Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWS IAM の知っておくべき話と知らなくてもいい話 DevIO2023/ AWS IAM ...

YukihiroChiba
July 27, 2023
0
3.4k

AWS IAM の知っておくべき話と知らなくてもいい話 DevIO2023/ AWS IAM DevIO 2023

YukihiroChiba

July 27, 2023
Tweet

More Decks by YukihiroChiba

See All by YukihiroChiba
わたしの業務の中に住み着いたCacoo/Cacoo has taken up residence in my work routine
yukihirochiba
0
980
Amazon VPCでの IPv6利用に向けた はじめの一歩/first-step-towards-using-ipv6-in-amazon-vpc
yukihirochiba
0
590
AWS IAM の結果整合性を避けるためセッションポリシーを用いてポリシーの動作確認を行う、を解説する
yukihirochiba
0
900
SSMエージェントはIAMロールの夢を見るか/ Do SSM Agents Dream Of IAM Roles?
yukihirochiba
0
2.5k
デジタルアイデンティティWGミニウェビナー第4回「IaaSとアイデンティティ」/ jnsa-iaas-identity
yukihirochiba
0
710
学習エンジンがうなりを上げているチームの作り方 / How to build a team with a learning engine humming along
yukihirochiba
0
4.1k
Amazon Route 53 Application Recovery Controller zonal shift 試してみた
yukihirochiba
0
1.9k
re:Growth 2022 Amazon Verified Permissions/妄想を膨らませる_チバユキ
yukihirochiba
0
5.4k
どこで動いてるの?AWS IAM のコントロールプレーンとデータプレーンに思いを馳せる/iam-background
yukihirochiba
1
5.6k

Featured

See All Featured
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
104
19k
It's Worth the Effort
3n
184
28k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
Designing for humans not robots
tammielis
252
25k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.6k
StorybookのUI Testing Handbookを読んだ
zakiyama
29
5.6k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
The Cult of Friendly URLs
andyhume
78
6.3k
Navigating Team Friction
lara
184
15k
How to Ace a Technical Interview
jacobian
276
23k
A Tale of Four Properties
chriscoyier
158
23k
The Language of Interfaces
destraynor
157
25k

Transcript

  1. "84*".ͷ஌͓ͬͯ͘΂͖࿩ͱ ஌Βͳͯ͘΋͍͍࿩  "84ࣄۀຊ෦νόϢΩ

  2. ࣗݾ঺հ  ઍ༿ ޾޺ (νόϢΩ) •2020೥ೖࣾ •޷͖ͳAWSαʔϏεɿIAM •޷͖ͳΞΫγϣϯɿsts:AssumeRole IUUQTEFWDMBTTNFUIPEKQBVUIPSDIJCBZVLJIJSP

  3. ࠓ೔ͷҙؾࠐΈ  w ͜ͷ࣌ؒ͸ʮνϣʔΫτʔΫʯͰ͢ w Θ͕ͨ͠Ұํతʹ஻ΔͷͰ͸ͳ͘ɺͥͻ૒ํ޲Ͱ΍ΓऔΓ͠·͠ΐ͏ w །Ұͷਖ਼ղ͕͋Δ΋ͷͰ͸͋Γ·ͤΜ w ʮΈΜͳ͸Ͳ͏ͯ͠ΔΜͩΖ͏ʯΛڞ༗ͨ͠Γ

    w ʮͲ͏͢Δͷ͕ΑΓྑ͍ͩΖ͏ʯΛҰॹʹߟ͑ͨΓ͠·͠ΐ͏

  4. ࠓ೔ͷ͓໿ଋ  w Έͳ͞Μʹݺͼ͔͚͍ͨ͜ͱ͕͋Δ৔߹ɺεϥ Πυͷӈ্ʹ͜Μͳͷ͕ग़͖ͯ·͢ ૒ํ޲λΠϜ w ڍखɺεέονϒοΫ΁ͷॻ͖ࠐΈɺϚΠΫͰͷ ൃݴͳͲɺ૒ํ޲Ͱ΍ΓऔΓ͍ͨ͠ͷͰ͝ڠྗ ͓ئ͍͠·͢

  5. ͬͦ͘͞΍ͬͯΈΑ͏  ૒ํ޲λΠϜ Έͳ͞Μͷ*".ϨϕϧΛڭ͍͑ͯͩ͘͞ɻ  *".Λ৮ͬͨ͜ͱ͕ͳ͍  *".ϢʔβʔɺάϧʔϓɺϩʔϧɺϙϦγʔΛ஌͍ͬͯΔ  *".ϦιʔεΛઃܭ͋Δ͍͸ߏஙͨ͜͠ͱ͕͋Δ

     4$1΋͘͠͸1FSNJTTJPOTCPVOEBSZΛ࢖ͬͨ͜ͱ͕͋Δ  ηογϣϯϙϦγʔΛ࢖ͬͨ͜ͱ͕͋Δ εέονϒοΫʹ਺ࣈΛॻ͍͍ͯͩ͘͞

  6. ͞Βʹ΍ͬͯΈΑ͏  ૒ํ޲λΠϜ ྡͷ੮ͷਓͱ؆୯ͳࣗݾ঺հͱ ʮࠓ೔ԿΛֶͼ͍͔ͨʯΛ࿩͠·͠ΐ͏ ʢͻͱΓ෼ͣͭʣ

  7. ࠓ೔ͷςʔϚ 

  8. ࠓ೔ͷςʔϚ   *".ઃܭͷ࿩ʢߏ੒ɺݖݶͷ࣋ͨͤํʣ  *".ϕετϓϥΫςΟεͷ࿩  ධՁ࿦ཧͷ࿩  σʔλϓϨʔϯͱίϯτϩʔϧϓϨʔϯͷ࿩

  9. ࠓ೔ͷςʔϚ   *".ઃܭͷ࿩ʢߏ੒ɺݖݶͷ࣋ͨͤํʣ  *".ϕετϓϥΫςΟεͷ࿩  ධՁ࿦ཧͷ࿩  σʔλϓϨʔϯͱίϯτϩʔϧϓϨʔϯͷ࿩

    ্͔Βॱʹʮ஌͓ͬͯ͘΂͖ʯ౓͕ߴ͍ Լ͔Βॱʹʮ͠Ό΂Γ͍ͨʯ౓͕ߴ͍ ஌͓ͬͯ͘΂͖ ͠Ό΂Γ͍ͨ

  10. ࠓ೔ͷςʔϚ   *".ઃܭͷ࿩ʢߏ੒ɺݖݶͷ࣋ͨͤํʣ  *".ϕετϓϥΫςΟεͷ࿩  ධՁ࿦ཧͷ࿩  σʔλϓϨʔϯͱίϯτϩʔϧϓϨʔϯͷ࿩

    ૒ํ޲λΠϜ Έͳ͞Μ͕ڵຯ͋Δ΋ͷΛ ڍखͰڭ͍͑ͯͩ͘͞ ஌Γ͍ͨ಺༰ΛεέονϒοΫʹ ॻ͍͍ͯͩ͘͞

  11.  *".ઃܭͷ࿩ ʢߏ੒ɺݖݶͷ࣋ͨͤํʣ

  12. ߏ੒ͱݖݶͷ࣋ͨͤํ  ✦ ʮߏ੒ʯͷྫ w *".ϢʔβʔͷΈʁεΠονϩʔϧʁ w *".ϩʔϧΛ࢖͍ͬͯΔ৔߹ɺϢʔβʔͱʁ w "84*".*EFOUJUZ$FOUFSʁ*".4".-ϑΣσϨʔγϣϯʁ

    w ϚϧνΞΧ΢ϯτʁͦͷ৔߹Ͳͷ͘Β͍ͷن໛ʁ ✦ ʮݖݶͷ࣋ͨͤํʯͷྫ w Ͳͷ͘Β͍໾ׂΛ෼͚ͯΔʁ w ࠷খݖݶΛͲͷ͘Β͍௥ٻͯ͠Δʁ w Ͳͷ͘Β͍ϙϦγʔΧελϚΠζͯ͠Δʁ w ΨʔυϨʔϧ࢖༻ͯ͠Δʁ

  13. *".ઃܭʹؔͯ͠σΟεΧογϣϯλΠϜ  ૒ํ޲λΠϜ *".ઃܭʢߏ੒ɾݖݶͷ࣋ͨͤํʣʹؔͯ͠ ࠔΓ͝ͱɺฉ͍ͯΈ͍ͨ͜ͱ͕ ͋Ε͹ͥͻޱ಄Ͱ͓ئ͍͠·͢

  14. ࢀߟʹͳΔࢥ૝  ✦ຊ൪ɺεςʔδϯάɺ։ൃͰ"84 ΞΧ΢ϯτΛ෼͚Δ ✦ҎԼͷ໾ׂͰ෼͚Δ w؅ཧऀ wΞϓϦνʔϜ wΠϯϑϥνʔϜ wӡ༻νʔϜ ✦ͳΔ΂͘ਓ͕৮Βͳ্ͨ͘͠Ͱ޿

    ΊʹݖݶΛ༩͑Δ IUUQTEFWDMBTTNFUIPEKQBSUJDMFTJBNSPMFCBTFQFSNJTTJPO

  15.  *".ϕετϓϥΫςΟεͷ࿩

  16. *".ʹ͸ϕετϓϥΫςΟε͕͋Γ·͢  IUUQTEPDTBXTBNB[PODPNKB@KQ*".MBUFTU6TFS(VJEFCFTUQSBDUJDFTIUNM

  17. ཁ໿͢Δͱ͜Μͳײ͡   ਓʹ͸*%ϑΣσϨʔγϣϯ࢖ͬͯͶ  ϫʔΫϩʔυʹ͸*".ϩʔϧ࢖ͬͯͶ  .'"༗ޮԽͯ͠Ͷ  ΞΫηεΩʔϩʔςͯ͠Ͷ

     ϧʔτϢʔβʔ࢖Θͳ͍ͰͶ  ࠷খݖݶΛ໨ࢦͯ͠Ͷ  ఆظతʹ*".Ϧιʔε୨Էͯ͠͠Ͷ  *".ϙϦγʔͰ৚݅Ωʔ࢖ͬͯͶ  *"."DDFTT"OBMZ[FS࢖ͬͯͶ 0SHBOJ[BUJPOT4$1࢖ͬͯͶ 1FSNJTTJPOTCPVOEBSZ࢖ͬͯͶ

  18. ಠஅͱภݟʹΑΔϥϕϧ͚ͮ   ਓʹ͸*%ϑΣσϨʔγϣϯ࢖ͬͯͶ  ϫʔΫϩʔυʹ͸*".ϩʔϧ࢖ͬͯͶ  .'"༗ޮԽͯ͠Ͷ  ΞΫηεΩʔϩʔςͯ͠Ͷ

     ϧʔτϢʔβʔ࢖Θͳ͍ͰͶ  ࠷খݖݶΛ໨ࢦͯ͠Ͷ  ఆظతʹ*".Ϧιʔε୨Էͯ͠͠Ͷ  *".ϙϦγʔͰ৚݅Ωʔ࢖ͬͯͶ  *"."DDFTT"OBMZ[FS࢖ͬͯͶ 0SHBOJ[BUJPOT4$1࢖ͬͯͶ 1FSNJTTJPOTCPVOEBSZ࢖ͬͯͶ ݫक Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ

  19. ϕετϓϥΫςΟεʹؔ͢Δ͋Ε͜Εɹɹ   ਓʹ͸*%ϑΣσϨʔγϣϯ࢖ͬͯͶ  ϫʔΫϩʔυʹ͸*".ϩʔϧ࢖ͬͯͶ  .'"༗ޮԽͯ͠Ͷ  ΞΫηεΩʔϩʔςͯ͠Ͷ

     ϧʔτϢʔβʔ࢖Θͳ͍ͰͶ  ࠷খݖݶΛ໨ࢦͯ͠Ͷ  ఆظతʹ*".Ϧιʔε୨Էͯ͠͠Ͷ  *".ϙϦγʔͰ৚݅Ωʔ࢖ͬͯͶ  *"."DDFTT"OBMZ[FS࢖ͬͯͶ 0SHBOJ[BUJPOT4$1࢖ͬͯͶ 1FSNJTTJPOTCPVOEBSZ࢖ͬͯͶ ݫक Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ૒ํ޲λΠϜ ͍Ζ͍Ζ ฉ͔͍ͤͯͩ͘͞

  20.  ධՁ࿦ཧͷ࿩

  21. ධՁ࿦ཧͱ͸  "84SF*OWFOU)BSOFTTQPXFSPG*".QPMJDJFT SFJOJOQFSNJTTJPOTX"DDFTT"OBMZ[FS 4&$ ΑΓ ✦ "84*".͸ҎԼΛಥ͖߹Θͤͯ ධՁ͢Δ w

    ϦΫΤετͷίϯςΩετ w ධՁର৅ͷϙϦγʔ ✦ ධՁͷ݁Ռ͸ҎԼͷ͍ͣΕ͔ w ڐՄ w ڋ൱

  22. ධՁ࿦ཧϑϩʔνϟʔτ͸ઈରΈΑ͏  ˞୯ҰΞΧ΢ϯτʹ͓͚ΔϑϩʔνϟʔτͰ͋Δ͜ͱʹ஫ҙ IUUQTEPDTBXTBNB[PODPNKB@KQ*".MBUFTU6TFS(VJEFSFGFSFODF@QPMJDJFT@FWBMVBUJPOMPHJDIUNMQPMJDZFWBMEFOZBMMPX

  23. ͜Ε͚͓֮ͩ͑ͯ͜͏  ✦ σϑΥϧτͰ͸ڋ൱ʢ҉໧తͳڋ൱ʣ ✦ ໌ࣔతͳڋ൱͕Ͳ͔͜ʹ͋Ε͹݁Ռ͸ڋ൱ ✦ ʮ໌ࣔతͳڐՄʯΛ༩͑ΒΕΔͷ͸ҎԼͷΈ w ΞΠσϯςΟςΟϕʔεϙϦγʔ

    w ϦιʔεϕʔεϙϦγʔ ✦ ҎԼ͸ΨʔυϨʔϧͱͯ͠ػೳ w 0SHBOJ[BUJPOT4$1 w 1FSNJTTJPOTCPVOEBSZ w ηογϣϯϙϦγʔʢείʔϓμ΢ϯϙϦγʔʣ w ʢ71$ΤϯυϙΠϯτϙϦγʔʣ

  24. ͜Ε͚͓֮ͩ͑ͯ͜͏  ✦ ୯ҰΞΧ΢ϯτͷ৔߹ɺҎԼͷ͍ͣΕ͔ͷΞΫηεڐՄͷ ෇༩ͷΈͰ݁Ռ͕ڐՄʹͳΔ৔߹͕͋Δ w ΞΠσϯςΟςΟϕʔεϙϦγʔ w ϦιʔεϕʔεϙϦγʔ ✦

    ϦιʔεϕʔεϙϦγʔͰڐՄ͢ΔϓϦϯγύϧʹΑͬͯ ධՁ࿦ཧ͕มΘΔ৔߹͕͋Δ ✦ ΫϩεΞΧ΢ϯτͷ৔߹ɺ૒ํͰڐՄ͕ඞཁ

  25. ϑϦʔͷ࣭໰λΠϜ  ૒ํ޲λΠϜ ͜͜ͷ෦෼͕ฉ͖͍ͨΜ͕ͩʁΛ ืू͍ͯ͠·͢

  26. ໾ʹཱͪͦ͏ͳϦϯΫू  IUUQTEFWDMBTTNFUIPEKQBSUJDMFTOFXQPMJDZFWBMVBUJPOMPHJD fl PXDIBSU IUUQTEFWDMBTTNFUIPEKQBSUJDMFTEFWJPJBNFWBMVBUJPOMPHJD IUUQTEFWDMBTTNFUIPEKQBSUJDMFTQSJODJQBMFMFNFOUJBNSPMFPSSPMFTFTTJPO

  27.  σʔλϓϨʔϯͱ ίϯτϩʔϧϓϨʔϯͷ࿩

  28. *".ʹ͸σʔλϓϨʔϯͱίϯτϩʔϧϓϨʔϯ͕͋Δ  IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBXTJBNDPOUSPMQMBOFEBUBQMBOF

  29. ϑϦʔͷ࣭໰λΠϜ  ૒ํ޲λΠϜ ฉ͖͍ͨ͜ͱʜʜ͋Γ·͢ʁ

  30. ໾ʹཱͪͦ͏ͳϦϯΫू  IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBXTGBVMUJTPMBUJPOCPVOEBSJFT IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBXTJBNFWFOUVBMDPOTJTUFODZTFTTJPOQPMJDZ IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBXTJBNCBDLHSPVOEEFWJP

  31. ͓͠·͍ 

  32. ηογϣϯΞϯέʔτ%":  ຬ଍౓্ҐͷηογϣϯΛޙ೔ϒϩάͰެ։༧ఆʂ ճ౴΁ͷ͝ڠྗΛΑΖ͓͘͠ئ͍͠·͢ɻ ෳ਺ճ౴Մɺ લճͷ಺༰Ҿ͖ܧ͗·͢ ऴྃ͠·ͨ͠

  33. None