セキュリティ自動化とawsにおけるインシデントレスポンス -...
TRANSCRIPT
•
•
•
•
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Supported By Continued Pace Of Innovation
•
•
•
•
•
Version Control Repository
Continuous Integration
Continuous Delivery
DevOps Pipeline
Client DataStore
DiscoveryGatewayBusinessDomain
MicroservicesAPI
API Gateway
Elastic Load
Balancing Amazon ECS
DynamoDB
RDS
Elastic Beanstalk
Lambda
CodeCommit
CodePipeline
CodeDeploy
S3
•
•
•
Value Analysis
Architecture Jumpstart
Security Playbook
Applications Assessment
Operational Healthcheck
Skills Assessment
Resident Architect
AWS Cloud Adoption Framework
AWS Cloud Adoption Methodology
Enterprise Accelerators
Body of Knowledge
Domains, ConceptsPatterns, Best Practices
Structures, Dependencies
Delivery Process
Methods, inputs, outputs, swim-lanesDelivery process and milestones
Tasks, sequences and results
Managed IP & Tooling
Scenarios, stakeholders, pain points, value proposition, time/cost/effort, templates,
checklists, tools
Download the CAF Whitepaper: http://d0.awsstatic.com/whitepapers/aws_cloud_adoption_framework.pdfKindle versions also available: https://aws.amazon.com/whitepapers/#cloud-adoption-framework
Version Control Repository
Continuous Integration
Continuous Delivery
DevOps Pipeline
Client DataStore
DiscoveryGatewayBusinessDomain
MicroservicesAPI
API Gateway
Elastic Load
Balancing Amazon ECS
DynamoDB
RDS
Elastic Beanstalk
Lambda
CodeCommit
CodePipeline
CodeDeploy
S3
Version Control Repository
Continuous Integration
Continuous Delivery
DevOps Pipeline
Client DataStore
DiscoveryGatewayBusinessDomain
MicroservicesAPI
API Gateway
Elastic Load
Balancing Amazon ECS
DynamoDB
RDS
Elastic Beanstalk
Lambda
CodeCommit
CodePipeline
CodeDeploy
S3
•–
–
–
–
–
•
•
•
•
•
•
•
DRAFT
•
•
•
https://github.com/stelligent/cfn_nag
→
→
→
Security
OperationsDevelopment
•
••
•
•
••
•
••
•
•
•
※
※Custom rules: ttps://github.com/awslabs/aws-config-rules
https://www.slideshare.net/AmazonWebServices/building-the-largest-repo-for-serverless-complianceascode-sid205-reinvent-2017
•
•
•
•
•
Lambda Function
Macie GuardDutyCloudTrail CloudWatch
Events
On-Instance
LogsVPC Flow
Logs
CloudWatch
LogsCloudWatch
Alarms
Lambda Function
S3 Access Logs S3 Bucket
•–
–
–
–
–
•
–•
CloudWatchEvents
Snapshot
https://docs.aws.amazon.com/ja_jp/AmazonCloudWatch/latest/events/WhatIsCloudWatchEvents.html
コード実行
AWS
CloudTrail
Amazon
CloudWatch
Events
AWS
Lambda
Amazon
Simple
Notification
Service
AWS API
endpoints Users Amazon S3
bucket
Your
security
team
AWS
IAM
role
AWS API
Your SaaS
tools
Incident Response v4.0
サードパーティーツール活用も
AWSのAPI操作
関係者間への通知
Security
OperationsDevelopment