Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ここが嬉しいABAC ここが辛いよABAC #再解説+補足編

Avatar for MasahiroKawahara MasahiroKawahara
April 17, 2024
Technology
1
680

ここが嬉しいABAC ここが辛いよABAC #再解説+補足編

Avatar for MasahiroKawahara

MasahiroKawahara

April 17, 2024
Tweet

More Decks by MasahiroKawahara

See All by MasahiroKawahara
生まれ変わった AWS Security Hub (Preview) を紹介 #reInforce_osaka / reInforce New Security Hub
Avatar for MasahiroKawahara masahirokawahara
0
650
Amazon DevOps Guru のベースラインを整備して1ヶ月ほど運用してみた #jawsug_asa / Amazon DevOps Guru trial
Avatar for MasahiroKawahara masahirokawahara
3
360
DuckDB MCPサーバーを使ってAWSコストを分析させてみた / AWS cost analysis with DuckDB MCP server
Avatar for MasahiroKawahara masahirokawahara
0
2.1k
セキュリティ系アップデート全体像と AWS Organizations 新ポリシー「宣言型ポリシー」を紹介 / reGrowth 2024 Security
Avatar for MasahiroKawahara masahirokawahara
0
940
わたしとトラックポイント / TrackPoint tips
Avatar for MasahiroKawahara masahirokawahara
1
480
AWS CLIとシェルスクリプト、いつ使う?活用できる場面とTips紹介 #devio2024 / AWS CLI and Shell Tips
Avatar for MasahiroKawahara masahirokawahara
0
1.4k
EC2の脆弱性対応で何が使える? Inspector や SSM あたりを整理する #nakanoshima_dev
Avatar for MasahiroKawahara masahirokawahara
2
2.3k
SSM Inventory を使って便利に EC2 棚卸し(ハマりどころを添えて)
Avatar for MasahiroKawahara masahirokawahara
2
1.3k
疲弊しない!AWSセキュリティ統制の考え方 #devio_osakaday1
Avatar for MasahiroKawahara masahirokawahara
6
8.5k

Other Decks in Technology

See All in Technology
生成AI導入の効果を最大化する データ活用戦略
Avatar for ham ham0215
0
110
마라톤 끝의 단거리 스퍼트: 2025년의 AI
Avatar for Jeongkyu Shin inureyes
PRO
1
710
形式手法特論:位相空間としての並行プログラミング #kernelvm / Kernel VM Study Tokyo 18th
Avatar for y_taka_23 ytaka23
3
1.1k
【Λ(らむだ)】最近のアプデ情報 / RPALT20250729
Avatar for Λ lambda
0
230
LTに影響を受けてテンプレリポジトリを作った話
Avatar for Horikawa hol1kgmg
0
330
Backlog AI アシスタントが切り開く未来
Avatar for vvatanabe vvatanabe
0
100
【CEDEC2025】『ウマ娘 プリティーダービー』における映像制作のさらなる高品質化へ!~ 豊富な素材出力と制作フローの改善を実現するツールについて~
Avatar for Cygames cygames
PRO
0
240
VLMサービスを用いた請求書データ化検証 / SaaSxML_Session_1
Avatar for Sansan R&D sansan_randd
0
230
Bet "Bet AI" - Accelerating Our AI Journey #BetAIDay
Avatar for LayerX layerx
PRO
4
1.6k
Lambda management with ecspresso and Terraform
Avatar for Michael H. Oshita ijin
2
150
Rubyの国のPerlMonger
Avatar for AnaTofuZ anatofuz
3
730
【CEDEC2025】『Shadowverse: Worlds Beyond』二度目のDCG開発でゲームをリデザインする~遊びやすさと競技性の両立~
Avatar for Cygames cygames
PRO
1
300

Featured

See All Featured
KATA
Avatar for Megan Lloyd mclloyd
32
14k
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1370
200k
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
1
530
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
Avatar for Dan Newman danielanewman
229
22k
The Web Performance Landscape in 2024 [PerfNow 2024]
Avatar for Tammy Everts tammyeverts
8
750
The Language of Interfaces
Avatar for Des Traynor destraynor
158
25k
Statistics for Hackers
Avatar for Jake VanderPlas jakevdp
799
220k
The Success of Rails: Ensuring Growth for the Next 100 Years
Avatar for Eileen M. Uchitelle eileencodes
46
7.5k
ReactJS: Keep Simple. Everything can be a component!
Avatar for Pedro Nauck pedronauck
667
120k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
Avatar for Chris Coyier chriscoyier
507
140k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
33
2.4k
Building Flexible Design Systems
Avatar for Yesenia Perez-Cruz yeseniaperezcruz
328
39k

Transcript

  1. ͕͜͜خ͍͠"#"$ ͕͜͜ਏ͍Α"#"$ ࠶ղઆ ิ଍ฤ

  2. ࣗݾ঺հ ઒ݪ੐େ LBXBIBSBNBTBIJSP ˔ $MBTTNFUIPE"84ࣄۀຊ෦ίϯαϧςΟϯά෦ ˔ ೥͔Β"84ηΩϡϦςΟ౷੍Λ͝ࢧԉ ˓ 0SHBOJ[BUJPOT $POUSPM5PXFS

    ˓ 4FDVSJUZ)VC (VBSE%VUZͳͲ ˔ "1/"845PQ&OHJOFFST 4FSWJDF ˔ +BQBO"845PQ&OHJOFFST 4FDVSJUZ https://dev.classmethod.jp/author/kawahara-masahiro/ 2

  3. 📝 ࿩͢಺༰ ˔ ࠷ॳʹ·ͱΊ ॻ͍ͨഎܠ ˔ 3#"$Λͬ͘͟Γͱ࠶આ໌ ˔ "#"$Λͬ͘͟Γͱ࠶આ໌ ˔

    "#"$PO"84ͷਏΈΛͬ͘͟Γͱ࠶આ໌ ˔ ิ଍

  4. ࠷ॳʹ·ͱΊ ॻ͍ͨഎܠ

  5. ϒϩάͷαϚϦʔ ˔ "#"$͸ 3#"$ͷ՝୊Λղܾ͢Δखஈ ˓ ϓϩδΣΫτ΍νʔϜ਺ͷεέʔϧʹڧ͍ ˓ ͖Ίࡉ͔ͳΞΫηε੍ޚ ˔ Ͱ΋"84؀ڥʹ͓͍ͯ͸

    ਏ͍͜ͱ͕ଟ͍ ˓ *".ϙϦγʔઃܭ ˓ ଐੑ λά ͷӡ༻ ˔ ·ͣ͸"84ΞΧ΢ϯτ෼཭ͰରԠͰ͖ͳ͍͔ɺݕ౼͍ͨ͠ "84ʹ͓͚Δ"#"$ͷخ͠͞ɺਏ͞ΛޠΓ·ͨ͠ ",*#""84c%FWFMPQFST*0 IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBLJCBBXTJBNBCBD

  6. ॻ͍ͨഎܠ *".ઃܭͷ͝ࢧԉΛաڈʹ࣮ࢪ ͭͷ"84ΞΧ΢ϯτ಺ʹڞ௨తʹར༻͢ΔαʔϏε͕༗Γɺ ෳ਺ϓϩδΣΫτ͕ࠞࡏ͍ͯ͠Δ؀ڥ ޓ͍ʹผϓϩδΣΫτͷϦιʔεʹׯবͰ͖ͳ͍Α͏ʹ͍ͨ͠ ˠ"#"$Λ࢖͑ͳ͍͔ʁ ͍Ζ͍Ζͱઃܭɾ࣮૷ͨ݁͠Ռɺྑ͍ͱ͜Ζ΋͋Γͳ͕Βɺ ʮਏ͍ͱ͜Ζ🌶ʯ ΋୔ࢁ͋ͬͨ ͦͷ಺༰Λڞ༗ͨ͠΋ͷ

    "84ʹ͓͚Δ"#"$ͷخ͠͞ɺਏ͞ΛޠΓ·ͨ͠ ",*#""84c%FWFMPQFST*0 IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBLJCBBXTJBNBCBD

  7. 3#"$Λͬ͘͟Γͱ࠶આ໌

  8. *".ϙϦγʔઃܭ OPU3#"$

  9. *".ϙϦγʔઃܭ 3#"$

  10. 3#"$ͱ͸ ˔ 3PMF#BTFE"DDFTT$POUSPM ໾ׂϕʔεͷΞΫηε੍ޚ ˔ ϓϦϯγύϧͷ໾ׂ 3PMF ʹج͍ͮͯϙϦγʔઃܭΛߦ͏

  11. 3#"$ͷಛ௃ ˔ ώτͱݖݶ ϙϦγʔ ͷؒʹ ໾ׂΛڬΉ ˔ ݖݶ ϙϦγʔ ͕ώτʹࠨӈ͞Εͳ͍

    ˔ *".ϙϦγʔઃܭͷ࠷΋جຊ ˔ ઃܭӡ༻͕γϯϓϧɺ෼͔Γ΍͍͢ ˓ ໾ׂΛચ͍ग़͢ ˓ ໾ׂʹରԠ͢ΔϙϦγʔΛઃܭ͢Δ ˓ ໾ׂͱϢʔβʔΛඥ෇͚Δ

  12. "#"$Λͬ͘͟Γͱ࠶આ໌

  13. ˛ൺֱ

  14. "#"$ͱ͸ ˔ "UUSJCVUF#BTFE"DDFTT$POUSPM ଐੑϕʔεͷΞΫηε੍ޚ ˔ ϓϦϯγύϧͷଐੑʹج͍ͮͯϙϦγʔઃܭΛߦ͏

  15. "#"$ͷಛ௃ ˔ ϓϦϯγύϧ ΞΫηεઌϦιʔε ʹଐੑΛ෇༩͢Δ ˔ ؅ཧ͢ΔϙϦγʔ਺͕গͳ͘ͳΔ ˔ ϓϩδΣΫτ΍νʔϜ਺ͷεέʔϧʹڧ͍ ˓

    3#"$͸ʮώτʯʹࠨӈ͞Εͳ͍ ➔ "#"$͸ʮ໾ׂʯʹࠨӈ͞Εͳ͍ ˔ ͖Ίࡉ͔ͳΞΫηε੍ޚΛ࣮ݱͰ͖Δ ˓ ෳ਺ͷଐੑΛ෇༩ͯ͠ɺΑΓॊೈ ෳࡶ ͳ੍ޚ΋Մೳ

  16. "84ͷ"#"$ "84ͷ"#"$͸ʰλάʱΛ׆༻

  17. "#"$PO"84ͷਏΈΛ ͬ͘͟Γͱ࠶આ໌

  18. "#"$PO"84ͷਏ͍ͱ͜Ζ ˔ ϙϦγʔઃܭ͕ਏ͍ ਏ͞🌶 ˓ ΑΓҰ૚"84υΩϡϝϯτΛಡΈࠐΉ ˓ ͦ΋ͦ΋ "#"$ʹରԠ͍ͯ͠ͳ͍αʔϏε͕͋Δ ˓

    $POEJUJPOઃܭͰপʹϋϚΓ͕ͪ ˠ࣍ͰϐοΫΞοϓ ˔ λάӡ༻͕ਏ͍ ਏ͞🌶🌶🌶 ˓ ʮλά͸ࣗ༝౓͕ߴ͗͢ΔʯͷͰ੍ޚ͕େม ˓ ܧଓతͳλά؂ࢹ͕ඞਢ

  19. l*".$POEJUJPOઃܭͷপz ྫ AWS IAMポリシーのConditionを書くときの勘所 #devio2022 | DevelopersIO IUUQTEFWDMBTTNFUIPEKQBSUJDMFTEFWJPJBNDPOEJUJPO

  20. l*".$POEJUJPOઃܭͷপz ྫ AWS IAMポリシーのConditionを書くときの勘所 #devio2022 | DevelopersIO IUUQTEFWDMBTTNFUIPEKQBSUJDMFTEFWJPJBNDPOEJUJPO

  21. վΊͯϒϩάͷαϚϦʔΛ࠶ܝ ˔ "#"$͸ 3#"$ͷ՝୊Λղܾ͢Δखஈ ˓ ϓϩδΣΫτ΍νʔϜ਺ͷεέʔϧʹڧ͍ ˓ ͖Ίࡉ͔ͳΞΫηε੍ޚ ˔ Ͱ΋"84؀ڥʹ͓͍ͯ͸

    ਏ͍͜ͱ͕ଟ͍ ˓ *".ϙϦγʔઃܭ ˓ ଐੑ λά ͷӡ༻ ˔ ·ͣ͸"84ΞΧ΢ϯτ෼཭ͰରԠͰ͖ͳ͍͔ɺݕ౼͍ͨ͠ "84ʹ͓͚Δ"#"$ͷخ͠͞ɺਏ͞ΛޠΓ·ͨ͠ ",*#""84c%FWFMPQFST*0 IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBLJCBBXTJBNBCBD

  22. ิ଍

  23. ཧ૝͸ʮجຊ3#"$ νϣοτμέ"#"$ʯ ˔ େ࿮ͷݖݶઃܭ͸ 3#"$ Λϕʔεʹ͢Δ ˔ ہॴతͳࡉ੍͔͍ޚΛ "#"$ Ͱ࣮૷͢Δ

    ˔ lνϣοτμέz ͷྫ ˓ ಛఆλά͕෇͍ͨ&$ΠϯελϯεͷΈىಈɾఀࢭͰ͖ΔΑ͏ʹ͢Δ ˓ ಛఆλά͕෇͍ͨ4FDSFUTͷΈಡΈऔΕΔ ˓ ಛఆλά͕෇͍ͨ-BNCEBؔ਺ͷΈىಈͰ͖Δ ˓ 

  24. "#"$ؔ܎ͳ͍࿩ ಡऔઐ༻ΞΫηεΛ༻ҙͯ͠·͔͢ʁ ؅ཧऀ͸ߋ৽࡞ۀ༻ͷΞΫηεͱಡऔઐ༻ͷΞΫηεΛఏڙͯ͋͛͠Α͏ ར༻ऀ͸ߋ৽͢Δͱ͖Ҏ֎͸ɺ ಡऔ༻ͷΞΫηεͰ"84؀ڥʹೖΔΑ͏ʹ৺͕͚Α͏ ʮ࢓૊Έ 3#"$΍"#"$ ʯͱʮݸʑਓͷηΩϡϦςΟҙࣝʯͷ྆ํ͔Β࠷খݖݶΛ࣮ݱ͠Α͏

  25. 25