Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
CloudFormation StackSets with AWS Organizations
Search
Takuro SASAKI
August 25, 2020
Technology
3
5.5k
CloudFormation StackSets with AWS Organizations
JAWS-UG朝会で発表した"CloudFormation StackSets × AWS Organizationsで設定の自動化"の発表資料です
Takuro SASAKI
August 25, 2020
Tweet
Share
More Decks by Takuro SASAKI
See All by Takuro SASAKI
技術書を書く技術 JAWS DAYS 2024
takuros
16
4.9k
パフォーマンスとコスト制約から考えるアーキテクチャ設計(JAWSUG東京ランチLT会#4)
takuros
2
1k
Storage-JAWS第0回 昔話で振り返るAWSの歴史 ~ストレージ編~
takuros
1
3.4k
エンジニアとしての自分とマネージャーとしての自分の狭間で、どう成長していくのか?(AWS DevDay 2023登壇資料)
takuros
30
13k
AWSで作るデータ分析基盤サービスの選定と設計のポイント
takuros
4
5.6k
JAWSUG初心者支部 IAMの「あ」の話
takuros
4
8.4k
Security-JAWS-Speciality-Study
takuros
0
5.3k
AWS認定セキュリティ - 専門知識 AWSのサービスを使って楽してセキュリティ向上!!
takuros
5
4.9k
AWSアカウントのセキュリティを守る IAM編
takuros
1
2.8k
Other Decks in Technology
See All in Technology
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
5
49k
プロダクト成長に対応するプラットフォーム戦略:Authleteによる共通認証基盤の移行事例 / Building an authentication platform using Authlete and AWS
kakehashi
1
150
サイロ化した金融システムを、packwerk を利用して無事故でリファクタリングした話
coincheck_recruit
3
3.6k
AWS CDKでデータリストアの運用、どのように設計する?~Aurora・EFSの実践事例を紹介~/aws-cdk-data-restore-aurora-efs
mhrtech
4
610
[AWS JAPAN 生成AIハッカソン] Dialog の紹介
yoshimi0227
0
140
VPC間の接続方法を整理してみた #自治体クラウド勉強会
non97
1
570
事業者間調整の行間を読む 調整の具体事例
sugiim
0
490
Nix入門パラダイム編
asa1984
2
200
とあるユーザー企業におけるリスクベースで考えるセキュリティ業務のお話し
4su_para
3
320
Apple/Google/Amazonの決済システムの違いを踏まえた定期購読課金システムの構築 / abema-billing-system
cyberagentdevelopers
PRO
1
210
君は隠しイベントを見つけれるか?
mujyun
0
250
Vueで Webコンポーネントを作って Reactで使う / 20241030-cloudsign-vuefes_after_night
bengo4com
4
2.5k
Featured
See All Featured
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
The Pragmatic Product Professional
lauravandoore
31
6.3k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.1k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.1k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
37
1.8k
The World Runs on Bad Software
bkeepers
PRO
65
11k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
How STYLIGHT went responsive
nonsquared
95
5.2k
How to Think Like a Performance Engineer
csswizardry
19
1.1k
GraphQLとの向き合い方2022年版
quramy
43
13k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
Transcript
$MPVE'PSNBUJPO4UBDL4FUTº "840SHBOJ[BUJPOTͰ ઃఆͷࣗಈԽ /3*ωοτίϜגࣜձࣾɹ ࠤʑ +"846(ேձୈճ #jawsug_asa
ࠤʑ CMPHIUUQTCMPHUBLVSPTOFU 5XJUUFS!ELGK ࣗݾհ #jawsug_asa
+BQBO"1/"NCBTTBEPS બग़͞Ε·ͨ͠ ࣗݾհ #jawsug_asa
ೝఆηΩϡϦςΟࢼݧͷରࡦຊ ཁཧ͔Β߈ུ͢Δ ʰ"84ೝఆηΩϡϦςΟઐࣝʱ IUUQTBN[OUP1,4D( "84ೝఆηΩϡϦςΟઐࣝͷษڧͷํͱ "84ͷηΩϡϦςΟͷΨΠυϒοΫͱͯࣥ͠චʢͨͭ͠Γʣ #jawsug_asa
ࠓ͢༰ "84ͷΞΧϯτηΩϡϦςΟ "84ͷηΩϡϦςΟαʔϏε $MPVE'PSNBUJPO4UBDL4FUTͱ"840SHBOJ[BUJPOT #jawsug_asa
ຊͷΰʔϧ "840SHBOJ[BUJPOTͱ $MPVE'PSNBUJPO4UBDL4FUTΛࣗͰͬͯΈΑ͏ 㱺ࣗͰखΛಈ͔͢ͷେࣄʂʂ #jawsug_asa
"84ͱηΩϡϦςΟ ͍Ζ͍ΖΔ͜ͱ͕ଟͯ͘ɺ ͍͜͠ͱࢥͬͨ͜ͱ͋Γ·ͤΜ͔ શମ૾ΛѲ͢ΔͨΊʹɺͬ͘͟Γͱ ྨͯ͠Έ·͠ΐ͏ #jawsug_asa
"84ͱηΩϡϦςΟ "84ͷηΩϡϦςΟ̏ͭͷ࣠Ͱߟ͑Δ ᶃ"84ʹߏஙͨ͠ωοτϫʔΫͱαʔόʔͷηΩϡϦςΟ ᶄ"84ૢ࡞ʹؔ͢Δݖݶʢ*".ʣ ᶅηΩϡϦςΟΛҡ࣋ཧ͢ΔͨΊͷ"84αʔϏε AWS Management Console Role VPC
AWS Cloud Subnet Internet gateway Amazon Simple Storage Service (S3) VPN gateway Endpoints User ૢ࡞ݖݶ Instance Instance Instance AWS Lambda Role ᶄ ᶃ AWS Command Line Interface AWS Config AWS Systems Manager AWS Service Catalog AWS Trusted Advisor AWS CloudTrail ᶅ ηΩϡϦςΟΛҡ࣋ ཧ͢ΔαʔϏε #jawsug_asa
ᶃ"84ʹߏஙͨ͠ωοτϫʔΫͱ αʔόʔͷηΩϡϦςΟ ڞ༗Ϟσϧͷͷ෦ ઃܭͷߟ͑ํΦϯϓϨͱେ͖͘ҧΘͳ͍͕ɺઃఆͷ ํ"84ͷྲّྀʹै͏ඞཁ͕͋Δ IUUQTBXTBNB[PODPNKQDPNQMJBODFTIBSFESFTQPOTJCJMJUZNPEFM #jawsug_asa
ᶄ"84ͷૢ࡞ʹؔ͢Δݖݶʢ*".ʣ "84ͷηΩϡϦςΟͷத֩ͷҰͭ ͲΜͳʹωοτϫʔΫαʔόʔͷηΩϡϦςΟΛڧݻʹ ͍ͯͯ͠ɺ"84Λૢ࡞͞ΕΔͱ͕݀։͚ΒΕΔ "84ͷബ͍ຊɹ*".ͷϚχΞοΫͳ IUUQTCPPUIQNKBJUFNT #jawsug_asa
ᶅηΩϡϦςΟΛҡ࣋ཧ͢Δ ɹͨΊͷ"84αʔϏε "84ಠࣗͷ෦ ར༻͠ͳͯ͘γεςϜΛηΩϡΞͳঢ়ଶΛҡ࣋Ͱ͖Δ͕ɺ ্ख͘׆༻͢ΔͱࣗྗͰΔΑΓഒָʹͳΔ "84ͷബ͍ຊᶘΞΧϯτηΩϡϦςΟͷϕʔγοΫηΦϦʔ IUUQTCPPUIQNKBJUFNT #jawsug_asa
ηΩϡϦςΟΛҡ࣋͢ΔͨΊͷ "84αʔϏε
ΨʔυϨʔϧͱ͍͏"84ͷઃܭࢥ ηΩϡϦςΟҰઃఆ͓ͯ͠ऴ͍Ͱͳ͍ɻ ڥશମʹܧଓతͳΨόφϯεΛఏڙ͢Δҝͷϧʔϧ͕ඞཁɻ"84 རศੑΛอͪͳ͕Βɺαϙʔτ͢ΔαʔϏεΛఏڙ͍ͯ͠Δ ᶃ༧ɹʜɹ*".4$1Ͱېࢭࣄ߲ͷૢ࡞ࣄ߲Λग़དྷͳ͘͢Δ͜ͱ ᶄݕɹʜɹېࢭࣄ߲ͷૢ࡞͕͞ΕͨΒؾ͕͚Δঢ়ଶʹ͢Δ͜ͱ ΨʔυϨʔϧ ؔॴ #jawsug_asa
$MPVE5SBJM AWS Management Console User AWS Command Line Interface AWS
CloudTrail Amazon Simple Storage Service (S3) Amazon CloudWatch "84Ϧιʔεͷૢ࡞ཤྺΛهɾ௨ ᶃϚωδϝϯτίϯιʔϧͱ"1*ͷૢ࡞ཤྺΛ4ʹอଘ ᶄ$MPVE8BUDI-PHTΛར༻ͯ͠4/4ܦ༝Ͱ௨Մೳ AWSϦιʔε #jawsug_asa
$POpH ఆˍΠϕϯτൃੜ࣌ʹ"84ͷঢ়ଶΛه ᶃ"84ͷঢ়ଶΛه͠ཧ͢ΔαʔϏε ᶄ$POpH3VMFTΛར༻͢Δ͜ͱʹΑΓɺ͋Δ͖ঢ়ଶ͔Β֎Ε ͨ͜ͱΛݕ͢Δ͜ͱ͕Ͱ͖Δ AWS Config User AWSϦιʔε ͷߏมߋ
ߏཧɾه ͷอଘ มߋޙͷߏͷ ධՁ ʢConfig Rulesʣ Amazon Simple Notification Service #jawsug_asa
(VBSE%VUZ ڴҖͷݕग़ ᶃηΩϡϦςΟ؍͔ΒͷڴҖϦεΫΛݕग़ ᶄϩάσʔλʢ71$'MPX-PHT $MPVE5SBJM&WFOU-PHT %/4-PHTʣΛੳ ᶅڴҖΛ"*ʹΑΓΠϯςϦδΣϯεʹݕग़ ѱҙͷ͋ΔεΩϟϯ ΠϯελϯεͷڴҖ ΞΧϯτͷڴҖ
Amazon GuardDuty Flow logs Event Logs DNS Logs ϩά ڴҖͷஅ Amazon Simple Notification Service Amazon CloudWatch Events ௨ #jawsug_asa
4FDVSJUZ)VC https://aws.amazon.com/jp/security-hub/ ηΩϡϦςΟΞϥʔτΛҰݩཧ ᶃ(VBSE%VUZ .BDJF *OTQFDUPSͷΞϥʔτΛ౷߹ͯ͠ཧ ᶄ֤छϩάΛݩʹίϯϓϥΠΞϯενΣοΫ ᶅαʔυύʔςΟπʔϧͱͷ࿈ܞɾෳ"84ΞΧϯτͷ౷߹ Մೳ #jawsug_asa
5SVTUFE"EWJTPS "84ͷར༻ঢ়گΛධՁ ᶃ̑ͭͷ؍ʢίετ࠷దԽɾύϑΥʔϚϯεɾηΩϡϦςΟɾ ϑΥʔϧττϨϥϯεɾαʔϏε੍ݶʣͰධՁ ᶄσϑΥϧτͰద༻͞Ε͍ͯΔͷͰɺҰݟͯΈΔ͜ͱ ᶅ௨ʢ&ϝʔϧͷΈʣՄೳ #jawsug_asa
$POUSPM5PXFS https://aws.amazon.com/jp/controltower/ ෳΞΧϯτͷηΩϡϦςΟઃఆͱࢹ ᶃ"84ͷϕετϓϥΫςΟεΛΓࠐΜͩઃఆͰɺ"84ΞΧ ϯτͷߏங ᶄΞΧϯτͷϙϦγʔΛܧଓతʹཧͱՄࢹԽ ᶅطଘͷΞΧϯτΛ$POUSPM5PXFSʹొ͢Δͷා͍ #jawsug_asa
ηΩϡϦςΟͷઃܭͷࢦ
/*45αΠόʔηΩϡϦςΟϑϨʔϜϫʔΫ ྨ ΧςΰϦʔ ಛఆ ʢ*EFOUJGZʣ ɾࢿ࢈ཧ ɾϏδωεڥ ɾΨόφϯε ɾϦεΫΞηεϝϯτɺϦεΫΞηεϝϯτཧ ɾαϓϥΠνΣʔϯϦεΫϚωδϝϯτ
ޚ ʢ1SPUFDUʣ ɾΞΫηε੍ޚ ɾҙ্͓ࣝΑͼτϨʔχϯά ɾσʔληΩϡϦςΟ ɾใΛอޢ͢ΔͨΊͷϓϩηε͓Αͼखॱ ɾอक ɾอޢٕज़ ݕ ʢ%FUFDUʣ ɾҟৗͱΠϕϯτ ɾηΩϡϦςΟͷܧଓతͳϞχλϦϯά ɾݕϓϩηε ରԠ ʢ3FTQPOEʣ ɾରԠܭըͷ࡞ ɾίϛϡχέʔγϣϯ ɾੳ ɾݮ ෮چ ʢ3FDPWFSʣ ɾ෮چܭըͷ࡞ ɾվળ ɾίϛχέʔγϣϯ IPA CSFίΞ https://www.ipa.go.jp/files/000071204.pdf
"848FMM"SDIJUFDUFEϑϨʔϜϫʔΫ ப ઃܭݪଇ ӡ༻্ͷ ༏लੑ ɾӡ༻Λίʔυͱͯ͠ӡ༻ ɾఆظతʹɺখنͳɺݩʹ͢͜ͱ͕Ͱ͖ΔมߋΛద༻͢Δ ɾӡ༻खॱΛఆظతʹվળ͢Δ ɾোΛ༧͢Δ ɾ͋ΒΏΔӡ༻্ͷো͔ΒֶͿ
ηΩϡϦςΟ ɾڧݻͳೝূج൫ͷ࣮ ɾτϨαϏϦςΟʔͷ࣮ݱ ɾશϨΠϠʔͷηΩϡϦςΟͷద༻ ɾηΩϡϦςΟͷϕετϓϥΫςΟεͷࣗಈԽ ɾૹத͓Αͼอதͷσʔλอޢ ɾσʔλʹਓͷखΛೖΕͳ͍ ɾηΩϡϦςΟΠϕϯτͷඋ͑ ৴པੑ ɾো͔Βࣗಈతʹ෮چ͢Δ ɾ෮چखॱΛςετ͢Δ ɾਫฏํʹεέʔϧͯ͠ू߹తͳϫʔΫϩʔυͷՄ༻ੑΛߴΊΔ ɾΩϟύγςΟʔΛײʹཔΒͳ͍ ɾࣗಈԽͰมߋΛཧ͢Δ ύϑΥʔϚϯεޮ ɾߴͳςΫϊϩδʔΛ୭Ͱ͑ΔΑ͏ʹ͢Δ ɾ͢Ͱάϩʔόϧʹల։͢Δ ɾαʔόʔϨεΞʔΩςΫνϟΛ༷͢Δ ɾΑΓසൟʹ࣮ݧ͢Δ ɾϝΧχΧϧγϯύγʔΛߟྀ͢Δ ίετ࠷దԽ ɾΫϥυͷࡒཧͷӡ༻ ɾফඅϞσϧΛಋೖ͢Δ ɾશମతͳޮΛଌఆ͢Δ ɾඅ༻Λੳ͠ɺؼ݁ͤ͞Δ AWS Well-Architected ϑϨʔϜϫʔΫ https://aws.amazon.com/jp/architecture/well-architected/
"84ͷηΩϡϦςΟαʔϏεΛ ׆༻ྫ
ϑϨʔϜϫʔΫʹͯΊͯΈΔͱʁ Lambda Systems Manager Automation CloudFormation Organizations SCP IAM SNS
Config CloudWatch Inspector Macie GuardDuty Shield Firewall Manager WAF VPC ༧ ޚ ݕ ରԠ ෮چ ௨ ࣗಈԽ Lambda CloudWatch ௐࠪ CloudWatch CloudTrail ౷߹ Security Hub #jawsug_asa
ΞʔΩςΫνϟʔผʹݟͯΈΔͱ Shield WAF CloudFront ELB ߈ܸରࡦ ରϦιʔε NACL Security Group
ωοτϫʔΫޚ ରϦιʔε ELB EC2 RDS KMS σʔλอޢ ରϦιʔε EC2 RDS S3 %%P4߈ܸ ΞϓϦέʔγϣϯ ߈ܸ ෆਖ਼ ωοτϫʔΫ ΞΫηε ෆਖ਼ ɹσʔλΞΫηε Inspector Systems Manager αʔόʔཧ Security Hub CloudTrail CloudWatch GuardDuty Config VPC Flow logs ՄࢹԽɾϞχλϦϯά ௨ ௨ SNS ௨ ӡ༻୲ ࢹ ɾશϨΠϠʔͷηΩϡϦςΟͷద༻ ɾτϨαϏϦςΟʔͷ࣮ݱ #jawsug_asa
γεςϜͷϨΠϠʔผʹͯΊΔͱ Ϛωδϝϯτ ίϯιʔϧ 71$Ծઐ༗ྖҬ &$04ྖҬ ϩʔΧϧσΟεΫ 3%4σʔλϕʔε 4ετϨʔδ $MPVE8BUDIࢹ %JSFDU$POOFDU/8
ηΩϡϦςΟͷରԠྫʢޚʣ ݕͷରԠྫ (VBSE%VUZ $POUSPM5PXFS 4FDVSJUZ)VC 'JSFXBMM.BOBHFS .BDJF 5SVTUFE"EWJTPS ɾ"84ΞΧϯτɿར༻੍ݶ ɾ*".Ϣʔβɿૢ࡞ݖݶͱଓݩ੍ݶ ɹར༻ՄೳϦιʔεʹର͢ΔΞΫηείϯτϩʔϧɺଟཁૉೝূͷಋೖ ɾຊ൪ڥɺ։ൃڥͱ͍ͬͨڥ୯ҐͰ71$ͷ ɾαϒωοτ୯ҐͰͷ௨৴੍ޚɺϧʔςΟϯάઃఆ ɾ71$ϑϩʔϩάͷऔಘ ɾ4FDVSJUZ(SPVQʹΑΔαʔόؒ௨৴੍ޚ ɾ4ZTUFNT.BOBHFSΛར༻ͯ͠ͷɺαʔόঢ়ଶͷѲͱҰׅύονͯ ɾαʔόͷϩάΠϯཧͷΈͱɺϩάूͷΈͷಋೖ ɾ҉߸ԽΦϓγϣϯʹΑΔσΟεΫશମͷ҉߸Խ $MPVE5SBJMʹΑΔ "84ૢ࡞ཤྺ τϥϑΟοΫϩά ֤छΞϓϦέʔγϣϯϩά 04ϩάΠϯཤྺ %#ࠪϩά "84αʔϏε֤छʹΑΔ ϩάɾΞϥʔτ ݕࠪ͢Δ͖ϩά ɾઐ༻ઢʢ%9ʣ71/Λར༻ͨ͠ܦ࿏҆શͷ֬อ ɾ5SBOTJU(BUFXBZΛར༻ͨ͠71$ɾܦ࿏ͷཧ ɾܦ࿏ͷԽʹΑΔࣄۀܧଓੑͷ֬อ ɾDBMSͷػೳʹΑΔςʔϒϧશମʢදྖҬʣͷ҉߸Խ ɾDBʹର͢ΔΞΫηεݖݶͷཧ ɾ҉߸ԽΦϓγϣϯʹΑΔετϨʔδશମͷ҉߸Խ ɾΫϥΠΞϯταΠυ҉߸ԽΩʔʹΑΓσʔλΛอޢ ɾCloudWatchʹΑΔAWSͷࢹͱɺӡ༻ࢹιϑτΣΞΛར༻ͨ͠αʔ ϏεɺΞϓϦέʔγϣϯࢹͷซ༻ *OTQFDUPS "84ͷར༻ঢ়گͷࠪ "84ΞΧϯτͷઃఆͱΨόφϯε ηΩϡϦςΟʔΞϥʔτͷूͱݕɾରԠ "84ͷෆਖ਼ར༻ͷݕ 04ɺΞϓϦͷηΩϡϦςΟධՁ 'JSFXBMMͷҰݩཧͱݕɾରԠ 4ͷػີใͷݕग़ɺྨɺอޢ 0SHBOJ[BUJPOT #jawsug_asa
༧త౷੍ͱൃݟత౷੍ ηΩϡϦςΟͷϕετϓϥΫςΟεͷҰͭ 0SHBOJ[BUJPO6OJU Automation AWS Systems Manager AWS Config Rule
ઃఆෆඋΛ ݕ म෮ࢦࣔ ༧త౷੍ ൃݟత౷੍ SCP AWS Organizations SCPΛར༻ͯ͠ ΞΧϯτશମʹ ېࢭࣄ߲ͷઃఆ AWSΞΧϯτ IAM User ྫʣ SPPUϢʔβʔͷΞΫηεΩʔͷ ࡞Λېࢭ͢Δ ྫʣ *".Ϣʔβʔͷ.'"͕༗ޮʹ ͳ͍ͬͯΔ͔νΣοΫ͢Δ Ұ࣌తʹ IAMϢʔβʔͷ ແޮԽ #jawsug_asa
αʔϏεΛ্ख͘׆༻͢Δͱ ӡ༻ָ͕ʹͳΔ
ηΩϡϦςΟͷઃఆΛखಈͰઃఆ͢Δͱʁ ̍ʙ̎ݸͩͱରԠՄೳ͕ͩɺΞΧϯτ ͕ݸ͋ͬͨͱͨ͠Βʁ ਓ͕ؒखͰΔͱϛεൈ͚࿙Ε͕ൃੜ͢Δɻ ͦΕҎલʹ໘͍͘͞ #jawsug_asa
"840SHBOJ[BUJPOTͷ׆༻
"840SHBOJ[BUJPOTͷ༻ޠ #jawsug_asa ཁૉ໊ ֓ཁ ৫ "840SHBOJ[BUJPOTͰཧ͢Δରͷશମ ࢀՃ͢Δ"84ΞΧϯτશͯ Ϛελʔ ΞΧϯτ "840SHBOJ[BUJPOTΛઃఆͨ͠"84ΞΧϯτ
ʢ৫ʹ̍ͭͷΈʣ ϝϯόʔ ΞΧϯτ ৫ͷϚελʔΞΧϯτҎ֎ͷશͯͷ"84ΞΧ ϯτ ৫୯Ґ ʢ06 ৫ͷཧతͳάϧʔϓ ཧ༻ϧʔτ ʢSPPUʣ ৫ͷ֊ͷ࠷্Ґ αʔϏείϯτϩ ʔϧϙϦγʔ ར༻Ͱ͖Δ"84αʔϏεͷ੍ޚΛهड़ͨ͠ϙϦγʔ
0SHBOJ[BUJPOTͷ֊ߏ Account Account Account Organizational unit Organizational unit 3PPU Account
RootԼʹ ΞΧϯτͷ ஔՄೳ ʢඇਪʣ OUͷ֊ߏ ઃఆՄೳ #jawsug_asa ৫୯Ґʢ06ʣͰཧ͞Εɺ্Ґͷઃఆ ԼҐʹܧঝ͞ΕΔ
αʔϏείϯτϩʔϧϙϦγʔʢ4$1ʣ 4$1Λ͏ͱ"84ΞΧϯτ୯ҐͰͷݖݶ੍ޚ͕Մೳ 4FSWJDF$POUSPM 1PMJDZʢ4$1ʣ *EFOUJUZCBTFE QPMJDZʢ*".ʣ ˓ ˓ ˓ ☓
☓ ༗ޮͳݖݶ *".ͷΈͳΒͣϧʔτΞΧϯτͷ੍ݶ Մೳʢ1FSNJTTJPOTόϯμϦʔΑΓڧྗʣ
4$1ͷ੍ޚͷܧঝ #jawsug_asa 0SHBOJ[BUJPOTͷ֊ͱݖݶͷܧঝ Account Account Account Organizational unit Organizational unit
SCP ΞΧϯτ୯Ґʹ ద༻ SCP OUશମʹ ద༻ 3PPU ΞΧϯτͰ*".ΛؤுΔΑΓɺ੍ޚ͞Εͨαϯυ ϘοΫεΞΧϯτΛ࡞Δ΄͏ָ͕͔͠Εͳ͍
$MPVE'PSNBUJPO4UBDL4FUT
$MPVE'PSNBUJPO4UBDL4FUT #jawsug_asa CloudFormation StackSets Stack ΞΧϯτAʢϝϯόʔΞΧϯτʣ ౦ژϦʔδϣϯ Stack ΦϋΠΦϦʔδϣϯ ΞΧϯτʢϚελʔΞΧϯτʣ
Stack ΞΧϯτBʢϝϯόʔΞΧϯτʣ ౦ژϦʔδϣϯ Stackͷ࡞ͱ࣮ߦ ෳͷ"84ΞΧϯτϦʔδϣϯʹର͠ $MPVE'PSNBUJPOͷελοΫΛ࡞Ͱ͖Δػೳ
0SHBOJ[BUJPOTº4UBDL4FUT #jawsug_asa AWS Account AWS Account OUʢ৫୯Ґʣ 3PPU CloudFormation StackSets
with Organizations AWS Account OUʹࢀՃ AWS Account ελοΫͷ࡞ ʢOUઃఆͷՃʣ ελοΫͷআ ʢOUઃఆͷআʣ OU͔Β 0SHBOJ[BUJPOTͱ࿈ܞͤͯ͞ɺ 06ࡿԼʹࣗಈతʹ4UBDL4FUTͷద༻ ΊͪΌͪ͘Όศར
"840SHBOJ[BUJPOT º $MPVE'PSNBUJPO4UBDL4FUT ࢼͯ͠ΈΑ͏ʂʂ
ࢧ͍ߦͬͯΔ͚Ͳʁ ࢧ͍ߦͰ"840SHBOJ[BUJPOTͷػೳ͕ ར༻Մೳͳϓϥϯ͕͋Γ·͢ /3*ωοτίϜɹʲ"840SHBOJ[BUJPOTରԠʳ "84ࢧ͍ߦαʔϏε IUUQTXXXOSJOFUDPNQSPEVDUTBXTQBZNFOU #jawsug_asa
·ͱΊ
ࠓͨ͠༰ "84ͷΞΧϯτηΩϡϦςΟ "84ͷηΩϡϦςΟαʔϏε $MPVE'PSNBUJPO4UBDL4FUTͱ"840SHBOJ[BUJPOT #jawsug_asa
ຊͷΰʔϧ "840SHBOJ[BUJPOTͱ $MPVE'PSNBUJPO4UBDL4FUTΛࣗͰͬͯΈΑ͏ 㱺ͬͯΈͨ͘ͳΓ·͔ͨ͠ʁ ɹ-FU`͂5SZʂʂ #jawsug_asa