Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
CloudFormation StackSets with AWS Organizations
Search
Takuro SASAKI
August 25, 2020
Technology
3
5.6k
CloudFormation StackSets with AWS Organizations
JAWS-UG朝会で発表した"CloudFormation StackSets × AWS Organizationsで設定の自動化"の発表資料です
Takuro SASAKI
August 25, 2020
Tweet
Share
More Decks by Takuro SASAKI
See All by Takuro SASAKI
技術書を書く技術 JAWS DAYS 2024
takuros
16
4.9k
パフォーマンスとコスト制約から考えるアーキテクチャ設計(JAWSUG東京ランチLT会#4)
takuros
2
1k
Storage-JAWS第0回 昔話で振り返るAWSの歴史 ~ストレージ編~
takuros
1
3.5k
エンジニアとしての自分とマネージャーとしての自分の狭間で、どう成長していくのか?(AWS DevDay 2023登壇資料)
takuros
30
13k
AWSで作るデータ分析基盤サービスの選定と設計のポイント
takuros
4
5.6k
JAWSUG初心者支部 IAMの「あ」の話
takuros
4
8.4k
Security-JAWS-Speciality-Study
takuros
0
5.3k
AWS認定セキュリティ - 専門知識 AWSのサービスを使って楽してセキュリティ向上!!
takuros
5
5k
AWSアカウントのセキュリティを守る IAM編
takuros
1
2.8k
Other Decks in Technology
See All in Technology
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
130
Can We Measure Developer Productivity?
ewolff
1
150
OCI 運用監視サービス 概要
oracle4engineer
PRO
0
4.8k
ISUCONに強くなるかもしれない日々の過ごしかた/Findy ISUCON 2024-11-14
fujiwara3
8
870
Application Development WG Intro at AppDeveloperCon
salaboy
0
190
強いチームと開発生産性
onk
PRO
35
11k
個人でもIAM Identity Centerを使おう!(アクセス管理編)
ryder472
4
220
RubyのWebアプリケーションを50倍速くする方法 / How to Make a Ruby Web Application 50 Times Faster
hogelog
3
940
Shopifyアプリ開発における Shopifyの機能活用
sonatard
4
250
オープンソースAIとは何か? --「オープンソースAIの定義 v1.0」詳細解説
shujisado
9
1k
インフラとバックエンドとフロントエンドをくまなく調べて遅いアプリを早くした件
tubone24
1
430
New Relicを活用したSREの最初のステップ / NRUG OKINAWA VOL.3
isaoshimizu
2
610
Featured
See All Featured
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
890
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
16
2.1k
Raft: Consensus for Rubyists
vanstee
136
6.6k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
370
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
We Have a Design System, Now What?
morganepeng
50
7.2k
[RailsConf 2023] Rails as a piece of cake
palkan
52
4.9k
Being A Developer After 40
akosma
87
590k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
720
Transcript
$MPVE'PSNBUJPO4UBDL4FUTº "840SHBOJ[BUJPOTͰ ઃఆͷࣗಈԽ /3*ωοτίϜגࣜձࣾɹ ࠤʑ +"846(ேձୈճ #jawsug_asa
ࠤʑ CMPHIUUQTCMPHUBLVSPTOFU 5XJUUFS!ELGK ࣗݾհ #jawsug_asa
+BQBO"1/"NCBTTBEPS બग़͞Ε·ͨ͠ ࣗݾհ #jawsug_asa
ೝఆηΩϡϦςΟࢼݧͷରࡦຊ ཁཧ͔Β߈ུ͢Δ ʰ"84ೝఆηΩϡϦςΟઐࣝʱ IUUQTBN[OUP1,4D( "84ೝఆηΩϡϦςΟઐࣝͷษڧͷํͱ "84ͷηΩϡϦςΟͷΨΠυϒοΫͱͯࣥ͠චʢͨͭ͠Γʣ #jawsug_asa
ࠓ͢༰ "84ͷΞΧϯτηΩϡϦςΟ "84ͷηΩϡϦςΟαʔϏε $MPVE'PSNBUJPO4UBDL4FUTͱ"840SHBOJ[BUJPOT #jawsug_asa
ຊͷΰʔϧ "840SHBOJ[BUJPOTͱ $MPVE'PSNBUJPO4UBDL4FUTΛࣗͰͬͯΈΑ͏ 㱺ࣗͰखΛಈ͔͢ͷେࣄʂʂ #jawsug_asa
"84ͱηΩϡϦςΟ ͍Ζ͍ΖΔ͜ͱ͕ଟͯ͘ɺ ͍͜͠ͱࢥͬͨ͜ͱ͋Γ·ͤΜ͔ શମ૾ΛѲ͢ΔͨΊʹɺͬ͘͟Γͱ ྨͯ͠Έ·͠ΐ͏ #jawsug_asa
"84ͱηΩϡϦςΟ "84ͷηΩϡϦςΟ̏ͭͷ࣠Ͱߟ͑Δ ᶃ"84ʹߏஙͨ͠ωοτϫʔΫͱαʔόʔͷηΩϡϦςΟ ᶄ"84ૢ࡞ʹؔ͢Δݖݶʢ*".ʣ ᶅηΩϡϦςΟΛҡ࣋ཧ͢ΔͨΊͷ"84αʔϏε AWS Management Console Role VPC
AWS Cloud Subnet Internet gateway Amazon Simple Storage Service (S3) VPN gateway Endpoints User ૢ࡞ݖݶ Instance Instance Instance AWS Lambda Role ᶄ ᶃ AWS Command Line Interface AWS Config AWS Systems Manager AWS Service Catalog AWS Trusted Advisor AWS CloudTrail ᶅ ηΩϡϦςΟΛҡ࣋ ཧ͢ΔαʔϏε #jawsug_asa
ᶃ"84ʹߏஙͨ͠ωοτϫʔΫͱ αʔόʔͷηΩϡϦςΟ ڞ༗Ϟσϧͷͷ෦ ઃܭͷߟ͑ํΦϯϓϨͱେ͖͘ҧΘͳ͍͕ɺઃఆͷ ํ"84ͷྲّྀʹै͏ඞཁ͕͋Δ IUUQTBXTBNB[PODPNKQDPNQMJBODFTIBSFESFTQPOTJCJMJUZNPEFM #jawsug_asa
ᶄ"84ͷૢ࡞ʹؔ͢Δݖݶʢ*".ʣ "84ͷηΩϡϦςΟͷத֩ͷҰͭ ͲΜͳʹωοτϫʔΫαʔόʔͷηΩϡϦςΟΛڧݻʹ ͍ͯͯ͠ɺ"84Λૢ࡞͞ΕΔͱ͕݀։͚ΒΕΔ "84ͷബ͍ຊɹ*".ͷϚχΞοΫͳ IUUQTCPPUIQNKBJUFNT #jawsug_asa
ᶅηΩϡϦςΟΛҡ࣋ཧ͢Δ ɹͨΊͷ"84αʔϏε "84ಠࣗͷ෦ ར༻͠ͳͯ͘γεςϜΛηΩϡΞͳঢ়ଶΛҡ࣋Ͱ͖Δ͕ɺ ্ख͘׆༻͢ΔͱࣗྗͰΔΑΓഒָʹͳΔ "84ͷബ͍ຊᶘΞΧϯτηΩϡϦςΟͷϕʔγοΫηΦϦʔ IUUQTCPPUIQNKBJUFNT #jawsug_asa
ηΩϡϦςΟΛҡ࣋͢ΔͨΊͷ "84αʔϏε
ΨʔυϨʔϧͱ͍͏"84ͷઃܭࢥ ηΩϡϦςΟҰઃఆ͓ͯ͠ऴ͍Ͱͳ͍ɻ ڥશମʹܧଓతͳΨόφϯεΛఏڙ͢Δҝͷϧʔϧ͕ඞཁɻ"84 རศੑΛอͪͳ͕Βɺαϙʔτ͢ΔαʔϏεΛఏڙ͍ͯ͠Δ ᶃ༧ɹʜɹ*".4$1Ͱېࢭࣄ߲ͷૢ࡞ࣄ߲Λग़དྷͳ͘͢Δ͜ͱ ᶄݕɹʜɹېࢭࣄ߲ͷૢ࡞͕͞ΕͨΒؾ͕͚Δঢ়ଶʹ͢Δ͜ͱ ΨʔυϨʔϧ ؔॴ #jawsug_asa
$MPVE5SBJM AWS Management Console User AWS Command Line Interface AWS
CloudTrail Amazon Simple Storage Service (S3) Amazon CloudWatch "84Ϧιʔεͷૢ࡞ཤྺΛهɾ௨ ᶃϚωδϝϯτίϯιʔϧͱ"1*ͷૢ࡞ཤྺΛ4ʹอଘ ᶄ$MPVE8BUDI-PHTΛར༻ͯ͠4/4ܦ༝Ͱ௨Մೳ AWSϦιʔε #jawsug_asa
$POpH ఆˍΠϕϯτൃੜ࣌ʹ"84ͷঢ়ଶΛه ᶃ"84ͷঢ়ଶΛه͠ཧ͢ΔαʔϏε ᶄ$POpH3VMFTΛར༻͢Δ͜ͱʹΑΓɺ͋Δ͖ঢ়ଶ͔Β֎Ε ͨ͜ͱΛݕ͢Δ͜ͱ͕Ͱ͖Δ AWS Config User AWSϦιʔε ͷߏมߋ
ߏཧɾه ͷอଘ มߋޙͷߏͷ ධՁ ʢConfig Rulesʣ Amazon Simple Notification Service #jawsug_asa
(VBSE%VUZ ڴҖͷݕग़ ᶃηΩϡϦςΟ؍͔ΒͷڴҖϦεΫΛݕग़ ᶄϩάσʔλʢ71$'MPX-PHT $MPVE5SBJM&WFOU-PHT %/4-PHTʣΛੳ ᶅڴҖΛ"*ʹΑΓΠϯςϦδΣϯεʹݕग़ ѱҙͷ͋ΔεΩϟϯ ΠϯελϯεͷڴҖ ΞΧϯτͷڴҖ
Amazon GuardDuty Flow logs Event Logs DNS Logs ϩά ڴҖͷஅ Amazon Simple Notification Service Amazon CloudWatch Events ௨ #jawsug_asa
4FDVSJUZ)VC https://aws.amazon.com/jp/security-hub/ ηΩϡϦςΟΞϥʔτΛҰݩཧ ᶃ(VBSE%VUZ .BDJF *OTQFDUPSͷΞϥʔτΛ౷߹ͯ͠ཧ ᶄ֤छϩάΛݩʹίϯϓϥΠΞϯενΣοΫ ᶅαʔυύʔςΟπʔϧͱͷ࿈ܞɾෳ"84ΞΧϯτͷ౷߹ Մೳ #jawsug_asa
5SVTUFE"EWJTPS "84ͷར༻ঢ়گΛධՁ ᶃ̑ͭͷ؍ʢίετ࠷దԽɾύϑΥʔϚϯεɾηΩϡϦςΟɾ ϑΥʔϧττϨϥϯεɾαʔϏε੍ݶʣͰධՁ ᶄσϑΥϧτͰద༻͞Ε͍ͯΔͷͰɺҰݟͯΈΔ͜ͱ ᶅ௨ʢ&ϝʔϧͷΈʣՄೳ #jawsug_asa
$POUSPM5PXFS https://aws.amazon.com/jp/controltower/ ෳΞΧϯτͷηΩϡϦςΟઃఆͱࢹ ᶃ"84ͷϕετϓϥΫςΟεΛΓࠐΜͩઃఆͰɺ"84ΞΧ ϯτͷߏங ᶄΞΧϯτͷϙϦγʔΛܧଓతʹཧͱՄࢹԽ ᶅطଘͷΞΧϯτΛ$POUSPM5PXFSʹొ͢Δͷා͍ #jawsug_asa
ηΩϡϦςΟͷઃܭͷࢦ
/*45αΠόʔηΩϡϦςΟϑϨʔϜϫʔΫ ྨ ΧςΰϦʔ ಛఆ ʢ*EFOUJGZʣ ɾࢿ࢈ཧ ɾϏδωεڥ ɾΨόφϯε ɾϦεΫΞηεϝϯτɺϦεΫΞηεϝϯτཧ ɾαϓϥΠνΣʔϯϦεΫϚωδϝϯτ
ޚ ʢ1SPUFDUʣ ɾΞΫηε੍ޚ ɾҙ্͓ࣝΑͼτϨʔχϯά ɾσʔληΩϡϦςΟ ɾใΛอޢ͢ΔͨΊͷϓϩηε͓Αͼखॱ ɾอक ɾอޢٕज़ ݕ ʢ%FUFDUʣ ɾҟৗͱΠϕϯτ ɾηΩϡϦςΟͷܧଓతͳϞχλϦϯά ɾݕϓϩηε ରԠ ʢ3FTQPOEʣ ɾରԠܭըͷ࡞ ɾίϛϡχέʔγϣϯ ɾੳ ɾݮ ෮چ ʢ3FDPWFSʣ ɾ෮چܭըͷ࡞ ɾվળ ɾίϛχέʔγϣϯ IPA CSFίΞ https://www.ipa.go.jp/files/000071204.pdf
"848FMM"SDIJUFDUFEϑϨʔϜϫʔΫ ப ઃܭݪଇ ӡ༻্ͷ ༏लੑ ɾӡ༻Λίʔυͱͯ͠ӡ༻ ɾఆظతʹɺখنͳɺݩʹ͢͜ͱ͕Ͱ͖ΔมߋΛద༻͢Δ ɾӡ༻खॱΛఆظతʹվળ͢Δ ɾোΛ༧͢Δ ɾ͋ΒΏΔӡ༻্ͷো͔ΒֶͿ
ηΩϡϦςΟ ɾڧݻͳೝূج൫ͷ࣮ ɾτϨαϏϦςΟʔͷ࣮ݱ ɾશϨΠϠʔͷηΩϡϦςΟͷద༻ ɾηΩϡϦςΟͷϕετϓϥΫςΟεͷࣗಈԽ ɾૹத͓Αͼอதͷσʔλอޢ ɾσʔλʹਓͷखΛೖΕͳ͍ ɾηΩϡϦςΟΠϕϯτͷඋ͑ ৴པੑ ɾো͔Βࣗಈతʹ෮چ͢Δ ɾ෮چखॱΛςετ͢Δ ɾਫฏํʹεέʔϧͯ͠ू߹తͳϫʔΫϩʔυͷՄ༻ੑΛߴΊΔ ɾΩϟύγςΟʔΛײʹཔΒͳ͍ ɾࣗಈԽͰมߋΛཧ͢Δ ύϑΥʔϚϯεޮ ɾߴͳςΫϊϩδʔΛ୭Ͱ͑ΔΑ͏ʹ͢Δ ɾ͢Ͱάϩʔόϧʹల։͢Δ ɾαʔόʔϨεΞʔΩςΫνϟΛ༷͢Δ ɾΑΓසൟʹ࣮ݧ͢Δ ɾϝΧχΧϧγϯύγʔΛߟྀ͢Δ ίετ࠷దԽ ɾΫϥυͷࡒཧͷӡ༻ ɾফඅϞσϧΛಋೖ͢Δ ɾશମతͳޮΛଌఆ͢Δ ɾඅ༻Λੳ͠ɺؼ݁ͤ͞Δ AWS Well-Architected ϑϨʔϜϫʔΫ https://aws.amazon.com/jp/architecture/well-architected/
"84ͷηΩϡϦςΟαʔϏεΛ ׆༻ྫ
ϑϨʔϜϫʔΫʹͯΊͯΈΔͱʁ Lambda Systems Manager Automation CloudFormation Organizations SCP IAM SNS
Config CloudWatch Inspector Macie GuardDuty Shield Firewall Manager WAF VPC ༧ ޚ ݕ ରԠ ෮چ ௨ ࣗಈԽ Lambda CloudWatch ௐࠪ CloudWatch CloudTrail ౷߹ Security Hub #jawsug_asa
ΞʔΩςΫνϟʔผʹݟͯΈΔͱ Shield WAF CloudFront ELB ߈ܸରࡦ ରϦιʔε NACL Security Group
ωοτϫʔΫޚ ରϦιʔε ELB EC2 RDS KMS σʔλอޢ ରϦιʔε EC2 RDS S3 %%P4߈ܸ ΞϓϦέʔγϣϯ ߈ܸ ෆਖ਼ ωοτϫʔΫ ΞΫηε ෆਖ਼ ɹσʔλΞΫηε Inspector Systems Manager αʔόʔཧ Security Hub CloudTrail CloudWatch GuardDuty Config VPC Flow logs ՄࢹԽɾϞχλϦϯά ௨ ௨ SNS ௨ ӡ༻୲ ࢹ ɾશϨΠϠʔͷηΩϡϦςΟͷద༻ ɾτϨαϏϦςΟʔͷ࣮ݱ #jawsug_asa
γεςϜͷϨΠϠʔผʹͯΊΔͱ Ϛωδϝϯτ ίϯιʔϧ 71$Ծઐ༗ྖҬ &$04ྖҬ ϩʔΧϧσΟεΫ 3%4σʔλϕʔε 4ετϨʔδ $MPVE8BUDIࢹ %JSFDU$POOFDU/8
ηΩϡϦςΟͷରԠྫʢޚʣ ݕͷରԠྫ (VBSE%VUZ $POUSPM5PXFS 4FDVSJUZ)VC 'JSFXBMM.BOBHFS .BDJF 5SVTUFE"EWJTPS ɾ"84ΞΧϯτɿར༻੍ݶ ɾ*".Ϣʔβɿૢ࡞ݖݶͱଓݩ੍ݶ ɹར༻ՄೳϦιʔεʹର͢ΔΞΫηείϯτϩʔϧɺଟཁૉೝূͷಋೖ ɾຊ൪ڥɺ։ൃڥͱ͍ͬͨڥ୯ҐͰ71$ͷ ɾαϒωοτ୯ҐͰͷ௨৴੍ޚɺϧʔςΟϯάઃఆ ɾ71$ϑϩʔϩάͷऔಘ ɾ4FDVSJUZ(SPVQʹΑΔαʔόؒ௨৴੍ޚ ɾ4ZTUFNT.BOBHFSΛར༻ͯ͠ͷɺαʔόঢ়ଶͷѲͱҰׅύονͯ ɾαʔόͷϩάΠϯཧͷΈͱɺϩάूͷΈͷಋೖ ɾ҉߸ԽΦϓγϣϯʹΑΔσΟεΫશମͷ҉߸Խ $MPVE5SBJMʹΑΔ "84ૢ࡞ཤྺ τϥϑΟοΫϩά ֤छΞϓϦέʔγϣϯϩά 04ϩάΠϯཤྺ %#ࠪϩά "84αʔϏε֤छʹΑΔ ϩάɾΞϥʔτ ݕࠪ͢Δ͖ϩά ɾઐ༻ઢʢ%9ʣ71/Λར༻ͨ͠ܦ࿏҆શͷ֬อ ɾ5SBOTJU(BUFXBZΛར༻ͨ͠71$ɾܦ࿏ͷཧ ɾܦ࿏ͷԽʹΑΔࣄۀܧଓੑͷ֬อ ɾDBMSͷػೳʹΑΔςʔϒϧશମʢදྖҬʣͷ҉߸Խ ɾDBʹର͢ΔΞΫηεݖݶͷཧ ɾ҉߸ԽΦϓγϣϯʹΑΔετϨʔδશମͷ҉߸Խ ɾΫϥΠΞϯταΠυ҉߸ԽΩʔʹΑΓσʔλΛอޢ ɾCloudWatchʹΑΔAWSͷࢹͱɺӡ༻ࢹιϑτΣΞΛར༻ͨ͠αʔ ϏεɺΞϓϦέʔγϣϯࢹͷซ༻ *OTQFDUPS "84ͷར༻ঢ়گͷࠪ "84ΞΧϯτͷઃఆͱΨόφϯε ηΩϡϦςΟʔΞϥʔτͷूͱݕɾରԠ "84ͷෆਖ਼ར༻ͷݕ 04ɺΞϓϦͷηΩϡϦςΟධՁ 'JSFXBMMͷҰݩཧͱݕɾରԠ 4ͷػີใͷݕग़ɺྨɺอޢ 0SHBOJ[BUJPOT #jawsug_asa
༧త౷੍ͱൃݟత౷੍ ηΩϡϦςΟͷϕετϓϥΫςΟεͷҰͭ 0SHBOJ[BUJPO6OJU Automation AWS Systems Manager AWS Config Rule
ઃఆෆඋΛ ݕ म෮ࢦࣔ ༧త౷੍ ൃݟత౷੍ SCP AWS Organizations SCPΛར༻ͯ͠ ΞΧϯτશମʹ ېࢭࣄ߲ͷઃఆ AWSΞΧϯτ IAM User ྫʣ SPPUϢʔβʔͷΞΫηεΩʔͷ ࡞Λېࢭ͢Δ ྫʣ *".Ϣʔβʔͷ.'"͕༗ޮʹ ͳ͍ͬͯΔ͔νΣοΫ͢Δ Ұ࣌తʹ IAMϢʔβʔͷ ແޮԽ #jawsug_asa
αʔϏεΛ্ख͘׆༻͢Δͱ ӡ༻ָ͕ʹͳΔ
ηΩϡϦςΟͷઃఆΛखಈͰઃఆ͢Δͱʁ ̍ʙ̎ݸͩͱରԠՄೳ͕ͩɺΞΧϯτ ͕ݸ͋ͬͨͱͨ͠Βʁ ਓ͕ؒखͰΔͱϛεൈ͚࿙Ε͕ൃੜ͢Δɻ ͦΕҎલʹ໘͍͘͞ #jawsug_asa
"840SHBOJ[BUJPOTͷ׆༻
"840SHBOJ[BUJPOTͷ༻ޠ #jawsug_asa ཁૉ໊ ֓ཁ ৫ "840SHBOJ[BUJPOTͰཧ͢Δରͷશମ ࢀՃ͢Δ"84ΞΧϯτશͯ Ϛελʔ ΞΧϯτ "840SHBOJ[BUJPOTΛઃఆͨ͠"84ΞΧϯτ
ʢ৫ʹ̍ͭͷΈʣ ϝϯόʔ ΞΧϯτ ৫ͷϚελʔΞΧϯτҎ֎ͷશͯͷ"84ΞΧ ϯτ ৫୯Ґ ʢ06 ৫ͷཧతͳάϧʔϓ ཧ༻ϧʔτ ʢSPPUʣ ৫ͷ֊ͷ࠷্Ґ αʔϏείϯτϩ ʔϧϙϦγʔ ར༻Ͱ͖Δ"84αʔϏεͷ੍ޚΛهड़ͨ͠ϙϦγʔ
0SHBOJ[BUJPOTͷ֊ߏ Account Account Account Organizational unit Organizational unit 3PPU Account
RootԼʹ ΞΧϯτͷ ஔՄೳ ʢඇਪʣ OUͷ֊ߏ ઃఆՄೳ #jawsug_asa ৫୯Ґʢ06ʣͰཧ͞Εɺ্Ґͷઃఆ ԼҐʹܧঝ͞ΕΔ
αʔϏείϯτϩʔϧϙϦγʔʢ4$1ʣ 4$1Λ͏ͱ"84ΞΧϯτ୯ҐͰͷݖݶ੍ޚ͕Մೳ 4FSWJDF$POUSPM 1PMJDZʢ4$1ʣ *EFOUJUZCBTFE QPMJDZʢ*".ʣ ˓ ˓ ˓ ☓
☓ ༗ޮͳݖݶ *".ͷΈͳΒͣϧʔτΞΧϯτͷ੍ݶ Մೳʢ1FSNJTTJPOTόϯμϦʔΑΓڧྗʣ
4$1ͷ੍ޚͷܧঝ #jawsug_asa 0SHBOJ[BUJPOTͷ֊ͱݖݶͷܧঝ Account Account Account Organizational unit Organizational unit
SCP ΞΧϯτ୯Ґʹ ద༻ SCP OUશମʹ ద༻ 3PPU ΞΧϯτͰ*".ΛؤுΔΑΓɺ੍ޚ͞Εͨαϯυ ϘοΫεΞΧϯτΛ࡞Δ΄͏ָ͕͔͠Εͳ͍
$MPVE'PSNBUJPO4UBDL4FUT
$MPVE'PSNBUJPO4UBDL4FUT #jawsug_asa CloudFormation StackSets Stack ΞΧϯτAʢϝϯόʔΞΧϯτʣ ౦ژϦʔδϣϯ Stack ΦϋΠΦϦʔδϣϯ ΞΧϯτʢϚελʔΞΧϯτʣ
Stack ΞΧϯτBʢϝϯόʔΞΧϯτʣ ౦ژϦʔδϣϯ Stackͷ࡞ͱ࣮ߦ ෳͷ"84ΞΧϯτϦʔδϣϯʹର͠ $MPVE'PSNBUJPOͷελοΫΛ࡞Ͱ͖Δػೳ
0SHBOJ[BUJPOTº4UBDL4FUT #jawsug_asa AWS Account AWS Account OUʢ৫୯Ґʣ 3PPU CloudFormation StackSets
with Organizations AWS Account OUʹࢀՃ AWS Account ελοΫͷ࡞ ʢOUઃఆͷՃʣ ελοΫͷআ ʢOUઃఆͷআʣ OU͔Β 0SHBOJ[BUJPOTͱ࿈ܞͤͯ͞ɺ 06ࡿԼʹࣗಈతʹ4UBDL4FUTͷద༻ ΊͪΌͪ͘Όศར
"840SHBOJ[BUJPOT º $MPVE'PSNBUJPO4UBDL4FUT ࢼͯ͠ΈΑ͏ʂʂ
ࢧ͍ߦͬͯΔ͚Ͳʁ ࢧ͍ߦͰ"840SHBOJ[BUJPOTͷػೳ͕ ར༻Մೳͳϓϥϯ͕͋Γ·͢ /3*ωοτίϜɹʲ"840SHBOJ[BUJPOTରԠʳ "84ࢧ͍ߦαʔϏε IUUQTXXXOSJOFUDPNQSPEVDUTBXTQBZNFOU #jawsug_asa
·ͱΊ
ࠓͨ͠༰ "84ͷΞΧϯτηΩϡϦςΟ "84ͷηΩϡϦςΟαʔϏε $MPVE'PSNBUJPO4UBDL4FUTͱ"840SHBOJ[BUJPOT #jawsug_asa
ຊͷΰʔϧ "840SHBOJ[BUJPOTͱ $MPVE'PSNBUJPO4UBDL4FUTΛࣗͰͬͯΈΑ͏ 㱺ͬͯΈͨ͘ͳΓ·͔ͨ͠ʁ ɹ-FU`͂5SZʂʂ #jawsug_asa