Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
ここが好きだよAWS管理ポリシー_devio2022/i_am_iam_lover
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
YukihiroChiba
August 01, 2022
Technology
5.4k
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
ここが好きだよAWS管理ポリシー_devio2022/i_am_iam_lover
YukihiroChiba
August 01, 2022
More Decks by YukihiroChiba
See All by YukihiroChiba
DevelopersIO 2025 RIとSP基礎講座
yukihirochiba
1
2.4k
わたしの業務の中に住み着いたCacoo/Cacoo has taken up residence in my work routine
yukihirochiba
0
1.3k
Amazon VPCでの IPv6利用に向けた はじめの一歩/first-step-towards-using-ipv6-in-amazon-vpc
yukihirochiba
0
1.2k
AWS IAM の結果整合性を避けるためセッションポリシーを用いてポリシーの動作確認を行う、を解説する
yukihirochiba
0
1.2k
SSMエージェントはIAMロールの夢を見るか/ Do SSM Agents Dream Of IAM Roles?
yukihirochiba
0
3.2k
AWS IAM の知っておくべき話と知らなくてもいい話 DevIO2023/ AWS IAM DevIO 2023
yukihirochiba
0
3.7k
デジタルアイデンティティWGミニウェビナー第4回「IaaSとアイデンティティ」/ jnsa-iaas-identity
yukihirochiba
0
860
学習エンジンがうなりを上げているチームの作り方 / How to build a team with a learning engine humming along
yukihirochiba
0
7.4k
Amazon Route 53 Application Recovery Controller zonal shift 試してみた
yukihirochiba
0
2.4k
Other Decks in Technology
See All in Technology
製造現場での生成AIの活用、およびエージェントAIの実装のあり方、AVEVAの取り組み
iotcomjpadmin
0
170
Microsoft のサポートとフィードバック総まとめ
murachiakira
PRO
0
110
起点・思考・出力で分解する 〜PM業務の自動化設計〜
kazu_kichi_67
2
1.1k
5分でわかる Amazon Connect_20260608
hwangbyeonghun
0
120
Comment regagner la souveraineté de vos données tout en étant payé grâce à Nostr !
rlifchitz
0
210
Multi-Agent並列開発を 安全に回すための技術 / Technology for Safely Multi-Agent Parallel Development
tooppoo
0
210
MySQL & MySQL HeatWave Report - June 2026
freshdaz
0
180
コミットの「なぜ」を読む
ota1022
0
120
Lightning近況報告
kozy4324
0
220
いまさら聞けない「仕様駆動開発入門」 〜AI活用時代の開発プロセスを考える〜
findy_eventslides
2
230
事業会社における 機械学習・推薦システム技術の活用事例と必要な能力 / ml-recsys-in-layerx-wantedly-2026
yuya4
0
160
本当の”仕事”を手放せる未来が見えた
mu7889yoon
0
150
Featured
See All Featured
<Decoding/> the Language of Devs - We Love SEO 2024
nikkihalliwell
1
260
The Illustrated Guide to Node.js - THAT Conference 2024
reverentgeek
1
400
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
2k
We Have a Design System, Now What?
morganepeng
55
8.2k
New Earth Scene 8
popppiees
3
2.4k
Optimising Largest Contentful Paint
csswizardry
37
3.7k
Embracing the Ebb and Flow
colly
88
5.1k
Efficient Content Optimization with Google Search Console & Apps Script
katarinadahlin
PRO
1
630
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
55k
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
aleyda
1
2.1k
Navigating Algorithm Shifts & AI Overviews - #SMXNext
aleyda
1
1.3k
エンジニアに許された特別な時間の終わり
watany
107
250k
Transcript
"84ࣄۀຊ෦ίϯαϧςΟϯά෦ઍ༿ʢνόϢΩʣ ࢲͷ"84ѪΛฉ͚ʂ ͕͖ͩ͜͜Α "84*".ͷ"84ཧϙϦγʔ
ࣗݾհ ઍ༿ νόϢΩ w"84ྺɿڧ w͖ͳ"84αʔϏεɿ"84*". w͖ͳ͓໘ͷछྨɿఱۡͷ͓໘ ࠓճͷεϥΠυຕ͋Γ·͢
ɻ
ͳΜͷࣈ͔Θ͔ΔͰ͠ΐ͏͔ʁ
ͳΜͷࣈ͔Θ͔ΔͰ͠ΐ͏͔ʁ Կ͔Λ߹ܭͨ͠Ͱ͢
ݴ͑Δ͔ͳʁ ϙ˓Ϟϯͷछྨ ˞8JLJQFEJBΑΓɻୈੈআ͘ɻ IUUQTKBXJLJQFEJBPSHXJLJશࠃϙέϞϯਤؑॱͷϙέϞϯҰཡ
ϙ˓ϞϯΑΓଟ͍"84ཧϙϦγʔ "84ཧ ϙϦγʔͷ ˞ +5$ ࣌ ͰΞΫςΟϒͳͷ
ϙ˓Ϟϯͷछྨ ˞8JLJQFEJBΑΓɻୈੈআ͘ɻ IUUQTKBXJLJQFEJBPSHXJLJશࠃϙέϞϯਤؑॱͷϙέϞϯҰཡ
͕͖ͩ͜͜Α"84ཧϙϦγʔ wࣗಈͰ࡞ɾߋ৽͞ΕΔ wͨ͘͞Μ͋Δ͠ɺͨ·ʹ͍ͳ͘ͳΔ w໊শઆ໌ʹϑϦʔμϜ͞Λײ͡Δ ͖ͩͳ͊
"84ཧϙϦγʔͱ
"84ཧϙϦγʔͱ "84͕ཧ͢ΔϙϦγʔ ͷ͜ͱͰ͢
"84ཧϙϦγʔͱ "84͕ཧ͢ΔϙϦγʔ ͷ͜ͱͰ͢ ΠϯϥΠϯͰͳ͍ ΧελϚʔཧͰͳ͍
ϙϦγʔΛΠϯϥΠϯ͔ཧ͔ͷΓޱͰݟ͍ͯ͘ ϙϦγʔ ΠϯϥΠϯϙϦγʔ ཧϙϦγʔ όʔδϣϯཧɺελϯυΞϩϯɺ ෳϦιʔεͷΞλον͕Մೳ *".ϦιʔεͷຒΊࠐΈ ݄ʹొ
ϙϦγʔ ΠϯϥΠϯϙϦγʔ ཧϙϦγʔ ΧελϚʔ ཧϙϦγʔ "84 ཧϙϦγʔ όʔδϣϯཧɺελϯυΞϩϯɺ ෳϦιʔεͷΞλον͕Մೳ
*".ϦιʔεͷຒΊࠐΈ "84ʹΑΓཧ͞ΕΔ ΧελϚʔ͕ཧ ࠓճऔΓ্͛Δͷ͜Ε ϙϦγʔΛΠϯϥΠϯ͔ཧ͔ͷΓޱͰݟ͍ͯ͘
ϙϦγʔ ΠϯϥΠϯϙϦγʔ ཧϙϦγʔ ΧελϚʔ ཧϙϦγʔ όʔδϣϯཧɺελϯυΞϩϯɺ ෳϦιʔεͷΞλον͕Մೳ *".ϦιʔεͷຒΊࠐΈ "84ʹΑΓཧ͞ΕΔ
৬ػೳ༻ αʔϏε ϩʔϧ༻ αʔϏεϦϯΫ ϩʔϧ 4-3 ༻ ্هҎ֎ ΧελϚʔ͕ཧ ϙϦγʔͷύε͔Βผ ϙϦγʔΛΠϯϥΠϯ͔ཧ͔ͷΓޱͰݟ͍ͯ͘ "84 ཧϙϦγʔ
ͨͷ͍͠ʂ ϙϦγʔ ΠϯϥΠϯϙϦγʔ ཧϙϦγʔ ΧελϚʔ ཧϙϦγʔ ৬ػೳ༻ αʔϏε ϩʔϧ༻
αʔϏεϦϯΫ ϩʔϧ 4-3 ༻ ্هҎ֎ ͨͷ͍͠ʂ "84 ཧϙϦγʔ ৽αʔϏεɺ৽ػೳͷൃදʹઌߦͯ͠ ࡞ɾߋ৽͞Ε͍ͯΔ͜ͱ͕ଟ͍
ࣈͰݟΔ "84ཧϙϦγʔ
࠶ܝ "84ཧ ϙϦγʔͷ ϙ˓Ϟϯͷछྨ ˞8JLJQFEJBΑΓɻୈੈআ͘ɻ IUUQTKBXJLJQFEJBPSHXJLJશࠃϙέϞϯਤؑॱͷϙέϞϯҰཡ ˞
+5$ ࣌ ͰΞΫςΟϒͳͷ
Ͳͷ͘Β͍ͷϖʔεͰ ૿͍͑ͯΔͷ͔ʁ
͝ͱʹݟΔ"84ཧϙϦγʔͷ૿Ճ ΄΅ຖ ૿͑ͯΔ
Ͳͷ݄͕͍ͪΜ ૿͍͑ͯΔͷ͔ʁ
݄͝ͱʹݟΔ"84ཧϙϦγʔͷ૿Ճ ݄ଟ͍ͷʁ
ͱ݄͝ͱʹݟΔ"84ཧϙϦγʔͷ૿Ճ ݄ ͕ଟ͍͚ͩͩͬͨ
͜Ε·Ͱͷ૿ՃΛ ݄͝ͱʹݟΔ
ͬͺΓ݄ͱ݄͕ͭΑ͍
ͬͺΓ݄ͱ݄͕ͭΑ͍ "84ཧϙϦγʔͷ०
ݮΔ͜ͱ͋ΔΑɺ "84ཧϙϦγʔ
ඇਪͷ"84ཧϙϦγʔ wඇਪʢഇࢭɾ%FQSFDBUFEʣʹͳΔͱʜʜ wΞλονࡁΈͷ߹ wΞλονܧଓ͞ΕΔ wϙϦγʔͷޮྗܧଓ͞ΕΔ wΞλον͞Εͯͳ͍߹ w৽نͷΞλον͕Ͱ͖ͳ͍ʢ*T"UUBDIBCMFGBMTFʣ wදࣔ͞Εͳ͘ͳΔ
͍ͬͨͳͯ͘ϦϦʔεͰ͖ͳ͍ "NB[PO$POOFDU'VMM"DDFTT "NB[PO$POOFDU'VMM"DDFTT "NB[PO$POOFDU@'VMM"DDFTT %FQSFDBUFEʢഇࢭࡁΈʣ ৽͍͠ϙϦγʔ
কདྷతʹඇਪʹͳΓͦ͏ͳϙϦγʔ w"NB[PO%ZOBNP%#'VMM"DDFTTXJUI%BUB1JQFMJOF w"NB[PO&$3PMFGPS44. w"NB[PO&MBTUJD.BQ3FEVDF'VMM"DDFTT w"NB[PO&MBTUJD.BQ3FEVDF3PMF w"84%BUB1JQFMJOF3PMF ʮઆ໌ʯʹEFQSFDBUJPO ͘͠EFQSFDBUFEΛ ؚΉͷΛ୳͠·ͨ͠
"84ཧϙϦγʔ ͷѪͰํ
"84$-*ͱKRͰ$47ग़ྗͯ͠ εϓϨουγʔτͰѪͰ·͠ΐ͏
BXTJBNMJTUQPMJDJFT aws iam list-policies\ --scope AWS\ --max-items 1000\ |
jq -r ' ["ϙϦγʔ໊","ύε","σϑΥϧτόʔδϣϯ","࡞࣌","ߋ৽࣌","ΞλονՄ൱"], (.Policies[] | [.PolicyName,.Path,.DefaultVersionId,.CreateDate,.UpdateDate,.IsAttachable]) | @csv' | pbcopy είʔϓͱͯ͠ʮ"84ʯΛࢦఆ͠ɺ KRͰඞཁͳՕॴͷΈϑΟϧλϦϯά $47Խ͠ɺ ΫϦοϓϘʔυʹίϐʔʢ.BDͷ߹ʣ Ұͷ࣮ߦͰશྔΛ औಘͰ͖ͳ͘ͳΔۙͦ͏
͜͏ͯ͠ɺ
͜͏ͯ͠ɺ͜͏ͯ͠ɺ
͜͏ͯ͠ɺ͜͏ͯ͠ɺ͜͏ͯ͠ɺ
͜͏ͯ͠ɺ͜͏ͯ͠ɺ͜͏ͯ͠ɺ͜͏
͜͏ͯ͠ɺ
͜͏ͯ͠ɺ͜͏ͯ͠ɺ
͜͏ͯ͠ɺ͜͏ͯ͠ɺ͜͏ͯ͠ɺ
͜͏ͯ͠ɺ͜͏ͯ͠ɺ͜͏ͯ͠ɺ͜͏
݅ͰϑΟϧλ ;ˠ"Ͱฒ $06/5*'4 ͋ͱ͍͔Α͏ʹʂ -&/
ʮઆ໌ʯཉ͚͠ΕBXTJBNHFUQPMJDZ aws iam list-policies --max-items 1000 --scope AWS |
jq -r '.Policies[].Arn' \ | while read policy; do aws iam get-policy --policy-arn $policy \ | jq -r '.Policy | [.PolicyName,.Description] | @csv' >> policies.csv done MJTUQPMJDJFTͷ݁ՌΛͻͱͭͣͭ৯Θͤͯ HFUQPMJDZͰϙϦγʔ໊ɺઆ໌Λग़ྗ ͋ͱ7-00,61ؔͰؤுΔ ͘Β͍͔͔ͬͨ ؾ͕͠·͢
"84ཧϙϦγʔ ͳΜͰϥϯΩϯά ˞ +5$ ࣌
ϙϦγʔ໊ͷ͞
ϙϦγʔ໊ͷ͞ͷ্ݶ ͍ͪΜ͍ จࣈ "NB[PO4BHF.BLFS4FSWJDF$BUBMPH1SPEVDUT$MPVEGPSNBUJPO4FSWJDF3PMF1PMJDZ ͍ͪΜ͍ จࣈ #JMMJOH ͍Αʂ ͍Αʂ
ฏۉɿจࣈ தԝɿจࣈ
આ໌ͷ͞
આ໌ͷ͞ͷ্ݶ ͍ͪΜ͍ จࣈ 5IJTQPMJDZJTBUUBDIFEUPUIF&MBTUJD%JTBTUFS3FDPWFSZ3FQMJDBUJPOTFSWFSTJOTUBODFSPMF5IJTQPMJDZBMMPXTUIF&MBTUJD%JTBTUFS3FDPWFSZ %34 3FQMJDBUJPO4FSWFST XIJDIBSF&$JOTUBODFTMBVODIFECZ&MBTUJD%JTBTUFS3FDPWFSZUPDPNNVOJDBUFXJUIUIF%34TFSWJDF BOEUPDSFBUF
TOBQTIPUTJOZPVS"84BDDPVOU"O*".SPMFXJUIUIJTQPMJDZJTBUUBDIFE BTBO&$*OTUBODF1SP fi MF CZ&MBTUJD%JTBTUFS3FDPWFSZUPUIF%34 3FQMJDBUJPO4FSWFSTXIJDIBSFBVUPNBUJDBMMZMBVODIFEBOEUFSNJOBUFECZ%34 BTOFFEFE%343FQMJDBUJPO4FSWFSTBSFVTFEUPGBDJMJUBUFEBUB SFQMJDBUJPOGSPNZPVSFYUFSOBMTFSWFSTUP"84 BTQBSUPGUIFSFDPWFSZQSPDFTTNBOBHFECZ%348FEPOPUSFDPNNFOEUIBUZPVBUUBDIUIJT QPMJDZUPZPVS*".VTFSTPSSPMFT ͍ͪΜ͍ จࣈ %FOZBMMBDDFTT ͍Αʂ ඒ͢͠͞Βײ͡Δ ฏۉɿจࣈ தԝɿจࣈ "84&MBTUJD%JTBTUFS3FDPWFSZ3FQMJDBUJPO4FSWFS1PMJDZ "84%FOZ"MM
όʔδϣϯ
ͪͳΈʹ7JFX0OMZ"DDFTTόʔδϣϯͰҐ 3FBE0OMZ"DDFTT "84$PO fi H3PMF 4FDVSJUZ"VEJU
"84$PO fi H4FSWJDF3PMF1PMJDZ '.44FSWJDF3PMF1PMJDZ "844VQQPSU4FSWJDF3PMF1PMJDZ "NB[PO4BHF.BLFS'VMM"DDFTT $MPVEXBUDI"QQMJDBUJPO*OTJHIUT4FSWJDF-JOLFE3PMF1PMJDZ "NB[PO&$4@'VMM"DDFTT "844FSWJDF3PMF'PS*NBHF#VJMEFS όʔδϣϯ501 ɹ ɹ ɹ ɹ ɹ ɹ ɹ ɹ ɹ ͓ੈʹͳͬͯ·͢
͕͖ͩ͜͜Α "84ཧϙϦγʔ
ϙϦγʔ໊ͱ͔આ໌ʹ ͳΜ͔͜͏ʜʜ ϑϦʔμϜ͞Λײ͡Δ
͔ͦ͜͜͠ʹજΉѪ͠͞ϙΠϯτ wʙ3FBE0OMZ"DDFTTͩͬͨΓʙ3FBE0OMZͩͬͨΓ w3FBE0OMZ͡Όͳͯ͘3FBEPOMZ͋Δ wʮ"84ʯʮ"NB[POʯͷ಄͍ࣙͭͨΓ͔ͭͳ͔ͬͨΓ͢Δ wʙ'VMM"DDFTT ʙ3FBE0OMZ"DDFTTͷલʹΞϯμʔείΞ͋ͬͨΓͳ͔ͬͨΓ wʙ4FSWJDF3PMFͩͬͨΓʙ4FSWJDF3PMF1PMJDZͩͬͨΓ wαʔϏε໊ུ͕শͩͬͨΓϑϧ໊শͩͬͨΓ wΞϯμʔείΞͦ͜ʹڬΉΜͩʜʜͱͳͬͨΓ
"NB[PO$POOFDU'VMM"DDFTT "NB[PO$POOFDU@'VMM"DDFTT "84$PO fi H3PMF "84@$PO fi H3PMF "84$MPVE5SBJM3FBE0OMZ"DDFTT "84$MPVE5SBJM@3FBE0OMZ"DDFTT ϙϦγʔͷ໋໊نଇ·ΘΓ
͔ͦ͜͜͠ʹજΉѪ͠͞ϙΠϯτ w"NB[PO$IJNF4%, w"84&MBTUJD#FBOTUBML&OIBODFE)FBMUI w"NB[PO'SFF350405"6QEBUF w"MFYB'PS#VTJOFTT%FWJDF4FUVQ w"84$MPVE'SPOU-PHHFS w"84*P53VMF"DUJPOT ͪΐͬͱݟͩͱϙϦγʔ໊ͱΘ͔Βͳ͍ݸੑతͳ໊લͨͪ w"84-BNCEB*OWPDBUJPO%ZOBNP%#
w*".6TFS44),FZT w"NB[PO44.1BUDI"TTPDJBUJPO w"840QT8PSLT3FHJTUFS$-*@&$ w*743FDPSE5P4 w&$*OTUBODF$POOFDU
͔ͦ͜͜͠ʹજΉѪ͠͞ϙΠϯτ wඌͷʮʯ͕͍ͭͨΓ͔ͭͳ͔ͬͨΓ wͪͳΈʹʮʯ͕͘ͷݸதݸ w5IJTQPMJDZ͔Β࢝·ͬͨΓ5IJT*".QPMJDZ͔Β࢝·ͬͨΓ w͍͖ͳΓಈࢺ͔Β࢝·Δύλʔϯଟ͍ wSFBEPOMZͩͬͨΓSFBEPOMZͩͬͨΓ w%0/0564&ͬͯॻ͍ͯ͋ͬͨΓ wจࣈॻ͍ͯ͋ͬͨΓจࣈͰऴΘͬͨΓ ϙϦγʔͷઆ໌ͷதʹ
͕ͯ͢Ѫ͓͍͠ͳʜʜ
ͩͬͯͦ͜ʹ ྺ࢙ νʔϜͷଟ͞ ײ͡ΒΕΔ͔Β ͱ Λ
"84ͱ͍͏αʔϏεͷཪʹ͍Δଟͷਓʑʜʜ
·ͱΊ
͕͖ͩ͜͜Α"84ཧϙϦγʔ wͦ͜ʹະདྷɺͦͯ͠ྺ࢙ɺͭ·Γ"84ͷ͕ͯ͢ ͋Δ wόϦΤʔγϣϯ๛͔ɺͦΕͰ͍ͯফ͑Δ͔͠Εͳ͍ ၪ͞ wਪ͠ϙϦγʔΛݟ͚ͭΑ͏ʂ
Ͳ͕ͬͪઌʹ ʹ౸ୡ͢Δ͔ͳʁ
None