Upload File

opsjaws 20160128

76
OpsJAWS #3 AWS Config Rulesハンズオン 株式会社サーバーワークス 瀬 任章

Upload: hideaki-yanase

Post on 23-Jan-2018

3.466 views

Category:

Technology


0 download

Report

TRANSCRIPT

  1. 1. OpsJAWS#3 AWSCongRules
  2. 2. @oko_chang http://facebook.com/yanase.hideaki http://okochang.hatenablog.jp HR106
  3. 3.
  4. 4. Serverworks AWS 3201200 APN Premier Consulting Partner APN Managed Service Program 4
  5. 5. Cloud Automator
  6. 6. Cloud Automator () AWS(Amazon Web Services) AWS AWS AWS AWS CLOUD AUTOMATOR
  7. 7. http://slideshare.net/ okochang/
  8. 8. Agenda AWS Cong Rules AWS Cong Rules AWS Managed Cong Rules Custom Cong Rules Custom Cong Rules 8
  9. 9. AWS Cong Rules 9
  10. 10.
  11. 11. () Trusted Advisor https://github.com/serverworks/aws-spec https://github.com/k1LoW/awspec
  12. 12. AWS Cong Rules AWS Cong AWS 12
  13. 13. EC2 IAM CloudTrail
  14. 14. CloudTrail EBS EIP
  15. 15.
  16. 16. AWS Cong Rules 16
  17. 17. AWS Cong AWS CongAWS S3SNS
  18. 18. Amazon S3
  19. 19. Amazon SNS AWS Cong
  20. 20. AWS Lambda AWS Custom Rule Node.js Java Python
  21. 21. AWS Identity Access Management AWS AWS CongIAM Custom RuleLambda FunctionIAM
  22. 22. 22
  23. 23. AWS Cong AWS Cong Rules SKIP Settings Resouce types to record Amazon S3 Bucket Amazon SNS Topic IAM Role
  24. 24. AWS Cong 24 h#ps://console.aws.amazon.com/cong/home?region=us-east-1
  25. 25. 25
  26. 26. 26
  27. 27. 27
  28. 28. 28
  29. 29. 29
  30. 30. Managed Cong Rule 30
  31. 31. Managed Cong Rule AWSCloudTrail n
  32. 32. Managed Rule 32
  33. 33. Managed Rule 33
  34. 34. 34
  35. 35. 35
  36. 36. 36
  37. 37. 37
  38. 38. 38
  39. 39. 39
  40. 40. Custom Cong Rule 40
  41. 41. Custom Cong Rule VPCFlow Logs VPC
  42. 42. VPCID 42
  43. 43. Custom Rule 43
  44. 44. Custom Rule 44
  45. 45. Custom Rule 45
  46. 46. Blue print 46
  47. 47. Lambda function 47
  48. 48. AWS JavaScript Python
  49. 49. 49 h#p://bit.ly/206LSqk
  50. 50.
  51. 51. def evaluate_owlog(vpc_id) ....... # VPC Flow Logs def evaluate_compliance(vpc_id)....... # def lambda_handler(event, context)....... #
  52. 52. EventContext Event congRuleName invokingEvent resourceType noticationCreationTime resultToken ruleParameters Context
  53. 53. AWS put_evaluations ComplianceResourceType AWS::EC2::VPC, AWS::EC2::Instance ComplianceResourceId ID vpc-xxxxxx, i-xxxxxxxx, sg-xxxxxxxx ComplianceType COMPLIANTNON_COMPLIANT OrderingTimestamp
  54. 54. Lambda function 54
  55. 55. IAM 55 h#p://bit.ly/1ScRJpR
  56. 56. IAM 56
  57. 57. Lambda function 57
  58. 58. Lambda functionARN 58
  59. 59. Lambda functionARN 59
  60. 60. 60
  61. 61. 61
  62. 62. 62
  63. 63. 63
  64. 64. Custom Cong Rule 64
  65. 65. VPC Flow Logs 65
  66. 66. VPC Flow Logs 66
  67. 67. VPC Flow LogsIAM 67
  68. 68. VPC 68
  69. 69. VPC 69
  70. 70. 70
  71. 71. 71
  72. 72. 72
  73. 73. S3 CloudWatch Logs Cong Rules Lambda function
  74. 74. AWS Cong RulesAWS AWS Cong Rules AWS
  75. 75. OpsJAWS AWS Partner SATips http://aws.typepad.com/aws_partner_sa/2015/06/aws-ops.html DoorKeeper: OpsJAWS https://opsjaws.doorkeeper.jp/
  76. 76. http://cloudautomator.com

24126 Boat-Dolphin manual-web V01-05 20160128 · V 01.05 Achtung Schutzschaltung: Boot schaltet sich erst bei Kontakt mit Wasser ein. Attention: Safety circuit! The boat is only activated

media.southernnevadahealthdistrict.orgmedia.southernnevadahealthdistrict.org/download/boh16/20160128/ix... · Hepatitis A and Meningitis vaccines at The LGBTQ Center on Mondays and

20160128 Edanz Waseda

Speak Up! Listen Up! - Safety Groups 20160128/SULU Slides Dumas Jan … · PART 1: SPEAK UP Participants who complete the Speak Up program will be able to . . . Recognize the normal

Diario Resumen 20160128

Right On Replicas, LLC Step-by-Step Review 20160128* Foose … · 2016-01-28 · modern and so is its performance at 0 to 60 mph in 4 seconds. Now Chip Foose, the famous car designer,

20160128-MvS-Crowd-Power-nr09-Tijdlijnen-en-de-dood · Tijdlijnen en parallelle realiteiten zijn verschillende onderwerpen. Een tijdlijn is iets wat .. nou de afgelopen 2000 jaren

20160128 jjug Nightセミナー_Git実践入門

20160128 rice deep process products and technology Alan

20160128 espresso - marcello.minenna.itmarcello.minenna.it/wp-content/uploads/2017/01/20160128_Espresso.pdfUnipol Banca Hypo Ape-Adria Bank Banca del lavoro e del piccolo risparmio

20160128 Zika Infographic - IFRC · 1/28/2016  · Wear long-sleeves, long trousers and hats. bins. Use insect repellents recommended by the health authorities. International Federation

Carver-Piedmont Feasibility Studygwcarc.org/wp-content/uploads/2016/02/20160128-CPAI.pdfJan 28, 2016  · Carver-Piedmont Feasibility Study Project Review & Next Steps January 28,

20160128 11h00 série infra web FR - Selmix

ASX Release 28 January 2016 Archer December … › asxpdf › 20160128 › pdf › 434mbnqqlhnl2t.pdf2016/01/28  · Archer December 2015 Quarterly Activities Report 4 (c) High-value

20160128 vl RETROSPECTO HIPODROMO VALENCIA JUEVES 28 DE ENERO DE 2016

20160128コラム · 2020. 9. 20. · 1・2月 0001 平井宏承 (総) 427.5万 今年 0.0万 半兄エイシンファイヤー 上積み警戒 5 黄 ß 差し キングヘイロー

A Global Leading Thai Chemical Companyivl.listedcompany.com/misc/presentation/20160128-presentation.pdf · 1/28/2016  · A Global Leading Thai Chemical Company January 28, 2016 IVL

20160128 VT IRP redacted - security | Virginia Tech · 4.4 Brenda van Gelder 4/1/2015 Incorporate line managers feedback provided to date 4.5a ... • Maintaining an incident response

20160128 woz lbaanz

Disease ecology, health and the environment: a …rstb.royalsocietypublishing.org/content/royptb/372/1722/20160128... · a framework to account for ecological and socio-economic drivers

data.over-blog-kiwi.comdata.over-blog-kiwi.com/0/25/24/67/20160128/ob_38384f... · Web viewC'étaient des êtres vivants, et l'homme donna un nom à chacun. L'homme donna donc leurs

20160128 woz wobanz

ПЛАН - mod.bg › bg › doc › strategicheski › 20160128... · Структура на въоръжените сили 10 1. Функционална структура на

Association pour le développement et la DÉVELOPPEMENT …data.over-blog-kiwi.com/1/53/02/19/20160128/ob_99023c_newslase… · de percer, découper, marquer, graver, ablater ou texturer

Fethi Naci’nin YKY’deki - ekitaparsivi.comekitaparsivi.com/uploads/kitap/20160128/o_002438_2013-01-06-221203_e... · notlar alarak sonuna kadar okudum. (Böyle olmasaydı Demirtaş

20160128 woz wosanz

20160128 woz gsaanz

김종태의원,논문표절 vs 기획된음모webdisk.kyongbuk.co.kr:81/pdf/20160128/2016012801-01010301.pdf · 성윤환박영문예비후보는27일상주시브리핑센터서김종태의원박사학위논문표절에관한공동기자회견을가졌다

20160128 Municipal Finance and the New Urban Agenda v4

Security news 20160128

[email protected] 20160128 083439-1gmail.com_20160128_083439-1 Author dmiller Created Date 1/28/2016 9:58:33 AM

Guidance Note and Overview 24/04/2016  · IFRC Reference Centre for Psychosocial Support Version: 24 April 2016. DRAFT 20160128 Overview and Guidance Note 1 Monitoring and evaluation

Z-Wave 500 Series Appl. Programmers Guide v6.71 · Added API handling security keys on application level. 1 20160128 JBU 4.3.1.2 & 4.3.3.2 Updated ZW_SendDataEx documentation and

20160128 Kamiya. Municipal Finance and the New Urban Agenda

組織利用におけるMFA管理方法を考える OpsJAWS Meetup#8