{"id":303,"date":"2024-01-15T19:55:23","date_gmt":"2024-01-15T10:55:23","guid":{"rendered":"https:\/\/matomemopad.com\/?p=303"},"modified":"2026-01-25T19:53:25","modified_gmt":"2026-01-25T10:53:25","slug":"%e3%82%a2%e3%82%af%e3%82%bb%e3%82%b9%e6%a8%a9%e9%99%90%e7%ae%a1%e7%90%86","status":"publish","type":"post","link":"https:\/\/matomemopad.com\/?p=303","title":{"rendered":"Access"},"content":{"rendered":"\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

\u57fa\u790e\u77e5\u8b58<\/h1>\n\n\n\n

\u25cf\u30af\u30ec\u30c7\u30f3\u30b7\u30e3\u30eb<\/strong><\/p>\n\n\n\n

ID\u3084\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u306f\u3058\u3081\u3068\u3059\u308b\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u4e0a\u3067\u30e6\u30fc\u30b6\u7b49\u306e\u8a8d\u8a3c\u306b\u7528\u3044\u3089\u308c\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u60c5\u5831\u306e\u7dcf\u79f0\u3002<\/p>\n\n\n\n

\u25cfSCIM<\/strong><\/p>\n\n\n\n

(System for Cross-domain Identity Management)<\/strong>
\u69d8\u3005\u306a\u30c9\u30e1\u30a4\u30f3\u9593\u3067\u30e6\u30fc\u30b6ID\u60c5\u5831\u306e\u3084\u308a\u3068\u308a<\/span>\u3092\u81ea\u52d5\u5316<\/strong>\u3059\u308b\u3002
\u8907\u6570\u306e\u30af\u30e9\u30a6\u30c9\u30b5\u30fc\u30d3\u30b9\u3084\u30b7\u30b9\u30c6\u30e0\u9593\u3067\u30e6\u30fc\u30b6\u30fcID\u306e\u6574\u5408\u6027<\/span>\u3092\u53d6\u308b\u3088\u3046\u306b\u7ba1\u7406\u3059\u308b\u30d7\u30ed\u30c8\u30b3\u30eb<\/mark><\/strong>\u3002<\/p>\n\n\n\n

\u25cf\u8a8d\u8a3c(AUTH)\u30c8\u30fc\u30af\u30f3<\/strong><\/p>\n\n\n\n

\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u306b\u7528\u3044\u3089\u308c\u308b\u30c7\u30b8\u30bf\u30eb\u30c8\u30fc\u30af\u30f3\u3002\u4e00\u822c\u7684\u306b\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3084\u30b5\u30fc\u30d3\u30b9\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u969b\u306b\u3001\u30e6\u30fc\u30b6\u30fc\u540d\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3059\u308b\u3053\u3068\u3067\u8a8d\u8a3c\u304c\u884c\u308f\u308c\u308b\u3002<\/p>\n\n\n\n

\u25cfSSL\/TLS<\/strong><\/p>\n\n\n\n

(Secure Sockets Layer\/Transport Layer Security)<\/strong>
\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u3067\u60c5\u5831\u3092\u9001\u53d7\u4fe1\u3059\u308b\u969b\u306e\u4ed5\u7d44\u307f\uff08\u30d7\u30ed\u30c8\u30b3\u30eb\uff09\u306e\u4e00\u7a2e\u3067\u3001\u30b5\u30fc\u30d0\u301cPC\u9593\u306e\u901a\u4fe1\u3092\u6697\u53f7\u5316\u3057\u3066\u5b89\u5168\u3092\u62c5\u4fdd\u3059\u308b\u3002<\/p>\n\n\n\n

[\u5229\u7528\u65b9\u6cd5]<\/strong>
\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u8aac\u660e\u3057\u3066\u3001CSR\uff08Certificate Signing Request\uff09\u30d5\u30a1\u30a4\u30eb\u3068\u547c\u3070\u308c\u308b\u8a3c\u660e\u66f8\u306e\u767a\u884c\u7533\u8acb\u66f8\u3092\u4f5c\u6210\u3002\u8a8d\u8a3c\u5c40\u306b\u304a\u91d1\u3092\u652f\u6255\u3044\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3057\u3066\u3082\u3089\u3044\u3001\u30b5\u30fc\u30d0\u3078\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u306a\u3069\u306e\u624b\u7d9a\u304d\u304c\u5fc5\u8981\u306b\u306a\u308b\u3002
\u203b\u8a3c\u660e\u66f8\u63a5\u7d9a\u30a8\u30e9\u30fc\u306f\u57fa\u672c\u7684\u306bSSL\u30a8\u30e9\u30fc\u3068\u3057\u3066\u78ba\u8a8d\u3055\u308c\u308b\u3053\u3068\u304c\u591a\u3044\u3002<\/p>\n\n\n\n

[SSL\u8a3c\u660e\u66f8\u306e\u7a2e\u985e]<\/strong><\/summary>\n
\u30c9\u30e1\u30a4\u30f3\u8a8d\u8a3c\u578bSSL\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8<\/strong>
\uff08DV: Domain Validation\uff09<\/td>		(\u30ec\u30d9\u30eb:\u4f4e)\u30c9\u30e1\u30a4\u30f3\u8a8d\u8a3c<\/td><\/tr>
\u7d44\u7e54\u8a8d\u8a3c\u578bSSL\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8<\/strong>
\uff08OV: Organization Validation\uff09<\/td>		(\u30ec\u30d9\u30eb:\u4e2d)\u30c9\u30e1\u30a4\u30f3\u8a8d\u8a3c\u30fb\u4f1a\u793e\u5b9f\u5728\u8a8d\u8a3c<\/td><\/tr>
EV SSL\u8a3c\u660e\u66f8<\/strong>
\uff08Extended Validation\uff09<\/td>		(\u30ec\u30d9\u30eb\uff1a\u9ad8)\u30c9\u30e1\u30a4\u30f3\u8a8d\u8a3c\u30fb\u4f1a\u793e\u5b9f\u5728\u8a8d\u8a3c\u30fb\u96fb\u8a71\u5b9f\u5728\u8a8d\u8a3c<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

<\/p>\n<\/details>\n\n\n\n

<\/p>\n\n\n\n

\u25c7\u30d5\u30a7\u30c7\u30ec\u30fc\u30b7\u30e7\u30f3<\/span><\/strong><\/p>\n\n\n\n

\u4e00\u5ea6\u306e\u8a8d\u8a3c\u3067<\/span><\/strong>\u8907\u6570\u306e\u30b7\u30b9\u30c6\u30e0\u3092\u4f7f\u3063\u305f\u308a\u3001\u8907\u6570\u306e\u30b5\u30fc\u30d3\u30b9\uff08\u30af\u30e9\u30a6\u30c9\u306a\u3069\uff09\u3001\u30ea\u30bd\u30fc\u30b9\u3084\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u53d7\u3051\u3089\u308c\u308b\u3088\u3046\u306b\u3059\u308b<\/mark>\u305f\u3081\u306e\u4ed5\u7d44\u307f\u3002<\/p>\n\n\n\n

[<\/span>\u30d5\u30a7\u30c7\u30ec\u30fc\u30b7\u30e7\u30f3\u306e\u65b9\u6cd5]<\/strong>
\u30b7\u30f3\u30b0\u30eb\u30b5\u30a4\u30f3\u30aa\u30f3(SSO)\u3092\u5b9f\u73fe\u3055\u305b\u308b\u305f\u3081\u306b\u65b9\u5f0f\u304c\uff14\u3064\u3042\u308a\u3001\u300c\u30d5\u30a7\u30c7\u30ec\u30fc\u30b7\u30e7\u30f3\u65b9\u5f0f<\/span>\u300d\u306f\u305d\u306e\u4e00\u3064\u3067\u3042\u308b\u3002
[\u53c2\u8003\u30b5\u30a4\u30c8<\/strong><\/a>]<\/p>\n\n\n\n

Web ID <\/strong>
\u30d5\u30a7\u30c7\u30ec\u30fc\u30b7\u30e7\u30f3<\/strong><\/td>		\u3010\u30d1\u30d6\u30ea\u30c3\u30af\u306a\u30c8\u30fc\u30af\u30f3\u3011<\/strong>
Amazon\u3084SNS\u3001Google(IdP:ID\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc)\u304c\u30e6\u30fc\u30b6\u30fc\u306e\u30c8\u30fc\u30af\u30f3<\/strong>\u3092\u767a\u884c\u3059\u308b\u3053\u3068\u3067\u30b5\u30a4\u30f3\u30a4\u30f3\u3067\u304d\u308b\u3002\u305d\u306e\u6642\u306b\u5916\u90e8\u30b5\u30fc\u30d3\u30b9\u306e\u30e6\u30fc\u30b6\u30fc\u60c5\u5831\u3068IAM\u30ed\u30fc\u30eb\u3092\u7d10\u3065\u3051\u3066<\/mark>\u4e00\u6642\u7684\u306b\u30a2\u30af\u30bb\u30b9\u6a29\u9650\u3092\u4ed8\u4e0e\u3059\u308b\u3002<\/td><\/tr>
\u305d\u306e\u4ed6\u5916\u90e8 ID \u30d5\u30a7\u30c7\u30ec\u30fc\u30b7\u30e7\u30f3<\/strong><\/td>\u3010\u5185\u90e8\u7d44\u7e54\u306e\u30c8\u30fc\u30af\u30f3\u3011<\/strong>
IAM \u30ed\u30fc\u30eb<\/mark>\u3092\u4f7f\u7528\u3057\u3066<\/span>\u3001ID \u304c\u7d44\u7e54\u307e\u305f\u306f\u7b2c\u4e09\u8005\u306e\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc (IdP) \u304b\u3089\u30d5\u30a7\u30c7\u30ec\u30fc\u30b7\u30e7\u30f3\u3055\u308c\u305f\u30e6\u30fc\u30b6\u30fc\u306e\u30a2\u30af\u30bb\u30b9\u8a31\u53ef\u3092\u6307\u5b9a\u3067\u304d\u308b\u3002\u793e\u5185\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306a\u3069\u3001AWS \u4ee5\u5916\u306e ID \u3092\u30e6\u30fc\u30b6\u30fc\u306b\u6709\u52b9\u3002<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

\u25cfIAM\u30d5\u30a7\u30c7\u30ec\u30fc\u30b7\u30e7\u30f3<\/strong><\/p>\n\n\n\n

\u7d44\u7e54\u5185\u306e\u65e2\u5b58\u306eID\u30b7\u30b9\u30c6\u30e0 (ID\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc<\/strong>) \u3092\u5229\u7528\u3057\u3066\u3001AWS\u3084\u305d\u306e\u4ed6\u306e\u30af\u30e9\u30a6\u30c9\u30b5\u30fc\u30d3\u30b9\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3059\u308b\u4ed5\u7d44\u307f\u3002ID\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u3068\u30d5\u30a7\u30c7\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u4f7f\u7528\u3057\u3066\u3001\u5404\u30ea\u30bd\u30fc\u30b9\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u30e6\u30fc\u30b6\u30fc\u306b\u6c42\u3081\u308b\u3002<\/p>\n\n\n\n

\u30d5\u30a7\u30c7\u30ec\u30fc\u30b7\u30e7\u30f3\u30bf\u30a4\u30d7<\/th>\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u7a2e\u985e<\/th>\u30a2\u30af\u30bb\u30b9\u7ba1\u7406\u5bfe\u8c61<\/th>\u30b5\u30dd\u30fc\u30c8\u3055\u308c\u3066\u3044\u308b
ID\u30bd\u30fc\u30b9\uff08\u30d7\u30ed\u30c8\u30b3\u30eb\uff09<\/th><\/tr><\/thead>
IAM<\/strong><\/td>\u5358\u4e00\u306e\u30b9\u30bf\u30f3\u30c9\u30a2\u30ed\u30f3\u30a2\u30ab\u30a6\u30f3\u30c8<\/td>\u30fb\u77ed\u671f\u9593\u306e\u5c0f\u898f\u6a21\u30c7\u30d7\u30ed\u30a4\u306b\u304a\u3051\u308b\u4eba\u9593\u30e6\u30fc\u30b6\u30fc,\u30de\u30b7\u30f3\u30e6\u30fc\u30b6\u30fc<\/td>\u30fbSAML 2.0
\u30fbOIDC<\/td><\/tr>
IAM Identity Center<\/strong><\/td>Organizations \u306b\u3088\u3063\u3066\u7ba1\u7406\u3055\u308c\u308b\u8907\u6570\u306e\u30a2\u30ab\u30a6\u30f3\u30c8<\/td>\u30ef\u30fc\u30af\u30d5\u30a9\u30fc\u30b9\u306e\u4eba\u9593\u30e6\u30fc\u30b6\u30fc<\/td>\u30fbSAML 2.0
\u30fb\u30de\u30cd\u30fc\u30b8\u30c9 Active Directory
\u30fbIdentity Center \u30c7\u30a3\u30ec\u30af\u30c8\u30ea<\/td><\/tr>
Cognito<\/strong><\/td>\u3044\u305a\u308c\u304b<\/td>\u30ea\u30bd\u30fc\u30b9\u3078\u306e\u30a2\u30af\u30bb\u30b9\u306b IAM \u8a8d\u53ef\u3092\u5fc5\u8981\u3068\u3059\u308b\u30a2\u30d7\u30ea\u306e\u30e6\u30fc\u30b6\u30fc<\/td>\u30fbSAML 2.0
\u30fbOIDC
\u30fbOAuth 2.0 \u30bd\u30fc\u30b7\u30e3\u30eb ID \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u306e\u9078\u629e<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

<\/p>\n\n\n\n

\u25c7ID \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc(IdP)<\/span><\/strong><\/p>\n\n\n\n

\u2605\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u3068\u306f\u2026
\u56de\u7dda\u3092\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u3068\u7e4b\u3052\u308b\u5f79\u5272\u3092\u62c5\u3046\u63a5\u7d9a\u4e8b\u696d\u8005<\/strong><\/mark>\u306e\u3053\u3068\u3002\u5916\u90e8\u306e\u4eba\u5411\u3051<\/strong>\u306b\u30c8\u30fc\u30af\u30f3\u3092\u767a\u884c\u3057\u3066\u304f\u308c\u308b\u4e8b\u696d\u8005<\/span><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

\u30fb\u5916\u90e8\u30e6\u30fc\u30b6\u30fc<\/span> ID \u306b\u30a2\u30ab\u30a6\u30f3\u30c8\u5185\u306e AWS \u30ea\u30bd\u30fc\u30b9<\/mark>\u306b\u5bfe\u3059\u308b\u30a2\u30af\u30bb\u30b9\u8a31\u53ef\u3092\u4e0e\u3048\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u3002
\u3000\u203b\u5916\u90e8\u30e6\u30fc\u30b6\u30fc\uff1d\u3088\u304f\u77e5\u3089\u308c\u305f IdP[\u4e8b\u696d\u8005] (\u4f8b: Login with Amazon\u3001Facebook\u3001Google)
\u30fb\u4f1a\u793e\u306b\u65e2\u306b\u4f01\u696d\u30e6\u30fc\u30b6\u30fc\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306a\u3069\u306e\u72ec\u81ea\u306e ID \u30b7\u30b9\u30c6\u30e0\u304c\u3042\u308b\u5834\u5408\u306b\u4fbf\u5229
\u30fbAWS \u30ea\u30bd\u30fc\u30b9\u3078\u30a2\u30af\u30bb\u30b9\u304c\u5fc5\u8981\u306a\u30e2\u30d0\u30a4\u30eb\u30a2\u30d7\u30ea\u3084\u30a6\u30a7\u30d6\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u4f5c\u6210\u3059\u308b\u5834\u5408\u306b\u4fbf\u5229<\/p>\n\n\n\n

[\u5927\u307e\u304b\u306a\u4ed8\u4e0e\u30d7\u30ed\u30bb\u30b9]<\/strong><\/summary>\n

\u65e2\u306b\u30e6\u30fc\u30b6\u30fcID\u3092AWS\u306e\u5916\u3067\u7ba1\u7406\u3057\u3066\u3044\u308b\uff08\u5916\u90e8\u30e6\u30fc\u30b6\u30fc\uff09\u306f\u3001\u3001\u3001<\/p>\n\n\n\n

1 : IAM ID \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3<\/span><\/strong>\u3092\u4f5c\u6210\u3057\u3066\u3001AWS \u30a2\u30ab\u30a6\u30f3\u30c8<\/strong> \u3068 IdP<\/strong> \u306e\u9593\u306b\u4fe1\u983c\u95a2\u4fc2<\/mark>\u3092\u78ba\u7acb\u3002
2 : AWS \u30a2\u30ab\u30a6\u30f3\u30c8 \u306b IAM \u30e6\u30fc\u30b6\u30fc\u3092\u4f5c\u6210\u3059\u308b\u4ee3\u308f\u308a<\/span>\u306b\u30c8\u30fc\u30af\u30f3<\/strong>\u3092\u4f5c\u6210\uff08\u5f97\u308b\uff09\u3002
3 : \u5916\u90e8 IdP \u306f\u3001OpenID Connect <\/mark>\u307e\u305f\u306f SAML 2.0<\/mark> \u306e\u3044\u305a\u308c\u304b\u3092\u4f7f\u7528\u3057\u3066 ID \u60c5\u5831\u3092 AWS \u306b\u63d0\u4f9b\u3059\u308b\u3002
4 : \u4ee5\u964d\u304b\u3089\u5916\u90e8idP\u3092\u4f7f\u7528\u3057\u3066\u30b5\u30a4\u30f3\u30a4\u30f3\u3059\u308b\u3002
[\u53c2\u8003\u516c\u5f0f\u30b5\u30a4\u30c8<\/a>]<\/p>\n<\/details>\n\n\n\n

[ID \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u00d7\u30d5\u30a7\u30c7\u30ec\u30fc\u30b7\u30e7\u30f3]<\/strong><\/summary>\n

AWS \u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u7ba1\u7406\u306e\u4ed5\u7d44\u307f\u3067\u3042\u308b\uff08IAM \u30e6\u30fc\u30b6\u30fc\uff09\u3067\u30e6\u30fc\u30b6\u30fc\u8a8d\u8a3c\u3092\u3057\u3066 AWS \u3092\u5229\u7528\u3067\u304d\u308b\u3088\u3046\u306b\u3059\u308b\u306e\u3067\u306f\u306a\u304f<\/span>\u3001\u5916\u90e8\u306e ID \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\uff08IdP\uff09\u3067\u7ba1\u7406\u3055\u308c\u3066\u3044\u308b ID \u3092\u4f7f\u3063\u3066\u8a8d\u8a3c\u3057\u3066 AWS \u3092\u5229\u7528\u3067\u304d\u308b\u3088\u3046\u306b\u3059\u308b\u4ed5\u7d44\u307f<\/strong>(AWS \u304c\u8a8d\u8a3c\u3092\u3059\u308b\u306e\u3067\u306f\u306a\u304f\u3001AWS \u306f\u8a8d\u8a3c\u5f8c\u306b\u6e21\u3055\u308c\u308b\u3082\u306e(ID \u30c8\u30fc\u30af\u30f3\u306a\u3069)\u3092\u307f\u3066 AWS \u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u4e8b\u3092\u8a31\u53ef\u3059\u308b)
[\u5f15\u7528\u5143\u30b5\u30a4\u30c8<\/a>]<\/p>\n<\/details>\n\n\n\n

[IdP \u3092\u76f4\u63a5 IAM \u306b\u30ea\u30f3\u30af\u3059\u308b]<\/strong><\/summary>\n

ID \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\u3092\u4f5c\u6210\u3057\u3066\u3001AWS \u30a2\u30ab\u30a6\u30f3\u30c8\u3068 IdP \u306e\u9593\u306b\u4fe1\u983c\u95a2\u4fc2\u3092\u78ba\u7acb<\/mark>\u3059\u308b\u3002IAM\u306f\u3001OpenID Connect (OIDC) \u307e\u305f\u306f SAML 2.0 (Security Assertion Markup Language 2.0) \u3068\u4e92\u63db\u6027\u306e\u3042\u308b IdP \u3092\u30b5\u30dd\u30fc\u30c8\u3059\u308b\u3002<\/p>\n\n\n\n

\u203bIAM Identity Center\u3092\u6709\u52b9\u306b\u305b\u305a\u3001AWS \u30a2\u30ab\u30a6\u30f3\u30c8\u3092 1 \u3064\u3060\u3051\u4f7f\u7528\u3059\u308b\u306b\u306f\u3001\u3001\u3001
OIDC \u307e\u305f\u306f SAML 2.0 \u3092\u4f7f\u7528\u3057\u3066 ID \u60c5\u5831\u3092 AWS \u306b\u63d0\u4f9b\u3059\u308b\u5916\u90e8 IdP \u3067 IAM \u3092\u4f7f\u7528\u3067\u304d\u308b\u3002<\/p>\n<\/details>\n\n\n\n

\u25cfOIDC<\/strong><\/p>\n\n\n\n

GitHub Actions \u306a\u3069\u3001AWS \u4e0a\u3067\u5b9f\u884c\u3057\u306a\u3044\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092 AWS \u30ea\u30bd\u30fc\u30b9\u306b\u63a5\u7d9a\u3067\u304d\u308b\u3002<\/p>\n\n\n\n

\u25cfOIDC \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc<\/strong><\/p>\n\n\n\n

AWS\u30a2\u30ab\u30a6\u30f3\u30c8\u3068OIDC\u3092\u30b5\u30dd\u30fc\u30c8\u3059\u308b\u5916\u90e8IdP\u3068\u306e\u4fe1\u983c\u95a2\u4fc2\u3092\u78ba\u7acb\u3059\u308b\u305f\u3081\u306eIAM\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3<\/strong>\u3002OIDC \u4e92\u63db IdP \u3068 AWS \u30a2\u30ab\u30a6\u30f3\u30c8 \u306e\u9593\u3067\u4fe1\u983c\u6027\u3092\u78ba\u7acb\u3059\u308b<\/mark>\u3068\u304d\u306b IAM OIDC ID \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u3092\u4f7f\u7528\u3059\u308b\u3002
[\u5f15\u7528\u5143\u30b5\u30a4\u30c8<\/a>]<\/p>\n\n\n\n

\u25c7\u30d7\u30ed\u30c8\u30b3\u30eb<\/span><\/strong><\/p>\n\n\n\n

<\/p>\n\n\n\n

[\u30d5\u30a7\u30c7\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u5b9f\u73fe\u3055\u305b\u308b\u6280\u8853]<\/strong>
\u30d5\u30a7\u30c7\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u5b9f\u73fe\u3055\u305b\u308b\u305f\u3081\u306e<\/strong>\u30d7\u30ed\u30c8\u30b3\u30eb\u306e\u7a2e\u985e\u3002\u30d5\u30a7\u30c7\u30ec\u30fc\u30b7\u30e7\u30f3\u8a8d\u8a3c\u306e\u696d\u754c\u6a19\u6e96\u3002<\/p>\n\n\n\n

OpenID Connect<\/strong> <\/td>\u3010\u30c8\u30fc\u30af\u30f3\u767a\u884c\u51e6\u7406\u306e\u6a19\u6e96\u4ed5\u69d8\u3011<\/strong>\u3000\u203b\u30d9\u30fc\u30b9\uff1aOAuth 2.0\u30d7\u30ed\u30c8\u30b3\u30eb
\u30b5\u30fc\u30d3\u30b9\u9593\u3067\u5229\u7528\u8005\u306e\u540c\u610f\u306b\u57fa\u3065\u304dID\u60c5\u5831\u3092\u6d41\u901a\u3059\u308b\u305f\u3081\u306e\u6a19\u6e96\u4ed5\u69d8\u3002 \u5229\u7528\u8005\u304cOpenID\u63d0\u4f9b\u30b5\u30a4\u30c8\u306b\u767b\u9332\u3057\u305fID\u60c5\u5831\u3092\u4f7f\u3063\u3066\u3001\u307b\u304b\u306eOpenID\u5bfe\u5fdc\u30b5\u30a4\u30c8\u306b\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u3053\u3068\u304c\u53ef\u80fd\u306b\u306a\u308b\u3002
[\u53c2\u8003\u30b5\u30a4\u30c8<\/a>]<\/td><\/tr>
SAML 2.0 <\/strong><\/td>\u3010\u7570\u306a\u308b\u30d7\u30ed\u30c8\u30b3\u30eb\u306e\u901a\u4fe1\u65b9\u6cd5\u3011<\/strong>
\u5916\u90e8\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304a\u3088\u3073\u30b5\u30fc\u30d3\u30b9\u306b\u30e6\u30fc\u30b6\u30fc\u304c\u672c\u4eba\u3067\u3042\u308b\u3053\u3068<\/mark><\/strong>\u3092\u4f1d\u3048\u308b\u6a19\u6e96\u5316\u3055\u308c\u305f\u65b9\u6cd5\u306e\u3053\u3068\u3002
\uff08\u203b\u7570\u306a\u308b\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u30c9\u30e1\u30a4\u30f3\u306e\u901a\u4fe1\u3092\u5b9f\u73fe\u3059\u308b\u305f\u3081\u306e\u901a\u4fe1\u30d7\u30ed\u30c8\u30b3\u30eb\uff09
\u30e6\u30fc\u30b6\u30fc\u3092\u4e00\u5ea6\u8a8d\u8a3c\u3057\u3066\u304b\u3089\u8a8d\u8a3c\u3092\u8907\u6570\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u4f1d\u3048\u308b\u65b9\u6cd5\u3092\u63d0\u4f9b\u3057\u3001\u30b7\u30f3\u30b0\u30eb\u30b5\u30a4\u30f3\u30aa\u30f3\uff08SSO\uff09\u6280\u8853\u3092\u53ef\u80fd\u306b\u3059\u308b<\/span>\u3002\u8ab0\u304c\u8ab0\u304b\u3092\u793a\u3059\u305f\u3081\u306e\u6a19\u6e96\u5316\u3055\u308c\u305f\u65b9\u6cd5\u3002\u8eab\u5143\u7279\u5b9a\u3057\u306a\u304f\u3066\u3082\u3001\u8eab\u5206\u8a3c\u3092\u898b\u308b\u3060\u3051\u3067\u6e08\u3080\u3002
[\u53c2\u8003\u30b5\u30a4\u30c8<\/a>]
\u203bSAML\uff1aSecurity Assertion Markup Language
\u203b\u30d9\u30fc\u30b9\uff1aXML SAML\u30d5\u30a9\u30fc\u30de\u30c3\u30c8

\u30fbSAML\u30a2\u30b5\u30fc\u30b7\u30e7\u30f3<\/strong>
\u8a8d\u8a3c\u306b\u6210\u529f\u3057\u305f\u3068\u304d\u306bID\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u304c\u767a\u884c\u3059\u308b\u30e1\u30c3\u30bb\u30fc\u30b8\u3002 \u30e6\u30fc\u30b6\u30fc\u306b\u95a2\u3059\u308b\u8a8d\u8a3c\u30fb\u8a8d\u53ef\u306e\u60c5\u5831\u304cXML\u5f62\u5f0f\u3067\u51fa\u529b\u3055\u308c\u3001\u30b5\u30fc\u30d3\u30b9\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u304c\u53d7\u4fe1\u3057\u3001\u5185\u5bb9\u3092\u78ba\u8a8d\u3059\u308b\u3002<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

[\u5f15\u7528\u5143\u30b5\u30a4\u30c8\uff1a\u30d7\u30ed\u30c8\u30b3\u30eb\u306e\u9055\u3044\u306b\u3064\u3044\u3066<\/a>]<\/p>\n\n\n\n

[\u89e3\u91c8]<\/strong>
idP\u304c\u30c8\u30fc\u30af\u30f3\u767a\u884c \u21d2 \u30d5\u30a7\u30c7\u30ec\u30fc\u30b7\u30e7\u30f3\u6a5f\u80fd\uff08SSO\uff09\u3060\u3051\u3067\u30b5\u30a4\u30f3\u30a4\u30f3\u3067\u304d\u308b\u3051\u3069\u3001\u30ed\u30fc\u30eb\u3068\u7d10\u3065\u3051\u308b\u3053\u3068<\/span><\/strong>\u3067\u5b89\u5168\u6027\u304c\u78ba\u4fdd\u3055\u308c\u308b\u3002\u3053\u308c\u304c\u57fa\u672c\uff08\uff1f\uff09<\/p>\n\n\n\n

<\/p>\n\n\n\n

IAM<\/strong><\/h1>\n\n\n\n
\"\"<\/figure>
\n

\u3010\u30a2\u30ab\u30a6\u30f3\u30c8\u7ba1\u7406\u3011<\/strong>
\u203bIdentity and Access Management
\u300cID\u306e\u7ba1\u7406\u30fb\u8a8d\u8a3c\u30fb\u8a8d\u53ef\u300d\u3092\u4e3b\u3068\u3059\u308b\u3002\u4f01\u696d\u304c\u5229\u7528\u3059\u308b\u30b7\u30b9\u30c6\u30e0\u3054\u3068\u306b\u8a2d\u5b9a\u3055\u308c\u305f\u8907\u6570\u306eID\u3092\u7d71\u5408\u7ba1\u7406\u3057\u3001\u540c\u6642\u306b\u30a2\u30af\u30bb\u30b9\u6a29\u9650\u306e\u9069\u5207\u306a\u7ba1\u7406\u3092\u884c\u3046\u3002<\/p>\n<\/div><\/div>\n\n\n\n

\u6a29\u9650\u30ec\u30d9\u30eb<\/strong><\/summary>\n
[\u5f37]
\u30eb\u30fc\u30c8\u30a2\u30ab\u30a6\u30f3\u30c8<\/strong><\/td>		[\u4e2d]
\u7ba1\u7406\u8005\u6a29\u9650<\/strong>
\uff08IAM\u30e6\u30fc\u30b6\u30fc\uff09<\/td>		[\u5f31]
\u30d1\u30ef\u30fc\u30e6\u30fc\u30b6\u30fc<\/strong>
(IAM\u30e6\u30fc\u30b6\u30fc)<\/td><\/tr>
\u30fbAWS\u30eb\u30fc\u30c8\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3084\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u5909\u66f4
\u30fbIAM\u30e6\u30fc\u30b6\u30fc\u306e\u8ab2\u2fa6\u60c5\u5831\u3078\u306e\u30a2\u30af\u30bb\u30b9\u306b\u95a2\u3059\u308bactivate\/deactivate
\u30fb\u4ed6\u306eAWS\u30a2\u30ab\u30a6\u30f3\u30c8\u3078\u306eRoute53\u306e\u30c9\u30e1\u30a4\u30f3\u767b\u9332\u306e\u79fb\u2f8f
\u30fbAWS\u30b5\u30fc\u30d3\u30b9\uff08\u30b5\u30dd\u30fc\u30c8\u7b49\uff09\u306e\u30ad\u30e3\u30f3\u30bb\u30eb
\u30fbAWS\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u505c\u2f4c
\u30fb\u30b3\u30f3\u30bd\u30ea\u30c7\u30a4\u30c6\u30c3\u30c9\u30d3\u30ea\u30f3\u30b0\u306e\u8a2d\u5b9a
\u30fb\u8106\u5f31\u6027\u8a3a\u65ad\u30d5\u30a9\u30fc\u30e0\u306e\u63d0\u51fa
\u30fb\u9006\u5f15\u304dDNS\u7533\u8acb<\/td>		\u30eb\u30fc\u30c8\u30a2\u30ab\u30a6\u30f3\u30c8\u3068\u540c\u7b49\u306e\u6a29\u9650\u306f\u306a\u3044<\/td>IAM\u306e\u64cd\u4f5c\u6a29\u9650\u306a\u3057<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

\u25cf\u30a2\u30af\u30bb\u30b9\u8a31\u53ef\u306e\u5883\u754c<\/strong>
IAM\u306e\u9ad8\u5ea6\u306a\u6a5f\u80fd\u3002\u7ba1\u7406\u30dd\u30ea\u30b7\u30fc\uff08AWS\u7ba1\u7406\u30dd\u30ea\u30b7\u30fc \/ \u30ab\u30b9\u30bf\u30de\u30fc\u7ba1\u7406\u30dd\u30ea\u30b7\u30fc\uff09<\/span>\u3092\u4f7f\u3063\u3066\u3001\u30a2\u30a4\u30c7\u30f3\u30c6\u30a3\u30c6\u30a3\u30d9\u30fc\u30b9\u306e\u30dd\u30ea\u30b7\u30fc\u3092IAM\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\uff08\u30e6\u30fc\u30b6\u30fc\u3084\u30ed\u30fc\u30eb\uff09\u306b\u4ed8\u4e0e\u3059\u308b\u3053\u3068\u3067\u3001IAM \u30e6\u30fc\u30b6\u30fc\u3084\u30ed\u30fc\u30eb\u306b\u5bfe\u3057\u3066\u300c\u6700\u5927\u9650\u8a31\u53ef\u3067\u304d\u308b\u64cd\u4f5c\u306e\u7bc4\u56f2\u300d\u3092\u5236\u9650\u3059\u308b\u305f\u3081\u306e\u4ed5\u7d44\u307f\u3002<\/p>\n\n\n\n

\u30fb\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\u306f\u30a2\u30a4\u30c7\u30f3\u30c6\u30a3\u30c6\u30a3\u30d9\u30fc\u30b9\u306e\u30dd\u30ea\u30b7\u30fc\u3068\u305d\u306e\u30a2\u30af\u30bb\u30b9\u8a31\u53ef\u306e\u5883\u754c\u306e\u4e21\u65b9\u3067\u8a31\u53ef\u3055\u308c\u3066\u3044\u308b\u30a2\u30af\u30b7\u30e7\u30f3\u306e\u307f\u3092\u5b9f\u884c\u3067\u304d\u308b\u3002
\uff08\u5b9f\u969b\u306e\u30a2\u30af\u30bb\u30b9\u8a31\u53ef\u306f\u3001IAM \u30dd\u30ea\u30b7\u30fc<\/strong>\u3068\u30a2\u30af\u30bb\u30b9\u8a31\u53ef\u306e\u5883\u754c<\/strong>\u306e\u4e21\u65b9\u3067\u8a31\u53ef\u3055\u308c\u3066\u3044\u308b\u64cd\u4f5c\u306e\u307f\u304c\u6709\u52b9\u306b\u306a\u308b\uff08AND\u6761\u4ef6\uff09\uff09<\/p>\n<\/details>\n\n\n\n

IAM\u30dd\u30ea\u30b7\u30fc<\/strong><\/summary>\n
AWS\u7ba1\u7406\u30dd\u30ea\u30b7\u30fc
(\u30de\u30cd\u30fc\u30b8\u30c9)<\/strong><\/td>		\u4e88\u3081AWS\u306b\u3088\u3063\u3066\u7528\u610f\u3055\u308c\u3066\u3044\u308b\u7ba1\u7406\u30dd\u30ea\u30b7\u30fc\u3002\u300c\u30dd\u30ea\u30b7\u30fc\u300d\u5358\u4f53\u3068\u3057\u3066\u5b58\u5728\u3067\u304d\u3066\u3001\u8907\u6570\u306e\u30d7\u30ea\u30f3\u30b7\u30d1\u30eb\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\u306b\u30a2\u30bf\u30c3\u30c1\u3057\u3066\u5229\u7528\u53ef\u80fd\u3002\u30dd\u30ea\u30b7\u30fc\u3092\u5909\u66f4\u3059\u308b\u3068\u30a2\u30bf\u30c3\u30c1\u3055\u308c\u3066\u3044\u308b\u5168\u3066\u306e\u30d7\u30ea\u30f3\u30b7\u30d1\u30eb\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\u304c\u5909\u66f4\u9069\u7528\u3002\u30d0\u30fc\u30b8\u30e7\u30cb\u30f3\u30b0\u3001\u30ed\u30fc\u30eb\u30d0\u30c3\u30af\u53ef\u80fd\u3002<\/td><\/tr>
\u30ab\u30b9\u30bf\u30de\u30fc\u7ba1\u7406\u30dd\u30ea\u30b7\u30fc<\/strong><\/td>\u30e6\u30fc\u30b6\u30fc\uff08\u304a\u5ba2\u69d8\uff09\u81ea\u8eab\u304c\u7ba1\u7406\u3067\u304d\u308b\u7ba1\u7406\u30dd\u30ea\u30b7\u30fc\u3002<\/td><\/tr>
\u30a4\u30f3\u30e9\u30a4\u30f3\u30dd\u30ea\u30b7\u30fc<\/strong><\/td>\u7279\u5b9a\u306eIAM\u30e6\u30fc\u30b6\u3084IAM\u30ed\u30fc\u30eb\u5c02\u7528\u306b\u4f5c\u6210\u3055\u308c\u308b\u30dd\u30ea\u30b7\u30fc\u3002\uff08\u4f7f\u3044\u307e\u308f\u3057\u304c\u3067\u304d\u306a\u3044\uff09 \u300c\u30dd\u30ea\u30b7\u30fc\u300d\u5358\u4f53\u3067\u306f\u5b58\u5728\u3067\u304d\u305a\u3001\u30d7\u30ea\u30f3\u30b7\u30d1\u30eb\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3(1\u3064\u306eIAM\u30e6\u30fc\u30b6)\u306a\u3069\u30011\u5bfe1\u3067\u306e\u30a2\u30bf\u30c3\u30c1\u3057\u304b\u3067\u304d\u306a\u3044\u3002<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

AWS\u30b5\u30fc\u30d3\u30b9\u3084AWS\u30ea\u30bd\u30fc\u30b9(\u30ea\u30bd\u30fc\u30b9\u9593\u306e\u9023\u643a)\u306b\u5bfe\u3059\u308b\u64cd\u4f5c\u6a29\u9650\u3092\u5b9a\u7fa9\u3057\u3066\u3001IAM\u30e6\u30fc\u30b6\u3084IAM\u30b0\u30eb\u30fc\u30d7\u306b\u30a2\u30bf\u30c3\u30c1\u3002<\/p>\n\n\n\n

<\/th>\u7279\u5fb4<\/th><\/tr><\/thead>
JSON\u5f62\u5f0f\u3067<\/strong>
\u5b9a\u7fa9<\/strong><\/td>		Action(\u3069\u306e\u30b5\u30fc\u30d3\u30b9\u306e)\u3001Resource(\u3069\u3046\u3044\u3046\u6a5f\u80fd\u3084\u7bc4\u56f2\u3092)\u3001Effect(\u8a31\u53ef\/\u62d2\u5426)<\/td><\/tr>
Condition\u8981\u7d20<\/strong><\/td>IAM\u30dd\u30ea\u30b7\u30fc\u306eCondition\u8981\u7d20\u5185\u3067\u3001\u7279\u5b9a\u306e\u30bf\u30b0\u3068\u5024\u3092\u6301\u3064\u30ea\u30bd\u30fc\u30b9\u3078\u306e\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u3067\u304d\u308b\u3002<\/td><\/tr>
API\u30a2\u30af\u30bb\u30b9\u306e\u8a2d\u5b9a<\/strong><\/td>\u30e6\u30fc\u30b6\u30fc\u304c\u547c\u3073\u51fa\u3059\u3053\u3068\u304c\u3067\u304d\u308b API \u30aa\u30da\u30ec\u30fc\u30b7\u30e7\u30f3\u3092\u6307\u5b9a\u3067\u304d\u308b\u3002<\/td><\/tr>
MFA\u8a8d\u8a3c\u306e<\/strong>
\u56fa\u5b9a\u5316<\/strong><\/td>		\u5834\u5408\u306b\u3088\u3063\u3066\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u7279\u306b\u91cd\u8981\u306a\u30a2\u30af\u30b7\u30e7\u30f3\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3059\u308b\u524d\u306b\u3001\u3053\u306e\u30e6\u30fc\u30b6\u30fc\u306b AWS \u591a\u8981\u7d20\u8a8d\u8a3c (MFA) \u3067\u8a8d\u8a3c\u3059\u308b\u3053\u3068\u3092\u6c42\u3081\u308b\u8ffd\u52a0\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u304c\u5fc5\u8981\u3068\u306a\u308b\u3053\u3068\u3082\u3042\u308b\u3002
\u30fb\u300cGet-Session-Token<\/strong>\u300d\u3092\u547c\u3073\u51fa\u3059\u65b9\u6cd5\u3002
\u30fb\u300cAssumelore<\/strong>\u300d\u3092\u4f7f\u7528\u3059\u308b\u65b9\u6cd5\u3002
[\u53c2\u8003\u30b5\u30a4\u30c8<\/a>]<\/td><\/tr><\/tbody><\/table><\/figure>\n<\/details>\n\n\n\n
JSON\u30dd\u30ea\u30b7\u30fc\u8981\u7d20<\/strong><\/summary>\n
\u8981\u7d20<\/th>\u8aac\u660e<\/th><\/tr><\/thead>
Effect<\/strong><\/td>\u8a31\u53ef\uff08Allow\uff09\u307e\u305f\u306f\u62d2\u5426\uff08Deny\uff09<\/td><\/tr>
Action<\/strong><\/td>\u8a31\u53ef\u30fb\u62d2\u5426\u3059\u308b\u64cd\u4f5c\uff08\u4f8b: s3:PutObject<\/code>\uff09<\/td><\/tr>
Resource<\/strong><\/td>\u64cd\u4f5c\u5bfe\u8c61\u30ea\u30bd\u30fc\u30b9\uff08\u4f8b: arn:aws:s3:::example-bucket<\/code>\uff09<\/td><\/tr>
Principal<\/strong> \/ NotPrincipal<\/strong><\/td>\u64cd\u4f5c\u8005\uff08\u8ab0\u304c\u884c\u3046\u304b\uff09\uff0f\u305d\u308c\u4ee5\u5916\u3092\u9664\u5916
\u203bNotPrincipal<\/strong>\u306f\u3001\u7279\u5b9a\u306e\u30d7\u30ea\u30f3\u30b7\u30d1\u30eb\uff08IAM\u30e6\u30fc\u30b6\u30fc\u3084\u30ed\u30fc\u30eb\u306a\u3069\uff09\u4ee5\u5916\u306e\u30a2\u30af\u30bb\u30b9\u3092\u62d2\u5426\u3059\u308b\u305f\u3081\u306b\u4f7f\u308f\u308c\u308b\u3002 \"Effect\": \"Deny\"<\/code>\u3068\u7d44\u307f\u5408\u308f\u305b\u3066\u4f7f\u7528\u3059\u308b\u3053\u3068\u3067\u3001\u300c\u6307\u5b9a\u3055\u308c\u305f\u30d7\u30ea\u30f3\u30b7\u30d1\u30eb\u4ee5\u5916\u3059\u3079\u3066\u62d2\u5426\u300d\u3068\u3044\u3046\u30db\u30ef\u30a4\u30c8\u30ea\u30b9\u30c8\u7684\u306a\u5236\u5fa1\u304c\u53ef\u80fd\u306b\u306a\u308b\u3002<\/td><\/tr>
Condition<\/strong><\/td>\u7279\u5b9a\u306e\u6761\u4ef6\uff08IP\u3001\u6642\u9593\u3001VPC\u306a\u3069\uff09\u3067\u5236\u5fa1<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

<\/p>\n<\/details>\n\n\n\n

\u30ea\u30bd\u30fc\u30b9\u30dd\u30ea\u30b7\u30fc vs \u30a2\u30a4\u30c7\u30f3\u30c6\u30a3\u30c6\u30a3\u30dd\u30ea\u30b7\u30fc \u6bd4\u8f03\u8868<\/strong><\/summary>\n
\u9805\u76ee<\/th>\u30ea\u30bd\u30fc\u30b9\u30dd\u30ea\u30b7\u30fc<\/th>\u30a2\u30a4\u30c7\u30f3\u30c6\u30a3\u30c6\u30a3\u30dd\u30ea\u30b7\u30fc<\/th><\/tr><\/thead>
\u8aac\u660e<\/td>\u7279\u5b9a\u306e AWS \u30ea\u30bd\u30fc\u30b9\u306b\u9069\u7528\u3055\u308c\u308b<\/td>\u7279\u5b9a\u306e IAM \u30e6\u30fc\u30b6\u30fc\u3001\u30b0\u30eb\u30fc\u30d7\u3001\u307e\u305f\u306f\u30ed\u30fc\u30eb\u306b\u9069\u7528\u3055\u308c\u308b<\/td><\/tr>
\u30dd\u30ea\u30b7\u30fc
\u306e\u5834\u6240<\/td>		\u30ea\u30bd\u30fc\u30b9\uff08S3 \u30d0\u30b1\u30c3\u30c8\u3001SNS \u30c8\u30d4\u30c3\u30af\u3001SQS \u30ad\u30e5\u30fc\uff09\u306b\u76f4\u63a5\u30a2\u30bf\u30c3\u30c1\u3055\u308c\u308b<\/td>IAM \u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\uff08\u30e6\u30fc\u30b6\u30fc\u3001\u30b0\u30eb\u30fc\u30d7\u3001\u30ed\u30fc\u30eb\uff09\u306b\u30a2\u30bf\u30c3\u30c1\u3055\u308c\u308b<\/td><\/tr>
\u30dd\u30ea\u30b7\u30fc
\u306e\u76ee\u7684<\/td>		\u30ea\u30bd\u30fc\u30b9\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u5236\u5fa1\u3059\u308b<\/td>IAM \u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\u306e\u64cd\u4f5c\u3092\u5236\u5fa1\u3059\u308b<\/td><\/tr>
\u8ab0\u306b\u9069\u7528
\u3055\u308c\u308b\u304b<\/td>		\u7279\u5b9a\u306e\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\uff08\u4ed6\u306e AWS \u30a2\u30ab\u30a6\u30f3\u30c8\u3001IAM \u30e6\u30fc\u30b6\u30fc\u3001\u30ed\u30fc\u30eb\uff09<\/td>\u7279\u5b9a\u306e IAM \u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\uff08\u30e6\u30fc\u30b6\u30fc\u3001\u30b0\u30eb\u30fc\u30d7\u3001\u30ed\u30fc\u30eb\uff09<\/td><\/tr>
\u30dd\u30ea\u30b7\u30fc
\u306e\u5f62\u5f0f<\/td>		JSON \u5f62\u5f0f\u3067\u8a18\u8ff0\u3055\u308c\u308b<\/td>JSON \u5f62\u5f0f\u3067\u8a18\u8ff0\u3055\u308c\u308b<\/td><\/tr>
\u30af\u30ed\u30b9\u30a2\u30ab\u30a6\u30f3\u30c8\u30a2\u30af\u30bb\u30b9<\/td>\u30ea\u30bd\u30fc\u30b9\u306b\u5bfe\u3057\u3066\u4ed6\u306e AWS \u30a2\u30ab\u30a6\u30f3\u30c8\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3067\u304d\u308b<\/td>\u30b0\u30ed\u30fc\u30d0\u30eb\u306b\u9069\u7528\u3002\u30dd\u30ea\u30b7\u30fc\u306f\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\u306b\u76f4\u63a5\u30a2\u30bf\u30c3\u30c1\u3055\u308c\u308b<\/td><\/tr>
\u4f8b<\/td>S3 \u30d0\u30b1\u30c3\u30c8\u30dd\u30ea\u30b7\u30fc\u3001SNS \u30c8\u30d4\u30c3\u30af\u30dd\u30ea\u30b7\u30fc\u3001SQS \u30ad\u30e5\u30fc\u30dd\u30ea\u30b7\u30fc<\/td>IAM \u30e6\u30fc\u30b6\u30fc\u30dd\u30ea\u30b7\u30fc\u3001IAM \u30ed\u30fc\u30eb\u30dd\u30ea\u30b7\u30fc<\/td><\/tr>
\u9069\u7528\u5bfe\u8c61
\u30b5\u30fc\u30d3\u30b9<\/td>		S3\u3001SNS\u3001SQS \u306a\u3069\u306e\u30ea\u30bd\u30fc\u30b9\u3092\u63d0\u4f9b\u3059\u308b AWS \u30b5\u30fc\u30d3\u30b9<\/td>AWS Organizations \u306a\u3069\u3001\u30a2\u30a4\u30c7\u30f3\u30c6\u30a3\u30c6\u30a3\u3092\u7ba1\u7406\u3059\u308b AWS \u30b5\u30fc\u30d3\u30b9<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

<\/p>\n<\/details>\n\n\n\n

\u30dd\u30ea\u30b7\u30fc\u306e\u691c\u8a3c\u30fb\u30c6\u30b9\u30c8<\/strong><\/summary>\n
Policy Validator<\/strong><\/td>\u6587\u6cd5\u306b\u57fa\u3065\u3044\u3066\u3044\u306a\u3044\u30dd\u30ea\u30b7\u30fc\u3092\u691c\u51fa\u3057\u3001\u4fee\u6b63\u3092\u6c42\u3081\u308b\u3002<\/td><\/tr>
IAMPolicy Simulator<\/strong><\/td>IAM\u306e\u30dd\u30ea\u30b7\u30fc\u8a2d\u5b9a\u3092\u30c6\u30b9\u30c8\u3067\u304d\u308b\u3002\u30a2\u30a4\u30c7\u30f3\u30c6\u30a3\u30c6\u30a3\u30d9\u30fc\u30b9\u306e\u30dd\u30ea\u30b7\u30fc\u3001IAM\u30a2\u30af\u30bb\u30b9\u8a31\u53ef\u306e\u5883\u754c\u3001\u7d44\u7e54\u306e\u30b5\u30fc\u30d3\u30b9\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb\u30dd\u30ea\u30b7\u30fc\u3001\u30ea\u30bd\u30fc\u30b9\u30d9\u30fc\u30b9\u306e\u30dd\u30ea\u30b7\u30fc\u3092\u30c6\u30b9\u30c8\u304a\u3088\u3073\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u3067\u304d\u308b\u3002<\/td><\/tr>
DryRun
(\u30d7\u30fc\u30eb\u5024)<\/strong><\/td>		\u5b9f\u969b\u306b\u8981\u6c42\u3092\u884c\u3046\u3053\u3068\u306a\u304f\u3001\u30a2\u30af\u30b7\u30e7\u30f3\u306b\u5fc5\u8981\u306a\u6a29\u9650\u304c\u3042\u308b\u304b\u3069\u3046\u304b\u3092\u78ba\u8a8d\u3057\u3001\u30a8\u30e9\u30fc\u5fdc\u7b54\u3092\u63d0\u4f9b\u3059\u308b\u3002\u5fc5\u8981\u306a\u6a29\u9650\u304c\u3042\u308b\u5834\u5408\u3001\u30a8\u30e9\u30fc\u5fdc\u7b54\u306fDryRunOperation<\/span>\u3068\u306a\u308b\u3002<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

<\/p>\n<\/details>\n\n\n\n

\u8a8d\u8a3c\u65b9\u5f0f<\/strong><\/summary>\n
AWS\u30a2\u30af\u30bb\u30b9\u30ad\u30fc<\/strong><\/td>\u30a2\u30af\u30bb\u30b9\u30ad\u30fcID<\/span>\/\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u30a2\u30af\u30bb\u30b9\u30ad\u30fc<\/span>\u306e\u30bb\u30c3\u30c8\u3002
IAM\u30e6\u30fc\u30b6\u307e\u305f\u306fAWS\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u9577\u671f\u7684\u8a8d\u8a3c\u60c5\u5831\u3092\u6307\u3059\u3002
S3\u3084EC2\u3068\u3044\u3063\u305fAWS\u306e\u5404\u30b5\u30fc\u30d3\u30b9\u306b\u5bfe\u3057\u3066\u30d7\u30ed\u30b0\u30e9\u30e0\u306b\u304a\u3051\u308b\u30a2\u30af\u30bb\u30b9\u3092\u8a8d\u8a3c\u3059\u308b\u305f\u3081\u306b\u4f5c\u6210\u3055\u308c\u308b\u8a8d\u8a3c\u30ad\u30fc\u3002<\/td><\/tr>
X509 Certificate<\/strong><\/td>[\u53c2\u8003\uff1aAWS\u516c\u5f0f<\/a>]<\/td><\/tr>
MFA<\/strong><\/td>Multi-Factor Authentication \u591a\u8981\u7d20\u8a8d\u8a3c\u3002\u30e6\u30fc\u30b6\u30fc\u306e\u30b9\u30de\u30fc\u30c8\u30d5\u30a9\u30f3\u304b\u3089\u306e\u30b3\u30fc\u30c9\u3001\u79d8\u5bc6\u306e\u8cea\u554f\u306e\u7b54\u3048\u3001\u6307\u7d0b\u3001\u9854\u8a8d\u8b58\u306a\u3069\u3092\u8981\u6c42\u3059\u308b\u3002<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

\u25cf\u8a8d\u8a3c\u60c5\u5831\u30ec\u30dd\u30fc\u30c8\uff08Credential Report\uff09<\/strong>
\u76e3\u67fb\u5411\u3051\u60c5\u5831<\/mark>\u3002\u7279\u5b9a\u306eIAM\u30a2\u30a4\u30c7\u30f3\u30c6\u30a3\u30c6\u30a3\uff08\u30e6\u30fc\u30b6\u30fc\u3001\u30b0\u30eb\u30fc\u30d7\u3001\u30ed\u30fc\u30eb\uff09\u306eIAM\u8a8d\u8a3c\u60c5\u5831\u306e\u30ec\u30dd\u30fc\u30c8\u30d5\u30a1\u30a4\u30eb\u3002
\u203bAWS Management Console\u3001AWS SDK\u3001\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3\u30c4\u30fc\u30eb\u3001\u307e\u305f\u306f IAM API \u304b\u3089\u53d6\u5f97\u3067\u304d\u308b<\/p>\n\n\n\n

[\u53d6\u5f97\u3067\u304d\u308b\u60c5\u5831]<\/strong><\/p>\n\n\n\n

\u8a8d\u8a3c\u60c5\u5831<\/strong><\/td>\u30d1\u30b9\u30ef\u30fc\u30c9\u3001\u30a2\u30af\u30bb\u30b9\u30ad\u30fc\u3001MFA \u30c7\u30d0\u30a4\u30b9\u306a\u3069\u8a8d\u8a3c\u60c5\u5831\u306e\u30ed\u30fc\u30c6\u30fc\u30b7\u30e7\u30f3\u3002<\/td><\/tr>
\u8a8d\u8a3c\u60c5\u5831\u30b9\u30c6\u30fc\u30bf\u30b9<\/strong><\/td>MFA\u3001\u6700\u7d42\u30ed\u30b0\u30a4\u30f3\u6642\u9593\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u5229\u7528\u6709\u7121\u306a\u3069\u3002
\u3010\u76e3\u67fb\u5411\u3051\u5bfe\u5fdc\u3011<\/span><\/strong>
\u76e3\u67fb<\/mark>\u3084\u30b3\u30f3\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u306e\u4f5c\u696d\u652f\u63f4\u3002\u307e\u305f\u3001\u5916\u90e8\u306e\u76e3\u67fb\u4eba\u306b\u30ec\u30dd\u30fc\u30c8\u3068\u3057\u3066\u63d0\u4f9b\u3067\u304d\u308b\u3002
\u30fb\u76e3\u67fb\u4eba\u306f\u30ec\u30dd\u30fc\u30c8\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3067\u304d\u308b\u30024 \u6642\u9593\u3054\u3068\u306b 1 \u56de\u751f\u6210\u3067\u304d\u308b\u3002
\u30fb\u30ec\u30dd\u30fc\u30c8\u3092\u30ea\u30af\u30a8\u30b9\u30c8\u3059\u308b\u3068\u3001IAM \u306f\u307e\u305a AWS \u30a2\u30ab\u30a6\u30f3\u30c8 \u306b\u3064\u3044\u3066\u904e\u53bb 4 \u6642\u9593\u4ee5\u5185\u306b\u30ec\u30dd\u30fc\u30c8\u304c\u751f\u6210\u3055\u308c\u305f\u304b\u3069\u3046\u304b\u3092\u78ba\u8a8d\u3059\u308b\u3002<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

\u25cfIAM\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u8a8d\u8a3c<\/strong>
DB\u63a5\u7d9a\u7528\u3002IAM\u306e\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u63a5\u7d9a\u306b\u8a8d\u8a3c\u6a5f\u80fd\u3092\u4ed8\u4e0e\u3059\u308b\u3002<\/p>\n\n\n\n

\u5bfe\u8c61\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9<\/strong><\/td>MySQL \u304a\u3088\u3073 PostgreSQL<\/td><\/tr>
\u4ed5\u7d44\u307f<\/strong><\/td>DB\u30e6\u30fc\u30b6\u30fc\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u306a\u3069\u8cc7\u683c\u60c5\u5831\u306e\u4fdd\u5b58\u306f\u4e0d\u8981<\/span><\/strong>\u3002\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u4ee3\u308f\u308a\u306b IAM \u8a8d\u8a3c\u30c8\u30fc\u30af\u30f3<\/strong>(\u7f72\u540d\u4ed8\u304d\u306e\u4e00\u6642\u7684\u306a\u6587\u5b57\u5217)\u3092\u4f7f\u7528\u3057\u3066 DB \u306b\u63a5\u7d9a\u3002(IAM \u30e6\u30fc\u30b6\u30fc<\/strong>\u307e\u305f\u306f\u30ed\u30fc\u30eb\u8a8d\u8a3c\u60c5\u5831<\/strong>\u3068\u8a8d\u8a3c\u30c8\u30fc\u30af\u30f3\u3092\u4f7f\u7528\u3057\u3066RDS DB \u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u307e\u305f\u306f\u30af\u30e9\u30b9\u30bf\u30fc\u306b\u63a5\u7d9a)<\/strong>
\u203bRDS\u304c\u7acb\u3061\u4e0a\u3052\u305fMySQL\u306a\u3069\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u969b(\u901a\u5e38\u306f\u30e6\u30fc\u30b6\u30fc\u540d\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5229\u7528\u3057\u3066\u30a2\u30af\u30bb\u30b9\uff09
\u30fb\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3067\u5b9f\u884c\u3055\u308c\u3066\u3044\u308b\u5834\u5408\u3001\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u8a8d\u8a3c\u60c5\u5831<\/mark><\/strong>\u3092\u4f7f\u7528\u3057\u3066<\/span>\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u306b\u30a2\u30af\u30bb\u30b9\u3002
\u30fbSSL \u63a5\u7d9a<\/strong>\u304c\u5fc5\u8981\u3067\u3001DB \u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3068\u306e\u9593\u3067\u9001\u53d7\u4fe1\u3055\u308c\u308b\u30c7\u30fc\u30bf\u306f\u6697\u53f7\u5316\u3055\u308c\u308b\u3002<\/td><\/tr>
\u30c8\u30fc\u30af\u30f3\u306e\u6709\u52b9\u671f\u9650<\/strong><\/td>\u6709\u52b9\u671f\u9593\u306f 15 \u5206<\/strong><\/span>\u3002AWS \u30a2\u30af\u30bb\u30b9\u30ad\u30fc\u3092\u4f7f\u7528\u3057\u3066\u751f\u6210\u3002<\/td><\/tr>
\u7f72\u540d\u65b9\u5f0f<\/strong><\/td>AWS Signature Version 4 \u3092\u5229\u7528<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

[\u4e3b\u306a\u30e1\u30ea\u30c3\u30c8]<\/strong><\/p>\n\n\n\n