{"id":16856,"date":"2019-07-31T14:32:11","date_gmt":"2019-07-31T05:32:11","guid":{"rendered":"http:\/\/www.skyarch.net\/blog\/?p=16856"},"modified":"2019-07-31T14:32:11","modified_gmt":"2019-07-31T05:32:11","slug":"aws-%e3%81%a7%e3%83%91%e3%82%b9%e3%83%af%e3%83%bc%e3%83%89%e3%81%aa%e3%81%a9%e3%81%ae%e7%a7%98%e5%af%86%e6%83%85%e5%a0%b1%e3%82%92%e3%82%b3%e3%83%bc%e3%83%89%e3%81%ab%e5%9f%8b%e3%82%81%e8%be%bc","status":"publish","type":"post","link":"https:\/\/www.skyarch.net\/blog\/aws-%e3%81%a7%e3%83%91%e3%82%b9%e3%83%af%e3%83%bc%e3%83%89%e3%81%aa%e3%81%a9%e3%81%ae%e7%a7%98%e5%af%86%e6%83%85%e5%a0%b1%e3%82%92%e3%82%b3%e3%83%bc%e3%83%89%e3%81%ab%e5%9f%8b%e3%82%81%e8%be%bc\/","title":{"rendered":"AWS \u3067\u30d1\u30b9\u30ef\u30fc\u30c9\u306a\u3069\u306e\u79d8\u5bc6\u60c5\u5831\u3092\u30b3\u30fc\u30c9\u306b\u57cb\u3081\u8fbc\u307e\u305a\u306b\u5229\u7528\u3059\u308b\u65b9\u6cd5"},"content":{"rendered":"<p>\u67d0\u6240\u3067 API \u30ad\u30fc\u3092\u542b\u3080\u79d8\u5bc6\u60c5\u5831\u3092\u30b3\u30fc\u30c9\u306b\u542b\u3081\u3066\u4e00\u822c\u516c\u958b\u3057\u305f\u70ba\u306b\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u306e\u539f\u56e0\u306b\u306a\u3063\u305f\u53ef\u80fd\u6027\u304c\u3042\u308b\u3068\u8a71\u984c\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>AWS \u3067\u3082\u30b5\u30fc\u30d3\u30b9\u5229\u7528\u306f\u57fa\u672c\u7684\u306b\u306f\u5168\u3066 REST API \u3092\u901a\u3058\u3066\u884c\u308f\u308c\u305f\u3081\u3001\u30b3\u30fc\u30c9\u306b\u5bfe\u3057\u3066\u4f55\u3089\u304b\u306e\u5f62\u3067API\u30ad\u30fc\u3068\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u3092\u6e21\u3059\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u305d\u306e\u70ba\u3084\u306f\u308a\u985e\u4f3c\u306e\u4e8b\u6545\u304c\u767a\u751f\u3059\u308b\u53ef\u80fd\u6027\u306f\u5e38\u306b\u3042\u308a\u3001\u5b9a\u671f\u7684\u306a\u6ce8\u610f\u559a\u8d77\u304c\u884c\u308f\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>AWS \u3067\u306f\u8cac\u4efb\u5171\u6709\u30e2\u30c7\u30eb<a href=\"#fn1\" class=\"footnote-ref\" id=\"fnref1\" role=\"doc-noteref\"><sup>1<\/sup><\/a> \u304c\u63a1\u7528\u3055\u308c\u3066\u304a\u308a\u3001\u5f53\u305f\u308a\u524d\u306e\u3053\u3068\u3067\u3059\u304c\u30c7\u30fc\u30bf\u306e\u4fdd\u5168\u51e6\u7f6e\u3084\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u7ba1\u7406\u306f\u30e6\u30fc\u30b6\u306e\u8cac\u4efb\u3068\u306a\u308a\u307e\u3059\u3002<\/p>\n<p>\u305d\u3082\u305d\u3082\u30b3\u30fc\u30c9\u4e2d\u306bAPI\u30ad\u30fc\u306a\u3069\u306e\u79d8\u5bc6\u60c5\u5831\u3092\u57cb\u3081\u8fbc\u307e\u306a\u304f\u3066\u3082\u5b89\u5168\u306b\u5229\u7528\u3059\u308b\u4ed5\u7d44\u307f\u304c\u63d0\u4f9b\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u4eca\u56de\u306f\u305d\u306e\u3046\u3061\u306e\u3044\u304f\u3064\u304b\u3092\u3054\u7d39\u4ecb\u3057\u305f\u3044\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n<h2 id=\"iam-\u30e6\u30fc\u30b6\">IAM \u30e6\u30fc\u30b6<\/h2>\n<p>AWS \u30ea\u30bd\u30fc\u30b9\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u5236\u5fa1\u3059\u308b\u6700\u3082\u57fa\u672c\u7684\u306a\u6a5f\u80fd\u3067\u3059\u3002IAM \u30e6\u30fc\u30b6\u3068\u3044\u3046\u5358\u4f4d\u3067 ID\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u767a\u884c\u3057\u3001\u30de\u30cd\u30b8\u30e1\u30f3\u30c8\u30b3\u30f3\u30bd\u30fc\u30eb\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u5b9f\u65bd\u3057\u307e\u3059\u3002<\/p>\n<p>\u307e\u305f\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304b\u3089 AWS \u30ea\u30bd\u30fc\u30b9\u3092\u5229\u7528\u3059\u308b\u5834\u5408\u306f\u3001\u30a2\u30af\u30bb\u30b9\u30ad\u30fcID\u3068\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30a2\u30af\u30bb\u30b9\u30ad\u30fc(\u4ee5\u4e0b\u30a2\u30af\u30bb\u30b9\u30ad\u30fc)\u3092\u767a\u884c\u3057\u3066\u5229\u7528\u3059\u308b\u3053\u3068\u306b\u306a\u308a\u307e\u3059\u3002\u305d\u306e\u5834\u5408\u306f\u30a2\u30af\u30bb\u30b9\u30ad\u30fc\u3092\u6240\u5b9a\u306e\u30d5\u30a1\u30a4\u30eb(~\/.aws\/credentials)\u306b\u4fdd\u5b58\u3057\u30b3\u30fc\u30c9\u30c4\u30ea\u30fc\u5185\u306b\u306f\u66f8\u304d\u8fbc\u307e\u306a\u3044\u3053\u3068\u304c\u63a8\u5968\u3055\u308c\u307e\u3059\u3002<\/p>\n<p>\u901a\u5e38\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304b\u3089\u3001AWS \u30ea\u30bd\u30fc\u30b9\u3092\u5229\u7528\u3059\u308b\u5834\u5408\u306f\u3001\u5229\u7528\u4e2d\u306e\u8a00\u8a9e\u306b\u5bfe\u5fdc\u3059\u308b SDK \u3092\u5229\u7528\u3059\u308b\u3053\u3068\u304c\u591a\u3044\u3068\u601d\u3044\u307e\u3059\u304c\u3001SDK \u3092\u5229\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u306f\u6240\u5b9a\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u81ea\u52d5\u7684\u306b\u8aad\u307f\u51fa\u3057\u3066\u30a2\u30af\u30bb\u30b9\u3059\u308b\u70ba\u3001\u30b3\u30fc\u30c9\u4e0a\u306b\u30a2\u30af\u30bb\u30b9\u30ad\u30fc\u3092\u767b\u9332\u3059\u308b\u5fc5\u8981\u306f\u3042\u308a\u307e\u305b\u3093\u3002<\/p>\n<p>\u306a\u304a\u3001\u5171\u540c\u958b\u767a\u8005\u540c\u58eb\u3067\u3082 IAM \u30e6\u30fc\u30b6\u3092\u5171\u6709\u3059\u308b\u3053\u3068\u306f\u63a8\u5968\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3002\u5f8c\u8ff0\u306e CloudTrail \u3092\u5229\u7528\u3057\u305f\u6d41\u51fa\u7d4c\u8def\u306e\u7279\u5b9a\u306a\u3069\u304c\u56f0\u96e3\u306b\u306a\u308b\u70ba\u3067\u3059\u3002<\/p>\n<h2 id=\"\u3046\u3063\u304b\u308a\u306e\u9632\u6b62-git-secret\">\u3046\u3063\u304b\u308a\u306e\u9632\u6b62 git-secret<\/h2>\n<p>\u4e0a\u8a18\u306e\u901a\u308a\u3001\u901a\u5e38\u30b3\u30fc\u30c9\u4e2d\u306b\u30a2\u30af\u30bb\u30b9\u30ad\u30fc\u3092\u8a18\u8f09\u3059\u308b\u5fc5\u8981\u306f\u3042\u308a\u307e\u305b\u3093\u304c\u3001\u305d\u308c\u3067\u3082\u3061\u3087\u3063\u3068\u3057\u305f\u30e1\u30e2\u3084\u3001\u4e00\u6642\u7684\u306b\u66f8\u3044\u305f\u3064\u3082\u308a\u304c\u6d88\u3057\u5fd8\u308c\u3066\u30b3\u30df\u30c3\u30c8\u3057\u3066\u3057\u307e\u3046\u306a\u3069\u306e\u4e8b\u6545\u306e\u53ef\u80fd\u6027\u304c\u8003\u3048\u3089\u308c\u307e\u3059\u3002<\/p>\n<p>\u305d\u306e\u69d8\u306a\u4e8b\u6545\u3092\u9632\u6b62\u3059\u308b\u70ba\u3001\u30b3\u30df\u30c3\u30c8\u6642\u306a\u3069\u306b\u79d8\u5bc6\u60c5\u5831\u3092\u691c\u51fa\u3059\u308b git \u30d7\u30e9\u30b0\u30a4\u30f3\u304c AWS \u304b\u3089\u63d0\u4f9b\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p><a href=\"https:\/\/github.com\/awslabs\/git-secrets\">git-secrets<\/a><\/p>\n<h2 id=\"iam-\u30ed\u30fc\u30eb\">IAM \u30ed\u30fc\u30eb<\/h2>\n<p>AWS \u4e0a\u306b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u5c55\u958b\u3059\u308b\u969b\u306f\u3001AMI\u3084\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u4e0a\u306b\u4e0a\u8a18 IAM \u30e6\u30fc\u30b6\u306e\u30a2\u30af\u30bb\u30b9\u30ad\u30fc\u3092\u30c7\u30d7\u30ed\u30a4\u3059\u308b\u3053\u3068\u306f\u5f37\u304f\u63a8\u5968\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3002AMI \u306f\u5171\u6709\u3057\u305f\u308a\u516c\u958b\u3059\u308b\u3053\u3068\u3082\u3067\u304d\u308b\u306e\u3067\u3001AMI \u3092\u901a\u3058\u305f\u30a2\u30af\u30bb\u30b9\u30ad\u30fc\u306e\u6d41\u51fa\u304c\u61f8\u5ff5\u3055\u308c\u308b\u70ba\u3067\u3059\u3002<\/p>\n<p>\u4ee3\u66ff\u624b\u6bb5\u3068\u3057\u3066\u3001IAM \u30ed\u30fc\u30eb\u3068\u3044\u3046\u6a5f\u80fd\u304c\u63d0\u4f9b\u3055\u308c\u3066\u3044\u307e\u3059\u3002IAM \u30e6\u30fc\u30b6\u3068\u540c\u3058\u69d8\u306b\u4f5c\u6210\u3057\u3001\u9069\u5207\u306b AWS \u30ea\u30bd\u30fc\u30b9\u3078\u306e\u30a2\u30af\u30bb\u30b9\u6a29\u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002\u9055\u3044\u306f\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u8d77\u52d5\u6642\u306b\u3001\u4f5c\u6210\u3057\u305f IAM \u30ed\u30fc\u30eb\u3092\u6307\u5b9a\u3059\u308b\u3053\u3068\u3067\u3001\u5b89\u5168\u306b\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306b\u5bfe\u3057\u3066\u30a2\u30af\u30bb\u30b9\u30ad\u30fc\u3092\u914d\u5e03\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>SDK \u3092\u5229\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u306f\u3001\u7279\u306b IAM \u30e6\u30fc\u30b6\u3001IAM \u30ed\u30fc\u30eb\u306e\u9055\u3044\u3092\u610f\u8b58\u3059\u308b\u5fc5\u8981\u306f\u3042\u308a\u307e\u305b\u3093\u3002\u307e\u305f\u30d5\u30a1\u30a4\u30eb\u306a\u3069\u306b\u30a2\u30af\u30bb\u30b9\u6a29\u304c\u4fdd\u5b58\u3055\u308c\u3066\u3044\u308b\u308f\u3051\u3067\u306f\u306a\u3044\u306e\u3067\u3001\u6d41\u51fa\u306e\u30ea\u30b9\u30af\u3092\u6291\u3048\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u958b\u767a\u74b0\u5883\u7528\u3001\u672c\u756a\u74b0\u5883\u7528\u306a\u3069\u7528\u9014\u306b\u3088\u3063\u3066\u30a2\u30af\u30bb\u30b9\u6a29\u3092\u7c21\u5358\u306b\u5207\u308a\u66ff\u3048\u3089\u308c\u308b\u3068\u3044\u3046\u30e1\u30ea\u30c3\u30c8\u3082\u3042\u308a\u307e\u3059\u3002<\/p>\n<h2 id=\"\u4e00\u6642\u7684\u306a\u8a8d\u8a3c\u60c5\u5831-sts\">\u4e00\u6642\u7684\u306a\u8a8d\u8a3c\u60c5\u5831 STS<\/h2>\n<p>IAM \u30e6\u30fc\u30b6\u306e\u69d8\u306b\u6bd4\u8f03\u7684\u9577\u671f\u9593\u56fa\u5b9a\u7684\u306b\u5229\u7528\u3059\u308b\u306e\u3067\u306f\u306a\u304f\u3001\u77ed\u6642\u9593\u3060\u3051\u4e00\u6642\u7684\u306b\u30a2\u30af\u30bb\u30b9\u6a29\u3092\u4ed8\u4e0e\u3082\u3057\u304f\u306f\u53d6\u5f97\u3057\u305f\u3044\u5834\u5408\u304c\u3042\u308a\u307e\u3059\u3002\u305d\u306e\u5834\u5408\u306f STS \u3092\u5229\u7528\u3057\u3066\u5229\u7528\u6a29\u9650\u3092\u4ed8\u4e0e\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u4f8b\u3048\u3070\u3001\u5916\u90e8\u306e\u4f5c\u696d\u8005\u306b\u5bfe\u3057\u3066\uff11\u65e5\u3060\u3051\u30a2\u30af\u30bb\u30b9\u6a29\u3092\u4ed8\u4e0e\u3057\u305f\u3044\u306a\u3069\u3068\u3044\u3063\u305f\u30e6\u30fc\u30b9\u30b1\u30fc\u30b9\u306e\u5834\u5408\u306b\u5229\u7528\u3067\u304d\u307e\u3059\u3002<\/p>\n<h2 id=\"aws-secrets-manager\">AWS Secrets Manager<\/h2>\n<p>\u30e2\u30c0\u30f3\u306a\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3067\u306f\u3001\u4f55\u3089\u304b\u306e\u5f62\u3067\u306e\u5916\u90e8\u9023\u643a\u304c\u6b20\u304b\u3059\u3053\u3068\u304c\u3067\u304d\u307e\u305b\u3093\u3002\u305d\u306e\u70ba\u5916\u90e8\u9023\u643a\u306b\u5fc5\u8981\u306a API \u30ad\u30fc\u3084\u3001\u30af\u30ec\u30c7\u30f3\u30b7\u30e3\u30eb\u3001\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306a\u3069\u306e\u60c5\u5831\u3092\u5b89\u5168\u306b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u5bfe\u3057\u3066\u914d\u5e03\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>\u3053\u308c\u3089\u306e\u60c5\u5831\u3082\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3084\u30b3\u30fc\u30c9\u4e0a\u306b\u4fdd\u5b58\u3059\u308b\u3053\u3068\u306f\u5f37\u304f\u63a8\u5968\u3055\u308c\u307e\u305b\u3093\u3002\u4ee3\u308f\u308a\u306b AWS Secrets Manager \u3068\u3044\u3046\u30b5\u30fc\u30d3\u30b9\u304c\u63d0\u4f9b\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u4f8b\u3048\u3070\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30a2\u30af\u30bb\u30b9\u306b\u5fc5\u8981\u306a ID\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3001\u30db\u30b9\u30c8\u540d\u306a\u3069\u306e\u60c5\u5831\u3092 AWS Secrets Manager \u4e0a\u306b\u4fdd\u5b58\u3057\u3066\u304a\u304d\u3001\u5fc5\u8981\u306a\u6642\u306b\u53d6\u308a\u51fa\u3057\u3066\u5229\u7528\u3059\u308b\u69d8\u306b\u69cb\u6210\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u60c5\u5831\u306e\u53d6\u308a\u51fa\u3057\u306b\u5bfe\u3057\u3066\u306f\u3001\u4e0a\u8a18 IAM\u30ed\u30fc\u30eb\u30fb\u30e6\u30fc\u30b6\u3092\u5229\u7528\u3057\u305f\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u306b\u3088\u3063\u3066\u6a5f\u5bc6\u6027\u3092\u4fdd\u6301\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<h2 id=\"aws-key-management-service-kms\">AWS Key Management Service (KMS)<\/h2>\n<p>\u73fe\u4ee3\u3067\u306f\u3001\u60c5\u5831\u3092\u6697\u53f7\u5316\u3057\u3066\u4fdd\u7ba1\u3059\u308b\u3053\u3068\u304c\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8981\u4ef6\u3068\u3057\u3066\u5fc5\u8981\u3068\u3055\u308c\u308b\u30ef\u30fc\u30af\u30ed\u30fc\u30c9\u3082\u591a\u3044\u304b\u3068\u601d\u3044\u307e\u3059\u3002AWS \u3067\u3082\u30d6\u30ed\u30c3\u30af\u30b9\u30c8\u30ec\u30fc\u30b8\u306e EBS \u3084\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u30b9\u30c8\u30ec\u30fc\u30b8\u306e S3 \u306a\u3069\u591a\u304f\u306e\u30b5\u30fc\u30d3\u30b9\u3067\u6697\u53f7\u5316\u3092\u30b5\u30dd\u30fc\u30c8\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u305d\u306e\u5834\u5408\u3082\u6697\u53f7\u5316\u30ad\u30fc\u306e\u7ba1\u7406\u304c\u91cd\u8981\u3068\u306a\u308a\u307e\u3059\u3002AWS Key Management Service \u6697\u53f7\u5316\u30ad\u30fc\u306e\u751f\u6210\u3001\u7ba1\u7406\u6a5f\u80fd\u3092\u63d0\u4f9b\u3057\u307e\u3059\u3002<\/p>\n<p>\u30ad\u30fc\u306e\u53d6\u308a\u51fa\u3057\u306b\u3042\u305f\u3063\u3066\u306f\u3001\u540c\u3058\u304fIAM\u30ed\u30fc\u30eb\u30fb\u30e6\u30fc\u30b6\u3092\u5229\u7528\u3057\u305f\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u306b\u3088\u3063\u3066\u6a5f\u5bc6\u6027\u3092\u4fdd\u6301\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<h2 id=\"aws-systems-manager-\u30d1\u30e9\u30e1\u30fc\u30bf\u30b9\u30c8\u30a2\">AWS Systems Manager \u30d1\u30e9\u30e1\u30fc\u30bf\u30b9\u30c8\u30a2<\/h2>\n<p>\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306f\u4e00\u822c\u7684\u306b\u5b9f\u884c\u6642\u306b\u69d8\u3005\u306a\u8a2d\u5b9a\u60c5\u5831\u3092\u5fc5\u8981\u3068\u3059\u308b\u304b\u3068\u601d\u3044\u307e\u3059\u3002\u8a2d\u5b9a\u60c5\u5831\u306f\u30b3\u30fc\u30c9\u4e2d\u306b\u8a18\u8ff0\u3059\u308b\u3053\u3068\u306f\u597d\u307e\u3057\u304f\u306a\u304f\u3001\u5b9f\u884c\u6642\u306b\u52d5\u7684\u306b\u53d6\u5f97\u3059\u308b\u306e\u304c\u7406\u60f3\u7684\u3067\u3059\u3002\u307e\u305f\u8a2d\u5b9a\u60c5\u5831\u306e\u4e2d\u306b\u3042\u307e\u308a\u5916\u90e8\u306b\u516c\u958b\u3057\u305f\u304f\u306a\u3044\u60c5\u5831\u304c\u542b\u307e\u308c\u308b\u5834\u5408\u3082\u3042\u308b\u3067\u3057\u3087\u3046\u3002<\/p>\n<p>\u305d\u306e\u69d8\u306a\u5834\u5408\u306b AWS Systems Manager \u30d1\u30e9\u30e1\u30fc\u30bf\u30b9\u30c8\u30a2 \u306b\u8a2d\u5b9a\u60c5\u5831\u3092\u4fdd\u7ba1\u3059\u308b\u3053\u3068\u3067\u5bfe\u51e6\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>AWS Systems Manager \u30d1\u30e9\u30e1\u30fc\u30bf\u30b9\u30c8\u30a2 \u3078\u306e\u30a2\u30af\u30bb\u30b9\u3082IAM\u30ed\u30fc\u30eb\u30fb\u30e6\u30fc\u30b6\u306b\u3088\u3063\u3066\u5236\u5fa1\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u3001\u5fc5\u8981\u306a\u6642\u306b\u5fc5\u8981\u306a\u60c5\u5831\u3092\u53d6\u5f97\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<h2 id=\"\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30e6\u30fc\u30b6\u3078\u306e\u6a29\u9650\u4ed8\u4e0e-cognito\">\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30e6\u30fc\u30b6\u3078\u306e\u6a29\u9650\u4ed8\u4e0e Cognito<\/h2>\n<p>\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u30e6\u30fc\u30b6\u306b\u5bfe\u3057\u3066\u3001\u5236\u9650\u3055\u308c\u305f\u30a2\u30af\u30bb\u30b9\u6a29\u3092\u4ed8\u4e0e\u3057\u305f\u3044\u5834\u5408\u3082\u3042\u308b\u304b\u3068\u601d\u3044\u307e\u3059\u3002\u305d\u306e\u5834\u5408\u306f Cognito \u304c\u6709\u52b9\u3067\u3057\u3087\u3046\u3002ID\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u4f7f\u3063\u305f\u8a8d\u8a3c\u3001\u5916\u90e8\u30a2\u30ab\u30a6\u30f3\u30c8\u9023\u643a\u306a\u3069\u3092\u901a\u3058\u3066\u4e0a\u8a18\u3067\u7d39\u4ecb\u3057\u305f STS \u3092\u767a\u884c\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<h2 id=\"\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u306e\u8ffd\u8de1-cloudtrail\">\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u306e\u8ffd\u8de1 CloudTrail<\/h2>\n<p>\u4e07\u304c\u4e00\u6a5f\u5bc6\u60c5\u5831\u304c\u6f0f\u3048\u3044\u3057\u305f\u5834\u5408\u3084\u3001\u4e0d\u6b63\u306a\u30a2\u30af\u30bb\u30b9\u3092\u691c\u51fa\u3059\u308b\u305f\u3081\u306b\u306f API \u3084\u30ad\u30fc\u3078\u306e\u30a2\u30af\u30bb\u30b9\u72b6\u6cc1\u3092\u8ffd\u8de1\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u305d\u306e\u305f\u3081\u306b\u306f\u5229\u7528\u72b6\u6cc1\u306e\u30ed\u30b0\u304c\u5fc5\u8981\u3068\u306a\u308a\u307e\u3059\u304c\u3001AWS \u3067\u306f CloudTrail \u3092\u6709\u52b9\u306b\u3059\u308b\u3053\u3068\u3067\u30ed\u30b0\u306e\u63a1\u53d6\u304c\u53ef\u80fd\u3067\u3059\u3002<\/p>\n<p>\u4eca\u56de\u7d39\u4ecb\u3057\u305f KMS \u3084\u3001Secret Manager \u304b\u3089\u306e\u30ad\u30fc\u306e\u53d6\u5f97\u72b6\u6cc1\u3092IAM\u30e6\u30fc\u30b6\u3001\u30ed\u30fc\u30eb\u6bce\u306b\u628a\u63e1\u3059\u308b\u3053\u3068\u3082\u3067\u304d\u307e\u3059\u3002 \u305d\u306e\u305f\u3081 IAM \u3092\u500b\u5225\u306b\u767a\u884c\u3059\u308b\u3053\u3068\u3067\u30a2\u30af\u30bb\u30b9\u306e\u8a73\u7d30\u306a\u8ffd\u8de1\u304c\u53ef\u80fd\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<h2 id=\"\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u306e\u691c\u51fa-guardduty\">\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u306e\u691c\u51fa GuardDuty<\/h2>\n<p>\u307e\u305f CloudTrail \u3067\u5358\u306b\u8a18\u9332\u3092\u53d6\u308b\u3060\u3051\u3067\u306a\u304f\u3001GuardDuty \u3092\u5229\u7528\u3059\u308b\u3053\u3068 API \u30a2\u30af\u30bb\u30b9\u306e\u4e0d\u5be9\u306a\u6319\u52d5\u3092\u691c\u51fa\u3059\u308b\u3053\u3068\u3082\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>GuardDuty \u306b\u3064\u3044\u3066\u306e\u8a73\u7d30\u306f\u4ee5\u524d\u3053\u3061\u3089\u3067\u3082\u7d39\u4ecb\u3055\u305b\u3066\u3044\u305f\u3060\u3044\u3066\u3044\u307e\u3059\u3002<\/p>\n<p><a href=\"http:\/\/www.skyarch.net\/blog\/?p=16422\">\u5897\u52a0\u3059\u308b\u30b5\u30a4\u30d0\u30fc\u653b\u6483\u306e\u8105\u5a01\u306b\u5bfe\u51e6\u3059\u308b\u306b\u306f\uff1f Amazon GuardDuty \u306e\u3054\u7d39\u4ecb<\/a><\/p>\n<h2 id=\"\u4ee5\u524d\u306f\u63a8\u5968\u3055\u308c\u3066\u3044\u305f\u304c\u73fe\u5728\u306f\u3084\u3081\u305f\u307b\u3046\u304c\u3044\u3044\u3053\u3068\">\u4ee5\u524d\u306f\u63a8\u5968\u3055\u308c\u3066\u3044\u305f\u304c\u73fe\u5728\u306f\u3084\u3081\u305f\u307b\u3046\u304c\u3044\u3044\u3053\u3068<\/h2>\n<p>\u74b0\u5883\u5909\u6570\u3084\u30e6\u30fc\u30b6\u30fc\u30c7\u30fc\u30bf\u3092\u5229\u7528\u3057\u3066\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u8d77\u52d5\u6642\u306b\u79d8\u5bc6\u60c5\u5831\u3092\u6e21\u3059\u3053\u3068\u3001\u307e\u305f S3 \u306b\u4fdd\u5b58\u3057\u3066\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304b\u3089\u8aad\u307f\u51fa\u3059\u306a\u3069\u306e\u65b9\u6cd5\u3082\u4ee5\u524d\u306f\u63d0\u6848\u3055\u308c\u3066\u5b9f\u969b\u306b\u5229\u7528\u3082\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u304c\u3001\u73fe\u5728\u3067\u306f\u4e0a\u8a18\u306e\u69d8\u306b\u69d8\u3005\u306a\u30b5\u30fc\u30d3\u30b9\u304c\u63d0\u4f9b\u3055\u308c\u3066\u3044\u308b\u70ba\u3001\u63a8\u5968\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3002<\/p>\n<p>\u5b9a\u671f\u7684\u306a\u30a2\u30fc\u30ad\u30c6\u30af\u30c1\u30e3\u306e\u898b\u76f4\u3057\u306f AWS Well-Architected \u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\u3067\u3082\u5f37\u304f\u63a8\u5968\u3055\u308c\u3066\u3044\u308b\u306e\u3067\u3001\u3053\u306e\u6a5f\u4f1a\u306b\u898b\u76f4\u3057\u3066\u307f\u3066\u306f\u3044\u304b\u304c\u3067\u3057\u3087\u3046\u304b\u3002<\/p>\n<h2 id=\"\u6700\u5f8c\u306b\">\u6700\u5f8c\u306b<\/h2>\n<p>AWS\u30b5\u30fc\u30d3\u30b9\u3092\u6709\u52b9\u306b\u5229\u7528\u3059\u308b\u3053\u3068\u3067\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u306a\u3069\u306e\u79d8\u5bc6\u60c5\u5831\u306e\u6f0f\u3048\u3044\u3092\u9632\u304e\u3064\u3064\u52b9\u7387\u3088\u304f\u958b\u767a\u3059\u308b\u305f\u3081\u306e\u30d2\u30f3\u30c8\u306b\u306a\u308c\u3070\u5e78\u3044\u3067\u3059\u3002\u4eca\u56de\u306f\u5404\u30b5\u30fc\u30d3\u30b9\u306e\u8a73\u7d30\u307e\u3067\u306f\u8e0f\u307f\u8fbc\u3080\u3053\u3068\u304c\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\u304c\u3001\u6a5f\u4f1a\u304c\u3042\u308c\u3070\u5177\u4f53\u7684\u306a\u5229\u7528\u65b9\u6cd5\u306b\u3064\u3044\u3066\u3082\u3054\u7d39\u4ecb\u3057\u305f\u3044\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n<h2 id=\"\u4eca\u56de\u3054\u7d39\u4ecb\u3057\u305f-aws-\u30b5\u30fc\u30d3\u30b9\">\u4eca\u56de\u3054\u7d39\u4ecb\u3057\u305f AWS \u30b5\u30fc\u30d3\u30b9<\/h2>\n<ul>\n<li><a href=\"https:\/\/aws.amazon.com\/jp\/iam\/\">AWS Identity and Access Management (IAM)<\/a><\/li>\n<li><a href=\"https:\/\/docs.aws.amazon.com\/ja_jp\/IAM\/latest\/UserGuide\/id_users.html\">IAM \u30e6\u30fc\u30b6\u30fc<\/a><\/li>\n<li><a href=\"https:\/\/docs.aws.amazon.com\/ja_jp\/IAM\/latest\/UserGuide\/id_roles.html\">IAM \u30ed\u30fc\u30eb<\/a><\/li>\n<li><a href=\"https:\/\/docs.aws.amazon.com\/ja_jp\/IAM\/latest\/UserGuide\/id_credentials_temp.html\">AWS Security Token Service (AWS STS)<\/a><\/li>\n<li><a href=\"https:\/\/aws.amazon.com\/jp\/secrets-manager\/\">AWS Secrets Manager<\/a><\/li>\n<li><a href=\"https:\/\/aws.amazon.com\/jp\/kms\/\">AWS Key Management Service (KMS)<\/a><\/li>\n<li><a href=\"https:\/\/aws.amazon.com\/jp\/cognito\/\">Amazon Cognito<\/a><\/li>\n<li><a href=\"https:\/\/aws.amazon.com\/jp\/cloudtrail\/\">AWS CloudTrail<\/a><\/li>\n<li><a href=\"https:\/\/aws.amazon.com\/jp\/guardduty\/\">Amazon Guard\u200bDuty<\/a><\/li>\n<\/ul>\n<section class=\"footnotes\" role=\"doc-endnotes\">\n<hr \/>\n<ol>\n<li id=\"fn1\" role=\"doc-endnote\">\n<p><a href=\"https:\/\/aws.amazon.com\/jp\/compliance\/shared-responsibility-model\/\">\u8cac\u4efb\u5171\u6709\u30e2\u30c7\u30eb<\/a><a href=\"#fnref1\" class=\"footnote-back\" role=\"doc-backlink\">\u21a9\ufe0e<\/a><\/p>\n<\/li>\n<\/ol>\n<\/section>\n","protected":false},"excerpt":{"rendered":"<p>\u67d0\u6240\u3067 API \u30ad\u30fc\u3092\u542b\u3080\u79d8\u5bc6\u60c5\u5831\u3092\u30b3\u30fc\u30c9\u306b\u542b\u3081\u3066\u4e00\u822c\u516c\u958b\u3057\u305f\u70ba\u306b\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u306e\u539f\u56e0\u306b\u306a\u3063\u305f\u53ef\u80fd\u6027\u304c\u3042\u308b\u3068\u8a71\u984c\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002 AWS \u3067\u3082\u30b5\u30fc\u30d3\u30b9\u5229\u7528\u306f\u57fa\u672c\u7684\u306b\u306f\u5168\u3066 REST API \u3092\u901a\u3058\u3066\u884c\u308f\u308c\u305f\u3081\u3001\u30b3\u30fc\u30c9\u306b\u5bfe\u3057&#8230;<\/p>\n","protected":false},"author":1,"featured_media":16792,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_locale":"ja","_original_post":"16856","footnotes":""},"categories":[20,83,19,7],"tags":[744,500,370,746,745,747,742,743,550],"class_list":{"0":"post-16856","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-aws","8":"category-devops","9":"category-19","10":"category-security","11":"tag-aws-key-management-service","12":"tag-aws-secrets-manager","13":"tag-aws-systems-manager","14":"tag-cloudtrail","15":"tag-cognito","16":"tag-guardduty","17":"tag-iam-","19":"tag-sts","20":"ja"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts\/16856","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/comments?post=16856"}],"version-history":[{"count":3,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts\/16856\/revisions"}],"predecessor-version":[{"id":16882,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts\/16856\/revisions\/16882"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/media\/16792"}],"wp:attachment":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/media?parent=16856"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/categories?post=16856"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/tags?post=16856"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}