Upgrade to Pro — share decks privately, control downloads, hide ads and more …

IAMロールを1000個作って遊んでいたらAWS利用費が50ドルを超えていた

325ce6fcd0a74ff78990b8632817da55?s=47 YukihiroChiba
April 27, 2021
Technology
1
2.7k

 IAMロールを1000個作って遊んでいたらAWS利用費が50ドルを超えていた

IAMロールを1000個作って遊んでいたらAWS利用費が50ドルを超えていた話です。遊ぶな。

325ce6fcd0a74ff78990b8632817da55?s=128

YukihiroChiba

April 27, 2021
Tweet

More Decks by YukihiroChiba

See All by YukihiroChiba
325ce6fcd0a74ff78990b8632817da55?s=48 yukihirochiba
0
450
325ce6fcd0a74ff78990b8632817da55?s=48 yukihirochiba
0
760
325ce6fcd0a74ff78990b8632817da55?s=48 yukihirochiba
1
1.4k
325ce6fcd0a74ff78990b8632817da55?s=48 yukihirochiba
0
880
325ce6fcd0a74ff78990b8632817da55?s=48 yukihirochiba
1
780

Other Decks in Technology

See All in Technology
E53046bb9794560f541fcf2cf0b9d526?s=48 sayokomiura
0
600
19fc8f6113c5c3d86e6176362ff29479?s=48 kanaugust
PRO
0
180
D69e77fd50edf1a9c6d5ffcddd03dd90?s=48 funnysystems
1
980
D5e41f085758da619761b10b6c54e6af?s=48 chikuta
0
290
53850955f15249a1a9dc49df6113e400?s=48 line_developers
PRO
1
320
0b626efa067fc1732d0827b6ac1ca6e1?s=48 shoheiyamamoto
0
210
E598c2f9a8e5c94eea0e6505b4233d81?s=48 tomohide_tanaka
1
620
275fa343348e7dd4f5f7abfe09bb19d4?s=48 nishiodens
0
320
D8e79ab09f15e69d600c00131bf7d2a9?s=48 yfutamura
0
930
2f73f93f91c4401b0baf12029226a681?s=48 tobachi
0
3.3k
396bc484aa53948c58c8fa847ad91372?s=48 riki_hiraoka
0
220
B3d52898f50eff76129f5479f51c02c3?s=48 c4yokohama
0
210

Featured

See All Featured
3d6ace9554821d552146413bcdf874f6?s=48 trishagee
26
3.3k
64827b31aef81498662e8af4bd6d5157?s=48 jonrohan
1021
390k
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
166
19k
E76911cbe088e5b850d966de3fc7435b?s=48 robhawkes
53
2.9k
812e1705ff0f8bc1bcf18587bde687d5?s=48 62gerente
587
200k
5b6a2bd86ef643786a381a212e0ef2f1?s=48 geoffreycrofte
29
1.2k
Aebc2d07a50011e2a30d38435fde564a?s=48 jrom
116
7.2k
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
28
2.1k
Fe6b81005d1553accd6b2a28f6a2bef1?s=48 phodgson
89
4k
5f50f94346fbcb23706f0707169317a4?s=48 aarron
258
36k
1519587b1a0febb658c36c94f6272b0d?s=48 roundedbygravity
242
21k
C86443373fbfe92996aa882d0d7a59f8?s=48 imathis
479
150k

Transcript

  1. *".ϩʔϧΛ ݸ࡞ͬͯ༡ΜͰ͍ͨΒ "84ར༻අ͕υϧΛ௒͍͑ͯͨ  ઍ༿޾޺ʢνόϢΩʣ

  2. ࠓ೔࣋ͪؼ͍͖͍ͬͯͨͩͨ͜ͱ  ʮ͋ɺ͜͜ʹར༻අ͔͔ΔΜͩͳʯ ʮAWS Config ͷϕετϓϥΫςΟεʯ ʁʁʁʁʁ

  3. ࣗݾ঺հ  ɾ2020೥1݄Ϋϥεϝιου ೖࣾ ɾITΤϯδχΞྺ7೥ऑɺ ɹɹ͏ͪAWSྺ6೥ऑ ɾAWSԿ΋Θ͔ΒΜɻɻ😇 ɾ࠲ӈͷ໏ɿ ɹʮIAM ϩʔϧ͸͓໘ͷΑ͏ͳ΋ͷʯ

  4. ಥવͰ͕͢  ͜Μͳ͜ͱɺΑ͋͘Γ·ͤΜ͔ʁʁ

  5. ͋Γ;Εͨ೔ৗͷ෩ܠ 

  6. ͋Γ;Εͨ೔ৗͷ෩ܠ  ʮ͋ʔ……ʯ

  7. ͋Γ;Εͨ೔ৗͷ෩ܠ  ʮIAMϩʔϧ ɹ1000ݸ ɹɹ࡞Γ͍ͨͳ……ʯ ʮ͋ʔ……ʯ

  8. ͋ʔʜʜ  *".ϩʔϧ ɹݸ ࡞Γ͍ͨͳᴸᴸᴸ

  9. ͍ͱ΋ͨ΍͘͢ߦΘΕΔߟྀͷ଍Γͳ͍ߦҝ  ʮͲ͏ͤ IAM ͬͯ ɹɹແྉͩ͠ͳʯ Θͨ͠

  10. ͍ͱ΋ͨ΍͘͢ߦΘΕΔߟྀͷ଍Γͳ͍ߦҝ  ʮͲ͏ͤ IAM ͬͯ ɹɹແྉͩ͠ͳʯ ˛Կ͔͕ߦΘΕ͍ͯΔ༷ࢠ Կ͔Λ͢ΔΘͨ͠

  11. શ༰͸ͪ͜ΒΛͲ͏ͧ  Զୡ͸͍ͭ·Ͱ΋ཱͪਚ͘͠ ݟͭΊ͍ͯͨᴸᴸᴸ ਺ଟͷ*".ϩʔϧ͕ҠΖ͏Α͏ ʹ࿈࠯͍ͯ͘͠ɺͦͷ͞·Λɻ

  12. :PV`WF(PU"/PUJpDBUJPO  ✉ 💨💨💨

  13. :PV`WF(PU"/PUJpDBUJPO 

  14. :PV`WF(PU"/PUJpDBUJPO  65.3υϧ

  15. :PV`WF(PU"/PUJpDBUJPO  65.3υϧ 👁👁 👄 ͕ܲ౾మ๒ΛᷰΒͬͨΑ͏ͳإΛ͢ΔΘͨ͠

  16. γϯΩϯάλΠϜ  ʮߟ͑Ζᴸᴸߟ͑ΔΜͩᴸᴸᴸʜʜʯ

  17. ʁʁ ʁʁ ݪҼ͸$POpHͰͨ͠  👁 👁 ʮ*".ϩʔϧΛݸ࡞ͬͨΒ ɹ֤Ϧʔδϣϯͷ$POpHʹิ଍͞Ε·ͨ͠ʯ ʮෆཁͳه࿥ΛࢭΊ·ͨ͠ʯ ʁʁʁʁ

    ʁʁʁ ʁʁʁʁ

  18. ݪҼ͸$POpHͰͨ͠  👁 👁 ʮ*".ϩʔϧΛݸ࡞ͬͨΒ ɹ֤Ϧʔδϣϯͷ$POpHʹิ଍͞Ε·ͨ͠ʯ ʮෆཁͳه࿥ΛࢭΊ·ͨ͠ʯ

  19. $POpH  $POpH <ίϯϑΟά>

  20. "84$POpHͱ͸  l"84$POpH͸ɺ"84ϦιʔεͷઃఆΛධՁɺ؂ࠪɺ৹ࠪͰ͖ΔαʔϏεͰ͢ɻ $POpHͰ͸ɺ"84Ϧιʔεͷઃఆ͕ܧଓతʹϞχλϦϯά͓Αͼه࿥͞Εɺ ๬·ΕΔઃఆʹର͢Δه࿥͞ΕͨઃఆͷධՁΛࣗಈతʹ࣮ߦͰ͖·͢ɻz https:// aws.amazon.com/jp/ config/ https://www.slideshare.net/ AmazonWebServicesJapan/

    20190618-aws-black-belt- online-seminar-aws-config

  21. 5SBJMͱ$POpHͷҧ͍  A͞Μ B͞Μ ΠϯελϯεA Πϯελϯε ৽ن࡞੒ Πϯελϯε λΠϓมߋ 

     m5.xlarge m5.large

  22. 5SBJMͱ$POpHͷҧ͍  A͞Μ B͞Μ ΠϯελϯεA Πϯελϯε ৽ن࡞੒ Πϯελϯε λΠϓมߋ 

     m5.xlarge m5.large Cloud Trail AWS Config

  23. ͦΕΛ౿·͑ͯ  Կ͕ى͍ͬͯͨ͜ͷ͔

  24. Կ͕ى͍ͬͯͨ͜ͷ͔  ͍ͬͪΐ ΍ͬͯΈ͔ͬʂ

  25. Կ͕ى͍ͬͯͨ͜ͷ͔  ϩʔϧΛ ͨ͘͞Μ ࡞Δͧʂ

  26. Կ͕ى͍ͬͯͨ͜ͷ͔  ϙϦγʔΛ ͦΕͧΕ ͚ͭΔͧʂ

  27. Կ͕ى͍ͬͯͨ͜ͷ͔  ͍ͬͨΜ ࡟আ͢Δͧʂ

  28. Կ͕ى͍ͬͯͨ͜ͷ͔  ϩʔϧΛ ͨ͘͞Μ ࡞Δͧʂ

  29. Կ͕ى͍ͬͯͨ͜ͷ͔  ϙϦγʔΛ ͦΕͧΕ ͚ͭΔͧʂ

  30. Կ͕ى͍ͬͯͨ͜ͷ͔  ͍ͬͨΜ ࡟আ͢Δͧʂ

  31. શ෦ه࿥ͯ͠·ͨ͠Α  ώΟ શ෦ه࿥ ͯ͠·ͨ͠Α ౦ژͷ Config ʁʁʁ

  32. ࢲ΋શ෦ه࿥ͯ͠·ͨ͠Α  ώΟ ౦ژͷ Config ʁʁʁ όʔδχΞͷ Config ʁʁʁ ࢲ΋

    શ෦ه࿥ ͯ͠·ͨ͠Α

  33. ح۰ͩͳɺԶ΋ه࿥ͯͨ͠Α  ώΟ ౦ژͷ Config ʁʁʁ όʔδχΞͷ Config ʁʁʁ ح۰ͩͳɺ

    Զ΋ه࿥ͯͨ͠Α ϜϯόΠͷ Config ʁʁʁ

  34. ʮʮʮ͓͍͓͍ɺԶͨͪΛ๨ΕΔͳΑʜʁʯʯʯ  ౦ژͷ Config ʁʁʁ όʔδχΞͷ Config ʁʁʁ ح۰ͩͳɺ Զ΋ه࿥ͯͨ͠Α

    ϜϯόΠͷ Config ʁʁʁ ֤Ϧʔδϣϯͷ Configͨͪ ʁʁʁ ώϡο ح۰ͩͳɺ Զ΋ه࿥ͯͨ͠Α ح۰ͩͳɺ Զ΋ه࿥ͯͨ͠Α ح۰ͩͳɺ Զ΋ه࿥ͯͨ͠Α ح۰ͩͳɺ Զ΋ه࿥ͯͨ͠Α ح۰ͩͳɺ Զ΋ه࿥ͯͨ͠Α ح۰ͩͳɺ Զ΋ه࿥ͯͨ͠Α ح۰ͩͳɺ Զ΋ه࿥ͯͨ͠Α ح۰ͩͳɺ Զ΋ه࿥ͯͨ͠Α ͓͍͓͍ɺ ԶͨͪΛ ๨ΕΔͳΑʜʁ ͓͍͓͍ɺ ԶͨͪΛ ๨ΕΔͳΑʜʁ

  35. ֤Ϧʔδϣϯʢݸʣͷ$POpH  ౦ژͷ Config όʔδχΞͷ Config ϜϯόΠͷ Config ֤Ϧʔδϣϯͷ Configͨͪ

    ͋Γ͕ͱ͏ ͍͟͝·͢

  36. νϦ΋ੵ΋Ε͹υϧ௒͑Δ  46υϧ 5υϧ 2021೥3݄શମ 2021೥4݄த० ʮ͓΅Ζ͛ͳ͕Β ු͔ΜͰ͖ͨΜͰ͢ɻʯ

  37. $POpHͷྉۚ  ɾه࿥͞Εͨઃఆ߲໨͝ͱʹ0.003USD ɾ1000ΠϕϯτͰ3USD ɾIAM ͸άϩʔόϧϦιʔεͳͷͰ ɹશϦʔδϣϯͷ Config ͕ه࿥ ͋Γ͕ͱ͏

    ͍͟͝·͢

  38. $POpH͚ͩ͡Όͳ͍  େྔͷAPIίʔϧ Ͳ͏ͨ͠ Ͳ͏ͨ͠ Ͳ͏ͨ͠ Ͳ͏ͨ͠ ֤Ϧʔδϣϯͷ Trail ֤Ϧʔδϣϯͷ

    GuardDuty

  39. 5SBJMͱ(VBSE%VUZͷྉۚ  ௥Ճͷίϐʔ ഑৴͞Εͨ ؅ཧΠϕϯτ͋ͨΓ64% 6υϧ Trail 9υϧ GuardDuty ສΠϕϯτ͋ͨΓ64%

    ສΠϕϯτ͋ͨΓ64%

  40. ͘͠͡Βͳ͍ͨΊʹ  Ͳ͏͢Ε͹ආ͚ΒΕͨͷ͔

  41. ̏ͭ͋Γ·͢  • ɹ • ɹ • ɹ

  42. ̏ͭ͋Γ·͢  • IAMϩʔϧͰ༡͹ͳ͍ • ɹ • ɹ

  43. ̏ͭ͋Γ·͢  • IAMϩʔϧͰ༡͹ͳ͍ • ྉۚʹ͍ͭͯͷ௨஌Λ༗ޮԽ͢Δ • ɹ

  44. ྫ͑͹  • ੥ٻΞϥʔτ • AWS Budgets • ࡞ΓࠐΈʹΑΔఆظऔಘ https://dev.classmethod.jp/articles/

    aws-budgets-alert-by-aws-chatbot/ https://dev.classmethod.jp/articles/ notify-slack-aws-billing/

  45. ࢲ΋΍ͬͯ·͢  ͸͍ʜʜ

  46. ̏ͭ໨  • IAMϩʔϧͰ༡͹ͳ͍ • ྉۚʹ͍ͭͯͷ௨஌Λ༗ޮԽ͢Δ • ConfigͷϕετϓϥΫςΟεʹ ͷͬͱΔ

  47. $POpHͷϕετϓϥΫςΟε  https:// aws.amazon.com/jp/ blogs/news/aws- config-best-practices/ Config ϕετϓϥΫςΟε ϒϩά |

    ݕࡧ 20ݸͷϓϥΫςΟε

  48. $POpHͷϕετϓϥΫςΟεʢൈਮʣ  1. ͢΂ͯͷΞΧ΢ϯτͱϦʔδϣϯͰ AWS Config Λ༗ޮʹ͢Δ 2. ͢΂ͯͷϦιʔελΠϓͷઃఆมߋΛه࿥͢Δ 3.

    1ͭͷϦʔδϣϯͰͷΈάϩʔόϧϦιʔεΛه࿥͢Δ 4. ઃఆཤྺͱεφοϓγϣοτϑΝΠϧΛऩू͢ΔϓϥΠϕʔτ ͳ S3 όέοτΛ࢖༻͢Δ 5. ……

  49. ͭͷϦʔδϣϯͰͷΈάϩʔόϧϦιʔεΛه࿥͢Δ  ౦ژͷ Config ֤Ϧʔδϣϯͷ Configͨͪ ࢲ͚͕ͩ ه࿥͠·͢ …… ͸͍ʜʜ

  50.  ҰํͰ

  51. $POpHͷϕετϓϥΫςΟεʢൈਮʣ  1. ͢΂ͯͷΞΧ΢ϯτͱϦʔδϣϯͰ AWS Config Λ༗ޮʹ͢Δ 2. ͢΂ͯͷϦιʔελΠϓͷઃఆมߋΛه࿥͢Δ 3.

    1ͭͷϦʔδϣϯͰͷΈάϩʔόϧϦιʔεΛه࿥͢Δ 4. ઃఆཤྺͱεφοϓγϣοτϑΝΠϧΛऩू͢ΔϓϥΠϕʔτ ͳ S3 όέοτΛ࢖༻͢Δ 5. …… ͷͬͱΔͷ͕ ϚετͰ͸ͳ͍

  52. $POpHͷه࿥ର৅ͷબ୒  https://docs.aws.amazon.com/ja_jp/ config/latest/developerguide/resource- config-reference.html ݸऑͷ ϦιʔελΠϓͷத͔Β ඞཁ෼ͷΈΛબ୒

  53. ຊ౰ʹه࿥͕ඞཁʁίετΛҙࣝ͠Α͏  ྫʣAutoScaling ؔ࿈Ϧιʔε͕͢΂ͯه࿥ର৅ͱͳΔͨΊɺ සൟʹஔ͖׵͕͑ߦΘΕΔ৔߹ɺ ίετ͕ਹΉ͜ͱ΋ɻ Auto scaling Instance Elastic

    network interface Volume Security group શ෦ه࿥ʹ࢒͢ඞཁ ͋Δ͔ͳʁ

  54. ৽نରԠϦιʔε΋ه࿥ͯ͘͠ΕΔͷ͸خ͍͚͠ΕͲ  2021/2/26 •Configͷه࿥ର৅͕૿͑ͨ •ʮ͢΂ͯΛه࿥ʯͷ৔߹ɺ৽نͷର৅΋ࣗ ಈతʹه࿥։࢝ •͜Ε·Ͱൃੜ͍ͯ͠ͳ͔ͬͨίετ͕ٸʹ ૿͑ͨɺͱ͍͏͜ͱ΋ى͜Γ͏Δ

  55. ه࿥͢Δ͜ͱΛݪଇͱͭͭ͠ίετ΋ҙࣝ  • ه࿥Λ࢒͢ͷ͸େࣄ • ίετݟ߹͍Ͱऔࣺબ୒Λ Config Trail GuardDuty Ϧιʔεͷ

    ઃఆ಺༰Λ ه࿥͠·͢ ΠϕϯτΛ ه࿥͠·͢ ෆ৹ͳ ΞΫςΟϏςΟΛ ݕ஌͠·͢

  56.  ·ͱΊ

  57. ࣋ͪؼ͍ͬͯͩ͘͞  ʮ͋ɺ͜͜ʹར༻අ͔͔ΔΜͩͳʯ ʮAWS Config ͷϕετϓϥΫςΟεʯ

  58. ࣋ͪؼ͍ͬͯͩ͘͞  ʮ͋ɺ͜͜ʹར༻අ͔͔ΔΜͩͳʯ ʮAWS Config ͷϕετϓϥΫςΟεʯ ʮIAMϩʔϧͰ༡ΜͰ͸͍͚ͳ͍ʯ