Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

20190618 AWS Black Belt Online Seminar AWS Config

2,372 views

Published on

AWS公式オンラインセミナー: https://amzn.to/JPWebinar
過去資料: https://amzn.to/JPArchive

Published in: Technology
  • DOWNLOAD FULL eBOOK INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookeBOOK Crime, eeBOOK Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

20190618 AWS Black Belt Online Seminar AWS Config

  1. 1. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Webinar https://amzn.to/JPWebinar https://amzn.to/JPArchive Security Solutions Architect 2019/06/18 AWS Config [AWS Black Belt Online Seminar]
  2. 2. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Amazon GuardDuty AWS Security Hub
  3. 3. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Black Belt Online Seminar • • ① 吹き出しをクリック ② 質問を入力 ③ Sendをクリック Twitter #awsblackbelt
  4. 4. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • 2019 6 18 AWS (http://aws.amazon.com) • AWS AWS • • AWS does not offer binding price quotes. AWS pricing is publicly available and is subject to change in accordance with the AWS Customer Agreement available at http://aws.amazon.com/agreement/. Any pricing information included in this document is provided only as an estimate of usage charges for AWS services based on certain information that you have provided. Monthly charges will be based on your actual use of AWS services, and may vary from the estimates provided.
  5. 5. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • • AWS Config • AWS Config Rules • • •
  6. 6. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. A A01 2 xx/xx/xx Corporate data center DB Internet Firewall Router L3SW LB DB A 3 xx/xx/xx Firewall Router L3SW LB
  7. 7. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. - - - - B A01 8 xx/xx/xx C A01 8 xx/xx/xx D A01 8 xx/xx/xx E A01 8 xx/xx/xx !?!? A 3 ( ) xx/xx/xx A 3 ( ) xx/xx/xx
  8. 8. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Tag AWS Config Auto Scaling
  9. 9. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config
  10. 10. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Config • • • • • • • AWS Config
  11. 11. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config AWS Config
  12. 12. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config • • • • • • •
  13. 13. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config AWS
  14. 14. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS 6 3 14:52 1
  15. 15. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. →
  16. 16. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  17. 17. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Customer gateway VPN Connection Internet gateway EBS Elastic network interface EC2 EIPNACL VPC Route table Subnet Security Group
  18. 18. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  19. 19. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config AWS *1: *1 *1 *1 https://docs.aws.amazon.com/ja_jp/config/latest/developerguide/resource-config-reference.html
  20. 20. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config
  21. 21. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config Rules
  22. 22. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config
  23. 23. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config Rules • • マネージドルール • • カスタムルール • •
  24. 24. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  25. 25. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • • • • • • • •
  26. 26. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://docs.aws.amazon.com/ja_jp/config/latest/developerguide/managed-rules-by-aws-config.html
  27. 27. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda functionAWS Config Rules
  28. 28. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://github.com/awslabs/aws-config-rdk
  29. 29. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  30. 30. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  31. 31. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. #1 • approved-amis-by-id • AMI ( ) • required-tags • EC2 ‘CostCenter’ • encrypted-volumes • EBS • ec2-instance-managed-by-ssm • EC2 AWS Systems Manager • vpc-flow-logs-enabled • VPC (Flow Logs)
  32. 32. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. #2 • s3-bucket-public-read-prohibited • Amazon S3 • s3-bucket-public-write-prohibited • Amazon S3 • rds-snapshots-public-prohibited • Amazon RDS • s3-bucket-server-side-encryption-enabled • Amazon S3 Amazon S3 • access-keys-rotated •
  33. 33. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config Rules GitHub • • • •
  34. 34. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SSM OS • SSM Inventory • AWS Config / Config Rules • • Config Rules SSM Automation • CloudWatch Event + Lambda EC2 SSM Inventory AWS Config 利用禁止 ソフトウェア AWS Config Rules CloudWatch Events Lambda Chat Mail Config Rulesの「修復アクション」として SSM Automationを呼び出し ソフトウェアの変更を時系列で確認 コンプライアンス違反を確認 連携を設定
  35. 35. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config https://aws.amazon.com/jp/blogs/mt/aws-config-best-practices
  36. 36. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config #1. AWS Config → → #2. → #3. →
  37. 37. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config #5. S3 → AWS → S3 AWS Managed Rule • s3-bucket-public-write-prohibited • s3-bucket-public-read-prohibited
  38. 38. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config #19. Data aggregation #20. Organizations aggregator → →
  39. 39. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Central dashboard that provides an aggregated view Multi-account, multi-region Integrates with AWS Organizations Available at no additional charge
  40. 40. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  41. 41. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  42. 42. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  43. 43. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. (2019/06/18 ) • • • https://aws.amazon.com/jp/config/pricing/
  44. 44. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  45. 45. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Tag AWS Config Auto Scaling
  46. 46. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config / Config Rules
  47. 47. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config https://aws.amazon.com/jp/blogs/mt/aws-config-best-practices/ AWS Config https://docs.aws.amazon.com/ja_jp/config/latest/developerguide/managed-rules-by-aws- config.html AWS Config https://docs.aws.amazon.com/ja_jp/config/latest/developerguide/select-resources.html AWS Config https://aws.amazon.com/jp/config/faq/
  48. 48. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Q&A AWS Japan Blog https://aws.amazon.com/jp/blogs/news/
  49. 49. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS AWS https://amzn.to/JPArchive
  50. 50. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Webinar https://amzn.to/JPWebinar https://amzn.to/JPArchive

×