Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
RDSのパスワードローテーションについて考えてみた話
Search
hoshino tsuyoshi
April 04, 2024
Technology
1
110
RDSのパスワードローテーションについて考えてみた話
hoshino tsuyoshi
April 04, 2024
Tweet
Share
More Decks by hoshino tsuyoshi
See All by hoshino tsuyoshi
Reasonable logging in BtoB Application
hoshinotsuyoshi
5
90
GitHub Actionsで `shell` に `ruby {0}` と書ける話
hoshinotsuyoshi
2
150
「技術的負債」について私から言えること私から言えないこと
hoshinotsuyoshi
2
1.1k
spreeのrails updateの戦いの歴史と github上のPR作成時の工夫
hoshinotsuyoshi
0
970
Ruby is fun but difficult
hoshinotsuyoshi
0
370
バッチ処理でhakoを使う話
hoshinotsuyoshi
0
9.6k
docker swarm 触ってみた #dockerlt
hoshinotsuyoshi
0
1.1k
貧者のためのCoreOS(Jenkinsを例に)
hoshinotsuyoshi
1
1.6k
個人で使ってみた Docker と CoreOSとか
hoshinotsuyoshi
7
3.6k
Other Decks in Technology
See All in Technology
品質文化を支える小さいクロスファンクショナルなチーム / Cross-functional teams fostering quality culture
toma_sm
0
150
Porting PicoRuby to Another Microcontroller: ESP32
yuuu
4
470
ガバクラのAWS長期継続割引 ~次の4/1に慌てないために~
hamijay_cloud
1
460
Terraform Cloudで始めるおひとりさまOrganizationsのすゝめ
handy
2
200
生成AIによるCloud Native基盤構築の可能性と実践的ガードレールの敷設について
nwiizo
7
1.2k
AWSの新機能検証をやる時こそ、Amazon Qでプロンプトエンジニアリングを駆使しよう
duelist2020jp
1
280
アジャイル脅威モデリング#1(脅威モデリングナイト#8)
masakane55
3
230
更新系と状態
uhyo
8
1.9k
Making a MIDI controller device with PicoRuby/R2P2 (RubyKaigi 2025 LT)
risgk
1
320
CodePipelineのアクション統合から学ぶAWS CDKの抽象化技術 / codepipeline-actions-cdk-abstraction
gotok365
5
310
バクラクの認証基盤の成長と現在地 / bakuraku-authn-platform
convto
4
730
日経電子版 for Android の技術的課題と取り組み(令和最新版)/android-20250423
nikkei_engineer_recruiting
1
470
Featured
See All Featured
What's in a price? How to price your products and services
michaelherold
245
12k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
30
2.3k
Side Projects
sachag
453
42k
Building Adaptive Systems
keathley
41
2.5k
The Invisible Side of Design
smashingmag
299
50k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
41
2.3k
GitHub's CSS Performance
jonrohan
1030
460k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.5k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
9
760
Reflections from 52 weeks, 52 projects
jeffersonlam
349
20k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.2k
Gamification - CAS2011
davidbonilla
81
5.2k
Transcript
3%4ͷύεϫʔυϩʔςʔγϣϯʹ͍ͭͯ ߟ͑ͯΈͨ PNPUFTBOEPSC
ࣗݾհ w ໊લIPTIJOPUTVZPTIJ HJUIVC IPQQJFTUBS UXJUUFS w PNPUFTBOEPSCճ͙Β͍ͷ-5Ͱ͢ ͿΓ
w 8FCΞϓϦέʔγϣϯΤϯδχΞ w %9ؔ࿈ͷ4BB4اۀॴଐ
͍ͨ͜͠ͱ w Έ w 3BJMTΞϓϦͰͲ͏Δ͔ w ΠϯϑϥपΓͷઃఆ ͕࣌ؒ͋Ε
ࠓճྫͱͯ͠ߟ͑Δ3BJMTΞϓϦपลͷߏ w 'BSHBUF্Ͱ&$4λεΫ ͕ಈ͘ w QVNB XFC w TJEFLJR
XPSLFS w όονॲཧ ύεϫʔυ3BJMTͷ$SFEFOUJBMػೳɺ"844FDSFU.BOBHFSɺ"8444.ύϥϝʔλ ετΞΛ͏͜ͱ͕ଟ͍ͱࢥ͍·͢ ϢʔβʔɾύεϫʔυͰೝূ ϢʔβʔɾύεϫʔυͰೝূ
͠ɺ͍·%#αʔόʔͷύεϫʔυΛม͑ͨ͘ͳͬͨΒʁ ʢΈͳ͞Μߟ͑ͯΈ͍ͯͩ͘͞ʣ w ͍͖ͳΓม͑ΒΕΔ͔ʁ w όονॲཧతͳͷͷ߹ w w ࠓ·͞ʹಈ͍͍ͯΔXFCαʔόʔ
QVNB XPSLFSαʔόʔ TJEFLJR w w
͠ɺ͍·%#αʔόʔͷύεϫʔυΛม͑ͨ͘ͳͬͨΒʁ ʢΈͳ͞Μߟ͑ͯΈ͍ͯͩ͘͞ʣ w ͍͖ͳΓม͑ΒΕΔ͔ʁ w όονॲཧతͳͷͷ߹ w Ͱ͖ͦ͏ w ࠓ·͞ʹಈ͍͍ͯΔXFCαʔόʔ
QVNB XPSLFSαʔόʔ TJEFLJR w w
͠ɺ͍·%#αʔόʔͷύεϫʔυΛม͑ͨ͘ͳͬͨΒʁ ʢΈͳ͞Μߟ͑ͯΈ͍ͯͩ͘͞ʣ w ͍͖ͳΓม͑ΒΕΔ͔ʁ w όονॲཧతͳͷͷ߹ w Ͱ͖ͦ͏ w ࠓ·͞ʹಈ͍͍ͯΔXFCαʔόʔ
QVNB XPSLFSαʔόʔ TJEFLJR w %#αʔόʔଆͰมߋͨ͠ॠؒʹΤϥʔଟൃͦ͠͏ w Τϥʔͳ͘ߦ͏ͷͦ͠͏ʁ🤔Ͳ͏͢ΕΑ͍͔
💡ϢʔβʔΛͭ࡞Ε͍͍ͷͰʁ w ࠓ͍ͬͯΔ%#ϢʔβʔΛϢʔβʔ"ͱ͢Δ w ͦΕΛίϐʔͯ͠શ͘ಉ͡ݖݶΛ࣋ͭϢʔβʔ#Λ࡞Δ w 3BJMTΞϓϦͰ͏ϢʔβʔɾύεϫʔυΛϢʔβʔ#ͷͷʹ͢Δ ճ w
w w
💡ϢʔβʔΛͭ࡞ͬͯύεϫʔυΛ৽͍͠ͷʹ͢Ε w ࠓ͍ͬͯΔ%#ϢʔβʔΛϢʔβʔ"ͱ͢Δ w ͦΕΛίϐʔͯ͠શ͘ಉ͡ݖݶΛ࣋ͭϢʔβʔ#Λ࡞Δ w 3BJMTΞϓϦͰ͏ϢʔβʔɾύεϫʔυΛϢʔβʔ#ͷͷʹ͢Δ ճ w
3BJMTΞϓϦͰ͏ϢʔβʔɾύεϫʔυΛϢʔβʔ"ͷͷʹ͢Δ ճ w 3BJMTΞϓϦͰ͏ϢʔβʔɾύεϫʔυΛϢʔβʔ#ͷͷʹ͢Δ ճ w
"84ʹͳΜͰ͋Δ
"844FDSFUT.BOBHFS
"84ʹͳΜͰ͋Δ w ࢀߟ<ϩʔςʔγϣϯઓུ"844FDSFUT.BOBHFSͷ֓೦"844FDSFUT.BOBHFS> IUUQT EPDTBXTBNB[PODPNKB@KQTFDSFUTNBOBHFSMBUFTUVTFSHVJEFHFUUJOHTUBSUFEIUNMSPUBUJPOTUSBUFHZ
"84ʹͳΜͰ͋Δ w ࢀߟ<ϩʔςʔγϣϯઓུ"844FDSFUT.BOBHFSͷ֓೦"844FDSFUT.BOBHFS> IUUQT EPDTBXTBNB[PODPNKB@KQTFDSFUTNBOBHFSMBUFTUVTFSHVJEFHFUUJOHTUBSUFEIUNMSPUBUJPOTUSBUFHZ 1⃣ 2⃣ 3⃣ 4⃣
1⃣ 2⃣
2⃣ 3⃣
3⃣ 4⃣
Έͷઆ໌
Έͷઆ໌ ϩʔςʔγϣϯؔ "84MBNCEB 3%4 ϩʔςʔγϣϯؔͰ3%4ʹΞΫηεͯ͠42-࣮ߦͯ͠ϢʔβʔใΛߋ৽͢Δ
"844FDSFUT.BOBHFSઃఆΠϝʔδ
"844FDSFUT.BOBHFSઃఆΠϝʔδ
"844FDSFUT.BOBHFSઃఆΠϝʔδ w ˠը໘ΛਐΊ͍ͯ͘ͱɺ-BNCEBؔ$MPVE'PSNBUJPOͷઃఆ͕࢝·Δ Β͍͠ w ެࣜࢀߟIUUQTEPDTBXTBNB[PODPNKB@KQTFDSFUTNBOBHFSMBUFTU VTFSHVJEFUVUPSJBMT@SPUBUJPOBMUFSOBUJOHIUNMUVUPSJBMT@SPUBUJPO BMUFSOBUJOH@TUFQSPUBUF w
ࠓճ͜ͷը໘ΘͣʹUFSSBGSPNͷBXT@DMPVEGSPNBUJPO@TUBDLΛ͍·ͨ͠ w ҎԼͷϖʔδେ͍ʹࢀߟʹ͠·ͨ͠ w <"844FDSFUT.BOBHFSͰ3%4ͷύεϫʔυϩʔςʔγϣϯͯ͠ΈΔJO @%FWFMPQFST*0> IUUQTEFWDMBTTNFUIPEKQBSUJDMFTTFDSFUTNBOBHFS QBTTXPSESPUBUJPO
͍ͨ͜͠ͱ w Έ✅ w 3BJMTΞϓϦͰͲ͏Δ͔ˡ w ΠϯϑϥपΓͷઃఆ ͕࣌ؒ͋Ε
3BJMTΞϓϦͰͲ͏͢Δ͔ w ࠓ·Ͱʮύεϫʔυ୯ମʯΛTFDSFUͱͯ͠ཧ͍͕ͯͨ͠ɺࠓޙ ʮ"844FDSFUT.BOBHFSγʔΫϨοτͷ+40/ߏʯͰཧ͞ΕΔΑ ͏ʹͳͬͨɻ w ͳͷͰɺͦΕʹରԠ͢Δ
"844FDSFUT.BOBHFSγʔΫϨοτͷ+40/ߏ ͱ w "VSPSB1PTUHSFTͷ߹ w ࢀߟ<"844FDSFUT.BOBHFSγʔΫϨοτͷ+40/ߏ"844FDSFUT.BOBHFS> IUUQTEPDTBXTBNB[PODPNKB@KQ TFDSFUTNBOBHFSMBUFTUVTFSHVJEFSFGFSFODF@TFDSFU@KTPO@TUSVDUVSFIUNMSFGFSFODF@TFDSFU@KTPO@TUSVDUVSF@SETQPTUHSFT
3BJMTଆରॲ࡞ઓ w લทͷ+40/ΛA3%4@%#@4&$3&5Aͱ͍͏ڥมͰड͚औΔ͜ͱʹ͠ ͨ w ͜ΕΛύʔεͯ͠Έཱͯͯ͠A%"5"#"4&@63-Aͷܗʹ͢Δ w 3BJMTɺڥมA%"5"#"4&@63-A͕͋Ε͜ΕΛར༻͢ΔΈ w AQPTUHSFTVTFSOBNF!QBTTXPSEQPSUECOBNF
PQUJPOTAͷܗʹ ͢Δ
CFGPSF DPO fi HEBUBCBTFZNM BGUFS
CFGPSF ίϯςφఆٛͷKTPO KTPOOFU BGUFS
ύʔε CJOSFBE@SET@EC@TFDSFU
Έཱͯ͢ EPDLFSFOUSZQPJOUTI
ಈ͔ͳ͔ͬͨ ͭ·͖ͮϙΠϯτ
͍ΖΜͳ߹Ͱ ύεϫʔυʹ͑ͳ͍จࣈ͕͋Δ w ϥϯμϜʹ࡞ͬͨύεϫʔυΛಡ͏ͱ͢ΔͱSBJMTىಈ࣌ʹΤϥʔ w ௐΔͱύεϫʔυʹʮʨ ʯ͕ೖͬͯΔͱΤϥʔ w ϥϯμϜʹ࡞ͬͨύεϫʔυΛಡ͏ͱ͢ΔͱSJEHFQPMF࣮ߦ࣌ʹΤϥʔ w
ௐΔͱύεϫʔυʹʮʴ ʯ͕ೖͬͯΔͱΤϥʔ
͍ΖΜͳ߹Ͱ ύεϫʔυʹ͑ͳ͍จࣈ͕͋Δ TFFBMTP<3BJMTͷ%"5"#"4&@63-ͰࢦఆͰ͖ Δύεϫʔυͷจࣈछ> IUUQT TJOTPLVIBUFOBCMPHDPNFOUSZ
͜ͷํ๏Ͱͷϩʔςʔγϣϯͷҙ w ϩʔςʔγϣϯͷִؒΑΓ͍εύϯͰ&$4λεΫ͕ೖΕସΘΔඞཁ͕ ͋Δ w ྫճͷϩʔςʔγϣϯͷͱ͖ʹɺճͷϩʔςʔγϣϯΑΓલ ͔Βಈ͍͍ͯΔ&$4λεΫ͕͋Δ߹ͦͷ&$4λεΫΛઌʹTUPQ͢ Δඞཁ͕͋Δ
͜ͷํ๏Ͱͷϩʔςʔγϣϯͷҙ ճͷϩʔςʔγϣϯͷ͋ͱɺ1⃣ͷͱ͖ ʹಈ͍͍ͯͨίϯςφ͕·͍ͩͬͯΔ߹ ଓΤϥʔʹͳͬͯ͠·͏ w ࠶ܝ 1⃣ 2⃣ 3⃣
͍ͨ͜͠ͱ w Έ✅ w 3BJMTΞϓϦͰͲ͏Δ͔✅ w ΠϯϑϥपΓͷઃఆ ͕࣌ؒ͋Ε ˡ
$MPVE'PSNBUJPOͰઃఆ͞ΕΔͷ w -BNCEBؔ w ͦͷ-BNCEBؔͷύʔϛογϣϯ w 4FDSFU.BOBHFS͔ΒͷΞΫηεʹݶఆ͞ΕΔ w *".ϩʔϧ
ͲΜͳ-BNCEB͔ؔʁ w IUUQTHJUIVCDPNBXTTBNQMFTBXTTFDSFUTNBOBHFSSPUBUJPOMBNCEBTͱ͍͏Ϧϙ δτϦͰެ։͞Ε͍ͯΔ
ͲΜͳ-BNCEB͔ؔʁ w MBNCEB@IBOEMFSͱ͍͏ϝΠϯ͔ؔΒҎԼͷؔΛݺͿ lambda_handlerؔAWS Secrets Manager͔ΒͷϩʔςʔγϣϯΠϕϯτΛॲཧ͢ΔͨΊͷΤϯτϦ ϙΠϯτͱͳΓ·͢ɻ ͜ͷؔ࣍ͷ4ͭͷεςοϓΛ࣮ߦ͠·͢: •createSecret: ৽͍͠γʔΫϨοτΛ࡞͠·͢ɻ
•setSecret: ৽͍͠γʔΫϨοτΛσʔλϕʔεʹద༻͠·͢ɻ •testSecret: ৽͍͠γʔΫϨοτ͕σʔλϕʔεʹਖ਼͘͠ద༻͞Εͨ͜ͱΛςετ͠·͢ɻ • fi nishSecret: ৽͍͠γʔΫϨοτΛAWSCURRENTͱͯ͠ϚʔΫ͠ɺݹ͍γʔΫϨοτΛ AWSPREVIOUSͱͯ͠ϚʔΫ͠·͢ɻ
ͦͷଞඞཁͳઃఆFUD w -BNCEB͕࣮ؔࡍʹ3%4ʹΞΫηε͢ΔͨΊͷ४උ w ωοτϫʔΫपΓ w 71$ηΩϡϦςΟάϧʔϓͷઃఆ͕ඞཁ w 3%4ࣗମ w
͜ͷ-BNCEBؔ༻ͷ%#Ϣʔβʔ ٴͼύεϫʔυ ࣄલʹඞཁ w ͦͷೝূใผ్4FDSFUT.BOBHFSʹೖΕ͓ͯ͘ඞཁ͋Γ w 1PTUHSFTͷ߹$3&"5&30-&ݖݶ͕ඞཁ
UFSSBGPSNઃఆྫ
͍ͨ͜͠ͱ w Έ✅ w 3BJMTΞϓϦͰͲ͏Δ͔✅ w ΠϯϑϥपΓͷઃఆ ͕࣌ؒ͋Ε ✅
͜͜·ͰͰ৮Εͳ͔ͬͨ w 3BJMTͷDPO fi HDSFEFOUJBMTZNMFOD 3"*-4@."45&3@,&: w 💭͏ʹ͏·ࠪ͘ϩάऔΓ͍ͨ w 3%4ͷ*".ೝূ
w 💭͜Ε͔ͨ͠͠ΒΜΓͦ͏ɾ3BJMTͰ͏·͑ͨ͘Βڭ͑ͯ΄ ͍͠ɾύϑΥʔϚϯεͪΐͬͱؾ͕͔Γ
࠷ޙʹ w 3BJMTʹσʔλϕʔεͷύεϫʔυʹ͑ͳ͍จࣈ͕͋Δ͜ͱΛͬͨ ͷऩ֭Ͱͨ͠ w օ͞ΜͷΓํͱ͔ΞΠσΞϊϋͱ͔͋Εڭ͑ͯԼ͍͞