Upgrade to Pro — share decks privately, control downloads, hide ads and more …

セキュリティ系アップデート全体像と AWS Organizations 新ポリシー「宣言型ポリ...

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for MasahiroKawahara MasahiroKawahara
December 11, 2024
Technology
1.3k
0

セキュリティ系アップデート全体像と AWS Organizations 新ポリシー「宣言型ポリシー」を紹介 / reGrowth 2024 Security

Avatar for MasahiroKawahara

MasahiroKawahara

December 11, 2024

More Decks by MasahiroKawahara

See All by MasahiroKawahara
【セミナー資料】Claude Code をセキュアに使うための考え方と設定の勘どころ / Claude Code Webinar 20260616
Avatar for MasahiroKawahara masahirokawahara
1
120
Claude Code で使える DuckDB Skills を試してみた / DuckDB Skills and Claude Code
Avatar for MasahiroKawahara masahirokawahara
2
2.5k
Claude Code を安全に使おう勉強会 / Claude Code Security Basics
Avatar for MasahiroKawahara masahirokawahara
19
46k
Claude Code Skills 勉強会 (DevelersIO向けに調整済み) / claude code skills for devio
Avatar for MasahiroKawahara masahirokawahara
1
32k
新 Security HubがついにGA!仕組みや料金を深堀り #AWSreInvent #regrowth / AWS Security Hub Advanced GA
Avatar for MasahiroKawahara masahirokawahara
1
3.9k
AWS環境のリソース調査を Claude Code で効率化 / aws investigate with cc devio2025
Avatar for MasahiroKawahara masahirokawahara
2
2.1k
ここ一年のCCoEとしてのAWSコスト最適化を振り返る / CCoE AWS Cost Optimization devio2025
Avatar for MasahiroKawahara masahirokawahara
1
2.5k
生まれ変わった AWS Security Hub (Preview) を紹介 #reInforce_osaka / reInforce New Security Hub
Avatar for MasahiroKawahara masahirokawahara
0
1.6k
Amazon DevOps Guru のベースラインを整備して1ヶ月ほど運用してみた #jawsug_asa / Amazon DevOps Guru trial
Avatar for MasahiroKawahara masahirokawahara
3
850

Other Decks in Technology

See All in Technology
小さくはじめるSLI/SLO ~育てながら組織に定着させる実践知~ / Starting Small with SLI/SLOs: Building Adoption Through Continuous Growth
Avatar for Narimichi Takamura nari_ex
7
1.9k
SONiCの統計情報を取得したい
Avatar for SONiC Users Group Japan sonic
0
100
社内 AI エージェント Synapse と セマンティックレイヤーの育て方
Avatar for Hiroaki Sano hiroakis
3
1.8k
入門!AWS Blocks
Avatar for Yosuke Suzuki ysuzuki
1
110
気づかぬうちにセキュリティ負債を生むAPIキー運用
Avatar for Michitaka Sugawara sgwrmctk
0
120
2026 TECHFRESH 畢業分享會 - AI-Native 重塑軟體工程與虛擬講師
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
930
SONiCで構築・運用する生成AI向けパブリッククラウドネットワーク ~実装編~
Avatar for SONiC Users Group Japan sonic
0
140
2026TECHFRESH畢業分享會 - 葬送的通靈師:化系統與用戶雜訊成行動訊號
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
930
"何を作るか"を任される エンジニアは、どう育つのか
Avatar for ofuji-works yutaokafuji
1
660
作って終わりにしない タイミーのセマンティックレイヤー育成の現在地
Avatar for chanyou0311 chanyou0311
4
2.3k
日本 Fintech 未来予測レポート 2027〜2028年(手動編集版)
Avatar for 8maki 8maki
0
2.2k
プロダクト開発から業務改善コンサルまで。事業全体へ「染み出す」ことで広がるエンジニアの可能性
Avatar for ham ham0215
0
120

Featured

See All Featured
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
Avatar for Tomoya Matsuura tomoyanonymous
2
850
Build The Right Thing And Hit Your Dates
Avatar for Maggie C. maggiecrowley
39
3.2k
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
25
2k
Game over? The fight for quality and originality in the time of robots
Avatar for Wayne Barker wayneb77
1
200
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1370
210k
What the history of the web can teach us about the future of AI
Avatar for Ines Montani inesmontani
PRO
1
610
Leading Effective Engineering Teams in the AI Era
Avatar for Addy Osmani addyosmani
9
2k
Put a Button on it: Removing Barriers to Going Fast.
Avatar for kastner kastner
60
4.3k
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
6
1.2k
The Cost Of JavaScript in 2023
Avatar for Addy Osmani addyosmani
55
10k
Reality Check: Gamification 10 Years Later
Avatar for Sebastian Deterding codingconduct
0
2.2k
Unlocking the hidden potential of vector embeddings in international SEO
Avatar for Frank van Dijk frankvandijk
0
840

Transcript

  1. ηΩϡϦςΟܥΞοϓσʔτͷશମ૾ 0SHBOJ[BUJPOTͷ৽ϙϦγʔΛ঺հ 

  2. SFHSPXUI@PTBLB ࣗݾ঺հ ઒ݪ੐େ LBXBIBSBNBTBIJSP ˔ $MBTTNFUIPE"84ࣄۀຊ෦ ίϯαϧςΟϯά෦ ˔ d"845PQ&OHJOFFST ˔

    SF*OWFOUݱ஍ࢀՃ ˓ ,3BDF͕૘շͰͨ͠

  3. SFHSPXUI@PTBLB ࠓ೔࿩͢͜ͱ ˔ ηΩϡϦςΟܥΞοϓσʔτΛ͓͞Β͍ ˔ "840SHBOJ[BUJPOTͷΞϓσΛ঺հ ˔ ↳ એݴܕϙϦγʔΛਂງΓ ˔

    ↳ ͜Ε͔Βͷ༧๷తΨʔυϨʔϧ

  4. ηΩϡϦςΟܥΞοϓσʔτ ͬ͘͟Γͱ͓͞Β͍

  5. SFHSPXUI@PTBLB ߋ৽ͷ͋ͬͨ"84αʔϏε ˞༧બམؚͪΉ

  6. SFHSPXUI@PTBLB ߋ৽ͷ͋ͬͨ"84αʔϏε ˞༧બམؚͪΉ <"843FTPVSDF&YQMPSFS> ɾػೳ֦ॆɻηΩϡϦςΟ΍ίετͷ৘ใΛҰݩతʹݕࡧɾ؅ཧՄೳʹ <"844ZTUFNT.BOBHFS> ɾϚϧνΞΧ΢ϯτϚϧνϦʔδϣϯͷϊʔυ೺Ѳɺ؅ཧ͕ҰݩԽ <"844FDVSJUZ-BLF> ɾ৽͍͠ύʔτφʔೝఆ "NB[PO4FDVSJUZ-BLF3FBEZ4QFDJBMJ[BUJPO͕ൃද

    ɾ0QFO4FBSDI4FSWJDFͱͷ [FSP&5-౷߹Λαϙʔτ <"84$MPVE5SBJM> ɾػೳڧԽɻแׅతͳμογϡϘʔυ௥ՃͱΫϩεΞΧ΢ϯτͰͷσʔλετΞڞ༗ ɾ"*ػೳΛ௥ՃɻࣗવݴޠͰͷΫΤϦੜ੒ͱΫΤϦ݁Ռͷཁ໿ػೳ <*"."DDFTT"OBMZ[FS> ɾະ࢖༻ΞΫηε෼ੳʹͯɺΞΧ΢ϯτ*%΍ϩʔϧλάʹΑΔείʔϓબ୒͕Մೳʹ

  7. SFHSPXUI@PTBLB ߋ৽ͷ͋ͬͨ"84αʔϏε ˞༧બམؚͪΉ <"84*".> ɾ0SHBOJ[BUJPOTͷϝϯόʔΞΧ΢ϯτͷϧʔτΞΫηε ΛҰݩ؅ཧՄೳʹ <"840SHBOJ[BUJPOT> ɾએݴܕϙϦγʔ %FDMBSBUJWFQPMJDZ ͕௥Ճ

    ɾ3$1 3FTPVSDFDPOUSPMQPMJDZ ͕௥Ճ <"84$POUSPM5PXFS> ɾએݴܕϙϦγʔΛ࢖༻ͨ͠༧๷ίϯτϩʔϧ͕௥Ճ ɾ3$1Λ࢖༻ͨ͠༧๷ίϯτϩʔϧ͕௥Ճ ɾ"84#BDLVQͱ౷߹ɻਪ঑όοΫΞοϓઃఆΛҰׅద ༻Մೳʹ

  8. SFHSPXUI@PTBLB ߋ৽ͷ͋ͬͨ"84αʔϏε ˞༧બམؚͪΉ <"NB[PO71$> ɾ71$ͷϒϩοΫύϒϦοΫΞΫηε #1" Λൃද ɾ$MPVE'SPOU͕71$ΦϦδϯʹରԠ <"84/FUXPSL'JSFXBMM> ɾ)551ɺ26*$ɺ1PTUHSF42-ͳͲͷ৽ϓϩτίϧݕ

    ग़ʹରԠ <"847FSJGJFE"DDFTT> ɾ5$1΍44)ɺ3%1ͳͲͷඇ)551 4 Ϧιʔε΁ͷθϩ τϥετΞΫηε͕Մೳʹ

  9. SFHSPXUI@PTBLB ߋ৽ͷ͋ͬͨ"84αʔϏε ˞༧બམؚͪΉ <"NB[PO(VBSE%VUZ> ɾߴ౓ͳڴҖݕग़ػೳ͕௥Ճɻෳ਺εςʔδͷ߈ܸΛࣗಈݕग़ <"844FDVSJUZ*ODJEFOU3FTQPOTF> ɾ༗ਓͰηΩϡϦςΟΠϯγσϯτʹରԠͯ͘͠ΔαʔϏε͕(" ˞࠷௿ֹ݄ྉۚ υϧ͔Β ɾ"844FDVSJUZ*ODJEFOU3FTQPOTFͷ৽͍͠ύʔτφʔϓϩάϥϜ

  10. "840SHBOJ[BUJPOTͷ ΞοϓσʔτΛ঺հ

  11. "840SHBOJ[BUJPOTΛ ͞Βͬͱ͓͞Β͍

  12. SFHSPXUI@PTBLB 0SHBOJ[BUJPOT͸ϚϧνΞΧ΢ϯτ؅ཧͰ໾ཱͭαʔϏε <ओͳಛ௃> ˔ શ"84ΞΧ΢ϯτͷ੥ٻΛू໿ ˔ "84ΞΧ΢ϯτΛ֊૚Խͯ͠؅ཧɺ੍ޚ ˔ ͞·͟·ͳ"84αʔϏεͱ࿈ܞ ը૾Ҿ༻"840SHBOJ[BUJPOTͷ֓೦ͱ༻ޠ

     "840SHBOJ[BUJPOT

  13. SFHSPXUI@PTBLB ֤छ ϙϦγʔΛ࢖ͬͯෳ਺ΞΧ΢ϯτΛ੍ޚͰ͖Δ ˔ 4$1 4FSWJDFDPOUSPMQPMJDZ ˔ λάϙϦγʔ ˔ όοΫΞοϓϙϦγʔ

    ˔  ࢖͑ΔϙϦγʔͷৄࡉ͸ҎԼΛࢀর ˠ5FSNJOPMPHZBOEDPODFQUTGPS"840SHBOJ[BUJPOT "840SHBOJ[BUJPOT

  14. "840SHBOJ[BUJPOTͷ SF*OWFOUΞοϓσʔτ

  15. SFHSPXUI@PTBLB SF*OWFOUʹͯɺͭͷ৽ϙϦγʔ͕ొ৔ʂ ˔ <OFX>3$1 3FTPVSDFDPOUSPMQPMJDZ ˔ <OFX>એݴܕϙϦγʔ %FDMBSBUJWFQPMJDZ

  16. એݴܕϙϦγʔ %FDMBSBUJWF1PMJDZ

  17. SFHSPXUI@PTBLB αʔϏεϨϕϧͰ l๬·͍͠ઃఆz Λఆٛద༻Ͱ͖Δ ˔ એݴܕϙϦγʔ͸৽͍͠ʮαʔϏεϨϕϧ ͷϙϦγʔʯ ˔ ૊৫಺ͷ"84ΞΧ΢ϯτʹ͓͍ͯɺಛఆ αʔϏεଐੑΛඪ४ԽͰ͖Δ

    ˔ ΤϥʔϝοηʔδΛΧελϚΠζՄೳ <ݱࡏαϙʔτ͍ͯ͠Δଐੑ> ˔ 71$ ˓ 71$ϒϩοΫύϒϦοΫΞΫηε ˔ &$ ˓ γϦΞϧίϯιʔϧΞΫηε ˓ ".*ϒϩοΫύϒϦοΫΞΫηε ˓ ڐՄ͞Εͨ".*ͷར༻ ˓ *.%4ͷσϑΥϧτઃఆ ˔ &#4 ˓ εφοϓγϣοτͷϒϩοΫύϒϦοΫΞΫηε

  18. SFHSPXUI@PTBLB ਺ΫϦοΫͰ؆୯ʹઃఆͰ͖Δ ը૾Ҿ༻ʲΞοϓσʔτʳ৽ͨʹൃද͞ΕͨEFDMBSBUJWFQPMJDJFTʢએݴܕϙϦγʔʣΛͨΊͯ͠Έͨ "84SF*OWFOUc%FWFMPQFST*0

  19. ͦ΋ͦ΋એݴతͬͯͳΜͩΖ͏ʁ

  20. SFHSPXUI@PTBLB ʮ݁ہԿ͕͍ͨ͠ͷ͔ʯͱ͍͏໨త͚ͩΛઆ໌͢Δ͜ͱ Ҿ༻એݴతʁ %FDMBSBUJWF Ͳ͏͍͏͜ͱʁ !)JSPZVLJ@04",* 2JJUB

  21. SFHSPXUI@PTBLB l&#4εφοϓγϣοτͷϒϩοΫύϒϦοΫΞΫηεz Λྫʹߟ͑ͯΈΔ &#4εφοϓγϣοτΛύϒϦοΫʹͨ͘͠ͳ͍Μ΍ʂ ໨త

  22. SFHSPXUI@PTBLB ʙએݴܕϙϦγʔ͕ͳ͍ͱ͖ʙ &#4εφοϓγϣοτΛύϒϦοΫʹͨ͘͠ͳ͍Μ΍ʂ ໨త ˞ͳ͍Ͱ͢ ໨తͷୡ੒ํ๏

  23. SFHSPXUI@PTBLB ʙએݴܕϙϦγʔ͕͋Δͱ͖ʙ &#4εφοϓγϣοτΛύϒϦοΫʹͨ͘͠ͳ͍Μ΍ʂ ໨త ໨తͷୡ੒ํ๏

  24. ͜Ε͔Βͷ༧๷తΨʔυϨʔϧ

  25. SFHSPXUI@PTBLB ࠓ೥ɺओཁͳ༧๷తΨʔυϨʔϧ͕Ұؾʹ૿͑ͨʂ ͜Ε·Ͱͷ<"84ͷ༧๷తΨʔυϨʔϧͱ͍͑͹> ˔ 4$1 4FSWJDFDPOUSPMQPMJDZ ͜Ε͔Βͷ<"84ͷ༧๷తΨʔυϨʔϧͱ͍͑͹> ˔ 4$1 4FSWJDFDPOUSPMQPMJDZ

    ˔ 3$1 3FTPVSDFDPOUSPMQPMJDZ ˔ એݴܕϙϦγʔ %FDMBSBUJWFQPMJDZ

  26. SFHSPXUI@PTBLB <Πϝʔδ>͜Ε·Ͱͷ༧๷తΨʔυϨʔϧ

  27. SFHSPXUI@PTBLB <Πϝʔδ>༧๷తΨʔυϨʔϧͷ͜Ε͔Β

  28. SFHSPXUI@PTBLB <Πϝʔδ>༧๷తΨʔυϨʔϧͷ͜Ε͔Β ˞3$1͕αϙʔτ͍ͯ͠ΔαʔϏε ɾ4 ɾ454 ɾ,.4 ɾ424 ɾ4FDSFUT.BOBHFS ˞એݴܕϙϦγʔͷαϙʔτൣғ ɾ71$ϒϩοΫύϒϦοΫΞΫηε

    ɾ&$γϦΞϧίϯιʔϧΞΫηε ɾ&$".*ϒϩοΫύϒϦοΫΞΫηε ɾ&$ڐՄ͞Εͨ".*ͷར༻ ɾ&$*.%4ͷσϑΥϧτઃఆ ɾ&#4εφοϓγϣοτͷϒϩοΫύϒϦοΫΞΫηε

  29. ͓ΘΓʹ

  30. SFHSPXUI@PTBLB ࿩ͨ͜͠ͱ ˔ ηΩϡϦςΟܥΞοϓσʔτΛ͓͞Β͍ ˔ "840SHBOJ[BUJPOTͷΞϓσΛ঺հ ˔ ↳ એݴܕϙϦγʔΛਂງΓ ˓

    αʔϏεϨϕϧͰʮ๬·͍͠ઃఆʯΛఆٛద༻ ˓ ਺ΫϦοΫͰ؆୯ʹઃఆͰ͖Δ ˔ ↳ ͜Ε͔Βͷ༧๷తΨʔυϨʔϧ ˓ ·ͣ͸ એݴܕϙϦγʔ<OFX>Λద༻Ͱ͖ͳ͍͔ ˓ ࣍ʹैདྷ௨Γ 4$1Λ࢖͏ ˓ ิ׬తʹ 3$1<OFX>Λ࢖͏

  31. SFHSPXUI@PTBLB ࢀߟ ˔ 4JNQMJGZHPWFSOBODFXJUIEFDMBSBUJWFQPMJDJFTc"84/FXT#MPH ˔ <Ξοϓσʔτ>"840SHBOJ[BUJPOTͰએݴܕϙϦγʔ EFDMBSBUJWFQPMJDJFT ͕ར༻Մೳʹͳ Γ·ͨ͠ "84SF*OWFOUc%FWFMPQFST*0

    ˔ ʲΞοϓσʔτʳ৽ͨʹൃද͞ΕͨEFDMBSBUJWFQPMJDJFTʢએݴܕϙϦγʔʣΛͨΊͯ͠Έͨ "84SF*OWFOUc%FWFMPQFST*0 ˔ એݴతʁ %FDMBSBUJWF Ͳ͏͍͏͜ͱʁ !)JSPZVLJ@04",* 2JJUB

  32. SFHSPXUI@PTBLB ࢀߟ • 識別 ◦ Introducing the Amazon Security Lake

    Ready Specialization - AWS ◦ Amazon OpenSearch Service zero-ETL integration with Amazon Security Lake - AWS ◦ Find security, compliance, and operating metrics in AWS Resource Explorer - AWS ◦ AWS CloudTrail Lake launches enhanced analytics and cross-account data access - AWS ◦ AWS CloudTrail Lake enhances log analysis with AI-powered features - AWS ◦ The new AWS Systems Manager experience: Simplifying node management - AWS ◦ Customize scope of IAM Access Analyzer unused access analysis - AWS • 防御 ◦ Centrally manage root access in AWS Identity and Access Management (IAM) - AWS ◦ Amazon Web Services announces declarative policies - AWS ◦ Introducing resource control policies (RCPs) to centrally restrict access to AWS resources - AWS ◦ AWS Control Tower launches managed controls using declarative policies - AWS ◦ AWS Control Tower launches configurable managed controls implemented using resource control policies - AWS ◦ AWS Control Tower adds prescriptive backup plans to landing zone capabilities - AWS ◦ AWS announces Block Public Access for Amazon Virtual Private Cloud - AWS ◦ Amazon CloudFront announces VPC origins - AWS ◦ AWS Network Firewall expands the list of supported protocols and keywords in firewall rules - AWS ◦ AWS Verified Access now supports secure access to resources over non-HTTP(S) protocols (Preview) - AWS • 検知/対応 ◦ AWS announces AWS Security Incident Response for general availability - AWS ◦ Respond and recovery more quickly with AWS Security Incident Response Partners - AWS ◦ Amazon GuardDuty introduces GuardDuty Extended Threat Detection - AWS
  33. None