Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWS IAM の知っておくべき話と知らなくてもいい話 DevIO2023/ AWS IAM ...

YukihiroChiba
July 27, 2023
0
3.4k

AWS IAM の知っておくべき話と知らなくてもいい話 DevIO2023/ AWS IAM DevIO 2023

YukihiroChiba

July 27, 2023
Tweet

More Decks by YukihiroChiba

See All by YukihiroChiba
わたしの業務の中に住み着いたCacoo/Cacoo has taken up residence in my work routine
yukihirochiba
0
970
Amazon VPCでの IPv6利用に向けた はじめの一歩/first-step-towards-using-ipv6-in-amazon-vpc
yukihirochiba
0
560
AWS IAM の結果整合性を避けるためセッションポリシーを用いてポリシーの動作確認を行う、を解説する
yukihirochiba
0
890
SSMエージェントはIAMロールの夢を見るか/ Do SSM Agents Dream Of IAM Roles?
yukihirochiba
0
2.5k
デジタルアイデンティティWGミニウェビナー第4回「IaaSとアイデンティティ」/ jnsa-iaas-identity
yukihirochiba
0
710
学習エンジンがうなりを上げているチームの作り方 / How to build a team with a learning engine humming along
yukihirochiba
0
4k
Amazon Route 53 Application Recovery Controller zonal shift 試してみた
yukihirochiba
0
1.9k
re:Growth 2022 Amazon Verified Permissions/妄想を膨らませる_チバユキ
yukihirochiba
0
5.4k
どこで動いてるの?AWS IAM のコントロールプレーンとデータプレーンに思いを馳せる/iam-background
yukihirochiba
1
5.5k

Featured

See All Featured
How to train your dragon (web standard)
notwaldorf
91
5.9k
Building an army of robots
kneath
304
45k
Art, The Web, and Tiny UX
lynnandtonic
298
20k
Why Our Code Smells
bkeepers
PRO
336
57k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
Java REST API Framework Comparison - PWX 2021
mraible
29
8.5k
Measuring & Analyzing Core Web Vitals
bluesmoon
6
360
KATA
mclloyd
29
14k
Statistics for Hackers
jakevdp
798
220k
GraphQLの誤解/rethinking-graphql
sonatard
70
10k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.4k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
4
500

Transcript

  1. "84*".ͷ஌͓ͬͯ͘΂͖࿩ͱ ஌Βͳͯ͘΋͍͍࿩  "84ࣄۀຊ෦νόϢΩ

  2. ࣗݾ঺հ  ઍ༿ ޾޺ (νόϢΩ) •2020೥ೖࣾ •޷͖ͳAWSαʔϏεɿIAM •޷͖ͳΞΫγϣϯɿsts:AssumeRole IUUQTEFWDMBTTNFUIPEKQBVUIPSDIJCBZVLJIJSP

  3. ࠓ೔ͷҙؾࠐΈ  w ͜ͷ࣌ؒ͸ʮνϣʔΫτʔΫʯͰ͢ w Θ͕ͨ͠Ұํతʹ஻ΔͷͰ͸ͳ͘ɺͥͻ૒ํ޲Ͱ΍ΓऔΓ͠·͠ΐ͏ w །Ұͷਖ਼ղ͕͋Δ΋ͷͰ͸͋Γ·ͤΜ w ʮΈΜͳ͸Ͳ͏ͯ͠ΔΜͩΖ͏ʯΛڞ༗ͨ͠Γ

    w ʮͲ͏͢Δͷ͕ΑΓྑ͍ͩΖ͏ʯΛҰॹʹߟ͑ͨΓ͠·͠ΐ͏

  4. ࠓ೔ͷ͓໿ଋ  w Έͳ͞Μʹݺͼ͔͚͍ͨ͜ͱ͕͋Δ৔߹ɺεϥ Πυͷӈ্ʹ͜Μͳͷ͕ग़͖ͯ·͢ ૒ํ޲λΠϜ w ڍखɺεέονϒοΫ΁ͷॻ͖ࠐΈɺϚΠΫͰͷ ൃݴͳͲɺ૒ํ޲Ͱ΍ΓऔΓ͍ͨ͠ͷͰ͝ڠྗ ͓ئ͍͠·͢

  5. ͬͦ͘͞΍ͬͯΈΑ͏  ૒ํ޲λΠϜ Έͳ͞Μͷ*".ϨϕϧΛڭ͍͑ͯͩ͘͞ɻ  *".Λ৮ͬͨ͜ͱ͕ͳ͍  *".ϢʔβʔɺάϧʔϓɺϩʔϧɺϙϦγʔΛ஌͍ͬͯΔ  *".ϦιʔεΛઃܭ͋Δ͍͸ߏஙͨ͜͠ͱ͕͋Δ

     4$1΋͘͠͸1FSNJTTJPOTCPVOEBSZΛ࢖ͬͨ͜ͱ͕͋Δ  ηογϣϯϙϦγʔΛ࢖ͬͨ͜ͱ͕͋Δ εέονϒοΫʹ਺ࣈΛॻ͍͍ͯͩ͘͞

  6. ͞Βʹ΍ͬͯΈΑ͏  ૒ํ޲λΠϜ ྡͷ੮ͷਓͱ؆୯ͳࣗݾ঺հͱ ʮࠓ೔ԿΛֶͼ͍͔ͨʯΛ࿩͠·͠ΐ͏ ʢͻͱΓ෼ͣͭʣ

  7. ࠓ೔ͷςʔϚ 

  8. ࠓ೔ͷςʔϚ   *".ઃܭͷ࿩ʢߏ੒ɺݖݶͷ࣋ͨͤํʣ  *".ϕετϓϥΫςΟεͷ࿩  ධՁ࿦ཧͷ࿩  σʔλϓϨʔϯͱίϯτϩʔϧϓϨʔϯͷ࿩

  9. ࠓ೔ͷςʔϚ   *".ઃܭͷ࿩ʢߏ੒ɺݖݶͷ࣋ͨͤํʣ  *".ϕετϓϥΫςΟεͷ࿩  ධՁ࿦ཧͷ࿩  σʔλϓϨʔϯͱίϯτϩʔϧϓϨʔϯͷ࿩

    ্͔Βॱʹʮ஌͓ͬͯ͘΂͖ʯ౓͕ߴ͍ Լ͔Βॱʹʮ͠Ό΂Γ͍ͨʯ౓͕ߴ͍ ஌͓ͬͯ͘΂͖ ͠Ό΂Γ͍ͨ

  10. ࠓ೔ͷςʔϚ   *".ઃܭͷ࿩ʢߏ੒ɺݖݶͷ࣋ͨͤํʣ  *".ϕετϓϥΫςΟεͷ࿩  ධՁ࿦ཧͷ࿩  σʔλϓϨʔϯͱίϯτϩʔϧϓϨʔϯͷ࿩

    ૒ํ޲λΠϜ Έͳ͞Μ͕ڵຯ͋Δ΋ͷΛ ڍखͰڭ͍͑ͯͩ͘͞ ஌Γ͍ͨ಺༰ΛεέονϒοΫʹ ॻ͍͍ͯͩ͘͞

  11.  *".ઃܭͷ࿩ ʢߏ੒ɺݖݶͷ࣋ͨͤํʣ

  12. ߏ੒ͱݖݶͷ࣋ͨͤํ  ✦ ʮߏ੒ʯͷྫ w *".ϢʔβʔͷΈʁεΠονϩʔϧʁ w *".ϩʔϧΛ࢖͍ͬͯΔ৔߹ɺϢʔβʔͱʁ w "84*".*EFOUJUZ$FOUFSʁ*".4".-ϑΣσϨʔγϣϯʁ

    w ϚϧνΞΧ΢ϯτʁͦͷ৔߹Ͳͷ͘Β͍ͷن໛ʁ ✦ ʮݖݶͷ࣋ͨͤํʯͷྫ w Ͳͷ͘Β͍໾ׂΛ෼͚ͯΔʁ w ࠷খݖݶΛͲͷ͘Β͍௥ٻͯ͠Δʁ w Ͳͷ͘Β͍ϙϦγʔΧελϚΠζͯ͠Δʁ w ΨʔυϨʔϧ࢖༻ͯ͠Δʁ

  13. *".ઃܭʹؔͯ͠σΟεΧογϣϯλΠϜ  ૒ํ޲λΠϜ *".ઃܭʢߏ੒ɾݖݶͷ࣋ͨͤํʣʹؔͯ͠ ࠔΓ͝ͱɺฉ͍ͯΈ͍ͨ͜ͱ͕ ͋Ε͹ͥͻޱ಄Ͱ͓ئ͍͠·͢

  14. ࢀߟʹͳΔࢥ૝  ✦ຊ൪ɺεςʔδϯάɺ։ൃͰ"84 ΞΧ΢ϯτΛ෼͚Δ ✦ҎԼͷ໾ׂͰ෼͚Δ w؅ཧऀ wΞϓϦνʔϜ wΠϯϑϥνʔϜ wӡ༻νʔϜ ✦ͳΔ΂͘ਓ͕৮Βͳ্ͨ͘͠Ͱ޿

    ΊʹݖݶΛ༩͑Δ IUUQTEFWDMBTTNFUIPEKQBSUJDMFTJBNSPMFCBTFQFSNJTTJPO

  15.  *".ϕετϓϥΫςΟεͷ࿩

  16. *".ʹ͸ϕετϓϥΫςΟε͕͋Γ·͢  IUUQTEPDTBXTBNB[PODPNKB@KQ*".MBUFTU6TFS(VJEFCFTUQSBDUJDFTIUNM

  17. ཁ໿͢Δͱ͜Μͳײ͡   ਓʹ͸*%ϑΣσϨʔγϣϯ࢖ͬͯͶ  ϫʔΫϩʔυʹ͸*".ϩʔϧ࢖ͬͯͶ  .'"༗ޮԽͯ͠Ͷ  ΞΫηεΩʔϩʔςͯ͠Ͷ

     ϧʔτϢʔβʔ࢖Θͳ͍ͰͶ  ࠷খݖݶΛ໨ࢦͯ͠Ͷ  ఆظతʹ*".Ϧιʔε୨Էͯ͠͠Ͷ  *".ϙϦγʔͰ৚݅Ωʔ࢖ͬͯͶ  *"."DDFTT"OBMZ[FS࢖ͬͯͶ 0SHBOJ[BUJPOT4$1࢖ͬͯͶ 1FSNJTTJPOTCPVOEBSZ࢖ͬͯͶ

  18. ಠஅͱภݟʹΑΔϥϕϧ͚ͮ   ਓʹ͸*%ϑΣσϨʔγϣϯ࢖ͬͯͶ  ϫʔΫϩʔυʹ͸*".ϩʔϧ࢖ͬͯͶ  .'"༗ޮԽͯ͠Ͷ  ΞΫηεΩʔϩʔςͯ͠Ͷ

     ϧʔτϢʔβʔ࢖Θͳ͍ͰͶ  ࠷খݖݶΛ໨ࢦͯ͠Ͷ  ఆظతʹ*".Ϧιʔε୨Էͯ͠͠Ͷ  *".ϙϦγʔͰ৚݅Ωʔ࢖ͬͯͶ  *"."DDFTT"OBMZ[FS࢖ͬͯͶ 0SHBOJ[BUJPOT4$1࢖ͬͯͶ 1FSNJTTJPOTCPVOEBSZ࢖ͬͯͶ ݫक Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ

  19. ϕετϓϥΫςΟεʹؔ͢Δ͋Ε͜Εɹɹ   ਓʹ͸*%ϑΣσϨʔγϣϯ࢖ͬͯͶ  ϫʔΫϩʔυʹ͸*".ϩʔϧ࢖ͬͯͶ  .'"༗ޮԽͯ͠Ͷ  ΞΫηεΩʔϩʔςͯ͠Ͷ

     ϧʔτϢʔβʔ࢖Θͳ͍ͰͶ  ࠷খݖݶΛ໨ࢦͯ͠Ͷ  ఆظతʹ*".Ϧιʔε୨Էͯ͠͠Ͷ  *".ϙϦγʔͰ৚݅Ωʔ࢖ͬͯͶ  *"."DDFTT"OBMZ[FS࢖ͬͯͶ 0SHBOJ[BUJPOT4$1࢖ͬͯͶ 1FSNJTTJPOTCPVOEBSZ࢖ͬͯͶ ݫक Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ૒ํ޲λΠϜ ͍Ζ͍Ζ ฉ͔͍ͤͯͩ͘͞

  20.  ධՁ࿦ཧͷ࿩

  21. ධՁ࿦ཧͱ͸  "84SF*OWFOU)BSOFTTQPXFSPG*".QPMJDJFT SFJOJOQFSNJTTJPOTX"DDFTT"OBMZ[FS 4&$ ΑΓ ✦ "84*".͸ҎԼΛಥ͖߹Θͤͯ ධՁ͢Δ w

    ϦΫΤετͷίϯςΩετ w ධՁର৅ͷϙϦγʔ ✦ ධՁͷ݁Ռ͸ҎԼͷ͍ͣΕ͔ w ڐՄ w ڋ൱

  22. ධՁ࿦ཧϑϩʔνϟʔτ͸ઈରΈΑ͏  ˞୯ҰΞΧ΢ϯτʹ͓͚ΔϑϩʔνϟʔτͰ͋Δ͜ͱʹ஫ҙ IUUQTEPDTBXTBNB[PODPNKB@KQ*".MBUFTU6TFS(VJEFSFGFSFODF@QPMJDJFT@FWBMVBUJPOMPHJDIUNMQPMJDZFWBMEFOZBMMPX

  23. ͜Ε͚͓֮ͩ͑ͯ͜͏  ✦ σϑΥϧτͰ͸ڋ൱ʢ҉໧తͳڋ൱ʣ ✦ ໌ࣔతͳڋ൱͕Ͳ͔͜ʹ͋Ε͹݁Ռ͸ڋ൱ ✦ ʮ໌ࣔతͳڐՄʯΛ༩͑ΒΕΔͷ͸ҎԼͷΈ w ΞΠσϯςΟςΟϕʔεϙϦγʔ

    w ϦιʔεϕʔεϙϦγʔ ✦ ҎԼ͸ΨʔυϨʔϧͱͯ͠ػೳ w 0SHBOJ[BUJPOT4$1 w 1FSNJTTJPOTCPVOEBSZ w ηογϣϯϙϦγʔʢείʔϓμ΢ϯϙϦγʔʣ w ʢ71$ΤϯυϙΠϯτϙϦγʔʣ

  24. ͜Ε͚͓֮ͩ͑ͯ͜͏  ✦ ୯ҰΞΧ΢ϯτͷ৔߹ɺҎԼͷ͍ͣΕ͔ͷΞΫηεڐՄͷ ෇༩ͷΈͰ݁Ռ͕ڐՄʹͳΔ৔߹͕͋Δ w ΞΠσϯςΟςΟϕʔεϙϦγʔ w ϦιʔεϕʔεϙϦγʔ ✦

    ϦιʔεϕʔεϙϦγʔͰڐՄ͢ΔϓϦϯγύϧʹΑͬͯ ධՁ࿦ཧ͕มΘΔ৔߹͕͋Δ ✦ ΫϩεΞΧ΢ϯτͷ৔߹ɺ૒ํͰڐՄ͕ඞཁ

  25. ϑϦʔͷ࣭໰λΠϜ  ૒ํ޲λΠϜ ͜͜ͷ෦෼͕ฉ͖͍ͨΜ͕ͩʁΛ ืू͍ͯ͠·͢

  26. ໾ʹཱͪͦ͏ͳϦϯΫू  IUUQTEFWDMBTTNFUIPEKQBSUJDMFTOFXQPMJDZFWBMVBUJPOMPHJD fl PXDIBSU IUUQTEFWDMBTTNFUIPEKQBSUJDMFTEFWJPJBNFWBMVBUJPOMPHJD IUUQTEFWDMBTTNFUIPEKQBSUJDMFTQSJODJQBMFMFNFOUJBNSPMFPSSPMFTFTTJPO

  27.  σʔλϓϨʔϯͱ ίϯτϩʔϧϓϨʔϯͷ࿩

  28. *".ʹ͸σʔλϓϨʔϯͱίϯτϩʔϧϓϨʔϯ͕͋Δ  IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBXTJBNDPOUSPMQMBOFEBUBQMBOF

  29. ϑϦʔͷ࣭໰λΠϜ  ૒ํ޲λΠϜ ฉ͖͍ͨ͜ͱʜʜ͋Γ·͢ʁ

  30. ໾ʹཱͪͦ͏ͳϦϯΫू  IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBXTGBVMUJTPMBUJPOCPVOEBSJFT IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBXTJBNFWFOUVBMDPOTJTUFODZTFTTJPOQPMJDZ IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBXTJBNCBDLHSPVOEEFWJP

  31. ͓͠·͍ 

  32. ηογϣϯΞϯέʔτ%":  ຬ଍౓্ҐͷηογϣϯΛޙ೔ϒϩάͰެ։༧ఆʂ ճ౴΁ͷ͝ڠྗΛΑΖ͓͘͠ئ͍͠·͢ɻ ෳ਺ճ౴Մɺ લճͷ಺༰Ҿ͖ܧ͗·͢ ऴྃ͠·ͨ͠

  33. None