Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWS IAM で MFA 有効でないユーザを awscli + Mackerel で監視する...

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for do-su-0805 do-su-0805
May 12, 2019
Programming
320
0

AWS IAM で MFA 有効でないユーザを awscli + Mackerel で監視する / Monitoring users who are not MFA enabled with AWS IAM with awscli + Mackerel

#kosen10s LT#14 で発表したネタです。AWS IAM に登録されたユーザで、多要素認証が有効でないユーザを調べて Mackerel で監視するまでです。

Avatar for do-su-0805

do-su-0805

May 12, 2019

More Decks by do-su-0805

See All by do-su-0805
元SREのCREが伝えたい、Mackerelをもっと活用するための実践Tips集 / Mackerel Drink Up #11 do-su-0805
Avatar for do-su-0805 dosu0805
0
320
iptables を使って、 2回に1回 ping が落ちる サーバを作る / Use iptables to create a server that pings once every two times
Avatar for do-su-0805 dosu0805
0
1.5k
とある高専生の進路例/Example of a certain college student
Avatar for do-su-0805 dosu0805
1
1.3k
Webアプリケーション初心者が ISUCON 4 予選を通じてパフォーマンスの測定改善をした話 / newcomers of web application improvements in performance measurement through ISUCON 4 qualifying
Avatar for do-su-0805 dosu0805
0
1.4k

Other Decks in Programming

See All in Programming
Symfony AI in Action - SymfonyLive Berlin 2026
Avatar for Christopher Hertel chr_hertel
1
120
【26新卒研修資料】TDD実装演習
Avatar for ディップ株式会社 dip_tech
PRO
0
170
AWSコミュニティ活動は顧客のクラウド推進に効くのか / Do AWS community activities help customers adopt the cloud?
Avatar for shiro seike seike460
PRO
0
170
【26新卒研修】OpenAPI/Swagger REST API研修
Avatar for ディップ株式会社 dip_tech
PRO
0
140
Spec-Driven Development with AI Agents (Workshop, May 2026)
Avatar for Anton Arhipov antonarhipov
2
310
ついに来た!本格的なマルチクラウド時代の Google Cloud
Avatar for maroon1st maroon1st
0
380
How We Practice Exploratory Testing in Iterative Development( #scrumniigata ) / 反復開発の中で、探索的テストをどう実施しているか
Avatar for teyamagu teyamagu
PRO
3
710
Building on Bluesky's AT Protocol with Ruby
Avatar for Kuba Suder mackuba
0
100
PicoRuby for IoT: Connecting to the Cloud with MQTT
Avatar for Y_uuu yuuu
2
760
決定論 vs 確率論:Gemini 3 FlashとTF-IDFを組み合わせた「法規判定エンジン」の構築
Avatar for Shu Kobuchi shukob
0
150
「OSSがあるなら自作するな」は AI時代も正しいか ── Build vs Adopt の新しい判断基準
Avatar for Kumo Ishikawa kumorn5s
5
1.4k
書き換えて学ぶTemporal #fukts
Avatar for Hiroyuki ANAI pirosikick
2
350

Featured

See All Featured
Conquering PDFs: document understanding beyond plain text
Avatar for Ines Montani inesmontani
PRO
4
2.7k
Bootstrapping a Software Product
Avatar for Garrett Dimon garrettdimon
PRO
307
120k
Google's AI Overviews - The New Search
Avatar for Barry Adams badams
0
1k
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
183
10k
SEO Brein meetup: CTRL+C is not how to scale international SEO
Avatar for Linda Hogenes lindahogenes
1
2.6k
Building an army of robots
Avatar for Kyle Neath kneath
306
46k
Technical Leadership for Architectural Decision Making
Avatar for Kenny Baas-Schwegler baasie
3
350
From π to Pie charts
Avatar for Rasagy Sharma rasagy
0
180
Lightning Talk: Beautiful Slides for Beginners
Avatar for Ines Montani inesmontani
PRO
1
530
How to make the Groovebox
Avatar for あそなす asonas
2
2.2k
Writing Fast Ruby
Avatar for Erik Berlin sferik
630
63k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
Avatar for Addy Osmani addyosmani
10
1.2k

Transcript

  1. AWS IAM Ͱ MFA ༗ޮͰͳ͍ϢʔβΛ
 awscli + Mackerel Ͱ؂ࢹ͢Δ Kosen10s

    LT#14 do_su_0805

  2. ΞδΣϯμ w 5-%3 w ߏ੒ਤ w ֤छઃఆ

  3. 5-%3 • awscli ͷ `aws iam` Λ࢖͏ͱɺMFA ͕༗ޮͰͳ͍Ϣʔβ͕ൈ͖ग़ͤΔ
 ◦ ҰൃͰ͸ൈ͖ग़ͤͳ͍ͷͰɺ૊Έ߹Θ͍ͤͯ͘


    ◦ ϋʔυ΢ΣΞΩʔͳϢʔβ͚ͩൈ͖ग़͢ͷ͕ͪΐͬͱେม
 • ͦͷ਺Λ Mackerel ͷϝτϦοΫͱͯ͠౤ߘ͠ɺ؂ࢹ͢Δ
 ◦ ϝτϦοΫͱͯ͠ඞཁͳ͍ͳΒɺνΣοΫ؂ࢹͰ΋ಉ͜͡ͱ͕Ͱ͖Δ

  4. ߏ੒ਤ ਤߏ੒ਤ

  5. BXTDMJʹ͍ͭͯ l"84ίϚϯυϥΠϯΠϯλʔϑΣΠε $-* ͸ɺ"84αʔϏεΛ؅ཧ͢ ΔͨΊͷ౷߹πʔϧͰ͢ɻμ΢ϯϩʔυ͓Αͼઃఆ༻ͷ୯ҰͷπʔϧͷΈΛ ࢖༻ͯ͠ɺίϚϯυϥΠϯ͔Βෳ਺ͷ"84αʔϏεΛ੍ޚ͠ɺεΫϦϓτ Λ࢖༻ͯ͜͠ΕΒΛࣗಈԽ͢Δ͜ͱ͕Ͱ͖·͢ɻz 
 "84ίϚϯυϥΠϯΠϯλʔϑΣΠεIUUQTBXTBNB[PODPNKQDMJ
 !5

  6. .BDLFSFMʹ͍ͭͯ l.BDLFSFMʢϚΧϨϧʣ͸ɺӡ༻தͷΫϥ΢υ΋͘͠͸ΦϯϓϨϛεͷαʔ όʹΤʔδΣϯτΛͭೖΕΔ͚ͩͰɺ؆୯ʹαʔό؅ཧΛ࢝ΊΒΕ·͢ɻ ؂ࢹαʔόࣗ਎ͷߏஙɾӡ༻͸ෆཁͰ͢ɻ͞ΒʹෛՙͷϦιʔεঢ়گͳͲͷ ਺஋ΛάϥϑʹՄࢹԽ͠·͢ɻো֐ൃੜ࣌ʹ͸Ξϥʔτ͕ه࿥͞Εɺ༷ʑͳ πʔϧʹ௨஌Ͱ͖·͢ɻγεςϜӡ༻อकʹ࠷దͳ؂ࢹαʔϏεͰ͢ɻz 
 ಛ௕ͱػೳಛ௕z l.BDLFSFMʢϚΧϨϧʣ৽ੈ୅ͷαʔό؅ཧɾ؂ࢹαʔϏε
 IUUQTNBDLFSFMJPKBGFBUVSFT


    !6

  7. ਤ.BDLFSFM
 IUUQTNBDLFSFMJPKB

  8. BXTDMJΛ࢖ͬͯ৘ใΛऔಘ͢Δ w ొ৔͢ΔίϚϯυ͸ͭ w BXTJBNMJTUVTFST w "84*".ϢʔβͷҰཡΛऔಘ w BXTJBNMJTUWJSUVBMNGBEFWJDFT w

    "84*".ʹొ࿥͞Ε͍ͯΔԾ૝.'"σόΠεҰཡΛऔಘ w BXTJBNMJTUNGBEFWJDFTVTFSOBNF\VTFS^ w "84*".ʹొ࿥͞Ε͍ͯΔɺಛఆϢʔβͷ.'"σόΠεҰཡΛऔಘ

  9. BXTDMJΛ࢖ͬͯ৘ใΛऔಘ͢Δ  MJTUVTFSTͰϢʔβҰཡΛग़͢ w BXTJBNMJTUVTFSTcKR6TFST<>cTFMFDU 1BTTXPSE-BTU6TFEOVMM c6TFS/BNFScTPSU w JBNMJTUVTFSTͷ݁Ռ͔ΒɺʮύεϫʔυϩάΠϯͨ͠ϢʔβʯͷҰཡ Λऔಘ

  10. BXTDMJΛ࢖ͬͯ৘ใΛऔಘ͢Δ  MJTUWJSUVBMNGBEFWJDFTͰ༗ޮͳԾ૝.'"σόΠεͷॴ༗ऀΛग़͢ w BXTJBNMJTUWJSUVBMNGBEFWJDFTcKR7JSUVBM.'"%FWJDFT<>cTFMFDU &OBCMF%BUFOVMM a
 c6TFS6TFS/BNFScTPSU w JBNMJTUWJSUVBMNGBEFWJDFTͷ݁Ռ͔ΒɺԼهͷΑ͏ʹߜΓࠐΉ

    w ʮԾ૝.'"σόΠεҰཡ͔Βʯ w ʮ༗ޮͳσόΠεͷҰཡΛग़͠ʯ w ʮͦͷॴ༗ऀΛऔಘ͢Δʯ

  11. BXTDMJΛ࢖ͬͯ৘ใΛऔಘ͢Δ  MJTUNGBEFWJDFTͰಛఆϢʔβʹ༗ޮͳ.'"σόΠε͕͋Δ͔Λௐ΂Δ w GPSVTFSJO ʮʯͷ݁Ռͱʮʯͷ݁Ռͷࠩ෼Ϣʔβ EP
 BXTJBNMJTUNGBEFWJDFTVTFSOBNF\VTFS^cKR.'"%FWJDFT<>a
 cTFMFDU &OBCMF%BUFOVMM

    c6TFS/BNFS
 EPOF w ʮʯͱʮʯͷ݁Ռͷࠩ෼ͱͯ͠දࣔ͞ΕͨϢʔβ͕ɺଞʹσόΠε͕ͳ͍͔Λௐ΂Δ w ʮʯͷ݁Ռ͸ʰԾ૝.'"σόΠεʱͳͷͰϋʔυ΢ΣΞΩʔ͸ೖΒͳ͍ w ͔ͱ͍ͬͯɺʮʯͰऔಘͨ͠શϢʔβΛ্هͰݕࡧ͢Δͷ΋ͳ͊ɾɾɾ w ௐ΂ͯɺݟ͔ͭͬͨΒʮʯಉ༷ʹϢʔβ໊Λऔಘ͢Δ

  12. BXTDMJΛ࢖ͬͯ৘ใΛऔಘ͢Δ  औಘ݁ՌΛ΋ͱʹ·ͱΊΔ w ʮʯͷ݁ՌશϢʔβʜ" w ʮʯͷ݁ՌԾ૝.'"σόΠεͰ.'"͍ͯ͠ΔϢʔβʜ# w ʮʯͷ݁Ռϋʔυ΢ΣΞσόΠεͰ.'"͍ͯ͠ΔϢʔβʜ$ w

    #ͱ$ͷVOJR߹ܭ.'"༗ޮͳϢʔβʜ% w "ͱ%ͷࠩ෼.'"͕༗ޮͰͳ͍Ϣʔβ

  13. .BDLFSFMͰ؂ࢹ͢Δ w ࢼ͠ʹ ϗετϝτϦοΫͱͯ͠.BDLFSFMʹ౤ߘ͢Δ w NBDLFSFMBHFOUDPOGʹ͜Μͳײ͡ʹॻ͍ͯ w <QMVHJONFUSJDTBXTJBNNGB>
 DPNNBOEl Χ΢ϯτεΫϦϓτ

    l w ͜Μͳײ͡ʹεΫϦϓτ͕ग़ྗ͢Δͱ ۭന͸UBC  w "84@*".BMMVTFST
 "84@*".WJSUVBMNGBVTFST
 "84@*".IBSEXBSFNGBVTFST
 "84@*".XSPOH@VTFS

  14. .BDLFSFMͰ؂ࢹ͢Δ w ࢼ͠ʹ ϗετϝτϦοΫͱͯ͠.BDLFSFMʹ౤ߘ͢Δ w ͜͏ͳΔ
 ਤ౤ߘྫ

  15. .BDLFSFMͰ؂ࢹ͢Δ w αʔϏεϝτϦοΫͱͯ͠.BDLFSFMʹ౤ߘ͢Δͱ͖͸ w ͖ͬ͞ͷܭࢉ݁ՌΛ"1*ܦ༝Ͱ౤ߘͨ͠Γ w BQJWTFSWJDFTTFSWJDF/BNFUTECʹ1045͢Δ w ͖ͬ͞ͷܭࢉ݁ՌΛNLSUISPXͰ౤ߘͨ͠Γ w

    ্ه"1*ͷXSBQQFS

  16. .BDLFSFMͰ؂ࢹ͢Δ w νΣοΫ؂ࢹͰ؂ࢹ͢Δ৔߹ʢϢʔβ਺͸͍Βͳ͍ਓ޲͚ʣ w NBDLFSFMBHFOUDPOGʹ͜Μͳײ͡ʹॻ͍ͯ w <QMVHJODIFDLTBXTJBNNGB>
 DPNNBOEl Χ΢ϯτεΫϦϓτ l

    w εςʔλε ͱҰॹʹϝοηʔδ Λฦ͢εΫϦϓτΛஔ͘ w ʮ.'"༗ޮ͡Όͳ͍Ϣʔβ͕ʯͳΒ0, FYJU  w ʮ.'"༗ޮ͡Όͳ͍Ϣʔβ͕͡Όͳ͍ʯͳΒͩΊ
  FYJU

  17. .BDLFSFMͰ؂ࢹ͢Δ w ؂ࢹϧʔϧͰ͢Δ৔߹ Ϣʔβ਺ͷਪҠͳͲ΋ཉ͍͠ਓ޲͚ʣ w ϗετPSαʔϏεϝτϦοΫͱͯ͠౤ߘ͢Δ w ؂ࢹϧʔϧΛӈͷΑ͏ʹ࡞੒͢Δ ਤ؂ࢹϧʔϧͷઃఆྫ