Upgrade to Pro — share decks privately, control downloads, hide ads and more …

アプリケーションログをs3に転送するとき個人情報気をつけてますか?

Naka Sho
March 14, 2025
76

 アプリケーションログをs3に転送するとき個人情報気をつけてますか?

Naka Sho

March 14, 2025
Tweet

Transcript

  1. はじめに 本日話すこと Amazon S3 Tables データレイクのスケーリングに合わせてクエリのパフォーマンスとコストを最適化 Amazon S3 Tables は、Apache

    Iceberg サポートが組み込まれた初めてのクラウドオブジェ クトストアを提供し、表形式データの大規模な保存を効率的に行えるようにします。
  2. 目次 Spring Boot + fluentbitを使ってS3に転送する構成 01 02 03 04 Spring

    Bootでマスキング fluentbitでマスキング まとめ
  3. FireLens 2か月 無制限 S3のほうがコストが 安い&gzipで保存& athenaでクエリライ クにログ検索 Spring Boot +

    fluentbitを使ってS3に転送する構成 障害対応用 緊急で必要あるログ 概要
  4. Spring Boot + fluentbitを使ってS3に転送する構成 fluent-bit設定 [OUTPUT] Name s3 Match springboot.*

    Bucket fluent-bit-logs Region us-east-1 Endpoint http://minio:9000 S3_Key_Format /logs/springboot/%Y-%m-%d/%H-%M-%S-$UUID.log Store_dir /tmp/fluent-bit/s3 Use_put_object On compression gzip Auto_Retry_Requests true
  5. これはダメでしょう!!! Spring Boot + fluentbitを使ってS3に転送する構成 中身 INFO Method: UserController.register(..) |

    Request: {"username":"john_doe","password":"1234"} INFO Method: UserController.register(..) | Response: {"message":"User registered successfully"} INFO Method: UserController.register(..) | Request: {"username":"john_doe","password":"1234"} INFO Method: UserController.register(..) | Response: {"message":"User registered successfully"} INFO Method: UserController.register(..) | Request: {"username":"john_doe","password":"1234"} INFO Method: UserController.register(..) | Response: {"message":"User registered successfully"} INFO Method: UserController.register(..) | Request: {"username":"john_doe","password":"1234"} INFO Method: UserController.register(..) | Response: {"message":"User registered successfully"}
  6. Spring Bootでマスキング AOP public class LoggingAspect { private static final

    Logger logger = LoggerFactory.getLogger(LoggingAspect.class); private final ObjectMapper objectMapper = new ObjectMapper(); @Around("execution(* com.example..*.*(..))") public Object logAndMask(ProceedingJoinPoint joinPoint) throws Throwable { Object[] args = joinPoint.getArgs(); String maskedArgs = maskSensitiveData(args); logger.info("Method: {} | Request: {}", joinPoint.getSignature().toShortString(), maskedArgs); return joinPoint.proceed(); }
  7. Spring Bootでマスキング AOP private String maskSensitiveData(Object data) { if (data

    == null) return "null"; try { String json = objectMapper.writeValueAsString(data); ObjectNode jsonNode = (ObjectNode) objectMapper.readTree(json); if (jsonNode.has("password")) { jsonNode.put("password", "****"); } return objectMapper.writeValueAsString(jsonNode); } catch (JsonProcessingException e) { return data.toString(); } }
  8. Spring Bootでマスキング 中身 INFO Method: UserController.register(..) | Request: {"username":"john_doe","password":"****"} INFO

    Method: UserController.register(..) | Response: {"message":"User registered successfully"} INFO Method: UserController.register(..) | Request: {"username":"john_doe","password":"****"} INFO Method: UserController.register(..) | Response: {"message":"User registered successfully"} INFO Method: UserController.register(..) | Request: {"username":"john_doe","password":"****"} INFO Method: UserController.register(..) | Response: {"message":"User registered successfully"} INFO Method: UserController.register(..) | Request: {"username":"john_doe","password":"****"} INFO Method: UserController.register(..) | Response: {"message":"User registered successfully"}
  9. fluentbitでマスキング Lua スクリプトを使用してマスキング function mask_sensitive_data(tag, timestamp, record) -- マスキング対象のキー local

    keys_to_mask = {"password"} for _, key in ipairs(keys_to_mask) do if record[key] ~= nil then record[key] = "****" end end return 1, timestamp, record end
  10. Spring Bootでマスキング 中身 INFO Method: UserController.register(..) | Request: {"username":"john_doe","password":"****"} INFO

    Method: UserController.register(..) | Response: {"message":"User registered successfully"} INFO Method: UserController.register(..) | Request: {"username":"john_doe","password":"****"} INFO Method: UserController.register(..) | Response: {"message":"User registered successfully"} INFO Method: UserController.register(..) | Request: {"username":"john_doe","password":"****"} INFO Method: UserController.register(..) | Response: {"message":"User registered successfully"} INFO Method: UserController.register(..) | Request: {"username":"john_doe","password":"****"} INFO Method: UserController.register(..) | Response: {"message":"User registered successfully"}