AWS Organizationsでマルチアカウント戦略を始めよう

"840SHBOJ[BUJPOTͰ ϚϧνΞΧ΢ϯτઓུΛ࢝ΊΑ͏ ઒ݪ੐େ

εϥΠυ͸ޙʹೖखՄೳͰ͢ ൃදதͷ಺༰ΛϝϞ͢Δඞཁ͸͋Γ·ͤΜ Attention

Έͳ͞Μ͕೔ৗͰ࢖͍ͬͯΔ AWSΞΧ΢ϯτΛࢥ͍ු͔΂͍ͯͩ͘͞

EC2Πϯελϯεͷ ϦιʔεҰཡը໘

Α͘࢖͍ͬͯΔ IAMϢʔβʔ΍IAMϩʔϧ

AWSར༻ͷ੥ٻ৘ใ

͜Μͳײ͡ʹͳ͍ͬͯ·ͤΜ͔ʁ

͍ΖΜͳϓϩδΣΫτ/؀ڥͷ EC2Πϯελϯε͕ͪ͝Ό·ͥ

IAMϙϦγʔਫ਼ࠪʹർฐ͍ͯ͠Δ

ٯʹա৒ͳIAMϙϦγʔΛ෇༩͍ͯ͠Δ

৭ΜͳϓϩδΣΫτͷ ίετ͕ͪ͝Ό·ͥ

౰ͯ͸·Δํ͸ɾɾɾ ͥͻϚϧνΞΧ΢ϯτઓུ with AWS OrganizationsΛʂ

͜Ε͔Β࿩͢͜ͱ ɾϚϧνΞΧ΢ϯτઓུ͸ͳͥඞཁʁ ɾ"840SHBOJ[BUJPOT͸ͳͥඞཁʁ ɾϚϧνΞΧ΢ϯτઓུɺԿ͔Β࢝ΊΔʁ ઒ݪ ੐େ ɾΫϥεϝιου ɾAWSࣄۀຊ෦ ίϯαϧςΟϯά෦ॴଐ
ɾ޷͖ͳAWSαʔϏε: AWS IAM ɾ2022 APN AWS Top Engineers (Service) https://dev.classmethod.jp/author/kawahara-masahiro/

ϚϧνΞΧ΢ϯτઓུ͸ͳͥඞཁʁ

ͦ΋ͦ΋ ϚϧνΞΧ΢ϯτઓུͱ͸ʁ

"84ͷϚϧνΞΧ΢ϯτઓུ ʰಛఆͷ୯Ґج४Ͱ"84ΞΧ΢ϯτΛ෼͚Δʱઓུ

ͳͥඞཁʁ

AWSΞΧ΢ϯτͷಛੑΛ͏·͘׆༻ͯ͠ ΞδϦςΟͱΨόφϯεΛཱ྆ͤ͞ΔͨΊ Q. AWSϚϧνΞΧ΢ϯτઓུ͸ͳͥඞཁʁ

ϚϧνΞΧ΢ϯτઓུͷϝϦοτ

ϝϦοτηΩϡϦςΟ޲্ "84ΞΧ΢ϯτ͸ηΩϡϦςΟͷڥքઢ l׬શͳݖݶ෼཭zΛ࣮ݱ

ϝϦοτ։ൃεϐʔυͷଅਐ "84ΞΧ΢ϯτ͸Ϧιʔεͷڥքઢ ଞϦιʔεͱͷlґଘؔ܎zΛഉআ

ϝϦοτίετ࠷దԽ "84ΞΧ΢ϯτ͸ίετͷڥքઢ l؆୯ʹz͔ͭlݫີʹzίετ෼ྨ

͜͜·Ͱͷ·ͱΊ ϚϧνΞΧ΢ϯτઓུͰ͸ʰಛఆͷ୯Ґج४ʱͰ "84ΞΧ΢ϯτΛ෼ׂͯ͠ӡ༻͍ͯ͘͠ɻ ΞδϦςΟͱΨόφϯεΛཱ྆ͤ͞ΔͨΊʹඞཁɻ "84ΞΧ΢ϯτͷಛੑ ༷ʑͳڥքઢ Λ͏·͘׆༻ɻ

AWS Organizations͸ͳͥඞཁʁ

"840SHBOJ[BUJPOT ෳ਺"84ΞΧ΢ϯτΛ૊৫Խͯ͠৭ʑͰ͖ΔΑ͏ʹ͢ΔαʔϏε ը૾Ҿ༻: AWS Organizations ͷ༻ޠͱ֓೦ - AWS Organizations

ͳͥඞཁʁ

ϚϧνΞΧ΢ϯτઓུͷಛੑ্ ౷੍͕൥ࡶʹͳΓ͕ͪͳ෦෼Λ αϙʔτ͢ΔͨΊ Q. AWS Organizations͸ͳͥඞཁʁ

AWS Organizations͕αϙʔτ͢Δ͜ͱ #ϐοΫΞοϓ

ྫ੥ٻͷ؆ૉԽ ϚϧνΞΧ΢ϯτઓུ͸lΞΧ΢ϯτຖͷ੥ٻ؅ཧz͕൥ࡶʹͳΓ͕ͪ ➔l؅ཧΞΧ΢ϯτz΁੥ٻΛू໿ 5JQT "840SHBOJ[BUJPOTͰ͸ छྨͷ"84ΞΧ΢ϯτΛఆΊ·͢ ؅ཧΞΧ΢ϯτ ͭ
0SHBOJ[BUJPOTΛ༗ޮԽͨ͠ΞΧ΢ϯτ ϝϯόʔΞΧ΢ϯτ ෳ਺ ؅ཧΞΧ΢ϯτʹ؅ཧ͞ΕΔΞΧ΢ϯτ 📝

ϚϧνΞΧ΢ϯτઓུ͸lϩά౷੍z͕൥ࡶʹͳΓ͕ͪ ➔l"840SHBOJ[BUJPOT࿈ܞzͰ؆୯ʹू໿ɺूத؅ཧ ྫϩά ূ੻ ͷू໿ͱूத؅ཧ 5JQT "840SHBOJ[BUJPOT͸ଟ͘ͷ"84αʔϏεͱ ࿈ܞ͍ͯ͠·͢ɻ 📝

ྫΞΫηε੍ޚͷҰׅઃఆ ϚϧνΞΧ΢ϯτઓུ͸lηΩϡϦςΟ౷੍z͕൥ࡶʹͳΓ͕ͪ ➔αʔϏείϯτϩʔϧϙϦγʔ 4$1 ͰҰׅΞΫηε੍ޚ 5JQT 0SHBOJ[BUJPOBM6OJU ૊৫୯Ґ06
ϝϯόʔΞΧ΢ϯτΛάϧʔϓԽ֊૚Խ ͢ΔͨΊͷ࿮ αʔϏείϯτϩʔϧϙϦγʔ 4$1 06ΞΧ΢ϯτ୯ҐͰద༻͢ΔϙϦγʔ 📝

ྫϢʔβʔͱΞΫηεͷूத؅ཧ ϚϧνΞΧ΢ϯτઓུ͸lϢʔβʔɾΞΫηε؅ཧz͕൥ࡶʹͳΓ͕ͪ ➔l"84*".*EFOUJUZ$FOUFSzͰूத؅ཧ

͜͜·Ͱͷ·ͱΊ "840SHBOJ[BUJPOT͸ෳ਺ͷ"84ΞΧ΢ϯτΛ૊৫ Խͯ͠ɺ৭ʑͰ͖ΔΑ͏ʹ͢ΔαʔϏεɻ ϚϧνΞΧ΢ϯτઓུͰ౷੍͕൥ࡶʹͳΓ͕ͪͳ෦෼Λ αϙʔτ͢Δɻ

ϚϧνΞΧ΢ϯτઓུɺԿ͔Β࢝ΊΔʁ

͓͢͢Ίεςοϓ ᶃ"84ΞΧ΢ϯτ෼ׂํ਑ΛܾΊΑ͏ ᶄαʔϏείϯτϩʔϧϙϦγʔ 4$1 Λ׆༻͠Α͏ ᶅ"84*".*EFOUJUZ$FOUFSΛ׆༻͠Α͏ ᶆ৭Μͳ0SHBOJ[BUJPOT࿈ܞαʔϏεΛ׆༻͠Α͏

ᶃ"84ΞΧ΢ϯτ෼ׂํ਑ΛܾΊΑ͏ "84ΞΧ΢ϯτΛ෼ׂ͢Δج४ΛఆΊ·͠ΐ͏ ͦΕʹ͋Θͤͨ૊৫୯Ґ 06 ઃܭΛߦ͍·͢

ᶃ"84ΞΧ΢ϯτ෼ׂํ਑ΛܾΊΑ͏ ΞΧ΢ϯτ෼ׂ06ઃܭͷϞσϧέʔε

ᶃ"84ΞΧ΢ϯτ෼ׂํ਑ΛܾΊΑ͏ ΞΧ΢ϯτ෼ׂ06ઃܭͷϞσϧέʔε ΞΧ΢ϯτԣஅͰ ηΩϡϦςΟӡ༻͢ΔͨΊͷ "84ΞΧ΢ϯτ ΞΧ΢ϯτԣஅͰ ϩάΛूத؅ཧ͢ΔͨΊͷ "84ΞΧ΢ϯτ →
↑ ݕূ ඇຊ൪ ϫʔΫϩʔυͷ "84ΞΧ΢ϯτΛ഑ஔ͢Δ06 ↓ ຊ൪ϫʔΫϩʔυͷ "84ΞΧ΢ϯτΛ഑ஔ͢Δ06 ↓

ᶄαʔϏείϯτϩʔϧϙϦγʔ 4$1 Λ׆༻͠Α͏ ༧๷తΨʔυϨʔϧͱͯ͠ϑϧ׆༻ ˝Α͋͘Δ੍ޚྫ ɾ࢖Θͳ͍ϦʔδϣϯͰͷૢ࡞ېࢭ ɾηΩϡϦςΟαʔϏεͷແޮԽېࢭFUD ࢀߟ: αʔϏείϯτϩʔϧϙϦγʔͷྫ
- AWS Organizations

ᶅ"84*".*EFOUJUZ$FOUFSΛ׆༻͠Α͏ l୭͕ͲͷΞΧ΢ϯτʹͲͷݖݶͰΞΫηε͢Δ͔zΛूத؅ཧ ֤"84ΞΧ΢ϯτʹ*".ϢʔβʔΛ࡞Δඞཁ͕ແ͘ͳΓ·͢

ᶆ৭Μͳ0SHBOJ[BUJPOT࿈ܞαʔϏεΛ׆༻͠Α͏ શͯΛ׆༻͍ͯ͘͠ඞཁ͸ແ͠ ˝͓͢͢Ί0SHBOJ[BUJPOT࿈ܞαʔϏε ɾ"84$MPVE5SBJM૊৫ϨϕϧͰূ੻Λ؅ཧ ɾ"84$MPVE'PSNBUJPO06୯ҐͰϦιʔεΛల։ ɾ"NB[PO(VBSE%VUZ "844FDVSJUZ)VC ࣍εϥΠυ

"NB[PO(VBSE%VUZ "844FDVSJUZ)VC ηΩϡϦςΟαʔϏεΛΞΧ΢ϯτԣஅͰ؅ཧɾӡ༻ ࢀߟ: ɾOrganizations ؀ڥͰ Amazon GuardDuty ΛશϦʔδϣϯ΁؆୯ηοτΞοϓͯ͠ΈΔ
| DevelopersIO ɾOrganizations ؀ڥͰ AWS Security Hub ΛશϦʔδϣϯ΁؆୯ηοτΞοϓ͢Δ | DevelopersIO

͓ΘΓʹ

͓ΘΓʹ "84ΞΧ΢ϯτͷಛੑΛ্ख͘׆༻ͯ͠ɺϚϧνΞΧ ΢ϯτઓུΛਪਐ͠·͠ΐ͏ɻ ਪਐαϙʔτʹ͸"840SHBOJ[BUJPOT͕ศརͰ͢ɻ lεϞʔϧελʔτzɺl·ͣ͸৮ͬͯΈΔzΛҙࣝ͠· ͠ΐ͏ʂ

࠷ޙʹએ఻$MBTTNFUIPE$MPVE(VJEFCPPL ʮ૊৫తͳ"84׆༻ͷͨΊͷϊ΢ϋ΢ʯΛ·ͱΊͨφϨοδू Ϋϥεϝιουϝϯόʔζ޲͚ʹແঈެ։தͰ͢📚 ˛"84αʔϏεͷϕετϓϥΫςΟε ˛"84ར༻ΨΠυϥΠϯͷαϯϓϧ ˞্ه಺༰͸౎౓ߋ৽͞ΕΔՄೳੑ͕͋Γɺ࣮ࡍͷϖʔδͱҟͳΔ৔߹͕͋Γ·͢ Ϋϥεϝιουϝϯόʔζϙʔλϧɿ ʮ͓໾ཱͪ৘ใʯˠʮ૊৫తͳ"84׆༻ͷͨΊͷϊ΢ϋ΢ʯ

AWS Organizationsでマルチアカウント戦略を始めよう

AWS Organizationsでマルチアカウント戦略を始めよう

More Decks by MasahiroKawahara

Other Decks in Technology

Featured

Transcript