔͚͍ͨ͜ͱ͕͋Δ৔߹ɺεϥ Πυͷӈ্ʹ͜Μͳͷ͕ग़͖ͯ·͢ ૒ํ޲λΠϜ w ڍखɺεέονϒοΫ΁ͷॻ͖ࠐΈɺϚΠΫͰͷ ൃݴͳͲɺ૒ํ޲Ͱ΍ΓऔΓ͍ͨ͠ͷͰ͝ڠྗ ͓ئ͍͠·͢

  5. ͬͦ͘͞΍ͬͯΈΑ͏  ૒ํ޲λΠϜ Έͳ͞Μͷ*".ϨϕϧΛڭ͍͑ͯͩ͘͞ɻ  *".Λ৮ͬͨ͜ͱ͕ͳ͍  *".ϢʔβʔɺάϧʔϓɺϩʔϧɺϙϦγʔΛ஌͍ͬͯΔ  *".ϦιʔεΛઃܭ͋Δ͍͸ߏஙͨ͜͠ͱ͕͋Δ

     4$1΋͘͠͸1FSNJTTJPOTCPVOEBSZΛ࢖ͬͨ͜ͱ͕͋Δ  ηογϣϯϙϦγʔΛ࢖ͬͨ͜ͱ͕͋Δ εέονϒοΫʹ਺ࣈΛॻ͍͍ͯͩ͘͞

  6. ͞Βʹ΍ͬͯΈΑ͏  ૒ํ޲λΠϜ ྡͷ੮ͷਓͱ؆୯ͳࣗݾ঺հͱ ʮࠓ೔ԿΛֶͼ͍͔ͨʯΛ࿩͠·͠ΐ͏ ʢͻͱΓ෼ͣͭʣ

  7. ࠓ೔ͷςʔϚ 

  8. ࠓ೔ͷςʔϚ   *".ઃܭͷ࿩ʢߏ੒ɺݖݶͷ࣋ͨͤํʣ  *".ϕετϓϥΫςΟεͷ࿩  ධՁ࿦ཧͷ࿩  σʔλϓϨʔϯͱίϯτϩʔϧϓϨʔϯͷ࿩

  9. ࠓ೔ͷςʔϚ   *".ઃܭͷ࿩ʢߏ੒ɺݖݶͷ࣋ͨͤํʣ  *".ϕετϓϥΫςΟεͷ࿩  ධՁ࿦ཧͷ࿩  σʔλϓϨʔϯͱίϯτϩʔϧϓϨʔϯͷ࿩

    ্͔Βॱʹʮ஌͓ͬͯ͘΂͖ʯ౓͕ߴ͍ Լ͔Βॱʹʮ͠Ό΂Γ͍ͨʯ౓͕ߴ͍ ஌͓ͬͯ͘΂͖ ͠Ό΂Γ͍ͨ

  10. ࠓ೔ͷςʔϚ   *".ઃܭͷ࿩ʢߏ੒ɺݖݶͷ࣋ͨͤํʣ  *".ϕετϓϥΫςΟεͷ࿩  ධՁ࿦ཧͷ࿩  σʔλϓϨʔϯͱίϯτϩʔϧϓϨʔϯͷ࿩

    ૒ํ޲λΠϜ Έͳ͞Μ͕ڵຯ͋Δ΋ͷΛ ڍखͰڭ͍͑ͯͩ͘͞ ஌Γ͍ͨ಺༰ΛεέονϒοΫʹ ॻ͍͍ͯͩ͘͞

  11.  *".ઃܭͷ࿩ ʢߏ੒ɺݖݶͷ࣋ͨͤํʣ

  12. ߏ੒ͱݖݶͷ࣋ͨͤํ  ✦ ʮߏ੒ʯͷྫ w *".ϢʔβʔͷΈʁεΠονϩʔϧʁ w *".ϩʔϧΛ࢖͍ͬͯΔ৔߹ɺϢʔβʔͱʁ w "84*".*EFOUJUZ$FOUFSʁ*".4".-ϑΣσϨʔγϣϯʁ

    w ϚϧνΞΧ΢ϯτʁͦͷ৔߹Ͳͷ͘Β͍ͷن໛ʁ ✦ ʮݖݶͷ࣋ͨͤํʯͷྫ w Ͳͷ͘Β͍໾ׂΛ෼͚ͯΔʁ w ࠷খݖݶΛͲͷ͘Β͍௥ٻͯ͠Δʁ w Ͳͷ͘Β͍ϙϦγʔΧελϚΠζͯ͠Δʁ w ΨʔυϨʔϧ࢖༻ͯ͠Δʁ

  13. *".ઃܭʹؔͯ͠σΟεΧογϣϯλΠϜ  ૒ํ޲λΠϜ *".ઃܭʢߏ੒ɾݖݶͷ࣋ͨͤํʣʹؔͯ͠ ࠔΓ͝ͱɺฉ͍ͯΈ͍ͨ͜ͱ͕ ͋Ε͹ͥͻޱ಄Ͱ͓ئ͍͠·͢

  14. ࢀߟʹͳΔࢥ૝  ✦ຊ൪ɺεςʔδϯάɺ։ൃͰ"84 ΞΧ΢ϯτΛ෼͚Δ ✦ҎԼͷ໾ׂͰ෼͚Δ w؅ཧऀ wΞϓϦνʔϜ wΠϯϑϥνʔϜ wӡ༻νʔϜ ✦ͳΔ΂͘ਓ͕৮Βͳ্ͨ͘͠Ͱ޿

    ΊʹݖݶΛ༩͑Δ IUUQTEFWDMBTTNFUIPEKQBSUJDMFTJBNSPMFCBTFQFSNJTTJPO

  15.  *".ϕετϓϥΫςΟεͷ࿩

  16. *".ʹ͸ϕετϓϥΫςΟε͕͋Γ·͢  IUUQTEPDTBXTBNB[PODPNKB@KQ*".MBUFTU6TFS(VJEFCFTUQSBDUJDFTIUNM

  17. ཁ໿͢Δͱ͜Μͳײ͡   ਓʹ͸*%ϑΣσϨʔγϣϯ࢖ͬͯͶ  ϫʔΫϩʔυʹ͸*".ϩʔϧ࢖ͬͯͶ  .'"༗ޮԽͯ͠Ͷ  ΞΫηεΩʔϩʔςͯ͠Ͷ

     ϧʔτϢʔβʔ࢖Θͳ͍ͰͶ  ࠷খݖݶΛ໨ࢦͯ͠Ͷ  ఆظతʹ*".Ϧιʔε୨Էͯ͠͠Ͷ  *".ϙϦγʔͰ৚݅Ωʔ࢖ͬͯͶ  *"."DDFTT"OBMZ[FS࢖ͬͯͶ 0SHBOJ[BUJPOT4$1࢖ͬͯͶ 1FSNJTTJPOTCPVOEBSZ࢖ͬͯͶ

  18. ಠஅͱภݟʹΑΔϥϕϧ͚ͮ   ਓʹ͸*%ϑΣσϨʔγϣϯ࢖ͬͯͶ  ϫʔΫϩʔυʹ͸*".ϩʔϧ࢖ͬͯͶ  .'"༗ޮԽͯ͠Ͷ  ΞΫηεΩʔϩʔςͯ͠Ͷ

     ϧʔτϢʔβʔ࢖Θͳ͍ͰͶ  ࠷খݖݶΛ໨ࢦͯ͠Ͷ  ఆظతʹ*".Ϧιʔε୨Էͯ͠͠Ͷ  *".ϙϦγʔͰ৚݅Ωʔ࢖ͬͯͶ  *"."DDFTT"OBMZ[FS࢖ͬͯͶ 0SHBOJ[BUJPOT4$1࢖ͬͯͶ 1FSNJTTJPOTCPVOEBSZ࢖ͬͯͶ ݫक Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ

  19. ϕετϓϥΫςΟεʹؔ͢Δ͋Ε͜Εɹɹ   ਓʹ͸*%ϑΣσϨʔγϣϯ࢖ͬͯͶ  ϫʔΫϩʔυʹ͸*".ϩʔϧ࢖ͬͯͶ  .'"༗ޮԽͯ͠Ͷ  ΞΫηεΩʔϩʔςͯ͠Ͷ

     ϧʔτϢʔβʔ࢖Θͳ͍ͰͶ  ࠷খݖݶΛ໨ࢦͯ͠Ͷ  ఆظతʹ*".Ϧιʔε୨Էͯ͠͠Ͷ  *".ϙϦγʔͰ৚݅Ωʔ࢖ͬͯͶ  *"."DDFTT"OBMZ[FS࢖ͬͯͶ 0SHBOJ[BUJPOT4$1࢖ͬͯͶ 1FSNJTTJPOTCPVOEBSZ࢖ͬͯͶ ݫक Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ૒ํ޲λΠϜ ͍Ζ͍Ζ ฉ͔͍ͤͯͩ͘͞

  20.  ධՁ࿦ཧͷ࿩

  21. ධՁ࿦ཧͱ͸  "84SF*OWFOU)BSOFTTQPXFSPG*".QPMJDJFT SFJOJOQFSNJTTJPOTX"DDFTT"OBMZ[FS 4&$ ΑΓ ✦ "84*".͸ҎԼΛಥ͖߹Θͤͯ ධՁ͢Δ w

    ϦΫΤετͷίϯςΩετ w ධՁର৅ͷϙϦγʔ ✦ ධՁͷ݁Ռ͸ҎԼͷ͍ͣΕ͔ w ڐՄ w ڋ൱

  22. ධՁ࿦ཧϑϩʔνϟʔτ͸ઈରΈΑ͏  ˞୯ҰΞΧ΢ϯτʹ͓͚ΔϑϩʔνϟʔτͰ͋Δ͜ͱʹ஫ҙ IUUQTEPDTBXTBNB[PODPNKB@KQ*".MBUFTU6TFS(VJEFSFGFSFODF@QPMJDJFT@FWBMVBUJPOMPHJDIUNMQPMJDZFWBMEFOZBMMPX

  23. ͜Ε͚͓֮ͩ͑ͯ͜͏  ✦ σϑΥϧτͰ͸ڋ൱ʢ҉໧తͳڋ൱ʣ ✦ ໌ࣔతͳڋ൱͕Ͳ͔͜ʹ͋Ε͹݁Ռ͸ڋ൱ ✦ ʮ໌ࣔతͳڐՄʯΛ༩͑ΒΕΔͷ͸ҎԼͷΈ w ΞΠσϯςΟςΟϕʔεϙϦγʔ

    w ϦιʔεϕʔεϙϦγʔ ✦ ҎԼ͸ΨʔυϨʔϧͱͯ͠ػೳ w 0SHBOJ[BUJPOT4$1 w 1FSNJTTJPOTCPVOEBSZ w ηογϣϯϙϦγʔʢείʔϓμ΢ϯϙϦγʔʣ w ʢ71$ΤϯυϙΠϯτϙϦγʔʣ

  24. ͜Ε͚͓֮ͩ͑ͯ͜͏  ✦ ୯ҰΞΧ΢ϯτͷ৔߹ɺҎԼͷ͍ͣΕ͔ͷΞΫηεڐՄͷ ෇༩ͷΈͰ݁Ռ͕ڐՄʹͳΔ৔߹͕͋Δ w ΞΠσϯςΟςΟϕʔεϙϦγʔ w ϦιʔεϕʔεϙϦγʔ ✦

    ϦιʔεϕʔεϙϦγʔͰڐՄ͢ΔϓϦϯγύϧʹΑͬͯ ධՁ࿦ཧ͕มΘΔ৔߹͕͋Δ ✦ ΫϩεΞΧ΢ϯτͷ৔߹ɺ૒ํͰڐՄ͕ඞཁ

  25. ϑϦʔͷ࣭໰λΠϜ  ૒ํ޲λΠϜ ͜͜ͷ෦෼͕ฉ͖͍ͨΜ͕ͩʁΛ ืू͍ͯ͠·͢

  26. ໾ʹཱͪͦ͏ͳϦϯΫू  IUUQTEFWDMBTTNFUIPEKQBSUJDMFTOFXQPMJDZFWBMVBUJPOMPHJD fl PXDIBSU IUUQTEFWDMBTTNFUIPEKQBSUJDMFTEFWJPJBNFWBMVBUJPOMPHJD IUUQTEFWDMBTTNFUIPEKQBSUJDMFTQSJODJQBMFMFNFOUJBNSPMFPSSPMFTFTTJPO

  27.  σʔλϓϨʔϯͱ ίϯτϩʔϧϓϨʔϯͷ࿩

  28. *".ʹ͸σʔλϓϨʔϯͱίϯτϩʔϧϓϨʔϯ͕͋Δ  IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBXTJBNDPOUSPMQMBOFEBUBQMBOF

  29. ϑϦʔͷ࣭໰λΠϜ  ૒ํ޲λΠϜ ฉ͖͍ͨ͜ͱʜʜ͋Γ·͢ʁ

  30. ໾ʹཱͪͦ͏ͳϦϯΫू  IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBXTGBVMUJTPMBUJPOCPVOEBSJFT IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBXTJBNFWFOUVBMDPOTJTUFODZTFTTJPOQPMJDZ IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBXTJBNCBDLHSPVOEEFWJP

  31. ͓͠·͍ 

  32. ηογϣϯΞϯέʔτ%":  ຬ଍౓্ҐͷηογϣϯΛޙ೔ϒϩάͰެ։༧ఆʂ ճ౴΁ͷ͝ڠྗΛΑΖ͓͘͠ئ͍͠·͢ɻ ෳ਺ճ౴Մɺ લճͷ಺༰Ҿ͖ܧ͗·͢ ऴྃ͠·ͨ͠

  33. None