Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
CloudFormation StackSets with AWS Organizations
Search
Takuro SASAKI
August 25, 2020
Technology
3
5.8k
CloudFormation StackSets with AWS Organizations
JAWS-UG朝会で発表した"CloudFormation StackSets × AWS Organizationsで設定の自動化"の発表資料です
Takuro SASAKI
August 25, 2020
Tweet
Share
More Decks by Takuro SASAKI
See All by Takuro SASAKI
技術書を書く技術 JAWS DAYS 2024
takuros
17
5.5k
パフォーマンスとコスト制約から考えるアーキテクチャ設計(JAWSUG東京ランチLT会#4)
takuros
2
1.2k
Storage-JAWS第0回 昔話で振り返るAWSの歴史 ~ストレージ編~
takuros
1
3.6k
エンジニアとしての自分とマネージャーとしての自分の狭間で、どう成長していくのか?(AWS DevDay 2023登壇資料)
takuros
30
13k
AWSで作るデータ分析基盤サービスの選定と設計のポイント
takuros
5
6.4k
JAWSUG初心者支部 IAMの「あ」の話
takuros
4
8.6k
Security-JAWS-Speciality-Study
takuros
0
5.5k
AWS認定セキュリティ - 専門知識 AWSのサービスを使って楽してセキュリティ向上!!
takuros
5
5.1k
AWSアカウントのセキュリティを守る IAM編
takuros
1
2.9k
Other Decks in Technology
See All in Technology
Kiroから考える AIコーディングツールの潮流
s4yuba
4
660
LLMで構造化出力の成功率をグンと上げる方法
keisuketakiguchi
0
370
反脆弱性(アンチフラジャイル)とデータ基盤構築
cuebic9bic
2
160
2時間で300+テーブルをデータ基盤に連携するためのAI活用 / FukuokaDataEngineer
sansan_randd
0
130
【CEDEC2025】ブランド力アップのためのコンテンツマーケティング~ゲーム会社における情報資産の活かし方~
cygames
PRO
0
230
dipにおけるSRE変革の軌跡
dip_tech
PRO
1
230
生成AI時代におけるAI・機械学習技術を用いたプロダクト開発の深化と進化 #BetAIDay
layerx
PRO
1
1k
【新卒研修資料】数理最適化 / Mathematical Optimization
brainpadpr
25
11k
AI時代の経営、Bet AI Vision #BetAIDay
layerx
PRO
1
1.7k
LLM 機能を支える Langfuse / ClickHouse のサーバレス化
yuu26
3
150
解消したはずが…技術と人間のエラーが交錯する恐怖体験
lamaglama39
0
190
AWS re:Inforce 2025 re:Cap Update Pickup & AWS Control Tower の運用における考慮ポイント
htan
1
210
Featured
See All Featured
GraphQLの誤解/rethinking-graphql
sonatard
71
11k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.4k
Docker and Python
trallard
45
3.5k
Facilitating Awesome Meetings
lara
54
6.5k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
VelocityConf: Rendering Performance Case Studies
addyosmani
332
24k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
KATA
mclloyd
31
14k
The Cult of Friendly URLs
andyhume
79
6.5k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
31
1.3k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.6k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Transcript
$MPVE'PSNBUJPO4UBDL4FUTº "840SHBOJ[BUJPOTͰ ઃఆͷࣗಈԽ /3*ωοτίϜגࣜձࣾɹ ࠤʑ +"846(ேձୈճ #jawsug_asa
ࠤʑ CMPHIUUQTCMPHUBLVSPTOFU 5XJUUFS!ELGK ࣗݾհ #jawsug_asa
+BQBO"1/"NCBTTBEPS બग़͞Ε·ͨ͠ ࣗݾհ #jawsug_asa
ೝఆηΩϡϦςΟࢼݧͷରࡦຊ ཁཧ͔Β߈ུ͢Δ ʰ"84ೝఆηΩϡϦςΟઐࣝʱ IUUQTBN[OUP1,4D( "84ೝఆηΩϡϦςΟઐࣝͷษڧͷํͱ "84ͷηΩϡϦςΟͷΨΠυϒοΫͱͯࣥ͠චʢͨͭ͠Γʣ #jawsug_asa
ࠓ͢༰ "84ͷΞΧϯτηΩϡϦςΟ "84ͷηΩϡϦςΟαʔϏε $MPVE'PSNBUJPO4UBDL4FUTͱ"840SHBOJ[BUJPOT #jawsug_asa
ຊͷΰʔϧ "840SHBOJ[BUJPOTͱ $MPVE'PSNBUJPO4UBDL4FUTΛࣗͰͬͯΈΑ͏ 㱺ࣗͰखΛಈ͔͢ͷେࣄʂʂ #jawsug_asa
"84ͱηΩϡϦςΟ ͍Ζ͍ΖΔ͜ͱ͕ଟͯ͘ɺ ͍͜͠ͱࢥͬͨ͜ͱ͋Γ·ͤΜ͔ શମ૾ΛѲ͢ΔͨΊʹɺͬ͘͟Γͱ ྨͯ͠Έ·͠ΐ͏ #jawsug_asa
"84ͱηΩϡϦςΟ "84ͷηΩϡϦςΟ̏ͭͷ࣠Ͱߟ͑Δ ᶃ"84ʹߏஙͨ͠ωοτϫʔΫͱαʔόʔͷηΩϡϦςΟ ᶄ"84ૢ࡞ʹؔ͢Δݖݶʢ*".ʣ ᶅηΩϡϦςΟΛҡ࣋ཧ͢ΔͨΊͷ"84αʔϏε AWS Management Console Role VPC
AWS Cloud Subnet Internet gateway Amazon Simple Storage Service (S3) VPN gateway Endpoints User ૢ࡞ݖݶ Instance Instance Instance AWS Lambda Role ᶄ ᶃ AWS Command Line Interface AWS Config AWS Systems Manager AWS Service Catalog AWS Trusted Advisor AWS CloudTrail ᶅ ηΩϡϦςΟΛҡ࣋ ཧ͢ΔαʔϏε #jawsug_asa
ᶃ"84ʹߏஙͨ͠ωοτϫʔΫͱ αʔόʔͷηΩϡϦςΟ ڞ༗Ϟσϧͷͷ෦ ઃܭͷߟ͑ํΦϯϓϨͱେ͖͘ҧΘͳ͍͕ɺઃఆͷ ํ"84ͷྲّྀʹै͏ඞཁ͕͋Δ IUUQTBXTBNB[PODPNKQDPNQMJBODFTIBSFESFTQPOTJCJMJUZNPEFM #jawsug_asa
ᶄ"84ͷૢ࡞ʹؔ͢Δݖݶʢ*".ʣ "84ͷηΩϡϦςΟͷத֩ͷҰͭ ͲΜͳʹωοτϫʔΫαʔόʔͷηΩϡϦςΟΛڧݻʹ ͍ͯͯ͠ɺ"84Λૢ࡞͞ΕΔͱ͕݀։͚ΒΕΔ "84ͷബ͍ຊɹ*".ͷϚχΞοΫͳ IUUQTCPPUIQNKBJUFNT #jawsug_asa
ᶅηΩϡϦςΟΛҡ࣋ཧ͢Δ ɹͨΊͷ"84αʔϏε "84ಠࣗͷ෦ ར༻͠ͳͯ͘γεςϜΛηΩϡΞͳঢ়ଶΛҡ࣋Ͱ͖Δ͕ɺ ্ख͘׆༻͢ΔͱࣗྗͰΔΑΓഒָʹͳΔ "84ͷബ͍ຊᶘΞΧϯτηΩϡϦςΟͷϕʔγοΫηΦϦʔ IUUQTCPPUIQNKBJUFNT #jawsug_asa
ηΩϡϦςΟΛҡ࣋͢ΔͨΊͷ "84αʔϏε
ΨʔυϨʔϧͱ͍͏"84ͷઃܭࢥ ηΩϡϦςΟҰઃఆ͓ͯ͠ऴ͍Ͱͳ͍ɻ ڥશମʹܧଓతͳΨόφϯεΛఏڙ͢Δҝͷϧʔϧ͕ඞཁɻ"84 རศੑΛอͪͳ͕Βɺαϙʔτ͢ΔαʔϏεΛఏڙ͍ͯ͠Δ ᶃ༧ɹʜɹ*".4$1Ͱېࢭࣄ߲ͷૢ࡞ࣄ߲Λग़དྷͳ͘͢Δ͜ͱ ᶄݕɹʜɹېࢭࣄ߲ͷૢ࡞͕͞ΕͨΒؾ͕͚Δঢ়ଶʹ͢Δ͜ͱ ΨʔυϨʔϧ ؔॴ #jawsug_asa
$MPVE5SBJM AWS Management Console User AWS Command Line Interface AWS
CloudTrail Amazon Simple Storage Service (S3) Amazon CloudWatch "84Ϧιʔεͷૢ࡞ཤྺΛهɾ௨ ᶃϚωδϝϯτίϯιʔϧͱ"1*ͷૢ࡞ཤྺΛ4ʹอଘ ᶄ$MPVE8BUDI-PHTΛར༻ͯ͠4/4ܦ༝Ͱ௨Մೳ AWSϦιʔε #jawsug_asa
$POpH ఆˍΠϕϯτൃੜ࣌ʹ"84ͷঢ়ଶΛه ᶃ"84ͷঢ়ଶΛه͠ཧ͢ΔαʔϏε ᶄ$POpH3VMFTΛར༻͢Δ͜ͱʹΑΓɺ͋Δ͖ঢ়ଶ͔Β֎Ε ͨ͜ͱΛݕ͢Δ͜ͱ͕Ͱ͖Δ AWS Config User AWSϦιʔε ͷߏมߋ
ߏཧɾه ͷอଘ มߋޙͷߏͷ ධՁ ʢConfig Rulesʣ Amazon Simple Notification Service #jawsug_asa
(VBSE%VUZ ڴҖͷݕग़ ᶃηΩϡϦςΟ؍͔ΒͷڴҖϦεΫΛݕग़ ᶄϩάσʔλʢ71$'MPX-PHT $MPVE5SBJM&WFOU-PHT %/4-PHTʣΛੳ ᶅڴҖΛ"*ʹΑΓΠϯςϦδΣϯεʹݕग़ ѱҙͷ͋ΔεΩϟϯ ΠϯελϯεͷڴҖ ΞΧϯτͷڴҖ
Amazon GuardDuty Flow logs Event Logs DNS Logs ϩά ڴҖͷஅ Amazon Simple Notification Service Amazon CloudWatch Events ௨ #jawsug_asa
4FDVSJUZ)VC https://aws.amazon.com/jp/security-hub/ ηΩϡϦςΟΞϥʔτΛҰݩཧ ᶃ(VBSE%VUZ .BDJF *OTQFDUPSͷΞϥʔτΛ౷߹ͯ͠ཧ ᶄ֤छϩάΛݩʹίϯϓϥΠΞϯενΣοΫ ᶅαʔυύʔςΟπʔϧͱͷ࿈ܞɾෳ"84ΞΧϯτͷ౷߹ Մೳ #jawsug_asa
5SVTUFE"EWJTPS "84ͷར༻ঢ়گΛධՁ ᶃ̑ͭͷ؍ʢίετ࠷దԽɾύϑΥʔϚϯεɾηΩϡϦςΟɾ ϑΥʔϧττϨϥϯεɾαʔϏε੍ݶʣͰධՁ ᶄσϑΥϧτͰద༻͞Ε͍ͯΔͷͰɺҰݟͯΈΔ͜ͱ ᶅ௨ʢ&ϝʔϧͷΈʣՄೳ #jawsug_asa
$POUSPM5PXFS https://aws.amazon.com/jp/controltower/ ෳΞΧϯτͷηΩϡϦςΟઃఆͱࢹ ᶃ"84ͷϕετϓϥΫςΟεΛΓࠐΜͩઃఆͰɺ"84ΞΧ ϯτͷߏங ᶄΞΧϯτͷϙϦγʔΛܧଓతʹཧͱՄࢹԽ ᶅطଘͷΞΧϯτΛ$POUSPM5PXFSʹొ͢Δͷා͍ #jawsug_asa
ηΩϡϦςΟͷઃܭͷࢦ
/*45αΠόʔηΩϡϦςΟϑϨʔϜϫʔΫ ྨ ΧςΰϦʔ ಛఆ ʢ*EFOUJGZʣ ɾࢿ࢈ཧ ɾϏδωεڥ ɾΨόφϯε ɾϦεΫΞηεϝϯτɺϦεΫΞηεϝϯτཧ ɾαϓϥΠνΣʔϯϦεΫϚωδϝϯτ
ޚ ʢ1SPUFDUʣ ɾΞΫηε੍ޚ ɾҙ্͓ࣝΑͼτϨʔχϯά ɾσʔληΩϡϦςΟ ɾใΛอޢ͢ΔͨΊͷϓϩηε͓Αͼखॱ ɾอक ɾอޢٕज़ ݕ ʢ%FUFDUʣ ɾҟৗͱΠϕϯτ ɾηΩϡϦςΟͷܧଓతͳϞχλϦϯά ɾݕϓϩηε ରԠ ʢ3FTQPOEʣ ɾରԠܭըͷ࡞ ɾίϛϡχέʔγϣϯ ɾੳ ɾݮ ෮چ ʢ3FDPWFSʣ ɾ෮چܭըͷ࡞ ɾվળ ɾίϛχέʔγϣϯ IPA CSFίΞ https://www.ipa.go.jp/files/000071204.pdf
"848FMM"SDIJUFDUFEϑϨʔϜϫʔΫ ப ઃܭݪଇ ӡ༻্ͷ ༏लੑ ɾӡ༻Λίʔυͱͯ͠ӡ༻ ɾఆظతʹɺখنͳɺݩʹ͢͜ͱ͕Ͱ͖ΔมߋΛద༻͢Δ ɾӡ༻खॱΛఆظతʹվળ͢Δ ɾোΛ༧͢Δ ɾ͋ΒΏΔӡ༻্ͷো͔ΒֶͿ
ηΩϡϦςΟ ɾڧݻͳೝূج൫ͷ࣮ ɾτϨαϏϦςΟʔͷ࣮ݱ ɾશϨΠϠʔͷηΩϡϦςΟͷద༻ ɾηΩϡϦςΟͷϕετϓϥΫςΟεͷࣗಈԽ ɾૹத͓Αͼอதͷσʔλอޢ ɾσʔλʹਓͷखΛೖΕͳ͍ ɾηΩϡϦςΟΠϕϯτͷඋ͑ ৴པੑ ɾো͔Βࣗಈతʹ෮چ͢Δ ɾ෮چखॱΛςετ͢Δ ɾਫฏํʹεέʔϧͯ͠ू߹తͳϫʔΫϩʔυͷՄ༻ੑΛߴΊΔ ɾΩϟύγςΟʔΛײʹཔΒͳ͍ ɾࣗಈԽͰมߋΛཧ͢Δ ύϑΥʔϚϯεޮ ɾߴͳςΫϊϩδʔΛ୭Ͱ͑ΔΑ͏ʹ͢Δ ɾ͢Ͱάϩʔόϧʹల։͢Δ ɾαʔόʔϨεΞʔΩςΫνϟΛ༷͢Δ ɾΑΓසൟʹ࣮ݧ͢Δ ɾϝΧχΧϧγϯύγʔΛߟྀ͢Δ ίετ࠷దԽ ɾΫϥυͷࡒཧͷӡ༻ ɾফඅϞσϧΛಋೖ͢Δ ɾશମతͳޮΛଌఆ͢Δ ɾඅ༻Λੳ͠ɺؼ݁ͤ͞Δ AWS Well-Architected ϑϨʔϜϫʔΫ https://aws.amazon.com/jp/architecture/well-architected/
"84ͷηΩϡϦςΟαʔϏεΛ ׆༻ྫ
ϑϨʔϜϫʔΫʹͯΊͯΈΔͱʁ Lambda Systems Manager Automation CloudFormation Organizations SCP IAM SNS
Config CloudWatch Inspector Macie GuardDuty Shield Firewall Manager WAF VPC ༧ ޚ ݕ ରԠ ෮چ ௨ ࣗಈԽ Lambda CloudWatch ௐࠪ CloudWatch CloudTrail ౷߹ Security Hub #jawsug_asa
ΞʔΩςΫνϟʔผʹݟͯΈΔͱ Shield WAF CloudFront ELB ߈ܸରࡦ ରϦιʔε NACL Security Group
ωοτϫʔΫޚ ରϦιʔε ELB EC2 RDS KMS σʔλอޢ ରϦιʔε EC2 RDS S3 %%P4߈ܸ ΞϓϦέʔγϣϯ ߈ܸ ෆਖ਼ ωοτϫʔΫ ΞΫηε ෆਖ਼ ɹσʔλΞΫηε Inspector Systems Manager αʔόʔཧ Security Hub CloudTrail CloudWatch GuardDuty Config VPC Flow logs ՄࢹԽɾϞχλϦϯά ௨ ௨ SNS ௨ ӡ༻୲ ࢹ ɾશϨΠϠʔͷηΩϡϦςΟͷద༻ ɾτϨαϏϦςΟʔͷ࣮ݱ #jawsug_asa
γεςϜͷϨΠϠʔผʹͯΊΔͱ Ϛωδϝϯτ ίϯιʔϧ 71$Ծઐ༗ྖҬ &$04ྖҬ ϩʔΧϧσΟεΫ 3%4σʔλϕʔε 4ετϨʔδ $MPVE8BUDIࢹ %JSFDU$POOFDU/8
ηΩϡϦςΟͷରԠྫʢޚʣ ݕͷରԠྫ (VBSE%VUZ $POUSPM5PXFS 4FDVSJUZ)VC 'JSFXBMM.BOBHFS .BDJF 5SVTUFE"EWJTPS ɾ"84ΞΧϯτɿར༻੍ݶ ɾ*".Ϣʔβɿૢ࡞ݖݶͱଓݩ੍ݶ ɹར༻ՄೳϦιʔεʹର͢ΔΞΫηείϯτϩʔϧɺଟཁૉೝূͷಋೖ ɾຊ൪ڥɺ։ൃڥͱ͍ͬͨڥ୯ҐͰ71$ͷ ɾαϒωοτ୯ҐͰͷ௨৴੍ޚɺϧʔςΟϯάઃఆ ɾ71$ϑϩʔϩάͷऔಘ ɾ4FDVSJUZ(SPVQʹΑΔαʔόؒ௨৴੍ޚ ɾ4ZTUFNT.BOBHFSΛར༻ͯ͠ͷɺαʔόঢ়ଶͷѲͱҰׅύονͯ ɾαʔόͷϩάΠϯཧͷΈͱɺϩάूͷΈͷಋೖ ɾ҉߸ԽΦϓγϣϯʹΑΔσΟεΫશମͷ҉߸Խ $MPVE5SBJMʹΑΔ "84ૢ࡞ཤྺ τϥϑΟοΫϩά ֤छΞϓϦέʔγϣϯϩά 04ϩάΠϯཤྺ %#ࠪϩά "84αʔϏε֤छʹΑΔ ϩάɾΞϥʔτ ݕࠪ͢Δ͖ϩά ɾઐ༻ઢʢ%9ʣ71/Λར༻ͨ͠ܦ࿏҆શͷ֬อ ɾ5SBOTJU(BUFXBZΛར༻ͨ͠71$ɾܦ࿏ͷཧ ɾܦ࿏ͷԽʹΑΔࣄۀܧଓੑͷ֬อ ɾDBMSͷػೳʹΑΔςʔϒϧશମʢදྖҬʣͷ҉߸Խ ɾDBʹର͢ΔΞΫηεݖݶͷཧ ɾ҉߸ԽΦϓγϣϯʹΑΔετϨʔδશମͷ҉߸Խ ɾΫϥΠΞϯταΠυ҉߸ԽΩʔʹΑΓσʔλΛอޢ ɾCloudWatchʹΑΔAWSͷࢹͱɺӡ༻ࢹιϑτΣΞΛར༻ͨ͠αʔ ϏεɺΞϓϦέʔγϣϯࢹͷซ༻ *OTQFDUPS "84ͷར༻ঢ়گͷࠪ "84ΞΧϯτͷઃఆͱΨόφϯε ηΩϡϦςΟʔΞϥʔτͷूͱݕɾରԠ "84ͷෆਖ਼ར༻ͷݕ 04ɺΞϓϦͷηΩϡϦςΟධՁ 'JSFXBMMͷҰݩཧͱݕɾରԠ 4ͷػີใͷݕग़ɺྨɺอޢ 0SHBOJ[BUJPOT #jawsug_asa
༧త౷੍ͱൃݟత౷੍ ηΩϡϦςΟͷϕετϓϥΫςΟεͷҰͭ 0SHBOJ[BUJPO6OJU Automation AWS Systems Manager AWS Config Rule
ઃఆෆඋΛ ݕ म෮ࢦࣔ ༧త౷੍ ൃݟత౷੍ SCP AWS Organizations SCPΛར༻ͯ͠ ΞΧϯτશମʹ ېࢭࣄ߲ͷઃఆ AWSΞΧϯτ IAM User ྫʣ SPPUϢʔβʔͷΞΫηεΩʔͷ ࡞Λېࢭ͢Δ ྫʣ *".Ϣʔβʔͷ.'"͕༗ޮʹ ͳ͍ͬͯΔ͔νΣοΫ͢Δ Ұ࣌తʹ IAMϢʔβʔͷ ແޮԽ #jawsug_asa
αʔϏεΛ্ख͘׆༻͢Δͱ ӡ༻ָ͕ʹͳΔ
ηΩϡϦςΟͷઃఆΛखಈͰઃఆ͢Δͱʁ ̍ʙ̎ݸͩͱରԠՄೳ͕ͩɺΞΧϯτ ͕ݸ͋ͬͨͱͨ͠Βʁ ਓ͕ؒखͰΔͱϛεൈ͚࿙Ε͕ൃੜ͢Δɻ ͦΕҎલʹ໘͍͘͞ #jawsug_asa
"840SHBOJ[BUJPOTͷ׆༻
"840SHBOJ[BUJPOTͷ༻ޠ #jawsug_asa ཁૉ໊ ֓ཁ ৫ "840SHBOJ[BUJPOTͰཧ͢Δରͷશମ ࢀՃ͢Δ"84ΞΧϯτશͯ Ϛελʔ ΞΧϯτ "840SHBOJ[BUJPOTΛઃఆͨ͠"84ΞΧϯτ
ʢ৫ʹ̍ͭͷΈʣ ϝϯόʔ ΞΧϯτ ৫ͷϚελʔΞΧϯτҎ֎ͷશͯͷ"84ΞΧ ϯτ ৫୯Ґ ʢ06 ৫ͷཧతͳάϧʔϓ ཧ༻ϧʔτ ʢSPPUʣ ৫ͷ֊ͷ࠷্Ґ αʔϏείϯτϩ ʔϧϙϦγʔ ར༻Ͱ͖Δ"84αʔϏεͷ੍ޚΛهड़ͨ͠ϙϦγʔ
0SHBOJ[BUJPOTͷ֊ߏ Account Account Account Organizational unit Organizational unit 3PPU Account
RootԼʹ ΞΧϯτͷ ஔՄೳ ʢඇਪʣ OUͷ֊ߏ ઃఆՄೳ #jawsug_asa ৫୯Ґʢ06ʣͰཧ͞Εɺ্Ґͷઃఆ ԼҐʹܧঝ͞ΕΔ
αʔϏείϯτϩʔϧϙϦγʔʢ4$1ʣ 4$1Λ͏ͱ"84ΞΧϯτ୯ҐͰͷݖݶ੍ޚ͕Մೳ 4FSWJDF$POUSPM 1PMJDZʢ4$1ʣ *EFOUJUZCBTFE QPMJDZʢ*".ʣ ˓ ˓ ˓ ☓
☓ ༗ޮͳݖݶ *".ͷΈͳΒͣϧʔτΞΧϯτͷ੍ݶ Մೳʢ1FSNJTTJPOTόϯμϦʔΑΓڧྗʣ
4$1ͷ੍ޚͷܧঝ #jawsug_asa 0SHBOJ[BUJPOTͷ֊ͱݖݶͷܧঝ Account Account Account Organizational unit Organizational unit
SCP ΞΧϯτ୯Ґʹ ద༻ SCP OUશମʹ ద༻ 3PPU ΞΧϯτͰ*".ΛؤுΔΑΓɺ੍ޚ͞Εͨαϯυ ϘοΫεΞΧϯτΛ࡞Δ΄͏ָ͕͔͠Εͳ͍
$MPVE'PSNBUJPO4UBDL4FUT
$MPVE'PSNBUJPO4UBDL4FUT #jawsug_asa CloudFormation StackSets Stack ΞΧϯτAʢϝϯόʔΞΧϯτʣ ౦ژϦʔδϣϯ Stack ΦϋΠΦϦʔδϣϯ ΞΧϯτʢϚελʔΞΧϯτʣ
Stack ΞΧϯτBʢϝϯόʔΞΧϯτʣ ౦ژϦʔδϣϯ Stackͷ࡞ͱ࣮ߦ ෳͷ"84ΞΧϯτϦʔδϣϯʹର͠ $MPVE'PSNBUJPOͷελοΫΛ࡞Ͱ͖Δػೳ
0SHBOJ[BUJPOTº4UBDL4FUT #jawsug_asa AWS Account AWS Account OUʢ৫୯Ґʣ 3PPU CloudFormation StackSets
with Organizations AWS Account OUʹࢀՃ AWS Account ελοΫͷ࡞ ʢOUઃఆͷՃʣ ελοΫͷআ ʢOUઃఆͷআʣ OU͔Β 0SHBOJ[BUJPOTͱ࿈ܞͤͯ͞ɺ 06ࡿԼʹࣗಈతʹ4UBDL4FUTͷద༻ ΊͪΌͪ͘Όศར
"840SHBOJ[BUJPOT º $MPVE'PSNBUJPO4UBDL4FUT ࢼͯ͠ΈΑ͏ʂʂ
ࢧ͍ߦͬͯΔ͚Ͳʁ ࢧ͍ߦͰ"840SHBOJ[BUJPOTͷػೳ͕ ར༻Մೳͳϓϥϯ͕͋Γ·͢ /3*ωοτίϜɹʲ"840SHBOJ[BUJPOTରԠʳ "84ࢧ͍ߦαʔϏε IUUQTXXXOSJOFUDPNQSPEVDUTBXTQBZNFOU #jawsug_asa
·ͱΊ
ࠓͨ͠༰ "84ͷΞΧϯτηΩϡϦςΟ "84ͷηΩϡϦςΟαʔϏε $MPVE'PSNBUJPO4UBDL4FUTͱ"840SHBOJ[BUJPOT #jawsug_asa
ຊͷΰʔϧ "840SHBOJ[BUJPOTͱ $MPVE'PSNBUJPO4UBDL4FUTΛࣗͰͬͯΈΑ͏ 㱺ͬͯΈͨ͘ͳΓ·͔ͨ͠ʁ ɹ-FU`͂5SZʂʂ #jawsug_asa