{"id":160,"date":"2025-11-17T18:00:00","date_gmt":"2025-11-17T09:00:00","guid":{"rendered":"https:\/\/ranamicus.com\/?p=160"},"modified":"2025-12-15T19:48:21","modified_gmt":"2025-12-15T10:48:21","slug":"%e5%b0%8f%e8%a6%8f%e6%a8%a1%e5%88%a9%e7%94%a8%ef%bc%88%e3%82%b7%e3%83%b3%e3%82%b0%e3%83%ab%e3%82%a2%e3%82%ab%e3%82%a6%e3%83%b3%e3%83%88%ef%bc%89%e5%90%91%e3%81%91aws%e3%82%a2%e3%82%ab%e3%82%a6","status":"publish","type":"post","link":"https:\/\/ranamicus.com\/?p=160","title":{"rendered":"\u5c0f\u898f\u6a21\u5229\u7528\uff08\u30b7\u30f3\u30b0\u30eb\u30a2\u30ab\u30a6\u30f3\u30c8\uff09\u5411\u3051AWS\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4f5c\u3063\u305f\u3089\u5fc5\u9808\u3067\u3084\u308b\u3053\u3068"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"768\" height=\"512\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/\u30ab\u30d0\u30fc\u753b\u50cf-2.png\" alt=\"\" class=\"wp-image-219\" style=\"width:331px;height:auto\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/\u30ab\u30d0\u30fc\u753b\u50cf-2.png 768w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/\u30ab\u30d0\u30fc\u753b\u50cf-2-300x200.png 300w\" sizes=\"auto, (max-width: 768px) 100vw, 768px\" \/><\/figure>\n\n\n\n<p>\u5927\u898f\u6a21\u4e8b\u696d\u8005\u306e\u5834\u5408\u3001AWS\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u8907\u6570\u69cb\u6210\u3057\u305f\u300c\u30de\u30eb\u30c1\u30a2\u30ab\u30a6\u30f3\u30c8\u69cb\u6210\u300d\u306b\u3057\u3066\u3001AWS Organizations\u3092\u4f7f\u3063\u3066\u30ac\u30fc\u30c9\u30ec\u30fc\u30eb\u3092\u8a2d\u5b9a\u3057\u3001\u7d71\u5236\u3092\u52b9\u304b\u305b\u308b\u3068\u601d\u3044\u307e\u3059\u3002\u3057\u304b\u3057\u3001\u500b\u4eba\u5229\u7528\u3084\u5c0f\u898f\u6a21\u5229\u7528\u306e\u5834\u5408\u3001\u305d\u3053\u307e\u3067\u3057\u3063\u304b\u308a\u3057\u305f\u7d71\u5236\u3092\u304b\u3051\u308b\u3053\u3068\u306f\u306a\u3044\u3067\u3057\u3087\u3046\u3002<br>\u305f\u3060\u3001AWS\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4f5c\u6210\u3057\u305f\u307e\u307e\u306e\u72b6\u614b\u3067\u4f7f\u7528\u3059\u308b\u306e\u306f\u3001\u3084\u3081\u305f\u65b9\u304c\u826f\u304f\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7684\u306a\u89b3\u70b9\u3084\u3001\u3046\u3063\u304b\u308a\u30df\u30b9\u3067\u306e\u5f71\u97ff\u3092\u6291\u3048\u308b\u305f\u3081\u306b\u3001\u6700\u4f4e\u9650\u3084\u3063\u3066\u304a\u304d\u305f\u3044\u8a2d\u5b9a\u3092\u307e\u3068\u3081\u3066\u304a\u304d\u307e\u3059\u3002<br>GUI\u3067\u624b\u52d5\u8a2d\u5b9a\u3059\u308b\u306e\u306f\u9762\u5012\u306a\u306e\u3067\u3001AWS CLI\u3092\u4f7f\u3063\u305f\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u534a\u81ea\u52d5\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<div class=\"wp-block-vk-blocks-alert alert alert-info\"><p>\u306a\u304a\u3001\u3053\u306e\u8a18\u4e8b\u306b\u95a2\u3059\u308b<a href=\"#disclaimer\" data-type=\"internal\" data-id=\"#disclaimer\">\u514d\u8cac\u4e8b\u9805<\/a>\u306f\u3001\u672b\u5c3e\u306b\u63b2\u8f09\u3055\u308c\u3066\u3044\u308b\u30ea\u30f3\u30af\u5148\u306b\u8a18\u8f09\u3055\u308c\u3066\u3044\u307e\u3059\u306e\u3067\u3001\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_68_1 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/ranamicus.com\/?p=160\/#%E3%81%BE%E3%81%A8%E3%82%81\" title=\"\u307e\u3068\u3081\">\u307e\u3068\u3081<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/ranamicus.com\/?p=160\/#%E3%82%B9%E3%82%AF%E3%83%AA%E3%83%97%E3%83%88%E3%81%AE%E5%AE%9F%E8%A1%8C%E6%96%B9%E6%B3%95\" title=\"\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u5b9f\u884c\u65b9\u6cd5\">\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u5b9f\u884c\u65b9\u6cd5<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/ranamicus.com\/?p=160\/#IAM%E3%83%A6%E3%83%BC%E3%82%B6%E3%81%AE%E3%83%91%E3%82%B9%E3%83%AF%E3%83%BC%E3%83%89%E3%83%9D%E3%83%AA%E3%82%B7%E3%83%BC%E8%A8%AD%E5%AE%9A\" title=\"IAM\u30e6\u30fc\u30b6\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u30dd\u30ea\u30b7\u30fc\u8a2d\u5b9a\">IAM\u30e6\u30fc\u30b6\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u30dd\u30ea\u30b7\u30fc\u8a2d\u5b9a<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/ranamicus.com\/?p=160\/#root%E3%83%A6%E3%83%BC%E3%82%B6%E3%81%AE%E4%BB%A3%E3%82%8F%E3%82%8A%E3%81%AE%E7%AE%A1%E7%90%86%E8%80%85IAM%E3%83%A6%E3%83%BC%E3%82%B6%E3%82%92%E4%BD%9C%E6%88%90%E3%81%99%E3%82%8B\" title=\"root\u30e6\u30fc\u30b6\u306e\u4ee3\u308f\u308a\u306e\u7ba1\u7406\u8005IAM\u30e6\u30fc\u30b6\u3092\u4f5c\u6210\u3059\u308b\">root\u30e6\u30fc\u30b6\u306e\u4ee3\u308f\u308a\u306e\u7ba1\u7406\u8005IAM\u30e6\u30fc\u30b6\u3092\u4f5c\u6210\u3059\u308b<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/ranamicus.com\/?p=160\/#IAM%E3%83%A6%E3%83%BC%E3%82%B6%E3%81%ABMFA%E8%A8%AD%E5%AE%9A\" title=\"IAM\u30e6\u30fc\u30b6\u306bMFA\u8a2d\u5b9a\">IAM\u30e6\u30fc\u30b6\u306bMFA\u8a2d\u5b9a<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/ranamicus.com\/?p=160\/#%E3%83%87%E3%83%95%E3%82%A9%E3%83%AB%E3%83%88VPC%E3%81%AE%E5%89%8A%E9%99%A4\" title=\"\u30c7\u30d5\u30a9\u30eb\u30c8VPC\u306e\u524a\u9664\">\u30c7\u30d5\u30a9\u30eb\u30c8VPC\u306e\u524a\u9664<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/ranamicus.com\/?p=160\/#Budget%E3%82%A2%E3%83%A9%E3%83%BC%E3%83%88%E3%81%AE%E8%A8%AD%E5%AE%9A\" title=\"Budget\u30a2\u30e9\u30fc\u30c8\u306e\u8a2d\u5b9a\">Budget\u30a2\u30e9\u30fc\u30c8\u306e\u8a2d\u5b9a<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/ranamicus.com\/?p=160\/#CloudTrail%E3%81%AE%E3%82%A2%E3%83%A9%E3%83%BC%E3%83%88%E8%A8%AD%E5%AE%9A\" title=\"CloudTrail\u306e\u30a2\u30e9\u30fc\u30c8\u8a2d\u5b9a\">CloudTrail\u306e\u30a2\u30e9\u30fc\u30c8\u8a2d\u5b9a<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/ranamicus.com\/?p=160\/#CloudWatch_Query%E3%81%AE%E8%A8%AD%E5%AE%9A\" title=\"CloudWatch Query\u306e\u8a2d\u5b9a\">CloudWatch Query\u306e\u8a2d\u5b9a<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/ranamicus.com\/?p=160\/#%E3%82%B9%E3%82%AF%E3%83%AA%E3%83%97%E3%83%88\" title=\"\u30b9\u30af\u30ea\u30d7\u30c8\">\u30b9\u30af\u30ea\u30d7\u30c8<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E3%81%BE%E3%81%A8%E3%82%81\"><\/span>\u307e\u3068\u3081<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>\u5148\u306b\u307e\u3068\u3081\u3066\u304a\u304f\u3068\u3001\u6700\u4f4e\u9650\u4ee5\u4e0b\u306e\u3053\u3068\u3092\u3084\u3063\u3066\u304a\u304d\u307e\u3057\u3087\u3046\u3002<\/p>\n\n\n<table style=\"border-collapse: collapse; width: 100%; height: 137px;\">\n<tbody>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.91087%; height: 18px; background-color: #daf2d0;\">#<\/td>\n<td style=\"width: 38.0814%; height: 18px; background-color: #daf2d0;\">\u3084\u308b\u3053\u3068<\/td>\n<td style=\"width: 56.0077%; height: 18px; background-color: #daf2d0;\">\u76ee\u7684<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.91087%; height: 19px;\">1<\/td>\n<td style=\"width: 38.0814%; height: 19px;\">IAM\u30e6\u30fc\u30b6\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u30dd\u30ea\u30b7\u30fc\u8a2d\u5b9a<\/td>\n<td style=\"width: 56.0077%; height: 19px;\">\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u89b3\u70b9\uff1a\u30a2\u30ab\u30a6\u30f3\u30c8\u4e57\u3063\u53d6\u3089\u308c\u4e88\u9632<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.91087%; height: 18px;\">2<\/td>\n<td style=\"width: 38.0814%; height: 18px;\">root\u30e6\u30fc\u30b6\u306e\u4ee3\u308f\u308a\u306e\u7ba1\u7406\u8005IAM\u30e6\u30fc\u30b6\u3092\u4f5c\u6210<\/td>\n<td style=\"width: 56.0077%; height: 18px;\">\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u89b3\u70b9\uff1a\u30a2\u30ab\u30a6\u30f3\u30c8\u4e57\u3063\u53d6\u3089\u308c\u4e88\u9632<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.91087%; height: 18px;\">3<\/td>\n<td style=\"width: 38.0814%; height: 18px;\">IAM\u30e6\u30fc\u30b6\u306bMFA\u8a2d\u5b9a<\/td>\n<td style=\"width: 56.0077%; height: 18px;\">\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u89b3\u70b9\uff1a\u30a2\u30ab\u30a6\u30f3\u30c8\u4e57\u3063\u53d6\u3089\u308c\u4e88\u9632<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.91087%; height: 10px;\">4<\/td>\n<td style=\"width: 38.0814%; height: 10px;\">\u30c7\u30d5\u30a9\u30eb\u30c8VPC\u306e\u524a\u9664<\/td>\n<td style=\"width: 56.0077%; height: 10px;\">\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u89b3\u70b9\uff1a\u6c17\u3065\u304b\u306a\u3044\u9593\u306b\u4e0d\u6b63\u5229\u7528\u3055\u308c\u308b\u3053\u3068\u306e\u4e88\u9632<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.91087%; height: 18px;\">5<\/td>\n<td style=\"width: 38.0814%; height: 18px;\">Budget\u30a2\u30e9\u30fc\u30c8\u306e\u8a2d\u5b9a<\/td>\n<td style=\"width: 56.0077%; height: 18px;\">\u30b3\u30b9\u30c8\u89b3\u70b9\uff1a\u81ea\u5206\u306e\u4f7f\u3044\u904e\u304e\u306e\u691c\u77e5\uff0f\u6c17\u3065\u304b\u306a\u3044\u9593\u306b\u4e0d\u6b63\u5229\u7528\u3055\u308c\u305f\u3053\u3068\u306e\u65e9\u3081\u306e\u691c\u77e5<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.91087%; height: 18px;\">6<\/td>\n<td style=\"width: 38.0814%; height: 18px;\">CloudTrail\u306e\u30a2\u30e9\u30fc\u30c8\u8a2d\u5b9a<\/td>\n<td style=\"width: 56.0077%; height: 18px;\">\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u89b3\u70b9\uff1a\u4e0d\u6b63\u64cd\u4f5c\u306e\u65e9\u3081\u306e\u691c\u77e5<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.91087%; height: 18px;\">7<\/td>\n<td style=\"width: 38.0814%; height: 18px;\">CloudWatch Query\u306e\u8a2d\u5b9a<\/td>\n<td style=\"width: 56.0077%; height: 18px;\">\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u89b3\u70b9\uff1aCloudTrail\u30a2\u30e9\u30fc\u30c8\u691c\u77e5\u6642\u306e\u8abf\u67fb<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n<h2 class=\"wp-block-heading\" id=\"HowToRunScript\"><span class=\"ez-toc-section\" id=\"%E3%82%B9%E3%82%AF%E3%83%AA%E3%83%97%E3%83%88%E3%81%AE%E5%AE%9F%E8%A1%8C%E6%96%B9%E6%B3%95\"><\/span>\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u5b9f\u884c\u65b9\u6cd5<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u3053\u306e\u30d6\u30ed\u30b0\u306f\u3001AWS\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4f5c\u6210\u3057\u305f\u76f4\u5f8c\u3067\u3001\u4f55\u3082\u306a\u3044\u72b6\u614b\u3092\u524d\u63d0\u3068\u3057\u3066\u3044\u308b\u306e\u3067\u3001\u3053\u306e\u5f8c\u3067\u767b\u5834\u3059\u308b\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u3001\u5168\u3066\u3001root\u30e6\u30fc\u30b6\u306eCloudShell\u3067\u5b9f\u884c\u3059\u308b\u524d\u63d0\u3068\u3057\u307e\u3059\u3002<br><img loading=\"lazy\" decoding=\"async\" width=\"150\" height=\"30\" class=\"wp-image-169\" style=\"width: 150px;\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-11-10-171338.png\" alt=\"\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-11-10-171338.png 660w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-11-10-171338-300x59.png 300w\" sizes=\"auto, (max-width: 150px) 100vw, 150px\" \/><\/li>\n\n\n\n<li>\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u3001\u6587\u5b57\u30b3\u30fc\u30c9\u3092UTF-8(BOM\u306a\u3057)\u3001\u6539\u884c\u30b3\u30fc\u30c9\u3092LF\u306b\u3057\u3066\u30d5\u30a1\u30a4\u30eb\u306b\u4fdd\u5b58\u3057\u3066\u3001CloudShell\u306b\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u304f\u3060\u3055\u3044\u3002<br><img loading=\"lazy\" decoding=\"async\" width=\"150\" height=\"158\" class=\"wp-image-170\" style=\"width: 150px;\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-11-10-173446.png\" alt=\"\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-11-10-173446.png 426w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-11-10-173446-285x300.png 285w\" sizes=\"auto, (max-width: 150px) 100vw, 150px\" \/><\/li>\n\n\n\n<li><a href=\"#common_sh\">common.sh<\/a>\u3068\u3001<a href=\"#awsenv.sh\" data-type=\"internal\" data-id=\"#awsenv.sh\">awsenv.sh<\/a>\u306f\u3001\u4ed6\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u304b\u3089\u8aad\u307f\u8fbc\u307e\u308c\u3066\u3044\u308b\u306e\u3067\u3001\u5fc5\u305a\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u304a\u304f\u3088\u3046\u306b\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/li>\n\n\n\n<li>\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u4f5c\u6210\u3055\u308c\u308bAWS\u30ea\u30bd\u30fc\u30b9\u306b\u306f\u3001\u81ea\u52d5\u7684\u306b\u4ee5\u4e0b\u306e\u30bf\u30b0\u3092\u4ed8\u4e0e\u3057\u307e\u3059\uff08environment\u30bf\u30b0\u306e\u5024\u306f\u3001common.sh\u3067\u5b9a\u7fa9\u3057\u3066\u3044\u308b\u306e\u3067\u66f8\u304d\u63db\u3048\u3066\u3082OK\u3067\u3059\uff09\u3002\n<ul class=\"wp-block-list\">\n<li>environment=develop<\/li>\n\n\n\n<li>group=trail<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"IAM%E3%83%A6%E3%83%BC%E3%82%B6%E3%81%AE%E3%83%91%E3%82%B9%E3%83%AF%E3%83%BC%E3%83%89%E3%83%9D%E3%83%AA%E3%82%B7%E3%83%BC%E8%A8%AD%E5%AE%9A\"><\/span>IAM\u30e6\u30fc\u30b6\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u30dd\u30ea\u30b7\u30fc\u8a2d\u5b9a<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h5 class=\"wp-block-heading\">\u76ee\u7684<\/h5>\n\n\n\n<p>\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u8907\u96d1\u3055\u306f\u3001\u3084\u306f\u308a\u3001\u653b\u6483\u8005\u306e\u4fb5\u5165\u3092\u624b\u9593\u53d6\u3089\u305b\u308b\u4e00\u756a\u57fa\u672c\u7684\u306a\u5bfe\u7b56\u3067\u3059\u3002<br>\u30d1\u30b9\u30ef\u30fc\u30c9\u30dd\u30ea\u30b7\u30fc\u3067\u3001\u8907\u96d1\u3055\u3084\u5b9a\u671f\u66f4\u65b0\u3092\u5f37\u5236\u3057\u3066\u304a\u3051\u3070\u3001\u3046\u3063\u304b\u308a\u5b89\u6613\u306a\u30d1\u30b9\u30ef\u30fc\u30c9\u8a2d\u5b9a\u304c\u6f0f\u308c\u3066\u3001\u653b\u6483\u3092\u53d7\u3051\u308b\u53ef\u80fd\u6027\u3082\u6e1b\u3089\u305b\u307e\u3059\u3002<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">\u30b9\u30af\u30ea\u30d7\u30c8\u6e96\u5099<\/h5>\n\n\n\n<p><a href=\"#setting_password_policy_sh\">setting_password_policy.sh<\/a>\u306e---- Define ----\u306e\u30d6\u30ed\u30c3\u30af\u306b\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u30dd\u30ea\u30b7\u30fc\u306e\u8a2d\u5b9a\u304c\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\u306e\u3067\u3001\u597d\u307f\u306e\u5185\u5bb9\u306b\u66f4\u65b0\u3057\u3066\u304f\u3060\u3055\u3044\u3002<br>\u3042\u307e\u308a\u7de9\u3044\u8a2d\u5b9a\u3060\u3068\u3001\u30dd\u30ea\u30b7\u30fc\u8a2d\u5b9a\u3057\u3066\u3044\u308b\u610f\u5473\u304c\u306a\u3044\u306e\u3067\u3001\u53b3\u3057\u3081\u3067\u2026<\/p>\n\n\n\n<table style=\"border-collapse: collapse; width: 100%; height: 286px;\">\n<tbody>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; text-align: center; background-color: #daf2d0; height: 18px;\">#<\/td>\n<td style=\"width: 13.1466%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8a2d\u5b9a\u9805\u76ee<\/td>\n<td style=\"width: 30.9214%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8a2d\u5b9a\u3067\u304d\u308b\u5024<\/td>\n<td style=\"width: 50.7596%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8aac\u660e<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; height: 18px;\">1<\/td>\n<td style=\"width: 13.1466%; height: 18px;\">mpl<\/td>\n<td style=\"width: 30.9214%; height: 18px;\">\u6587\u5b57\u6570(6\uff5e99)<\/td>\n<td style=\"width: 50.7596%; height: 18px;\">\n<div>\n<div><span>\u6700\u5c0f\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u6587\u5b57\u6570<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; height: 36px;\" rowspan=\"2\">2<\/td>\n<td style=\"width: 13.1466%; height: 36px;\" rowspan=\"2\">rn<\/td>\n<td style=\"width: 30.9214%; height: 18px;\">\n<div>\n<div><span>--require-numbers<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50.7596%; height: 18px;\">\n<div>\n<div><span>\u6700\u4f4e1\u6587\u5b57\u4ee5\u4e0a\u306e\u6570\u5b57\u3092\u5fc5\u9808\u3068\u3059\u308b<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 30.9214%; height: 18px;\">\n<div>\n<div><span>--no-require-numbers<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50.7596%; height: 18px;\">\n<div>\n<div><span>\u6700\u4f4e1\u6587\u5b57\u4ee5\u4e0a\u306e\u6570\u5b57\u3092\u5fc5\u9808\u3068\u3057\u306a\u3044<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; height: 41px;\" rowspan=\"2\">3<\/td>\n<td style=\"width: 13.1466%; height: 41px;\" rowspan=\"2\">rs<\/td>\n<td style=\"width: 30.9214%; height: 23px;\">\n<div>\n<div><span>--require-symbols<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50.7596%; height: 23px;\">\n<div>\n<div><span>\u6700\u4f4e1\u6587\u5b57\u4ee5\u4e0a\u306e\u8a18\u53f7\u3092\u5fc5\u9808\u3068\u3059\u308b<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 30.9214%; height: 18px;\">\n<div>\n<div><span>--no-require-symbols<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50.7596%; height: 18px;\">\n<div>\n<div><span>\u6700\u4f4e1\u6587\u5b57\u4ee5\u4e0a\u306e\u8a18\u53f7\u3092\u5fc5\u9808\u3068\u3057\u306a\u3044<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; height: 36px;\" rowspan=\"2\">4<\/td>\n<td style=\"width: 13.1466%; height: 36px;\" rowspan=\"2\">ruc<\/td>\n<td style=\"width: 30.9214%; height: 18px;\">\n<div>\n<div><span>--require-uppercase-characters<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50.7596%; height: 18px;\">\n<div>\n<div><span>\u6700\u4f4e1\u6587\u5b57\u4ee5\u4e0a\u306e\u5927\u6587\u5b57\u82f1\u5b57\u3092\u5fc5\u9808\u3068\u3059\u308b<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 30.9214%; height: 18px;\">\n<div>\n<div><span>--no-require-uppercase-characters<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50.7596%; height: 18px;\">\n<div>\n<div><span>\u6700\u4f4e1\u6587\u5b57\u4ee5\u4e0a\u306e\u5927\u6587\u5b57\u82f1\u5b57\u3092\u5fc5\u9808\u3068\u3057\u306a\u3044<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; height: 37px;\" rowspan=\"2\">5<\/td>\n<td style=\"width: 13.1466%; height: 37px;\" rowspan=\"2\">rlc<\/td>\n<td style=\"width: 30.9214%; height: 18px;\">\n<div>\n<div><span>--require-lowercase-characters<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50.7596%; height: 18px;\">\n<div>\n<div><span>\u6700\u4f4e1\u6587\u5b57\u4ee5\u4e0a\u306e\u5927\u6587\u5b57\u82f1\u5b57\u3092\u5fc5\u9808\u3068\u3059\u308b<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 30.9214%; height: 19px;\">\n<div>\n<div><span>--no-require-lowercase-characters<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50.7596%; height: 19px;\">\n<div>\n<div><span>\u6700\u4f4e1\u6587\u5b57\u4ee5\u4e0a\u306e\u5927\u6587\u5b57\u82f1\u5b57\u3092\u5fc5\u9808\u3068\u3057\u306a\u3044<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; height: 36px;\" rowspan=\"2\">6<\/td>\n<td style=\"width: 13.1466%; height: 36px;\" rowspan=\"2\">autcp<\/td>\n<td style=\"width: 30.9214%; height: 18px;\">\n<div>\n<div><span>--allow-users-to-change-password<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50.7596%; height: 18px;\">\n<div>\n<div><span>\u30e6\u30fc\u30b6\u81ea\u8eab\u306b\u3088\u308b\u30d1\u30b9\u30ef\u30fc\u30c9\u5909\u66f4\u53ef<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 30.9214%; height: 18px;\">\n<div>\n<div>\n<div>\n<div><span>--no-allow-users-to-change-password<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50.7596%; height: 18px;\">\n<div>\n<div><span>\u30e6\u30fc\u30b6\u81ea\u8eab\u306b\u3088\u308b\u30d1\u30b9\u30ef\u30fc\u30c9\u5909\u66f4\u4e0d\u53ef<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; height: 36px;\" rowspan=\"2\">7<\/td>\n<td style=\"width: 13.1466%; height: 36px;\" rowspan=\"2\">he<\/td>\n<td style=\"width: 30.9214%; height: 18px;\">\n<div>\n<div><span>--no-hard-expiry<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50.7596%; height: 18px;\">\n<div>\n<div><span>\u30d1\u30b9\u30ef\u30fc\u30c9\u671f\u9650\u5207\u308c\u306e\u969b\u306b\u3001\u30e6\u30fc\u30b6\u81ea\u8eab\u304c\u30d1\u30b9\u30ef\u30fc\u30c9\u30ea\u30bb\u30c3\u30c8\u53ef<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 30.9214%; height: 18px;\">\n<div>\n<div><span>--hard-expiry<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 50.7596%; height: 18px;\">\n<div>\n<div><span>\u30d1\u30b9\u30ef\u30fc\u30c9\u671f\u9650\u5207\u308c\u306e\u969b\u306b\u3001\u30e6\u30fc\u30b6\u81ea\u8eab\u304c\u30d1\u30b9\u30ef\u30fc\u30c9\u30ea\u30bb\u30c3\u30c8\u4e0d\u53ef<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; height: 18px;\">8<\/td>\n<td style=\"width: 13.1466%; height: 18px;\">mpa<\/td>\n<td style=\"width: 30.9214%; height: 18px;\">\u65e5\u6570(1\uff5e1,095)<\/td>\n<td style=\"width: 50.7596%; height: 18px;\">\n<div>\n<div><span>\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u6709\u52b9\u671f\u9650\u306e\u65e5\u6570<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; height: 10px;\">9<\/td>\n<td style=\"width: 13.1466%; height: 10px;\">prp<\/td>\n<td style=\"width: 30.9214%; height: 10px;\">\u4e16\u4ee3\u6570(1\uff5e24)<\/td>\n<td style=\"width: 50.7596%; height: 10px;\">\n<div>\n<div><span>\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u518d\u5229\u7528\u3092\u7981\u6b62\u3059\u308b\u904e\u53bb\u4e16\u4ee3\u6570<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n<h5 class=\"wp-block-heading\">\u8a2d\u5b9a<\/h5>\n\n\n\n<p>\u66f4\u65b0\u3057\u305f\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u3001CloudShell\u306b\u3001\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u304f\u3060\u3055\u3044\u3002<br>CloudShell\u3067\u3001\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>bash .\/setting_password_policy.sh<\/code><\/pre><\/div>\n\n\n\n<p>\u8a2d\u5b9a\u5185\u5bb9\u3092\u8868\u793a\u3059\u308b\u306e\u3067\u3001\u78ba\u8a8d\u306e\u4e0a\u3001y\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"317\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_password_policy.sh\u5b9f\u884c-1024x317.png\" alt=\"\" class=\"wp-image-276\" style=\"width:718px;height:auto\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_password_policy.sh\u5b9f\u884c-1024x317.png 1024w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_password_policy.sh\u5b9f\u884c-300x93.png 300w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_password_policy.sh\u5b9f\u884c-768x238.png 768w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_password_policy.sh\u5b9f\u884c-1536x475.png 1536w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_password_policy.sh\u5b9f\u884c.png 1541w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"root%E3%83%A6%E3%83%BC%E3%82%B6%E3%81%AE%E4%BB%A3%E3%82%8F%E3%82%8A%E3%81%AE%E7%AE%A1%E7%90%86%E8%80%85IAM%E3%83%A6%E3%83%BC%E3%82%B6%E3%82%92%E4%BD%9C%E6%88%90%E3%81%99%E3%82%8B\"><\/span>root\u30e6\u30fc\u30b6\u306e\u4ee3\u308f\u308a\u306e\u7ba1\u7406\u8005IAM\u30e6\u30fc\u30b6\u3092\u4f5c\u6210\u3059\u308b<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h5 class=\"wp-block-heading\">\u76ee\u7684<\/h5>\n\n\n\n<p>\u5c0f\u898f\u6a21\u5229\u7528\u306e\u5834\u5408\u3001root\u30e6\u30fc\u30b6\u306e\u8a8d\u8a3c\u60c5\u5831\u304c\u6f0f\u6d29\u3059\u308b\u3068\u3001\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u5b8c\u5168\u306a\u5236\u5fa1\u3092\u5931\u3046\u305f\u3081\u3001\u91cd\u5927\u306a\u5f71\u97ff\u304c\u751f\u3058\u307e\u3059\u3002\u306a\u306e\u3067\u3001root\u30e6\u30fc\u30b6\u306f\u3001\u666e\u6bb5\u306a\u308b\u3079\u304f\u4f7f\u308f\u305a\u306b\u3001\u5b89\u5168\u306a\u6240\u306b\u3057\u307e\u3063\u3066\u304a\u3044\u305f\u65b9\u304c\u3044\u3044\u3067\u3059(\u8a8d\u8a3c\u60c5\u5831\u3092)\u3002<br>\u305d\u3053\u3067\u3001\u666e\u6bb5\u4f7f\u3044\u306eroot\u30e6\u30fc\u30b6\u306e\u4ee3\u308f\u308a\u306b\u306a\u308b\u7ba1\u7406\u8005\u30e6\u30fc\u30b6\u3092\u4f5c\u6210\u3057\u3066\u304a\u304d\u307e\u3059\u3002<br>\u4e07\u4e00\u3001\u3053\u306e\u666e\u6bb5\u4f7f\u3044\u306e\u7ba1\u7406\u8005\u30e6\u30fc\u30b6\u304c\u4e57\u3063\u53d6\u3089\u308c\u3066\u3057\u307e\u3063\u3066\u3082\u3001root\u30e6\u30fc\u30b6\u3092\u6301\u3061\u51fa\u3057\u3066\u304f\u308c\u3070\u3001\u7ba1\u7406\u8005\u30e6\u30fc\u30b6\u3092\u7121\u52b9\u5316\u3057\u305f\u308a\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u4e0a\u66f8\u304d\u3057\u3066\u53d6\u308a\u623b\u305b\u307e\u3059\u3002<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">\u30b9\u30af\u30ea\u30d7\u30c8\u6e96\u5099<\/h5>\n\n\n\n<p><a href=\"#setting_base_iam_sh\">setting_base_iam.sh<\/a>\u306e---- Define ----\u306e\u30d6\u30ed\u30c3\u30af\u306b\u3001\u7ba1\u7406\u8005\u30b0\u30eb\u30fc\u30d7\u540d\u3068\u3001\u7ba1\u7406\u8005\u30e6\u30fc\u30b6\u540d\u304c\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\u306e\u3067\u3001\u9069\u5b9c\u66f8\u304d\u63db\u3048\u3066\u304f\u3060\u3055\u3044\u3002<br>\u30d1\u30b9\u30ef\u30fc\u30c9\u3060\u3051\u306f\u30a4\u30f3\u30bf\u30e9\u30af\u30c6\u30a3\u30d6\u306b\u805e\u304f\u3088\u3046\u306b\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">\u8a2d\u5b9a<\/h5>\n\n\n\n<p>\u66f4\u65b0\u3057\u305f\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u3001CloudShell\u306b\u3001\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u304f\u3060\u3055\u3044\u3002<br>CloudShell\u3067\u3001\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>bash .\/setting_base_iam.sh<\/code><\/pre><\/div>\n\n\n\n<p>\u7ba1\u7406\u8005\u30e6\u30fc\u30b6\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u805e\u304f\u306e\u3067\u3001\u5148\u307b\u3069\u8a2d\u5b9a\u3057\u305f\u30d1\u30b9\u30ef\u30fc\u30c9\u30dd\u30ea\u30b7\u30fc\u306b\u6e96\u3058\u305f\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\u3002<br>\u305d\u306e\u5f8c\u3001\u8a2d\u5b9a\u5185\u5bb9\u3092\u8868\u793a\u3059\u308b\u306e\u3067\u3001\u78ba\u8a8d\u306e\u4e0a\u3001y\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044(\u30d1\u30b9\u30ef\u30fc\u30c9\u306f\u8868\u793a\u3057\u307e\u305b\u3093)\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_base_iam.sh\u5b9f\u884c1-3-1024x538.png\" alt=\"\" class=\"wp-image-278\" style=\"width:770px;height:auto\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_base_iam.sh\u5b9f\u884c1-3-1024x538.png 1024w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_base_iam.sh\u5b9f\u884c1-3-300x158.png 300w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_base_iam.sh\u5b9f\u884c1-3-768x404.png 768w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_base_iam.sh\u5b9f\u884c1-3-1536x807.png 1536w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_base_iam.sh\u5b9f\u884c1-3.png 1555w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>\u6700\u5f8c\u306b\u6b21\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u306eMFA\u8a2d\u5b9a\u306b\u95a2\u3059\u308b\u6ce8\u610f\u559a\u8d77\u304c\u51fa\u307e\u3059\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"199\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_base_iam.sh\u5b9f\u884c2-2-1024x199.png\" alt=\"\" class=\"wp-image-279\" style=\"width:770px;height:auto\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_base_iam.sh\u5b9f\u884c2-2-1024x199.png 1024w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_base_iam.sh\u5b9f\u884c2-2-300x58.png 300w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_base_iam.sh\u5b9f\u884c2-2-768x149.png 768w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_base_iam.sh\u5b9f\u884c2-2.png 1469w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"IAM%E3%83%A6%E3%83%BC%E3%82%B6%E3%81%ABMFA%E8%A8%AD%E5%AE%9A\"><\/span>IAM\u30e6\u30fc\u30b6\u306bMFA\u8a2d\u5b9a<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>MFA\u8a2d\u5b9a\u306f\u3001CLI\u3067\u306f\u3067\u304d\u306a\u3044\u306e\u3067\u3001AWS\u30de\u30cd\u30b8\u30e1\u30f3\u30c8\u30b3\u30f3\u30bd\u30fc\u30eb\u304b\u3089\u624b\u52d5\u3067\u884c\u3046\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<br>AWS\u306e\u30de\u30cb\u30e5\u30a2\u30eb\u30da\u30fc\u30b8\u3092\u53c2\u7167\u3057\u3066\u3001root\u30e6\u30fc\u30b6\u3068\u7ba1\u7406\u8005IAM\u30e6\u30fc\u30b6\u306b\u5bfe\u3057\u3066MFA\u8a2d\u5b9a\u3057\u3066\u304f\u3060\u3055\u3044\u3002<br><a href=\"https:\/\/docs.aws.amazon.com\/ja_jp\/singlesignon\/latest\/userguide\/how-to-register-device.html\">https:\/\/docs.aws.amazon.com\/ja_jp\/singlesignon\/latest\/userguide\/how-to-register-device.html<\/a><\/p>\n\n\n\n<p>\u304a\u3059\u3059\u3081\u306eMFA\u30c7\u30d0\u30a4\u30b9\u306f\u3001\u30b9\u30de\u30db\u30a2\u30d7\u30ea\u306eGoogle Authenticator\u3084Microsoft Authenticator\u3067\u3059\u304c\u3001\u308f\u3056\u308f\u3056\u30b9\u30de\u30db\u3092\u6301\u3061\u51fa\u3059\u306e\u304c\u9762\u5012\u3001\u3068\u8a00\u3046\u5834\u5408\u306f\u3001<a href=\"https:\/\/chromewebstore.google.com\/search\/authenticator\">Web\u30d6\u30e9\u30a6\u30b6\u306e\u30d7\u30e9\u30b0\u30a4\u30f3\u306eAuthenticator<\/a>\u3092\u4f7f\u3063\u3066\u3082\u826f\u3044\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E3%83%87%E3%83%95%E3%82%A9%E3%83%AB%E3%83%88VPC%E3%81%AE%E5%89%8A%E9%99%A4\"><\/span>\u30c7\u30d5\u30a9\u30eb\u30c8VPC\u306e\u524a\u9664<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h5 class=\"wp-block-heading\">\u76ee\u7684<\/h5>\n\n\n\n<p>AWS\u30a2\u30ab\u30a6\u30f3\u30c8\u306f\u521d\u671f\u72b6\u614b\u3067\u3001\u69d8\u3005\u306a\u30ea\u30fc\u30b8\u30e7\u30f3\u306b\u3001\u30c7\u30d5\u30a9\u30eb\u30c8VPC\u304c\u7528\u610f\u3055\u308c\u3066\u3044\u307e\u3059\u3002<br>\u6700\u521d\u304b\u3089\u7528\u610f\u3055\u308c\u3066\u3044\u308b\u30c7\u30d5\u30a9\u30eb\u30c8VPC\u306f\u3001\u5b58\u5728\u3082\u8a2d\u5b9a\u3082\u5e83\u304f\u77e5\u3089\u308c\u3066\u3044\u308b\u305f\u3081\u3001\u305d\u306e\u307e\u307e\u6b8b\u3057\u3066\u304a\u304f\u3068\u3001\u4fb5\u5165\u3092\u8a31\u3057\u305f\u5834\u5408\u306b\u3001\u305d\u306e\u307e\u307e\u305d\u3053\u306bEC2\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306a\u3069\u3092\u4f5c\u6210\u3055\u308c\u3001\u3053\u3063\u305d\u308a\u3068\u4e0d\u6b63\u4f7f\u7528\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059(\u203b\u30c7\u30d5\u30a9\u30eb\u30c8VPC\u304c\u3042\u308b\u304b\u3089\u4fb5\u5165\u3055\u308c\u308b\u308f\u3051\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002\u5225\u306e\u539f\u56e0\u3067\u4fb5\u5165\u3055\u308c\u305f\u5f8c\u3001\u60aa\u7528\u3055\u308c\u3066\u3001\u6c17\u3065\u304b\u306a\u3044\u30ea\u30b9\u30af\u304c\u3042\u308b\u3068\u8a00\u3046\u3053\u3068\u3067\u3059)\u3002<br>\u57fa\u672c\u7684\u306b\u3001VPC\u3082\u30b5\u30d6\u30cd\u30c3\u30c8\u3082\u81ea\u5206\u3067\u8a2d\u8a08\u3057\u305f\u3082\u306e\u3092\u4f7f\u7528\u3059\u308b\u3067\u3057\u3087\u3046\u3057\u3001\u30c7\u30d5\u30a9\u30eb\u30c8VPC\u3092\u305d\u306e\u307e\u307e\u4f7f\u3046\u6a5f\u4f1a\u306f\u306a\u3044\u3068\u8a00\u3063\u3066\u3044\u3044\u3067\u3057\u3087\u3046\u3002<br>\u306a\u306e\u3067\u3001\u7528\u610f\u3055\u308c\u3066\u3044\u308b\u5168\u30ea\u30fc\u30b8\u30e7\u30f3\u306e\u30c7\u30d5\u30a9\u30eb\u30c8VPC\u3068\u305d\u306e\u95a2\u9023\u30ea\u30bd\u30fc\u30b9\u3092\u524a\u9664\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">\u30b9\u30af\u30ea\u30d7\u30c8\u6e96\u5099<\/h5>\n\n\n\n<p>\u3053\u306e\u9805\u76ee\u306f\u3001\u7528\u610f\u3057\u305f\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u66f4\u65b0\u3059\u308b\u7b87\u6240\u306f\u3042\u308a\u307e\u305b\u3093\u3002<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">\u8a2d\u5b9a<\/h5>\n\n\n\n<p>CloudShell\u306b\u3001<a href=\"#delete_default_vpcs_sh\">delete_default_vpcs.sh<\/a>\u3092\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u304f\u3060\u3055\u3044\u3002<br>CloudShell\u3067\u3001\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3057\u3066\u304f\u3060\u3055\u3044<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>bash .\/delete_default_vpcs.sh<\/code><\/pre><\/div>\n\n\n\n<p>\u524a\u9664\u3059\u308b\u306e\u306f\u3001\u30c7\u30d5\u30a9\u30eb\u30c8VPC\u3068\u3001\u305d\u306e\u4e2d\u306b\u4f5c\u6210\u3055\u308c\u3066\u3044\u308b\u30c7\u30d5\u30a9\u30eb\u30c8\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u30b2\u30fc\u30c8\u30a6\u30a7\u30a4\u3068\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u30b5\u30d6\u30cd\u30c3\u30c8\u3067\u3059\u3002<br>\u5148\u306b\u524a\u9664\u3059\u308b\u30ea\u30bd\u30fc\u30b9\u304c\u5217\u6319\u3055\u308c\u308b\u306e\u3067\u3001\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<div class=\"wp-block-vk-blocks-alert alert alert-info\"><p>\u3053\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u3001\u5168\u30ea\u30fc\u30b8\u30e7\u30f3\u306e\u30c7\u30d5\u30a9\u30eb\u30c8VPC\u3068\u305d\u306e\u95a2\u9023\u30ea\u30bd\u30fc\u30b9\u3092\u524a\u9664\u3057\u307e\u3059\u3002\u5bfe\u8c61\u306eAWS\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u4f5c\u6210\u76f4\u5f8c\u3067\u306f\u306a\u304f\u3001\u65e2\u306b\u4f7f\u7528\u3057\u59cb\u3081\u3066\u3044\u308b\u5834\u5408\u3001\u65e2\u306b\u30c7\u30d5\u30a9\u30eb\u30c8VPC\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u3068\u3001\u901a\u4fe1\u304c\u505c\u6b62\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u4e8b\u524d\u306b\u5fc5\u305a\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p><\/div>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"629\" height=\"620\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/delete_default_vpcs.sh\u5b9f\u884c1.png\" alt=\"\" class=\"wp-image-182\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/delete_default_vpcs.sh\u5b9f\u884c1.png 629w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/delete_default_vpcs.sh\u5b9f\u884c1-300x296.png 300w\" sizes=\"auto, (max-width: 629px) 100vw, 629px\" \/><\/figure>\n\n\n\n<p>\u524a\u9664\u5bfe\u8c61\u30ea\u30bd\u30fc\u30b9\u306e\u8868\u793a\u304c\u7d42\u308f\u308b\u3068\u3001\u4e00\u65e6\u30dd\u30fc\u30ba\u3059\u308b\u306e\u3067\u3001\u4f55\u304b\u30ad\u30fc\u3092\u62bc\u3057\u3066\u7d9a\u884c\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"518\" height=\"289\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/delete_default_vpcs.sh\u5b9f\u884c2.png\" alt=\"\" class=\"wp-image-183\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/delete_default_vpcs.sh\u5b9f\u884c2.png 518w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/delete_default_vpcs.sh\u5b9f\u884c2-300x167.png 300w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/delete_default_vpcs.sh\u5b9f\u884c2-320x180.png 320w\" sizes=\"auto, (max-width: 518px) 100vw, 518px\" \/><\/figure>\n\n\n\n<p>\u305d\u306e\u5148\u306f\u3001\u30ea\u30fc\u30b8\u30e7\u30f3\u3054\u3068\u306b\u3001\u3072\u305f\u3059\u3089\u524a\u9664\u5bfe\u8c61\u30ea\u30bd\u30fc\u30b9\u3092\u6d88\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"955\" height=\"516\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/delete_default_vpcs.sh\u5b9f\u884c3.png\" alt=\"\" class=\"wp-image-184\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/delete_default_vpcs.sh\u5b9f\u884c3.png 955w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/delete_default_vpcs.sh\u5b9f\u884c3-300x162.png 300w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/delete_default_vpcs.sh\u5b9f\u884c3-768x415.png 768w\" sizes=\"auto, (max-width: 955px) 100vw, 955px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Budget%E3%82%A2%E3%83%A9%E3%83%BC%E3%83%88%E3%81%AE%E8%A8%AD%E5%AE%9A\"><\/span>Budget\u30a2\u30e9\u30fc\u30c8\u306e\u8a2d\u5b9a<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h5 class=\"wp-block-heading\">\u76ee\u7684<\/h5>\n\n\n\n<p>\u5c0f\u898f\u6a21\u5229\u7528\u306e\u5834\u5408\u3001\u4e88\u7b97\u306f\u6f64\u6ca2\u3058\u3083\u306a\u3044\u5834\u5408\u304c\u591a\u3044\u3067\u3059\u3088\u306d\u3002AWS\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4f5c\u6210\u3057\u3066\u6700\u521d\u306e\u5185\u306f\u7121\u6599\u67a0\u304c\u3042\u308b\u306e\u3067\u3001\u6bd4\u8f03\u7684\u52d5\u304d\u3084\u3059\u3044\u3067\u3059\u304c\u3001\u52e2\u3044\u4f59\u3063\u3066\u7121\u6599\u67a0\u306e\u5916\u5074\u3092\u4f7f\u3044\u307e\u304f\u3063\u3066\u3057\u307e\u3063\u305f\u308a\u3001\u3042\u308b\u3044\u306f\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7684\u306a\u554f\u984c\u3067\u4e0d\u6b63\u5229\u7528\u3055\u308c\u3066\u3001\u591a\u984d\u306e\u8acb\u6c42\u304c\u6765\u3066\u3073\u3063\u304f\u308a\u3059\u308b\u306e\u306f\u907f\u3051\u305f\u3044\u3068\u3053\u308d\u3067\u3059\u3002<br>\u305d\u3053\u3067\u3001\u5229\u7528\u6599\u304c\u95be\u5024\u3092\u8d85\u3048\u305f\u3089\u3001\u30e1\u30fc\u30eb\u30a2\u30e9\u30fc\u30c8\u3059\u308b\u8a2d\u5b9a\u3092\u3057\u3066\u304a\u304f\u3068\u3001\u81ea\u5206\u306e\u904e\u3061\u306b\u305b\u3088\u3001\u4e0d\u6b63\u5229\u7528\u306b\u305b\u3088\u3001\u65e9\u3081\u306b\u6c17\u4ed8\u3051\u3066\u826f\u3044\u3067\u3059\u3002<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">\u30b9\u30af\u30ea\u30d7\u30c8\u6e96\u5099<\/h5>\n\n\n\n<p><a href=\"#delete_default_vpcs_sh\">create_budgets.sh<\/a>\u306e---- Define ----\u30d6\u30ed\u30c3\u30af\u306b\u3001Budget\u30a2\u30e9\u30fc\u30c8\u306e\u8a2d\u5b9a\u304c\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\u306e\u3067\u3001\u304a\u597d\u307f\u306e\u5185\u5bb9\u306b\u66f4\u65b0\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<table style=\"border-collapse: collapse; width: 100%; height: 134px;\">\n<tbody>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; text-align: center; background-color: #daf2d0; height: 18px;\">#<\/td>\n<td style=\"width: 13.1466%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8a2d\u5b9a\u9805\u76ee<\/td>\n<td style=\"width: 30.3117%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8a2d\u5b9a\u3067\u304d\u308b\u5024<\/td>\n<td style=\"width: 51.3693%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8aac\u660e<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; height: 18px;\">1<\/td>\n<td style=\"width: 13.1466%; height: 18px;\">\n<div>\n<div><span>budgetName<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 18px;\">\u4efb\u610f\u306e\u6587\u5b57\u5217<\/td>\n<td style=\"width: 51.3693%; height: 18px;\">\n<div>\n<div><span>\u4f5c\u6210\u3059\u308b\u30d0\u30b8\u30a7\u30c3\u30c8\u540d<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"height: 36px; width: 5.17241%;\">2<\/td>\n<td style=\"height: 36px; width: 13.1466%;\">\n<div>\n<div><span>currency<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 36px;\">\u539f\u5247\u3068\u3057\u3066USD\u56fa\u5b9a<\/td>\n<td style=\"width: 51.3693%; height: 36px;\">\u652f\u6255\u901a\u8ca8<br>\u65e5\u672c\u5186(JPY)\u3092\u8a2d\u5b9a\u3059\u308b\u5834\u5408\u3001\u5225\u9014\u3001GUI\u3067\u652f\u6255\u901a\u8ca8\u3092JPY\u306b\u8a2d\u5b9a\u3057\u3066\u304a\u304f\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; height: 10px;\">3<\/td>\n<td style=\"width: 13.1466%; height: 10px;\">\n<div>\n<div>\n<div>\n<div><span>limitAmount<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 10px;\">\u4efb\u610f\u306e\u6570\u5024<\/td>\n<td style=\"width: 51.3693%; height: 10px;\">\n<p>\u30a2\u30e9\u30fc\u30c8\u3059\u308b\u5229\u7528\u6599\u306e\u95be\u5024\uff08\u652f\u6255\u901a\u8ca8\u5358\u4f4d\u306e\u91d1\u984d\uff09<br>\u306a\u304a\u3001\u5229\u7528\u6599\u306e\u7a4d\u7b97\u306f\u3001\u6708\u521d\u59cb\u307e\u308a\u6708\u672b\u7de0\u3081\u3067\u3059\u3002<\/p>\n<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"height: 52px; width: 5.17241%;\">4<\/td>\n<td style=\"height: 52px; width: 13.1466%;\">\n<div>\n<div>\n<div>\n<div><span>alertEmail<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 52px;\">\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9<\/td>\n<td style=\"width: 51.3693%; height: 52px;\">\n<div>\n<div><span>\u30a2\u30e9\u30fc\u30c8\u30e1\u30fc\u30eb\u3092\u9001\u308b\u901a\u77e5\u5148\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><\/p>\n\n\n\n<h5 class=\"wp-block-heading\">\u8a2d\u5b9a<\/h5>\n\n\n\n<p>\u66f4\u65b0\u3057\u305f\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u3001CloudShell\u306b\u3001\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u304f\u3060\u3055\u3044\u3002<br>CloudShell\u3067\u3001\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>bash .\/create_budgets.sh<\/code><\/pre><\/div>\n\n\n\n<p>\u8a2d\u5b9a\u5185\u5bb9\u3092\u8868\u793a\u3059\u308b\u306e\u3067\u3001\u78ba\u8a8d\u306e\u4e0a\u3001y\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"300\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_budgets.sh\u5b9f\u884c-1-1024x300.png\" alt=\"\" class=\"wp-image-282\" style=\"width:880px;height:auto\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_budgets.sh\u5b9f\u884c-1-1024x300.png 1024w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_budgets.sh\u5b9f\u884c-1-300x88.png 300w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_budgets.sh\u5b9f\u884c-1-768x225.png 768w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_budgets.sh\u5b9f\u884c-1-1536x450.png 1536w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_budgets.sh\u5b9f\u884c-1.png 1838w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"settingCloudTrailAlert\"><span class=\"ez-toc-section\" id=\"CloudTrail%E3%81%AE%E3%82%A2%E3%83%A9%E3%83%BC%E3%83%88%E8%A8%AD%E5%AE%9A\"><\/span>CloudTrail\u306e\u30a2\u30e9\u30fc\u30c8\u8a2d\u5b9a<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h5 class=\"wp-block-heading\">\u76ee\u7684<\/h5>\n\n\n\n<p>\u8272\u3005\u4e88\u9632\u7dda\u3092\u5f35\u308a\u5de1\u3089\u305b\u3066\u3082\u3001100%\u306e\u5b89\u5168\u306f\u306a\u3044\u306e\u3067\u3001\u4e07\u4e00\u3001\u4e0d\u6b63\u5229\u7528\u3055\u308c\u305f\u5834\u5408\u306b\u3001\u306a\u308b\u3079\u304f\u65e9\u304f\u691c\u77e5\u3057\u3001\u5bfe\u7b56\u306b\u7e4b\u3052\u305f\u3044\u3068\u3053\u308d\u3067\u3059\u3002\u6700\u8fd1\u306e\u653b\u6483\u8005\u306f\u3001\u3042\u307e\u308a\u6d3e\u624b\u306b\u81ea\u5df1\u9855\u793a\u305b\u305a\u3001\u306a\u308b\u3079\u304f\u6c17\u3065\u304b\u308c\u305a\u306b\u9577\u671f\u9593\u4e0d\u6b63\u5229\u7528\u3092\u7d9a\u3051\u308b\u306e\u304c\u30c8\u30ec\u30f3\u30c9\u3060\u305d\u3046\u3067\u3059\u3002<br>\u3053\u306e\u3088\u3046\u306a\u4e0d\u6b63\u5229\u7528\u3092\u306a\u308b\u65e9\u3067\u6c17\u3065\u304f\u306b\u306f\u3001AWS\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u5229\u7528\u3092\u76e3\u8996\u3057\u3001\u554f\u984c\u304c\u3042\u3063\u305f\u3089\u901a\u77e5\u3059\u308b\u4ed5\u7d44\u307f\u3092\u4f5c\u3063\u3066\u304a\u304f\u3068\u826f\u3044\u3067\u3059\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"180\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_cloudtrail_alert_Diagram-1-1024x180.png\" alt=\"\" class=\"wp-image-197\" style=\"width:1287px;height:auto\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_cloudtrail_alert_Diagram-1-1024x180.png 1024w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_cloudtrail_alert_Diagram-1-300x53.png 300w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_cloudtrail_alert_Diagram-1-768x135.png 768w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_cloudtrail_alert_Diagram-1-1536x270.png 1536w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_cloudtrail_alert_Diagram-1.png 1977w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>AWS\u30a2\u30ab\u30a6\u30f3\u30c8\u4e0a\u3067\u306e\u5229\u7528\u30a2\u30af\u30b7\u30e7\u30f3\u306f\u3001CloudTrail\u306b\u8a18\u9332\u3055\u308c\u307e\u3059\u3002\u3057\u304b\u3057\u3001\u305d\u306e\u307e\u307e\u3060\u3068\u8a18\u9332\u306f\u6d88\u3048\u3066\u3044\u304f\u306e\u3067\u3001\u4ee5\u4e0b2\u3064\u306e\u5bfe\u5fdc\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u4fdd\u7ba1\u306e\u305f\u3081\u306bS3\u30d0\u30b1\u30c3\u30c8\u306b\u81ea\u52d5\u9023\u643a\u3059\u308b<\/li>\n\n\n\n<li>\u554f\u984c\u306e\u691c\u77e5\u3068\u901a\u77e5\u306e\u305f\u3081\u306b\u3001Cloudwatch\u306b\u81ea\u52d5\u9023\u643a\u3059\u308b<\/li>\n<\/ul>\n\n\n\n<p>Cloudwatch\u306f\u3001\u30c7\u30fc\u30bf\u3092\u9577\u671f\u9593\u84c4\u7a4d\u3059\u308b\u306b\u306f\u3001\u6bd4\u8f03\u7684\u5358\u4fa1\u304c\u9ad8\u3044\u306e\u3067\u3001\u9577\u671f\u9593\u306e\u30c7\u30fc\u30bf\u4fdd\u7ba1\u306fS3\u30d0\u30b1\u30c3\u30c8\u306b\u3059\u308b\u306e\u304c\u30bb\u30aa\u30ea\u30fc\u3067\u3059\u3002\u307e\u305f\u3001\u4e00\u5fdc\u3001\u4f55\u304b\u3042\u3063\u305f\u6642\u306e\u305f\u3081\u306b\u8caf\u3081\u3066\u304a\u304f\u3051\u3069\u3001\u5b9a\u671f\u7684\u306b\u4f7f\u3046\u7528\u9014\u306f\u306a\u3044\u30c7\u30fc\u30bf\u306f\u3001\u66f4\u306b\u5b89\u4fa1\u306aS3 Glacier\u306b\u79fb\u3059\u306e\u3082\u30bb\u30aa\u30ea\u30fc\u3067\u3059\u3002<\/p>\n\n\n\n<p>Cloudwatch\u306b\u9023\u643a\u3057\u305fCloudTrail\u306e\u30a2\u30af\u30b7\u30e7\u30f3\u30c7\u30fc\u30bf\u306f\u3001\u4e0d\u6b63\u5229\u7528\u306e\u53ef\u80fd\u6027\u306e\u3042\u308b\u554f\u984c\u30a2\u30af\u30b7\u30e7\u30f3\u306e\u6761\u4ef6\u3092\u3001Cloudwatch Metrics Filter\u3067\u5b9a\u7fa9\u3084\u308a\u307e\u3059\u3002\u3053\u3053\u3067\u306f\u4ee5\u4e0b\u306e2\u3064\u3092\u554f\u984c\u30a2\u30af\u30b7\u30e7\u30f3\u3068\u3057\u3066\u5b9a\u7fa9\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>root\u30e6\u30fc\u30b6\u306b\u3088\u308bAWS\u30b3\u30f3\u30bd\u30fc\u30eb\u3078\u306e\u30ed\u30b0\u30a4\u30f3<\/li>\n\n\n\n<li>\u666e\u6bb5\u5229\u7528\u3057\u306a\u3044\u30ea\u30fc\u30b8\u30e7\u30f3\u3067\u306e\u66f4\u65b0\u7cfb\u30a2\u30af\u30b7\u30e7\u30f3<\/li>\n<\/ol>\n\n\n\n<p>\u4e0a\u8a181\u306f\u3001\u524d\u8ff0\u306e\u300croot\u30e6\u30fc\u30b6\u306f\u666e\u6bb5\u4f7f\u308f\u306a\u3044\u300d\u306e\u65b9\u91dd\u306e\u3082\u3068\u3001\u3082\u3057\u3001\u81ea\u5206\u306f\u4f7f\u3063\u3066\u306a\u3044\u3051\u3069\u3001root\u30e6\u30fc\u30b6\u3067\u30ed\u30b0\u30a4\u30f3\u304c\u3042\u3063\u305f\u3089\u3001AWS\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u4e57\u3063\u53d6\u3089\u308c\u305f\u53ef\u80fd\u6027\u304c\u9ad8\u3044\u3067\u3059\u3002<br>\u4e0a\u8a182\u306f\u3001\u666e\u6bb5\u4f7f\u3063\u3066\u3044\u308b\u30ea\u30fc\u30b8\u30e7\u30f3\u306b\u3001\u898b\u77e5\u3089\u306c\u30ea\u30bd\u30fc\u30b9\u304c\u4f5c\u3089\u308c\u3066\u3044\u305f\u3089\u3001\u6c17\u3065\u304d\u307e\u3059\u304c\u3001\u666e\u6bb5\u4f7f\u3063\u3066\u3044\u306a\u3044\u30ea\u30fc\u30b8\u30e7\u30f3\u306f\u3001\u308f\u3056\u308f\u3056\u898b\u306b\u884c\u304b\u306a\u3044\u306e\u3067\u3001\u6c17\u3065\u304d\u306b\u304f\u3044\u305f\u3081\u3001\u9577\u671f\u9593\u4e0d\u6b63\u5229\u7528\u3055\u308c\u3066\u3057\u307e\u3046\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u308c\u3092\u306a\u308b\u65e9\u3067\u6c17\u3065\u304f\u305f\u3081\u306e\u30eb\u30fc\u30eb\u3067\u3059\u304c\u3001\u4f8b\u3048\u3070\u3001\u666e\u6bb5\u6771\u4eac\u30ea\u30fc\u30b8\u30e7\u30f3(ap-northeast-1)\u3060\u3051\u4f7f\u3063\u3066\u3044\u3066\u3082\u3001\u30b0\u30ed\u30fc\u30d0\u30eb\u30b5\u30fc\u30d3\u30b9(IAM\u306a\u3069)\u306f\u3001\u30d0\u30fc\u30b8\u30cb\u30a2(us-east-1)\u306a\u3069\u3067\u52d5\u4f5c\u3059\u308b\u30a2\u30af\u30b7\u30e7\u30f3\u306a\u306e\u3067\u3001\u8aa4\u691c\u77e5\u304c\u591a\u304f\u306a\u308a\u304c\u3061\u3067\u3059\u3002\u4e0b\u8a18\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u306f\u3001\u306a\u308b\u3079\u304f\u8aa4\u691c\u77e5\u304c\u7121\u3044\u3088\u3046\u306b\u3001\u30b0\u30ed\u30fc\u30d0\u30eb\u30b5\u30fc\u30d3\u30b9\u306e\u30a2\u30af\u30b7\u30e7\u30f3\u3092\u9664\u5916\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<p>Cloudwatch Metrics Filter\u306b\u5b9a\u7fa9\u3057\u305f\u554f\u984c\u30a2\u30af\u30b7\u30e7\u30f3\u3092\u691c\u77e5\u3057\u305f\u3089\u3001Cloudwatch Alarm\u304c\u3001SNS Topic\u3092\u547c\u3073\u51fa\u3057\u3001SNS Topic\u306b\u767b\u9332\u3055\u308c\u3066\u3044\u308bEmail Subscription\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306b\u30e1\u30fc\u30eb\u901a\u77e5\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">\u30b9\u30af\u30ea\u30d7\u30c8\u6e96\u5099<\/h5>\n\n\n\n<h6 class=\"wp-block-heading\">create_trail_s3.sh<\/h6>\n\n\n\n<p>\u3053\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u3001CloudTrail\u304b\u3089\u8a3c\u8de1\u30ed\u30b0\u30c7\u30fc\u30bf\u3092\u9023\u643a\u3057\u3001\u4fdd\u7ba1\u3059\u308bS3\u30d0\u30b1\u30c3\u30c8\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<br><a href=\"#create_trail_s3.sh\">create_trail_s3.sh<\/a>\u306e---- Define ----\u30d6\u30ed\u30c3\u30af\u306b\u3001S3\u30d0\u30b1\u30c3\u30c8\u8a2d\u5b9a\u304c\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\u306e\u3067\u3001\u304a\u597d\u307f\u306e\u5185\u5bb9\u306b\u66f4\u65b0\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<table style=\"border-collapse: collapse; width: 100%; height: 82px;\">\n<tbody>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; text-align: center; background-color: #daf2d0; height: 18px;\">#<\/td>\n<td style=\"width: 13.1466%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8a2d\u5b9a\u9805\u76ee<\/td>\n<td style=\"width: 30.3117%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8a2d\u5b9a\u3067\u304d\u308b\u5024<\/td>\n<td style=\"width: 51.3693%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8aac\u660e<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; height: 18px;\">1<\/td>\n<td style=\"width: 13.1466%; height: 18px;\">\n<div>\n<div><span>s3Bucket<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 18px;\">\n<div>\n<div><span>${<\/span><span>TRAIL_S3_KEY<\/span><span>}$(<\/span><span>altAwsIdStr<\/span><span> <\/span><span>12<\/span><span>)<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 51.3693%; height: 18px;\">\n<div>\n<div><span>CloudTrail\u30c7\u30fc\u30bf\u3092\u4fdd\u7ba1\u3059\u308bS3\u30d0\u30b1\u30c3\u30c8\u540d\uff08TRAIL_S3_KEY\u306f\u3001<a href=\"#awsenv.sh\" data-type=\"internal\" data-id=\"#awsenv.sh\">awsenv.sh<\/a>\u3067\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\uff09<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"height: 36px; width: 5.17241%;\">2<\/td>\n<td style=\"height: 36px; width: 13.1466%;\">\n<div>\n<div><span>s3Retention<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 36px;\">\u65e5\u6570<\/td>\n<td style=\"width: 51.3693%; height: 36px;\">\u6a19\u6e96\u306eS3\u30d0\u30b1\u30c3\u30c8\u30b9\u30c8\u30ec\u30fc\u30b8\u306bCloudTrail\u30c7\u30fc\u30bf\u3092\u4fdd\u7ba1\u3059\u308b\u65e5\u6570\uff08\u3053\u306e\u65e5\u6570\u3092\u7d4c\u904e\u3057\u3066\u30c7\u30fc\u30bf\u306f\u3001DeepArchive\u306b\u79fb\u884c\uff09<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; height: 10px;\">3<\/td>\n<td style=\"width: 13.1466%; height: 10px;\">\n<div>\n<div><span>daRetention<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 10px;\">\u65e5\u6570<\/td>\n<td style=\"width: 51.3693%; height: 10px;\">\n<p>DeepArchive\u306eS3\u30d0\u30b1\u30c3\u30c8\u30b9\u30c8\u30ec\u30fc\u30b8\u306bCloudTrail\u30c7\u30fc\u30bf\u3092\u4fdd\u7ba1\u3059\u308b\u65e5\u6570\uff08\u3053\u306e\u65e5\u6570\u3092\u7d4c\u904e\u3057\u305f\u30c7\u30fc\u30bf\u306f\u524a\u9664\uff09<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n<h6 class=\"wp-block-heading\">create_trail_cwlog.sh<\/h6>\n\n\n\n<p>\u3053\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u3001CloudTrail\u304b\u3089\u8a3c\u8de1\u30ed\u30b0\u30c7\u30fc\u30bf\u3092\u9023\u643a\u3057\u3001\u76e3\u8996\u3059\u308b\u305f\u3081\u306eCloudWatch\u30ed\u30b0\u30b0\u30eb\u30fc\u30d7\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<br><a href=\"#create_trail_cwlog.sh\">create_trail_cwlog.sh<\/a>\u306e----Define----\u30d6\u30ed\u30c3\u30af\u306b\u3001CloudWatch\u30ed\u30b0\u30b0\u30eb\u30fc\u30d7\u8a2d\u5b9a\u304c\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\u306e\u3067\u3001\u304a\u597d\u307f\u306e\u5185\u5bb9\u306b\u66f4\u65b0\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<table style=\"border-collapse: collapse; width: 100%; height: 131px;\">\n<tbody>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; text-align: center; background-color: #daf2d0; height: 18px;\">#<\/td>\n<td style=\"width: 13.1466%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8a2d\u5b9a\u9805\u76ee<\/td>\n<td style=\"width: 30.3117%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8a2d\u5b9a\u3067\u304d\u308b\u5024<\/td>\n<td style=\"width: 51.3693%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8aac\u660e<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; height: 18px;\">1<\/td>\n<td style=\"width: 13.1466%; height: 18px;\">\n<div>\n<div><span>TRAIL_LOG_GROUP<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 18px;\">\n<div>\n<div><span>\u4efb\u610f\u306e\u6587\u5b57\u5217<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 51.3693%; height: 18px;\"><span><span>CloudTrail\u30c7\u30fc\u30bf\u3092\u9023\u643a\u3059\u308bCloudWatch\u30ed\u30b0\u30b0\u30eb\u30fc\u30d7\u540d\uff08<\/span><\/span>TRAIL_LOG_GROUP<span>\u306f\u3001<a href=\"#awsenv.sh\" data-type=\"internal\" data-id=\"#awsenv.sh\">awsenv.sh<\/a>\u3067\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\uff09<br><\/span><\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"height: 36px; width: 5.17241%;\">2<\/td>\n<td style=\"height: 36px; width: 13.1466%;\">\n<div>\n<div><span>logRetention<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 36px;\">\u65e5\u6570<\/td>\n<td style=\"width: 51.3693%; height: 36px;\">CloudWatch\u30ed\u30b0\u30b0\u30eb\u30fc\u30d7\u306bCloudTrail\u30c7\u30fc\u30bf\u3092\u4fdd\u7ba1\u3059\u308b\u65e5\u6570\uff08\u3053\u306e\u65e5\u6570\u3092\u7d4c\u904e\u3057\u3066\u30c7\u30fc\u30bf\u306f\u524a\u9664\uff09<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; height: 10px;\">3<\/td>\n<td style=\"width: 13.1466%; height: 10px;\">\n<div>\n<div><span>TRAIL_CW_ROLE<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 10px;\">\u4efb\u610f\u306e\u6587\u5b57\u5217<\/td>\n<td style=\"width: 51.3693%; height: 10px;\">\n<p>CloudTrail\u306b\u3001CloudWatch\u30ed\u30b0\u30b0\u30eb\u30fc\u30d7\u3078\u306e\u66f8\u304d\u8fbc\u307f\u6a29\u9650\u3092\u4e0e\u3048\u308bIAM\u30ed\u30fc\u30eb\u540d\uff08<span>TRAIL_CW_ROLE\u306f\u3001<a href=\"#awsenv.sh\" data-type=\"internal\" data-id=\"#awsenv.sh\">awsenv.sh<\/a>\u3067\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\uff09<\/span><\/p>\n<\/td>\n<\/tr>\n<tr style=\"height: 49px;\">\n<td style=\"width: 5.17241%; height: 49px;\">4<\/td>\n<td style=\"width: 13.1466%; height: 49px;\">\n<div>\n<div>\n<div>\n<div><span>policyName<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 49px;\">\u4efb\u610f\u306e\u6587\u5b57\u5217<\/td>\n<td style=\"width: 51.3693%; height: 49px;\">\n<p><span>TRAIL_CW_ROLE\u306e\u30a4\u30f3\u30e9\u30a4\u30f3\u6a29\u9650\u30dd\u30ea\u30b7\u30fc\u540d<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><\/p>\n\n\n\n<h6 class=\"wp-block-heading\">create_cloudtrail.sh<\/h6>\n\n\n\n<p>\u3053\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u3001CloudTrail\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<br><a href=\"#create_cloudtrail.sh\">create_cloudtrail.sh<\/a>\u306e---- Define ----\u30d6\u30ed\u30c3\u30af\u306b\u3001S3\u30d0\u30b1\u30c3\u30c8\u8a2d\u5b9a\u304c\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\u306e\u3067\u3001\u304a\u597d\u307f\u306e\u5185\u5bb9\u306b\u66f4\u65b0\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<table style=\"border-collapse: collapse; width: 100%; height: 108px;\">\n<tbody>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; text-align: center; background-color: #daf2d0; height: 18px;\">#<\/td>\n<td style=\"width: 13.1466%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8a2d\u5b9a\u9805\u76ee<\/td>\n<td style=\"width: 30.3117%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8a2d\u5b9a\u3067\u304d\u308b\u5024<\/td>\n<td style=\"width: 51.3693%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8aac\u660e<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; height: 18px;\">1<\/td>\n<td style=\"width: 13.1466%; height: 18px;\">\n<div>\n<div><span>trailName<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 18px;\">\n<div>\n<div><span>\u4efb\u610f\u306e\u6587\u5b57\u5217<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 51.3693%; height: 18px;\"><span>CloudTrail\u540d<\/span><span><br><\/span><\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"height: 36px; width: 5.17241%;\">2<\/td>\n<td style=\"height: 36px; width: 13.1466%;\">\n<div>\n<div>\n<div>\n<div><span>s3Bucket<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 36px;\">\n<div>\n<div><span>${<\/span><span>TRAIL_S3_KEY<\/span><span>}$(<\/span><span>altAwsIdStr<\/span><span> <\/span><span>12<\/span><span>)<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 51.3693%; height: 36px;\">\n<div>\n<div><span>CloudTrail\u30c7\u30fc\u30bf\u3092\u4fdd\u7ba1\u3059\u308bS3\u30d0\u30b1\u30c3\u30c8\u540d\uff08TRAIL_S3_KEY\u306f\u3001<a href=\"#awsenv.sh\" data-type=\"internal\" data-id=\"#awsenv.sh\">awsenv.sh<\/a>\u3067\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\uff09<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr style=\"height: 36px;\">\n<td style=\"width: 5.17241%; height: 36px;\">3<\/td>\n<td style=\"width: 13.1466%; height: 36px;\">\n<div>\n<div>\n<div>\n<div>\n<div>\n<div><span>trailLogGroupARN<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 36px;\">\n<div>\n<div>\n<div>\n<div><span>arn:aws:logs:${<\/span><span>REGION<\/span><span>}:${<\/span><span>ACCOUNT_ID<\/span><span>}:log-group:${<\/span><span>TRAIL_LOG_GROUP<\/span><span>}<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 51.3693%; height: 36px;\">\n<div>\n<div><span>CloudTrail\u30c7\u30fc\u30bf\u3092\u9023\u643a\u3059\u308bCloudWatch\u30ed\u30b0\u30b0\u30eb\u30fc\u30d7\u306eARN\uff08TRAIL_LOG_GROUP\u306f\u3001<a href=\"#awsenv.sh\" data-type=\"internal\" data-id=\"#awsenv.sh\">awsenv.sh<\/a>\u3067\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\uff09<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n<h6 class=\"wp-block-heading\">create_sns_topic.sh<\/h6>\n\n\n\n<p>\u3053\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u3001CloudTrail\u306e\u30ed\u30b0\u306b\u7570\u5e38\u3092\u691c\u77e5\u3057\u305f\u969b\u306e\u901a\u77e5\u7528SNS\u30c8\u30d4\u30c3\u30af\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<br><a href=\"#create_sns_topic.sh\">create_sns_topic.sh<\/a>\u306e---- Define ----\u30d6\u30ed\u30c3\u30af\u306b\u3001S3\u30d0\u30b1\u30c3\u30c8\u8a2d\u5b9a\u304c\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\u306e\u3067\u3001\u304a\u597d\u307f\u306e\u5185\u5bb9\u306b\u66f4\u65b0\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<table style=\"border-collapse: collapse; width: 100%; height: 108px;\">\n<tbody>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; text-align: center; background-color: #daf2d0; height: 18px;\">#<\/td>\n<td style=\"width: 13.1466%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8a2d\u5b9a\u9805\u76ee<\/td>\n<td style=\"width: 30.3117%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8a2d\u5b9a\u3067\u304d\u308b\u5024<\/td>\n<td style=\"width: 51.3693%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8aac\u660e<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; height: 18px;\">1<\/td>\n<td style=\"width: 13.1466%; height: 18px;\">\n<div>\n<div><span>SNS_TOPIC_NAME<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 18px;\">\n<div>\n<div><span>\u4efb\u610f\u306e\u6587\u5b57\u5217<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 51.3693%; height: 18px;\"><span><span>\u4f5c\u6210\u3059\u308bSNS\u30c8\u30d4\u30c3\u30af\u540d\uff08<\/span><\/span>SNS_TOPIC_NAME<span>\u306f\u3001<a href=\"#awsenv.sh\" data-type=\"internal\" data-id=\"#awsenv.sh\">awsenv.sh<\/a>\u3067\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\uff09<\/span><span><br><\/span><\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"height: 36px; width: 5.17241%;\">2<\/td>\n<td style=\"height: 36px; width: 13.1466%;\">\n<div>\n<div><span>alertEmail<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 36px;\">\n<div>\n<div><span>E\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 51.3693%; height: 36px;\">\n<div>\n<div><span>\u30a2\u30e9\u30fc\u30c8\u901a\u77e5\u5148\u306eE\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n<h6 class=\"wp-block-heading\">setting_cw_alarm.sh<\/h6>\n\n\n\n<p>\u3053\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u3001CloudWatch\u306e\u30ed\u30b0\u3092\u9023\u643a\u3057\u305fCloudWatch\u30ed\u30b0\u30b0\u30eb\u30fc\u30d7\u306b\u7570\u5e38\u4e8b\u614b\uff08root\u30e6\u30fc\u30b6\u3067\u306e\u30ed\u30b0\u30a4\u30f3\u3068\u3001\u4f7f\u7528\u3057\u3066\u3044\u306a\u3044\u30ea\u30fc\u30b8\u30e7\u30f3\u3078\u306e\u30a2\u30af\u30bb\u30b9\uff09\u306e\u30a2\u30e9\u30fc\u30c8\u5b9a\u7fa9\u3092\u8a2d\u5b9a\u3057\u3001\u7570\u5e38\u3092\u691c\u77e5\u3057\u305f\u969b\u306b\u3001\u901a\u77e5\u7528SNS\u30c8\u30d4\u30c3\u30af\u306b\u9023\u643a\u3059\u308b\u8a2d\u5b9a\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<p><\/p>\n<table style=\"border-collapse: collapse; width: 100%; height: 108px;\">\n<tbody>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; text-align: center; background-color: #daf2d0; height: 18px;\">#<\/td>\n<td style=\"width: 13.1466%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8a2d\u5b9a\u9805\u76ee<\/td>\n<td style=\"width: 30.3117%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8a2d\u5b9a\u3067\u304d\u308b\u5024<\/td>\n<td style=\"width: 51.3693%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8aac\u660e<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; height: 18px;\">1<\/td>\n<td style=\"width: 13.1466%; height: 18px;\">\n<div>\n<div><span>topicARN<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 18px;\">\n<div>\n<div><span>arn:aws:sns:ap-northeast-1:${<\/span><span>ACCOUNT_ID<\/span><span>}:${<\/span><span>SNS_TOPIC_NAME<\/span><span>}<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 51.3693%; height: 18px;\"><span>\u9023\u643a\u5148SNS\u30c8\u30d4\u30c3\u30af\u540d\uff08<\/span>SNS_TOPIC_NAME<span>\u306f\u3001<a href=\"#awsenv.sh\" data-type=\"internal\" data-id=\"#awsenv.sh\">awsenv.sh<\/a>\u3067\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\uff09<\/span><span><br><\/span><\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"height: 36px; width: 5.17241%;\">2<\/td>\n<td style=\"height: 36px; width: 13.1466%;\">\n<div>\n<div><span>rootFilterName<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%;\">\n<div>\n<div><span>\u4efb\u610f\u306e\u6587\u5b57\u5217&nbsp;<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 51.3693%;\">\n<div>\n<div>\n<div>\n<div><span>root\u30e6\u30fc\u30b6\u30ed\u30b0\u30a4\u30f3\u691c\u77e5\u306eCloudWatch\u30ed\u30b0\u30d5\u30a3\u30eb\u30bf\u540d<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 5.17241%;\">3<\/td>\n<td style=\"width: 13.1466%;\">\n<div>\n<div>\n<div>\n<div><span>rootMetricName<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%;\">\n<div>\n<div><span>&nbsp;\u4efb\u610f\u306e\u6587\u5b57\u5217<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 51.3693%;\">\n<div>\n<div>\n<div>\n<div><span>root\u30e6\u30fc\u30b6\u30ed\u30b0\u30a4\u30f3\u691c\u77e5\u306eCloudWatch\u30e1\u30c8\u30ea\u30af\u30b9\u540d<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 5.17241%;\">4<\/td>\n<td style=\"width: 13.1466%;\">\n<div>\n<div>\n<div>\n<div><span>alarmRootName<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%;\">\n<div>\n<div><span>&nbsp;\u4efb\u610f\u306e\u6587\u5b57\u5217<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 51.3693%;\">\n<div>\n<div>\n<div>\n<div><span>root\u30e6\u30fc\u30b6\u30ed\u30b0\u30a4\u30f3\u691c\u77e5\u306eCloudWatch\u30a2\u30e9\u30fc\u30e0\u540d<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 5.17241%;\">5<\/td>\n<td style=\"width: 13.1466%;\">\n<div>\n<div>\n<div>\n<div><span>disallowedFilterName<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%;\">\n<div>\n<div><span>\u4efb\u610f\u306e\u6587\u5b57\u5217<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 51.3693%;\">\n<div>\n<div>\n<div>\n<div>\n<div>\n<div><span>\u672a\u4f7f\u7528\u30ea\u30fc\u30b8\u30e7\u30f3\u30a2\u30af\u30bb\u30b9\u691c\u77e5\u306eCloudWatch\u30ed\u30b0\u30d5\u30a3\u30eb\u30bf\u540d<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 5.17241%;\">6<\/td>\n<td style=\"width: 13.1466%;\">\n<div>\n<div>\n<div>\n<div><span>disallowedMetricName<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%;\">\n<div>\n<div><span>\u4efb\u610f\u306e\u6587\u5b57\u5217<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 51.3693%;\">\n<div>\n<div>\n<div>\n<div><span>\u672a\u4f7f\u7528\u30ea\u30fc\u30b8\u30e7\u30f3\u30a2\u30af\u30bb\u30b9\u691c\u77e5\u306eCloudWatch\u30e1\u30c8\u30ea\u30af\u30b9\u540d<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 5.17241%;\">7<\/td>\n<td style=\"width: 13.1466%;\">\n<div>\n<div>\n<div>\n<div><span>alarmApiName<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%;\">\n<div>\n<div><span>\u4efb\u610f\u306e\u6587\u5b57\u5217<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 51.3693%;\">\n<div>\n<div>\n<div>\n<div><span>\u672a\u4f7f\u7528\u30ea\u30fc\u30b8\u30e7\u30f3\u30a2\u30af\u30bb\u30b9\u691c\u77e5\u306eCloudWatch\u30a2\u30e9\u30fc\u30e0\u540d<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 5.17241%;\">8<\/td>\n<td style=\"width: 13.1466%;\">\n<div>\n<div>\n<div>\n<div><span>allowedRegionsCSV<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%;\">\n<div>\n<div>\n<div>\n<div><span>${<\/span><span>REGION<\/span><span>},${<\/span><span>OTHER_REGION<\/span><span>}<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 51.3693%;\">\n<div>\n<div><span>\u901a\u5e38\u4f7f\u7528\u3059\u308b\u30ea\u30fc\u30b8\u30e7\u30f3(REGION\u3001OTHER_REGION<\/span><span>\u306f\u3001<a href=\"#awsenv.sh\" data-type=\"internal\" data-id=\"#awsenv.sh\">awsenv.sh<\/a>\u3067\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059)<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 5.17241%;\">9<\/td>\n<td style=\"width: 13.1466%;\">\n<div>\n<div>\n<div>\n<div><span>excludeGlobal<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%;\">\n<div>\n<div><span>CloudWatch\u30ed\u30b0\u30d5\u30a3\u30eb\u30bf\u306e\u6761\u4ef6\u6587<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 51.3693%;\">\n<div>\n<div><span>\u672a\u4f7f\u7528\u30ea\u30fc\u30b8\u30e7\u30f3\u30a2\u30af\u30bb\u30b9\u306e\u8a72\u5f53\u6761\u4ef6<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><\/p>\n\n\n\n<h5 class=\"wp-block-heading\">\u8a2d\u5b9a<\/h5>\n\n\n\n<p>\u66f4\u65b0\u3057\u305f\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u3001CloudShell\u306b\u3001\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u304f\u3060\u3055\u3044\u3002<br>CloudShell\u3067\u3001\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u9806\u756a\u306b\u5b9f\u884c\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<h6 class=\"wp-block-heading\">create_trail_s3.sh<\/h6>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>bash .\/create_trail_s3.sh<\/code><\/pre><\/div>\n\n\n\n<p>\u8a2d\u5b9a\u5185\u5bb9\u3092\u8868\u793a\u3059\u308b\u306e\u3067\u3001\u78ba\u8a8d\u306e\u4e0a\u3001y\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"359\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_trail_s3.sh\u5b9f\u884c-1024x359.png\" alt=\"\" class=\"wp-image-285\" style=\"width:953px;height:auto\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_trail_s3.sh\u5b9f\u884c-1024x359.png 1024w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_trail_s3.sh\u5b9f\u884c-300x105.png 300w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_trail_s3.sh\u5b9f\u884c-768x269.png 768w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_trail_s3.sh\u5b9f\u884c.png 1048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h6 class=\"wp-block-heading\">create_trail_cwlog.sh<\/h6>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>bash .\/create_trail_cwlog.sh<\/code><\/pre><\/div>\n\n\n\n<p>\u8a2d\u5b9a\u5185\u5bb9\u3092\u8868\u793a\u3059\u308b\u306e\u3067\u3001\u78ba\u8a8d\u306e\u4e0a\u3001y\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"896\" height=\"520\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_trail_cwlog.sh\u5b9f\u884c.png\" alt=\"\" class=\"wp-image-287\" style=\"width:829px;height:auto\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_trail_cwlog.sh\u5b9f\u884c.png 896w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_trail_cwlog.sh\u5b9f\u884c-300x174.png 300w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_trail_cwlog.sh\u5b9f\u884c-768x446.png 768w\" sizes=\"auto, (max-width: 896px) 100vw, 896px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h6 class=\"wp-block-heading\">create_cloudtrail.sh<\/h6>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>bash .\/create_cloudtrail.sh<\/code><\/pre><\/div>\n\n\n\n<p>\u8a2d\u5b9a\u5185\u5bb9\u3092\u8868\u793a\u3059\u308b\u306e\u3067\u3001\u78ba\u8a8d\u306e\u4e0a\u3001y\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"960\" height=\"380\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_cloudtrail.sh\u5b9f\u884c.png\" alt=\"\" class=\"wp-image-288\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_cloudtrail.sh\u5b9f\u884c.png 960w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_cloudtrail.sh\u5b9f\u884c-300x119.png 300w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_cloudtrail.sh\u5b9f\u884c-768x304.png 768w\" sizes=\"auto, (max-width: 960px) 100vw, 960px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h6 class=\"wp-block-heading\">create_sns_topic.sh<\/h6>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>bash .\/create_sns_topic.sh<\/code><\/pre><\/div>\n\n\n\n<p>\u8a2d\u5b9a\u5185\u5bb9\u3092\u8868\u793a\u3059\u308b\u306e\u3067\u3001\u78ba\u8a8d\u306e\u4e0a\u3001y\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"148\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_sns_topic\u5b9f\u884c-1024x148.png\" alt=\"\" class=\"wp-image-289\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_sns_topic\u5b9f\u884c-1024x148.png 1024w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_sns_topic\u5b9f\u884c-300x43.png 300w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_sns_topic\u5b9f\u884c-768x111.png 768w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_sns_topic\u5b9f\u884c.png 1256w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>\u300cAWS Notification - Subscription Confirmation\u300d\u3068\u8a00\u3046\u4ef6\u540d\u306e\u30e1\u30fc\u30eb\u304c\u3001\u300c<a href=\"mailto:no-reply@sns.amazonaws.com\">no-reply@sns.amazonaws.com<\/a>\u300d\u304b\u3089\u5c4a\u304f\u306e\u3067\u3001\u300cConfirm Subscription\u300d\u3092\u62bc\u3057\u3066\u30e1\u30fc\u30eb\u901a\u77e5\u3092\u6709\u52b9\u306b\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h6 class=\"wp-block-heading\">setting_cw_alarm.sh<\/h6>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>bash .\/setting_cw_alarm.sh<\/code><\/pre><\/div>\n\n\n\n<p>\u8a2d\u5b9a\u5185\u5bb9\u3092\u8868\u793a\u3059\u308b\u306e\u3067\u3001\u78ba\u8a8d\u306e\u4e0a\u3001y\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"327\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_cw_alarm\u5b9f\u884c-1024x327.png\" alt=\"\" class=\"wp-image-290\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_cw_alarm\u5b9f\u884c-1024x327.png 1024w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_cw_alarm\u5b9f\u884c-300x96.png 300w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_cw_alarm\u5b9f\u884c-768x246.png 768w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/setting_cw_alarm\u5b9f\u884c.png 1101w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>\u3053\u308c\u3067\u3001\u4e0d\u6e2c\u306e\u4e8b\u614b\u306b\u30e1\u30fc\u30eb\u304c\u5c4a\u304f\u3088\u3046\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002<br>\u8a66\u3057\u306b\u3001AWS\u30b3\u30f3\u30bd\u30fc\u30eb\u306b\u3001root\u30e6\u30fc\u30b6\u3067\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u307f\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"CloudWatch_Query%E3%81%AE%E8%A8%AD%E5%AE%9A\"><\/span>CloudWatch Query\u306e\u8a2d\u5b9a<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h5 class=\"wp-block-heading\">\u76ee\u7684<\/h5>\n\n\n\n<p>\u3055\u3066\u3001AWS\u30a2\u30ab\u30a6\u30f3\u30c8\u3067\u306e\u4e0d\u6e2c\u306e\u4e8b\u614b\u306b\u30e1\u30fc\u30eb\u304c\u5c4a\u304f\u3088\u3046\u306b\u306a\u308a\u307e\u3057\u305f\u304c\u3001\u30e1\u30fc\u30eb\u81ea\u4f53\u306b\u306f\u5927\u3057\u305f\u60c5\u5831\u306f\u8a18\u8f09\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3002\u3042\u304f\u307e\u3067\u901a\u77e5\u306b\u3088\u308b\u30a2\u30c6\u30f3\u30b7\u30e7\u30f3\u304c\u76ee\u7684\u3060\u304b\u3089\u3067\u3059\u3002<br>\u8aa4\u691c\u77e5\u304b\u3082\u3057\u308c\u306a\u3044\u3057\u3001\u672c\u5f53\u306b\u4e0d\u6b63\u5229\u7528\u3055\u308c\u3066\u3044\u308b\u304b\u3082\u3057\u308c\u306a\u3044\u306e\u3067\u3001\u8abf\u67fb\u624b\u6bb5\u3092\u6e96\u5099\u3057\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"177\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_loginsight_query_Diagram-1024x177.png\" alt=\"\" class=\"wp-image-200\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_loginsight_query_Diagram-1024x177.png 1024w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_loginsight_query_Diagram-300x52.png 300w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_loginsight_query_Diagram-768x133.png 768w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_loginsight_query_Diagram-1536x266.png 1536w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_loginsight_query_Diagram.png 2024w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>CloudWatch Insights\u306eQuery\u3092\u767b\u9332\u3057\u3066\u304a\u304d\u3001\u30e1\u30fc\u30eb\u901a\u77e5\u304c\u3042\u3063\u305f\u3089\u3001\u3053\u306e\u30af\u30a8\u30ea\u3092\u5b9f\u884c\u3057\u3066\u3001\u8a72\u5f53\u30c7\u30fc\u30bf\u3092\u691c\u7d22\u3057\u3001\u8a73\u7d30\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">\u30b9\u30af\u30ea\u30d7\u30c8\u6e96\u5099<\/h5>\n\n\n\n<p><a href=\"#create_loginsight_query.sh\">create_loginsight_query.sh<\/a>\u306e---- Define ----\u30d6\u30ed\u30c3\u30af\u306b\u3001\u30af\u30a8\u30ea\u306e\u8a2d\u5b9a\u304c\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\u306e\u3067\u3001\u304a\u597d\u307f\u306e\u5185\u5bb9\u306b\u66f4\u65b0\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<table style=\"border-collapse: collapse; width: 100%; height: 82px;\">\n<tbody>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; text-align: center; background-color: #daf2d0; height: 18px;\">#<\/td>\n<td style=\"width: 13.1466%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8a2d\u5b9a\u9805\u76ee<\/td>\n<td style=\"width: 30.3117%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8a2d\u5b9a\u3067\u304d\u308b\u5024<\/td>\n<td style=\"width: 51.3693%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8aac\u660e<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; height: 18px;\">1<\/td>\n<td style=\"width: 13.1466%; height: 18px;\">\n<div>\n<div><span>queryDir<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 18px;\">\n<div>\n<div><span>\u4efb\u610f\u306e\u6587\u5b57\u5217<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 51.3693%; height: 18px;\">\u30af\u30a8\u30ea\u3092\u307e\u3068\u3081\u308b\u30d5\u30a9\u30eb\u30c0\u540d<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"height: 36px; width: 5.17241%;\">2<\/td>\n<td style=\"height: 36px; width: 13.1466%;\">\n<div>\n<div>\n<div>\n<div><span>queryRootName<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 36px;\">\u4efb\u610f\u306e\u6587\u5b57\u5217<\/td>\n<td style=\"width: 51.3693%; height: 36px;\">Root\u30e6\u30fc\u30b6\u30ed\u30b0\u30a4\u30f3\u78ba\u8a8d\u7528\u30af\u30a8\u30ea\u540d<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; height: 10px;\">3<\/td>\n<td style=\"width: 13.1466%; height: 10px;\">\n<div>\n<div><span>queryApiRegionName<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 10px;\">\u4efb\u610f\u306e\u6587\u5b57\u5217<\/td>\n<td style=\"width: 51.3693%; height: 10px;\">\n<div>\n<div><span>\u672a\u4f7f\u7528\u30ea\u30fc\u30b8\u30e7\u30f3\u30a2\u30af\u30bb\u30b9\u78ba\u8a8d\u7528\u30af\u30a8\u30ea<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 5.17241%;\">4<\/td>\n<td style=\"width: 13.1466%;\">\n<div>\n<div>\n<div>\n<div><span>allowedRegionsCSV<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%;\">\n<div>\n<div><span>${<\/span><span>REGION<\/span><span>},${<\/span><span>OTHER_REGION<\/span><span>}<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 51.3693%;\">\n<div>\n<div><span>\u901a\u5e38\u4f7f\u7528\u3059\u308b\u30ea\u30fc\u30b8\u30e7\u30f3(REGION\u3001OTHER_REGION\u306f\u3001<a href=\"#awsenv.sh\" data-type=\"internal\" data-id=\"#awsenv.sh\">awsenv.sh<\/a>\u3067\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059)<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n<h5 class=\"wp-block-heading\">\u8a2d\u5b9a<\/h5>\n\n\n\n<p>\u66f4\u65b0\u3057\u305f\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u3001CloudShell\u306b\u3001\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u304f\u3060\u3055\u3044\u3002<br>CloudShell\u3067\u3001\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\"><code>bash .\/create_loginsight_query.sh<\/code><\/pre><\/div>\n\n\n\n<p>\u8a2d\u5b9a\u5185\u5bb9\u3092\u8868\u793a\u3059\u308b\u306e\u3067\u3001\u78ba\u8a8d\u306e\u4e0a\u3001y\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"310\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_loginsight_query.sh\u5b9f\u884c-1-1024x310.png\" alt=\"\" class=\"wp-image-292\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_loginsight_query.sh\u5b9f\u884c-1-1024x310.png 1024w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_loginsight_query.sh\u5b9f\u884c-1-300x91.png 300w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_loginsight_query.sh\u5b9f\u884c-1-768x232.png 768w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/create_loginsight_query.sh\u5b9f\u884c-1.png 1068w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>AWS\u30b3\u30f3\u30bd\u30fc\u30eb\u306eCloudWatch\u753b\u9762\u306e\u3001\u300c\u30ed\u30b0\u306e\u30a4\u30f3\u30b5\u30a4\u30c8\u300d\u306e\u3001\u53f3\u4e0a\u306e\u30d5\u30a9\u30eb\u30c0\u30de\u30fc\u30af\u306b\u3001\u300cQUERY-RootLoginSuccess\u300d\uff08root\u30e6\u30fc\u30b6\u3067\u30ed\u30b0\u30a4\u30f3\u3092\u691c\u7d22\uff09\u3001\u300cQUERY-APICallOutsideAllowedRegions\u300d(\u666e\u6bb5\u4f7f\u7528\u3057\u306a\u3044\u30ea\u30fc\u30b8\u30e7\u30f3\u3067\u306e\u66f4\u65b0\u30a2\u30af\u30b7\u30e7\u30f3\u3092\u691c\u7d22)\u304c\u51fa\u6765\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"402\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/cloudwatch_log_insight-1024x402.png\" alt=\"\" class=\"wp-image-202\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/cloudwatch_log_insight-1024x402.png 1024w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/cloudwatch_log_insight-300x118.png 300w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/cloudwatch_log_insight-768x302.png 768w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/cloudwatch_log_insight.png 1490w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>\u901a\u77e5\u30e1\u30fc\u30eb\u304c\u3042\u3063\u305f\u3089\u3001\u3053\u306e\u30af\u30a8\u30ea\u3092\u9078\u629e\u3057\u3066\u3001\u30af\u30a8\u30ea\u5b9f\u884c\u3092\u62bc\u3057\u307e\u3059\u3002\u8a72\u5f53\u3057\u305f\u30a2\u30af\u30b7\u30e7\u30f3\u304c1\u4ef6\u4ee5\u4e0a\u3042\u3063\u305f\u6642\u523b\u306b\u3001\u30d0\u30fc\u304c\u8868\u793a\u3055\u308c\u3001\u305d\u306e\u4e0b\u306b\u3001\u8a72\u5f53\u30c7\u30fc\u30bf\u306e\u4e00\u89a7\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"498\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/Query\u5b9f\u884c-1024x498.png\" alt=\"\" class=\"wp-image-203\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/Query\u5b9f\u884c-1024x498.png 1024w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/Query\u5b9f\u884c-300x146.png 300w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/Query\u5b9f\u884c-768x373.png 768w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/Query\u5b9f\u884c-1536x747.png 1536w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/Query\u5b9f\u884c.png 1623w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>\u7d50\u679c\u30ec\u30b3\u30fc\u30c9\u3092\u958b\u304f\u3068\u3001\u8a73\u7d30\u60c5\u5831\u304c\u898b\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"487\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/Query\u7d50\u679c-1024x487.png\" alt=\"\" class=\"wp-image-204\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/Query\u7d50\u679c-1024x487.png 1024w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/Query\u7d50\u679c-300x143.png 300w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/Query\u7d50\u679c-768x366.png 768w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/Query\u7d50\u679c-1536x731.png 1536w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/11\/Query\u7d50\u679c.png 1586w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E3%82%B9%E3%82%AF%E3%83%AA%E3%83%97%E3%83%88\"><\/span>\u30b9\u30af\u30ea\u30d7\u30c8<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"common_sh\">common.sh<\/h4>\n\n\n\n<details>\n<summary>\u30b3\u30fc\u30c9\u3092\u898b\u308b\uff08\u30af\u30ea\u30c3\u30af\uff09<\/summary>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-file=\"common.sh\" data-lang=\"Bash\" data-show-lang=\"1\"><code># tag\nENVTAG=&quot;develop&quot;\n\n# Prompter\nCLR_RED=&quot;\\033[31m&quot;\nCLR_GRN=&quot;\\033[32m&quot;\nCLR_YEL=&quot;\\033[33m&quot;\nCLR_BLE=&quot;\\033[34m&quot;\nCLR_MGD=&quot;\\033[35m&quot;\nCLR_CYN=&quot;\\033[36m&quot;\nCLR_RST=&quot;\\033[0m&quot;\n\ninfo () { echo -e &quot;${CLR_CYN}[INFO]${CLR_RST} $*&quot;; }\ninput () { echo -e &quot;${CLR_GRN}[INPUT]${CLR_RST} $*&quot;; }\nimprt () { echo -e &quot;${CLR_MGD}[IMPORTANT]${CLR_RST} $*&quot;; }\nwarn () { echo -e &quot;${CLR_YEL}[WARN]${CLR_RST} $*&quot;; }\nabort () { echo -e &quot;${CLR_RED}[ABORT]${CLR_RST} $*&quot;; }\n\n# Command executer\nfunction exec () {\n\tprintf &#39;%q &#39; &quot;$@&quot;\n\tprintf &#39;\\n&#39;\n\tif [ ! -z &quot;${DRYRUN}&quot; ]; then\n\t\treturn 0\n\tfi\n\t&quot;$@&quot;\n}\n\n# Generate random string\nfunction randstr () {\n\tlen=$1  # \u751f\u6210\u3059\u308b\u6587\u5b57\u5217\u306e\u9577\u3055\n\tLC_ALL=C tr -dc &#39;a-z0-9&#39; &lt;\/dev\/urandom | head -c ${len}\n}<\/code><\/pre><\/div>\n\n\n\n<\/details>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"awsenv.sh\">awsenv.sh<\/h4>\n\n\n\n<details>\n<summary>\u30b3\u30fc\u30c9\u3092\u898b\u308b\uff08\u30af\u30ea\u30c3\u30af\uff09<\/summary>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-file=\"awsenv.sh\" data-lang=\"Bash\" data-show-lang=\"1\"><code># ---- Get AWS Basic Infomation ----\nACCOUNT_ID=$(aws sts get-caller-identity --query &quot;Account&quot; --output text)\n\n# ---- Basic Keyword ----\n# Region\nREGION=&quot;ap-northeast-1&quot;                        # \u30e1\u30a4\u30f3\u30ea\u30fc\u30b8\u30e7\u30f3\nOTHER_REGION=&quot;ap-northeast-3&quot;                  # \u30e1\u30a4\u30f3\u30ea\u30fc\u30b8\u30e7\u30f3\u4ee5\u5916\u3067\u4f7f\u7528\u3059\u308b\u30ea\u30fc\u30b8\u30e7\u30f3(\u8907\u6570\u306e\u5834\u5408\u306fCSV\u5f62\u5f0f\u3067\u5217\u6319)\n# S3\nTRAIL_S3_KEY=&quot;s3bucket-for-trail-&quot;             # CloudTrail\u5411\u3051S3\u30d0\u30b1\u30c3\u30c8\u540dPrefix\nTRIL_S3_PREFIX=&quot;cloudtrail&quot;                    # CloudTrail\u683c\u7d0dPrefix\nRESOURCE_S3_KEY=&quot;s3bucket-resource-&quot;           # \u30ea\u30bd\u30fc\u30b9\u30d5\u30a1\u30a4\u30eb\u683c\u7d0dS3\u30d0\u30b1\u30c3\u30c8\u540dPrefix\nCFN_S3_PREFIX=&quot;cfn&quot;                            # CloudFormation\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u30d5\u30a1\u30a4\u30eb\u30d5\u30a1\u30a4\u30eb\u683c\u7d0d\u30d5\u30a9\u30eb\u30c0\n# CloudWatch\nTRAIL_LOG_GROUP=&quot;\/aws\/cloudtrail\/management&quot;   # CloudTrail\u5411\u3051CloudWatch\u30ed\u30b0\u30b0\u30eb\u30fc\u30d7\u540d\nTRAIL_CW_ROLE=&quot;CloudTrail_CloudWatchLogs_Role&quot; # CloudTrail\u5411\u3051CloudWatch\u30ed\u30b0\u30b0\u30eb\u30fc\u30d7\u30a2\u30af\u30bb\u30b9\u30ed\u30fc\u30eb\u540d\n# SNS\nSNS_TOPIC_NAME=&quot;sns-Cloudtrail-alerts&quot;         # CloudTrail\u30a2\u30e9\u30fc\u30c8\u7528SNS\u30c8\u30d4\u30c3\u30af\u540d\n\n# ---- Function ----\n# Generate altanative aws id string\nfunction altAwsIdStr () {\n\tlen=$1  # \u751f\u6210\u3059\u308b\u6587\u5b57\u5217\u306e\u9577\u3055\n    start=$(echo &quot;${ACCOUNT_ID:0:1}&quot;)\n    start=$((++start))\n\n\techo -n &quot;${ACCOUNT_ID}&quot; | sha1sum | cut -d&#39; &#39; -f1 | cut -c${start}-${len}\n}<\/code><\/pre><\/div>\n\n\n\n<\/details>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"setting_password_policy_sh\">setting_password_policy.sh<\/h4>\n\n\n\n<details>\r\n<summary>\u30b3\u30fc\u30c9\u3092\u898b\u308b\uff08\u30af\u30ea\u30c3\u30af\uff09<\/summary>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-file=\"setting_password_policy.sh\" data-lang=\"Bash\" data-show-lang=\"1\"><code>#!\/bin\/bash\n\nmydir=$(dirname $0)\nsource &quot;${mydir}&quot;\/common.sh\nGRPTAG=&quot;trail&quot;\n\n# Accept parameter define\nmpl=14                                   # \u6700\u5c0f\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u6587\u5b57\u6570\nrn=&quot;--require-numbers&quot;                   # --require-numbers\uff1a\u6700\u4f4e1\u6587\u5b57\u4ee5\u4e0a\u306e\u6570\u5b57\u3092\u5fc5\u9808\u3068\u3059\u308b\uff0f--no-require-numbers\uff1a\u6700\u4f4e1\u6587\u5b57\u4ee5\u4e0a\u306e\u6570\u5b57\u3092\u5fc5\u9808\u3068\u3057\u306a\u3044\nrs=&quot;--require-symbols&quot;                   # --require-symbols\uff1a\u6700\u4f4e1\u6587\u5b57\u4ee5\u4e0a\u306e\u8a18\u53f7\u3092\u5fc5\u9808\u3068\u3059\u308b\uff0f--no-require-symbols\uff1a\u6700\u4f4e1\u6587\u5b57\u4ee5\u4e0a\u306e\u8a18\u53f7\u3092\u5fc5\u9808\u3068\u3057\u306a\u3044\nruc=&quot;--require-uppercase-characters&quot;     # --require-uppercase-characters\uff1a\u6700\u4f4e1\u6587\u5b57\u4ee5\u4e0a\u306e\u5927\u6587\u5b57\u82f1\u5b57\u3092\u5fc5\u9808\u3068\u3059\u308b\uff0f--no-require-uppercase-characters\uff1a\u6700\u4f4e1\u6587\u5b57\u4ee5\u4e0a\u306e\u5927\u6587\u5b57\u82f1\u5b57\u3092\u5fc5\u9808\u3068\u3057\u306a\u3044\nrlc=&quot;--require-lowercase-characters&quot;     # --require-lowercase-characters\uff1a\u6700\u4f4e1\u6587\u5b57\u4ee5\u4e0a\u306e\u5927\u6587\u5b57\u82f1\u5b57\u3092\u5fc5\u9808\u3068\u3059\u308b\uff0f--no-require-lowercase-characters\uff1a\u6700\u4f4e1\u6587\u5b57\u4ee5\u4e0a\u306e\u5927\u6587\u5b57\u82f1\u5b57\u3092\u5fc5\u9808\u3068\u3057\u306a\u3044\nautcp=&quot;--allow-users-to-change-password&quot; # --allow-users-to-change-password\uff1a\u30e6\u30fc\u30b6\u81ea\u8eab\u306b\u3088\u308b\u30d1\u30b9\u30ef\u30fc\u30c9\u5909\u66f4\u53ef\uff0f--no-allow-users-to-change-password\uff1a\u30e6\u30fc\u30b6\u81ea\u8eab\u306b\u3088\u308b\u30d1\u30b9\u30ef\u30fc\u30c9\u5909\u66f4\u4e0d\u53ef\nhe=&quot;--no-hard-expiry&quot;                    # --no-hard-expiry\uff1a\u30d1\u30b9\u30ef\u30fc\u30c9\u671f\u9650\u5207\u308c\u6642\u30e6\u30fc\u30b6\u81ea\u8eab\u304c\u30d1\u30b9\u30ef\u30fc\u30c9\u30ea\u30bb\u30c3\u30c8\u53ef\uff0f--hard-expiry\uff1a\u30d1\u30b9\u30ef\u30fc\u30c9\u671f\u9650\u5207\u308c\u6642\u30e6\u30fc\u30b6\u81ea\u8eab\u304c\u30d1\u30b9\u30ef\u30fc\u30c9\u30ea\u30bb\u30c3\u30c8\u4e0d\u53ef\nmpa=90                                   # \u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u6709\u52b9\u671f\u9650\u306e\u65e5\u6570\nprp=19                                   # \u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u518d\u5229\u7528\u3092\u7981\u6b62\u3059\u308b\u904e\u53bb\u4e16\u4ee3\u6570\n\n## Confirm\ninfo &quot;\u30d1\u30b9\u30ef\u30fc\u30c9\u30dd\u30ea\u30b7\u30fc\u8a2d\u5b9a\u3092\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044&quot;\ninfo &quot;--minimum-password-length ${mpl}&quot;\ninfo &quot;${rn}&quot;\ninfo &quot;${rs}&quot;\ninfo &quot;${ruc}&quot;\ninfo &quot;${rlc}&quot;\ninfo &quot;${autcp}&quot;\ninfo &quot;${he}&quot;\ninfo &quot;--max-password-age ${mpa}&quot;\ninfo &quot;--password-reuse-prevention ${prp}&quot;\n\nwhile true\ndo\n  input &quot;\u30d1\u30b9\u30ef\u30fc\u30c9\u30dd\u30ea\u30b7\u30fc\u306e\u8a2d\u5b9a\u3092\u7d9a\u884c\u3057\u307e\u3059\u304b? (y\/n): &quot;\n  read input\n  if [ &quot;${input}&quot; == &quot;y&quot; ]; then\n    break\n  elif [ &quot;${input}&quot; == &quot;n&quot; ]; then\n    warn &quot;Process cancelled.&quot;\n    exit 0\n  fi\ndone\n\n## Update\nexec aws iam update-account-password-policy \\\n  --minimum-password-length ${mpl} \\\n  &quot;${rn}&quot; \\\n  &quot;${rs}&quot; \\\n  &quot;${ruc}&quot; \\\n  &quot;${rlc}&quot; \\\n  &quot;${autcp}&quot; \\\n  &quot;${he}&quot; \\\n  --max-password-age ${mpa} \\\n  --password-reuse-prevention ${prp}\niRet=$?\nif [ ${iRet} -ne 0 ]; then\n  abort &quot;Process aborted.&quot;\n  exit 1\nfi\n\ninfo &quot;Process succeeded.&quot;\nexit 0<\/code><\/pre><\/div>\n\n\n\n<\/details>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"setting_base_iam_sh\">setting_base_iam.sh<\/h4>\n\n\n\n<details>\r\n<summary>\u30b3\u30fc\u30c9\u3092\u898b\u308b\uff08\u30af\u30ea\u30c3\u30af\uff09<\/summary>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-file=\"setting_base_iam.sh\" data-lang=\"Bash\" data-show-lang=\"1\"><code>#!\/bin\/bash\n\nmydir=$(dirname $0)\nsource &quot;${mydir}&quot;\/common.sh\nGRPTAG=&quot;trail&quot;\n\n# Accept parameter define\niamg=&quot;system-admin-iamg&quot;    # \u30b7\u30b9\u30c6\u30e0\u7ba1\u7406\u8005\u30b0\u30eb\u30fc\u30d7\u540d\niamu=&quot;aws-admin-iamu&quot;       # \u30b7\u30b9\u30c6\u30e0\u7ba1\u7406\u8005\u30e6\u30fc\u30b6\u540d\n\n# Parameter input\ninput &quot;\u3042\u306a\u305f\u306e\u7ba1\u7406\u8005\u30e6\u30fc\u30b6\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044 : &quot;\nread -s pass\n\n## Confirm\necho &quot;&quot;\ninfo &quot;## The parameters you entered ##&quot;\ninfo &quot;IAM group name : ${iamg}&quot;\ninfo &quot;IAM user name : ${iamu}&quot;\nwhile true\ndo\n  input &quot;\u5165\u529b\u5185\u5bb9\u3092\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u3053\u306e\u307e\u307e\u7d9a\u3051\u307e\u3059\u304b? (y\/n): &quot;\n  read inyn\n  if [ &quot;${inyn}&quot; == &quot;y&quot; ]; then\n    break\n  elif [ &quot;${inyn}&quot; == &quot;n&quot; ]; then\n    warn &quot;Process cancelled.&quot;\n    exit 0\n  fi\ndone\n\n\n# Create Administrator IAM User & Group\n## IAM Group\naws iam get-group --group-name &quot;${iamg}&quot; &gt; \/dev\/null 2&gt;&1\nif [ $? -ne 0 ]; then\n  exec aws iam create-group --group-name &quot;${iamg}&quot;\n  exec aws iam attach-group-policy --group-name &quot;${iamg}&quot; --policy-arn arn:aws:iam::aws:policy\/AdministratorAccess\nfi\naws iam get-group --group-name &quot;${iamg}&quot;\nif [ $? -ne 0 ]; then\n  abort &quot;Administrator IAM group ${iamg} is missing.&quot;\n  abort &quot;Process aborted.&quot;\n  exit 1\nfi\n\n\n## IAM User\naws iam get-user --user-name &quot;${iamu}&quot; &gt; \/dev\/null 2&gt;&1\nif [ $? -ne 0 ]; then\n  exec aws iam create-user --user-name &quot;${iamu}&quot;\n  exec aws iam add-user-to-group --user-name &quot;${iamu}&quot; --group-name &quot;${iamg}&quot;\n  exec aws iam create-login-profile --user-name &quot;${iamu}&quot; --password &quot;${pass}&quot;\nelse\n  warn &quot;IAM User ${iamu} is aleady exsist.&quot;\nfi\naws iam get-user --user-name &quot;${iamu}&quot;\nif [ $? -ne 0 ]; then\n  abort &quot;Administrator IAM user ${iamu} is missing.&quot;\n  abort &quot;Process aborted.&quot;\n  exit 1\nfi\n\n## --Tagging--\nexec aws iam tag-user --user-name &quot;${iamu}&quot; --tags Key=environment,Value=&quot;${ENVTAG}&quot; Key=group,Value=&quot;${GRPTAG}&quot;\n\n\necho &quot;&quot;\nimprt &quot;MFA\uff08\u591a\u8981\u7d20\u8a8d\u8a3c\uff09\u306e\u8a2d\u5b9a\u3092\u3001\u3059\u3050\u5b9f\u65bd\u3057\u3066\u304f\u3060\u3055\u3044\u3002&quot;\nimprt &quot;1\uff09root\u30e6\u30fc\u30b6\u306eMFA\u8a2d\u5b9a&quot;\nimprt &quot;2) \u4f5c\u6210\u3057\u305f\u7ba1\u7406\u8005\u30e6\u30fc\u30b6(${iamu})&quot;\nimprt &quot;MFA\u306e\u8a2d\u5b9a\u65b9\u6cd5\u306f\u3001\u30de\u30cb\u30e5\u30a2\u30eb\u3092\u53c2\u7167\u304f\u3060\u3055\u3044\u3002&quot;\nimprt &quot;https:\/\/docs.aws.amazon.com\/ja_jp\/IAM\/latest\/UserGuide\/id_credentials_mfa_enable_virtual.html&quot;\necho &quot;&quot;\ninfo &quot;Process succeeded.&quot;\nexit 0<\/code><\/pre><\/div>\n\n\n\n<\/details>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"delete_default_vpcs_sh\">delete_default_vpcs.sh<\/h4>\n\n\n\n<details>\r\n<summary>\u30b3\u30fc\u30c9\u3092\u898b\u308b\uff08\u30af\u30ea\u30c3\u30af\uff09<\/summary>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-file=\"delete_default_vpcs.sh\" data-lang=\"Bash\" data-show-lang=\"1\"><code>#!\/bin\/bash\n\nmydir=$(dirname $0)\nsource &quot;${mydir}&quot;\/common.sh\nGRPTAG=&quot;trail&quot;\n\nregions=($(aws --output text ec2 describe-regions --query &quot;Regions[].[RegionName]&quot;))\n\n# Display infomation\ninput &quot;\u524a\u9664\u3059\u308bVPC\u95a2\u9023\u30ea\u30bd\u30fc\u30b9\u3092\u8868\u793a\u3057\u307e\u3059&quot;\nfor region in &quot;${regions[@]}&quot;\ndo\n  info &quot;[${region}]&quot;\n  \n  ## getting infomation\n  # VPC\n  vpcs=$(aws ec2 describe-vpcs --region ${region} --output text --query &quot;Vpcs[?IsDefault].[VpcId]&quot;)\n  \n  for vpc in &quot;${vpcs[@]}&quot;\n  do\n    info &quot;  vpc[${vpc}]&quot;\n    \n    # IGW\n    igws=($(aws ec2 describe-internet-gateways --region ${region} --output text --filters Name=attachment.vpc-id,Values=${vpc} --query &quot;InternetGateways[].[InternetGatewayId]&quot;))\n    for igw in &quot;${igws[@]}&quot;\n    do\n      info &quot;    igw[${igw}] in vpc[${vpc[@]}]&quot;\n    done\n    \n    # Subnet\n    subnets=($(aws ec2 describe-subnets --region ${region} --output text --filters --filters Name=vpc-id,Values=${vpc} --query &quot;Subnets[].[SubnetId]&quot;))\n    for subnet in &quot;${subnets[@]}&quot;\n    do\n      info &quot;    subnet[${subnet}] in vpc[${vpc}]&quot;\n    done\n  done\ndone\n\n# Confirm\necho &quot;&quot;\ninput &quot;*** \u7d9a\u3051\u308b\u5834\u5408\u306f\u4f55\u304b\u30ad\u30fc\u3092\u62bc\u3057\u3066\u304f\u3060\u3055\u3044 ***&quot;\nread\necho &quot;&quot;\n\n# Delete resources\nfor region in &quot;${regions[@]}&quot;\ndo\n  \n  info &quot;[${region}]&quot;\n  \n  # VPC\n  vpcs=$(aws ec2 describe-vpcs --region ${region} --output text --query &quot;Vpcs[?IsDefault].[VpcId]&quot;)\n  \n  for vpc in &quot;${vpcs[@]}&quot;\n  do\n    # IGW\n    igws=($(aws ec2 describe-internet-gateways --region ${region} --output text --filters Name=attachment.vpc-id,Values=${vpc} --query &quot;InternetGateways[].[InternetGatewayId]&quot;))\n    for igw in &quot;${igws[@]}&quot;\n    do\n      info &quot;--&gt;delete igw[${igw}] in vpc[${vpc[@]}]&quot;\n      exec aws ec2 detach-internet-gateway --region ${region} --output text --internet-gateway-id ${igw} --vpc-id ${vpc}\n      exec aws ec2 delete-internet-gateway --region ${region} --output text --internet-gateway-id ${igw}\n    done\n    \n    # Subnet\n    subnets=($(aws ec2 describe-subnets --region ${region} --output text --filters --filters Name=vpc-id,Values=${vpc} --query &quot;Subnets[].[SubnetId]&quot;))\n    for subnet in &quot;${subnets[@]}&quot;\n    do\n      info &quot;--&gt;delete subnet[${subnet}] in vpc[${vpc}]&quot;\n      exec aws ec2 delete-subnet --region ${region} --output text --subnet-id ${subnet}\n    done\n    \n    # VPC\n    info &quot;----&gt;delete vpc[${vpc}]&quot;\n    exec aws ec2 delete-vpc --region ${region} --output text --vpc-id ${vpc}\n  done\ndone\n\ninfo &quot;Process succeeded.&quot;\nexit 0\n<\/code><\/pre><\/div>\n\n\n\n<\/details>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create_budgets_sh\">create_budgets.sh<\/h4>\n\n\n\n<details>\r\n<summary>\u30b3\u30fc\u30c9\u3092\u898b\u308b\uff08\u30af\u30ea\u30c3\u30af\uff09<\/summary>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-file=\"create_budgets.sh\" data-lang=\"Bash\" data-show-lang=\"1\"><code>#!\/bin\/bash\n\nmydir=$(dirname $0)\nsource &quot;${mydir}&quot;\/common.sh\nsource &quot;${mydir}&quot;\/awsenv.sh\nGRPTAG=&quot;trail&quot;\n\n# Parameter define\nBUDGET_NAME=&quot;Monthly-Cost-Budget&quot;  # \u4f5c\u6210\u3059\u308b\u30d0\u30b8\u30a7\u30c3\u30c8\u540d\nCURRENCY=&quot;USD&quot;                     # \u652f\u6255\u901a\u8ca8(\u539f\u5247USD)\nLIMIT_AMOUNT=100                   # \u30a2\u30e9\u30fc\u30c8\u901a\u77e5\u3059\u308b\u95be\u5024\u306e\u91d1\u984d(\u652f\u6255\u901a\u8ca8\u5358\u4f4d)\nALERT_EMAIL=&quot;alert@example.com&quot;    # \u30a2\u30e9\u30fc\u30c8\u901a\u77e5\u5148\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\n\n# Derived values\nSTART_UTC=$(date -u +&quot;%Y-%m-01T00:00:00Z&quot;)\nBUDGET_ARN=&quot;arn:aws:budgets::${ACCOUNT_ID}:budget\/${BUDGET_NAME}&quot;\nTAG_ENV=&quot;Key=environment,Value=${ENVTAG}&quot;\nTAG_GROUP=&quot;Key=group,Value=${GRPTAG}&quot;\n\n## Confirm\ninfo &quot;\u4ee5\u4e0b\u306eBudget\u30a2\u30e9\u30fc\u30c8\u8a2d\u5b9a\u3092\u884c\u3044\u307e\u3059&quot;\ninfo &quot;\u5bfe\u8c61\u30a2\u30ab\u30a6\u30f3\u30c8ID  : ${ACCOUNT_ID}&quot;\ninfo &quot;\u30a2\u30e9\u30fc\u30c8\u8a2d\u5b9a\u540d    : ${BUDGET_NAME}&quot;\ninfo &quot;\u901a\u8ca8\u5358\u4f4d          : ${CURRENCY}&quot;\ninfo &quot;\u30a2\u30e9\u30fc\u30c8\u95be\u5024\u91d1\u984d  : ${LIMIT_AMOUNT}&quot;\ninfo &quot;\u30a2\u30e9\u30fc\u30c8\u901a\u77e5\u5148    : ${ALERT_EMAIL}&quot;\necho &quot;&quot;\n\nwhile true\ndo\n  input &quot;Budget\u30a2\u30e9\u30fc\u30c8\u8a2d\u5b9a\u3092\u7d9a\u884c\u3057\u307e\u3059\u304b? (y\/n): &quot;\n  read input\n  if [ &quot;${input}&quot; == &quot;y&quot; ]; then\n    break\n  elif [ &quot;${input}&quot; == &quot;n&quot; ]; then\n    warn &quot;Process cancelled.&quot;\n    exit 0\n  fi\ndone\n\n# create json file for budgets\ncat &gt; &quot;&quot;${TEMPFILE}.budget&quot;&quot; &lt;&lt;JSON\n{\n  &quot;BudgetName&quot;: &quot;${BUDGET_NAME}&quot;,\n  &quot;BudgetLimit&quot;: {\n    &quot;Amount&quot;: &quot;${LIMIT_AMOUNT}&quot;,\n    &quot;Unit&quot;: &quot;${CURRENCY}&quot;\n  },\n  &quot;TimeUnit&quot;: &quot;MONTHLY&quot;,\n  &quot;BudgetType&quot;: &quot;COST&quot;,\n  &quot;TimePeriod&quot;: {\n    &quot;Start&quot;: &quot;${START_UTC}&quot;\n  }\n}\nJSON\n\n# create json file for notification\ncat &gt; &quot;${TEMPFILE}.notifications&quot; &lt;&lt;JSON\n[\n  {\n    &quot;Notification&quot;: {\n      &quot;NotificationType&quot;: &quot;ACTUAL&quot;,\n      &quot;ComparisonOperator&quot;: &quot;GREATER_THAN&quot;,\n      &quot;Threshold&quot;: 80,\n      &quot;ThresholdType&quot;: &quot;PERCENTAGE&quot;\n    },\n    &quot;Subscribers&quot;: [\n      {\n        &quot;SubscriptionType&quot;: &quot;EMAIL&quot;,\n        &quot;Address&quot;: &quot;${ALERT_EMAIL}&quot;\n      }\n    ]\n  },\n  {\n    &quot;Notification&quot;: {\n      &quot;NotificationType&quot;: &quot;FORECASTED&quot;,\n      &quot;ComparisonOperator&quot;: &quot;GREATER_THAN&quot;,\n      &quot;Threshold&quot;: 100,\n      &quot;ThresholdType&quot;: &quot;PERCENTAGE&quot;\n    },\n    &quot;Subscribers&quot;: [\n      {\n        &quot;SubscriptionType&quot;: &quot;EMAIL&quot;,\n        &quot;Address&quot;: &quot;${ALERT_EMAIL}&quot;\n      }\n    ]\n  }\n]\nJSON\n\n# create budgets and notifications\nif aws budgets describe-budget --account-id &quot;${ACCOUNT_ID}&quot; --budget-name &quot;${BUDGET_NAME}&quot; &gt;\/dev\/null 2&gt;&1; then\n  info &quot;Budget ${BUDGET_NAME} \u306f\u65e2\u306b\u5b58\u5728\u3057\u307e\u3059\u3002\u6700\u65b0\u306e\u5b9a\u7fa9\u3067\u66f4\u65b0\u3057\u307e\u3059\u3002&quot;\n  exec aws budgets update-budget \\\n    --account-id &quot;${ACCOUNT_ID}&quot; \\\n    --new-budget file:\/\/&quot;${TEMPFILE}.budget&quot;\nelse\n  info &quot;Creating budget ${BUDGET_NAME} and associated notifications&quot;\n  exec aws budgets create-budget \\\n    --account-id &quot;${ACCOUNT_ID}&quot; \\\n    --budget file:\/\/&quot;${TEMPFILE}.budget&quot;\n\n  notification_count=$(jq &#39;. | length&#39; &quot;${TEMPFILE}.notifications&quot;)\n  for idx in $(seq 0 $((notification_count-1))); do\n    notif=$(jq &quot;.[$idx].Notification&quot; &quot;${TEMPFILE}.notifications&quot;)\n    subs=$(jq &quot;.[$idx].Subscribers&quot; &quot;${TEMPFILE}.notifications&quot;)\n    # Write temporary files for each notification and its subscribers\n    echo &quot;${notif}&quot; &gt; &quot;${TEMPFILE}.notif&quot;\n    echo &quot;${subs}&quot; &gt; &quot;${TEMPFILE}.subs&quot;\n    exec aws budgets create-notification \\\n      --account-id &quot;${ACCOUNT_ID}&quot; \\\n      --budget-name &quot;${BUDGET_NAME}&quot; \\\n      --notification file:\/\/&quot;${TEMPFILE}.notif&quot; \\\n      --subscribers file:\/\/&quot;${TEMPFILE}.subs&quot;\n  done\nfi\n\n# --Tagging--\nexec aws budgets tag-resource \\\n  --resource-arn &quot;${BUDGET_ARN}&quot; \\\n  --resource-tags &quot;${TAG_ENV}&quot; &quot;${TAG_GROUP}&quot;\n\n# --- Check ---\naws budgets describe-budget --account-id &quot;${ACCOUNT_ID}&quot; --budget-name &quot;${BUDGET_NAME}&quot; &gt;& \/dev\/null\nif [ $? -ne 0 ]; then\n  abort &quot;budget ${BUDGET_NAME} is missing.&quot;\n  abort &quot;Process aborted.&quot;\nfi\n\nrm -f &quot;${TEMPFILE}*&quot;\ninfo &quot;Process succeeded.&quot;\nexit 0<\/code><\/pre><\/div>\n\n\n\n<\/details>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create_trail_s3.sh\">create_trail_s3.sh<\/h4>\n\n\n\n<details>\r\n<summary>\u30b3\u30fc\u30c9\u3092\u898b\u308b\uff08\u30af\u30ea\u30c3\u30af\uff09<\/summary>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-file=\"create_cloudtrail_alert.sh\" data-lang=\"Bash\" data-show-lang=\"1\"><code>mydir=$(dirname $0)\nsource &quot;${mydir}&quot;\/common.sh\nsource &quot;${mydir}&quot;\/awsenv.sh\ngrptag=&quot;trail&quot;\n\n# ---- Define ----\ns3Bucket=&quot;${TRAIL_S3_KEY}$(altAwsIdStr 12)&quot;  # S3\u30d0\u30b1\u30c3\u30c8\u540d\ns3Retention=365                              # S3\u4fdd\u7ba1\u671f\u9593\ndaRetention=1825                             # DeepArchive\u4fdd\u7ba1\u671f\u9593\n\n# Confirm\ninfo &quot;\u4ee5\u4e0b\u306eCloudTrail\u4fdd\u7ba1\u5148S3\u30d0\u30b1\u30c3\u30c8\u8a2d\u5b9a\u3092\u884c\u3044\u307e\u3059&quot;\ninfo &quot;S3\u30d0\u30b1\u30c3\u30c8\u540d        : ${s3Bucket}&quot;\ninfo &quot;\u30ea\u30fc\u30b8\u30e7\u30f3          : ${REGION}&quot;\ninfo &quot;\u4fdd\u7ba1\u5148\u30c7\u30a3\u30ec\u30af\u30c8\u30ea   : ${TRIL_S3_Prefix}&quot;\ninfo &quot;S3\u4fdd\u7ba1\u671f\u9593          : ${s3Retention}&quot;\ninfo &quot;DeepArchive\u4fdd\u7ba1\u671f\u9593 : ${daRetention}&quot;\n\nwhile true\ndo\n  input &quot;S3\u30d0\u30b1\u30c3\u30c8\u306e\u4f5c\u6210\u3092\u7d9a\u884c\u3057\u307e\u3059\u304b? (y\/n): &quot;\n  read input\n  if [ &quot;${input}&quot; == &quot;y&quot; ]; then\n    break\n  elif [ &quot;${input}&quot; == &quot;n&quot; ]; then\n    warn &quot;Process cancelled.&quot;\n    exit 0\n  fi\ndone\n\n\n# ---- S3 bucket for CloudTrail ----\n# Check\nif aws s3api head-bucket --region &quot;${REGION}&quot; --bucket &quot;${s3Bucket}&quot; 2&gt;\/dev\/null; then\n  echo &quot;S3 bucket exists: ${s3Bucket}&quot;\nelse\n  echo &quot;Creating S3 bucket: ${s3Bucket}&quot;\n  # \u30ea\u30fc\u30b8\u30e7\u30f3\u304c us-east-1 \u4ee5\u5916\u306a\u3089 LocationConstraint \u5fc5\u9808\n  if [ &quot;${REGION}&quot; == &quot;us-east-1&quot; ]; then\n    exec aws s3api create-bucket --region &quot;${REGION}&quot; --bucket &quot;${s3Bucket}&quot; \\\n      --object-lock-enabled-for-bucket\n  else\n    exec aws s3api create-bucket --region &quot;${REGION}&quot; --bucket &quot;${s3Bucket}&quot; \\\n      --object-lock-enabled-for-bucket \\\n      --create-bucket-configuration LocationConstraint=&quot;${REGION}&quot;\n  fi\nfi\n\n# --Tagging--\nexec aws s3api put-bucket-tagging --region &quot;${REGION}&quot; --bucket &quot;${s3Bucket}&quot; \\\n  --tagging &quot;TagSet=[{Key=environment,Value=${ENVTAG}},{Key=group,Value=${grptag}}]&quot;\n\n# Set Versining\nexec aws s3api put-bucket-versioning --region &quot;${REGION}&quot; --bucket &quot;${s3Bucket}&quot; \\\n\t--versioning-configuration Status=Enabled\nif [ $? -ne 0 ]; then\n\tabort &quot;${s3Bucket}\u306eversioning\u8a2d\u5b9a\u306b\u5931\u6557\u3057\u307e\u3057\u305f&quot;\n\tabort &quot;Process aborted.&quot;\n  exit 1\nfi\n\n# Public access block\nexec aws s3api put-public-access-block \\\n  --region &quot;${REGION}&quot; \\\n  --bucket  &quot;${s3Bucket}&quot;\\\n  --public-access-block-configuration \\\n    &quot;BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true&quot;\nif [ $? -ne 0 ]; then\n\tabort &quot;${s3Bucket}\u306epublic access block\u8a2d\u5b9a\u306b\u5931\u6557\u3057\u307e\u3057\u305f&quot;\n\tabort &quot;Process aborted.&quot;\n  exit 1\nfi\n\n# Serverside Encryption\nexec aws s3api put-bucket-encryption \\\n  --region &quot;${REGION}&quot; \\\n  --bucket  &quot;${s3Bucket}&quot;\\\n  --server-side-encryption-configuration \\\n    &#39;{&quot;Rules&quot;:[{&quot;ApplyServerSideEncryptionByDefault&quot;:{&quot;SSEAlgorithm&quot;:&quot;AES256&quot;}}]}&#39;\nif [ $? -ne 0 ]; then\n\tabort &quot;${s3Bucket}\u306e\u6697\u53f7\u5316\u8a2d\u5b9a\u306b\u5931\u6557\u3057\u307e\u3057\u305f&quot;\n\tabort &quot;Process aborted.&quot;\n  exit 1\nfi\n\n# Set Object lock\nexec aws s3api put-object-lock-configuration --region &quot;${REGION}&quot; \\\n--bucket &quot;${s3Bucket}&quot; \\\n--object-lock-configuration &quot;{\n\t\\&quot;ObjectLockEnabled\\&quot;: \\&quot;Enabled\\&quot;,\n\t\\&quot;Rule\\&quot;: {\n\t\t\\&quot;DefaultRetention\\&quot;: {\n\t\t\t\\&quot;Mode\\&quot;: \\&quot;GOVERNANCE\\&quot;,\n\t\t\t\\&quot;Days\\&quot;: ${s3Retention}\n\t\t}\n\t}\n}&quot;\nif [ $? -ne 0 ]; then\n\tabort &quot;${s3Bucket}\u306eObject Lock\u8a2d\u5b9a\u306b\u5931\u6557\u3057\u307e\u3057\u305f&quot;\n\tabort &quot;Process aborted.&quot;\n  exit 1\nfi\n\n# Set Life Cycle\nexec aws s3api put-bucket-lifecycle-configuration --region &quot;${REGION}&quot; \\\n--bucket &quot;${s3Bucket}&quot; \\\n--lifecycle-configuration &quot;{\n\t\\&quot;Rules\\&quot;: [\n\t\t{\n\t\t\t\\&quot;ID\\&quot;: \\&quot;MoveToDeepArchiveAfter1YearAndExpireAfter5Years\\&quot;,\n\t\t\t\\&quot;Status\\&quot;: \\&quot;Enabled\\&quot;,\n\t\t\t\\&quot;Filter\\&quot;: {\n\t\t\t\t\\&quot;Prefix\\&quot;: \\&quot;\\&quot;\n\t\t\t},\n\t\t\t\\&quot;Transitions\\&quot;: [\n\t\t\t\t{\n\t\t\t\t\t\\&quot;Days\\&quot;: ${s3Retention},\n\t\t\t\t\t\\&quot;StorageClass\\&quot;: \\&quot;DEEP_ARCHIVE\\&quot;\n\t\t\t\t}\n\t\t\t],\n\t\t\t\\&quot;Expiration\\&quot;: {\n\t\t\t\t\\&quot;Days\\&quot;: ${daRetention}\n\t\t\t}\n\t\t}\n\t]\n}&quot;\nif [ $? -ne 0 ]; then\n\tabort &quot;${s3Bucket}\u306eLife Cycle\u8a2d\u5b9a\u306b\u5931\u6557\u3057\u307e\u3057\u305f&quot;\n\tabort &quot;Process aborted.&quot;\n  exit 1\nfi\n\n# CloudTrail\u306f s3:PutObject\uff08x-amz-acl: bucket-owner-full-control \u6761\u4ef6\u4ed8\u304d\uff09 \u3068 s3:GetBucketAcl \u3092\u8981\u6c42\nctPrefixPath=&quot;${TRIL_S3_Prefix:+${TRIL_S3_Prefix}\/}AWSLogs\/${ACCOUNT_ID}\/*&quot;\ncat &gt; &quot;${TEMPFILE}.policy&quot; &lt;&lt;POLICY\n{\n  &quot;Version&quot;: &quot;2012-10-17&quot;,\n  &quot;Statement&quot;: [\n    {\n      &quot;Sid&quot;: &quot;AWSCloudTrailAclCheck&quot;,\n      &quot;Effect&quot;: &quot;Allow&quot;,\n      &quot;Principal&quot;: { &quot;Service&quot;: &quot;cloudtrail.amazonaws.com&quot; },\n      &quot;Action&quot;: &quot;s3:GetBucketAcl&quot;,\n      &quot;Resource&quot;: &quot;arn:aws:s3:::${s3Bucket}&quot;\n    },\n    {\n      &quot;Sid&quot;: &quot;AWSCloudTrailWrite&quot;,\n      &quot;Effect&quot;: &quot;Allow&quot;,\n      &quot;Principal&quot;: { &quot;Service&quot;: &quot;cloudtrail.amazonaws.com&quot; },\n      &quot;Action&quot;: &quot;s3:PutObject&quot;,\n      &quot;Resource&quot;: &quot;arn:aws:s3:::${s3Bucket}\/${ctPrefixPath}&quot;,\n      &quot;Condition&quot;: { &quot;StringEquals&quot;: { &quot;s3:x-amz-acl&quot;: &quot;bucket-owner-full-control&quot; } }\n    },\n    {\n      &quot;Sid&quot;: &quot;DenyNonSSLRequests&quot;,\n      &quot;Effect&quot;: &quot;Deny&quot;,\n      &quot;Principal&quot;: &quot;*&quot;,\n      &quot;Action&quot;: &quot;s3:*&quot;,\n      &quot;Resource&quot;: [\n        &quot;arn:aws:s3:::${s3Bucket}&quot;,\n        &quot;arn:aws:s3:::${s3Bucket}\/*&quot;\n      ],\n      &quot;Condition&quot;: {\n        &quot;Bool&quot;: {\n          &quot;aws:SecureTransport&quot;: &quot;false&quot;\n        }\n      }\n    }\n  ]\n}\nPOLICY\nexec aws s3api put-bucket-policy --region &quot;${REGION}&quot; --bucket &quot;${s3Bucket}&quot; --policy file:\/\/&quot;${TEMPFILE}.policy&quot;\nif [ $? -ne 0 ]; then\n\tabort &quot;${s3Bucket}\u306e\u30d0\u30b1\u30c3\u30c8\u30dd\u30ea\u30b7\u30fc\u8a2d\u5b9a\u306b\u5931\u6557\u3057\u307e\u3057\u305f&quot;\n\tabort &quot;Process aborted.&quot;\n  exit 1\nfi\n\nrm -f &quot;${TEMPFILE}*&quot;\ninfo &quot;Process succeeded.&quot;\nexit 0<\/code><\/pre><\/div>\n\n\n\n<\/details>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create_trail_cwlog.sh\">create_trail_cwlog.sh<\/h4>\n\n\n\n<details>\n<summary>\u30b3\u30fc\u30c9\u3092\u898b\u308b\uff08\u30af\u30ea\u30c3\u30af\uff09<\/summary>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-file=\"create_trail_cwlog.sh\" data-lang=\"Bash\" data-show-lang=\"1\"><code>#!\/bin\/bash\n\nmydir=$(dirname $0)\nsource &quot;${mydir}&quot;\/common.sh\nsource &quot;${mydir}&quot;\/awsenv.sh\ngrptag=&quot;trail&quot;\n\n# ---- Define ----\nlogRetention=30                               # CloudWatch\u30ed\u30b0\u30b0\u30eb\u30fc\u30d7\u4fdd\u7ba1\u671f\u9593\npolicyName=&quot;CloudTrail_CloudWatchLogs_Policy&quot; # CloudTrail\u5411\u3051CloudWatch\u30ed\u30b0\u30b0\u30eb\u30fc\u30d7\u30a2\u30af\u30bb\u30b9\u30dd\u30ea\u30b7\u30fc\u540d\ntagEnv=&quot;Key=environment,Value=${ENVTAG}&quot;\ntagGroup=&quot;Key=group,Value=${grptag}&quot;\n\ninfo &quot;== Confirm ==&quot;\ninfo &quot;\u30a2\u30ab\u30a6\u30f3\u30c8                  : ${ACCOUNT_ID}&quot;\ninfo &quot;\u30ea\u30fc\u30b8\u30e7\u30f3                  : ${REGION}&quot;\ninfo &quot;\u30ed\u30b0\u30b0\u30eb\u30fc\u30d7\u540d               : ${TRAIL_LOG_GROUP}&quot;\ninfo &quot;  \u30ed\u30b0\u306e\u4fdd\u6301\u65e5\u6570             : ${logRetention}&quot;\ninfo &quot;  CloudTrail\u5411\u3051IAM\u30ed\u30fc\u30eb\u540d  : ${TRAIL_CW_ROLE}&quot;\n\nwhile true\ndo\n  input &quot;CloudWatch\u30ed\u30b0\u30b0\u30eb\u30fc\u30d7\u306e\u4f5c\u6210\u3092\u7d9a\u884c\u3057\u307e\u3059\u304b? (y\/n): &quot;\n  read input\n  if [ &quot;${input}&quot; == &quot;y&quot; ]; then\n    break\n  elif [ &quot;${input}&quot; == &quot;n&quot; ]; then\n    warn &quot;Process cancelled.&quot;\n    exit 0\n  fi\ndone\n\n# ---- CloudWatch Logs group ----\naws logs describe-log-groups --region &quot;${REGION}&quot; --log-group-name-prefix &quot;${TRAIL_LOG_GROUP}&quot; --output text --query &quot;logGroups[?logGroupName==&#39;${TRAIL_LOG_GROUP}&#39;].logGroupName&quot; | grep -q &quot;${TRAIL_LOG_GROUP}&quot;\nif [ $? -ne 0 ]; then\n  exec aws logs create-log-group --region &quot;${REGION}&quot; --log-group-name &quot;${TRAIL_LOG_GROUP}&quot;\n  exec aws logs put-retention-policy --region &quot;${REGION}&quot; --log-group-name &quot;${TRAIL_LOG_GROUP}&quot; --retention-in-days ${logRetention}\nfi\n## --Tagging--\nLOG_GROUP_ARN=&quot;arn:aws:logs:${REGION}:${ACCOUNT_ID}:log-group:${TRAIL_LOG_GROUP}&quot;\nexec aws logs tag-resource --region &quot;${REGION}&quot; --resource-arn &quot;${LOG_GROUP_ARN}&quot; --tags &quot;environment=${ENVTAG},group=${GRPTAG}&quot;\n\n\n# ---- IAM role\/policy for CloudTrail to put logs ----\naws iam get-role --role-name &quot;${TRAIL_CW_ROLE}&quot; &gt;\/dev\/null 2&gt;&1 || \\\nexec aws iam create-role --role-name &quot;${TRAIL_CW_ROLE}&quot; --assume-role-policy-document &quot;{\n  \\&quot;Version\\&quot;: \\&quot;2012-10-17\\&quot;,\n  \\&quot;Statement\\&quot;: [\n    {\n      \\&quot;Effect\\&quot;: \\&quot;Allow\\&quot;,\n      \\&quot;Principal\\&quot;: {\\&quot;Service\\&quot;: \\&quot;cloudtrail.amazonaws.com\\&quot;},\n      \\&quot;Action\\&quot;: \\&quot;sts:AssumeRole\\&quot;\n    }\n  ]\n}&quot;\naws iam put-role-policy --role-name &quot;${TRAIL_CW_ROLE}&quot; --policy-name &quot;${policyName}&quot; --policy-document &quot;{\n  \\&quot;Version\\&quot;: \\&quot;2012-10-17\\&quot;,\n  \\&quot;Statement\\&quot;: [\n    {\n      \\&quot;Effect\\&quot;: \\&quot;Allow\\&quot;,\n      \\&quot;Action\\&quot;: [\n        \\&quot;logs:CreateLogStream\\&quot;,\n        \\&quot;logs:PutLogEvents\\&quot;\n      ],\n      \\&quot;Resource\\&quot;: \\&quot;arn:aws:logs:*:${ACCOUNT_ID}:log-group:${TRAIL_LOG_GROUP}:*\\&quot;\n    }\n  ]\n}&quot;\n## --Tagging--\nexec aws iam tag-role --role-name &quot;${TRAIL_CW_ROLE}&quot; --tags &quot;${tagEnv}&quot; &quot;${tagGroup}&quot;\n\n\n# --- Check ---\niErr=0\naws logs describe-log-groups --region &quot;${REGION}&quot; --log-group-name-prefix &quot;${TRAIL_LOG_GROUP}&quot; --output text --query &quot;logGroups[?TRAIL_LOG_GROUP==&#39;${TRAIL_LOG_GROUP}&#39;].TRAIL_LOG_GROUP&quot; &gt;& \/dev\/null\nif [ $? -ne 0 ]; then\n  abort &quot;CloudWatch Log Group ${TRAIL_LOG_GROUP} is missing.&quot;\n  ((iErr++))\nfi\naws iam get-role --role-name &quot;${TRAIL_CW_ROLE}&quot; &gt;& \/dev\/null\nif [ $? -ne 0 ]; then\n  abort &quot;IAM role ${TRAIL_CW_ROLE} is missing.&quot;\n  ((iErr++))\nfi\nif [ ${iErr} -gt 0 ]; then\n  abort &quot;Process aborted.&quot;\nfi\n\ninfo &quot;Process succeeded.&quot;\nexit 0<\/code><\/pre><\/div>\n\n\n\n<\/details>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create_cloudtrail.sh\">create_cloudtrail.sh<\/h4>\n\n\n\n<details>\n<summary>\u30b3\u30fc\u30c9\u3092\u898b\u308b\uff08\u30af\u30ea\u30c3\u30af\uff09<\/summary>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-file=\"create_cloudtrail.sh\" data-lang=\"Bash\" data-show-lang=\"1\"><code>#!\/bin\/bash\n\nmydir=$(dirname $0)\nsource &quot;${mydir}&quot;\/common.sh\nsource &quot;${mydir}&quot;\/awsenv.sh\ngrptag=&quot;trail&quot;\n\n# ---- Define ----\ntrailName=&quot;Orgless-Management-Events&quot;        # CloudTrail\u540d\ns3Bucket=&quot;${TRAIL_S3_KEY}$(altAwsIdStr 12)&quot;  # S3\u30d0\u30b1\u30c3\u30c8\u540d\ntrailLogGroupARN=&quot;arn:aws:logs:${REGION}:${ACCOUNT_ID}:log-group:${TRAIL_LOG_GROUP}&quot; # LogGroup\u540d\nTAG_ENV=&quot;Key=environment,Value=${ENVTAG}&quot;\nTAG_GROUP=&quot;Key=group,Value=${grptag}&quot;\n\ninfo &quot;== Confirm ==&quot;\ninfo &quot;\u30a2\u30ab\u30a6\u30f3\u30c8                   : ${ACCOUNT_ID}&quot;\ninfo &quot;CloudTrail\u8a3c\u8de1\u540d            : ${trailName}&quot;\ninfo &quot;\u9023\u643a\u5148S3\u30d0\u30b1\u30c3\u30c8             : ${s3Bucket}&quot;\ninfo &quot;  \u683c\u7d0d\u5148\u30d5\u30a9\u30eb\u30c0             : ${TRIL_S3_PREFIX}&quot;\ninfo &quot;\u9023\u643a\u5148CloudWatch\u30ed\u30b0\u30b0\u30eb\u30fc\u30d7  : ${TRAIL_LOG_GROUP}&quot;\n\nwhile true\ndo\n  input &quot;CloudTrail\u306e\u4f5c\u6210\u3092\u7d9a\u884c\u3057\u307e\u3059\u304b? (y\/n): &quot;\n  read input\n  if [ &quot;${input}&quot; == &quot;y&quot; ]; then\n    break\n  elif [ &quot;${input}&quot; == &quot;n&quot; ]; then\n    warn &quot;Process cancelled.&quot;\n    exit 0\n  fi\ndone\n\n# ---- CloudTrail (multi-region) ----\nif aws cloudtrail get-trail --name &quot;${trailName}&quot; &gt;& \/dev\/null; then\n  info &quot;Trail exists: ${trailName}&quot;\nelse\n  info &quot;Creating trail: ${trailName}&quot;\n  ctArgs=(\n    --region &quot;${REGION}&quot;\n    --name &quot;${trailName}&quot;\n    --s3-bucket-name &quot;${s3Bucket}&quot;\n    --is-multi-region-trail\n    --include-global-service-events\n    --enable-log-file-validation\n    --cloud-watch-logs-log-group-arn &quot;${trailLogGroupARN}:*&quot;\n    --cloud-watch-logs-role-arn &quot;arn:aws:iam::${ACCOUNT_ID}:role\/${TRAIL_CW_ROLE}&quot;\n    --s3-key-prefix &quot;${TRIL_S3_PREFIX}&quot;\n  )\n  exec aws cloudtrail create-trail &quot;${ctArgs[@]}&quot;\nfi\n\nexec aws cloudtrail start-logging --region &quot;${REGION}&quot; --name &quot;${trailName}&quot;\n\n## --Tagging--\ntrailARN=&quot;arn:aws:cloudtrail:${REGION}:${ACCOUNT_ID}:trail\/${trailName}&quot;\nexec aws cloudtrail add-tags --region &quot;${REGION}&quot; --resource-id &quot;${trailARN}&quot; --tags-list &quot;${TAG_ENV}&quot; &quot;${TAG_GROUP}&quot;\n\n\n# --- Check ---\niErr=0\naws cloudtrail get-trail --region &quot;${REGION}&quot; --name &quot;${trailName}&quot; &gt;& \/dev\/null\nif [ $? -ne 0 ]; then\n  abort &quot;CloudTrail ${trailName} is missing.&quot;\n  ((iErr++))\nfi\nif [ ${iErr} -gt 0 ]; then\n  abort &quot;Process aborted.&quot;\nfi\n\n\ninfo &quot;Process succeeded.&quot;\nexit 0<\/code><\/pre><\/div>\n\n\n\n<\/details>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create_sns_topic.sh\">create_sns_topic.sh<\/h4>\n\n\n\n<details>\n<summary>\u30b3\u30fc\u30c9\u3092\u898b\u308b\uff08\u30af\u30ea\u30c3\u30af\uff09<\/summary>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-file=\"create_sns_topic.sh\" data-lang=\"Bash\" data-show-lang=\"1\"><code>#!\/bin\/bash\n\nmydir=$(dirname $0)\nsource &quot;${mydir}&quot;\/common.sh\nsource &quot;${mydir}&quot;\/awsenv.sh\nGRPTAG=&quot;trail&quot;\n\n# ---- Define ----\nalertEmail=&quot;alert@example.com&quot; # \u901a\u77e5\u5148E\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\ntagEnv=&quot;Key=environment,Value=${ENVTAG}&quot;\ntagGroup=&quot;Key=group,Value=${grptag}&quot;\n\n# ---- Inputs ----\ninfo &quot;\u30ea\u30fc\u30b8\u30e7\u30f3              : ${REGION}&quot;\ninfo &quot;SNS\u30c8\u30d4\u30c3\u30af\u540d           : ${SNS_TOPIC_NAME}&quot;\ninfo &quot;\u901a\u77e5\u5148E\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9    : ${alertEmail}&quot;\n\nwhile true\ndo\n  input &quot;SNS\u30c8\u30d4\u30c3\u30af\u306e\u4f5c\u6210\u3092\u7d9a\u884c\u3057\u307e\u3059\u304b? (y\/n): &quot;\n  read input\n  if [ &quot;${input}&quot; == &quot;y&quot; ]; then\n    break\n  elif [ &quot;${input}&quot; == &quot;n&quot; ]; then\n    warn &quot;Process cancelled.&quot;\n    exit 0\n  fi\ndone\n\n\n# ---- SNS topic & subscription ----\ntopicARN=$(aws sns create-topic --region &quot;${REGION}&quot; --name &quot;${SNS_TOPIC_NAME}&quot; --query TopicArn --output text)\nsubscExists=$(aws sns list-subscriptions-by-topic --region &quot;${REGION}&quot; --topic-arn &quot;${topicARN}&quot; --query &quot;Subscriptions[?Endpoint==&#39;${alertEmail}&#39; && Protocol==&#39;email&#39;].SubscriptionArn&quot; --output text)\nif [[ -n &quot;${subscExists}&quot; && &quot;${subscExists}&quot; != &quot;PendingConfirmation&quot; ]]; then\n  info &quot;${topicARN}\u306b${alertEmail}\u5411\u3051\u306e\u30b5\u30d6\u30b9\u30af\u30ea\u30d7\u30b7\u30e7\u30f3\u304c\u65e2\u306b\u5b58\u5728\u3057\u307e\u3059&quot;\nelse\n  exec aws sns subscribe --region &quot;${REGION}&quot; --topic-arn &quot;${topicARN}&quot; --protocol email --notification-endpoint &quot;${alertEmail}&quot;\n  imprt &quot;\u30b5\u30d6\u30b9\u30af\u30ea\u30d7\u30b7\u30e7\u30f3\u306e\u78ba\u8a8d\u30e1\u30fc\u30eb\u304c\u9001\u4fe1\u3055\u308c\u305f\u306e\u3067\u3001\u5fc5\u305a\u30e1\u30fc\u30eb\u306e\u30ea\u30f3\u30af\u3092\u62bc\u3057\u3066\u78ba\u5b9a\u3057\u3066\u304f\u3060\u3055\u3044&quot;\nfi\n\n## --Tagging--\nexec aws sns tag-resource --region &quot;${REGION}&quot; --resource-arn &quot;${topicARN}&quot; --tags &quot;${tagEnv}&quot; &quot;${tagGroup}&quot;\n\n\n# --- Check ---\niErr=0\ntopicARN=$(aws sns list-topics --region &quot;${REGION}&quot; --query &#39;Topics[].TopicArn&#39; | jq -r &quot;.[]&quot; | grep &quot;${SNS_TOPIC_NAME}&quot;)\nif [ -z &quot;${topicARN}&quot; ];then\n  abort &quot;SNS Topic ${SNS_TOPIC_NAME} is missing.&quot;\n  ((iErr++))\nfi\nsubscExists=$(aws sns list-subscriptions-by-topic --region &quot;${REGION}&quot; --topic-arn &quot;${topicARN}&quot; --query &quot;Subscriptions[?Endpoint==&#39;${alertEmail}&#39; && Protocol==&#39;email&#39;].SubscriptionArn&quot; --output text)\nif [ -z &quot;${subscExists}&quot; ];then\n  abort &quot;Subscription for ${alertEmail} in SNS Topic ${SNS_TOPIC_NAME} is missing.&quot;\n  ((iErr++))\nfi\nif [ ${iErr} -gt 0 ]; then\n  abort &quot;Process aborted.&quot;\nfi\n\ninfo &quot;Process succeeded.&quot;\nexit 0<\/code><\/pre><\/div>\n\n\n\n<\/details>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"setting_cw_alarm\">setting_cw_alarm<\/h4>\n\n\n\n<details>\n<summary>\u30b3\u30fc\u30c9\u3092\u898b\u308b\uff08\u30af\u30ea\u30c3\u30af\uff09<\/summary>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-file=\"setting_cw_alarm.sh\" data-lang=\"Bash\" data-show-lang=\"1\"><code>#!\/bin\/bash\n\nmydir=$(dirname $0)\nsource &quot;${mydir}&quot;\/common.sh\nsource &quot;${mydir}&quot;\/awsenv.sh\ngrptag=&quot;trail&quot;\n\n# ---- Define ----\ntopicARN=&quot;arn:aws:sns:ap-northeast-1:${ACCOUNT_ID}:${SNS_TOPIC_NAME}&quot;  # \u901a\u77e5\u5148SNS\u30c8\u30d4\u30c3\u30afARN\nrootFilterName=&quot;cw-RootLoginSuccessFilter&quot;                   # root\u30e6\u30fc\u30b6\u30ed\u30b0\u30a4\u30f3CloudWatch\u30ed\u30b0\u30d5\u30a3\u30eb\u30bf\u540d\nrootMetricName=&quot;cw-RootLoginSuccessCount&quot;                    # root\u30e6\u30fc\u30b6\u30ed\u30b0\u30a4\u30f3CloudWatch\u30e1\u30c8\u30ea\u30af\u30b9\u540d\nalarmRootName=&quot;cw-ALARM-RootLoginSuccess&quot;                    # root\u30e6\u30fc\u30b6\u30ed\u30b0\u30a4\u30f3CloudWatch\u30a2\u30e9\u30fc\u30e0\u540d\ndisallowedFilterName=&quot;cw-APICallOutsideAllowedRegions&quot;       # \u672a\u4f7f\u7528\u30ea\u30fc\u30b8\u30e7\u30f3\u30a2\u30af\u30bb\u30b9CloudWatch\u30ed\u30b0\u30d5\u30a3\u30eb\u30bf\u540d\ndisallowedMetricName=&quot;cw-APICallOutsideAllowedRegionsCount&quot;  # \u672a\u4f7f\u7528\u30ea\u30fc\u30b8\u30e7\u30f3\u30a2\u30af\u30bb\u30b9CloudWatch\u30e1\u30c8\u30ea\u30af\u30b9\u540d\nalarmApiName=&quot;cw-ALARM-APICallOutsideAllowedRegions&quot;         # \u672a\u4f7f\u7528\u30ea\u30fc\u30b8\u30e7\u30f3\u30a2\u30af\u30bb\u30b9CloudWatch\u30a2\u30e9\u30fc\u30e0\u540d\nexcludeGlobal=&#39;\n  ($.eventSource != &quot;iam.amazonaws.com&quot;)\n  && ($.eventSource != &quot;cloudfront.amazonaws.com&quot;)\n  && ($.eventSource != &quot;route53.amazonaws.com&quot;)\n  && ($.eventSource != &quot;globalaccelerator.amazonaws.com&quot;)\n  && ($.eventSource != &quot;waf.amazonaws.com&quot;)\n  && ($.eventSource != &quot;wafv2.amazonaws.com&quot;)\n  && ($.eventSource != &quot;support.amazonaws.com&quot;)\n  && ($.eventSource != &quot;health.amazonaws.com&quot;)\n  && ($.eventSource != &quot;signin.amazonaws.com&quot;)\n  && ($.eventSource != &quot;sts.amazonaws.com&quot;)\n  && ($.eventSource != &quot;sso.amazonaws.com&quot;)\n  && ($.eventSource != &quot;sso-oidc.amazonaws.com&quot;)\n  && ($.eventSource != &quot;ce.amazonaws.com&quot;)\n  && ($.userIdentity.invokedBy != &quot;resource-explorer-2.amazonaws.com&quot;)\n  && ($.readOnly = false)\n&#39;                                                           # CloudTrail\u306e\u30a2\u30e9\u30fc\u30c8\u304b\u3089\u9664\u5916\u3059\u308b\u30b0\u30ed\u30fc\u30d0\u30eb\u30b5\u30fc\u30d3\u30b9\nallowedRegionsCSV=&quot;${REGION},${OTHER_REGION}&quot;\ntagEnv=&quot;Key=environment,Value=${ENVTAG}&quot;\ntagGroup=&quot;Key=group,Value=${grptag}&quot;\n\ninfo &quot;== Confirm ==&quot;\ninfo &quot;\u30d7\u30e9\u30a4\u30de\u30ea\u30ea\u30fc\u30b8\u30e7\u30f3     : ${REGION}&quot;\ninfo &quot;\u901a\u5e38\u4f7f\u7528\u3059\u308b\u30ea\u30fc\u30b8\u30e7\u30f3   : ${allowedRegionsCSV}&quot;\ninfo &quot;CloudWatch\u30d5\u30a3\u30eb\u30bf&quot;\ninfo &quot;  Root\u30e6\u30fc\u30b6\u30ed\u30b0\u30a4\u30f3     : ${rootFilterName}&quot;\ninfo &quot;  \u672a\u4f7f\u7528\u30ea\u30fc\u30b8\u30e7\u30f3\u30a2\u30af\u30bb\u30b9: ${disallowedFilterName}&quot;\ninfo &quot;CloudWatch\u30a2\u30e9\u30fc\u30e0&quot;\ninfo &quot;  Root\u30e6\u30fc\u30b6\u30ed\u30b0\u30a4\u30f3     : ${alarmRootName}&quot;\ninfo &quot;  \u672a\u4f7f\u7528\u30ea\u30fc\u30b8\u30e7\u30f3\u30a2\u30af\u30bb\u30b9: ${disallowedFilterName}&quot;\n\nwhile true\ndo\n  input &quot;CloudWatch\u30a2\u30e9\u30fc\u30e0\u306e\u8a2d\u5b9a\u3092\u7d9a\u884c\u3057\u307e\u3059\u304b? (y\/n): &quot;\n  read input\n  if [ &quot;${input}&quot; == &quot;y&quot; ]; then\n    break\n  elif [ &quot;${input}&quot; == &quot;n&quot; ]; then\n    warn &quot;Process cancelled.&quot;\n    exit 0\n  fi\ndone\n\n\n# ---- Metric filters & alarms ----\n# 1) Root login success\nexec aws logs put-metric-filter \\\n  --region &quot;${REGION}&quot; \\\n  --log-group-name &quot;${TRAIL_LOG_GROUP}&quot; \\\n  --filter-name &quot;${rootFilterName}&quot; \\\n  --metric-transformations &quot;metricName=${rootMetricName},metricNamespace=CloudTrailSecurity,metricValue=1&quot; \\\n  --filter-pattern &#39;{ ($.eventName = &quot;ConsoleLogin&quot;) && ($.userIdentity.type = &quot;Root&quot;) && ($.responseElements.ConsoleLogin = &quot;Success&quot;) }&#39;\n\nexec aws cloudwatch put-metric-alarm \\\n  --region &quot;${REGION}&quot; \\\n  --alarm-name &quot;${alarmRootName}&quot; \\\n  --namespace &quot;CloudTrailSecurity&quot; \\\n  --metric-name &quot;${rootMetricName}&quot; \\\n  --statistic Sum \\\n  --period 60 \\\n  --threshold 1 \\\n  --comparison-operator GreaterThanOrEqualToThreshold \\\n  --evaluation-periods 1 \\\n  --alarm-actions &quot;${topicARN}&quot;\n\n## --Tagging--\nalarmRootARN=&quot;arn:aws:cloudwatch:${REGION}:${ACCOUNT_ID}:alarm:${alarmRootName}&quot;\nexec aws cloudwatch tag-resource --region &quot;${REGION}&quot; --resource-arn &quot;${alarmRootARN}&quot; --tags &quot;${tagEnv}&quot; &quot;${tagGroup}&quot;\n\n\n# 2) API calls in NOT-allowed regions (exclude global services)\n# Build region-not-in pattern: ($.awsRegion != &quot;r1&quot;) && ($.awsRegion != &quot;r2&quot;) ...\nIFS=&#39;,&#39; read -ra ALLOWED &lt;&lt;&lt; &quot;${allowedRegionsCSV}&quot;\nREG_CMP=&quot;&quot;\nfor r in &quot;${ALLOWED[@]}&quot;; do\n  r_trim=$(echo &quot;$r&quot; | xargs)\n  [ -z &quot;$regCmp&quot; ] && REG_CMP=&quot;($.awsRegion != \\&quot;${r_trim}\\&quot;)&quot; || REG_CMP=&quot;${REG_CMP} && ($.awsRegion != \\&quot;${r_trim}\\&quot;)&quot;\ndone\n\nfilterPattern=&quot;{ ${REG_CMP} && ${excludeGlobal} }&quot;\nfilterPattern=$(echo &quot;$filterPattern&quot; | tr -s &#39; &#39;)\n\nexec aws logs put-metric-filter \\\n  --region &quot;${REGION}&quot; \\\n  --log-group-name &quot;${TRAIL_LOG_GROUP}&quot; \\\n  --filter-name &quot;${disallowedFilterName}&quot; \\\n  --metric-transformations &quot;metricName=${disallowedMetricName},metricNamespace=CloudTrailSecurity,metricValue=1&quot; \\\n  --filter-pattern &quot;${filterPattern}&quot;\n\nexec aws cloudwatch put-metric-alarm \\\n  --region &quot;${REGION}&quot; \\\n  --alarm-name &quot;${alarmApiName}&quot; \\\n  --namespace &quot;CloudTrailSecurity&quot; \\\n  --metric-name &quot;${disallowedMetricName}&quot; \\\n  --statistic Sum \\\n  --period 300 \\\n  --threshold 1 \\\n  --comparison-operator GreaterThanOrEqualToThreshold \\\n  --evaluation-periods 1 \\\n  --alarm-actions &quot;${topicARN}&quot;\n\n## --Tagging--\nalarmApiARN=&quot;arn:aws:cloudwatch:${REGION}:${ACCOUNT_ID}:alarm:${alarmApiName}&quot;\nexec aws cloudwatch tag-resource --region &quot;${REGION}&quot; --resource-arn &quot;${alarmApiARN}&quot; --tags &quot;${tagEnv}&quot; &quot;${tagGroup}&quot;\n\n\n# --- Check ---\niErr=0\nflterExists=$(aws logs describe-metric-filters --region &quot;${REGION}&quot; --metric-name &quot;${rootMetricName}&quot; --metric-namespace &quot;CloudTrailSecurity&quot; --query &#39;metricFilters[].filterName&#39; | jq -r &quot;.[]&quot;)\nif [ -z &quot;${flterExists}&quot; ];then\n  abort &quot;Metrics filter ${rootFilterName} is missing.&quot;\n  ((iErr++))\nfi\nalarmExists=$(aws cloudwatch describe-alarms --region &quot;${REGION}&quot; --alarm-names &quot;${alarmRootName}&quot; --query &#39;MetricAlarms[].AlarmName&#39; | jq -r &#39;.[]&#39;)\nif [ -z &quot;${alarmExists}&quot; ];then\n  abort &quot;Metrics alarm ${alarmRootName} is missing.&quot;\n  ((iErr++))\nfi\nflterExists=$(aws logs describe-metric-filters --region &quot;${REGION}&quot; --metric-name &quot;${disallowedMetricName}&quot; --metric-namespace &quot;CloudTrailSecurity&quot; --query &#39;metricFilters[].filterName&#39; | jq -r &quot;.[]&quot;)\nif [ -z &quot;${flterExists}&quot; ];then\n  abort &quot;Metrics filter ${disallowedFilterName} is missing.&quot;\n  ((iErr++))\nfi\nalarmExists=$(aws cloudwatch describe-alarms --region &quot;${REGION}&quot; --alarm-names &quot;${alarmApiName}&quot; --query &#39;MetricAlarms[].AlarmName&#39; | jq -r &#39;.[]&#39;)\nif [ -z &quot;${alarmExists}&quot; ];then\n  abort &quot;Metrics alarm ${alarmApiName} is missing.&quot;\n  ((iErr++))\nfi\nif [ ${iErr} -gt 0 ]; then\n  abort &quot;Process aborted.&quot;\nfi\n\ninfo &quot;Process succeeded.&quot;\nexit 0<\/code><\/pre><\/div>\n\n\n\n<\/details>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create_loginsight_query_sh\">create_loginsight_query.sh<\/h4>\n\n\n\n<details>\r\n<summary>\u30b3\u30fc\u30c9\u3092\u898b\u308b\uff08\u30af\u30ea\u30c3\u30af\uff09<\/summary>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-file=\"create_loginsight_query.sh\" data-lang=\"Bash\" data-show-lang=\"1\"><code>#!\/bin\/bash\n\nmydir=$(dirname $0)\nsource &quot;${mydir}&quot;\/common.sh\nsource &quot;${mydir}&quot;\/awsenv.sh\ngrptag=&quot;trail&quot;\n\n# ---- Define ----\nqueryDir=&quot;alarm\/&quot;                                       # \u30af\u30a8\u30ea\u3092\u307e\u3068\u3081\u308b\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\nqueryRootName=&quot;${queryDir}QUERY-RootLoginSuccess&quot;       # root\u30e6\u30fc\u30b6\u30ed\u30b0\u30a4\u30f3\u78ba\u8a8d\u7528\u30af\u30a8\u30ea\nqueryApiRegionName=&quot;${queryDir}QUERY-APICallOutsideAllowedRegions&quot;  # \u672a\u4f7f\u7528\u30ea\u30fc\u30b8\u30e7\u30f3\u30a2\u30af\u30bb\u30b9\u78ba\u8a8d\u7528\u30af\u30a8\u30ea\nallowedRegionsCSV=&quot;${REGION},${OTHER_REGION}&quot;\n\ninfo &quot;== Confirm ==&quot;\ninfo &quot;CloudWatch\u30ed\u30b0\u30b0\u30eb\u30fc\u30d7\u540d           : ${TRAIL_LOG_GROUP}&quot;\ninfo &quot;root\u30e6\u30fc\u30b6\u30ed\u30b0\u30a4\u30f3\u78ba\u8a8d\u7528\u30af\u30a8\u30ea      : ${queryRootName}&quot;\ninfo &quot;\u672a\u4f7f\u7528\u30ea\u30fc\u30b8\u30e7\u30f3\u30a2\u30af\u30bb\u30b9\u78ba\u8a8d\u7528\u30af\u30a8\u30ea : ${queryApiRegionName}&quot;\ninfo &quot;  \u901a\u5e38\u4f7f\u7528\u3059\u308b\u30ea\u30fc\u30b8\u30e7\u30f3   : ${allowedRegionsCSV}&quot;\n\nwhile true\ndo\n  input &quot;CloudWatch\u30a2\u30e9\u30fc\u30e0\u306e\u8a2d\u5b9a\u3092\u7d9a\u884c\u3057\u307e\u3059\u304b? (y\/n): &quot;\n  read input\n  if [ &quot;${input}&quot; == &quot;y&quot; ]; then\n    break\n  elif [ &quot;${input}&quot; == &quot;n&quot; ]; then\n    warn &quot;Process cancelled.&quot;\n    exit 0\n  fi\ndone\n\n# ---- Investigation Query for alarm ----\n# 1) Root login success\nqueryString=&quot;$(cat &lt;&lt;&#39;QL&#39;\nfields @timestamp, awsRegion, eventSource, eventName,\n       userIdentity.type as userType,\n       userIdentity.arn  as userArn,\n       sourceIPAddress, userAgent, eventID\n| filter eventName = &quot;ConsoleLogin&quot;\n| filter userIdentity.type = &quot;Root&quot;\n| filter responseElements.ConsoleLogin = &quot;Success&quot;\n| sort @timestamp desc\n| limit 200\nQL\n)&quot;\n\nqueryExists=&quot;$(aws logs describe-query-definitions \\\n  --region &quot;${REGION}&quot; \\\n  --query-definition-name-prefix &quot;${queryRootName}&quot; \\\n  --query &#39;queryDefinitions[?name==`&#39;&quot;${queryRootName}&quot;&#39;`].queryDefinitionId&#39; \\\n  --output text 2&gt;\/dev\/null || true)&quot;\n\nif [[ -n &quot;${queryExists:-}&quot; && &quot;${queryExists}&quot; != &quot;None&quot; ]]; then\n  info &quot;Updating existing query definition: ${queryRootName} ($queryExists)&quot;\n  exec aws logs put-query-definition \\\n    --region &quot;${REGION}&quot; \\\n    --query-definition-id &quot;${queryExists}&quot; \\\n    --name &quot;${queryRootName}&quot; \\\n    --query-string &quot;${queryString}&quot; \\\n    --log-group-names &quot;${TRAIL_LOG_GROUP}&quot;\nelse\n  info &quot;Creating new query definition: ${queryRootName}&quot;\n  exec aws logs put-query-definition \\\n    --region &quot;${REGION}&quot; \\\n    --name &quot;${queryRootName}&quot; \\\n    --query-string &quot;${queryString}&quot; \\\n    --log-group-names &quot;${TRAIL_LOG_GROUP}&quot;\nfi\n\n# 2) API calls in NOT-allowed regions (exclude global services)\nallowedRegionsJSON=$(printf &#39;&quot;%s&quot;&#39; &quot;${allowedRegionsCSV\/\/,\/\\&quot;,\\&quot;}&quot;)\nqueryString=&quot;$(cat &lt;&lt;EOF\nfields @timestamp, awsRegion, eventSource, eventName,\n       userIdentity.type as userType,\n       userIdentity.arn  as userArn,\n       sourceIPAddress, userAgent, eventID\n| filter ispresent(awsRegion)\n| filter eventCategory = &quot;Management&quot;\n| filter awsRegion not in [${allowedRegionsJSON}]\n| filter eventSource not in [\n    &quot;iam.amazonaws.com&quot;,&quot;cloudfront.amazonaws.com&quot;,&quot;route53.amazonaws.com&quot;,\n    &quot;globalaccelerator.amazonaws.com&quot;,&quot;waf.amazonaws.com&quot;,&quot;wafv2.amazonaws.com&quot;,\n    &quot;support.amazonaws.com&quot;,&quot;health.amazonaws.com&quot;,\n    &quot;signin.amazonaws.com&quot;,&quot;sts.amazonaws.com&quot;,&quot;sso.amazonaws.com&quot;,&quot;sso-oidc.amazonaws.com&quot;,\n    &quot;ce.amazonaws.com&quot;\n]\n| filter userIdentity.invokedBy not in [&quot;resource-explorer-2.amazonaws.com&quot;]\n| filter readOnly = false\n| sort @timestamp desc\n| limit 200\nEOF\n)&quot;\n\nqueryExists=&quot;$(aws logs describe-query-definitions \\\n  --region &quot;${REGION}&quot; \\\n  --query-definition-name-prefix &quot;${queryApiRegionName}&quot; \\\n  --query &#39;queryDefinitions[?name==`&#39;&quot;${queryApiRegionName}&quot;&#39;`].queryDefinitionId&#39; \\\n  --output text 2&gt;\/dev\/null || true)&quot;\n\nif [[ -n &quot;${queryExists:-}&quot; && &quot;${queryExists}&quot; != &quot;None&quot; ]]; then\n  info &quot;Updating existing query definition: ${queryApiRegionName} ($queryExists)&quot;\n  exec aws logs put-query-definition \\\n    --region &quot;$REGION&quot; \\\n    --query-definition-id &quot;${queryExists}&quot; \\\n    --name &quot;${queryApiRegionName}&quot; \\\n    --query-string &quot;${queryString}&quot; \\\n    --log-group-names &quot;${TRAIL_LOG_GROUP}&quot;\nelse\n  info &quot;Creating new query definition: ${queryApiRegionName}&quot;\n  exec aws logs put-query-definition \\\n    --region &quot;${REGION}&quot; \\\n    --name &quot;${queryApiRegionName}&quot; \\\n    --query-string &quot;${queryString}&quot; \\\n    --log-group-names &quot;${TRAIL_LOG_GROUP}&quot;\nfi\n\n# --- Check ---\niErr=0\nqueryExists=$(aws logs describe-query-definitions --region &quot;${REGION}&quot; --query-definition-name-prefix &quot;${queryRootName}&quot; --query &#39;queryDefinitions[].name&#39; | jq -r &#39;.[]&#39;)\nif [ -z &quot;${queryExists}&quot; ];then\n  abort &quot;Metrics alarm ${queryRootName} is missing.&quot;\n  ((iErr++))\nfi\nqueryExists=$(aws logs describe-query-definitions --region &quot;${REGION}&quot; --query-definition-name-prefix &quot;${queryApiRegionName}&quot; --query &#39;queryDefinitions[].name&#39; | jq -r &#39;.[]&#39;)\nif [ -z &quot;${queryExists}&quot; ];then\n  abort &quot;Metrics alarm ${queryApiRegionName} is missing.&quot;\n  ((iErr++))\nfi\nif [ ${iErr} -gt 0 ]; then\n  abort &quot;Process aborted.&quot;\nfi\n\ninfo &quot;Process succeeded.&quot;\nexit 0<\/code><\/pre><\/div>\n\n\n\n<\/details>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"disclaimer\"><a href=\"https:\/\/ranamicus.com\/?page_id=109\">\u514d\u8cac\u4e8b\u9805<\/a><\/h4>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u5927\u898f\u6a21\u4e8b\u696d\u8005\u306e\u5834\u5408\u3001AWS\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u8907\u6570\u69cb\u6210\u3057\u305f\u300c\u30de\u30eb\u30c1\u30a2\u30ab\u30a6\u30f3\u30c8\u69cb\u6210\u300d\u306b\u3057\u3066\u3001AWS Organizations\u3092\u4f7f\u3063\u3066\u30ac\u30fc\u30c9\u30ec\u30fc\u30eb\u3092\u8a2d\u5b9a\u3057\u3001\u7d71\u5236\u3092\u52b9\u304b\u305b\u308b\u3068\u601d\u3044\u307e\u3059\u3002\u3057\u304b\u3057\u3001\u500b\u4eba\u5229\u7528\u3084\u5c0f\u898f\u6a21\u5229\u7528\u306e\u5834\u5408\u3001\u305d\u3053\u307e\u3067\u3057\u3063 [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":219,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"vkexunit_cta_each_option":"","footnotes":""},"categories":[10,6,7],"tags":[],"class_list":["post-160","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-aws-tech","category-tech","category-7"],"_links":{"self":[{"href":"https:\/\/ranamicus.com\/index.php?rest_route=\/wp\/v2\/posts\/160","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ranamicus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ranamicus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ranamicus.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ranamicus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=160"}],"version-history":[{"count":54,"href":"https:\/\/ranamicus.com\/index.php?rest_route=\/wp\/v2\/posts\/160\/revisions"}],"predecessor-version":[{"id":299,"href":"https:\/\/ranamicus.com\/index.php?rest_route=\/wp\/v2\/posts\/160\/revisions\/299"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ranamicus.com\/index.php?rest_route=\/wp\/v2\/media\/219"}],"wp:attachment":[{"href":"https:\/\/ranamicus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=160"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ranamicus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=160"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ranamicus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=160"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}