Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
RDSのパスワードローテーションについて考えてみた話
Search
hoshino tsuyoshi
April 04, 2024
Technology
1
120
RDSのパスワードローテーションについて考えてみた話
hoshino tsuyoshi
April 04, 2024
Tweet
Share
More Decks by hoshino tsuyoshi
See All by hoshino tsuyoshi
Reasonable logging in BtoB Application
hoshinotsuyoshi
5
110
GitHub Actionsで `shell` に `ruby {0}` と書ける話
hoshinotsuyoshi
2
160
「技術的負債」について私から言えること私から言えないこと
hoshinotsuyoshi
2
1.1k
spreeのrails updateの戦いの歴史と github上のPR作成時の工夫
hoshinotsuyoshi
0
1k
Ruby is fun but difficult
hoshinotsuyoshi
0
390
バッチ処理でhakoを使う話
hoshinotsuyoshi
0
9.7k
docker swarm 触ってみた #dockerlt
hoshinotsuyoshi
0
1.1k
貧者のためのCoreOS(Jenkinsを例に)
hoshinotsuyoshi
1
1.6k
個人で使ってみた Docker と CoreOSとか
hoshinotsuyoshi
7
3.6k
Other Decks in Technology
See All in Technology
【CEDEC2025】大規模言語モデルを活用したゲーム内会話パートのスクリプト作成支援への取り組み
cygames
PRO
1
430
手動からの解放!!Strands Agents で実現する総合テスト自動化
ideaws
3
400
alecthomas/kong はいいぞ
fujiwara3
6
1.2k
[MIRU25] NaiLIA: Multimodal Retrieval of Nail Designs Based on Dense Intent Descriptions
keio_smilab
PRO
1
150
人と生成AIの協調意思決定/Co‑decision making by people and generative AI
moriyuya
0
200
VLMサービスを用いた請求書データ化検証 / SaaSxML_Session_1
sansan_randd
0
140
CSPヘッダー導入で実現するWebサイトの多層防御:今すぐ試せる設定例と運用知見
llamakko
1
270
増え続ける脆弱性に立ち向かう: 事前対策と優先度づけによる 持続可能な脆弱性管理 / Confronting the Rise of Vulnerabilities: Sustainable Management Through Proactive Measures and Prioritization
nttcom
1
220
Unson OS|48時間で「売れるか」を判定する AI 市場検証プラットフォーム
unson
0
100
会社もクラウドも違うけど 通じたコスト削減テクニック/Cost optimization strategies effective regardless of company or cloud provider
aeonpeople
2
400
Vision Language Modelと自動運転AIの最前線_20250730
yuyamaguchi
2
820
Recoil脱却の現状と挑戦
kirik
3
480
Featured
See All Featured
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
130
19k
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
357
30k
Building a Scalable Design System with Sketch
lauravandoore
462
33k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
138
34k
BBQ
matthewcrist
89
9.8k
RailsConf 2023
tenderlove
30
1.2k
Agile that works and the tools we love
rasmusluckow
329
21k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.4k
Navigating Team Friction
lara
187
15k
Transcript
3%4ͷύεϫʔυϩʔςʔγϣϯʹ͍ͭͯ ߟ͑ͯΈͨ PNPUFTBOEPSC
ࣗݾհ w ໊લIPTIJOPUTVZPTIJ HJUIVC IPQQJFTUBS UXJUUFS w PNPUFTBOEPSCճ͙Β͍ͷ-5Ͱ͢ ͿΓ
w 8FCΞϓϦέʔγϣϯΤϯδχΞ w %9ؔ࿈ͷ4BB4اۀॴଐ
͍ͨ͜͠ͱ w Έ w 3BJMTΞϓϦͰͲ͏Δ͔ w ΠϯϑϥपΓͷઃఆ ͕࣌ؒ͋Ε
ࠓճྫͱͯ͠ߟ͑Δ3BJMTΞϓϦपลͷߏ w 'BSHBUF্Ͱ&$4λεΫ ͕ಈ͘ w QVNB XFC w TJEFLJR
XPSLFS w όονॲཧ ύεϫʔυ3BJMTͷ$SFEFOUJBMػೳɺ"844FDSFU.BOBHFSɺ"8444.ύϥϝʔλ ετΞΛ͏͜ͱ͕ଟ͍ͱࢥ͍·͢ ϢʔβʔɾύεϫʔυͰೝূ ϢʔβʔɾύεϫʔυͰೝূ
͠ɺ͍·%#αʔόʔͷύεϫʔυΛม͑ͨ͘ͳͬͨΒʁ ʢΈͳ͞Μߟ͑ͯΈ͍ͯͩ͘͞ʣ w ͍͖ͳΓม͑ΒΕΔ͔ʁ w όονॲཧతͳͷͷ߹ w w ࠓ·͞ʹಈ͍͍ͯΔXFCαʔόʔ
QVNB XPSLFSαʔόʔ TJEFLJR w w
͠ɺ͍·%#αʔόʔͷύεϫʔυΛม͑ͨ͘ͳͬͨΒʁ ʢΈͳ͞Μߟ͑ͯΈ͍ͯͩ͘͞ʣ w ͍͖ͳΓม͑ΒΕΔ͔ʁ w όονॲཧతͳͷͷ߹ w Ͱ͖ͦ͏ w ࠓ·͞ʹಈ͍͍ͯΔXFCαʔόʔ
QVNB XPSLFSαʔόʔ TJEFLJR w w
͠ɺ͍·%#αʔόʔͷύεϫʔυΛม͑ͨ͘ͳͬͨΒʁ ʢΈͳ͞Μߟ͑ͯΈ͍ͯͩ͘͞ʣ w ͍͖ͳΓม͑ΒΕΔ͔ʁ w όονॲཧతͳͷͷ߹ w Ͱ͖ͦ͏ w ࠓ·͞ʹಈ͍͍ͯΔXFCαʔόʔ
QVNB XPSLFSαʔόʔ TJEFLJR w %#αʔόʔଆͰมߋͨ͠ॠؒʹΤϥʔଟൃͦ͠͏ w Τϥʔͳ͘ߦ͏ͷͦ͠͏ʁ🤔Ͳ͏͢ΕΑ͍͔
💡ϢʔβʔΛͭ࡞Ε͍͍ͷͰʁ w ࠓ͍ͬͯΔ%#ϢʔβʔΛϢʔβʔ"ͱ͢Δ w ͦΕΛίϐʔͯ͠શ͘ಉ͡ݖݶΛ࣋ͭϢʔβʔ#Λ࡞Δ w 3BJMTΞϓϦͰ͏ϢʔβʔɾύεϫʔυΛϢʔβʔ#ͷͷʹ͢Δ ճ w
w w
💡ϢʔβʔΛͭ࡞ͬͯύεϫʔυΛ৽͍͠ͷʹ͢Ε w ࠓ͍ͬͯΔ%#ϢʔβʔΛϢʔβʔ"ͱ͢Δ w ͦΕΛίϐʔͯ͠શ͘ಉ͡ݖݶΛ࣋ͭϢʔβʔ#Λ࡞Δ w 3BJMTΞϓϦͰ͏ϢʔβʔɾύεϫʔυΛϢʔβʔ#ͷͷʹ͢Δ ճ w
3BJMTΞϓϦͰ͏ϢʔβʔɾύεϫʔυΛϢʔβʔ"ͷͷʹ͢Δ ճ w 3BJMTΞϓϦͰ͏ϢʔβʔɾύεϫʔυΛϢʔβʔ#ͷͷʹ͢Δ ճ w
"84ʹͳΜͰ͋Δ
"844FDSFUT.BOBHFS
"84ʹͳΜͰ͋Δ w ࢀߟ<ϩʔςʔγϣϯઓུ"844FDSFUT.BOBHFSͷ֓೦"844FDSFUT.BOBHFS> IUUQT EPDTBXTBNB[PODPNKB@KQTFDSFUTNBOBHFSMBUFTUVTFSHVJEFHFUUJOHTUBSUFEIUNMSPUBUJPOTUSBUFHZ
"84ʹͳΜͰ͋Δ w ࢀߟ<ϩʔςʔγϣϯઓུ"844FDSFUT.BOBHFSͷ֓೦"844FDSFUT.BOBHFS> IUUQT EPDTBXTBNB[PODPNKB@KQTFDSFUTNBOBHFSMBUFTUVTFSHVJEFHFUUJOHTUBSUFEIUNMSPUBUJPOTUSBUFHZ 1⃣ 2⃣ 3⃣ 4⃣
1⃣ 2⃣
2⃣ 3⃣
3⃣ 4⃣
Έͷઆ໌
Έͷઆ໌ ϩʔςʔγϣϯؔ "84MBNCEB 3%4 ϩʔςʔγϣϯؔͰ3%4ʹΞΫηεͯ͠42-࣮ߦͯ͠ϢʔβʔใΛߋ৽͢Δ
"844FDSFUT.BOBHFSઃఆΠϝʔδ
"844FDSFUT.BOBHFSઃఆΠϝʔδ
"844FDSFUT.BOBHFSઃఆΠϝʔδ w ˠը໘ΛਐΊ͍ͯ͘ͱɺ-BNCEBؔ$MPVE'PSNBUJPOͷઃఆ͕࢝·Δ Β͍͠ w ެࣜࢀߟIUUQTEPDTBXTBNB[PODPNKB@KQTFDSFUTNBOBHFSMBUFTU VTFSHVJEFUVUPSJBMT@SPUBUJPOBMUFSOBUJOHIUNMUVUPSJBMT@SPUBUJPO BMUFSOBUJOH@TUFQSPUBUF w
ࠓճ͜ͷը໘ΘͣʹUFSSBGSPNͷBXT@DMPVEGSPNBUJPO@TUBDLΛ͍·ͨ͠ w ҎԼͷϖʔδେ͍ʹࢀߟʹ͠·ͨ͠ w <"844FDSFUT.BOBHFSͰ3%4ͷύεϫʔυϩʔςʔγϣϯͯ͠ΈΔJO @%FWFMPQFST*0> IUUQTEFWDMBTTNFUIPEKQBSUJDMFTTFDSFUTNBOBHFS QBTTXPSESPUBUJPO
͍ͨ͜͠ͱ w Έ✅ w 3BJMTΞϓϦͰͲ͏Δ͔ˡ w ΠϯϑϥपΓͷઃఆ ͕࣌ؒ͋Ε
3BJMTΞϓϦͰͲ͏͢Δ͔ w ࠓ·Ͱʮύεϫʔυ୯ମʯΛTFDSFUͱͯ͠ཧ͍͕ͯͨ͠ɺࠓޙ ʮ"844FDSFUT.BOBHFSγʔΫϨοτͷ+40/ߏʯͰཧ͞ΕΔΑ ͏ʹͳͬͨɻ w ͳͷͰɺͦΕʹରԠ͢Δ
"844FDSFUT.BOBHFSγʔΫϨοτͷ+40/ߏ ͱ w "VSPSB1PTUHSFTͷ߹ w ࢀߟ<"844FDSFUT.BOBHFSγʔΫϨοτͷ+40/ߏ"844FDSFUT.BOBHFS> IUUQTEPDTBXTBNB[PODPNKB@KQ TFDSFUTNBOBHFSMBUFTUVTFSHVJEFSFGFSFODF@TFDSFU@KTPO@TUSVDUVSFIUNMSFGFSFODF@TFDSFU@KTPO@TUSVDUVSF@SETQPTUHSFT
3BJMTଆରॲ࡞ઓ w લทͷ+40/ΛA3%4@%#@4&$3&5Aͱ͍͏ڥมͰड͚औΔ͜ͱʹ͠ ͨ w ͜ΕΛύʔεͯ͠Έཱͯͯ͠A%"5"#"4&@63-Aͷܗʹ͢Δ w 3BJMTɺڥมA%"5"#"4&@63-A͕͋Ε͜ΕΛར༻͢ΔΈ w AQPTUHSFTVTFSOBNF!QBTTXPSEQPSUECOBNF
PQUJPOTAͷܗʹ ͢Δ
CFGPSF DPO fi HEBUBCBTFZNM BGUFS
CFGPSF ίϯςφఆٛͷKTPO KTPOOFU BGUFS
ύʔε CJOSFBE@SET@EC@TFDSFU
Έཱͯ͢ EPDLFSFOUSZQPJOUTI
ಈ͔ͳ͔ͬͨ ͭ·͖ͮϙΠϯτ
͍ΖΜͳ߹Ͱ ύεϫʔυʹ͑ͳ͍จࣈ͕͋Δ w ϥϯμϜʹ࡞ͬͨύεϫʔυΛಡ͏ͱ͢ΔͱSBJMTىಈ࣌ʹΤϥʔ w ௐΔͱύεϫʔυʹʮʨ ʯ͕ೖͬͯΔͱΤϥʔ w ϥϯμϜʹ࡞ͬͨύεϫʔυΛಡ͏ͱ͢ΔͱSJEHFQPMF࣮ߦ࣌ʹΤϥʔ w
ௐΔͱύεϫʔυʹʮʴ ʯ͕ೖͬͯΔͱΤϥʔ
͍ΖΜͳ߹Ͱ ύεϫʔυʹ͑ͳ͍จࣈ͕͋Δ TFFBMTP<3BJMTͷ%"5"#"4&@63-ͰࢦఆͰ͖ Δύεϫʔυͷจࣈछ> IUUQT TJOTPLVIBUFOBCMPHDPNFOUSZ
͜ͷํ๏Ͱͷϩʔςʔγϣϯͷҙ w ϩʔςʔγϣϯͷִؒΑΓ͍εύϯͰ&$4λεΫ͕ೖΕସΘΔඞཁ͕ ͋Δ w ྫճͷϩʔςʔγϣϯͷͱ͖ʹɺճͷϩʔςʔγϣϯΑΓલ ͔Βಈ͍͍ͯΔ&$4λεΫ͕͋Δ߹ͦͷ&$4λεΫΛઌʹTUPQ͢ Δඞཁ͕͋Δ
͜ͷํ๏Ͱͷϩʔςʔγϣϯͷҙ ճͷϩʔςʔγϣϯͷ͋ͱɺ1⃣ͷͱ͖ ʹಈ͍͍ͯͨίϯςφ͕·͍ͩͬͯΔ߹ ଓΤϥʔʹͳͬͯ͠·͏ w ࠶ܝ 1⃣ 2⃣ 3⃣
͍ͨ͜͠ͱ w Έ✅ w 3BJMTΞϓϦͰͲ͏Δ͔✅ w ΠϯϑϥपΓͷઃఆ ͕࣌ؒ͋Ε ˡ
$MPVE'PSNBUJPOͰઃఆ͞ΕΔͷ w -BNCEBؔ w ͦͷ-BNCEBؔͷύʔϛογϣϯ w 4FDSFU.BOBHFS͔ΒͷΞΫηεʹݶఆ͞ΕΔ w *".ϩʔϧ
ͲΜͳ-BNCEB͔ؔʁ w IUUQTHJUIVCDPNBXTTBNQMFTBXTTFDSFUTNBOBHFSSPUBUJPOMBNCEBTͱ͍͏Ϧϙ δτϦͰެ։͞Ε͍ͯΔ
ͲΜͳ-BNCEB͔ؔʁ w MBNCEB@IBOEMFSͱ͍͏ϝΠϯ͔ؔΒҎԼͷؔΛݺͿ lambda_handlerؔAWS Secrets Manager͔ΒͷϩʔςʔγϣϯΠϕϯτΛॲཧ͢ΔͨΊͷΤϯτϦ ϙΠϯτͱͳΓ·͢ɻ ͜ͷؔ࣍ͷ4ͭͷεςοϓΛ࣮ߦ͠·͢: •createSecret: ৽͍͠γʔΫϨοτΛ࡞͠·͢ɻ
•setSecret: ৽͍͠γʔΫϨοτΛσʔλϕʔεʹద༻͠·͢ɻ •testSecret: ৽͍͠γʔΫϨοτ͕σʔλϕʔεʹਖ਼͘͠ద༻͞Εͨ͜ͱΛςετ͠·͢ɻ • fi nishSecret: ৽͍͠γʔΫϨοτΛAWSCURRENTͱͯ͠ϚʔΫ͠ɺݹ͍γʔΫϨοτΛ AWSPREVIOUSͱͯ͠ϚʔΫ͠·͢ɻ
ͦͷଞඞཁͳઃఆFUD w -BNCEB͕࣮ؔࡍʹ3%4ʹΞΫηε͢ΔͨΊͷ४උ w ωοτϫʔΫपΓ w 71$ηΩϡϦςΟάϧʔϓͷઃఆ͕ඞཁ w 3%4ࣗମ w
͜ͷ-BNCEBؔ༻ͷ%#Ϣʔβʔ ٴͼύεϫʔυ ࣄલʹඞཁ w ͦͷೝূใผ్4FDSFUT.BOBHFSʹೖΕ͓ͯ͘ඞཁ͋Γ w 1PTUHSFTͷ߹$3&"5&30-&ݖݶ͕ඞཁ
UFSSBGPSNઃఆྫ
͍ͨ͜͠ͱ w Έ✅ w 3BJMTΞϓϦͰͲ͏Δ͔✅ w ΠϯϑϥपΓͷઃఆ ͕࣌ؒ͋Ε ✅
͜͜·ͰͰ৮Εͳ͔ͬͨ w 3BJMTͷDPO fi HDSFEFOUJBMTZNMFOD 3"*-4@."45&3@,&: w 💭͏ʹ͏·ࠪ͘ϩάऔΓ͍ͨ w 3%4ͷ*".ೝূ
w 💭͜Ε͔ͨ͠͠ΒΜΓͦ͏ɾ3BJMTͰ͏·͑ͨ͘Βڭ͑ͯ΄ ͍͠ɾύϑΥʔϚϯεͪΐͬͱؾ͕͔Γ
࠷ޙʹ w 3BJMTʹσʔλϕʔεͷύεϫʔυʹ͑ͳ͍จࣈ͕͋Δ͜ͱΛͬͨ ͷऩ֭Ͱͨ͠ w օ͞ΜͷΓํͱ͔ΞΠσΞϊϋͱ͔͋Εڭ͑ͯԼ͍͞