Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
AuthzCtx - Alp社内共有会
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
machu
April 22, 2022
Technology
100
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
AuthzCtx - Alp社内共有会
Alp社内共有会用
machu
April 22, 2022
More Decks by machu
See All by machu
NBAチームから学ぶ強いチームの作り方
machuz
0
63
Authorization to implement with Extensible Effect
machuz
0
460
アルプの 認証/認可分離戦略と手法
machuz
3
800
アルプのEff独自エフェクト集 / Alp-original ’Eff’ pearls
machuz
1
2.3k
Scalebaseバックエンド構成について/the backend design of Scalebase
machuz
0
6.6k
SQL Meisterへの道 ~更新編~ / sql-meister-CUD
machuz
0
2.4k
SQL Meisterへの道 ~基礎〜参照編~ / sql-meister-R
machuz
0
2.8k
Authz
machuz
0
320
CQRS+ESをKinesis,Spark,RDB,S3でやってみた
machuz
0
3.5k
Other Decks in Technology
See All in Technology
IaC コードを資産へ:AWS CDK 社内ライブラリと横断展開 / aws-summit-japan-2026
gotok365
10
1.6k
When Platform Engineering Meets GenAI
sucitw
0
170
AIのReact習熟度を測る
uhyo
2
680
iOS アプリの「これって不具合ですか?」を AI に調べてもらう
miichan
0
140
秘密度ラベル初心者が第1歩でつまづかないための「設計・運用」ポイント
seafay
PRO
1
480
AI時代のコスト管理を考えよう〜明日から使える実践AWSノウハウ~
yoshimi0227
0
860
[AWS Summit Japan 2026]迷っているあなたへ_小さな一歩が、やがて自分を助けてくれる
sh_fk2
2
410
フルAIで個人開発して学んだあれこれ / yuruai vol.1
isaoshimizu
0
110
【2026年版】 ベクトル検索とEmbedding最前線
mocobeta
23
7.5k
OTel × Datadog で 「AI活用」を計測し、改善に繋げる
shihochan
2
630
技術・能力を向上する原理原則 #きのこセッションa #きのこ2026
bash0c7
0
120
水を運ぶ人としてのリーダーシップ
izumii19
4
990
Featured
See All Featured
Lightning Talk: Beautiful Slides for Beginners
inesmontani
PRO
2
580
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.4k
Navigating Weather and Climate Data
rabernat
0
230
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
3
170
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
aleyda
1
2.1k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
6k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
2k
How To Speak Unicorn (iThemes Webinar)
marktimemedia
1
490
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
170
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
baasie
0
430
Crafting Experiences
bethany
1
190
Google's AI Overviews - The New Search
badams
0
1k
Transcript
Authz 2 0 2 2 / 0 4 / 2
2 υ ϝ Π ϯ ڞ ༗ ձ M A C H U
2 ΞδΣϯμ • ೝՄ͍͠ͱ͜Ζ͓͞Β͍ • ೝՄج൫v1ͰରԠ͍ͯͨ͠෦͓͞Β͍ • v1ͰԿ͕Ͱ͖͍ͯͳ͔͔ͬͨ • Scope༩ํ๏ղઆ
• ࡉ͔͍Έ • ϑϩϯτͱͷΓͱΓ • SATͷ࡞Γํ • ࠓޙͷԠ༻ • ࠷ޙʹ
3 ೝՄ͍͠ͱ͜Ζ͓͞Β͍
4 ೝՄͷ͍͠ ద༻ൣғ͕͍ Operator,System,Token,֤ Ctx,Adpt,UseCase,Domain etc… ೝՄͷ֓೦͕ᐆດͰɺ ѻ͍͕͍͠ ϩδοΫͱ ີʹͳΓ͍͢
5 ద༻ൣғ͕͍ Presenter Controller Repository(DB etc..) UseCase Domain Masking item
Execute endpoint Filter resource read/write auhorization Execute UseCase Ramification domainLogic Execute domainLogic ֤ͰೝՄΛద༻͍ͨ͠໘͕͜Ε͚ͩ͋Γ·͢ɻ͜ΕΒΛผʑͷΈͰ࣮ͯ͠͠·͏ͱ ख͕ଟ͘ͳΓ͗͢Δ͠ɺΈಉ࢜ͷ߹ੑΛઁΔ͜ͱ͘͠ͳΓ·͢ɻ
6 ద༻ൣғ͕͍ Presenter Controller Repository(DB etc..) UseCase Domain Presenter Controller
Repository(DB etc..) UseCase Domain Presenter Controller Repository(DB etc..) UseCase Domain Ctx-A Ctx-B Ctx-C ͔͠ɺͦͷ͕ෳͷίϯςΩετʹ·͕ͨΓ·͢ɻ ౷ҰతʹऔΓѻ͏ೝՄج൫͕ͳ͍ͱख͕૿͑͗͢Δ͠ɺظͨ͠ڍಈΛಘΔͷอͭͷ͘͠ͳΓ·͢ɻ ·ͨɺॲཧͷϑϩʔෳࡶԽ͕ͪ͠Ͱ͢ɻ
7 ೝՄͷ֓೦͕ᐆດͰɺѻ͍͕͍͠ Presenter Controller Repository(DB etc..) UseCase Domain Masking item
Execute endpoint Filter resource read/write auhorization Execute UseCase Ramification domainLogic Execute domainLogic ͜Ε͚֤ͩʹ͓͍༷ͯʑͳ࡞༻͕͋ΔͷͰɺͲͷΑ͏ͳ֓೦ͱͯ͠औΓѻ͏͔͍͕͠ ͋Γ·͢ɻ
8 ϩδοΫͱີʹͳΓ͍͢ ୯७ʹॻ͘ͱɺݖݶ͕ଘࡏ͢Δ͔ͷνΣοΫΛ৭ʑͳͱ͜ΖʹࠐΉ͜ͱʹͳΓ·͢ `If (Operator.policy. fi nd(_ == CanWriteContract)) ~
` ͱ͍ͬͨ۩߹Ͱ͢ɻ ͜Ε͚ͩͳΒ·ͩϚγͰ͕͢ɺ࣮ࡍ `If ( (Operator.policy.exixts(_ == AllAllow) || Operator.policy.exixts(_ == CanWriteContract)) && Operator.policy.exixts(_ != AllDeny)) )` ͳͲɺͲΜͲΜංେԽ͍͖ͯ͠ɺͦΕ͕৭ʑͳͱ͜Ζʹࢄ Βͬͯ͠·͍·͢ɻϑϩϯτʹ·ͰඈͼՐͯ͠ີʹͳΓ·͢ɻ
9 ೝՄج൫v1ͰରԠ͍ͯͨ͠෦͓͞Β͍
1 0 ੳػೳ෦తʹద༻͍ͯͨ͠ೝՄج൫v1Ͱ ɺ͜ΕΒͷʹ͋ΔఔରԠͰ͖͍ͯͨ
11 ద༻ൣғ͕͍ Operator,System,Token,֤ Ctx,UseCase,Domain etc… ߏʹΑΔॊೈͳදݱ PrincipalIdʹΑΔೝՄओମநԽ
1 2 AuthzCtxͷΓग़͠ͱɺ ೝՄؔ࿈Ϟσϧͷlibஔ ೝՄͷ֓೦͕ᐆດͰɺ ѻ͍͕͍͠
1 3 - EffͰͷΤϑΣΫτநԽʹΑΔؔ৺ - AuthzCtxʹΑΔɺSupport,Manage,Decideͱɺ Enforceͷ ϩδοΫͱີʹͳΓ ͍͢
1 4 Support,Manage,DecideͱɺEnforceͷͱ ‘XACML Reference Architecture’ ʹ ͋ΔݟͰɺೝՄͷͷ୯ҐΛ͜ͷ4ͭʹ͚͍ͯΔ ScalebaseͰ Decide,ManageΛAuthzCtxʹด͡ࠐΊɺAuthzIOͰૢ
࡞ͷίϚϯυΛΤϑΣΫτநԽ Enforce,SupportجຊతͳఆAuthzCtxʹدͤɺ BooleanΛฦ͢͜ͱʹΑͬͯߏΛར༻֤ͯ͠Ctx Ͱͷఆͱ߹ͯ͠ఆ͕Ͱ͖ΔΑ͏ʹ͍ͯ͠Δ ※SupportAuthzCtxܦ༝ʹ͢Δύλʔϯ͋ΔͷͰ ࠓޙศརͳํΛબ͍ͯ͘͠
1 5 ͜ͷล👇ͷࢿྉΛࢀর͍ͩ͘͞🙏 https://speakerdeck.com/ma2k8/authz
1 6 v1ͰԿ͕Ͱ͖͍ͯͳ͔͔ͬͨ
1 7 ͡Ό͋Կ͕Ͱ͖ͯͳ͔ͬͨΜ͚ͩͬ
1 8 ೝՄج൫v1ͷΧόʔൣғ Presenter Controller Repository(DB etc..) UseCase Domain Masking
item Execute endpoint Filter resource read/write auhorization Execute UseCase Ramification domainLogic Execute domainLogic
1 9 ೝՄج൫v2(ࠓͬͯΔͭ)ͷΧόʔൣғ Presenter Controller Repository(DB etc..) UseCase Domain Masking
item Execute endpoint Filter resource read/write auhorization Execute UseCase Ramification domainLogic Execute domainLogic ※͜͜PresenterΛEffʹੵΊͰ͖ΔΑ͏ʹͳΔ
2 0 ࠩ Execute endpoint read/write auhorization Execute UseCase ͕
2 1 ͷঢ়ଶͱ දݱͰ͖Δ͕ɺہॴతͳݖݶఆ͕͔ͳ Γͷྔʹͳͬͯ͠·͍ɺӡ༻͕ਏ͍ for { hasViewerPermission <- AuthzIO.requestBoolPolicy[R](
ActionComposing.Literal( principalId = operatorId.toPrincipalId, action = DashboardAnalysisView, resourceIds = Nil ) ) hasExplorerPermission <- AuthzIO.requestBoolPolicy[R]( ActionComposing.Literal( principalId = operatorId.toPrincipalId, action = DashboardAnalysisExplore, resourceIds = Nil ) ) lookerRole <- fromPpError[R, LookerRole] { if (hasViewerPermission) Right(SimpleViewer) else if (hasExplorerPermission) Right(SimpleExplorer) else Left(PpError.UnauthorizedError()) } …
2 2 ࠓճͷཁ݅
2 3 ReadOnlyͳݖݶ
2 4 ద༻ൣғ͕͍ʂ
2 5 ·͞ʹɹ͕ϒο͞Δཁ݅
2 6 ͜Ε·ͰͷScalebaseͷॲཧશͯʹ ͜ͷذΛ͢ͷɺେਓͰ͔͠ճͤͳ͍γεςϜͷ ೖΓޱͱͳΓ͏Δ͠ɺγϯϓϧʹઈରόάΔɻආ͚͍ͨɻ
2 7 υϝΠϯϩδοΫͷݖݶఆذʮہॴతͰͳ͚ΕͳΒͳ͍ʯ͕ɺ ΑΓେ͖ͳείʔϓతͳ֓೦ɺҙͷείʔϓΛઃఆͨ͠Βউखʹద༻͞Εͯ΄͍͠ͳ͊ ɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹɹ
2 8 ࡞Γ·ͨ͠
2 9 Scope༩ํ๏ղઆ
3 0 ·ͣContractʹ είʔϓ༩͢ΔܗͰղઆ͠·͢
3 1 ؆୯ 4εςοϓ
3 2 ᶃContractͷRead/WriteʹඞཁͳScopeΛ༩ implicit val scopeAllocator: ScopeAllocator[ContractId] = ScopeAllocator.allocate( readScope
= List(Action.ContractRead), writeScope = List(Action.ContractWrite) ) domainʹ͋ΔɺContractIdͱContractͷίϯύχΦϯΦϒδΣΫτʹscopeAllocatorΛઃఆ͠ ·͢ɻ
3 3 ᶄContractRepositoryͷγάχνϟʹͯ ฦΓΛࢦఆͷܕͰғ͏ def findById[R: _authzio: _trantask]( providerId: ProviderId,
id: ContractId ): Eff[R, ReadAuthzScopeRepoFilter[Option[Contract]]] def store[R: _authzio: _trantask: _clockm: _ppErrorEither]( entity: Contract ): Eff[R, WriteAuthzScope[Contract]] ReadScopeΛར༻͢ΔRepositoryͷϝιου ReadAuthzScopeRepoFilterɺ WriteScopeΛར༻͢ΔϝιουɺWriteAuthzScope Ͱғ͍·͢ Repositoryɺ͜ͷΠϯλʔϑΣʔεʹͳ͍ͬͯͳ͍ͱίϯύΠϧΤϥʔʹ͢Δscala fi xϧʔϧ ༻ҙͯ͠ΔͷͰྑ͖λΠϛϯάͰద༻͍͖͍ͯͨ͠ͱࢥ͍ͬͯ·͢ɻ
3 4 ᶅContractRepositoryImplʹͯ ࢦఆͷܕͰғͬͯฦ͢ // ReadScopeͷ༩ A => ReadAuthzScopeRepoFilter[A] yield
ReadAuthzScopeRepoFilter(maybe) // WriteScopeͷ༩ A => Eff[R, WriteAuthzScope[A]] contract <- fromPpError(stored.toRight(ResourceNotFoundError(resourceName = "contract", identifier = entity.id))) contractWithScope <- WriteAuthzScope(contract) WriteɺReadAuthzScopeRepoFilter.apply ͰWriteAuthzScopeͰแΉࡍʹscopeΛ༩͍ͯ͠ΔͷͰ A => Eff[R, WriteAuthzScope[A]] ͱͳΔͷͰforࣜͰapply͠·͢ɻ ReadɺReadAuthzScopeRepoFilter. fi lteredValueͰΛऔΓग़͢ࡍʹscopeΛ༩͍ͯ͠ΔͷͰɺA => ReadAuthzScopeRepoFilter[A]ͱͳΔͷͰyieldͳͲͰapply͠·͢ɻ
3 5 ᶆ࠷ޙʹPrimaryAdapterͰrun! runAuthz or runAll Ͱ࣮ߦ͢ΔͱɺࢦఆͷScopeʹର͢ΔݖݶΛ͍࣋ͬͯͳ͚Ε `ೝՄΤϥʔ` ʹͳΓ·͢ɻ BatchAdapterͰɺೝՄΛεΩοϓ͍ͨ͠ͷͰ
runAuthzIOWithoutRequest or runAllWithoutAuthzIORequestͱ͢ΔͱೝՄΛεΩοϓ͢Δ͜ͱͰ͖·͢ɻ
3 6 ͜Ε͚ͩͰ౷Ұతͳ είʔϓ੍͕ޚ͕ߦ͑·͢
3 7 ؆୯Ͱ͢Ͷʂ
3 8 Scopeͷࡉ͔͍Έ
3 9 ScopeΛStateͰදݱ͠ɺ ΤϑΣΫτελοΫʹಥͬࠐΜͰ͍Δ ೝՄScope͕༩͞Ε͍ͯΔ͜ͱΛࣔ͢ܕΫϥεͷapply࣌ʹɺimplictlyͰScopeAllocatorΛಋग़ ͠ɺStateʹScopeΛੵΜͰ͍·͢ɻ
4 0 ݱঢ়RepositoryͷΈ͕ͩͲ͜ͰੵΊΔ ͠ɺͲ͜ͰੵΜͰಉ͡StateͰཧͰ͖Δ Presenter Controller Repository(DB etc..) UseCase Domain
Set Scope A Set Scope B Set Scope C,D Set Scope E Set Scope F State[List[A,B,C,D,E,F], X] ͪΖΜɺෳͷRepositoryΛͬͯͦΕͧΕͰඞཁͳScope͕ηοτ͞ΕͨState͕खʹೖΓ ·͢ɻ
4 1 PrincipalStateͰཧ͍ͯ͠Δ HttpAdapterͷOperatorExtractorͱ͍͏JWTτʔΫϯ͔ΒOperatorIdΛExtract͢ΔॲཧͷதͰɺ PrincipalΛηοτ͍ͯ͠·͢ɻ ݱঢ়OperatorͷΈͰ͕͢ɺTokenͳͲ͜ͷํ๏ͰTokenId(?)ͳͲΛηοτ͠·͢ɻ _ <- AuthzIO.setPrincipal[R](operator.id.toPrincipalId)
4 2 runAuthzIO࣌ʹ ೝՄνΣοΫͷίϚϯυΛࠐΉ Runͷॲཧɺࣜʹରͯ͠Ұ͔͠ߦΘΕͳ͍ͷͰೝՄνΣοΫͷ໋ྩΛڬΉλΠϛϯάͱ͠ ͔ͯͳΓదͰ͢ɻ͜ΕʹΑͬͯԣஅతͳείʔϓͷνΣοΫΛҰͷॲཧͰޮతʹߦ͏͜ ͱ͕Ͱ͖·͢ɻ
4 3 ͋ͱೝՄνΣοΫͷίϚϯυ Λॲཧ͢Δ͚ͩ ೝՄRequestͷίϚϯυͰɺPrincipalIdͱScopeΛState͔ΒऔΓग़͠ɺPrincipalIdΛݩʹAuthzCtx͔Β AttachedPolicyΛऔಘ͠ɺScopeͱಥ߹͠ɺAllow/DenyΛఆ͠·͢ɻ RejectionͳͲͷॲཧ͋ΔͷͰׂͱෳࡶͰ͕͢ɺૄʹอ͍ͯͯ·͢ɻ(͜Ε͕֤ॴʹࢄΔͷׂͱ͋Γ͕ͪ…)
4 4 ɺॲཧΛͨ͠Γมߋ͢ΔͨͼʹೝՄΛҙࣝ͢Δඞཁ͕ͳ͘ ͳΓɺυϝΠϯϞσϧՃ࣌ʹ͚ͩҙࣝ͢ΕΑ͘ͳͬͨ υϝΠϯϞσϧՃ࣌ɺߟྀ͕࿙ΕͨΒίϯύΠϧΤϥʔͰݕ Ͱ͖ΔΑ͏ʹͳͬͨ(scala fi x࠷ߴ)
4 5 Ϙϒ͓͡͞Μ͕ʮηΩϡϦςΟΞϓϦέʔγϣϯಛ༗ͷؔ৺͝ ͱͰ͋ΓɺϏδωεΦϒδΣΫτ͜ͷ͜ͱʹ͍ͭͯҙࣝ͠ͳ ͍ʯతͳ͜ͱΛݴ͍ͬͯ·͕ͨ͠ɺݸਓతʹʮͦͷέʔε͋ Γɺͦ͏Ͱͳ͍έʔε͋Δʯͱߟ͍͑ͯ·͢ɻ
4 6 υϝΠϯϩδοΫͷذɺॲཧ༰ͦͷͷʹؔ༩͢Δέʔε ͱɺϏδωεΦϒδΣΫτ͕ҙࣝ͠ͳͯ͘ྑ͍Scopeͱ͍͏ܗͷ ྆ํΛόϥϯεΑ͘දݱͰ͖͍ͯΔ
4 7 ϑϩϯτͱͷΓͱΓ
4 8 ·ͣ FEͱBEͷೝՄͷϞνϕࠩʹ ͍ͭͯղઆ
4 9 BEͷೝՄͷϞνϕ - ೝՄઈରͷ੍ - ͜Ε͕कΒΕͳ͔ͬͨΒଈηΩϡϦςΟϦεΫ - ࠷ޙͷཁ
5 0 FEͷೝՄͷϞνϕ - ϢʔβʔͷೝෆՄΛԼ͛ɺମݧΛΑ͘͢ΔͨΊʹBEଆͰઃఆ͞Ε͍ͯΔೝՄใΛར༻͠ ͍ͨ - ࡉ͔͍ೝՄଐੑใΛΔඞཁͳ͘ɺʮΤϯυϙΠϯτ͕͚ͨͨΔݖݶΛ༗͢Δ͔൱͔ʯ ͘Β͍ͷཻͰ͔Εɺίϯϙʔωϯτͷඇ׆ੑԽʹ͑Δ -
࠷ѱɺඇ׆ੑԽ͞Εͳͯ͘BEଆͰೝՄΤϥʔͱͳΕOK
5 1 BEଆͰཧ͍ͯ͠Δࡉ͔͍ೝՄଐੑΛFEͰఆʹ͏ͱɺFE,BEͷ ີ݁߹ʹͭͳ͕ΓؾָʹೝՄଐੑΛมߋ͠ʹ͍͘ঢ়ଶʹͳΔɻ Կ͔Ұͭɺ͔·͍ͤͨ
5 2 ϑϩϯτଆ͕ղऍ͍͢͠ ܗʹೝՄใΛՃ͢Δ
5 3 SAT (Scalebase Authorization target)
5 4 ཁIAMͷScalebase൛Ͱ͢ - ΤϯυϙΠϯτͱ1-1ͰରԠ͢ΔrouteNameͱɺprincipalͷใΛදݱ͠·͢
5 5 SATͷ࡞Γํ
5 6 ΤϯυϙΠϯτΛՃ͢Δࡍʹ RPCΛఆٛ͢Δ ͜Ε·Ͱɺrequest,response͚ͩఆٛͯ͠·͕ͨ͠ɺrpcఆٛ͢ΔΑ͏ʹ͠·͢ɻ ͜ͷrpcͰBEͷRouteҰཡΛFEͱڞ༗͠·͢ɻ BEଆͰSATͷΈཱͯ࣌ʹར༻͠·͢ɻ
5 7 SATConverterͰม FEΦϖϨʔλʔʹඥ͍ͮͨSATΛOperatorPolicyAPIͰऔಘ͠ɺݖݶͷͳ͍ػೳͷಋઢΛඇ ׆ੑԽͨ͠Γ͠·͢ɻ ΤϯυϙΠϯτΛՃͨ͠ΒRPCͷϓϩόϑͱɺSATConverterΛ͍͡Δඞཁ͕͋ΔͷͰҙ ʢ͜ͷลࣗಈͰΑ͠ͳʹ͍ͨ͠ɾɾɾ͕ɺ࠷ѱ࿙ΕͯBEೝՄΤϥʔʹͳΔͷͰηΩϡϦ ςΟϦεΫʹͳΒͳ͍ʣ
5 8 ϑϩϯτଆͷରԠ ͻ·ͷ͕͋γϡοͱ͚ͭΒΕΔΑ͏ʹͯ͘͠Ε͍ͯΔɻ
5 9 ੍ޚ͍ͨ͠ίϯϙʔωϯτΛ PermissionͰғ͏͚ͩ https://www.notion.so/alpinc/ADR-1667a3385947474e926567413512cf91?p=252d0ed6f3634037b78b704e8ead87ba https://www.notion.so/alpinc/ADR-1667a3385947474e926567413512cf91?p=2c7e0b82c44646feb8f15ba6cc411a0e ৄ͍͍͠ํ👇👇👇
6 0 StorybookͰ֬ೝͰ͖ΔΑ͏ʹͳ͍ͬͯΔɻ Allowed/Denied ProviderΛఆٛ͢Δ͚ͩ
6 1 ࠓޙͷԠ༻
6 2 ResourceIdϑΟϧλͷޮԽ ͕݅ଟ͘ͳΔͱϑΟϧλΛΞϓϦଆͰΔͷ͔ͳΓඇޮͳͷͰɺDaoEffʹੵΈɺSQL ͷwhere۟ʹresoruceIdΛࠐΊΔΑ͏ʹ͍ͨ͠
6 3 PresenterͷEffԽ PresenterΛEffʹੵΉͱɺPresenterͷॲཧͰAuthz͕γʔϜϨεʹར༻Ͱ͖ΔΑ͏ʹͳΔͷ Ͱɺͨͱ͑ʮಛఆͷใΛϚεΫ͍ͨ͠ʯͳͲͷཁ݅ʹ؆୯ʹରԠͰ͖ΔΑ͏ʹͳΓ· ͢ɻཁ͕݅ग़͖ͯͨΒ͍͖͍ͬͯͨɻ
6 4 ݖݶཧը໘ ݖݶཧը໘ɺ݁ߏΉ͍ͣɻϑϩϯτʹೝՄͷৄࡉΛ͑Δඞཁ͕ͳ͍ͷͰSATΛ༻ҙ͠· ͕ͨ͠ɺOperatorʹࡉ͔͑͘Δඞཁ͕͋Δɻ AWSͷIAMΤσΟλΛࢀߟʹ࡞͍͖͍͍͍͍͍ͬͯͨɻʢݱঢ়ɺOperator࡞࣌ʹͳΜͰͰ ͖ΔݖݶΛ༩͍ͯ͠Δ + όονͰݖݶՃͰ͖ΔΑ͏ʹ͍ͯ͠·͢ɻʣ
6 5 ࠷ޙʹ
6 6 ·ͩվળͷ༨͋Δ͕ɺ ͔ͳΓ͍͍ײ͡ʹ࡞Εͨ
6 7
6 8 ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠