Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWS IAM の知っておくべき話と知らなくてもいい話 DevIO2023/ AWS IAM ...

YukihiroChiba
July 27, 2023
0
3.3k

AWS IAM の知っておくべき話と知らなくてもいい話 DevIO2023/ AWS IAM DevIO 2023

YukihiroChiba

July 27, 2023
Tweet

More Decks by YukihiroChiba

See All by YukihiroChiba
わたしの業務の中に住み着いたCacoo/Cacoo has taken up residence in my work routine
yukihirochiba
0
910
Amazon VPCでの IPv6利用に向けた はじめの一歩/first-step-towards-using-ipv6-in-amazon-vpc
yukihirochiba
0
430
AWS IAM の結果整合性を避けるためセッションポリシーを用いてポリシーの動作確認を行う、を解説する
yukihirochiba
0
790
SSMエージェントはIAMロールの夢を見るか/ Do SSM Agents Dream Of IAM Roles?
yukihirochiba
0
2.3k
デジタルアイデンティティWGミニウェビナー第4回「IaaSとアイデンティティ」/ jnsa-iaas-identity
yukihirochiba
0
670
学習エンジンがうなりを上げているチームの作り方 / How to build a team with a learning engine humming along
yukihirochiba
0
3.9k
Amazon Route 53 Application Recovery Controller zonal shift 試してみた
yukihirochiba
0
1.8k
re:Growth 2022 Amazon Verified Permissions/妄想を膨らませる_チバユキ
yukihirochiba
0
5.3k
どこで動いてるの?AWS IAM のコントロールプレーンとデータプレーンに思いを馳せる/iam-background
yukihirochiba
1
5.2k

Featured

See All Featured
Documentation Writing (for coders)
carmenintech
67
4.5k
The Power of CSS Pseudo Elements
geoffreycrofte
74
5.4k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
27
1.5k
StorybookのUI Testing Handbookを読んだ
zakiyama
28
5.4k
Mobile First: as difficult as doing things right
swwweet
222
9k
The Language of Interfaces
destraynor
155
24k
Building an army of robots
kneath
302
45k
Facilitating Awesome Meetings
lara
51
6.2k
Making the Leap to Tech Lead
cromwellryan
133
9k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
19
2.3k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
3
170
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.3k

Transcript

  1. "84*".ͷ஌͓ͬͯ͘΂͖࿩ͱ ஌Βͳͯ͘΋͍͍࿩  "84ࣄۀຊ෦νόϢΩ

  2. ࣗݾ঺հ  ઍ༿ ޾޺ (νόϢΩ) •2020೥ೖࣾ •޷͖ͳAWSαʔϏεɿIAM •޷͖ͳΞΫγϣϯɿsts:AssumeRole IUUQTEFWDMBTTNFUIPEKQBVUIPSDIJCBZVLJIJSP

  3. ࠓ೔ͷҙؾࠐΈ  w ͜ͷ࣌ؒ͸ʮνϣʔΫτʔΫʯͰ͢ w Θ͕ͨ͠Ұํతʹ஻ΔͷͰ͸ͳ͘ɺͥͻ૒ํ޲Ͱ΍ΓऔΓ͠·͠ΐ͏ w །Ұͷਖ਼ղ͕͋Δ΋ͷͰ͸͋Γ·ͤΜ w ʮΈΜͳ͸Ͳ͏ͯ͠ΔΜͩΖ͏ʯΛڞ༗ͨ͠Γ

    w ʮͲ͏͢Δͷ͕ΑΓྑ͍ͩΖ͏ʯΛҰॹʹߟ͑ͨΓ͠·͠ΐ͏

  4. ࠓ೔ͷ͓໿ଋ  w Έͳ͞Μʹݺͼ͔͚͍ͨ͜ͱ͕͋Δ৔߹ɺεϥ Πυͷӈ্ʹ͜Μͳͷ͕ग़͖ͯ·͢ ૒ํ޲λΠϜ w ڍखɺεέονϒοΫ΁ͷॻ͖ࠐΈɺϚΠΫͰͷ ൃݴͳͲɺ૒ํ޲Ͱ΍ΓऔΓ͍ͨ͠ͷͰ͝ڠྗ ͓ئ͍͠·͢

  5. ͬͦ͘͞΍ͬͯΈΑ͏  ૒ํ޲λΠϜ Έͳ͞Μͷ*".ϨϕϧΛڭ͍͑ͯͩ͘͞ɻ  *".Λ৮ͬͨ͜ͱ͕ͳ͍  *".ϢʔβʔɺάϧʔϓɺϩʔϧɺϙϦγʔΛ஌͍ͬͯΔ  *".ϦιʔεΛઃܭ͋Δ͍͸ߏஙͨ͜͠ͱ͕͋Δ

     4$1΋͘͠͸1FSNJTTJPOTCPVOEBSZΛ࢖ͬͨ͜ͱ͕͋Δ  ηογϣϯϙϦγʔΛ࢖ͬͨ͜ͱ͕͋Δ εέονϒοΫʹ਺ࣈΛॻ͍͍ͯͩ͘͞

  6. ͞Βʹ΍ͬͯΈΑ͏  ૒ํ޲λΠϜ ྡͷ੮ͷਓͱ؆୯ͳࣗݾ঺հͱ ʮࠓ೔ԿΛֶͼ͍͔ͨʯΛ࿩͠·͠ΐ͏ ʢͻͱΓ෼ͣͭʣ

  7. ࠓ೔ͷςʔϚ 

  8. ࠓ೔ͷςʔϚ   *".ઃܭͷ࿩ʢߏ੒ɺݖݶͷ࣋ͨͤํʣ  *".ϕετϓϥΫςΟεͷ࿩  ධՁ࿦ཧͷ࿩  σʔλϓϨʔϯͱίϯτϩʔϧϓϨʔϯͷ࿩

  9. ࠓ೔ͷςʔϚ   *".ઃܭͷ࿩ʢߏ੒ɺݖݶͷ࣋ͨͤํʣ  *".ϕετϓϥΫςΟεͷ࿩  ධՁ࿦ཧͷ࿩  σʔλϓϨʔϯͱίϯτϩʔϧϓϨʔϯͷ࿩

    ্͔Βॱʹʮ஌͓ͬͯ͘΂͖ʯ౓͕ߴ͍ Լ͔Βॱʹʮ͠Ό΂Γ͍ͨʯ౓͕ߴ͍ ஌͓ͬͯ͘΂͖ ͠Ό΂Γ͍ͨ

  10. ࠓ೔ͷςʔϚ   *".ઃܭͷ࿩ʢߏ੒ɺݖݶͷ࣋ͨͤํʣ  *".ϕετϓϥΫςΟεͷ࿩  ධՁ࿦ཧͷ࿩  σʔλϓϨʔϯͱίϯτϩʔϧϓϨʔϯͷ࿩

    ૒ํ޲λΠϜ Έͳ͞Μ͕ڵຯ͋Δ΋ͷΛ ڍखͰڭ͍͑ͯͩ͘͞ ஌Γ͍ͨ಺༰ΛεέονϒοΫʹ ॻ͍͍ͯͩ͘͞

  11.  *".ઃܭͷ࿩ ʢߏ੒ɺݖݶͷ࣋ͨͤํʣ

  12. ߏ੒ͱݖݶͷ࣋ͨͤํ  ✦ ʮߏ੒ʯͷྫ w *".ϢʔβʔͷΈʁεΠονϩʔϧʁ w *".ϩʔϧΛ࢖͍ͬͯΔ৔߹ɺϢʔβʔͱʁ w "84*".*EFOUJUZ$FOUFSʁ*".4".-ϑΣσϨʔγϣϯʁ

    w ϚϧνΞΧ΢ϯτʁͦͷ৔߹Ͳͷ͘Β͍ͷن໛ʁ ✦ ʮݖݶͷ࣋ͨͤํʯͷྫ w Ͳͷ͘Β͍໾ׂΛ෼͚ͯΔʁ w ࠷খݖݶΛͲͷ͘Β͍௥ٻͯ͠Δʁ w Ͳͷ͘Β͍ϙϦγʔΧελϚΠζͯ͠Δʁ w ΨʔυϨʔϧ࢖༻ͯ͠Δʁ

  13. *".ઃܭʹؔͯ͠σΟεΧογϣϯλΠϜ  ૒ํ޲λΠϜ *".ઃܭʢߏ੒ɾݖݶͷ࣋ͨͤํʣʹؔͯ͠ ࠔΓ͝ͱɺฉ͍ͯΈ͍ͨ͜ͱ͕ ͋Ε͹ͥͻޱ಄Ͱ͓ئ͍͠·͢

  14. ࢀߟʹͳΔࢥ૝  ✦ຊ൪ɺεςʔδϯάɺ։ൃͰ"84 ΞΧ΢ϯτΛ෼͚Δ ✦ҎԼͷ໾ׂͰ෼͚Δ w؅ཧऀ wΞϓϦνʔϜ wΠϯϑϥνʔϜ wӡ༻νʔϜ ✦ͳΔ΂͘ਓ͕৮Βͳ্ͨ͘͠Ͱ޿

    ΊʹݖݶΛ༩͑Δ IUUQTEFWDMBTTNFUIPEKQBSUJDMFTJBNSPMFCBTFQFSNJTTJPO

  15.  *".ϕετϓϥΫςΟεͷ࿩

  16. *".ʹ͸ϕετϓϥΫςΟε͕͋Γ·͢  IUUQTEPDTBXTBNB[PODPNKB@KQ*".MBUFTU6TFS(VJEFCFTUQSBDUJDFTIUNM

  17. ཁ໿͢Δͱ͜Μͳײ͡   ਓʹ͸*%ϑΣσϨʔγϣϯ࢖ͬͯͶ  ϫʔΫϩʔυʹ͸*".ϩʔϧ࢖ͬͯͶ  .'"༗ޮԽͯ͠Ͷ  ΞΫηεΩʔϩʔςͯ͠Ͷ

     ϧʔτϢʔβʔ࢖Θͳ͍ͰͶ  ࠷খݖݶΛ໨ࢦͯ͠Ͷ  ఆظతʹ*".Ϧιʔε୨Էͯ͠͠Ͷ  *".ϙϦγʔͰ৚݅Ωʔ࢖ͬͯͶ  *"."DDFTT"OBMZ[FS࢖ͬͯͶ 0SHBOJ[BUJPOT4$1࢖ͬͯͶ 1FSNJTTJPOTCPVOEBSZ࢖ͬͯͶ

  18. ಠஅͱภݟʹΑΔϥϕϧ͚ͮ   ਓʹ͸*%ϑΣσϨʔγϣϯ࢖ͬͯͶ  ϫʔΫϩʔυʹ͸*".ϩʔϧ࢖ͬͯͶ  .'"༗ޮԽͯ͠Ͷ  ΞΫηεΩʔϩʔςͯ͠Ͷ

     ϧʔτϢʔβʔ࢖Θͳ͍ͰͶ  ࠷খݖݶΛ໨ࢦͯ͠Ͷ  ఆظతʹ*".Ϧιʔε୨Էͯ͠͠Ͷ  *".ϙϦγʔͰ৚݅Ωʔ࢖ͬͯͶ  *"."DDFTT"OBMZ[FS࢖ͬͯͶ 0SHBOJ[BUJPOT4$1࢖ͬͯͶ 1FSNJTTJPOTCPVOEBSZ࢖ͬͯͶ ݫक Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ

  19. ϕετϓϥΫςΟεʹؔ͢Δ͋Ε͜Εɹɹ   ਓʹ͸*%ϑΣσϨʔγϣϯ࢖ͬͯͶ  ϫʔΫϩʔυʹ͸*".ϩʔϧ࢖ͬͯͶ  .'"༗ޮԽͯ͠Ͷ  ΞΫηεΩʔϩʔςͯ͠Ͷ

     ϧʔτϢʔβʔ࢖Θͳ͍ͰͶ  ࠷খݖݶΛ໨ࢦͯ͠Ͷ  ఆظతʹ*".Ϧιʔε୨Էͯ͠͠Ͷ  *".ϙϦγʔͰ৚݅Ωʔ࢖ͬͯͶ  *"."DDFTT"OBMZ[FS࢖ͬͯͶ 0SHBOJ[BUJPOT4$1࢖ͬͯͶ 1FSNJTTJPOTCPVOEBSZ࢖ͬͯͶ ݫक Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ૒ํ޲λΠϜ ͍Ζ͍Ζ ฉ͔͍ͤͯͩ͘͞

  20.  ධՁ࿦ཧͷ࿩

  21. ධՁ࿦ཧͱ͸  "84SF*OWFOU)BSOFTTQPXFSPG*".QPMJDJFT SFJOJOQFSNJTTJPOTX"DDFTT"OBMZ[FS 4&$ ΑΓ ✦ "84*".͸ҎԼΛಥ͖߹Θͤͯ ධՁ͢Δ w

    ϦΫΤετͷίϯςΩετ w ධՁର৅ͷϙϦγʔ ✦ ධՁͷ݁Ռ͸ҎԼͷ͍ͣΕ͔ w ڐՄ w ڋ൱

  22. ධՁ࿦ཧϑϩʔνϟʔτ͸ઈରΈΑ͏  ˞୯ҰΞΧ΢ϯτʹ͓͚ΔϑϩʔνϟʔτͰ͋Δ͜ͱʹ஫ҙ IUUQTEPDTBXTBNB[PODPNKB@KQ*".MBUFTU6TFS(VJEFSFGFSFODF@QPMJDJFT@FWBMVBUJPOMPHJDIUNMQPMJDZFWBMEFOZBMMPX

  23. ͜Ε͚͓֮ͩ͑ͯ͜͏  ✦ σϑΥϧτͰ͸ڋ൱ʢ҉໧తͳڋ൱ʣ ✦ ໌ࣔతͳڋ൱͕Ͳ͔͜ʹ͋Ε͹݁Ռ͸ڋ൱ ✦ ʮ໌ࣔతͳڐՄʯΛ༩͑ΒΕΔͷ͸ҎԼͷΈ w ΞΠσϯςΟςΟϕʔεϙϦγʔ

    w ϦιʔεϕʔεϙϦγʔ ✦ ҎԼ͸ΨʔυϨʔϧͱͯ͠ػೳ w 0SHBOJ[BUJPOT4$1 w 1FSNJTTJPOTCPVOEBSZ w ηογϣϯϙϦγʔʢείʔϓμ΢ϯϙϦγʔʣ w ʢ71$ΤϯυϙΠϯτϙϦγʔʣ

  24. ͜Ε͚͓֮ͩ͑ͯ͜͏  ✦ ୯ҰΞΧ΢ϯτͷ৔߹ɺҎԼͷ͍ͣΕ͔ͷΞΫηεڐՄͷ ෇༩ͷΈͰ݁Ռ͕ڐՄʹͳΔ৔߹͕͋Δ w ΞΠσϯςΟςΟϕʔεϙϦγʔ w ϦιʔεϕʔεϙϦγʔ ✦

    ϦιʔεϕʔεϙϦγʔͰڐՄ͢ΔϓϦϯγύϧʹΑͬͯ ධՁ࿦ཧ͕มΘΔ৔߹͕͋Δ ✦ ΫϩεΞΧ΢ϯτͷ৔߹ɺ૒ํͰڐՄ͕ඞཁ

  25. ϑϦʔͷ࣭໰λΠϜ  ૒ํ޲λΠϜ ͜͜ͷ෦෼͕ฉ͖͍ͨΜ͕ͩʁΛ ืू͍ͯ͠·͢

  26. ໾ʹཱͪͦ͏ͳϦϯΫू  IUUQTEFWDMBTTNFUIPEKQBSUJDMFTOFXQPMJDZFWBMVBUJPOMPHJD fl PXDIBSU IUUQTEFWDMBTTNFUIPEKQBSUJDMFTEFWJPJBNFWBMVBUJPOMPHJD IUUQTEFWDMBTTNFUIPEKQBSUJDMFTQSJODJQBMFMFNFOUJBNSPMFPSSPMFTFTTJPO

  27.  σʔλϓϨʔϯͱ ίϯτϩʔϧϓϨʔϯͷ࿩

  28. *".ʹ͸σʔλϓϨʔϯͱίϯτϩʔϧϓϨʔϯ͕͋Δ  IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBXTJBNDPOUSPMQMBOFEBUBQMBOF

  29. ϑϦʔͷ࣭໰λΠϜ  ૒ํ޲λΠϜ ฉ͖͍ͨ͜ͱʜʜ͋Γ·͢ʁ

  30. ໾ʹཱͪͦ͏ͳϦϯΫू  IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBXTGBVMUJTPMBUJPOCPVOEBSJFT IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBXTJBNFWFOUVBMDPOTJTUFODZTFTTJPOQPMJDZ IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBXTJBNCBDLHSPVOEEFWJP

  31. ͓͠·͍ 

  32. ηογϣϯΞϯέʔτ%":  ຬ଍౓্ҐͷηογϣϯΛޙ೔ϒϩάͰެ։༧ఆʂ ճ౴΁ͷ͝ڠྗΛΑΖ͓͘͠ئ͍͠·͢ɻ ෳ਺ճ౴Մɺ લճͷ಺༰Ҿ͖ܧ͗·͢ ऴྃ͠·ͨ͠

  33. None