JAWSUG初心者支部 IAMの「あ」の話

Transcript

1. *".ͷʮɹɹʯ /3*ωοτίϜגࣜձࣾɹ ࠤʑ໦୓࿠  +"846(
   ॳ৺ऀࢧ෦
   -5େձʂʂ #jawsug_bgnr ͋

2. ࠤʑ໦୓࿠
   CMPH
   IUUQTCMPHUBLVSPTOFU
   5XJUUFS
   !ELGK ࣗݾ঺հ #jawsug_bgnr

3. +BQBO
   "1/
   "NCBTTBEPS
   
   બग़͞Ε·ͨ͠ ࣗݾ঺հ #jawsug_bgnr

4. 4""ͷରࡦຊ͕վగ͞Ε·ͨ͠ "84ೝఆࢿ֨ࢼݧςΩετ
   
   "84ೝఆιϦϡʔγϣϯΞʔΩςΫτ
   ΞιγΤΠτ
   վగୈ൛
   IUUQTBN[OUP,R;WK, "84ೝఆιϦϡʔγϣϯΞʔΩςΫτ
   Ξιγͷษڧͷ࢓ํͱ
   "84ͷೖ໳ͷ࢓ํΛࣥචʢͨͭ͠΋Γʣ ൃച։࢝ʂʂ #jawsug_bgnr

5. Ξ΢τϓοτΛ͠Α͏ ୔ࢁΞ΢τϓοτͨ͠ਓʹϓϨθϯτ
   ຊ೔தͰɺϋογϡλά෇͖ͰπΠʔτͨ͠ਓʢ্Ґ໊̑ʣ
   ϒϩάͰ·ͱΊͨਓɹઌண໊̑ #jawsug_bgnr ࣗݾਃࠂͰ5XJUUFSͰϝϯγϣϯ͍ͩ͘͞

6. ࠓ೔࿩͢ςʔϚ
   "84ͱηΩϡϦςΟ
   "84ΞΧ΢ϯτͱ*".
   *".ͷػೳ
   ઃܭํ਑ͱ࠷খݖݶ
   ͓·͚ #jawsug_bgnr

7. "84ͱηΩϡϦςΟ
   

8. "84ͱηΩϡϦςΟ #jawsug_bgnr ͍Ζ͍Ζ΍Δ͜ͱ͕ଟͯ͘ɺ
   ΍΍͍͜͠ͱࢥͬͨ͜ͱ͋Γ·ͤΜ͔ શମ૾Λ೺Ѳ͢ΔͨΊʹɺͬ͘͟Γͱ
   ෼ྨͯ͠Έ·͠ΐ͏

9. "84ͱηΩϡϦςΟ #jawsug_bgnr "84ͷηΩϡϦςΟ͸ͭͷ࣠Ͱߟ͑Δ
   ᶃ"84಺ʹߏஙͨ͠ωοτϫʔΫͱαʔόʔͷηΩϡϦςΟ
   ᶄ"84ͷαʔϏε܈ͷઃܭɾઃఆ
   ᶅ"84ૢ࡞ʹؔ͢Δݖݶʢ*".ʣ
   ᶆηΩϡϦςΟΛҡ࣋؅ཧ͢ΔͨΊͷ"84αʔϏε AWS Management Console

   Role VPC AWS Cloud Subnet Internet gateway Amazon Simple Storage Service (S3) VPN gateway Endpoints User ૢ࡞ݖݶ Instance Instance Instance AWS Lambda Role ᶅ ᶄ ᶃ AWS Command Line Interface AWS Config AWS Systems Manager AWS Service Catalog AWS Trusted Advisor AWS CloudTrail ᶆ ηΩϡϦςΟΛҡ࣋ ؅ཧ͢ΔαʔϏε

10. ᶃ"84಺ʹߏஙͨ͠ωοτϫʔΫͱ
    αʔόʔͷηΩϡϦςΟ #jawsug_bgnr ੹೚ڞ༗Ϟσϧͷ੺࿮ͷ෦෼
    ઃܭͷߟ͑ํ͸ΦϯϓϨͱେ͖͘ҧΘͳ͍͕ɺઃఆͷ࢓ ํ͸"84ͷྲّྀʹै͏ඞཁ͕͋Δ IUUQTBXTBNB[PODPNKQDPNQMJBODFTIBSFESFTQPOTJCJMJUZNPEFM

11. ᶄ"84ͷαʔϏε܈ͷઃܭɾઃఆ ͍ΘΏΔϚωʔδυαʔϏε
    Ϣʔβʔࣗ਎ͰΧόʔ͢Δൣғ͸গͳ͍͕ɺαʔϏε͝ ͱʹಛੑΛཧղ͢Δඞཁ͕͋Δ
    㱺·ͣ͸ɺ࢖͏΋ͷ͚֮ͩ͑Ε͹ྑ͍ IUUQTXXXTMJEFTIBSFOFU"NB[PO8FC4FSWJDFT+BQBOBXTXIJUFCFMUPOMJOFTFNJOBSBXT

12. ᶅ"84ͷૢ࡞ʹؔ͢Δݖݶʢ*".ʣ #jawsug_bgnr "84ͷηΩϡϦςΟͷத֩ͷҰͭ
    ͲΜͳʹωοτϫʔΫ΍αʔόʔͷηΩϡϦςΟΛڧݻʹ ͍ͯͯ͠΋ɺ"84Λ௚઀ૢ࡞͞ΕΔͱ͕݀։͚ΒΕΔ "84ͷബ͍ຊɹ*".ͷϚχΞοΫͳ࿩
    IUUQTCPPUIQNKBJUFNT

13. ᶆηΩϡϦςΟΛҡ࣋؅ཧ͢Δ
    ͨΊͷ"84αʔϏε #jawsug_bgnr "84ಠࣗͷ෦෼
    ར༻͠ͳͯ͘΋γεςϜΛηΩϡΞͳঢ়ଶΛҡ࣋Ͱ͖Δ͕ɺ ্ख͘׆༻͢ΔͱࣗྗͰ΍ΔΑΓഒָʹͳΔ "84ͷബ͍ຊᶘ
    ΞΧ΢ϯτηΩϡϦςΟͷϕʔγοΫηΦϦʔ
    IUUQTCPPUIQNKBJUFNT

14. "84ΞΧ΢ϯτͱ*".
    

15. "84ͷ̎ͭͷΞΧ΢ϯτ؅ཧ #jawsug_bgnr "84ΞΧ΢ϯτʢ3PPUϢʔβʔʣ
    "84ΞΧ΢ϯτ࡞੒࣌ʹར༻
    ॳظઃఆ͕ऴΘΕ͹ར༻͠ͳ͍ͷ͕ݪଇ
    *".ʢ͜ΕΛ࢖͏ʣ
    "84ͷΞΫηε؅ཧͷ؊
    ϢʔβʔɾϓϩάϥϜɾଞͷϦιʔε͔Β"84Λѻ͏ࣄ͕Ͱ͖Δ
    "84Λ࢖͏ʹ͸ɺ·ͣ*".Λཧղ͢Δඞཁ͕͋Δ

16. "84ΞΧ΢ϯτ #jawsug_bgnr "84ΞΧ΢ϯτʢ3PPUϢʔβʔʣ
    ̍ΞΧ΢ϯτʹ̍ͭͷΈͰɺΞΧ΢ϯτ಺ͷશͯͷૢ࡞͕Ͱ͖Δ
    *".ͷ஀ੜલ͸ɺ"84ΞΧ΢ϯτͰૢ࡞͢Δͱ͍͏຀Վతͳ࣌୅ͩͬͨ
    ΞΧ΢ϯτ୯ମͰ͸ɺ"84ΞΧ΢ϯτͷૢ࡞ͷ੍ݶ͕Ͱ͖ͳ͍
    㱺*1ΞυϨεʹΑΔ઀ଓݩ੍ݶ౳͕Ͱ͖ͳ͍
    ݫີʹӡ༻͢Δ৔߹͸ɺ෺ཧ.'"Λઃఆۚ͠ݿͰ؅ཧ͢Δ৔߹΋͋Δ ˞"84
    0SHBOJ[BUJPOTͰ࡞ͬͨ"84ΞΧ΢ϯτ͸ɺ
    ɹͦ΋ͦ΋ύεϫʔυ͕ൃߦ͞Εͣɺ"84
    440Λར༻લఏͩͬͨΓ͢Δ

17. #jawsug_bgnr "84Ϧιʔε΁ͷΞΫηε؅ཧ *".ͱ͸ʁ

18. *".ͷجຊػೳ
    

19. ᶃ*% 1BTTXPSE౳ ར༻ऀ ᶄਖ਼౰ੑͷ֬ೝ ೝূہ ᶅຊਓੑͷอূ ᶆϦιʔεͷׂ౰ αʔϏε *".ͷઆ໌ͷલʹ
    ೝূͱೝՄ

    ೝূ
    "VUIFOUJDBUJPOʣ ೝՄ
    ʢ"VUIPSJ[BUJPOʣ ୭Ͱ͋Δ͔ʁ ԿΛ࢖ΘͤΔͷ͔ʁ

20. *".ͷجຊػೳ #jawsug_bgnr *".͸୭ʹԿΛ࢖͑Δͷ͔؅ཧ͢Δػೳ
    *".Ϣʔβʔ
    
    ʜ
    ར༻ऀͷೝূ
    *".άϧʔϓ
    
    ʜ
    *".ϢʔβʔͷάϧʔϓԽ
    *".ϩʔϧ
    

    
    ʜ
    ਓؒҎ֎ʹ΋Ұ࣌తͳૢ࡞ݖݶΛ෇༩͢Δ࢓૊Έ
    *".ϙϦγʔ
    
    ʜ
    ෇༩͢ΔݖݶΛهड़ͨ͠΋ͷ ར༻ऀ ֎෦
    Ϧιʔε "84
    Ϧιʔε *".άϧʔϓ *".Ϣʔβʔ *".ϩʔϧ *".
    ϙϦγʔ "84
    Ϧιʔε ୭ʹʁ ԿΛڐՄېࢭ͢Δ

21. *".Ϣʔβʔ #jawsug_bgnr *".Ϣʔβʔͷೝূͷ࢓ํ
    *%
    
    ύεϫʔυ
    ΞΫηεΩʔ
    
    γʔΫϨοτΞΫηεΩʔ
    㱺ͲͪΒ΋ݫີʹ؅ཧ͢Δඞཁ͕͋Δɻ
    ɹϚϧν"84ΞΧ΢ϯτ͕ҰൠԽͨ͠࠷ۙͰ͸ɺ
    ɹ͍͔ʹ*".ϢʔβʔΛ࡞Βͳ͍ͰઃܭʹͰ͖Δ͔͕ϙΠϯτʹͳΔ

22. *".ϩʔϧ #jawsug_bgnr *".ϩʔϧͱ͸ʁ
    ʢར༻ऀ͕ҙࣝͤͣʹʣҰ࣌తͳݖݶΛऔಘ͢Δ࢓૊Έ
    "84Ϧιʔε΍֎෦Ϧιʔε͔Β"84ϦιʔεΛར༻͢Δ৔߹ʹ࢖༻
    "84
    440Ͱ*".Ϣʔβʔͷ୅ସ͢Δ৔߹ʹ΋*".ϩʔϧΛ࢖༻
    Role AWS STS ΫϨσϯγϟϧ

    ϓϩάϥϜ *".Ϣʔβʔͷ৔߹ *".ϩʔϧͷ৔߹ EC2 Πϯελϯε ϓϩάϥϜ EC2 Πϯελϯε Πϯελϯε಺ʹΞΫη εΩʔɾγʔΫϨοτΞ ΫηεΩʔΛຒΊࠐΉඞ ཁ͕͋Δ *".ϩʔϧ͕Ұ࣌తͳೝ ূ৘ใΛऔಘ͢Δɻ

23. ઃܭํ਑ͱ࠷খݖݶ
    

24. *".ઃܭͷجຊํ਑ #jawsug_bgnr कΔ΂͖جຊํ਑͸͚̎ͭͩ
    ೝূ৘ใΛ౪·Εͳ͍Α͏ʹ͢Δӡ༻ઃܭ
    ΞΫηεΩʔʗγʔΫϨοτΞΫηεΩʔͰ͸ͳ͘ϩʔϧͷར༻
    HJUTFDSFUTͷར༻΋ݕ౼
    ೝূ৘ใ͕౪·Εͯ΋ඃ֐Λ࠷খݶʹ͢Δݖݶઃܭ
    .'"ඞਢԽ΍*1੍ݶ΍ͳͲͷར༻੍ݶ
    ࠷খݖݶͷઃఆ

25. ύλʔϯͷݪଇΛ౿·্͑ͨͰ
    ۩ମతͳઃܭʹམͱ͠ࠐΉ
    

26. ڞ௨Ͱར༻͢ΔϙϦγʔͰ·ͣݕ౼͢Δͷ͸͜ͷͭ
    .'"ඞਢԽ͸ඞͣ͢Δ͜ͱ
    *1੍ݶ͸ɺӡ༻ϙϦγʔͱ૬ஊɻ࡞ۀ৔ॴΛ੍ݶͰ͖Δͱ͍͏ޮՌ͕͋Δ #jawsug_bgnr .'"ඞਢԽͱ*1੍ݶ \
    &⒎FDU
    %FOZ
    "DUJPO
     

    
    $POEJUJPO
    \
    /PU*Q"EESFTT
    \
    BXT4PVSDF*Q
    <
    
    >
    ^
    ^
    3FTPVSDF
     
    ^ \
    &⒎FDU
    %FOZ
    /PU"DUJPO
    <
    JBN 
    >
    3FTPVSDF
     
    $POEJUJPO
    \
    #PPM*G&YJTUT
    \
    BXT.VMUJ'BDUPS"VUI1SFTFOU
    GBMTF
    ^
    ^
    ^

27. "ENJOݖݶΛ෇༩্ͨ͠Ͱ੍ݶΛՃ͑Δ
    .'"ඞਢˍ*1ΞυϨε੍ݶ
    *1੍ݶΛͳͨ͘͢Ίͷ؅ཧऀ༻ϩʔϧ #jawsug_bgnr ؅ཧऀݖݶͷઃܭ 㱺εΠονલΛࢀরݖݶͷΈʹ͢Δͱ͍͏ઃܭ΋Α͋͘Δ

28. ϩάΠϯ࣌͸ࢀরݖݶͷΈ
    ࢀরݖݶͱ4XJUDI3PMFΛڐՄ͢ΔݖݶΛ෇༩
    εΠονϩʔϧ͢Δ͜ͱʹΑΓ؅ཧऀݖݶ͕ར༻Մೳ
    ஈΫογϣϯΛஔ͘͜ͱʹΑΓɺΦϖϛεͷ๷ࢭޮՌΛૂ͏ #jawsug_bgnr ؅ཧऀݖݶͷ҆શઃܭ

29. Ұ൪೰·͍͠ͷ͕։ൃऀ޲͚ݖݶ
    "84ͷ։ൃʹ͸*".ϩʔϧͷ࡞੒ݖݶ͕ඞཁʹͳ͖͍ͬͯͯΔ
    ؅ཧऀݖݶΛ෇༩্ͨ͠Ͱɺ1FSNJTTJPO
    #PVOEBSZͷ׆༻͔ʁ
    αϯυϘοΫεΞΧ΢ϯτͷํָ͕ͩͬͨΓʁ #jawsug_bgnr ։ൃऀͷઃܭ
    ͋ͱ࡞ͬͨ*".ϩʔϧɾϙϦγʔͷςετํ๏ΛԿͱ͔͍ͨ͠

30. 1SJODJQBMΛߜΒͳ͍ͱɺશϢʔβʔ͕εΠονͰ͖Δ
    σϑΥϧτςϯϓϨʔτͷઃఆ͸ɺΞΧ΢ϯτ಺ͷϢʔβʔʹରͯ͠
    ߜΔඞཁ͕͋ΓɺϢʔβʔࢦఆͰߜΔʢάϧʔϓ͸Ͱ͖ͳ͍ʣ
    ผղͱͯ͠"TTVNF3PMFͷݖݶΛ͢΂ͯണୣͷ͏͑ͰɺඞཁͳϢʔβʔʹ ෇༩͢Δͱ͍͏ํ๏΋͋Δ #jawsug_bgnr εΠονϩʔϧͷ஫ҙ఺ \
    
    
    7FSTJPO
    
    

    
    
    4UBUFNFOU
    <
    
    
    
    
    \
    
    
    
    
    
    
    &⒎FDU
    "MMPX
    
    
    
    
    
    
    1SJODJQBM
    \
    
    
    
    
    
    
    
    
    "84
    BSOBXTJBNSPPU
    
    
    
    
    
    
    ^
    
    
    
    
    
    
    "DUJPO
    TUT"TTVNF3PMF
    
    
    
    
    
    
    $POEJUJPO
    \^
    
    
    
    
    ^
    
    
    >
    ^ \
    
    
    7FSTJPO
    
    
    
    4UBUFNFOU
    <
    
    
    
    
    \
    
    
    
    
    
    
    &⒎FDU
    "MMPX
    
    
    
    
    
    
    1SJODJQBM
    \
    
    
    
    
    
    
    
    
    "84
    BSOBXTJBNVTFSUFTU VTFS
    
    
    
    
    
    
    ^
    
    
    
    
    
    
    "DUJPO
    TUT"TTVNF3PMF
    
    
    
    
    
    
    $POEJUJPO
    \^
    
    
    
    
    ^
    
    
    >
    ^

31. ϕετϓϥΫςΟε͚ͩͲɻɻɻ
    ઃܭ͕ݻ·্ͬͨͰɺ*".ʹؔ͢Δߴ౓ͳ஌͕ࣝඞཁ
    ϓϩάϥϜతͳར༻ʹ͸޲͍͍ͯΔ͕ɺ"84ίϯιʔϧ͔Βͷར༻͸޲͍ ͍ͯͳ͍
    ৽نαʔϏεͷ௥Ճʹऑ͍
    ͦ΋ͦ΋"ENJOݖݶΛ͍࣋ͬͯΔਓ͔͠࠷খݖݶΛ௥ٻͰ͖ͳ͍
    ઃܭɾӡ༻޻਺͕େ͖͍
    ݱ࣮తͳӡ༻
    ఆܕతͳ࡞ۀʢ-BNCEBɾόον౳ʣͷΈ࠷খݖݶΛ෇༩
    ਓؒܥͷ࡞ۀ͸ɺϒϥοΫϦετͷ׆༻΋ࢹ໺ʹ
    

    ηΩϡϦςΟࣄނΛى͜͞ͳ͍ͱ͍͏؍఺Ͱ࠷খݖݶΛ୳ٻ #jawsug_bgnr ࠷খݖݶͷδϨϯϚ