Upgrade to Pro — share decks privately, control downloads, hide ads and more …

やはりタグ。タグは全てを解決する

Kengo Suzuki
November 04, 2021
Technology
2
9k

 やはりタグ。タグは全てを解決する

Kengo Suzuki

November 04, 2021
Tweet

More Decks by Kengo Suzuki

See All by Kengo Suzuki
信頼性に挑む中で拡張できる・得られる1人のスキルセットとは?
ken5scal
2
530
Eventual Detection Engineering
ken5scal
0
1.8k
脆弱性対応をこの先生きのこるには
ken5scal
0
940
LayerXとMDMのリスク評価と年次対応の実例(公開版)
ken5scal
2
1.1k
AWSだ! Google Cloudだ! Azureだ! 認証連携だ!
ken5scal
9
2k
適応し続けるプロダクトとセキュリティ
ken5scal
5
2k
同志諸君よ、ゼロトラストを撃て_CloudNativeDays2022
ken5scal
2
3.2k
なぜLayerXのセキュリティでSoftware指向が重視されているか
ken5scal
0
310
暇だしDevSecOpsやってみた - CodePipeline Now and Then
ken5scal
3
5.6k

Other Decks in Technology

See All in Technology
VideoMamba: State Space Model for Efficient Video Understanding
chou500
0
190
透過型SMTPプロキシによる送信メールの可観測性向上: Update Edition / Improved observability of outgoing emails with transparent smtp proxy: Update edition
linyows
2
210
The Rise of LLMOps
asei
6
1.3k
AWS Lambdaと歩んだ“サーバーレス”と今後 #lambda_10years
yoshidashingo
1
170
SREが投資するAIOps ~ペアーズにおけるLLM for Developerへの取り組み~
takumiogawa
1
100
【Startup CTO of the Year 2024 / Audience Award】アセンド取締役CTO 丹羽健
niwatakeru
0
960
テストコード品質を高めるためにMutation Testingライブラリ・Strykerを実戦導入してみた話
ysknsid25
7
2.6k
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
120
Amplify Gen2 Deep Dive / バックエンドの型をいかにしてフロントエンドへ伝えるか #TSKaigi #TSKaigiKansai #AWSAmplifyJP
tacck
PRO
0
370
適材適所の技術選定 〜GraphQL・REST API・tRPC〜 / Optimal Technology Selection
kakehashi
1
170
オープンソースAIとは何か? --「オープンソースAIの定義 v1.0」詳細解説
shujisado
6
670
Application Development WG Intro at AppDeveloperCon
salaboy
0
180

Featured

See All Featured
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.3k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
26
2.1k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
8.2k
Navigating Team Friction
lara
183
14k
A better future with KSS
kneath
238
17k
Designing Experiences People Love
moore
138
23k
10 Git Anti Patterns You Should be Aware of
lemiorhan
654
59k
It's Worth the Effort
3n
183
27k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
Practical Orchestrator
shlominoach
186
10k
Embracing the Ebb and Flow
colly
84
4.5k

Transcript

  1. ΍͸Γλάɹλά͸શͯΛղܾ͢Δ  1 BXTEFWEBZ

  2.  ໊લླ໦ݚޗ !LFOTDBM   ॴଐ  -BZFS9גࣜձࣾ$50ࣨ  ࡾҪ෺࢈σδλϧΞηοτɾϚωδϝϯτग़޲

     དྷྺ  ূ݊޲͚.BOBHFE4FDVSJUZ4FSWJDFɺՈܭ฽ɾΫϥ΢υձܭɺূ݊ձࣾ  ݸਓͷ׆ಈ  ಉਓʮ4FDVSFཱྀஂʯʹͯ1PEDBTUʮ4FDVSF-JBJTPOʯ΍ಉਓࢽ࡞੒  िץʮ๩͍͠ਓͷͨΊͷηΩϡϦςΟɾΠϯςϦδΣϯεʯൃߦ  1PE$BTUʮ4FDVSF-JBJTPOʯΛʢ΄΅ʣ8FFLMZͰϦϦʔε  ॻ੶  0`3FJMMZʮ;FSP5SVTU/FUXPSLʯ؂༁  ΠϯϓϨε3%ʮΞΠσϯςΟςΟ͸ͩΕͷ΋ͷʁ)ZQFSMFEHFS*OEZ"SJFTͰ࣮ݱ͢Δ෼ࢄΞΠσϯςΟςΟʯஶ࡞ ॴଐઌ঺հࣗݾ঺հ 2

  3.  Ϧετ  Ϧετ  Ϧετ  Ϧετͷڧௐจࣈ  Ϧετ

    ݟग़͠ 3

  4. ϒϩοΫνΣʔϯͷձࣾ Ͱ͸ͳ͍Ͱ͢ 4 IUUQTOPUFDPNGVLLZZOOGFECD

  5. ॴଐઌͦͷᶃ 5

  6.  Ϧετ  Ϧετ  Ϧετ  Ϧετͷڧௐจࣈ  Ϧετ

    ݟग़͠ 6

  7.  Ϧετ  Ϧετ  Ϧετ  Ϧετͷڧௐจࣈ  Ϧετ

    ݟग़͠ 7

  8. ॴଐઌͦͷᶄ 8

  9. ॴଐઌͦͷᶄ 9

  10. ॴଐઌͦͷᶄ 10

  11. ॴଐઌͦͷᶄ 11

  12. ຊ೔ͷ͓࿩ 12 $50ࣨ԰୆ࠎΤϯδχΞ

  13. ຊ೔ͷ͓࿩ 13 $50ࣨ԰୆ࠎΤϯδχΞ ࢿ࢈؅ཧ

  14. ຊ೔ͷ͓࿩ 14 $50ࣨ԰୆ࠎΤϯδχΞ ࢿ࢈؅ཧ "84

  15. ຊ೔ͷ͓࿩ 15 $50ࣨ԰୆ࠎΤϯδχΞ ࢿ࢈؅ཧ "84 λά

  16. ຊ೔ͷ͓࿩ 16 $50ࣨ԰୆ࠎΤϯδχΞ ࢿ࢈؅ཧ "84 λά

  17. ຊ೔ͷ͓࿩ 17 $50ࣨ԰୆ࠎΤϯδχΞ ࢿ࢈؅ཧ "84 λά

  18.  ࿩͢͜ͱ  ౰ࣾͷλά؅ཧͷมભ  ࿩͞ͳ͍͜ͱ  ౰ࣾͷλάΛ׆༻ͨ͠ӡ༻ ࿩͞ͳ͍͜ͱ 18

  19.  8IZλά؅ཧ  ౰ࣾͷλά؅ཧ  5BHWFS  5BHWFS  5BHWFS

     5BHWFS ະདྷͷ࿩ʣ ΞδΣϯμ 19

  20. 8IZλά؅ཧ 20

  21. ʢ͍͖ͳΓ୤ઢʣθϩτϥετ 21

  22. ୈࡾͷࢦ਑͸ɺθϩτϥετͷ֓೦ ͸ɺอޢର৅ͷγεςϜͱσʔλͷ૊ ৫తՁ஋ʹ͋Θͤͯద༻͢Δඞཁ͕͋ Δͱ͍͏͜ͱͰ͢ 22 θϩτϥετΞʔΩςΫνϟ"84ͷࢹ఺

  23. ୈࡾͷࢦ਑͸ɺθϩτϥετͷ֓೦ ͸ɺอޢର৅ͷγεςϜͱσʔλͷ૊ ৫తՁ஋ʹ͋Θͤͯద༻͢Δඞཁ͕͋ Δͱ͍͏͜ͱͰ͢ 23 θϩτϥετΞʔΩςΫνϟ"84ͷࢹ఺ อޢର৅ͷ γεςϜͱσʔλʹ͍ͭͯ Կ΋Θ͔ΒΜ৔߹͸ʁ

  24.  ࢿ࢈؅ཧ  ༧࣮؅ཧ  ΞΫηε؅ཧ  ʢฏ࣌ͷʣϦεΫ؅ཧ  ΠϯγσϯτରԠ

     ࣗಈԽ ର৅͕ط஌Ͱͳ͍ͱͰ͖ͳ͍͜ͱ 24

  25.  UPNPWFUP;5" BOFOUFSQSJTFNVTUIBWFB TZTUFNUPEJTDPWFSBOESFDPSEQIZTJDBMBOE WJSUVBMBTTFUTUPDSFBUFBVTBCMFJOWFOUPSZ /*4541ʮθϩτϥετɾΞʔΩςΫνϟʯ 25

  26.  ֤Ϧιʔεʹ෇༩͞Εͨϝλσʔ λ  ֤छӡ༻ʹ͓͚ΔඞཁෆՄܽͳࢀ রઌσʔλ  ૊৫ಛ༗ͷϦιʔε*EFOUJUZΛߏ ங͢Δ$MBJN "84ͷλάͱ͸ʁ

    26 ๻͸͜ͷ ؀ڥͰ࢖ΘΕ·͢ ๻ͷ؅ཧऀ͸ 43&νʔϜͰ͢ ܦӦ؅ཧ෦ͷ ͓ࡒ෍͔͍ͭ·͢ ػີ৘ใ ͔͍͋ͭ·͢ %9αʔϏεͰ ࢖ΘΕ·͢ EFWEYFDͱਃ͠·͢

  27.  ֤Ϧιʔεʹ෇༩͞Εͨϝλσʔ λ  ֤छӡ༻ʹ͓͚ΔඞཁෆՄܽͳࢀ রઌσʔλ  ૊৫ಛ༗ͷϦιʔε*EFOUJUZΛߏ ங͢Δ$MBJN "84ͷλάͱ͸ʁ

    27 ๻͸͜ͷ ؀ڥͰ࢖ΘΕ·͢ ๻ͷ؅ཧऀ͸ 43&νʔϜͰ͢ ܦӦ؅ཧ෦ͷ ͓ࡒ෍͔͍ͭ·͢ ػີ৘ใ ͔͍͋ͭ·͢ %9αʔϏεͰ ࢖ΘΕ·͢ EFWEYFDͱਃ͠·͢

  28.  αʔόʔʹՍۭͷσʔλΛ෇༩Ͱ͖ΔΑ͏ʹͳͬͨ  ʮໝ૝ͱ͍͏໊ͷ૝૾ྗ͕ϗϞɾαϐΤϯεΛਐԽͤͨ͞ʯ  ͨ͘͞Μ͚ͭΒΕΔʢd   Ωʔɾ஋ͷࣗ༝౓͕ߴ͍ʢʙ VOJDPEFจࣈɺDBTFTFOTJUJWF

    ه߸ར༻Խʣ  ϫʔΫϩʔυͷಈ࡞ʹ௚઀తͳӨڹΛ༩͑Δ͜ͱͳ͘ӡ༻Ͱ͖Δ  71$ͷ/BNFλάʜ ஌Γ·ͤΜͶʜ  "1*؅ཧͰ͖Δ  σʔλΛ࣮ࡍͷϦιʔεʹࣄલຒΊࠐΜ্ͩͰɺࢿ࢈؅ཧ%#΍ΤΫηϧΛิ׬Ͱ͖Δ  ٯํ޲΋Մ  ؅ཧऀʹΑΔ౷੍΋Ͱ͖Δ λά͸͍͢͝ 28

  29. λά͔͠উͨΜ 29

  30. ౰ࣾͷ࿩ 30

  31. 5BH7FS 31

  32.  #$ίϯαϧࣄۀ͕ϝΠϯͩͬͨͨΊɺ۩ମతͳظؒݶఆతͳϫʔ Ϋϩʔυ͔͠ͳ͔ͬͨ  1P$ϓϩδΣΫτʹ൐͏୹ظతͳ৘ใࢿ࢈͔͠ͳ͔ͬͨʢ"84্ Ͱ͸ʣ  Πϯϑϥత੔උΛ̎ਓͰ࣮ࢪ  ΏΔʙ͘ᯂΑΓ࢝ΊΑ

     ʢӨڹ΋ͳ͍͠ʣΨϯΨϯ͍͜͏ͥ 5BHWFS  32

  33. ମ੍ ੲ 33

  34. ࢀߟจݙY

  35.  ϕεϓϥ  $BTFTFOTJUJWF  Ϧιʔε΁ͷΞΫηείϯτϩʔϧ  λά؅ཧͷࣗಈԽ  λά͸গͳ͍ΑΓɺଟ͍ํ͕ϕλʔ

     ओʹλάΧςΰϦΛࢀর "845BHHJOH4USBUFHJFT 35 IUUQTEBXTTUBUJDDPNBXTBOTXFST"84@5BHHJOH@4USBUFHJFTQEG

  36. 5BHHJOH#FTU1SBDUJDFT  "845BHHJOH4USBUFHJFTΛΑ ΓৄࡉԽ IUUQTEPDTBXTBNB[PODPNXIJUFQBQFSTMBUFTUUBHHJOHCFTUQSBDUJDFTJOUSPEVDUJPOUBHHJOHVTFDBTFTIUNM

  37.  Ϧετ  Ϧετ  Ϧετ  Ϧετͷڧௐจࣈ  Ϧετ

    37 ͦΜͳʹλάͷ஋ʹͭΊ͜·ΜͰ΋Α͘ͳ͍ʜ

  38. ౰ࣾಠࣗΧελϚΠζᶃ 38 ݴͬͯΔ͜ͱ͕ҧ͏ͷͰɺ ʮେ͸খΛ݉ͶΔʯͱ͍͏͜ͱͰ ޙ͔Βม͑Δ͜ͱ্౳Ͱ͚ͭ·͘Δ͜ͱʹͨ͠ɻ λάมߋͰ͋Ε͹Өڹ͸ͳ͘ɼ ͔ͭɺݱࡏͷ༧࣮؅ཧͰ͸ͦ͜·ͰλάΛ׆༻ͯ͠ͳ͍ͨΊ

  39. 5BHHJOH#FTU1SBDUJDFT  "845BHHJOH4USBUFHJFTΛΑ ΓৄࡉԽ IUUQTEPDTBXTBNB[PODPNXIJUFQBQFSTMBUFTUUBHHJOHCFTUQSBDUJDFTJOUSPEVDUJPOUBHHJOHVTFDBTFTIUNM ϏϛϣʔʹݴͬͯΔ͜ͱ͕ҧ͏ͷͰ 5BHHJOH#FTU1SBDUJDFTͷߟ͑ํΛجʹɺ 5BHHJOH4USBUFHJFTͷ࣮૷ํ๏ΛϝΠϯʹ࣮૷

  40.  λά໋໊نଇέόϒέʔεεωʔΫέʔε  ΠϯϕϯτϦͬͯ%#ͩ͠ɺ͡Ό͋εωʔΫέʔεͩΑͶ  5FSSBGPSNͷϕεϓϥ΋Ξϯείͩ͠ɻ  Ϧιʔε໊نଇ  \FOWJSPONFOU^\TFSWJDF@JE^\Ϧιʔεಛ༗ͷ஋^

     4΍"-#ʹ͍ͭͯ͸OBNFλάͷΑ͏ͳޠ۟ؒΛ@ͳܗࣜͩ ͱͰ͖ͳ͍ͷͰɺͰͭͳ͛Δɻ ౰ࣾಠࣗΧελϚΠζᶄ 40 IUUQTXXXUFSSBGPSNCFTUQSBDUJDFTDPNOBNJOH

  41. ౰ࣾಠࣗΧελϚΠζᶅ 41 λά؅ཧΛ ड͚࣋ͭ

  42. ౰ࣾಠࣗΧελϚΠζᶆ

  43. 43 λά໊ ΧςΰϦ ඞਢ ྫ name Ϧιʔε໊ ◦ ${service_id}.${environment}.${service_role}.$ {name}

    service_id ΞϓϦɾαʔϏεID ◦ dx service_role αʔϏε಺ͷ໾ׂ ◦ web, db, log_storage cluster ecs Ϋϥελʔͱ͔ environment ؀ڥ ◦ dev, stg, prd version owner ੹೚ઌ ◦ cost_center ◦ xxx, yyy, layerx (ސ٬໊) project ϓϩδΣΫτ໊ ◦ customer ಛఆͷ͓٬༷޲͚༻ Τϯϓϥϓϥϯʹ͸͓٬༷ઐ༻αʔόΛఏڙ ͠·͢...తͳͱ͖ con fi dentiality ػີ౓߹͍ ◦ managed_by ͲͷIaC͔ ◦ manual(σϑΥϧτ), terraform, cfn compliance ن੍ɾίϯϓϥ PII, [pii, iso27002]

  44.  $PNNFSDJBMEBUBDMBTTJ fi DBUJPO  4FOTJUJWF $PO fi EFOUJBM 1SJWBUF

    1VCMJD  IUUQTEPDTNJDSPTPGUDPNKBKQ TFDVSJUZVQEBUFT QMBOOJOHBOEJNQMFNFOUBUJPOHVJEF  $PO fi EFOUJBMJUZʹؔ͢Δิ଍ 44

  45. 5BH7FS 45

  46.  ࣄۀ෦੍΁  Ӭଓతͳ৘ใࢿ࢈͕ൃੜͨ͠  Πϯϑϥత੔උΛ͢Δ̎ਓ͸ࣄۀ෦ʹ೿ݣ΁ 5BHWFS  46

  47. ମ੍ /PX 47

  48. ڞ༗ձ 48

  49.  DPTU@DFOUFSͷ஋ʹ֤ࣄۀ෦͕ೖΔΑ͏ʹ  OBNFλάΛഇࢭ  λά໊ MBZFSYλά໊ ͷQSF fi YΛഇࢭ

    EJGGGSPNWFS 49

  50. 5BH7FS 50

  51.  5FSSBGPSNQSPWJEFSW  $50ަ୅  *4.4औಘ։࢝ 5BHW  51

  52. ମ੍ /PX 52

  53. ڞ༗ձ 53

  54. 5FSSBGPSN"841SPWJEFSWͷϦϦʔε 54 provider "aws" { region = var.regio n default_tags

    { tags = var.default_tags } } resource "aws_kms_key" "cloudtrail" { description = "key to encrypt/decrypt cloudtrail " tags = { service_role = var.service_role.km s } } resource "aws_kms_key" "cloudtrail" { description = "key to encrypt/decrypt cloudtrail " tags = { environment = pr d service_role = var.service_role.km s project = guardrai l service_id = guardrai l cost_center = layer X Owner = sr e managed_by = terrafor m github_repository - guardrai l } }  EFGBVMU@UBHT͍͜͞ʔ

  55.  HJUIVC@SFQPTJUPSZ௥Ճ  ৘ใ۠෼ͷݟ௚͠  લTFOTJUJWF DPO fi EFOUJBM QSJWBUF

    QSPQSJFUBSZ QVCMJD  ޙDPO fi EFOUJBM QSJWBUF QVCMJD  TFSWJDF@SPMFΛ࣮ଶͰ͋ΔϦιʔεͷཻ౓ʹ͋ΘͤΔ  ྫTFDSFUTNBOBHFSWBVMU EJGGGSPNWFS 55

  56. ࠓޙ 56

  57.  λά౷੍  λάFWFSZXIFSF  λά؅ཧͷ؅ཧ  λά΁ͷΞΫηε؅ཧΛ៛ີԽ  λάΛ࢖ͬͨ"#"$ʁ

     ਖ਼௚͋·ΓϝϦοτΛײͯ͡ͳ͍ʜ 5BHW GVUVSF 57

  58. ࠾༻ͯ͠·͢ ݸਓΧδϡΞϧ໘ஊ͔ΒͰ ΋0, 58

  59. 59 ࠾༻͸ͪ͜Β IUUQTIFSQDBSFFSTWMBZFSY ΧδϡΞϧ໘ஊ͸ͪ͜Β IUUQTNFFUZOFUBSUJDMFTUXXKK

  60. 60 IUUQTNFFUZOFUNBUDIFTK"C ff [W-RK/B IUUQTIFSQDBSFFSTWMBZFSYZSR)(513Y

  61. 5IBOLZPV 61