Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ここが嬉しいABAC ここが辛いよABAC #再解説+補足編

Avatar for MasahiroKawahara MasahiroKawahara
April 17, 2024
Technology
1
670

ここが嬉しいABAC ここが辛いよABAC #再解説+補足編

Avatar for MasahiroKawahara

MasahiroKawahara

April 17, 2024
Tweet

More Decks by MasahiroKawahara

See All by MasahiroKawahara
生まれ変わった AWS Security Hub (Preview) を紹介 #reInforce_osaka / reInforce New Security Hub
Avatar for MasahiroKawahara masahirokawahara
0
470
Amazon DevOps Guru のベースラインを整備して1ヶ月ほど運用してみた #jawsug_asa / Amazon DevOps Guru trial
Avatar for MasahiroKawahara masahirokawahara
3
320
DuckDB MCPサーバーを使ってAWSコストを分析させてみた / AWS cost analysis with DuckDB MCP server
Avatar for MasahiroKawahara masahirokawahara
0
1.9k
セキュリティ系アップデート全体像と AWS Organizations 新ポリシー「宣言型ポリシー」を紹介 / reGrowth 2024 Security
Avatar for MasahiroKawahara masahirokawahara
0
900
わたしとトラックポイント / TrackPoint tips
Avatar for MasahiroKawahara masahirokawahara
1
450
AWS CLIとシェルスクリプト、いつ使う?活用できる場面とTips紹介 #devio2024 / AWS CLI and Shell Tips
Avatar for MasahiroKawahara masahirokawahara
0
1.4k
EC2の脆弱性対応で何が使える? Inspector や SSM あたりを整理する #nakanoshima_dev
Avatar for MasahiroKawahara masahirokawahara
2
2.2k
SSM Inventory を使って便利に EC2 棚卸し(ハマりどころを添えて)
Avatar for MasahiroKawahara masahirokawahara
2
1.3k
疲弊しない!AWSセキュリティ統制の考え方 #devio_osakaday1
Avatar for MasahiroKawahara masahirokawahara
6
8.5k

Other Decks in Technology

See All in Technology
オーティファイ会社紹介資料 / Autify Company Deck
Avatar for Autify autifyhq
10
130k
Operating Operator
Avatar for Jun Kokatsu shhnjk
1
580
事業成長の裏側:エンジニア組織と開発生産性の進化 / 20250703 Rinto Ikenoue
Avatar for SHIFT EVOLVE shift_evolve
PRO
2
21k
SEQUENCE object comparison - db tech showcase 2025 LT2
Avatar for Noriyoshi Shinoda nori_shinoda
0
140
Lufthansa ®️ USA Contact Numbers: Complete 2025 Support Guide
Avatar for danielconkling870 lufthanahelpsupport
0
190
成長し続けるアプリのためのテストと設計の関係、そして意思決定の記録。
Avatar for SansanTech sansantech
PRO
0
120
AI専用のリンターを作る #yumemi_patch
Avatar for 弁護士ドットコム bengo4com
5
4.3k
LangChain Interrupt & LangChain Ambassadors meetingレポート
Avatar for os1ma os1ma
2
310
OPENLOGI Company Profile
Avatar for OPENLOGI hr01
0
67k
Delta airlines®️ USA Contact Numbers: Complete 2025 Support Guide
Avatar for ape1422 airtravelguide
0
340
開発生産性を組織全体の「生産性」へ! 部門間連携の壁を越える実践的ステップ
Avatar for ussy / @sudo5in5k sudo5in5k
2
7k
Geminiとv0による高速プロトタイピング
Avatar for Shinya Masadome(東京AI祭) shinya337
1
270

Featured

See All Featured
Performance Is Good for Brains [We Love Speed 2024]
Avatar for Tammy Everts tammyeverts
10
950
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
90
590k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
50
5.5k
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
54
6.4k
Code Reviewing Like a Champion
Avatar for maltzj maltzj
524
40k
Faster Mobile Websites
Avatar for Dean Hume deanohume
307
31k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
251
21k
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1031
460k
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.1k
Building a Modern Day 
E-commerce SEO Strategy
Avatar for Aleyda Solis aleyda
42
7.4k
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
379
70k
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
248
1.3M

Transcript

  1. ͕͜͜خ͍͠"#"$ ͕͜͜ਏ͍Α"#"$ ࠶ղઆ ิ଍ฤ

  2. ࣗݾ঺հ ઒ݪ੐େ LBXBIBSBNBTBIJSP ˔ $MBTTNFUIPE"84ࣄۀຊ෦ίϯαϧςΟϯά෦ ˔ ೥͔Β"84ηΩϡϦςΟ౷੍Λ͝ࢧԉ ˓ 0SHBOJ[BUJPOT $POUSPM5PXFS

    ˓ 4FDVSJUZ)VC (VBSE%VUZͳͲ ˔ "1/"845PQ&OHJOFFST 4FSWJDF ˔ +BQBO"845PQ&OHJOFFST 4FDVSJUZ https://dev.classmethod.jp/author/kawahara-masahiro/ 2

  3. 📝 ࿩͢಺༰ ˔ ࠷ॳʹ·ͱΊ ॻ͍ͨഎܠ ˔ 3#"$Λͬ͘͟Γͱ࠶આ໌ ˔ "#"$Λͬ͘͟Γͱ࠶આ໌ ˔

    "#"$PO"84ͷਏΈΛͬ͘͟Γͱ࠶આ໌ ˔ ิ଍

  4. ࠷ॳʹ·ͱΊ ॻ͍ͨഎܠ

  5. ϒϩάͷαϚϦʔ ˔ "#"$͸ 3#"$ͷ՝୊Λղܾ͢Δखஈ ˓ ϓϩδΣΫτ΍νʔϜ਺ͷεέʔϧʹڧ͍ ˓ ͖Ίࡉ͔ͳΞΫηε੍ޚ ˔ Ͱ΋"84؀ڥʹ͓͍ͯ͸

    ਏ͍͜ͱ͕ଟ͍ ˓ *".ϙϦγʔઃܭ ˓ ଐੑ λά ͷӡ༻ ˔ ·ͣ͸"84ΞΧ΢ϯτ෼཭ͰରԠͰ͖ͳ͍͔ɺݕ౼͍ͨ͠ "84ʹ͓͚Δ"#"$ͷخ͠͞ɺਏ͞ΛޠΓ·ͨ͠ ",*#""84c%FWFMPQFST*0 IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBLJCBBXTJBNBCBD

  6. ॻ͍ͨഎܠ *".ઃܭͷ͝ࢧԉΛաڈʹ࣮ࢪ ͭͷ"84ΞΧ΢ϯτ಺ʹڞ௨తʹར༻͢ΔαʔϏε͕༗Γɺ ෳ਺ϓϩδΣΫτ͕ࠞࡏ͍ͯ͠Δ؀ڥ ޓ͍ʹผϓϩδΣΫτͷϦιʔεʹׯবͰ͖ͳ͍Α͏ʹ͍ͨ͠ ˠ"#"$Λ࢖͑ͳ͍͔ʁ ͍Ζ͍Ζͱઃܭɾ࣮૷ͨ݁͠Ռɺྑ͍ͱ͜Ζ΋͋Γͳ͕Βɺ ʮਏ͍ͱ͜Ζ🌶ʯ ΋୔ࢁ͋ͬͨ ͦͷ಺༰Λڞ༗ͨ͠΋ͷ

    "84ʹ͓͚Δ"#"$ͷخ͠͞ɺਏ͞ΛޠΓ·ͨ͠ ",*#""84c%FWFMPQFST*0 IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBLJCBBXTJBNBCBD

  7. 3#"$Λͬ͘͟Γͱ࠶આ໌

  8. *".ϙϦγʔઃܭ OPU3#"$

  9. *".ϙϦγʔઃܭ 3#"$

  10. 3#"$ͱ͸ ˔ 3PMF#BTFE"DDFTT$POUSPM ໾ׂϕʔεͷΞΫηε੍ޚ ˔ ϓϦϯγύϧͷ໾ׂ 3PMF ʹج͍ͮͯϙϦγʔઃܭΛߦ͏

  11. 3#"$ͷಛ௃ ˔ ώτͱݖݶ ϙϦγʔ ͷؒʹ ໾ׂΛڬΉ ˔ ݖݶ ϙϦγʔ ͕ώτʹࠨӈ͞Εͳ͍

    ˔ *".ϙϦγʔઃܭͷ࠷΋جຊ ˔ ઃܭӡ༻͕γϯϓϧɺ෼͔Γ΍͍͢ ˓ ໾ׂΛચ͍ग़͢ ˓ ໾ׂʹରԠ͢ΔϙϦγʔΛઃܭ͢Δ ˓ ໾ׂͱϢʔβʔΛඥ෇͚Δ

  12. "#"$Λͬ͘͟Γͱ࠶આ໌

  13. ˛ൺֱ

  14. "#"$ͱ͸ ˔ "UUSJCVUF#BTFE"DDFTT$POUSPM ଐੑϕʔεͷΞΫηε੍ޚ ˔ ϓϦϯγύϧͷଐੑʹج͍ͮͯϙϦγʔઃܭΛߦ͏

  15. "#"$ͷಛ௃ ˔ ϓϦϯγύϧ ΞΫηεઌϦιʔε ʹଐੑΛ෇༩͢Δ ˔ ؅ཧ͢ΔϙϦγʔ਺͕গͳ͘ͳΔ ˔ ϓϩδΣΫτ΍νʔϜ਺ͷεέʔϧʹڧ͍ ˓

    3#"$͸ʮώτʯʹࠨӈ͞Εͳ͍ ➔ "#"$͸ʮ໾ׂʯʹࠨӈ͞Εͳ͍ ˔ ͖Ίࡉ͔ͳΞΫηε੍ޚΛ࣮ݱͰ͖Δ ˓ ෳ਺ͷଐੑΛ෇༩ͯ͠ɺΑΓॊೈ ෳࡶ ͳ੍ޚ΋Մೳ

  16. "84ͷ"#"$ "84ͷ"#"$͸ʰλάʱΛ׆༻

  17. "#"$PO"84ͷਏΈΛ ͬ͘͟Γͱ࠶આ໌

  18. "#"$PO"84ͷਏ͍ͱ͜Ζ ˔ ϙϦγʔઃܭ͕ਏ͍ ਏ͞🌶 ˓ ΑΓҰ૚"84υΩϡϝϯτΛಡΈࠐΉ ˓ ͦ΋ͦ΋ "#"$ʹରԠ͍ͯ͠ͳ͍αʔϏε͕͋Δ ˓

    $POEJUJPOઃܭͰপʹϋϚΓ͕ͪ ˠ࣍ͰϐοΫΞοϓ ˔ λάӡ༻͕ਏ͍ ਏ͞🌶🌶🌶 ˓ ʮλά͸ࣗ༝౓͕ߴ͗͢ΔʯͷͰ੍ޚ͕େม ˓ ܧଓతͳλά؂ࢹ͕ඞਢ

  19. l*".$POEJUJPOઃܭͷপz ྫ AWS IAMポリシーのConditionを書くときの勘所 #devio2022 | DevelopersIO IUUQTEFWDMBTTNFUIPEKQBSUJDMFTEFWJPJBNDPOEJUJPO

  20. l*".$POEJUJPOઃܭͷপz ྫ AWS IAMポリシーのConditionを書くときの勘所 #devio2022 | DevelopersIO IUUQTEFWDMBTTNFUIPEKQBSUJDMFTEFWJPJBNDPOEJUJPO

  21. վΊͯϒϩάͷαϚϦʔΛ࠶ܝ ˔ "#"$͸ 3#"$ͷ՝୊Λղܾ͢Δखஈ ˓ ϓϩδΣΫτ΍νʔϜ਺ͷεέʔϧʹڧ͍ ˓ ͖Ίࡉ͔ͳΞΫηε੍ޚ ˔ Ͱ΋"84؀ڥʹ͓͍ͯ͸

    ਏ͍͜ͱ͕ଟ͍ ˓ *".ϙϦγʔઃܭ ˓ ଐੑ λά ͷӡ༻ ˔ ·ͣ͸"84ΞΧ΢ϯτ෼཭ͰରԠͰ͖ͳ͍͔ɺݕ౼͍ͨ͠ "84ʹ͓͚Δ"#"$ͷخ͠͞ɺਏ͞ΛޠΓ·ͨ͠ ",*#""84c%FWFMPQFST*0 IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBLJCBBXTJBNBCBD

  22. ิ଍

  23. ཧ૝͸ʮجຊ3#"$ νϣοτμέ"#"$ʯ ˔ େ࿮ͷݖݶઃܭ͸ 3#"$ Λϕʔεʹ͢Δ ˔ ہॴతͳࡉ੍͔͍ޚΛ "#"$ Ͱ࣮૷͢Δ

    ˔ lνϣοτμέz ͷྫ ˓ ಛఆλά͕෇͍ͨ&$ΠϯελϯεͷΈىಈɾఀࢭͰ͖ΔΑ͏ʹ͢Δ ˓ ಛఆλά͕෇͍ͨ4FDSFUTͷΈಡΈऔΕΔ ˓ ಛఆλά͕෇͍ͨ-BNCEBؔ਺ͷΈىಈͰ͖Δ ˓ 

  24. "#"$ؔ܎ͳ͍࿩ ಡऔઐ༻ΞΫηεΛ༻ҙͯ͠·͔͢ʁ ؅ཧऀ͸ߋ৽࡞ۀ༻ͷΞΫηεͱಡऔઐ༻ͷΞΫηεΛఏڙͯ͋͛͠Α͏ ར༻ऀ͸ߋ৽͢Δͱ͖Ҏ֎͸ɺ ಡऔ༻ͷΞΫηεͰ"84؀ڥʹೖΔΑ͏ʹ৺͕͚Α͏ ʮ࢓૊Έ 3#"$΍"#"$ ʯͱʮݸʑਓͷηΩϡϦςΟҙࣝʯͷ྆ํ͔Β࠷খݖݶΛ࣮ݱ͠Α͏

  25. 25