awsの運用自動化サービス cloud automator で攻めのシステム運用 amimoto...
TRANSCRIPT
-
Cloud Automator
AMIMOTO
-
@oko_chang
http://facebook.com/yanase.hideaki
http://okochang.hatenablog.jp
NARUTO - -
Cloud Automator
-
Cloud Automator
()
AWS(Amazon Web Services)
AWS
AWS
AWS
AWS
CLOUD AUTOMATOR
-
Cloud Automator
-
IDhttps://docs.aws.amazon.com/ja_jp/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html
http://docs.aws.amazon.com/ja_jp/IAM/latest/UserGuide/access_policies_managed-using.html
http://docs.aws.amazon.com/ja_jp/IAM/latest/UserGuide/access_policies_inline-using.html
-
IAM
h$ps://cloudautomator.com/blog/2014/11/11/sample-iam-group-policy/
-
Cloud Automator
-
Cloud Automator
Cloud Automator
HTTP
SQS
SNS
EC2:
EC2:
EC2: AMI
EC2:
EC2:
EC2: AMI
RDS: DB
Route53:
WorkSpaces: WorkSpace
-
133
AWS
-
AMIMOTO
AWS cloud
region
Availability Zone
VPC subnet VPC subnet
AMIMOTO AMI
RDS DB instance
users
InternetInternet gateway
ElasBc Load Balancing
-
AWS cloud
region
Availability Zone
VPC subnet VPC subnet
AMIMOTO AMI
RDS DB instance
users
InternetInternet gateway
ElasBc Load Balancing
-
AWS cloud
region
Availability Zone
VPC subnet VPC subnet
AMIMOTO AMI
RDS DB instance
users
InternetInternet gateway
ElasBc Load Balancing
-
400
EC2: AMIRDS: DB
-
AMIMOTO
AWS cloud
region
Availability Zone
VPC subnet VPC subnet
AMIMOTO AMI RDS DB instance
users
InternetInternet gateway
AMIMOTO AMI
AMIMOTO
AMI
ElasBc Load Balancing
-
AWS cloud
region
Availability Zone
VPC subnet VPC subnet
AMIMOTO AMI RDS DB instance
users
InternetInternet gateway
AMIMOTO AMI
AMIMOTO
AMI
ElasBc Load Balancing
-
AWS cloud
region
Availability Zone
VPC subnet VPC subnet
AMIMOTO AMI RDS DB instance
users
InternetInternet gateway
AMIMOTO AMI
AMIMOTO
AMI
ElasBc Load Balancing
-
1
EC2:
2
EC2:
-
AMIMOTO
AWS cloud
region
Availability Zone
VPC subnet
users
InternetInternet gateway
security group
AMIMOTO AMI
Protocol Port Range Source
TCP 80 0.0.0.0/0
TCP 443 0.0.0.0/0
TCP 22 10.20.30.40/32
-
SSHLAN
-
AWS cloud
region
Availability Zone
VPC subnet
users
InternetInternet gateway
security group
AMIMOTO AMI
Protocol Port Range Source
TCP 80 0.0.0.0/0
TCP 443 0.0.0.0/0
TCP 22 10.20.30.40/32
-
AWS cloud
region
Availability Zone
VPC subnet
users
InternetInternet gateway
security group
AMIMOTO AMI
Protocol Port Range Source
TCP 80 0.0.0.0/0
TCP 443 0.0.0.0/0
TCP 22 10.20.30.40/32
-
EC2:
TCP220.0.0.0/0
-
AMIMOTO
AWS cloud
Tokyo region
Availability Zone
VPC subnet
Internet gateway
AMIMOTO AMI AMIMOTO AMI
AMIMOTO AMI
Singapore region
users
Internet
-
AWS cloud
Tokyo region
Availability Zone
VPC subnet
Internet gateway
AMIMOTO AMI AMIMOTO AMI
AMIMOTO AMI
Singapore region
users
Internet
-
AWS cloud
Tokyo region
Availability Zone
VPC subnet
Internet gateway
AMIMOTO AMI AMIMOTO AMI
AMIMOTO AMI
Singapore region
users
Internet
-
SQS
EC2: AMI
EC2: AMISQS
-
AMI
1
SQS
AMI
2
SQS
Email
-
AWS cloud
Tokyo region
Availability Zone
VPC subnet
Internet gateway
AMIMOTO AMI AMIMOTO AMI
AMIMOTO AMI
Singapore region
users
Internet
-
AWS cloud
Tokyo region
Availability Zone
VPC subnet
Internet gateway
AMIMOTO AMI AMIMOTO AMI
AMIMOTO AMI
Singapore region
users
Internet
-
AMI
EC2: AMI
key: copy value: on
EC2: AMI
key: copy value: on
-
AMIMOTO
AWS cloud
region
Availability Zone
VPC subnet VPC subnet
AMIMOTO AMI RDS DB instance
users
InternetInternet gateway
AMIMOTO AMI
AMIMOTO
AMI
ElasBc Load Balancing
-
201653OpenSSL CVE-2016-2108
2016217glibc CVE-2015-7547
2016114 Linux CVE-2016-0728
2015319OpenSSL CVE-2015-0291
2015128glibc CVE-2015-0235
-
AWS cloud
region
Availability Zone
VPC subnet VPC subnet
AMIMOTO AMI RDS DB instance
users
InternetInternet gateway
AMIMOTO AMI
AMIMOTO
AMI
ElasBc Load Balancing
-
AWS cloud
region
Availability Zone
VPC subnet VPC subnet
AMIMOTO AMI RDS DB instance
users
InternetInternet gateway
AMIMOTO AMI
AMIMOTO
AMI
ElasBc Load Balancing
-
HTTP
EC2:
-
Amazon Aurora
Cloud AutomatorRDS(Aurora): DBRDS(Aurora): DBRDS(Aurora): DB
AMIMOTOJIN-KEI Simple StackAmazon Aurora
-
Cloud AutomatorAMIMOTO
Webhttps://cloudautomator.com
Twitterhttps://twitter.com/cloudautomator
Facebookhttps://www.facebook.com/CloudAutomator/