Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

やはりタグ。タグは全てを解決する

 やはりタグ。タグは全てを解決する

Kengo Suzuki

November 04, 2021
Tweet

More Decks by Kengo Suzuki

Other Decks in Technology

Transcript

  1.  ໊લླ໦ݚޗ !LFOTDBM   ॴଐ  -BZFS9גࣜձࣾ$50ࣨ  ࡾҪ෺࢈σδλϧΞηοτɾϚωδϝϯτग़޲

     དྷྺ  ূ݊޲͚.BOBHFE4FDVSJUZ4FSWJDFɺՈܭ฽ɾΫϥ΢υձܭɺূ݊ձࣾ  ݸਓͷ׆ಈ  ಉਓʮ4FDVSFཱྀஂʯʹͯ1PEDBTUʮ4FDVSF-JBJTPOʯ΍ಉਓࢽ࡞੒  िץʮ๩͍͠ਓͷͨΊͷηΩϡϦςΟɾΠϯςϦδΣϯεʯൃߦ  1PE$BTUʮ4FDVSF-JBJTPOʯΛʢ΄΅ʣ8FFLMZͰϦϦʔε  ॻ੶  0`3FJMMZʮ;FSP5SVTU/FUXPSLʯ؂༁  ΠϯϓϨε3%ʮΞΠσϯςΟςΟ͸ͩΕͷ΋ͷʁ)ZQFSMFEHFS*OEZ"SJFTͰ࣮ݱ͢Δ෼ࢄΞΠσϯςΟςΟʯஶ࡞ ॴଐઌ঺հࣗݾ঺հ 2
  2.  ֤Ϧιʔεʹ෇༩͞Εͨϝλσʔ λ  ֤छӡ༻ʹ͓͚ΔඞཁෆՄܽͳࢀ রઌσʔλ  ૊৫ಛ༗ͷϦιʔε*EFOUJUZΛߏ ங͢Δ$MBJN "84ͷλάͱ͸ʁ

    26 ๻͸͜ͷ ؀ڥͰ࢖ΘΕ·͢ ๻ͷ؅ཧऀ͸ 43&νʔϜͰ͢ ܦӦ؅ཧ෦ͷ ͓ࡒ෍͔͍ͭ·͢ ػີ৘ใ ͔͍͋ͭ·͢ %9αʔϏεͰ ࢖ΘΕ·͢ EFWEYFDͱਃ͠·͢
  3.  ֤Ϧιʔεʹ෇༩͞Εͨϝλσʔ λ  ֤छӡ༻ʹ͓͚ΔඞཁෆՄܽͳࢀ রઌσʔλ  ૊৫ಛ༗ͷϦιʔε*EFOUJUZΛߏ ங͢Δ$MBJN "84ͷλάͱ͸ʁ

    27 ๻͸͜ͷ ؀ڥͰ࢖ΘΕ·͢ ๻ͷ؅ཧऀ͸ 43&νʔϜͰ͢ ܦӦ؅ཧ෦ͷ ͓ࡒ෍͔͍ͭ·͢ ػີ৘ใ ͔͍͋ͭ·͢ %9αʔϏεͰ ࢖ΘΕ·͢ EFWEYFDͱਃ͠·͢
  4.  αʔόʔʹՍۭͷσʔλΛ෇༩Ͱ͖ΔΑ͏ʹͳͬͨ  ʮໝ૝ͱ͍͏໊ͷ૝૾ྗ͕ϗϞɾαϐΤϯεΛਐԽͤͨ͞ʯ  ͨ͘͞Μ͚ͭΒΕΔʢd   Ωʔɾ஋ͷࣗ༝౓͕ߴ͍ʢʙ VOJDPEFจࣈɺDBTFTFOTJUJWF

    ه߸ར༻Խʣ  ϫʔΫϩʔυͷಈ࡞ʹ௚઀తͳӨڹΛ༩͑Δ͜ͱͳ͘ӡ༻Ͱ͖Δ  71$ͷ/BNFλάʜ ஌Γ·ͤΜͶʜ  "1*؅ཧͰ͖Δ  σʔλΛ࣮ࡍͷϦιʔεʹࣄલຒΊࠐΜ্ͩͰɺࢿ࢈؅ཧ%#΍ΤΫηϧΛิ׬Ͱ͖Δ  ٯํ޲΋Մ  ؅ཧऀʹΑΔ౷੍΋Ͱ͖Δ λά͸͍͢͝ 28
  5.  ϕεϓϥ  $BTFTFOTJUJWF  Ϧιʔε΁ͷΞΫηείϯτϩʔϧ  λά؅ཧͷࣗಈԽ  λά͸গͳ͍ΑΓɺଟ͍ํ͕ϕλʔ

     ओʹλάΧςΰϦΛࢀর "845BHHJOH4USBUFHJFT 35 IUUQTEBXTTUBUJDDPNBXTBOTXFST"84@5BHHJOH@4USBUFHJFTQEG
  6.  Ϧετ  Ϧετ  Ϧετ  Ϧετͷڧௐจࣈ  Ϧετ

    37 ͦΜͳʹλάͷ஋ʹͭΊ͜·ΜͰ΋Α͘ͳ͍ʜ
  7.  λά໋໊نଇέόϒέʔεεωʔΫέʔε  ΠϯϕϯτϦͬͯ%#ͩ͠ɺ͡Ό͋εωʔΫέʔεͩΑͶ  5FSSBGPSNͷϕεϓϥ΋Ξϯείͩ͠ɻ  Ϧιʔε໊نଇ  \FOWJSPONFOU^\TFSWJDF@JE^\Ϧιʔεಛ༗ͷ஋^

     4΍"-#ʹ͍ͭͯ͸OBNFλάͷΑ͏ͳޠ۟ؒΛ@ͳܗࣜͩ ͱͰ͖ͳ͍ͷͰɺͰͭͳ͛Δɻ ౰ࣾಠࣗΧελϚΠζᶄ 40 IUUQTXXXUFSSBGPSNCFTUQSBDUJDFTDPNOBNJOH
  8. 43 λά໊ ΧςΰϦ ඞਢ ྫ name Ϧιʔε໊ ◦ ${service_id}.${environment}.${service_role}.$ {name}

    service_id ΞϓϦɾαʔϏεID ◦ dx service_role αʔϏε಺ͷ໾ׂ ◦ web, db, log_storage cluster ecs Ϋϥελʔͱ͔ environment ؀ڥ ◦ dev, stg, prd version owner ੹೚ઌ ◦ cost_center ◦ xxx, yyy, layerx (ސ٬໊) project ϓϩδΣΫτ໊ ◦ customer ಛఆͷ͓٬༷޲͚༻ Τϯϓϥϓϥϯʹ͸͓٬༷ઐ༻αʔόΛఏڙ ͠·͢...తͳͱ͖ con fi dentiality ػີ౓߹͍ ◦ managed_by ͲͷIaC͔ ◦ manual(σϑΥϧτ), terraform, cfn compliance ن੍ɾίϯϓϥ PII, [pii, iso27002]
  9.  $PNNFSDJBMEBUBDMBTTJ fi DBUJPO  4FOTJUJWF $PO fi EFOUJBM 1SJWBUF

    1VCMJD  IUUQTEPDTNJDSPTPGUDPNKBKQ TFDVSJUZVQEBUFT QMBOOJOHBOEJNQMFNFOUBUJPOHVJEF  $PO fi EFOUJBMJUZʹؔ͢Δิ଍ 44
  10. 5FSSBGPSN"841SPWJEFSWͷϦϦʔε 54 provider "aws" { region = var.regio n default_tags

    { tags = var.default_tags } } resource "aws_kms_key" "cloudtrail" { description = "key to encrypt/decrypt cloudtrail " tags = { service_role = var.service_role.km s } } resource "aws_kms_key" "cloudtrail" { description = "key to encrypt/decrypt cloudtrail " tags = { environment = pr d service_role = var.service_role.km s project = guardrai l service_id = guardrai l cost_center = layer X Owner = sr e managed_by = terrafor m github_repository - guardrai l } }  EFGBVMU@UBHT͍͜͞ʔ
  11.  HJUIVC@SFQPTJUPSZ௥Ճ  ৘ใ۠෼ͷݟ௚͠  લTFOTJUJWF DPO fi EFOUJBM QSJWBUF

    QSPQSJFUBSZ QVCMJD  ޙDPO fi EFOUJBM QSJWBUF QVCMJD  TFSWJDF@SPMFΛ࣮ଶͰ͋ΔϦιʔεͷཻ౓ʹ͋ΘͤΔ  ྫTFDSFUTNBOBHFSWBVMU EJGGGSPNWFS 55