SlideShare a Scribd company logo

セキュリティを意識したAWS使用法

Yasuhiro Araki, Ph.D
Yasuhiro Araki, Ph.D

EC2のAMI自体を調べましょうというおはなしです。

Technology
1 of 13
Download to read offline
AWS Twitter: @ar1 yasuarak@amazon.co.jp
!  §  §  §  §  Twitter:ar1 §  Debian
IaaS(AWS) Customer 1 Customer 2 …   Customer n Hypervisor Virtual Interfaces Customer 1 Security Groups Customer 2 Security Groups … Customer n Security Groups Firewall AWS Physical Interfaces
•  Amazon ( )   •    Amazon  EC2   Instances   Encrypted     File  System   Amazon  EC2   Instance   Encrypted   Swap  File  
•  /   •  iptables /   Inbound  Traffic   Amazon  EC2   Instances     iptables   Encrypted     File  System   Amazon  EC2   Instance   Encrypted   Swap  File  
EC2 EC2 …   EC2 Hypervisor Virtual Interfaces Customer 1 Security Groups Customer 2 Security Groups … Customer n Security Groups Firewall AWS Physical Interfaces
EC2 SSH AMI
AMI
AMI AMI EBS ? ( ) ( ) EBS ssh virus
ssh ! ssh §  /etc/init.d/ssh ssh §  lsof (lsof –i :22, lsof –p XXX) ! authorized_keys §  # sshd -T | grep authorizedkeysfile
AWS Public AMI ssh If you forget to remove the existing SSH host key pairs from your public AMI, our routine auditing process will notify you and all customers running instances of your AMI of the potential security risk. After a short grace period, we will mark the AMI private.
!   VPC outbound !   t1.micro §  32bit 64bit 64bit 32bit VM mount !   mount –o noexec ! chroot

Recommended

JECRC iWeekend Cloud Day
JECRC iWeekend Cloud DayJECRC iWeekend Cloud Day
JECRC iWeekend Cloud Dayjecrciweekend
 
Introduzione ad Amazon EKS
Introduzione ad Amazon EKSIntroduzione ad Amazon EKS
Introduzione ad Amazon EKSAmazon Web Services
 
Code Deploy
Code Deploy Code Deploy
Code Deploy HajOnSoft
 
Docker at AWS
Docker at AWSDocker at AWS
Docker at AWSGovinda Fichtner
 
ContainerDay 2020 - Using Docker as a frontend for Amazon ECS and AWS Fargate
ContainerDay 2020 - Using Docker as a frontend for Amazon ECS and AWS Fargate ContainerDay 2020 - Using Docker as a frontend for Amazon ECS and AWS Fargate
ContainerDay 2020 - Using Docker as a frontend for Amazon ECS and AWS Fargate Massimo Ferre'
 
Meetup CNCF Torino - Amazon EKS March 29th 2019
Meetup CNCF Torino - Amazon EKS March 29th 2019 Meetup CNCF Torino - Amazon EKS March 29th 2019
Meetup CNCF Torino - Amazon EKS March 29th 2019 Massimo Ferre'
 
Containers Meetup (AWS+CNCF) Milano Jan 15th 2020
Containers Meetup (AWS+CNCF) Milano Jan 15th 2020Containers Meetup (AWS+CNCF) Milano Jan 15th 2020
Containers Meetup (AWS+CNCF) Milano Jan 15th 2020Massimo Ferre'
 
AWS Community Day - Andrew May - Running Containers in AWS
AWS Community Day - Andrew May - Running Containers in AWS AWS Community Day - Andrew May - Running Containers in AWS
AWS Community Day - Andrew May - Running Containers in AWS AWS Chicago
 

Recommended

JECRC iWeekend Cloud Day
JECRC iWeekend Cloud DayJECRC iWeekend Cloud Day
JECRC iWeekend Cloud Dayjecrciweekend
 
Introduzione ad Amazon EKS
Introduzione ad Amazon EKSIntroduzione ad Amazon EKS
Introduzione ad Amazon EKSAmazon Web Services
 
Code Deploy
Code Deploy Code Deploy
Code Deploy HajOnSoft
 
Docker at AWS
Docker at AWSDocker at AWS
Docker at AWSGovinda Fichtner
 
ContainerDay 2020 - Using Docker as a frontend for Amazon ECS and AWS Fargate
ContainerDay 2020 - Using Docker as a frontend for Amazon ECS and AWS Fargate ContainerDay 2020 - Using Docker as a frontend for Amazon ECS and AWS Fargate
ContainerDay 2020 - Using Docker as a frontend for Amazon ECS and AWS Fargate Massimo Ferre'
 
Meetup CNCF Torino - Amazon EKS March 29th 2019
Meetup CNCF Torino - Amazon EKS March 29th 2019 Meetup CNCF Torino - Amazon EKS March 29th 2019
Meetup CNCF Torino - Amazon EKS March 29th 2019 Massimo Ferre'
 
Containers Meetup (AWS+CNCF) Milano Jan 15th 2020
Containers Meetup (AWS+CNCF) Milano Jan 15th 2020Containers Meetup (AWS+CNCF) Milano Jan 15th 2020
Containers Meetup (AWS+CNCF) Milano Jan 15th 2020Massimo Ferre'
 
AWS Community Day - Andrew May - Running Containers in AWS
AWS Community Day - Andrew May - Running Containers in AWS AWS Community Day - Andrew May - Running Containers in AWS
AWS Community Day - Andrew May - Running Containers in AWS AWS Chicago
 
Aws oct18
Aws oct18Aws oct18
Aws oct18Praveen Thakur
 
Hands-on with AWS IoT
Hands-on with AWS IoTHands-on with AWS IoT
Hands-on with AWS IoTJulien SIMON
 
IDI 2020 - Containers Meet Serverless
IDI 2020 - Containers Meet ServerlessIDI 2020 - Containers Meet Serverless
IDI 2020 - Containers Meet ServerlessMassimo Ferre'
 
Aws cli
Aws cliAws cli
Aws cliAnh Vu Pham
 
Amazon EC2 container service
Amazon EC2 container serviceAmazon EC2 container service
Amazon EC2 container serviceAleksandr Maklakov
 
Amazon Web Services - Running Containers with ECS
Amazon Web Services - Running Containers with ECSAmazon Web Services - Running Containers with ECS
Amazon Web Services - Running Containers with ECSScott Weber
 
Docker Paris #29
Docker Paris #29Docker Paris #29
Docker Paris #29Julien SIMON
 
AWS ECOSYSTEM - Introduction
AWS ECOSYSTEM - IntroductionAWS ECOSYSTEM - Introduction
AWS ECOSYSTEM - IntroductionIvan Petrushevski
 
[AWS KR UG 1회 세미나] AWS 배포전략 @ 정민영
[AWS KR UG 1회 세미나] AWS 배포전략 @ 정민영[AWS KR UG 1회 세미나] AWS 배포전략 @ 정민영
[AWS KR UG 1회 세미나] AWS 배포전략 @ 정민영AWSKRUG - AWS한국사용자모임
 
Deliver Docker Containers Continuously on AWS - QCon 2017
Deliver Docker Containers Continuously on AWS - QCon 2017Deliver Docker Containers Continuously on AWS - QCon 2017
Deliver Docker Containers Continuously on AWS - QCon 2017Philipp Garbe
 
Amazon Web Services (AWS) Online Training
Amazon Web Services (AWS) Online TrainingAmazon Web Services (AWS) Online Training
Amazon Web Services (AWS) Online TrainingGlory IT Technologies
 
20211120 Automating EC2 operations / EC2運用の自動化
20211120 Automating EC2 operations / EC2運用の自動化20211120 Automating EC2 operations / EC2運用の自動化
20211120 Automating EC2 operations / EC2運用の自動化Masaru Ogura
 
Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC...
Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC... Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC...
Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC...Julien SIMON
 
Aws ebs snapshot with iam cross account access
Aws ebs snapshot with iam cross account accessAws ebs snapshot with iam cross account access
Aws ebs snapshot with iam cross account accessNaoya Hashimoto
 
Wi t containerizemicroservices
Wi t containerizemicroservicesWi t containerizemicroservices
Wi t containerizemicroservicesDipali Kulshrestha
 
Storing, Managing, and Deploying Docker Container Images with Amazon ECR
Storing, Managing, and Deploying Docker Container Images with Amazon ECRStoring, Managing, and Deploying Docker Container Images with Amazon ECR
Storing, Managing, and Deploying Docker Container Images with Amazon ECRChanaka Lasantha
 
Integrate AWS CodeDeploy With Git And Deploy A Revision
Integrate AWS CodeDeploy With Git And Deploy A RevisionIntegrate AWS CodeDeploy With Git And Deploy A Revision
Integrate AWS CodeDeploy With Git And Deploy A Revisiondevopsjourney
 
AWS EKS Security Best Practices
AWS EKS Security Best PracticesAWS EKS Security Best Practices
AWS EKS Security Best PracticesStackRox
 
Amazon Web Services (AWS) - A Brief Introduction
Amazon Web Services (AWS) - A Brief IntroductionAmazon Web Services (AWS) - A Brief Introduction
Amazon Web Services (AWS) - A Brief Introductiondandb-technology
 
Mtbc cloud ehr
Mtbc cloud ehrMtbc cloud ehr
Mtbc cloud ehrGhazanfar Latif (Gabe)
 
Masterclass Webinar: Amazon EC2
Masterclass Webinar: Amazon EC2Masterclass Webinar: Amazon EC2
Masterclass Webinar: Amazon EC2Amazon Web Services
 
MED303 Addressing Security in Media Workflows - AWS re: Invent 2012
MED303 Addressing Security in Media Workflows - AWS re: Invent 2012MED303 Addressing Security in Media Workflows - AWS re: Invent 2012
MED303 Addressing Security in Media Workflows - AWS re: Invent 2012Amazon Web Services
 

More Related Content

What's hot

Hands-on with AWS IoT
Hands-on with AWS IoTHands-on with AWS IoT
Hands-on with AWS IoTJulien SIMON
 
IDI 2020 - Containers Meet Serverless
IDI 2020 - Containers Meet ServerlessIDI 2020 - Containers Meet Serverless
IDI 2020 - Containers Meet ServerlessMassimo Ferre'
 
Amazon Web Services - Running Containers with ECS
Amazon Web Services - Running Containers with ECSAmazon Web Services - Running Containers with ECS
Amazon Web Services - Running Containers with ECSScott Weber
 
AWS ECOSYSTEM - Introduction
AWS ECOSYSTEM - IntroductionAWS ECOSYSTEM - Introduction
AWS ECOSYSTEM - IntroductionIvan Petrushevski
 
Deliver Docker Containers Continuously on AWS - QCon 2017
Deliver Docker Containers Continuously on AWS - QCon 2017Deliver Docker Containers Continuously on AWS - QCon 2017
Deliver Docker Containers Continuously on AWS - QCon 2017Philipp Garbe
 
Amazon Web Services (AWS) Online Training
Amazon Web Services (AWS) Online TrainingAmazon Web Services (AWS) Online Training
Amazon Web Services (AWS) Online TrainingGlory IT Technologies
 
20211120 Automating EC2 operations / EC2運用の自動化
20211120 Automating EC2 operations / EC2運用の自動化20211120 Automating EC2 operations / EC2運用の自動化
20211120 Automating EC2 operations / EC2運用の自動化Masaru Ogura
 
Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC...
Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC... Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC...
Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC...Julien SIMON
 
Aws ebs snapshot with iam cross account access
Aws ebs snapshot with iam cross account accessAws ebs snapshot with iam cross account access
Aws ebs snapshot with iam cross account accessNaoya Hashimoto
 
Wi t containerizemicroservices
Wi t containerizemicroservicesWi t containerizemicroservices
Wi t containerizemicroservicesDipali Kulshrestha
 
Storing, Managing, and Deploying Docker Container Images with Amazon ECR
Storing, Managing, and Deploying Docker Container Images with Amazon ECRStoring, Managing, and Deploying Docker Container Images with Amazon ECR
Storing, Managing, and Deploying Docker Container Images with Amazon ECRChanaka Lasantha
 
Integrate AWS CodeDeploy With Git And Deploy A Revision
Integrate AWS CodeDeploy With Git And Deploy A RevisionIntegrate AWS CodeDeploy With Git And Deploy A Revision
Integrate AWS CodeDeploy With Git And Deploy A Revisiondevopsjourney
 
AWS EKS Security Best Practices
AWS EKS Security Best PracticesAWS EKS Security Best Practices
AWS EKS Security Best PracticesStackRox
 
Amazon Web Services (AWS) - A Brief Introduction
Amazon Web Services (AWS) - A Brief IntroductionAmazon Web Services (AWS) - A Brief Introduction
Amazon Web Services (AWS) - A Brief Introductiondandb-technology
 

What's hot (20)

Aws oct18
Aws oct18Aws oct18
Aws oct18
 
Hands-on with AWS IoT
Hands-on with AWS IoTHands-on with AWS IoT
Hands-on with AWS IoT
 
IDI 2020 - Containers Meet Serverless
IDI 2020 - Containers Meet ServerlessIDI 2020 - Containers Meet Serverless
IDI 2020 - Containers Meet Serverless
 
Aws cli
Aws cliAws cli
Aws cli
 
Amazon EC2 container service
Amazon EC2 container serviceAmazon EC2 container service
Amazon EC2 container service
 
Amazon Web Services - Running Containers with ECS
Amazon Web Services - Running Containers with ECSAmazon Web Services - Running Containers with ECS
Amazon Web Services - Running Containers with ECS
 
Docker Paris #29
Docker Paris #29Docker Paris #29
Docker Paris #29
 
AWS ECOSYSTEM - Introduction
AWS ECOSYSTEM - IntroductionAWS ECOSYSTEM - Introduction
AWS ECOSYSTEM - Introduction
 
[AWS KR UG 1회 세미나] AWS 배포전략 @ 정민영
[AWS KR UG 1회 세미나] AWS 배포전략 @ 정민영[AWS KR UG 1회 세미나] AWS 배포전략 @ 정민영
[AWS KR UG 1회 세미나] AWS 배포전략 @ 정민영
 
Deliver Docker Containers Continuously on AWS - QCon 2017
Deliver Docker Containers Continuously on AWS - QCon 2017Deliver Docker Containers Continuously on AWS - QCon 2017
Deliver Docker Containers Continuously on AWS - QCon 2017
 
Amazon Web Services (AWS) Online Training
Amazon Web Services (AWS) Online TrainingAmazon Web Services (AWS) Online Training
Amazon Web Services (AWS) Online Training
 
20211120 Automating EC2 operations / EC2運用の自動化
20211120 Automating EC2 operations / EC2運用の自動化20211120 Automating EC2 operations / EC2運用の自動化
20211120 Automating EC2 operations / EC2運用の自動化
 
Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC...
Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC... Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC...
Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC...
 
Aws ebs snapshot with iam cross account access
Aws ebs snapshot with iam cross account accessAws ebs snapshot with iam cross account access
Aws ebs snapshot with iam cross account access
 
Wi t containerizemicroservices
Wi t containerizemicroservicesWi t containerizemicroservices
Wi t containerizemicroservices
 
Storing, Managing, and Deploying Docker Container Images with Amazon ECR
Storing, Managing, and Deploying Docker Container Images with Amazon ECRStoring, Managing, and Deploying Docker Container Images with Amazon ECR
Storing, Managing, and Deploying Docker Container Images with Amazon ECR
 
Integrate AWS CodeDeploy With Git And Deploy A Revision
Integrate AWS CodeDeploy With Git And Deploy A RevisionIntegrate AWS CodeDeploy With Git And Deploy A Revision
Integrate AWS CodeDeploy With Git And Deploy A Revision
 
AWS EKS Security Best Practices
AWS EKS Security Best PracticesAWS EKS Security Best Practices
AWS EKS Security Best Practices
 
Amazon Web Services (AWS) - A Brief Introduction
Amazon Web Services (AWS) - A Brief IntroductionAmazon Web Services (AWS) - A Brief Introduction
Amazon Web Services (AWS) - A Brief Introduction
 
Mtbc cloud ehr
Mtbc cloud ehrMtbc cloud ehr
Mtbc cloud ehr
 

Similar to セキュリティを意識したAWS使用法

MED303 Addressing Security in Media Workflows - AWS re: Invent 2012
MED303 Addressing Security in Media Workflows - AWS re: Invent 2012MED303 Addressing Security in Media Workflows - AWS re: Invent 2012
MED303 Addressing Security in Media Workflows - AWS re: Invent 2012Amazon Web Services
 
Aws security overview q3 2010 v2
Aws security overview q3 2010 v2Aws security overview q3 2010 v2
Aws security overview q3 2010 v2ReadMaloney
 
AWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best PracticesAWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best PracticesAmazon Web Services
 
Designing Fault Tolerant Applications on AWS - Janakiram MSV
Designing Fault Tolerant Applications on AWS - Janakiram MSVDesigning Fault Tolerant Applications on AWS - Janakiram MSV
Designing Fault Tolerant Applications on AWS - Janakiram MSVAmazon Web Services
 
Masterworks talk on Big Data and the implications of petascale science
Masterworks talk on Big Data and the implications of petascale scienceMasterworks talk on Big Data and the implications of petascale science
Masterworks talk on Big Data and the implications of petascale scienceDeepak Singh
 
13h00 aws 2012-fault_tolerant_applications
13h00 aws 2012-fault_tolerant_applications13h00 aws 2012-fault_tolerant_applications
13h00 aws 2012-fault_tolerant_applicationsinfolive
 
Building Fault Tolerant Applications in the cloud - AWS Summit 2012 - NYC
Building Fault Tolerant Applications in the cloud - AWS Summit 2012 - NYC Building Fault Tolerant Applications in the cloud - AWS Summit 2012 - NYC
Building Fault Tolerant Applications in the cloud - AWS Summit 2012 - NYC Amazon Web Services
 
NHGRI Cloud Computing talk
NHGRI Cloud Computing talkNHGRI Cloud Computing talk
NHGRI Cloud Computing talkDeepak Singh
 
Getting started in the AWS Cloud, Glen Robinson, Solutions Architect, AWS
Getting started in the AWS Cloud, Glen Robinson, Solutions Architect, AWSGetting started in the AWS Cloud, Glen Robinson, Solutions Architect, AWS
Getting started in the AWS Cloud, Glen Robinson, Solutions Architect, AWSAmazon Web Services
 
Getting Started in the AWS Cloud, Glen Robinson, Solutions Architect, AWS
Getting Started in the AWS Cloud, Glen Robinson, Solutions Architect, AWSGetting Started in the AWS Cloud, Glen Robinson, Solutions Architect, AWS
Getting Started in the AWS Cloud, Glen Robinson, Solutions Architect, AWSAmazon Web Services
 
Ram chinta hug-20120922-v1
Ram chinta hug-20120922-v1Ram chinta hug-20120922-v1
Ram chinta hug-20120922-v1Ram Chinta
 
Disaster Recovery with the AWS Cloud
Disaster Recovery with the AWS CloudDisaster Recovery with the AWS Cloud
Disaster Recovery with the AWS CloudAmazon Web Services
 
How to Extend your Datacenter into the Cloud - 2nd Watch - Webinar
How to Extend your Datacenter into the Cloud - 2nd Watch - WebinarHow to Extend your Datacenter into the Cloud - 2nd Watch - Webinar
How to Extend your Datacenter into the Cloud - 2nd Watch - WebinarAmazon Web Services
 
Netflix Moving To Cloud
Netflix Moving To CloudNetflix Moving To Cloud
Netflix Moving To CloudHien Luu
 
Plenary Talk at ACAT 2010
Plenary Talk at ACAT 2010Plenary Talk at ACAT 2010
Plenary Talk at ACAT 2010Deepak Singh
 

Similar to セキュリティを意識したAWS使用法 (20)

Masterclass Webinar: Amazon EC2
Masterclass Webinar: Amazon EC2Masterclass Webinar: Amazon EC2
Masterclass Webinar: Amazon EC2
 
MED303 Addressing Security in Media Workflows - AWS re: Invent 2012
MED303 Addressing Security in Media Workflows - AWS re: Invent 2012MED303 Addressing Security in Media Workflows - AWS re: Invent 2012
MED303 Addressing Security in Media Workflows - AWS re: Invent 2012
 
Aws security overview q3 2010 v2
Aws security overview q3 2010 v2Aws security overview q3 2010 v2
Aws security overview q3 2010 v2
 
Aws Security Overview
Aws Security OverviewAws Security Overview
Aws Security Overview
 
AWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best PracticesAWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best Practices
 
Security Overview
Security Overview Security Overview
Security Overview
 
Designing Fault Tolerant Applications on AWS - Janakiram MSV
Designing Fault Tolerant Applications on AWS - Janakiram MSVDesigning Fault Tolerant Applications on AWS - Janakiram MSV
Designing Fault Tolerant Applications on AWS - Janakiram MSV
 
Masterworks talk on Big Data and the implications of petascale science
Masterworks talk on Big Data and the implications of petascale scienceMasterworks talk on Big Data and the implications of petascale science
Masterworks talk on Big Data and the implications of petascale science
 
13h00 aws 2012-fault_tolerant_applications
13h00 aws 2012-fault_tolerant_applications13h00 aws 2012-fault_tolerant_applications
13h00 aws 2012-fault_tolerant_applications
 
Fault Tolerant Applications on AWS
Fault Tolerant Applications on AWSFault Tolerant Applications on AWS
Fault Tolerant Applications on AWS
 
Building Fault Tolerant Applications in the cloud - AWS Summit 2012 - NYC
Building Fault Tolerant Applications in the cloud - AWS Summit 2012 - NYC Building Fault Tolerant Applications in the cloud - AWS Summit 2012 - NYC
Building Fault Tolerant Applications in the cloud - AWS Summit 2012 - NYC
 
Amazon EC2: What is this and what can I do with it?
Amazon EC2: What is this and what can I do with it?Amazon EC2: What is this and what can I do with it?
Amazon EC2: What is this and what can I do with it?
 
NHGRI Cloud Computing talk
NHGRI Cloud Computing talkNHGRI Cloud Computing talk
NHGRI Cloud Computing talk
 
Getting started in the AWS Cloud, Glen Robinson, Solutions Architect, AWS
Getting started in the AWS Cloud, Glen Robinson, Solutions Architect, AWSGetting started in the AWS Cloud, Glen Robinson, Solutions Architect, AWS
Getting started in the AWS Cloud, Glen Robinson, Solutions Architect, AWS
 
Getting Started in the AWS Cloud, Glen Robinson, Solutions Architect, AWS
Getting Started in the AWS Cloud, Glen Robinson, Solutions Architect, AWSGetting Started in the AWS Cloud, Glen Robinson, Solutions Architect, AWS
Getting Started in the AWS Cloud, Glen Robinson, Solutions Architect, AWS
 
Ram chinta hug-20120922-v1
Ram chinta hug-20120922-v1Ram chinta hug-20120922-v1
Ram chinta hug-20120922-v1
 
Disaster Recovery with the AWS Cloud
Disaster Recovery with the AWS CloudDisaster Recovery with the AWS Cloud
Disaster Recovery with the AWS Cloud
 
How to Extend your Datacenter into the Cloud - 2nd Watch - Webinar
How to Extend your Datacenter into the Cloud - 2nd Watch - WebinarHow to Extend your Datacenter into the Cloud - 2nd Watch - Webinar
How to Extend your Datacenter into the Cloud - 2nd Watch - Webinar
 
Netflix Moving To Cloud
Netflix Moving To CloudNetflix Moving To Cloud
Netflix Moving To Cloud
 
Plenary Talk at ACAT 2010
Plenary Talk at ACAT 2010Plenary Talk at ACAT 2010
Plenary Talk at ACAT 2010
 

More from Yasuhiro Araki, Ph.D

1999年JUSメールサーバワークショップ@伊勢志摩
1999年JUSメールサーバワークショップ@伊勢志摩1999年JUSメールサーバワークショップ@伊勢志摩
1999年JUSメールサーバワークショップ@伊勢志摩Yasuhiro Araki, Ph.D
 
サービスをスケールさせるために AWSと利用者の技術
サービスをスケールさせるために AWSと利用者の技術サービスをスケールさせるために AWSと利用者の技術
サービスをスケールさせるために AWSと利用者の技術Yasuhiro Araki, Ph.D
 
AWSのIPv6対応状況@JAWS-UG大阪
AWSのIPv6対応状況@JAWS-UG大阪AWSのIPv6対応状況@JAWS-UG大阪
AWSのIPv6対応状況@JAWS-UG大阪Yasuhiro Araki, Ph.D
 
今だから!Amazon CloudFront 徹底活用
今だから!Amazon CloudFront 徹底活用今だから!Amazon CloudFront 徹底活用
今だから!Amazon CloudFront 徹底活用Yasuhiro Araki, Ph.D
 
Webサービス向け、クラウドデザインパターン:アンチパターン紹介
Webサービス向け、クラウドデザインパターン:アンチパターン紹介Webサービス向け、クラウドデザインパターン:アンチパターン紹介
Webサービス向け、クラウドデザインパターン:アンチパターン紹介Yasuhiro Araki, Ph.D
 
AWSにみる日本のクラウドのトレンド予測 20150321 jaws-tohoku
AWSにみる日本のクラウドのトレンド予測 20150321 jaws-tohokuAWSにみる日本のクラウドのトレンド予測 20150321 jaws-tohoku
AWSにみる日本のクラウドのトレンド予測 20150321 jaws-tohokuYasuhiro Araki, Ph.D
 
クラウドによる運用の計測と運用価値の表現、その未来
クラウドによる運用の計測と運用価値の表現、その未来クラウドによる運用の計測と運用価値の表現、その未来
クラウドによる運用の計測と運用価値の表現、その未来Yasuhiro Araki, Ph.D
 
AWS 専用線アクセス体験ラボ紹介と 開催地立候補のお願い
AWS 専用線アクセス体験ラボ紹介と 開催地立候補のお願いAWS 専用線アクセス体験ラボ紹介と 開催地立候補のお願い
AWS 専用線アクセス体験ラボ紹介と 開催地立候補のお願いYasuhiro Araki, Ph.D
 
AWSつもり違い10箇条 at 201408 jaws高尾山ビアマウント
AWSつもり違い10箇条 at 201408 jaws高尾山ビアマウント AWSつもり違い10箇条 at 201408 jaws高尾山ビアマウント
AWSつもり違い10箇条 at 201408 jaws高尾山ビアマウント Yasuhiro Araki, Ph.D
 
20140717 awssummit2014-cloud-operation
20140717 awssummit2014-cloud-operation20140717 awssummit2014-cloud-operation
20140717 awssummit2014-cloud-operationYasuhiro Araki, Ph.D
 
20140628 AWSの2014前半のアップデートまとめ
20140628 AWSの2014前半のアップデートまとめ20140628 AWSの2014前半のアップデートまとめ
20140628 AWSの2014前半のアップデートまとめYasuhiro Araki, Ph.D
 
20140621 july techfesta (JTF2014) 突発**むけAWS
20140621 july techfesta (JTF2014) 突発**むけAWS20140621 july techfesta (JTF2014) 突発**むけAWS
20140621 july techfesta (JTF2014) 突発**むけAWSYasuhiro Araki, Ph.D
 
MTのスケールアップパターン with AWS
MTのスケールアップパターン with AWSMTのスケールアップパターン with AWS
MTのスケールアップパターン with AWSYasuhiro Araki, Ph.D
 
S3をてなづけてオレオレバックエンドにしてみた話
S3をてなづけてオレオレバックエンドにしてみた話S3をてなづけてオレオレバックエンドにしてみた話
S3をてなづけてオレオレバックエンドにしてみた話Yasuhiro Araki, Ph.D
 

More from Yasuhiro Araki, Ph.D (20)

1999年JUSメールサーバワークショップ@伊勢志摩
1999年JUSメールサーバワークショップ@伊勢志摩1999年JUSメールサーバワークショップ@伊勢志摩
1999年JUSメールサーバワークショップ@伊勢志摩
 
サービスをスケールさせるために AWSと利用者の技術
サービスをスケールさせるために AWSと利用者の技術サービスをスケールさせるために AWSと利用者の技術
サービスをスケールさせるために AWSと利用者の技術
 
AWSのIPv6対応状況@JAWS-UG大阪
AWSのIPv6対応状況@JAWS-UG大阪AWSのIPv6対応状況@JAWS-UG大阪
AWSのIPv6対応状況@JAWS-UG大阪
 
今だから!Amazon CloudFront 徹底活用
今だから!Amazon CloudFront 徹底活用今だから!Amazon CloudFront 徹底活用
今だから!Amazon CloudFront 徹底活用
 
20151016 soracom-araki-02
20151016 soracom-araki-0220151016 soracom-araki-02
20151016 soracom-araki-02
 
Webサービス向け、クラウドデザインパターン:アンチパターン紹介
Webサービス向け、クラウドデザインパターン:アンチパターン紹介Webサービス向け、クラウドデザインパターン:アンチパターン紹介
Webサービス向け、クラウドデザインパターン:アンチパターン紹介
 
AWSにみる日本のクラウドのトレンド予測 20150321 jaws-tohoku
AWSにみる日本のクラウドのトレンド予測 20150321 jaws-tohokuAWSにみる日本のクラウドのトレンド予測 20150321 jaws-tohoku
AWSにみる日本のクラウドのトレンド予測 20150321 jaws-tohoku
 
20141202 jaws-osaka-hangeki
20141202 jaws-osaka-hangeki20141202 jaws-osaka-hangeki
20141202 jaws-osaka-hangeki
 
20141126 jaws-antipattern
20141126 jaws-antipattern20141126 jaws-antipattern
20141126 jaws-antipattern
 
クラウドによる運用の計測と運用価値の表現、その未来
クラウドによる運用の計測と運用価値の表現、その未来クラウドによる運用の計測と運用価値の表現、その未来
クラウドによる運用の計測と運用価値の表現、その未来
 
AWS 専用線アクセス体験ラボ紹介と 開催地立候補のお願い
AWS 専用線アクセス体験ラボ紹介と 開催地立候補のお願いAWS 専用線アクセス体験ラボ紹介と 開催地立候補のお願い
AWS 専用線アクセス体験ラボ紹介と 開催地立候補のお願い
 
20140906 jawsfesta-araki-lt
20140906 jawsfesta-araki-lt20140906 jawsfesta-araki-lt
20140906 jawsfesta-araki-lt
 
20140906 jawsfesta-araki-public
20140906 jawsfesta-araki-public20140906 jawsfesta-araki-public
20140906 jawsfesta-araki-public
 
AWSつもり違い10箇条 at 201408 jaws高尾山ビアマウント
AWSつもり違い10箇条 at 201408 jaws高尾山ビアマウント AWSつもり違い10箇条 at 201408 jaws高尾山ビアマウント
AWSつもり違い10箇条 at 201408 jaws高尾山ビアマウント
 
20140717 awssummit2014-cloud-operation
20140717 awssummit2014-cloud-operation20140717 awssummit2014-cloud-operation
20140717 awssummit2014-cloud-operation
 
20140628 AWSの2014前半のアップデートまとめ
20140628 AWSの2014前半のアップデートまとめ20140628 AWSの2014前半のアップデートまとめ
20140628 AWSの2014前半のアップデートまとめ
 
20140621 july techfesta (JTF2014) 突発**むけAWS
20140621 july techfesta (JTF2014) 突発**むけAWS20140621 july techfesta (JTF2014) 突発**むけAWS
20140621 july techfesta (JTF2014) 突発**むけAWS
 
MTのスケールアップパターン with AWS
MTのスケールアップパターン with AWSMTのスケールアップパターン with AWS
MTのスケールアップパターン with AWS
 
S3をてなづけてオレオレバックエンドにしてみた話
S3をてなづけてオレオレバックエンドにしてみた話S3をてなづけてオレオレバックエンドにしてみた話
S3をてなづけてオレオレバックエンドにしてみた話
 
20140418 aws-casual-network
20140418 aws-casual-network20140418 aws-casual-network
20140418 aws-casual-network
 

Recently uploaded

Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 

セキュリティを意識したAWS使用法

  • 1. AWS Twitter: @ar1 yasuarak@amazon.co.jp
  • 2. !  §  §  §  §  Twitter:ar1 §  Debian
  • 3. IaaS(AWS) Customer 1 Customer 2 …   Customer n Hypervisor Virtual Interfaces Customer 1 Security Groups Customer 2 Security Groups … Customer n Security Groups Firewall AWS Physical Interfaces
  • 4. •  Amazon ( )   •    Amazon  EC2   Instances   Encrypted     File  System   Amazon  EC2   Instance   Encrypted   Swap  File  
  • 5. •  /   •  iptables /   Inbound  Traffic   Amazon  EC2   Instances     iptables   Encrypted     File  System   Amazon  EC2   Instance   Encrypted   Swap  File  
  • 6.
  • 7. EC2 EC2 …   EC2 Hypervisor Virtual Interfaces Customer 1 Security Groups Customer 2 Security Groups … Customer n Security Groups Firewall AWS Physical Interfaces
  • 8. EC2 SSH AMI
  • 9. AMI
  • 10. AMI AMI EBS ? ( ) ( ) EBS ssh virus
  • 11. ssh ! ssh §  /etc/init.d/ssh ssh §  lsof (lsof –i :22, lsof –p XXX) ! authorized_keys §  # sshd -T | grep authorizedkeysfile
  • 12. AWS Public AMI ssh If you forget to remove the existing SSH host key pairs from your public AMI, our routine auditing process will notify you and all customers running instances of your AMI of the potential security risk. After a short grace period, we will mark the AMI private.
  • 13. !   VPC outbound !   t1.micro §  32bit 64bit 64bit 32bit VM mount !   mount –o noexec ! chroot