AWS上でStripeを利用したアプリをより安全にデプロイする方法 /jaws-pankration-2021

Transcript

1. How to develop application safely using Stripe on AWS

2. Agenda • About Stripe • Using AWS to use Stripe

   more secure • Community information about Stripe

3. https://stripe.com/

4. We can add/do... • Send invoice and charge it •

   Membership / Subscription • Create marketplace (CtoC) • POS / Finance / Card / eKYC / etc...

5. Use case https://getshifter.io https://stripe.com/

6. Use Case: Shifter • Save/update credit card • Create/modify subscription

   • Provide PAYG option plan to customer • Analyze business (on Stripe Dashboard) • etc...

7. How to use it?

8. We need to get the API key to call Stripe

   API

9. Publishable API Key • For frontend • Tokenize Card and

   confirm payment Secret API Key • For backend • Access & modify all resource in Stripe

10. Publishable API Key • For frontend • Tokenize Card and

    confirm payment Secret API Key • For backend • Access & modify all resource in Stripe

11. “Restricted API Key” -> Custom API key -> Custom policy

12. Use API Key to init Client

13. And call Stripe API

14. • Stripe Secret API key is critical • We can

    access&modify real customer data • We need to hold it secure

15. AWS can hold the API key security

16. https://aws.amazon.com/secrets-manager/

17. None
18. None

19. • We never place API key on our local •

    Just call AWS API to get it • Set once, only read

20. Amplify CLI supports AWS Secrets Manager (and SSM)

21. Automatically generate a code to get the env value

22. • Secrets Manager can handle API key secure • AWS

    Amplify can use this from CLI • Stripe with AWS is good for developer • Let’s create your own SaaS bussiness !

23. Info & Community

24. Official Docs & Tutorial https://stripe.dev Japanese Community https://www.facebook.com/groups/jpstripes Discord https://discord.com/invite/stripe

25. https://qiita.com/advent-calendar/2021/stripe

26. https://stripe.events/jpdevguides

27. Thanks!