AWS IAMの属人的な管理からの脱却【DeNA TechCon 2021】/techcon2021-19

Transcript

1. "84
   *".ͷ
   ଐਓతͳ؅ཧ͔Βͷ୤٫ ,FOUB
   4BUP
   !LBSVQBOFSVSB
   %F/"
   $P
   -5%

2. !LBSVQBOFSVSB %F/"
   
   ೝূೝՄج൫पลαʔϏε։ൃɾӡ༻
   +BQBO
   1FSM
   "TTPDJBUJPO
   
   ୅දཧࣄ
   1FSM(P+BWB5ZQF4DSJQU.Z42-FUD
   5XJUUFS(JUIVC
   !LBSVQBOFSVSB

3. ࿩͢͜ͱ w *".؅ཧͷϕετϓϥΫςΟεͷ͓͞Β͍
   w *".؅ཧͷ೉͠͞ͱͦͷ໰୊
   w *".؅ཧͷ෦෼తͳҕৡʹΑΔղܾ
   w ͦΕΛԠ༻ͨ͠؅ཧͷ*B$Խ

4. ࿩͞ͳ͍͜ͱ w ηΩϡϦςΟͷجૅ
   w "84΍*".ͷجૅ
   w ֤छ"84αʔϏε
   w *".؅ཧͷৄ͍͠ӡ༻ํ๏
   w

   "84ΞΧ΢ϯτͷϚϧνΞΧ΢ϯτ؅ཧ
   w "84
   $%,ͳͲͷ࢓૊Έͷৄࡉ

5. ͸͍

6. ࿩͢͜ͱ w *".؅ཧͷϕετϓϥΫςΟεͷ͓͞Β͍
   w *".؅ཧͷ೉͠͞ͱͦͷ໰୊
   w *".؅ཧͷ෦෼తͳҕৡʹΑΔղܾํ๏
   w ͦΕΛԠ༻ͨ͠؅ཧͷ*B$Խ

7. *".؅ཧͷ
   ϕετϓϥΫςΟε

8. *".
   ͰͷηΩϡϦςΟͷϕετϓϥΫςΟε IUUQTEPDTBXTBNB[PODPNKB@KQ*".MBUFTU6TFS(VJEFCFTUQSBDUJDFTIUNM

9. ಛʹେࣄͳͱ͜Ζ ࠓճͷ࿩Λཧղ͢Δ্Ͱ

10. *".
    ͰͷηΩϡϦςΟͷϕετϓϥΫςΟε IUUQTEPDTBXTBNB[PODPNKB@KQ*".MBUFTU6TFS(VJEFCFTUQSBDUJDFTIUNM

11. ࠷খݶͷಛݖΛೝΊΔ w ඞཁҎ্ͷݖݶΛ͚ͭͳ͍
    w ࠷খݶͷΞΫηεݖݶ͔Βঃʑʹҭ͍ͯͯ͘
    Կނ͔ʁ
    ˠ
    ඞཁҎ্ͷݖݶ͕෇༩͞Εͨঢ়ଶͷৗଶԽΛ๷͙ͨΊ
    ඞཁҎ্ʹݖݶΛ࣋ͭͱೝূ৘ใͷ࿙Ӯ࣌ͷϦεΫ͕ߴ͘ͳΔ

12. ΞΫηεΩʔΛڞ༗͠ͳ͍ w ಉҰ*".ϢʔβʔͷΞΫηεΩʔΛෳ਺ՕॴͰڞ༗͠ͳ͍
    w *".ϩʔϧͷར༻Λਪ঑͢Δ
    Կނ͔ʁ
    ˠ
    ΞΫηεΩʔΛ࣋ͭγεςϜΛ૿΍͞ͳ͍ͨΊ
    ΞΫηεΩʔΛ࢖͏Օॴ͕૿͑Ε͹࿙Ӯ͢ΔՄೳੑ΋૿͑Δ

13. ͭ·Γ

14. *".؅ཧͷϕετϓϥΫςΟε w ݸʑݸผͷࣄ৘ʹ߹Θͤͨ࠷খݶͷݖݶΛ࣋ͭ*".ϩʔϧΛ࢖͏
    w ඞཁҎ্ͷݖݶΛ͚ͭͳ͍
    w *".Ϣʔβʔ͸γεςϜϢʔεͰ͸ݪଇͱͯ͠࢖Θͳ͍
    w ($1͔Βར༻͢Δ৔߹ͳͲ͸ผ
    

15. ͸͍

16. ࿩͢͜ͱ w *".؅ཧͷϕετϓϥΫςΟεͷ͓͞Β͍
    w *".؅ཧͷ೉͠͞ͱͦͷ໰୊
    w *".؅ཧͷ෦෼తͳҕৡʹΑΔղܾ
    w ͦΕΛԠ༻ͨ͠؅ཧͷ*B$Խ

17. *".؅ཧͷ೉͠͞

18. *".ϙϦγʔ͸ෳࡶԽ͕ͪ͠ w 3FTPVSDF΍$POEJUJPOʹΑΔॊೈͰࡉ͔͍ݖݶ؅ཧ͕Մೳ
    w ୯७ʹ"DUJPOΛ෇͚Δ͚ͩͰ͸े෼ʹݖݶΛߜΕͳ͍
    w 4΍,.4ͷར༻Ͱ͸࣮༻্3FTPVSDFͷ੍ݶ΋ඞཁʹͳΔ
    w "84؅ཧϙϦγʔʹ͸Ϧιʔε੍ݶ͕ແ͍
    w

    ݖݶΛे෼ʹߜΔʹ͸ࣗ෼ͰϙϦγʔΛ࡞Δ΄͏͕ྑ͍
    w ݁Ռతʹ*".ϙϦγʔ؅ཧʹ͸ϊ΢ϋ΢͕ඞཁʹͳΔ

19. ݖݶΛ؅ཧ͢Δݖݶ͕ඞཁʹͳΔ w ʮ*".Λ؅ཧ͢Δݖݶʯ͸ʮݖݶΛ؅ཧ͢ΔݖݶʯͰ͋Δ
    w ͭ·Γࣗ෼ࣗ਎ͷݖݶ΋ίϯτϩʔϧͰ͖Δ
    w ࣮࣭తʹ͢΂ͯͷݖݶΛ࣋ͭ͜ͱʹ΄΅౳͍͠ঢ়ଶ
    w ແҋʹશһ͕͜ΕΛ࣋ͭͱݖݶ؅ཧ͢Δҙຯ͕ͳ͘ͳͬͯ͠·͏
    w

    Ұ෦ͷϝϯόʔ͚͕ͩ*".؅ཧݖݶΛ࣋ͭΑ͏ʹ͢Ε͹ղܾ͢Δ
    w Ұൠతʹ͸ґཔ੍ νέοτ੍ ͱͳΔ͜ͱ͕ଟͦ͏

20. %FW0QTͷڥ໨͕ᐆດ w Ϋϥ΢υΠϯϑϥʹ͓͍ͯ͸%FWͱ0QTͷڥ໨͸ᐆດ
    w *BB4͔Β཭Ε͍͚ͯ͹͍͘΄Ͳ͜Ε͸ݦஶʹͳ͍ͬͯ͘
    w %FWͷจ຺Ͱ৽͍͠ΠϯϑϥετϥΫνϟΛ࡞Δ͜ͱʹͳΔ
    w ͦΕʹ߹Θͤͯ৽͍͠ݖݶηοτ͕ඞཁʹͳΔ͜ͱ͕ଟ͍
    w

    -BNCEB΍'JSFIPTFʹ෇༩͢Δ*".ϩʔϧͳͲ
    w ։ൃن໛͕޿͘ଟ༷Խ͢Δͱɺґཔ੍Ͱ͸ᴥᴪ͕ى͖΍͘͢ͳΔ

21. ͓Θ͔Γ
    ͍͚ͨͩͨͩΖ͏͔ʜ

22. ΋͏Ұ౓͝ཡ͍ͨͩ͜͏ʜ

23. *".؅ཧͷϕετϓϥΫςΟε w ݸʑݸผͷࣄ৘ʹ߹Θͤͨ࠷খݶͷݖݶΛ࣋ͭ*".ϩʔϧΛ࢖͏
    w ඞཁҎ্ͷݖݶΛ͚ͭͳ͍
    w *".Ϣʔβʔ͸γεςϜϢʔεͰ͸ݪଇͱͯ͠࢖Θͳ͍
    w ($1͔Βར༻͢Δ৔߹ͳͲ͸ผ
    

24. ݖݶΛ؅ཧ͢Δݖݶ͕ඞཁʹͳΔ w ʮ*".Λ؅ཧ͢Δݖݶʯ͸ʮݖݶΛ؅ཧ͢ΔݖݶʯͰ͋Δ
    w ͭ·Γࣗ෼ࣗ਎ͷݖݶ΋ίϯτϩʔϧͰ͖Δ
    w ࣮࣭తʹ͢΂ͯͷݖݶΛ࣋ͭ͜ͱʹ΄΅౳͍͠ঢ়ଶ
    w ແҋʹશһ͕͜ΕΛ࣋ͭͱݖݶ؅ཧ͢Δҙຯ͕ͳ͘ͳͬͯ͠·͏
    w

    Ұ෦ͷϝϯόʔ͚͕ͩ*".؅ཧݖݶΛ࣋ͭΑ͏ʹ͢Ε͹ղܾ͢Δ
    w Ұൠతʹ͸ґཔ੍ νέοτ੍ ͱͳΔ͜ͱ͕ଟͦ͏

25. ແ਺ʹൃੜ͢Δ
    ݸʑݸผͷ*".ϩʔϧ

26. ͦΕΒΛશͯ؅ཧ͢Δ
    Ұ෦ͷϝϯόʔ

27. None

28. ։ൃن໛ʹରͯ͠
    ؅ཧ͕εέʔϧͰ͖ͳ͍

29. ʘ ?P? ʗ

30. Ͳ͏͢Ε͹ྑ͍ͷ͔

31. ղܾํ๏

32. ࿩͢͜ͱ w *".؅ཧͷϕετϓϥΫςΟεͷ͓͞Β͍
    w *".؅ཧͷ೉͠͞ͱͦͷ໰୊
    w *".؅ཧͷ෦෼తͳҕৡʹΑΔղܾ
    w ͦΕΛԠ༻ͨ͠؅ཧͷ*B$Խ

33. *".؅ཧͷ෦෼తͳҕৡ

34. ͦ΋ͦ΋ͷ໰୊ w *".ϦιʔεશମΛ؅ཧ͢Δ͔Ұ੾؅ཧ͠ͳ͍͔ͷۃ୺ͳೋ୒
    w ։ൃن໛͕εέʔϧͯ͠΋*".؅ཧऀ͕εέʔϧͰ͖ͳ͍
    w Ұ෦ͷݸਓ͕؅ཧ୲౰ऀͱͯͦ͠ΕΛ΍Δ͔͠ͳ͍ҝ
    w ݁Ռతʹ*".Ϣʔβʔ΍*".ϩʔϧͷ࢖͍·Θ͠Ͱଥڠ͕ͪ͠
    w

    ΋ͪΖΜજࡏతͳηΩϡϦςΟʔϦεΫ͕෇͖·ͱ͏

35. ͦ΋ͦ΋ͷ໰୊ w *".ϦιʔεશମΛ؅ཧ͢Δ͔Ұ੾؅ཧ͠ͳ͍͔ͷۃ୺ͳೋ୒
    w ։ൃن໛͕εέʔϧͯ͠΋*".؅ཧऀ͕εέʔϧͰ͖ͳ͍
    w Ұ෦ͷݸਓ͕؅ཧ୲౰ऀͱͯͦ͠ΕΛ΍Δ͔͠ͳ͍ҝ
    w ݁Ռతʹ*".Ϣʔβʔ΍*".ϩʔϧͷ࢖͍·Θ͠Ͱଥڠ͕ͪ͠
    w

    ΋ͪΖΜજࡏతͳηΩϡϦςΟʔϦεΫ͕෇͖·ͱ͏

36. ෼୲͸͍͚ͨ͠ΕͲ
    શݖ࣋ͬͨਓ͕૿͑͗ͯ͢΋ࠔΔ

37. ʮ͜ͷ-BNCEB͋ͨΓͷݖݶ͸
    ͦͬͪͰΑ͠ͳʹ؅ཧͯ͠Ͷʯ
    Έ͍ͨʹ෼୲͍ͨ͠

38. "MM
    PS
    /PUIJOH͸ࠔΔ

39. ΋͠෦෼తͳ؅ཧΛҕৡͯ͠
    ෼୲͢Δ͜ͱ͕Ͱ͖ͨΒʜʁ

40. ղܾͦ͠͏

41. Ͳ͏΍ͬͯʁ

42. ෦෼తͳ*".ݖݶૢ࡞͕Ͱ͖Δݖݶ
    ͳΜͯ࡞ΕΔͷ͔ʁ

43. ͭ͘Ε·͢

44. 1FSNJTTJPOT
    #PVOEBSZ w ݖݶͷڥքΛఆΊΔ͜ͱ͕Ͱ͖Δػೳ
    w Ұൠతʹ͸૊৫ؒͰ*".؅ཧݖݶͷҰ෦ΛҕৡͷͨΊʹ࢖ΘΕΔ
    w *".Ϣʔβʔ΍*".ϩʔϧʹઃఆ͢Δ͜ͱ͕Ͱ͖Δ
    w ͜Ε͕ઃఆ͞Ε͍ͯΔ*".Ϧιʔε͸ɺͲͷΑ͏ͳݖݶΛ࣋ͬͯ ͍ͯ΋ɺ͜ͷڥքΛ௒͑ͨݖݶΛߦ࢖͢Δ͜ͱ͸Ͱ͖ͳ͘ͳΔ
    

    w Τϥʔ͸୯ʹݖݶΛ͍࣋ͬͯͳ͍ͱ͖ͱಉ͡΋ͷ͕ൃੜ͢Δ IUUQTEPDTBXTBNB[PODPN*".MBUFTU6TFS(VJEFBDDFTT@QPMJDJFT@CPVOEBSJFTIUNM

45. ͲͷΑ͏ʹݖݶͷڥքΛఆΊΔͷ͔ w ࣮ଶͱͯ͠͸ී௨ͷҰൠతͳ؅ཧϙϦγʔ
    w 1FSNJTTJPOT
    #PVOEBSZͱͯ͠෇༩ͨ͠৔߹ʹಛघͳಇ͖Λ͢Δ
    w 1FSNJTTJPOT
    #PVOEBSZͰڐՄ͞Ε͍ͯͳ͍"DUJPO͸࢖͑ͳ͘ͳΔ
    w ΠϯϥΠϯϙϦγʔͳͲͰڐՄ͞Ε͍ͯͯ΋ͦΕ͸࢖͑ͳ͘ͳΔ
    w

    ୯ʹڐՄ͍ͯ͠ͳ͍ͱ͖ͱൃੜ͢ΔΤϥʔ͸มΘΒͳ͍
    w ౰ͨΓલ͕ͩ ͜͜Ͱ*".Ϧιʔεͷૢ࡞ݖݶΛڐՄ͢Δͱݖݶঢ͕֨Ͱ͖ΔͷͰຊ຤స౗ʹͳͬͯ͠·͏ɻ΍ͬͯ͸͍͚ͳ͍

46. ͲͷΑ͏ʹݖݶͷڥքΛఆΊΔͷ͔ w Ұൠతʹ͸αʔϏε୯ҐͰࢦఆ͢ Δ͜ͱ͕ଟ͍
    w ӈͷྫͷϙϦγʔΛ1FSNJTTJPOT
    #PVOEBSZʹࢦఆͨ͠৔߹͸ɺ4 ͱ$MPVE8BUDIʹؔ܎͢Δݖݶͩ ͚͕ػೳ͢Δ {

    "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:*", "cloudwatch:*" ], "Resource": "*" } ] }

47. ͭ·Γ

48. ୯ʹ*".Ϧιʔεͷݖݶ͚͕ͩ͋Δঢ়ଶ
    1FSNJTTJPOT
    #PVOEBSZͷ
    ݖݶ *".Ϧιʔεͷ
    ݖݶ

49. 1FSNJTTJP OT
    #PVOEBSZ ͦ͜ʹ1FSNJTTJPOT
    #PVOEBSZ͕ͭ͘ͱ
    1FSNJTTJPOT
    #PVOEBSZͷ
    ݖݶ *".Ϧιʔεͷ
    ݖݶ

50. 1FSNJTTJP OT
    #PVOEBSZ ࣮ࡍʹ࢖͑ΔݖݶΛ੍ݶͰ͖Δ
    1FSNJTTJPOT
    #PVOEBSZͷ
    ݖݶ *".Ϧιʔεͷ
    ݖݶ ࣮ࡍʹ
    

    ࢖͑Δ
    ݖݶ

51. 2෇͚ͳ͔ͬͨΓ֎͞ΕͨΓ͠ͳ͍ʁ

52. "෇༩Λڧ੍͢Ε͹Α͍

53. 1FSNJTTJPOT
    #PVOEBSZͷ෇༩Λڧ੍ w *".
    $POEJUJPOͰ͋Δ
    JBN1FSNJTTJPOT#PVOEBSZ
    Λ࢖͏
    w ࢦఆͨ͠1FSNJTTJPOT
    #PVOEBSZΛ෇༩ͨ͠*".ϦιʔεͷΈʹ ରͯ͠ͷΈར༻Ͱ͖ΔݖݶΛදݱͰ͖Δ
    w ࣮࣭తʹಛఆͷ1FSNJTTJPOT
    #PVOEBSZͷ෇༩Λڧ੍Ͱ͖Δ
    w ࢦఆͨ͠1FSNJTTJPOT
    #PVOEBSZΛ෇༩͠ͳ͍Ϧιʔεʹରͯ͠

    ͷૢ࡞Λڋ൱Ͱ͖Δ

54. 1FSNJTTJP OT
    #PVOEBSZ ࣮ࡍʹ࢖͑Δݖݶͷ੍ݶΛڧ੍Ͱ͖Δ
    1FSNJTTJPOT
    #PVOEBSZͷ
    ݖݶ *".Ϧιʔεͷ
    ݖݶ ࣮ࡍʹ
    

    ࢖͑Δ
    ݖݶ ֎ͤͳ͍ʂ

55. ͲͷΑ͏ʹ࢖͏͔

56. *".ݖݶ؅ཧͷ෦෼తͳҕৡͷ࣮ݱ ݖݶൣғΛදݱ͢Δ1FSNJTTJPOT
    #PVOEBSZ༻؅ཧϙϦγʔΛ࡞Δ
    ෦෼తͳ*".؅ཧݖݶΛ༩͍͑ͨ*".Ϧιʔεʹର͠
    
    JBN1FSNJTTJPOT#PVOEBSZͰ্هͷ1FSNJTTJPOT
    #PVOEBSZ Ͱ੍ݶͨ͠*".ૢ࡞ݖݶΛ෇༩͢Δ
    
    ඞཁͳΒ ࣗ෼ࣗ਎ͷ*".Ϧιʔεʹର͢Δૢ࡞΋ېࢭ͢Δ
    

57. Ͱ͖·ͨ͠

58. ͜ΕͰ*".؅ཧΛ
    ෼୲͠΍͘͢ͳͬͨ

59. ΍Γ·ͨ͠Ͷ

60. ͔͠͠

61. ·ͩ໰୊͸࢒͍ͬͯΔʜ

62. ࢥ͍ग़ͯ͠Έ·͠ΐ͏

63. *".ϙϦγʔ͸ෳࡶԽ͕ͪ͠ w 3FTPVSDF΍$POEJUJPOʹΑΔॊೈͰࡉ͔͍ݖݶ؅ཧ͕Մೳ
    w ୯७ʹ"DUJPOΛ෇͚Δ͚ͩͰ͸े෼ʹݖݶΛߜΕͳ͍
    w 4΍,.4ͷར༻Ͱ͸࣮༻্3FTPVSDFͷ੍ݶ΋ඞཁʹͳΔ
    w "84؅ཧϙϦγʔʹ͸Ϧιʔε੍ݶ͕ແ͍
    w

    ݖݶΛे෼ʹߜΔʹ͸ࣗ෼ͰϙϦγʔΛ࡞Δ΄͏͕ྑ͍
    w ݁Ռతʹ*".ϙϦγʔ؅ཧʹ͸ϊ΢ϋ΢͕ඞཁʹͳΔ

64. ݸਓͰͳ͘૊৫ͱͯ͠
    *".؅ཧϊ΢ϋ΢Λ
    ஝ੵ͍ͨ͠

65. ཧ૝

66. ૊৫Ͱ؅ཧ͢Δཧ૝ͷ*".؅ཧ؀ڥ w ඞཁ࠷খݶͷਓ͕؅ཧݖݶΛ͍࣋ͬͯΔ
    w ͜ͷਓ਺Λن໛ʹ߹Θͤͯ૿ݮͰ͖Δ
    w ࡞ۀऀ͸୭Ͱ΋มߋΛϦΫΤετͰ͖Δ
    w มߋ಺༰͸٬؍తʹᴥᴪͷແ͍දݱͰهࡌͰ͖Δ
    w

    ͍ͭͩΕ͕ͳΜͷͨΊʹͲͷΑ͏ͳมߋΛͨ͠ͷ͔Λ௥੻Ͱ͖Δ
    w มߋͷࡍʹؾΛ͚ͭΔ΂͖ϊ΢ϋ΢͕஝ੵͰ͖Δ
    

67. ͓΍

68. *OGSBTUSVDUVSF
    BT
    DPEF
    Ͱղܾͦ͠͏

69. ૊৫Ͱ؅ཧ͢Δཧ૝ͷ*".؅ཧ؀ڥ w ඞཁ࠷খݶͷਓ͕؅ཧݖݶΛ͍࣋ͬͯΔ
    ˠ
    (JUIVC
    3FWJFX
    w ͜ͷਓ਺Λن໛ʹ߹Θͤͯ૿ݮͰ͖Δ
    ˠ
    (JUIVC
    5FBN
    w ࡞ۀऀ͸୭Ͱ΋มߋΛϦΫΤετͰ͖Δ
    ˠ
    1VMM
    3FRVFTU
    w มߋ಺༰͸٬؍తʹᴥᴪͷແ͍දݱͰهࡌͰ͖Δ
    ˠ
    $PEF
    w

    ͍ͭͩΕ͕ͳΜͷͨΊʹͲͷΑ͏ͳมߋΛͨ͠ͷ͔Λ௥੻Ͱ͖Δ
    w มߋͷࡍʹؾΛ͚ͭΔ΂͖ϊ΢ϋ΢͕஝ੵͰ͖Δ
    ˠ
    (JU
    

70. 1VMM3FRVFTUग़ͯ͠
    ϨϏϡʔͯ͠Ϛʔδͯ͠
    $*Ͱࣗಈಉظ

71. ͍ͨ͠

72. ΍Γ·͠ΐ͏

73. ࿩͢͜ͱ w *".؅ཧͷϕετϓϥΫςΟεͷ͓͞Β͍
    w *".؅ཧͷ೉͠͞ͱͦͷ໰୊
    w *".؅ཧͷ෦෼తͳҕৡʹΑΔղܾ
    w ͦΕΛԠ༻ͨ͠؅ཧͷ*B$Խ

74. *B$

75. 1VMM3FRVFTUग़ͯ͠
    ϨϏϡʔͯ͠Ϛʔδͯ͠
    $*Ͱࣗಈಉظ

76. Kick Job Github Enterprise Server Sync CI Create Developer Review

    Reviewer Pull-Request Merge AWS IAM ֓೦ਤ

77. Αͬ͠Ό
    ΍͍ͬͯͧ͘ʂʂʂʂʂ

78. ͦͷલʹʜ

79. *".มߋద༻ΛࣗಈԽ͢ΔϦεΫ w $*
    +PC͕*".؅ཧݖݶΛ࣋ͭ͜ͱʹͳΔ
    w *".ͷશݖΛ࣋ͭͱ಺෦ෆਖ਼ߦҝऀʹѱ༻͞ΕͨࡍͷϦεΫ͕ߴ͍
    w ෦෼తͳ*".؅ཧݖݶΛ࣋ͭ৔߹͸ͦͷϦεΫ͸ݶఆత
    w ϦϙδτϦʹΞΫηεݖݶ͕͋Ε͹୭Ͱ΋มߋͰ͖Δ
    w

    ϨϏϡʔ͕βϧͩͱѱҙͷ͋ΔݖݶΛݟམͱ͔͠Ͷͳ͍
    w $*ͷߏ੒ࣗମʹ੬ऑੑ͕ແ͍ݶΓ͸֎෦͔Β߈ܸ͢Δ༨஍͸ͳ͍

80. ϦεΫʹର͢Δߟ͑ํ w ಺෦ෆਖ਼ߦҝऀͷ༨஍͔͠ͳ͍
    
    ࣗಈԽͤͣͱ΋ৗʹ͋ΔϦεΫ
    w *".؅ཧݖݶΛ͍࣋ͬͯΔਓ͕ډΔݶΓ͸ى͜ΓಘΔ
    w ෆਖ਼ߦҝΛ͠ʹ͘͘͢Δ࢓૊ΈΛ࡞Δ͜ͱͰϦεΫΛԼ͛ΒΕΔ
    w $MPVE5SBJMͷ*".
    "1*ΠϕϯτΛ4MBDLʹ௨஌
    w

    *".ϦιʔεͷมߋͳͲΛݕ஌प஌͢Δ
    w มߋػձ͸ൺֱతগͳ͍ͷͰมͳૢ࡞͕͋ͬͯ΋ؾ͖ͮ΍͍͢
    w 1FSNJTTJPOT
    #PVOEBSZͰൣғΛݶఆ͠ඃ֐ϦεΫΛԼ͛ΒΕΔ

81. ࢓૊Έ࣍ୈͰ
    े෼ʹϦεΫΛԼ͛ΒΕΔ

82. Αͬ͠Ό
    ΍͍ͬͯͧ͘ʂʂʂʂʂ

83. ཧ૝ͷ*B$ʹΑΔ*".؅ཧ w (JUIVCʹ1VMM3FRVFTU 13 Λ࡞ΓϚʔδ͞ΕͨΒ$*Ͱࣗಈಉظ
    w ίʔυ ઃఆ Λਖ਼ͱͯࠩ͠෼ಉظ͍ͨ͠
    w

    શಉظͰ͸4%,ͳͲͷεϩοτϧֻ͕͔Γ͕࣌ؒͱͯ΋ֻ͔Δ
    w ఆظతʹ"84ଆΛਖ਼ͱͨࠩ͠෼ಉظΛऔΓࠐΈ͍ͨ
    w ۓٸ࣌ͳͲʹߦͬͨ௚ͷมߋ͕ҙਤͤͣר͖໭͞Εͳ͍Α͏ʹ
    w -JOUFSΛ༻ҙͯ͠ϙϦγʔͳͲͷෆඋΛࣗಈϨϏϡʔ͍ͨ͠
    w ϊ΢ϋ΢Λ13͚ͩͰ͸ͳ͘ίʔυͱͯ͠΋஝ੵͰ͖Δ

84. Ͳ͏΍ͬͯಉظ͢Δ͔ʁ

85. ಉظखஈͷબ୒ࢶ w 5FSSBGPSN
    w QSPT
    JNQPSU΋Մೳ
    
    ಠࣗ%4-Ͱࣗ༝౓͕ߴ͗͢ͳ͍
    w DPOT
    TUBUFͷ؅ཧ͕ඞཁ
    w "84
    $%,
    $GO$MPVE
    'PSNBUJPO

    
    w QSPT
    TUBUFͷ؅ཧ͕ෆཁ
    w DPOT
    ESJGUൃੜ࣌ʹखͰݕ஌ɾमਖ਼͕ඞཁ
    
    ࣗ༝౓͕ߴ͗͢Δ

86. هड़ͷࣗ༝౓ͷӨڹ w "84ଆͷঢ়ଶΛਖ਼ͱͨࠩ͠෼औΓࠐΈͷ͠΍͢͞
    w هड़ͷࣗ༝౓͕௿͍΄ͲςΩετͰͷࠩ෼͕ग़ʹ͍͘
    w ϑΥʔϚολʔͳͲ͕͋Ε͹Ϛγ͕ͩʜ
    w ͨͱ͑͹5ZQF4DSJQUͷίʔυʹམͱ͞Εͯ΋ࠩ෼͕େม
    w

    ७ਮͳ+40/ͷΑ͏ͳ୯ͳΔߏ଄ମ͕Ұ൪ྑ͍

87. طଘ*B$ιϦϡʔγϣϯͷTUBUF؅ཧ w $GO΍5FSSBGPSNͳͲͷ*B$Ͱ͸TUBUFΛ࣋ͬͯͦΕͱͷࠩ෼ΛऔΔ
    w ࣮ଶͱTUBUF͸ဃ཭͠ಘΔ ͜ͷဃ཭ΛESJGUͱݺͿ
    w Ұൠతͳߏ੒؅ཧͰ͸ESJGU͸Ͳͷঢ়ଶ͕ਖ਼͍͔͠౎౓൑அ͕ඞཁ
    w

    "84ଆͷঢ়ଶΛਖ਼ͱͨ͠*".Λදݱ͢Δίʔυ ઃఆ ΁ͷࠩ෼औΓ ࠐΈΛ͢ΔͨΊʹ͸TUBUF͸अຐʹͳΔ

88. Ͳ͏͢Δ͔ʁ

89. ࣗ࡞͠·ͨ͠

90. ࣮૷ w ࠩ෼ݕग़͠"84
    4%,Ͱ*".
    "1*Λద੾ʹୟ͘ײ͡ͷ࣮૷
    w +40/Ͱ*".Ϣʔβʔ΍*".ϩʔϧͷઃఆ಺༰Λهड़
    w ΠϯϥΠϯϙϦγʔͳͲ΋ͦͷ··هࡌͰ͖Δ
    w 5ZQF4DSJQUͰ࣮૷
    w

    "84
    $%,ΛಋೖࡁΈͩͬͨͷͰ։ൃݴޠΛ߹Θ͔ͤͨͬͨ
    w JPUTͰόϦσʔγϣϯ͢Δ͜ͱͰ؆୯ͳUZQPͳͲ΋ݕग़Մೳ

91. ఆٛྫ { "UserName": "foo", "Tags": {}, "PermissionBoundary": "arn:aws:iam::012345678901:policy/OurPermissionsBoundary", "InlinePolicies": {

    "Bar": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": "arn:aws:s3:ap-northeast-1:012345678901:foo-bucket" }, { "Effect": "Allow", "Action": [ "s3:GetObject",

92. "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket"

    ], "Resource": "arn:aws:s3:ap-northeast-1:012345678901:foo-bucket" }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject" ], "Resource": "arn:aws:s3:ap-northeast-1:012345678901:foo-bucket/*" } ] } }, "AttachedPolicies": [] } ఆٛྫ

93. 13ྫ

94. ӡ༻ͨͦ͠ͷޙ

95. تͼͷ੠ w ʮ*".पΓΛ୲౰ऀʹґཔ͢Δඞཁ͕ͳ͘ͳָͬͯʹͳͬͨʯ
    w ʮศརʯ
    w ͕ͬͭΓ࢖ΘΕ͍ͯ·͢

96. ى͖ͨτϥϒϧ

97. τϥϒϧ w *".
    "1*ͷো֐Ͱಉظ͕ࢭ·Δ
    w ଘࡏ͠ͳ͍"DUJPOΛࢦఆͯ͠ಉظΤϥʔ
    w ଘࡏ͠ͳ͍ϢʔβʔΛ"TTVNF3PMF1PMJDZͰ৴པ͠Α͏ͱͯ͠ಉظ Τϥʔ
    w 1FSNJTTJPOT
    #PVOEBSZͰڐՄ͍ͯ͠ͳ͍΋ͷΛ௥Ճͯ͠ϋϚΔ

    ͍ͣΕ΋मਖ਼΍ϦτϥΠͰղܾࡁ

98. ΊͰͨ͠

99. ·ͱΊ

100. ·ͱΊ w *".؅ཧ͸೉͍͠
     w ϕετϓϥΫςΟε͸͋Δ͕࣮ફʹ͸࿑ྗతͳ՝୊͕ଟ͍
     w 1FSNJTTJPOT
     #PVOEBSZΛ͏·͘࢖͏ͱղܾͰ͖Δ
     w *".؅ཧϊ΢ϋ΢͸૊৫ʹ஝ੵ͢Δ࢓૊ΈΛ࡞Δͱ٢
     w

     (JUIVCͰ1VMM3FRVFTUϕʔεͰ*".ϦιʔεΛ؅ཧ͢Δಓ΋͋Δ
     w ϦεΫ͕ड͚ೖΕΒΕͦ͏ͳΒݕ౼ͷՁ஋ΞϦ

101. ͋Γ͕ͱ͏͍͟͝·ͨ͠
     ࣭ٙԠ౴
     :PVUVCFίϝϯτཝʹͯ