AWS IAM の知っておくべき話と知らなくてもいい話 DevIO2023/ AWS IAM DevIO 2023

Transcript

1. "84
   *".
   ͷ஌͓ͬͯ͘΂͖࿩ͱ
   ஌Βͳͯ͘΋͍͍࿩  "84ࣄۀຊ෦
   νόϢΩ

2. ࣗݾ঺հ  ઍ༿ ޾޺ (νόϢΩ) •2020೥ೖࣾ •޷͖ͳAWSαʔϏεɿIAM •޷͖ͳΞΫγϣϯɿsts:AssumeRole IUUQTEFWDMBTTNFUIPEKQBVUIPSDIJCBZVLJIJSP

3. ࠓ೔ͷҙؾࠐΈ  w ͜ͷ࣌ؒ͸ʮνϣʔΫτʔΫʯͰ͢
   w Θ͕ͨ͠Ұํతʹ஻ΔͷͰ͸ͳ͘ɺͥͻ૒ํ޲Ͱ΍ΓऔΓ͠·͠ΐ͏
   w །Ұͷਖ਼ղ͕͋Δ΋ͷͰ͸͋Γ·ͤΜ
   w ʮΈΜͳ͸Ͳ͏ͯ͠ΔΜͩΖ͏ʯΛڞ༗ͨ͠Γ
   

   w ʮͲ͏͢Δͷ͕ΑΓྑ͍ͩΖ͏ʯΛҰॹʹߟ͑ͨΓ͠·͠ΐ͏

4. ࠓ೔ͷ͓໿ଋ  w Έͳ͞Μʹݺͼ͔͚͍ͨ͜ͱ͕͋Δ৔߹ɺεϥ Πυͷӈ্ʹ
   ͜Μͳͷ
   ͕ग़͖ͯ·͢ ૒ํ޲λΠϜ w ڍखɺεέονϒοΫ΁ͷॻ͖ࠐΈɺϚΠΫͰͷ ൃݴͳͲɺ૒ํ޲Ͱ΍ΓऔΓ͍ͨ͠ͷͰ͝ڠྗ ͓ئ͍͠·͢

5. ͬͦ͘͞΍ͬͯΈΑ͏  ૒ํ޲λΠϜ Έͳ͞Μͷ*".ϨϕϧΛڭ͍͑ͯͩ͘͞ɻ  *".Λ৮ͬͨ͜ͱ͕ͳ͍
    *".ϢʔβʔɺάϧʔϓɺϩʔϧɺϙϦγʔΛ஌͍ͬͯΔ
    *".ϦιʔεΛઃܭ͋Δ͍͸ߏஙͨ͜͠ͱ͕͋Δ
   

    4$1΋͘͠͸1FSNJTTJPOT
   CPVOEBSZΛ࢖ͬͨ͜ͱ͕͋Δ
    ηογϣϯϙϦγʔΛ࢖ͬͨ͜ͱ͕͋Δ εέονϒοΫʹ਺ࣈΛॻ͍͍ͯͩ͘͞

6. ͞Βʹ΍ͬͯΈΑ͏  ૒ํ޲λΠϜ ྡͷ੮ͷਓͱ؆୯ͳࣗݾ঺հͱ
   ʮࠓ೔ԿΛֶͼ͍͔ͨʯΛ࿩͠·͠ΐ͏
   ʢͻͱΓ෼ͣͭʣ

7. ࠓ೔ͷςʔϚ 

8. ࠓ೔ͷςʔϚ   *".ઃܭͷ࿩ʢߏ੒ɺݖݶͷ࣋ͨͤํʣ
    *".ϕετϓϥΫςΟεͷ࿩
    ධՁ࿦ཧͷ࿩
    σʔλϓϨʔϯͱίϯτϩʔϧϓϨʔϯͷ࿩

9. ࠓ೔ͷςʔϚ   *".ઃܭͷ࿩ʢߏ੒ɺݖݶͷ࣋ͨͤํʣ
    *".ϕετϓϥΫςΟεͷ࿩
    ධՁ࿦ཧͷ࿩
    σʔλϓϨʔϯͱίϯτϩʔϧϓϨʔϯͷ࿩

   ্͔Βॱʹʮ஌͓ͬͯ͘΂͖ʯ౓͕ߴ͍
   Լ͔Βॱʹʮ͠Ό΂Γ͍ͨʯ౓͕ߴ͍ ஌͓ͬͯ͘΂͖ ͠Ό΂Γ͍ͨ

10. ࠓ೔ͷςʔϚ   *".ઃܭͷ࿩ʢߏ੒ɺݖݶͷ࣋ͨͤํʣ
     *".ϕετϓϥΫςΟεͷ࿩
     ධՁ࿦ཧͷ࿩
     σʔλϓϨʔϯͱίϯτϩʔϧϓϨʔϯͷ࿩

    ૒ํ޲λΠϜ Έͳ͞Μ͕ڵຯ͋Δ΋ͷΛ
    ڍखͰڭ͍͑ͯͩ͘͞ ஌Γ͍ͨ಺༰ΛεέονϒοΫʹ
    ॻ͍͍ͯͩ͘͞

11.  *".ઃܭͷ࿩
    ʢߏ੒ɺݖݶͷ࣋ͨͤํʣ

12. ߏ੒ͱݖݶͷ࣋ͨͤํ  ✦ ʮߏ੒ʯͷྫ
    w *".ϢʔβʔͷΈʁεΠονϩʔϧʁ
    w *".ϩʔϧΛ࢖͍ͬͯΔ৔߹ɺϢʔβʔͱʁ
    w "84
    *".
    *EFOUJUZ
    $FOUFSʁ*".
    4".-ϑΣσϨʔγϣϯʁ
    

    w ϚϧνΞΧ΢ϯτʁͦͷ৔߹Ͳͷ͘Β͍ͷن໛ʁ
    ✦ ʮݖݶͷ࣋ͨͤํʯͷྫ
    w Ͳͷ͘Β͍໾ׂΛ෼͚ͯΔʁ
    w ࠷খݖݶΛͲͷ͘Β͍௥ٻͯ͠Δʁ
    w Ͳͷ͘Β͍ϙϦγʔΧελϚΠζͯ͠Δʁ
    w ΨʔυϨʔϧ࢖༻ͯ͠Δʁ

13. *".ઃܭʹؔͯ͠σΟεΧογϣϯλΠϜ  ૒ํ޲λΠϜ *".ઃܭʢߏ੒ɾݖݶͷ࣋ͨͤํʣʹؔͯ͠
    ࠔΓ͝ͱɺฉ͍ͯΈ͍ͨ͜ͱ͕
    ͋Ε͹ͥͻޱ಄Ͱ͓ئ͍͠·͢

14. ࢀߟʹͳΔࢥ૝  ✦ຊ൪ɺεςʔδϯάɺ։ൃͰ"84 ΞΧ΢ϯτΛ෼͚Δ
    ✦ҎԼͷ໾ׂͰ෼͚Δ
    w؅ཧऀ
    wΞϓϦνʔϜ
    wΠϯϑϥνʔϜ
    wӡ༻νʔϜ
    ✦ͳΔ΂͘ਓ͕৮Βͳ্ͨ͘͠Ͱ޿

    ΊʹݖݶΛ༩͑Δ IUUQTEFWDMBTTNFUIPEKQBSUJDMFTJBNSPMFCBTFQFSNJTTJPO

15.  *".ϕετϓϥΫςΟεͷ࿩

16. *".ʹ͸ϕετϓϥΫςΟε͕͋Γ·͢  IUUQTEPDTBXTBNB[PODPNKB@KQ*".MBUFTU6TFS(VJEFCFTUQSBDUJDFTIUNM

17. ཁ໿͢Δͱ͜Μͳײ͡   ਓʹ͸*%ϑΣσϨʔγϣϯ࢖ͬͯͶ
     ϫʔΫϩʔυʹ͸*".ϩʔϧ࢖ͬͯͶ
     .'"༗ޮԽͯ͠Ͷ
     ΞΫηεΩʔϩʔςͯ͠Ͷ
    

     ϧʔτϢʔβʔ࢖Θͳ͍ͰͶ
     ࠷খݖݶΛ໨ࢦͯ͠Ͷ
     ఆظతʹ*".Ϧιʔε୨Էͯ͠͠Ͷ
     *".ϙϦγʔͰ৚݅Ωʔ࢖ͬͯͶ
     *".
    "DDFTT
    "OBMZ[FS
    ࢖ͬͯͶ
    0SHBOJ[BUJPOT
    4$1
    ࢖ͬͯͶ
    1FSNJTTJPOT
    CPVOEBSZ
    ࢖ͬͯͶ

18. ಠஅͱภݟʹΑΔϥϕϧ͚ͮ   ਓʹ͸*%ϑΣσϨʔγϣϯ࢖ͬͯͶ
     ϫʔΫϩʔυʹ͸*".ϩʔϧ࢖ͬͯͶ
     .'"༗ޮԽͯ͠Ͷ
     ΞΫηεΩʔϩʔςͯ͠Ͷ
    

     ϧʔτϢʔβʔ࢖Θͳ͍ͰͶ
     ࠷খݖݶΛ໨ࢦͯ͠Ͷ
     ఆظతʹ*".Ϧιʔε୨Էͯ͠͠Ͷ
     *".ϙϦγʔͰ৚݅Ωʔ࢖ͬͯͶ
     *".
    "DDFTT
    "OBMZ[FS
    ࢖ͬͯͶ
    0SHBOJ[BUJPOT
    4$1
    ࢖ͬͯͶ
    1FSNJTTJPOT
    CPVOEBSZ
    ࢖ͬͯͶ ݫक Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ

19. ϕετϓϥΫςΟεʹؔ͢Δ͋Ε͜Εɹɹ   ਓʹ͸*%ϑΣσϨʔγϣϯ࢖ͬͯͶ
     ϫʔΫϩʔυʹ͸*".ϩʔϧ࢖ͬͯͶ
     .'"༗ޮԽͯ͠Ͷ
     ΞΫηεΩʔϩʔςͯ͠Ͷ
    

     ϧʔτϢʔβʔ࢖Θͳ͍ͰͶ
     ࠷খݖݶΛ໨ࢦͯ͠Ͷ
     ఆظతʹ*".Ϧιʔε୨Էͯ͠͠Ͷ
     *".ϙϦγʔͰ৚݅Ωʔ࢖ͬͯͶ
     *".
    "DDFTT
    "OBMZ[FS
    ࢖ͬͯͶ
    0SHBOJ[BUJPOT
    4$1
    ࢖ͬͯͶ
    1FSNJTTJPOT
    CPVOEBSZ
    ࢖ͬͯͶ ݫक Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ༨༟͕͋Ε͹ Ͱ͖ΔݶΓ ૒ํ޲λΠϜ ͍Ζ͍Ζ
    ฉ͔͍ͤͯͩ͘͞

20.  ධՁ࿦ཧͷ࿩

21. ධՁ࿦ཧͱ͸  "84
    SF*OWFOU
    
    
    )BSOFTT
    QPXFS
    PG
    *".
    QPMJDJFT
    
    SFJO
    JO
    QFSNJTTJPOT
    X"DDFTT
    "OBMZ[FS
    4&$
    ΑΓ ✦ "84
    *".͸ҎԼΛಥ͖߹Θͤͯ ධՁ͢Δ
    w

    ϦΫΤετͷίϯςΩετ
    w ධՁର৅ͷϙϦγʔ
    ✦ ධՁͷ݁Ռ͸ҎԼͷ͍ͣΕ͔
    w ڐՄ
    w ڋ൱

22. ධՁ࿦ཧϑϩʔνϟʔτ͸ઈରΈΑ͏  ˞୯ҰΞΧ΢ϯτʹ͓͚ΔϑϩʔνϟʔτͰ͋Δ͜ͱʹ஫ҙ IUUQTEPDTBXTBNB[PODPNKB@KQ*".MBUFTU6TFS(VJEFSFGFSFODF@QPMJDJFT@FWBMVBUJPOMPHJDIUNMQPMJDZFWBMEFOZBMMPX

23. ͜Ε͚͓֮ͩ͑ͯ͜͏
      ✦ σϑΥϧτͰ͸ڋ൱ʢ҉໧తͳڋ൱ʣ
    ✦ ໌ࣔతͳڋ൱͕Ͳ͔͜ʹ͋Ε͹݁Ռ͸ڋ൱
    ✦ ʮ໌ࣔతͳڐՄʯΛ༩͑ΒΕΔͷ͸ҎԼͷΈ
    w ΞΠσϯςΟςΟϕʔεϙϦγʔ
    

    w ϦιʔεϕʔεϙϦγʔ
    ✦ ҎԼ͸ΨʔυϨʔϧͱͯ͠ػೳ
    w 0SHBOJ[BUJPOT
    4$1
    w 1FSNJTTJPOT
    CPVOEBSZ
    w ηογϣϯϙϦγʔʢείʔϓμ΢ϯϙϦγʔʣ
    w ʢ71$ΤϯυϙΠϯτϙϦγʔʣ

24. ͜Ε͚͓֮ͩ͑ͯ͜͏
      ✦ ୯ҰΞΧ΢ϯτͷ৔߹ɺҎԼͷ͍ͣΕ͔ͷΞΫηεڐՄͷ ෇༩ͷΈͰ݁Ռ͕ڐՄʹͳΔ৔߹͕͋Δ
    w ΞΠσϯςΟςΟϕʔεϙϦγʔ
    w ϦιʔεϕʔεϙϦγʔ
    ✦

    ϦιʔεϕʔεϙϦγʔͰڐՄ͢ΔϓϦϯγύϧʹΑͬͯ ධՁ࿦ཧ͕มΘΔ৔߹͕͋Δ
    ✦ ΫϩεΞΧ΢ϯτͷ৔߹ɺ૒ํͰڐՄ͕ඞཁ

25. ϑϦʔͷ࣭໰λΠϜ  ૒ํ޲λΠϜ ͜͜ͷ෦෼͕ฉ͖͍ͨΜ͕ͩʁΛ
    ืू͍ͯ͠·͢

26. ໾ʹཱͪͦ͏ͳϦϯΫू  IUUQTEFWDMBTTNFUIPEKQBSUJDMFTOFXQPMJDZFWBMVBUJPOMPHJD fl PXDIBSU IUUQTEFWDMBTTNFUIPEKQBSUJDMFTEFWJPJBNFWBMVBUJPOMPHJD IUUQTEFWDMBTTNFUIPEKQBSUJDMFTQSJODJQBMFMFNFOUJBNSPMFPSSPMFTFTTJPO

27.  σʔλϓϨʔϯͱ
    ίϯτϩʔϧϓϨʔϯͷ࿩

28. *".ʹ͸σʔλϓϨʔϯͱίϯτϩʔϧϓϨʔϯ͕͋Δ  IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBXTJBNDPOUSPMQMBOFEBUBQMBOF

29. ϑϦʔͷ࣭໰λΠϜ  ૒ํ޲λΠϜ ฉ͖͍ͨ͜ͱʜʜ͋Γ·͢ʁ

30. ໾ʹཱͪͦ͏ͳϦϯΫू  IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBXTGBVMUJTPMBUJPOCPVOEBSJFT IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBXTJBNFWFOUVBMDPOTJTUFODZTFTTJPOQPMJDZ IUUQTEFWDMBTTNFUIPEKQBSUJDMFTBXTJBNCBDLHSPVOEEFWJP

31. ͓͠·͍ 

32. ηογϣϯΞϯέʔτ%":  ຬ଍౓্ҐͷηογϣϯΛޙ೔ϒϩάͰެ։༧ఆʂ
    ճ౴΁ͷ͝ڠྗΛΑΖ͓͘͠ئ͍͠·͢ɻ ෳ਺ճ౴Մɺ
    લճͷ಺༰Ҿ͖ܧ͗·͢ ऴྃ͠·ͨ͠

33. None