{"id":229,"date":"2025-12-08T17:16:00","date_gmt":"2025-12-08T08:16:00","guid":{"rendered":"https:\/\/ranamicus.com\/?p=229"},"modified":"2025-12-15T20:25:59","modified_gmt":"2025-12-15T11:25:59","slug":"iacinfra-as-code-on-aws%e3%81%a7%e7%92%b0%e5%a2%83%e6%a7%8b%e7%af%89%e3%81%99%e3%82%8b%e3%81%9f%e3%82%81%e3%81%ae%e6%ba%96%e5%82%99%ef%bc%88%e3%81%9d%e3%81%ae1%ef%bc%89","status":"publish","type":"post","link":"https:\/\/ranamicus.com\/?p=229","title":{"rendered":"IaC(Infra as Code) on AWS\u3067\u74b0\u5883\u69cb\u7bc9\u3059\u308b\u305f\u3081\u306e\u6e96\u5099\uff08\u305d\u306e1\uff09"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"656\" height=\"408\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/12\/\u30ab\u30d0\u30fc\u753b\u50cf.png\" alt=\"\" class=\"wp-image-232\" style=\"width:279px;height:auto\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/12\/\u30ab\u30d0\u30fc\u753b\u50cf.png 656w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/12\/\u30ab\u30d0\u30fc\u753b\u50cf-300x187.png 300w\" sizes=\"auto, (max-width: 656px) 100vw, 656px\" \/><\/figure>\n\n\n\n<p>\u3053\u306e\u8a18\u4e8b\u3067\u306f\u3001IaC\uff08Infra as Code\uff09\u3092\u7528\u3044\u305f\u74b0\u5883\u69cb\u7bc9\u3092\u672c\u683c\u7684\u306b\u59cb\u3081\u308b\u6e96\u5099\u3068\u3057\u3066\u3001\u30b3\u30fc\u30c9\u3092\u683c\u7d0d\u3059\u308bS3\u30d0\u30b1\u30c3\u30c8\u3092\u7528\u610f\u3057\u307e\u3059\u3002<br>\u4f55\u3068\u306a\u304fS3\u30d0\u30b1\u30c3\u30c8\u3092\u4f5c\u6210\u3057\u3066\u3082\u3001\u52d5\u4f5c\u306f\u3057\u307e\u3059\u304c\u3001\u3053\u3053\u3067\u306f\u3001\u3061\u3083\u3093\u3068AWS\u306e\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u3092\u8e0f\u307e\u3048\u305fS3\u30d0\u30b1\u30c3\u30c8\u3092AWS CLI\u3092\u4f7f\u3063\u305f\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u81ea\u52d5\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<div class=\"wp-block-vk-blocks-alert alert alert-info\"><p>\u306a\u304a\u3001\u3053\u306e\u8a18\u4e8b\u306b\u95a2\u3059\u308b<a href=\"#disclaimer\" data-type=\"internal\" data-id=\"#disclaimer\">\u514d\u8cac\u4e8b\u9805<\/a>\u306f\u3001\u672b\u5c3e\u306b\u63b2\u8f09\u3055\u308c\u3066\u3044\u308b\u30ea\u30f3\u30af\u5148\u306b\u8a18\u8f09\u3055\u308c\u3066\u3044\u307e\u3059\u306e\u3067\u3001\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p><\/div>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_68_1 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/ranamicus.com\/?p=229\/#IaC%E3%81%A8%E3%81%AF\" title=\"IaC\u3068\u306f\">IaC\u3068\u306f<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/ranamicus.com\/?p=229\/#%E5%86%AA%E7%AD%89%E6%80%A7\" title=\"\u51aa\u7b49\u6027\">\u51aa\u7b49\u6027<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/ranamicus.com\/?p=229\/#%E5%AE%A3%E8%A8%80%E7%9A%84\" title=\"\u5ba3\u8a00\u7684\">\u5ba3\u8a00\u7684<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/ranamicus.com\/?p=229\/#%E3%83%97%E3%83%AD%E3%83%93%E3%82%B8%E3%83%A7%E3%83%8B%E3%83%B3%E3%82%B0%E3%83%84%E3%83%BC%E3%83%AB\" title=\"\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0\u30c4\u30fc\u30eb\">\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0\u30c4\u30fc\u30eb<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/ranamicus.com\/?p=229\/#%E3%83%AC%E3%82%A4%E3%83%A41%E6%A7%8B%E7%AF%89%EF%BC%88%E3%81%9D%E3%81%AE1%EF%BC%89\" title=\"\u30ec\u30a4\u30e41\u69cb\u7bc9\uff08\u305d\u306e1\uff09\">\u30ec\u30a4\u30e41\u69cb\u7bc9\uff08\u305d\u306e1\uff09<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/ranamicus.com\/?p=229\/#%E3%83%AA%E3%82%BD%E3%83%BC%E3%82%B9%E3%83%95%E3%82%A1%E3%82%A4%E3%83%AB%E6%A0%BC%E7%B4%8D%E7%94%A8S3%E3%83%90%E3%82%B1%E3%83%83%E3%83%88%E4%BD%9C%E6%88%90\" title=\"\u30ea\u30bd\u30fc\u30b9\u30d5\u30a1\u30a4\u30eb\u683c\u7d0d\u7528S3\u30d0\u30b1\u30c3\u30c8\u4f5c\u6210\">\u30ea\u30bd\u30fc\u30b9\u30d5\u30a1\u30a4\u30eb\u683c\u7d0d\u7528S3\u30d0\u30b1\u30c3\u30c8\u4f5c\u6210<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/ranamicus.com\/?p=229\/#CloudTrail%E3%81%AB%E3%83%AA%E3%82%BD%E3%83%BC%E3%82%B9%E3%83%95%E3%82%A1%E3%82%A4%E3%83%AB%E6%A0%BC%E7%B4%8D%E7%94%A8S3%E3%83%90%E3%82%B1%E3%83%83%E3%83%88%E3%81%AE%E3%83%87%E3%83%BC%E3%82%BF%E3%82%A4%E3%83%99%E3%83%B3%E3%83%88%E5%8F%96%E5%BE%97%E8%A8%AD%E5%AE%9A%E3%82%92%E8%BF%BD%E5%8A%A0\" title=\"CloudTrail\u306b\u30ea\u30bd\u30fc\u30b9\u30d5\u30a1\u30a4\u30eb\u683c\u7d0d\u7528S3\u30d0\u30b1\u30c3\u30c8\u306e\u30c7\u30fc\u30bf\u30a4\u30d9\u30f3\u30c8\u53d6\u5f97\u8a2d\u5b9a\u3092\u8ffd\u52a0\">CloudTrail\u306b\u30ea\u30bd\u30fc\u30b9\u30d5\u30a1\u30a4\u30eb\u683c\u7d0d\u7528S3\u30d0\u30b1\u30c3\u30c8\u306e\u30c7\u30fc\u30bf\u30a4\u30d9\u30f3\u30c8\u53d6\u5f97\u8a2d\u5b9a\u3092\u8ffd\u52a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/ranamicus.com\/?p=229\/#CloudWatch_Query%E3%81%AE%E8%BF%BD%E5%8A%A0\" title=\"CloudWatch Query\u306e\u8ffd\u52a0\">CloudWatch Query\u306e\u8ffd\u52a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/ranamicus.com\/?p=229\/#%E3%82%B9%E3%82%AF%E3%83%AA%E3%83%97%E3%83%88\" title=\"\u30b9\u30af\u30ea\u30d7\u30c8\">\u30b9\u30af\u30ea\u30d7\u30c8<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\" id=\"whatsIaC\"><span class=\"ez-toc-section\" id=\"IaC%E3%81%A8%E3%81%AF\"><\/span>IaC\u3068\u306f<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>\u4eca\u306e\u6642\u4ee3\u3001\u74b0\u5883\u69cb\u7bc9\u3092\u3001GUI\u304b\u3089\u624b\u4f5c\u696d\u3067\u884c\u3046\u884c\u70ba\u306f\u3001\u69d8\u3005\u306a\u8ab2\u984c\u3084\u4e0d\u90fd\u5408\u304c\u3042\u308a\u3001\u63a8\u5968\u3055\u308c\u307e\u305b\u3093\u3002<br>\u624b\u52d5\u3067\u74b0\u5883\u69cb\u7bc9\u3059\u308b\u3053\u3068\u306f\u30c7\u30e1\u30ea\u30c3\u30c8\u304c\u591a\u304f\u3001\u305d\u306e\u88cf\u8fd4\u3057\u304cIaC\u3067\u74b0\u5883\u69cb\u7bc9\u3059\u308b\u3053\u3068\u306e\u30e1\u30ea\u30c3\u30c8\u3067\u3059\u3002<\/p>\n\n\n\n<table style=\"border-collapse: collapse; width: 100%; height: 105px;\">\n<tbody>\n<tr style=\"height: 18px;\">\n<td style=\"width: 50%; height: 18px; background-color: #daf2d0;\">\u624b\u52d5\u3067\u74b0\u5883\u69cb\u7bc9\u3059\u308b\u30c7\u30e1\u30ea\u30c3\u30c8<\/td>\n<td style=\"width: 50%; height: 18px; background-color: #daf2d0;\">IaC\u3067\u74b0\u5883\u69cb\u7bc9\u3059\u308b\u30e1\u30ea\u30c3\u30c8<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 50%; height: 18px;\">\u30aa\u30da\u30df\u30b9\u306e\u53ef\u80fd\u6027\u304c\u3042\u308b<\/td>\n<td style=\"width: 50%; height: 18px;\">\u30b3\u30fc\u30c9\u5316\u306b\u3088\u308a\u30d2\u30e5\u30fc\u30de\u30f3\u30a8\u30e9\u30fc\u3092\u524a\u6e1b\u3057\u3001\u6bce\u56de\u540c\u3058\u6b63\u78ba\u306a\u8a2d\u5b9a\u304c\u9069\u7528\u3067\u304d\u308b<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 50%; height: 18px;\">\u69cb\u7bc9\u4f5c\u696d\u306b\u6642\u9593\u304c\u304b\u304b\u308b<\/td>\n<td style=\"width: 50%; height: 18px;\">\u30b3\u30fc\u30c9\u306b\u3088\u308b\u81ea\u52d5\u69cb\u7bc9\u306a\u306e\u3067\u3001\u6642\u9593\u3092\u77ed\u7e2e\u3067\u304d\u308b<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 50%; height: 15px;\">\u540c\u3058\u74b0\u5883\u3092\u3082\u3046\u4e00\u3064\u4f5c\u308d\u3046\u3068\u3057\u3066\u3082\u518d\u73fe\u6027\u304c\u4f4e\u3044<\/td>\n<td style=\"width: 50%; height: 15px;\">\u540c\u3058\u30b3\u30fc\u30c9\u3092\u4f7f\u3048\u3070\u3001\u540c\u3058\u74b0\u5883\u3092\u81ea\u52d5\u3067\u518d\u73fe\u3067\u304d\u308b<\/td>\n<\/tr>\n<tr style=\"height: 36px;\">\n<td style=\"width: 50%; height: 36px;\">\u74b0\u5883\u3092\u5909\u66f4\u3057\u305f\u969b\u306b\u3001\u4f55\u3092\u3001\u3044\u3064\u3001\u306a\u305c\u5909\u66f4\u3057\u305f\u306e\u304b\u3001\u8a18\u9332\u3057\u3001\u7ba1\u7406\u3059\u308b\u4ed5\u7d44\u307f\u3068\u30d7\u30ed\u30bb\u30b9\u304c\u5fc5\u8981<\/td>\n<td style=\"width: 50%; height: 36px;\">Git\u3067\u30b3\u30fc\u30c9\u7ba1\u7406\u3059\u308b\u3053\u3068\u3067\u3001\u74b0\u5883\u5909\u66f4\u306e\u5bfe\u8c61\u7b87\u6240\u3084\u3001\u66f4\u65b0\u7406\u7531\u3001\u53cd\u6620\u30bf\u30a4\u30df\u30f3\u30b0\u304c\u5206\u304b\u308a\u3084\u3059\u304f\u7ba1\u7406\u3067\u304d\u308b<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><\/p>\n\n\n\n<p><a href=\"https:\/\/ranamicus.com\/?p=160\" data-type=\"link\" data-id=\"https:\/\/ranamicus.com\/?p=160\">\u5c0f\u898f\u6a21\u5229\u7528\uff08\u30b7\u30f3\u30b0\u30eb\u30a2\u30ab\u30a6\u30f3\u30c8\uff09\u5411\u3051AWS\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4f5c\u3063\u305f\u3089\u5fc5\u9808\u3067\u3084\u308b\u3053\u3068<\/a>\u3067\u3001\u30b9\u30af\u30ea\u30d7\u30c8\u3068AWS CLI\u3092\u7d44\u5408\u305b\u3066\u3001AWS\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u521d\u671f\u8a2d\u5b9a\u3092\u3057\u3066\u3044\u307e\u3057\u305f\u3002<br>\u3053\u308c\u3082\u3001\u74b0\u5883\u8a2d\u5b9a\u3092\u30b3\u30fc\u30c9\u5316\u3057\u3001\u81ea\u52d5\u5316\u3059\u308bIaC\u306e\u4e00\u7a2e\u3067\u3059\u3002<br>\u305f\u3060\u3057\u3001\u74b0\u5883\u69cb\u7bc9\/\u8a2d\u5b9a\u3092\u3001\u81ea\u52d5\u5316\u3057\u3066\u30b3\u30fc\u30c9\u7ba1\u7406\u3059\u308c\u3070\u3001\u306a\u3093\u3067\u3082IaC\u304b\u3068\u8a00\u3046\u3068\u3001IaC\u306b\u306f\u5b88\u308b\u3079\u304d\u91cd\u8981\u306a\u539f\u5247\u304c\u3042\u308a\u307e\u3059\u3002\u305d\u308c\u306f\u3001\u300c\u51aa\u7b49\u6027\uff08\u3079\u304d\u3068\u3046\u305b\u3044\uff09\u3092\u62c5\u4fdd\u3059\u308b\u3053\u3068\u300d\u3068\u3001\u300c\u5ba3\u8a00\u7684\u3067\u3042\u308b\u3053\u3068\u300d\u3067\u3059\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E5%86%AA%E7%AD%89%E6%80%A7\"><\/span>\u51aa\u7b49\u6027<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>\u300c\u51aa\u7b49\u6027\uff08\u3079\u304d\u3068\u3046\u305b\u3044\uff09\u300d\u3068\u306f\u3001\u300c\u4f55\u5ea6\u3001\u540c\u3058\u64cd\u4f5c\u3092\u3057\u3066\u3082\u3001\u540c\u3058\u7d50\u679c\u306b\u306a\u308b\u300d\u3053\u3068\u3067\u3059\u3002<\/p>\n\n\n\n<p><\/p>\n<table style=\"border-collapse: collapse; width: 100%; height: 221px;\">\n<tbody>\n<tr style=\"height: 18px;\">\n<td style=\"width: 14.1768%; background-color: #daf2d0; text-align: center; height: 18px;\"><\/td>\n<td style=\"width: 26.6006%; background-color: #daf2d0; text-align: center; height: 18px;\">\u65e5\u5e38\u306e\u4f8b<\/td>\n<td style=\"width: 59.2226%; background-color: #daf2d0; text-align: center; height: 18px;\">\u8aac\u660e<\/td>\n<\/tr>\n<tr style=\"height: 149px;\">\n<td style=\"width: 14.1768%; height: 149px;\">\u51aa\u7b49\u6027<\/td>\n<td style=\"width: 26.6006%; height: 149px;\">\u30a8\u30ec\u30d9\u30fc\u30bf\u306e\u76ee\u7684\u968e\u6570\u30dc\u30bf\u30f3\u3092\u62bc\u3059<\/td>\n<td style=\"width: 59.2226%; height: 149px;\">\n<p>\u30a8\u30ec\u30d9\u30fc\u30bf\u3067\u30015\u968e\u306b\u884c\u304d\u305f\u3044\u6642\u306b\u30015\u968e\u306e\u30dc\u30bf\u30f3\u3092\u62bc\u3059\u3068\u3001\u30a8\u30ec\u30d9\u30fc\u30bf\u306f5\u968e\u306b\u6b62\u307e\u308a\u307e\u3059\u3002<br \/>5\u968e\u306e\u30dc\u30bf\u30f3\u309210\u56de\u62bc\u3057\u3066\u3082\u30015\u968e\u306b\u6b62\u307e\u308a\u3001\u7d50\u679c\u306f\u5909\u308f\u308a\u307e\u305b\u3093\u3002<br \/>(\u203b\u30ad\u30e3\u30f3\u30bb\u30eb\u6a5f\u80fd\u306e\u3042\u308b\u30a8\u30ec\u30d9\u30fc\u30bf\u3067\u3001\u540c\u3058\u968e\u6570\u30dc\u30bf\u30f3\u3092\u9023\u6253\u3059\u308b\u3068\u30ad\u30e3\u30f3\u30bb\u30eb\u3055\u308c\u308b\u5834\u5408\u306f\u9664\u5916\u3057\u307e\u3059)<\/p>\n<\/td>\n<\/tr>\n<tr style=\"height: 54px;\">\n<td style=\"width: 14.1768%; height: 54px;\">\u975e\u51aa\u7b49\u6027<\/td>\n<td style=\"width: 26.6006%; height: 54px;\">\u30c6\u30ec\u30d3\u306e\u97f3\u91cf\u30dc\u30bf\u30f3\u3092\u62bc\u3059<\/td>\n<td style=\"width: 59.2226%; height: 54px;\">\u30c6\u30ec\u30d3\u306e\u97f3\u91cf\u304c10\u306e\u6642\u306b\u3001\u300c\u30dc\u30ea\u30e5\u30fc\u30e0\u3092\u4e0a\u3052\u308b\u300d\u30dc\u30bf\u30f3\u3092\u62bc\u3059\u3068\u3001\u97f3\u91cf\u306f11\u306b\u306a\u308a\u307e\u3059\u3002<br \/>\u300c\u30dc\u30ea\u30e5\u30fc\u30e0\u3092\u4e0a\u3052\u308b\u300d\u30dc\u30bf\u30f3\u309210\u56de\u62bc\u3059\u3068\u3001\u97f3\u91cf\u306f20\u306b\u306a\u308a\u307e\u3059\u3002<br \/>\u62bc\u3057\u305f\u56de\u6570\u3060\u3051\u3001\u97f3\u91cf\u304c\u4e0a\u304c\u308a\u3001\u7d50\u679c\u304c\u5909\u308f\u308a\u307e\u3059\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><\/p>\n\n\n\n<p>\u3053\u306e\u51aa\u7b49\u6027\u3092\u62c5\u4fdd\u3059\u308b\u3053\u3068\u306f\u3001IaC\u3092\u5b9f\u884c\u3059\u308b\u30bf\u30a4\u30df\u30f3\u30b0\u306b\u304a\u3051\u308b\u74b0\u5883\u306e\u69cb\u6210\u3084\u8a2d\u5b9a\u304c\u3001\u3069\u306e\u3088\u3046\u306a\u72b6\u614b\u3067\u3042\u308c\u3001IaC\u3092\u5b9f\u884c\u3057\u305f\u7d50\u679c\u3068\u3057\u3066\u3001\u540c\u3058\u72b6\u614b\u306b\u63c3\u3046\u3053\u3068\u3092\u4fdd\u8a3c\u3059\u308b\u3082\u306e\u3067\u3059\u3002\u305d\u306e\u305f\u3081\u3001\u74b0\u5883\u5909\u66f4\u6642\u306b\u306f\u3001IaC\u306b\u3088\u308a\u81ea\u52d5\u7684\u306b\u5dee\u5206\u304c\u9069\u7528\u3055\u308c\u308b\u308f\u3051\u3067\u3059\u3002<\/p>\n\n\n\n<p>\u3055\u3066\u3001\u51aa\u7b49\u6027\u3092\u62c5\u4fdd\u3059\u308b\u3088\u3046\u306b\u3001\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u4f5c\u6210\u3059\u308b\u306e\u306f\u3001\u7d50\u69cb\u9762\u5012\u3067\u3059\u3002\uff08<a href=\"https:\/\/ranamicus.com\/?p=160\">\u5c0f\u898f\u6a21\u5229\u7528\uff08\u30b7\u30f3\u30b0\u30eb\u30a2\u30ab\u30a6\u30f3\u30c8\uff09\u5411\u3051AWS\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4f5c\u3063\u305f\u3089\u5fc5\u9808\u3067\u3084\u308b\u3053\u3068<\/a>\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u3001\u51aa\u7b49\u6027\u3092\u62c5\u4fdd\u3059\u308b\u3088\u3046\u4f5c\u6210\u3057\u3066\u3044\u307e\u3059\u304c\u3001\u305d\u306e\u305f\u3081\u306b\u3001\u30b3\u30fc\u30c9\u306e\u91cf\u304c\u5897\u3048\u3066\u3044\u307e\u3059\uff09<br>\u305d\u3053\u3067\u3001\u51aa\u7b49\u6027\u3092\u62c5\u4fdd\u3057\u3066IaC\u3092\u5b9f\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u4f5c\u3089\u308c\u305f\u3001\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0\u30c4\u30fc\u30eb\u3092\u4f7f\u3063\u305f\u65b9\u304c\u3001\u30ea\u30fc\u30ba\u30ca\u30d6\u30eb\u3067\u3059\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E5%AE%A3%E8%A8%80%E7%9A%84\"><\/span>\u5ba3\u8a00\u7684<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>\u300c\u5ba3\u8a00\u7684\u300d\u3068\u306f\u3001\u300c\u524d\u72b6\u614b\u3068\u306f\u95a2\u4fc2\u306a\u304f\u3001\u53cd\u6620\u3057\u305f\u7d50\u679c\u3001\u3053\u3046\u306a\u308b\u300d\u3092\u793a\u3059\u3053\u3068\u3067\u3059\u3002\u524d\u72b6\u614b\u306f\u6c17\u306b\u305b\u305a\u3001\u6700\u5f8c\u306f\u300cC\u300d\u306b\u306a\u308b\u3001\u3068\u8a00\u3044\u307e\u3059\u3002<br>\u5ba3\u8a00\u7684\u306e\u9006\u306f\u300c\u624b\u7d9a\u7684\u300d\u3067\u3059\u3002\u3053\u308c\u306f\u3001\u300c\u524d\u72b6\u614bA\u306b\u5bfe\u3057\u3066\u3001\u72b6\u614b\u3092B\u306b\u3059\u308b\u300d\u3068\u8a00\u3046\u30d7\u30ed\u30bb\u30b9\u3067\u3059\u3002<br>\u7c21\u5358\u306a\u4f8b\u3068\u3057\u3066\u306f\u3001\u5ba3\u8a00\u7684\u306f\u524d\u72b6\u614b\u3092\u6c17\u306b\u3057\u306a\u3044\u306e\u3067\u300c\u4e0a\u66f8\u304d\u300d\u3001\u624b\u7d9a\u7684\u306f\u300c\u5909\u66f4\u300d\u306e\u30a4\u30e1\u30fc\u30b8\u3067\u3059\u3002<\/p>\n\n\n\n<p>\u3082\u3046\u5c11\u3057\u3061\u3083\u3093\u3068\u3057\u305f\u4f8b\u3068\u3057\u3066\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30c6\u30fc\u30d6\u30eb\u306e\u5b9a\u7fa9\u5909\u66f4\u3092\u6319\u3052\u307e\u3059\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"317\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/12\/\u5ba3\u8a00\u7684\u306e\u4f8b-1024x317.png\" alt=\"\" class=\"wp-image-295\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/12\/\u5ba3\u8a00\u7684\u306e\u4f8b-1024x317.png 1024w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/12\/\u5ba3\u8a00\u7684\u306e\u4f8b-300x93.png 300w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/12\/\u5ba3\u8a00\u7684\u306e\u4f8b-768x238.png 768w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/12\/\u5ba3\u8a00\u7684\u306e\u4f8b.png 1245w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>\u5ba3\u8a00\u7684\u306aIaC\u306f\u3001\u300c\u30c6\u30fc\u30d6\u30ebX\u306f\u3001\u30ab\u30e9\u30e0A\u3001B\u3001C\u3092\u6301\u3064\u300d\u3068\u5ba3\u8a00\u3057\u3001\u524d\u72b6\u614b\u304c\u4f55\u3067\u3042\u3063\u3066\u3082\uff08\u30c6\u30fc\u30d6\u30ebX\u304c\u7121\u304f\u3066\u3082\u3001\u3042\u308b\u3044\u306f\u3001\u30c6\u30fc\u30d6\u30ebX\u306b\u30ab\u30e9\u30e0D\u304c\u3042\u3063\u3066\u3082\uff09\u3001\u6700\u5f8c\u306b\u300c\u30ab\u30e9\u30e0A\u3001B\u3001C\u3092\u6301\u3064\u30c6\u30fc\u30d6\u30ebX\u300d\u3092\u4f5c\u308a\u51fa\u3057\u307e\u3059\u3002<br>\u4e00\u65b9\u3001\u624b\u7d9a\u7684\u306a\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u3001\u300c\u30ab\u30e9\u30e0A\u3092\u6301\u3064\u30c6\u30fc\u30d6\u30ebX\u300d\u304c\u5b58\u5728\u3059\u308b\u3053\u3068\u3092\u524d\u63d0\u3068\u3057\u3066\u3001\u300c\u30c6\u30fc\u30d6\u30ebX\u306b\u30ab\u30e9\u30e0B\u3092\u8ffd\u52a0\u3059\u308b\u300d\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3057\u3001\u66f4\u306b\u3001\u300c\u30c6\u30fc\u30d6\u30ebX\u306b\u30ab\u30e9\u30e0C\u3092\u8ffd\u52a0\u3059\u308b\u300d\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3059\u308b\u3001\u3068\u3044\u3046\u30d7\u30ed\u30bb\u30b9\u3092\u7d4c\u3066\u3001\u6700\u5f8c\u306b\u300c\u30ab\u30e9\u30e0A\u3001B\u3001C\u3092\u6301\u3064\u30c6\u30fc\u30d6\u30ebX\u300d\u304c\u4f5c\u308a\u51fa\u3055\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<p>\u5ba3\u8a00\u7684\u306aIaC\u306f\u3001\u30b3\u30fc\u30c9\u306b\u30c6\u30fc\u30d6\u30ebX\u306e\u6700\u7d42\u7684\u306a\u5b9a\u7fa9\u304c\u8a18\u8f09\u3055\u308c\u3066\u3044\u308b\u306e\u3067\u3001\u30b3\u30fc\u30c9\u3092\u898b\u308c\u3070\u3001\u305d\u308c\u304c\u53cd\u6620\u3055\u308c\u305f\u5f8c\u306e\u72b6\u614b\u304c\u4e00\u76ee\u77ad\u7136\u3067\u3059\u3002<br>\u3057\u304b\u3057\u3001\u624b\u7d9a\u7684\u306a\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u3001\u53cd\u6620\u3059\u308b\u5168\u3066\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3068\u3001\u6700\u521d\u306e\u524d\u63d0\u72b6\u614b\u3092\u91cd\u306d\u5408\u308f\u305b\u3066\u8aad\u307f\u89e3\u304b\u306a\u3044\u3068\u3001\u53cd\u6620\u5f8c\u306e\u72b6\u614b\u304c\u5206\u304b\u308a\u307e\u305b\u3093\u3002<\/p>\n\n\n\n<p>\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u3042\u3063\u3066\u3082\u3001\u5ba3\u8a00\u7684\u306b\u4f5c\u6210\u3059\u308b\u3053\u3068\u306f\u53ef\u80fd\u3067\u3059\u304c\u3001\u304b\u306a\u308a\u610f\u8b58\u3057\u306a\u3044\u3068\u3001\u3064\u3044\u3064\u3044\u624b\u7d9a\u7684\u306b\u306a\u308a\u304c\u3061\u306a\u306e\u3067\u3001\u3053\u308c\u3082\u7d50\u69cb\u9762\u5012\u3067\u3059\u3002<br>\u305d\u3053\u3067\u3001\u3082\u3068\u3082\u3068\u30b3\u30fc\u30c9\u304c\u5ba3\u8a00\u7684\u3067\u3042\u308b\u3053\u3068\u3092\u524d\u63d0\u3068\u3057\u305f\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0\u30c4\u30fc\u30eb\u3092\u4f7f\u3063\u305f\u65b9\u304c\u3001\u5206\u304b\u308a\u3084\u3059\u3044\u3067\u3059\u3057\u3001\u9593\u9055\u3048\u304c\u3042\u308a\u307e\u305b\u3093\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E3%83%97%E3%83%AD%E3%83%93%E3%82%B8%E3%83%A7%E3%83%8B%E3%83%B3%E3%82%B0%E3%83%84%E3%83%BC%E3%83%AB\"><\/span>\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0\u30c4\u30fc\u30eb<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>AWS\u306b\u304a\u3051\u308b\u74b0\u5883\u69cb\u7bc9\u3067\u306e\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0\u30c4\u30fc\u30eb\u306f\u3001Terraform\u3068CloudFormation\u304c\u4ee3\u8868\u7684\u3067\u3059\u3002<\/p>\n\n\n\n<p>Terraform\u306f\u3001AWS\u4ee5\u5916\u306e\u3001Google Cloud\u3084Azure\u306b\u3082\u5bfe\u5fdc\u3057\u3066\u304a\u308a\u3001\u6bd4\u8f03\u7684\u67d4\u8edf\u6027\u304c\u9ad8\u304f\u3001\u5e83\u304f\u666e\u53ca\u3057\u3066\u3044\u307e\u3059\u3002\u4e00\u65b9\u3001CloudFormation\u306f\u3001AWS\u30cd\u30a4\u30c6\u30a3\u30d6\u306a\u30b5\u30fc\u30d3\u30b9\u3067\u3001\u4ed6\u306eAWS\u30b5\u30fc\u30d3\u30b9\u3068\u306e\u89aa\u548c\u6027\u304c\u9ad8\u304f\u3001\u4f7f\u3044\u59cb\u3081\u308b\u307e\u3067\u306e\u6e96\u5099\u306e\u30cf\u30fc\u30c9\u30eb\u304c\u4f4e\u3044\u3067\u3059\u3002<\/p>\n\n\n\n<p>\u4f55\u3092\u4f7f\u3046\u304b\u306f\u597d\u307f\u3082\u3042\u308a\u307e\u3059\u304c\u3001\u3053\u306e\u30d6\u30ed\u30b0\u3067\u306f\u3001\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u4f7f\u3044\u5206\u3051\u308b\u3053\u3068\u306b\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<table style=\"border-collapse: collapse; width: 100%; height: 121px;\">\n<tbody>\n<tr style=\"height: 18px;\">\n<td style=\"width: 35.5963%; background-color: #daf2d0; text-align: center; height: 18px;\" colspan=\"2\">\u30ec\u30a4\u30e4<\/td>\n<td style=\"width: 19.5387%; background-color: #daf2d0; text-align: center; height: 18px;\">IaC\u306e\u69cb\u6210<\/td>\n<td style=\"width: 44.8649%; background-color: #daf2d0; text-align: center; height: 18px;\">\u8aac\u660e<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 13.4028%; height: 18px;\">\u30ec\u30a4\u30e40<\/td>\n<td style=\"width: 22.1935%; height: 18px;\">\u30a2\u30ab\u30a6\u30f3\u30c8\u30d6\u30fc\u30c8\u30b9\u30c8\u30e9\u30c3\u30d7<\/td>\n<td style=\"width: 19.5387%; height: 18px;\">\u30b9\u30af\u30ea\u30d7\u30c8\uff0bAWS CLI<\/td>\n<td style=\"width: 44.8649%; height: 18px;\">\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0\u30c4\u30fc\u30eb\u3092\u4f7f\u3046\u304b\u3001\u4f55\u3092\u4f7f\u3046\u304b\u306b\u306f\u95a2\u4fc2\u306a\u304f\u3001<a href=\"https:\/\/ranamicus.com\/?p=160\">AWS\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4f5c\u3063\u305f\u3089\u5fc5\u9808\u3067\u3084\u308b\u3079\u304d\u3053\u3068<\/a><\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 13.4028%; height: 67px;\" rowspan=\"2\">\u30ec\u30a4\u30e41<\/td>\n<td style=\"width: 22.1935%; height: 67px;\" rowspan=\"2\">\u30a2\u30ab\u30a6\u30f3\u30c8\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb<\/td>\n<td style=\"width: 19.5387%; height: 18px;\">\n<p>\u30b9\u30af\u30ea\u30d7\u30c8\uff0bAWS CLI<\/p>\n<\/td>\n<td style=\"width: 44.8649%; height: 18px;\">CloudFormation\u3067IaC\u306b\u3088\u308b\u74b0\u5883\u69cb\u7bc9\u3092\u884c\u3046\u305f\u3081\u306e\u30ea\u30bd\u30fc\u30b9<\/td>\n<\/tr>\n<tr style=\"height: 49px;\">\n<td style=\"width: 19.5387%; height: 49px;\">\n<p>CloudFormation<\/p>\n<\/td>\n<td style=\"width: 44.8649%; height: 49px;\">Terraform\u3067IaC\u306b\u3088\u308b\u74b0\u5883\u69cb\u7bc9\u3092\u884c\u3046\u305f\u3081\u306e\u524d\u63d0\u3084\u30ea\u30bd\u30fc\u30b9\u7fa4<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 13.4028%; height: 18px;\">\u30ec\u30a4\u30e42\u4ee5\u964d<\/td>\n<td style=\"width: 22.1935%; height: 18px;\">\u30ef\u30fc\u30af\u30ed\u30fc\u30c9\/\u30a2\u30d7\u30ea\u74b0\u5883<\/td>\n<td style=\"width: 19.5387%; height: 18px;\">Terraform<\/td>\n<td style=\"width: 44.8649%; height: 18px;\">\u30a2\u30d7\u30ea\u5b9f\u884c\u74b0\u5883\u3084\u3001\u30ec\u30a4\u30e41\u4ee5\u5916\u306e\u904b\u7528\u74b0\u5883\/\u958b\u767a\u74b0\u5883\u306a\u3069\u306e\u8a2d\u5b9a\u3084\u30ea\u30bd\u30fc\u30b9\u7fa4<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><\/p>\n\n\n\n<p>\u30ec\u30a4\u30e40\u30681\u306f\u3001\u624b\u4f5c\u696d\u3067\u3084\u3063\u3066\u3082\u3044\u3044\u3093\u3058\u3083\u306a\u3044\uff1f\u3068\u8a00\u3046\u6c17\u6301\u3061\u306b\u306a\u308b\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u304c\u3001\u300c<a href=\"#whatsIaC\" data-type=\"internal\" data-id=\"#whatsIaC\">IaC\u3068\u306f<\/a>\u300d\u306b\u8a18\u8f09\u3057\u305f\u624b\u4f5c\u696d\u306e\u30c7\u30e1\u30ea\u30c3\u30c8\u3068IaC\u306e\u30e1\u30ea\u30c3\u30c8\u306b\u7acb\u3061\u8fd4\u3063\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E3%83%AC%E3%82%A4%E3%83%A41%E6%A7%8B%E7%AF%89%EF%BC%88%E3%81%9D%E3%81%AE1%EF%BC%89\"><\/span>\u30ec\u30a4\u30e41\u69cb\u7bc9\uff08\u305d\u306e1\uff09<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">\u76ee\u7684<\/h3>\n\n\n\n<p>\u3053\u306e\u8a18\u4e8b\u3068\u3001\u300cIaC(Infra as Code) on AWS\u3067\u74b0\u5883\u69cb\u7bc9\u3059\u308b\u305f\u3081\u306e\u6e96\u5099\uff08\u305d\u306e2\uff09\u300d\u3067\u3001\u30ec\u30a4\u30e41\u3092\u69cb\u7bc9\u3057\u3066\u3044\u304d\u307e\u3059\u3002<br>\u3053\u306e\u8a18\u4e8b\u3067\u306f\u3001CloudFormation\u3092\u5b9f\u884c\u3059\u308b\u305f\u3081\u306b\u3001IaC\u306e\u30b3\u30fc\u30c9\u3092\u683c\u7d0d\u3059\u308bS3\u30d0\u30b1\u30c3\u30c8\u3092\u7528\u610f\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<p>\u5b9f\u306f\u3001\u3053\u306eS3\u30d0\u30b1\u30c3\u30c8\u306f\u3001\u306a\u304f\u3066\u3082CloudFormation\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u306f\u53ef\u80fd\u306a\u306e\u3067\u3059\u304c\u3001S3\u30d0\u30b1\u30c3\u30c8\u304c\u7121\u304b\u3063\u305f\u5834\u5408\u3067\u3001\u4e00\u5b9a\u30b5\u30a4\u30ba\u4ee5\u4e0a\u306e\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306a\u3069\u306b\u3001\u4e00\u6642\u5229\u7528\u306e S3 \u30d0\u30b1\u30c3\u30c8\u304c\u81ea\u52d5\u7684\u306b\u4f5c\u6210\u3055\u308c\u307e\u3059\u3002\u3053\u306e\u30d0\u30b1\u30c3\u30c8\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u8a2d\u5b9a\u3067\u4f5c\u6210\u3055\u308c\u308b\u305f\u3081\u3001\u30ac\u30d0\u30ca\u30f3\u30b9\u4e0a\u306e\u61f8\u5ff5\u304c\u751f\u3058\u307e\u3059\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>IaC\u3068\u3057\u3066\u7ba1\u7406\u3057\u3066\u3044\u306a\u3044S3\u30d0\u30b1\u30c3\u30c8\u304c\u5b58\u5728\u3059\u308b\u3053\u3068\u306b\u306a\u308a\u3001\u7d71\u5236\u304c\u52b9\u304b\u306a\u304f\u306a\u308b<\/li>\n\n\n\n<li>AWS\u306e\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u306b\u6e96\u62e0\u3057\u3066\u3044\u306a\u3044\u8a2d\u5b9a\u306eS3\u30d0\u30b1\u30c3\u30c8\u304c\u4f5c\u6210\u3055\u308c\u3001\u5c06\u6765\u3001\u7b2c\u4e09\u8005\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a3a\u65ad\u306a\u3069\u3092\u53d7\u3051\u305f\u969b\u306b\u3001\u8106\u5f31\u6027\u3042\u308a\u3068\u5224\u65ad\u3055\u308c\u308b\uff08\u4f8b\uff1a\u30d1\u30d6\u30ea\u30c3\u30af\u30a2\u30af\u30bb\u30b9\u30d6\u30ed\u30c3\u30af\u304c\u7121\u52b9\u3001\u30d0\u30fc\u30b8\u30e7\u30cb\u30f3\u30b0\u306a\u3057\u3001HTTPS\u5fc5\u9808\u3067\u306a\u3044 \u306a\u3069\uff09<\/li>\n<\/ul>\n\n\n\n<p>\u305d\u3053\u3067\u3001\u6700\u4f4e\u9650\u3001\u4ee5\u4e0b\u306e\u8a2d\u5b9a\u3092\u65bd\u3057\u305fS3\u30d0\u30b1\u30c3\u30c8\u3092\u4f5c\u6210\u3057\u3001\u4f7f\u3046\u3053\u3068\u306b\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>IaC\u30b3\u30fc\u30c9\u683c\u7d0d\u7528S3\u30d0\u30b1\u30c3\u30c8\u306e\u30a2\u30af\u30bb\u30b9\u30ed\u30b0\u53d6\u5f97\u3092\u6709\u52b9\u5316\u3057\u3001<a href=\"https:\/\/ranamicus.com\/?p=160\" data-type=\"link\" data-id=\"https:\/\/ranamicus.com\/?p=160\">\u5c0f\u898f\u6a21\u5229\u7528\uff08\u30b7\u30f3\u30b0\u30eb\u30a2\u30ab\u30a6\u30f3\u30c8\uff09\u5411\u3051AWS\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4f5c\u3063\u305f\u3089\u5fc5\u9808\u3067\u3084\u308b\u3053\u3068<\/a>\u3067\u4f5c\u6210\u3057\u305fCloudTrail\u306b\u3001\u3053\u306e\u30a2\u30af\u30bb\u30b9\u30ed\u30b0\u3082\u9023\u643a\u3059\u308b\uff08\u9023\u643a\u3055\u308c\u305f\u30a2\u30af\u30bb\u30b9\u30ed\u30b0\u306f\u3001\u8a3c\u8de1\u30ed\u30b0\u4fdd\u7ba1\u7528S3\u30d0\u30b1\u30c3\u30c8\u306b\u4fdd\u7ba1\u3055\u308c\u308b\uff09<\/li>\n\n\n\n<li>\u30d0\u30fc\u30b8\u30e7\u30cb\u30f3\u30b0\u8a2d\u5b9a\u3092\u6709\u52b9\u5316\u3059\u308b<\/li>\n\n\n\n<li>Public Access Block\u3092\u6709\u52b9\u5316\u3059\u308b<\/li>\n\n\n\n<li>S3\u30b5\u30fc\u30d0\u30fc\u30b5\u30a4\u30c9\u6697\u53f7\u5316\u3092\u6709\u52b9\u5316\u3059\u308b<\/li>\n\n\n\n<li>HTTPS\u4ee5\u5916\u306e\u30a2\u30af\u30bb\u30b9\u3092\u62d2\u5426\u3059\u308b<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u5b9f\u884c\u65b9\u6cd5<\/h3>\n\n\n\n<p><a href=\"https:\/\/ranamicus.com\/?p=160#HowToRunScript\" data-type=\"link\" data-id=\"https:\/\/ranamicus.com\/?p=160#HowToRunScript\">\u300c\u5c0f\u898f\u6a21\u5229\u7528\uff08\u30b7\u30f3\u30b0\u30eb\u30a2\u30ab\u30a6\u30f3\u30c8\uff09\u5411\u3051AWS\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4f5c\u3063\u305f\u3089\u5fc5\u9808\u3067\u3084\u308b\u3053\u3068\u300d\u306e\u300c\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u5b9f\u884c\u65b9\u6cd5\u300d<\/a>\u3092\u898b\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E3%83%AA%E3%82%BD%E3%83%BC%E3%82%B9%E3%83%95%E3%82%A1%E3%82%A4%E3%83%AB%E6%A0%BC%E7%B4%8D%E7%94%A8S3%E3%83%90%E3%82%B1%E3%83%83%E3%83%88%E4%BD%9C%E6%88%90\"><\/span>\u30ea\u30bd\u30fc\u30b9\u30d5\u30a1\u30a4\u30eb\u683c\u7d0d\u7528S3\u30d0\u30b1\u30c3\u30c8\u4f5c\u6210<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h5 class=\"wp-block-heading\">\u30b9\u30af\u30ea\u30d7\u30c8\u6e96\u5099<\/h5>\n\n\n\n<p><a href=\"https:\/\/ranamicus.com\/?p=160#setting_base_iam_sh\"><a href=\"#create_resource_s3.sh\" data-type=\"internal\" data-id=\"#create_resource_s3.sh\">create_resource_s3.sh<\/a><\/a>\u306e---- Define ----\u306e\u30d6\u30ed\u30c3\u30af\u306b\u3001S3\u30d0\u30b1\u30c3\u30c8\u8a2d\u5b9a\u304c\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\u306e\u3067\u3001\u9069\u5b9c\u66f8\u304d\u63db\u3048\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<p><\/p>\n<table style=\"border-collapse: collapse; width: 100%; height: 72px;\">\n<tbody>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; text-align: center; background-color: #daf2d0; height: 18px;\">#<\/td>\n<td style=\"width: 13.1466%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8a2d\u5b9a\u9805\u76ee<\/td>\n<td style=\"width: 30.3117%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8a2d\u5b9a\u3067\u304d\u308b\u5024<\/td>\n<td style=\"width: 51.3693%; text-align: center; background-color: #daf2d0; height: 18px;\">\u8aac\u660e<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 5.17241%; height: 18px;\">1<\/td>\n<td style=\"width: 13.1466%; height: 18px;\">\n<div>\n<div><span>REGION<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 18px;\">\n<div>\n<div><span>${REGION}<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 51.3693%; height: 18px;\">S3\u30d0\u30b1\u30c3\u30c8\u3092\u4f5c\u6210\u3059\u308b\u30ea\u30fc\u30b8\u30e7\u30f3<span>(REGION\u306f\u3001<a href=\"https:\/\/ranamicus.com\/?p=160#awsenv.sh\" data-type=\"internal\" data-id=\"#awsenv.sh\">awsenv.sh<\/a>\u3067\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059)<\/span><\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"height: 36px; width: 5.17241%;\">2<\/td>\n<td style=\"height: 36px; width: 13.1466%;\">\n<div>\n<div><span>rBucket<\/span><\/div>\n<\/div>\n<\/td>\n<td style=\"width: 30.3117%; height: 36px;\"><span>${<\/span><span>RESOURCE_S3_KEY<\/span><span>}$(<\/span><span>altAwsIdStr<\/span><span> <\/span><span>12<\/span><span>)<\/span><\/td>\n<td style=\"width: 51.3693%; height: 36px;\">\n<div>\n<div><span>S3\u30d0\u30b1\u30c3\u30c8\u540d(RESOURCE_S3_KEY\u306f\u3001<a href=\"https:\/\/ranamicus.com\/?p=160#awsenv.sh\" data-type=\"internal\" data-id=\"#awsenv.sh\">awsenv.sh<\/a>\u3067\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059)<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n<h5 class=\"wp-block-heading\">\u8a2d\u5b9a<\/h5>\n\n\n\n<p>\u66f4\u65b0\u3057\u305f\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u3001CloudShell\u306b\u3001\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u304f\u3060\u3055\u3044\u3002<br>CloudShell\u3067\u3001\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>bash .\/create_resource_s3.sh<\/code><\/pre><\/div>\n\n\n\n<p>\u8a2d\u5b9a\u5185\u5bb9\u3092\u8868\u793a\u3059\u308b\u306e\u3067\u3001\u78ba\u8a8d\u306e\u4e0a\u3001y\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"923\" height=\"266\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/12\/create_resource_s3.sh\u5b9f\u884c.png\" alt=\"\" class=\"wp-image-297\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/12\/create_resource_s3.sh\u5b9f\u884c.png 923w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/12\/create_resource_s3.sh\u5b9f\u884c-300x86.png 300w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/12\/create_resource_s3.sh\u5b9f\u884c-768x221.png 768w\" sizes=\"auto, (max-width: 923px) 100vw, 923px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"CloudTrail%E3%81%AB%E3%83%AA%E3%82%BD%E3%83%BC%E3%82%B9%E3%83%95%E3%82%A1%E3%82%A4%E3%83%AB%E6%A0%BC%E7%B4%8D%E7%94%A8S3%E3%83%90%E3%82%B1%E3%83%83%E3%83%88%E3%81%AE%E3%83%87%E3%83%BC%E3%82%BF%E3%82%A4%E3%83%99%E3%83%B3%E3%83%88%E5%8F%96%E5%BE%97%E8%A8%AD%E5%AE%9A%E3%82%92%E8%BF%BD%E5%8A%A0\"><\/span>CloudTrail\u306b\u30ea\u30bd\u30fc\u30b9\u30d5\u30a1\u30a4\u30eb\u683c\u7d0d\u7528S3\u30d0\u30b1\u30c3\u30c8\u306e\u30c7\u30fc\u30bf\u30a4\u30d9\u30f3\u30c8\u53d6\u5f97\u8a2d\u5b9a\u3092\u8ffd\u52a0<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h5 class=\"wp-block-heading\">\u30b9\u30af\u30ea\u30d7\u30c8\u6e96\u5099<\/h5>\n\n\n\n<p><a href=\"https:\/\/ranamicus.com\/?p=160\">\u5c0f\u898f\u6a21\u5229\u7528\uff08\u30b7\u30f3\u30b0\u30eb\u30a2\u30ab\u30a6\u30f3\u30c8\uff09\u5411\u3051AWS\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4f5c\u3063\u305f\u3089\u5fc5\u9808\u3067\u3084\u308b\u3053\u3068<\/a>\u3067\u3001\u4f5c\u6210\u3057\u305fcreate_cloudtrail.sh\u306b\u3001\u30ea\u30bd\u30fc\u30b9\u30d5\u30a1\u30a4\u30eb\u683c\u7d0d\u7528S3\u30d0\u30b1\u30c3\u30c8\u306e\u30c7\u30fc\u30bf\u30a4\u30d9\u30f3\u30c8\u3092\u53d6\u5f97\u53d6\u5f97\u3059\u308b\u8a2d\u5b9a\u306e\u5ba3\u8a00\u3092\u8ffd\u52a0\u3057\u3066\u3084\u308a\u307e\u3059\u3002<br><a href=\"#create_cloudtrail.sh\">create_cloudtrail.sh<\/a>\u306e\u30cf\u30a4\u30e9\u30a4\u30c8\u3055\u308c\u3066\u3044\u308b\u884c\u304c\u8ffd\u52a0\u884c\u3067\u3059\u3002<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">\u8a2d\u5b9a<\/h5>\n\n\n\n<p>\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u3001CloudShell\u306b\u3001\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u304f\u3060\u3055\u3044\u3002<br>CloudShell\u3067\u3001\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\" data-show-lang=\"1\"><code>bash .\/create_cloudtrail.sh<\/code><\/pre><\/div>\n\n\n\n<p>\u8a2d\u5b9a\u5185\u5bb9\u3092\u8868\u793a\u3059\u308b\u306e\u3067\u3001\u78ba\u8a8d\u306e\u4e0a\u3001y\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1012\" height=\"465\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/12\/create_cloudtrail.sh\u5b9f\u884c.png\" alt=\"\" class=\"wp-image-301\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/12\/create_cloudtrail.sh\u5b9f\u884c.png 1012w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/12\/create_cloudtrail.sh\u5b9f\u884c-300x138.png 300w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/12\/create_cloudtrail.sh\u5b9f\u884c-768x353.png 768w\" sizes=\"auto, (max-width: 1012px) 100vw, 1012px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"CloudWatch_Query%E3%81%AE%E8%BF%BD%E5%8A%A0\"><\/span>CloudWatch Query\u306e\u8ffd\u52a0<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h5 class=\"wp-block-heading\">\u30b9\u30af\u30ea\u30d7\u30c8\u6e96\u5099<\/h5>\n\n\n\n<p><a href=\"https:\/\/ranamicus.com\/?p=160\">\u5c0f\u898f\u6a21\u5229\u7528\uff08\u30b7\u30f3\u30b0\u30eb\u30a2\u30ab\u30a6\u30f3\u30c8\uff09\u5411\u3051AWS\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4f5c\u3063\u305f\u3089\u5fc5\u9808\u3067\u3084\u308b\u3053\u3068<\/a>\u3067\u3001\u4f5c\u6210\u3057\u305fcreate_loginsight_query.sh\u306b\u3001\u30ea\u30bd\u30fc\u30b9\u30d5\u30a1\u30a4\u30eb\u683c\u7d0d\u7528S3\u30d0\u30b1\u30c3\u30c8\u306e\u30c7\u30fc\u30bf\u30a4\u30d9\u30f3\u30c8\u3092CloudWatch\u30ed\u30b0\u30b0\u30eb\u30fc\u30d7\u304b\u3089\u691c\u7d22\u3059\u308b\u30af\u30a8\u30ea\u8a2d\u5b9a\u306e\u5ba3\u8a00\u3092\u8ffd\u52a0\u3057\u3066\u3084\u308a\u307e\u3059\u3002<br><a href=\"#create_cloudtrail.sh\">create_cloudtrail.sh<\/a>\u306e\u30cf\u30a4\u30e9\u30a4\u30c8\u3055\u308c\u3066\u3044\u308b\u884c\u304c\u8ffd\u52a0\u884c\u3067\u3059\u3002<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">\u8a2d\u5b9a<\/h5>\n\n\n\n<p>\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u3001CloudShell\u306b\u3001\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u3066\u304f\u3060\u3055\u3044\u3002<br>CloudShell\u3067\u3001\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-lang=\"Bash\" data-show-lang=\"1\"><code>bash .\/create_loginsight_query.sh<\/code><\/pre><\/div>\n\n\n\n<p>\u8a2d\u5b9a\u5185\u5bb9\u3092\u8868\u793a\u3059\u308b\u306e\u3067\u3001\u78ba\u8a8d\u306e\u4e0a\u3001y\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"392\" src=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/12\/create_loginsight_query.sh\u5b9f\u884c-1024x392.png\" alt=\"\" class=\"wp-image-302\" srcset=\"https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/12\/create_loginsight_query.sh\u5b9f\u884c-1024x392.png 1024w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/12\/create_loginsight_query.sh\u5b9f\u884c-300x115.png 300w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/12\/create_loginsight_query.sh\u5b9f\u884c-768x294.png 768w, https:\/\/ranamicus.com\/wp\/wp-content\/uploads\/2025\/12\/create_loginsight_query.sh\u5b9f\u884c.png 1087w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E3%82%B9%E3%82%AF%E3%83%AA%E3%83%97%E3%83%88\"><\/span>\u30b9\u30af\u30ea\u30d7\u30c8<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create_resource_s3.sh\">create_resource_s3.sh<\/h4>\n\n\n\n<details>\n<summary>\u30b3\u30fc\u30c9\u3092\u898b\u308b\uff08\u30af\u30ea\u30c3\u30af\uff09<\/summary>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-file=\"create_resource_s3.sh\" data-lang=\"Bash\" data-show-lang=\"1\"><code>#!\/bin\/bash\n# define\nmydir=$(dirname $0)\nsource &quot;${mydir}&quot;\/common.sh\nsource &quot;${mydir}&quot;\/awsenv.sh\ngrptag=&quot;resource&quot;\n\n# ---- Define ----\nrBucket=&quot;${RESOURCE_S3_KEY}$(altAwsIdStr 12)&quot; # \u30ea\u30bd\u30fc\u30b9\u30d5\u30a1\u30a4\u30eb\u683c\u7d0d\u7528S3\u30d0\u30b1\u30c3\u30c8\n\ninfo &quot;== Confirm ==&quot;\ninfo &quot;\u30a2\u30ab\u30a6\u30f3\u30c8                     : ${ACCOUNT_ID}&quot;\ninfo &quot;\u30ea\u30fc\u30b8\u30e7\u30f3                     : ${REGION}&quot;\ninfo &quot;\u30ea\u30bd\u30fc\u30b9\u30d5\u30a1\u30a4\u30eb\u683c\u7d0d\u7528S3\u30d0\u30b1\u30c3\u30c8 : ${rBucket}&quot;\n\nwhile true\ndo\n  input &quot;S3\u30d0\u30b1\u30c3\u30c8\u306e\u4f5c\u6210\u3092\u7d9a\u884c\u3057\u307e\u3059\u304b? (y\/n): &quot;\n  read input\n  if [ &quot;${input}&quot; == &quot;y&quot; ]; then\n    break\n  elif [ &quot;${input}&quot; == &quot;n&quot; ]; then\n    warn &quot;Process cancelled.&quot;\n    exit 0\n  fi\ndone\n\n# ---- Create S3 Bucket ----\n# Create bucket\nif aws s3api head-bucket --region &quot;${REGION}&quot; --bucket &quot;${rBucket}&quot; 2&gt;\/dev\/null; then\n  info &quot;S3 bucket exists: ${rBucket}&quot;\nelse\n  info &quot;Creating S3 bucket: ${rBucket}&quot;\n  # \u30ea\u30fc\u30b8\u30e7\u30f3\u304c us-east-1 \u4ee5\u5916\u306a\u3089 LocationConstraint \u5fc5\u9808\n  if [ &quot;${REGION}&quot; == &quot;us-east-1&quot; ]; then\n    exec aws s3api create-bucket --region &quot;${REGION}&quot; --bucket &quot;${rBucket}&quot;\n  else\n    exec aws s3api create-bucket --region &quot;${REGION}&quot; --bucket &quot;${rBucket}&quot; \\\n      --create-bucket-configuration LocationConstraint=&quot;${REGION}&quot;\n  fi\n  if [ $? -ne 0 ]; then\n    abort &quot;Process aborted.&quot;\n    exit 1\n  fi\nfi\n\n# Bucket policy setting for Resource Bucket\ncat &lt;&lt;EOF &gt; &quot;${TEMPFILE}&quot;\n{\n  &quot;Version&quot;: &quot;2012-10-17&quot;,\n  &quot;Statement&quot;: [\n    {\n      &quot;Sid&quot;: &quot;DenyNonSSLRequests&quot;,\n      &quot;Effect&quot;: &quot;Deny&quot;,\n      &quot;Principal&quot;: &quot;*&quot;,\n      &quot;Action&quot;: &quot;s3:*&quot;,\n      &quot;Resource&quot;: [\n        &quot;arn:aws:s3:::${rBucket}&quot;,\n        &quot;arn:aws:s3:::${rBucket}\/*&quot;\n      ],\n      &quot;Condition&quot;: {\n        &quot;Bool&quot;: {\n          &quot;aws:SecureTransport&quot;: &quot;false&quot;\n        }\n      }\n    }\n  ]\n}\t\nEOF\nexec aws s3api put-bucket-policy --bucket &quot;${rBucket}&quot; --policy file:\/\/&quot;${TEMPFILE}&quot;\nif [ $? -ne 0 ]; then\n  abort &quot;Process aborted.&quot;\n  exit 1\nfi\n\n# Set Versining\nexec aws s3api put-bucket-versioning --region &quot;${REGION}&quot; --bucket &quot;${rBucket}&quot; \\\n  --versioning-configuration Status=Enabled\nif [ $? -ne 0 ]; then\n  abort &quot;Process aborted.&quot;\n  exit 1\nfi\n\n# Public access block\nexec aws s3api put-public-access-block \\\n  --region &quot;${REGION}&quot; \\\n  --bucket &quot;${rBucket}&quot; \\\n  --public-access-block-configuration \\\n    &#39;{&quot;BlockPublicAcls&quot;:true,&quot;IgnorePublicAcls&quot;:true,&quot;BlockPublicPolicy&quot;:true,&quot;RestrictPublicBuckets&quot;:true}&#39;\nif [ $? -ne 0 ]; then\n  abort &quot;Process aborted.&quot;\n  exit 1\nfi\n\n# Serverside Encryption\nexec aws s3api put-bucket-encryption \\\n  --region &quot;${REGION}&quot; \\\n  --bucket  &quot;${rBucket}&quot;\\\n  --server-side-encryption-configuration \\\n    &#39;{&quot;Rules&quot;:[{&quot;ApplyServerSideEncryptionByDefault&quot;:{&quot;SSEAlgorithm&quot;:&quot;AES256&quot;}}]}&#39;\nif [ $? -ne 0 ]; then\n  abort &quot;Process aborted.&quot;\n  exit 1\nfi\n\n# --Tagging--\nexec aws s3api put-bucket-tagging --region &quot;${REGION}&quot; --bucket &quot;${rBucket}&quot; \\\n  --tagging &quot;TagSet=[{Key=environment,Value=${ENVTAG}},{Key=group,Value=${grptag}}]&quot;\n\nrm -f &quot;${TEMPFILE}*&quot;\ninfo &quot;Process succeeded.&quot;\nexit 0<\/code><\/pre><\/div>\n\n\n\n<\/details>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create_cloudtrail.sh\">create_cloudtrail.sh<\/h4>\n\n\n\n<details>\n<summary>\u30b3\u30fc\u30c9\u3092\u898b\u308b\uff08\u30af\u30ea\u30c3\u30af\uff09<\/summary>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\" data-line=\"15-17,59-73\"><code>#!\/bin\/bash\n\nmydir=$(dirname $0)\nsource &quot;${mydir}&quot;\/common.sh\nsource &quot;${mydir}&quot;\/awsenv.sh\ngrptag=&quot;trail&quot;\n\n# ---- Define ----\ntrailName=&quot;Orgless-Management-Events&quot;        # CloudTrail\u540d\ns3Bucket=&quot;${TRAIL_S3_KEY}$(altAwsIdStr 12)&quot;  # S3\u30d0\u30b1\u30c3\u30c8\u540d\ntrailLogGroupARN=&quot;arn:aws:logs:${REGION}:${ACCOUNT_ID}:log-group:${TRAIL_LOG_GROUP}&quot; # LogGroup\u540d\ntagEnv=&quot;Key=environment,Value=${ENVTAG}&quot;\ntagGroup=&quot;Key=group,Value=${grptag}&quot;\n\nrBucket=&quot;${RESOURCE_S3_KEY}$(altAwsIdStr 12)&quot; # (S3\u30a2\u30af\u30bb\u30b9\u30ed\u30b0\u53d6\u5f97)\u30ea\u30bd\u30fc\u30b9\u30d5\u30a1\u30a4\u30eb\u683c\u7d0d\u7528S3\u30d0\u30b1\u30c3\u30c8\nrBucketARN=&quot;arn:aws:s3:::${rBucket}&quot;\neventType=&quot;WriteOnly&quot;                         # (S3\u30a2\u30af\u30bb\u30b9\u30ed\u30b0\u53d6\u5f97)\u53d6\u5f97\u3059\u308b\u30a4\u30d9\u30f3\u30c8\u30bf\u30a4\u30d7(All\/ReadOnly\/WriteOnly)\n\ninfo &quot;== Confirm ==&quot;\ninfo &quot;\u30a2\u30ab\u30a6\u30f3\u30c8                   : ${ACCOUNT_ID}&quot;\ninfo &quot;CloudTrail\u8a3c\u8de1\u540d            : ${trailName}&quot;\ninfo &quot;\u9023\u643a\u5148S3\u30d0\u30b1\u30c3\u30c8             : ${s3Bucket}&quot;\ninfo &quot;  \u683c\u7d0d\u5148\u30d5\u30a9\u30eb\u30c0             : ${TRIL_S3_PREFIX}&quot;\ninfo &quot;\u9023\u643a\u5148CloudWatch\u30ed\u30b0\u30b0\u30eb\u30fc\u30d7  : ${TRAIL_LOG_GROUP}&quot;\ninfo &quot;\u30a2\u30af\u30bb\u30b9\u30ed\u30b0\u53d6\u5f97S3\u30d0\u30b1\u30c3\u30c8    : ${rBucket}&quot;\ninfo &quot;  \u30a4\u30d9\u30f3\u30c8\u30bf\u30a4\u30d7             : ${eventType}&quot;\n\nwhile true\ndo\n  input &quot;CloudTrail\u306e\u4f5c\u6210\u3092\u7d9a\u884c\u3057\u307e\u3059\u304b? (y\/n): &quot;\n  read input\n  if [ &quot;${input}&quot; == &quot;y&quot; ]; then\n    break\n  elif [ &quot;${input}&quot; == &quot;n&quot; ]; then\n    warn &quot;Process cancelled.&quot;\n    exit 0\n  fi\ndone\n\n# ---- CloudTrail (multi-region) ----\nif aws cloudtrail get-trail --name &quot;${trailName}&quot; &gt;& \/dev\/null; then\n  info &quot;Trail exists: ${trailName}&quot;\nelse\n  info &quot;Creating trail: ${trailName}&quot;\n  ctArgs=(\n    --region &quot;${REGION}&quot;\n    --name &quot;${trailName}&quot;\n    --s3-bucket-name &quot;${s3Bucket}&quot;\n    --is-multi-region-trail\n    --include-global-service-events\n    --enable-log-file-validation\n    --cloud-watch-logs-log-group-arn &quot;${trailLogGroupARN}:*&quot;\n    --cloud-watch-logs-role-arn &quot;arn:aws:iam::${ACCOUNT_ID}:role\/${TRAIL_CW_ROLE}&quot;\n    --s3-key-prefix &quot;${TRIL_S3_PREFIX}&quot;\n  )\n  exec aws cloudtrail create-trail &quot;${ctArgs[@]}&quot;\nfi\n\n# (S3\u30a2\u30af\u30bb\u30b9\u30ed\u30b0\u53d6\u5f97) Add S3 Data Event\naws cloudtrail put-event-selectors \\\n  --trail-name &quot;${trailName}&quot; \\\n  --event-selectors &quot;[\n    {\n      \\&quot;ReadWriteType\\&quot;: \\&quot;${eventType}\\&quot;,\n      \\&quot;IncludeManagementEvents\\&quot;: true,\n      \\&quot;DataResources\\&quot;: [\n        {\n          \\&quot;Type\\&quot;: \\&quot;AWS::S3::Object\\&quot;,\n          \\&quot;Values\\&quot;: [\\&quot;${rBucketARN}\/\\&quot;]\n        }\n      ]\n    }\n  ]&quot;\n\nexec aws cloudtrail start-logging --region &quot;${REGION}&quot; --name &quot;${trailName}&quot;\n\n## --Tagging--\ntrailARN=&quot;arn:aws:cloudtrail:${REGION}:${ACCOUNT_ID}:trail\/${trailName}&quot;\nexec aws cloudtrail add-tags --region &quot;${REGION}&quot; --resource-id &quot;${trailARN}&quot; --tags-list &quot;${tagEnv}&quot; &quot;${tagGroup}&quot;\n\n\n# --- Check ---\niErr=0\naws cloudtrail get-trail --region &quot;${REGION}&quot; --name &quot;${trailName}&quot; &gt;& \/dev\/null\nif [ $? -ne 0 ]; then\n  abort &quot;CloudTrail ${trailName} is missing.&quot;\n  ((iErr++))\nfi\nif [ ${iErr} -gt 0 ]; then\n  abort &quot;Process aborted.&quot;\nfi\n\n\ninfo &quot;Process succeeded.&quot;\nexit 0<\/code><\/pre><\/div>\n\n\n\n<\/details>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\">create_loginsight_query.sh<\/h4>\n\n\n\n<details>\n<summary>\u30b3\u30fc\u30c9\u3092\u898b\u308b\uff08\u30af\u30ea\u30c3\u30af\uff09<\/summary>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-bash\" data-file=\"create_loginsight_query.sh\" data-lang=\"Bash\" data-line=\"14,15,22,121-153,167-171\" data-show-lang=\"1\"><code>#!\/bin\/bash\n\nmydir=$(dirname $0)\nsource &quot;${mydir}&quot;\/common.sh\nsource &quot;${mydir}&quot;\/awsenv.sh\ngrptag=&quot;trail&quot;\n\n# ---- Define ----\nqueryDir=&quot;alarm\/&quot;                                       # \u30af\u30a8\u30ea\u3092\u307e\u3068\u3081\u308b\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\nqueryRootName=&quot;${queryDir}QUERY-RootLoginSuccess&quot;       # root\u30e6\u30fc\u30b6\u30ed\u30b0\u30a4\u30f3\u78ba\u8a8d\u7528\u30af\u30a8\u30ea\nqueryApiRegionName=&quot;${queryDir}QUERY-APICallOutsideAllowedRegions&quot;  # \u672a\u4f7f\u7528\u30ea\u30fc\u30b8\u30e7\u30f3\u30a2\u30af\u30bb\u30b9\u78ba\u8a8d\u7528\u30af\u30a8\u30ea\nallowedRegionsCSV=&quot;${REGION},${OTHER_REGION}&quot;\n\nqueryS3AccDir=&quot;s3Access\/&quot;                                                      # (S3\u30a2\u30af\u30bb\u30b9\u30ed\u30b0\u53d6\u5f97)S3\u30a2\u30af\u30bb\u30b9\u30ed\u30b0\u30af\u30a8\u30ea\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\nqueryResourceS3AccessName=&quot;${queryS3AccDir}QUERY-${RESOURCE_S3_KEY}AccessLog&quot;  # (S3\u30a2\u30af\u30bb\u30b9\u30ed\u30b0\u53d6\u5f97)\u30ea\u30bd\u30fc\u30b9\u30d5\u30a1\u30a4\u30eb\u683c\u7d0d\u7528S3\u30d0\u30b1\u30c3\u30c8\u30a2\u30af\u30bb\u30b9\u30ed\u30b0\u30af\u30a8\u30ea\n\ninfo &quot;== Confirm ==&quot;\ninfo &quot;CloudWatch\u30ed\u30b0\u30b0\u30eb\u30fc\u30d7\u540d                      : ${TRAIL_LOG_GROUP}&quot;\ninfo &quot;root\u30e6\u30fc\u30b6\u30ed\u30b0\u30a4\u30f3\u78ba\u8a8d\u7528\u30af\u30a8\u30ea                 : ${queryRootName}&quot;\ninfo &quot;\u672a\u4f7f\u7528\u30ea\u30fc\u30b8\u30e7\u30f3\u30a2\u30af\u30bb\u30b9\u78ba\u8a8d\u7528\u30af\u30a8\u30ea            : ${queryApiRegionName}&quot;\ninfo &quot;  \u901a\u5e38\u4f7f\u7528\u3059\u308b\u30ea\u30fc\u30b8\u30e7\u30f3                       : ${allowedRegionsCSV}&quot;\ninfo &quot;\u30ea\u30bd\u30fc\u30b9\u30d5\u30a1\u30a4\u30eb\u683c\u7d0d\u7528S3\u30a2\u30af\u30bb\u30b9\u30ed\u30b0\u78ba\u8a8d\u7528\u30af\u30a8\u30ea : ${queryResourceS3AccessName}&quot;\n\nwhile true\ndo\n  input &quot;CloudWatch\u30a2\u30e9\u30fc\u30e0\u306e\u8a2d\u5b9a\u3092\u7d9a\u884c\u3057\u307e\u3059\u304b? (y\/n): &quot;\n  read input\n  if [ &quot;${input}&quot; == &quot;y&quot; ]; then\n    break\n  elif [ &quot;${input}&quot; == &quot;n&quot; ]; then\n    warn &quot;Process cancelled.&quot;\n    exit 0\n  fi\ndone\n\n# ---- Investigation Query for alarm ----\n# 1) Root login success\nqueryString=&quot;$(cat &lt;&lt;&#39;QL&#39;\nfields @timestamp, awsRegion, eventSource, eventName,\n       userIdentity.type as userType,\n       userIdentity.arn  as userArn,\n       sourceIPAddress, userAgent, eventID\n| filter eventName = &quot;ConsoleLogin&quot;\n| filter userIdentity.type = &quot;Root&quot;\n| filter responseElements.ConsoleLogin = &quot;Success&quot;\n| sort @timestamp desc\n| limit 200\nQL\n)&quot;\n\nqueryExists=&quot;$(aws logs describe-query-definitions \\\n  --region &quot;${REGION}&quot; \\\n  --query-definition-name-prefix &quot;${queryRootName}&quot; \\\n  --query &#39;queryDefinitions[?name==`&#39;&quot;${queryRootName}&quot;&#39;`].queryDefinitionId&#39; \\\n  --output text 2&gt;\/dev\/null || true)&quot;\n\nif [[ -n &quot;${queryExists:-}&quot; && &quot;${queryExists}&quot; != &quot;None&quot; ]]; then\n  info &quot;Updating existing query definition: ${queryRootName} ($queryExists)&quot;\n  exec aws logs put-query-definition \\\n    --region &quot;${REGION}&quot; \\\n    --query-definition-id &quot;${queryExists}&quot; \\\n    --name &quot;${queryRootName}&quot; \\\n    --query-string &quot;${queryString}&quot; \\\n    --log-group-names &quot;${TRAIL_LOG_GROUP}&quot;\nelse\n  info &quot;Creating new query definition: ${queryRootName}&quot;\n  exec aws logs put-query-definition \\\n    --region &quot;${REGION}&quot; \\\n    --name &quot;${queryRootName}&quot; \\\n    --query-string &quot;${queryString}&quot; \\\n    --log-group-names &quot;${TRAIL_LOG_GROUP}&quot;\nfi\n\n# 2) API calls in NOT-allowed regions (exclude global services)\nallowedRegionsJSON=$(printf &#39;&quot;%s&quot;&#39; &quot;${allowedRegionsCSV\/\/,\/\\&quot;,\\&quot;}&quot;)\nqueryString=&quot;$(cat &lt;&lt;EOF\nfields @timestamp, awsRegion, eventSource, eventName,\n       userIdentity.type as userType,\n       userIdentity.arn  as userArn,\n       sourceIPAddress, userAgent, eventID\n| filter ispresent(awsRegion)\n| filter eventCategory = &quot;Management&quot;\n| filter awsRegion not in [${allowedRegionsJSON}]\n| filter eventSource not in [\n    &quot;iam.amazonaws.com&quot;,&quot;cloudfront.amazonaws.com&quot;,&quot;route53.amazonaws.com&quot;,\n    &quot;globalaccelerator.amazonaws.com&quot;,&quot;waf.amazonaws.com&quot;,&quot;wafv2.amazonaws.com&quot;,\n    &quot;support.amazonaws.com&quot;,&quot;health.amazonaws.com&quot;,\n    &quot;signin.amazonaws.com&quot;,&quot;sts.amazonaws.com&quot;,&quot;sso.amazonaws.com&quot;,&quot;sso-oidc.amazonaws.com&quot;,\n    &quot;ce.amazonaws.com&quot;\n]\n| filter userIdentity.invokedBy not in [&quot;resource-explorer-2.amazonaws.com&quot;]\n| filter readOnly = false\n| sort @timestamp desc\n| limit 200\nEOF\n)&quot;\n\nqueryExists=&quot;$(aws logs describe-query-definitions \\\n  --region &quot;${REGION}&quot; \\\n  --query-definition-name-prefix &quot;${queryApiRegionName}&quot; \\\n  --query &#39;queryDefinitions[?name==`&#39;&quot;${queryApiRegionName}&quot;&#39;`].queryDefinitionId&#39; \\\n  --output text 2&gt;\/dev\/null || true)&quot;\n\nif [[ -n &quot;${queryExists:-}&quot; && &quot;${queryExists}&quot; != &quot;None&quot; ]]; then\n  info &quot;Updating existing query definition: ${queryApiRegionName} ($queryExists)&quot;\n  exec aws logs put-query-definition \\\n    --region &quot;${REGION}&quot; \\\n    --query-definition-id &quot;${queryExists}&quot; \\\n    --name &quot;${queryApiRegionName}&quot; \\\n    --query-string &quot;${queryString}&quot; \\\n    --log-group-names &quot;${TRAIL_LOG_GROUP}&quot;\nelse\n  info &quot;Creating new query definition: ${queryApiRegionName}&quot;\n  exec aws logs put-query-definition \\\n    --region &quot;${REGION}&quot; \\\n    --name &quot;${queryApiRegionName}&quot; \\\n    --query-string &quot;${queryString}&quot; \\\n    --log-group-names &quot;${TRAIL_LOG_GROUP}&quot;\nfi\n\n# ---- Investigation Query for S3 Accesslog ----\n# 1) (S3\u30a2\u30af\u30bb\u30b9\u30ed\u30b0\u53d6\u5f97)Resource S3 Bucket AccessLog\nqueryString=&quot;$(cat &lt;&lt;EOF\nfields @timestamp, eventName, userIdentity.arn, requestParameters.bucketName, requestParameters.key\n| filter eventSource = &quot;s3.amazonaws.com&quot;\n| filter eventCategory = &quot;Data&quot;\n| filter requestParameters.bucketName = &quot;${RESOURCE_S3_KEY}$(altAwsIdStr 12)&quot;\n| sort @timestamp desc\nEOF\n)&quot;\n\nqueryExists=&quot;$(aws logs describe-query-definitions \\\n  --region &quot;${REGION}&quot; \\\n  --query-definition-name-prefix &quot;${queryResourceS3AccessName}&quot; \\\n  --query &#39;queryDefinitions[?name==`&#39;&quot;${queryResourceS3AccessName}&quot;&#39;`].queryDefinitionId&#39; \\\n  --output text 2&gt;\/dev\/null || true)&quot;\n\nif [[ -n &quot;${queryExists:-}&quot; && &quot;${queryExists}&quot; != &quot;None&quot; ]]; then\n  info &quot;Updating existing query definition: ${queryResourceS3AccessName} ($queryExists)&quot;\n  exec aws logs put-query-definition \\\n    --region &quot;${REGION}&quot; \\\n    --query-definition-id &quot;${queryExists}&quot; \\\n    --name &quot;${queryResourceS3AccessName}&quot; \\\n    --query-string &quot;${queryString}&quot; \\\n    --log-group-names &quot;${TRAIL_LOG_GROUP}&quot;\nelse\n  info &quot;Creating new query definition: ${queryResourceS3AccessName}&quot;\n  exec aws logs put-query-definition \\\n    --region &quot;${REGION}&quot; \\\n    --name &quot;${queryResourceS3AccessName}&quot; \\\n    --query-string &quot;${queryString}&quot; \\\n    --log-group-names &quot;${TRAIL_LOG_GROUP}&quot;\nfi\n\n# --- Check ---\niErr=0\nqueryExists=$(aws logs describe-query-definitions --region &quot;${REGION}&quot; --query-definition-name-prefix &quot;${queryRootName}&quot; --query &#39;queryDefinitions[].name&#39; | jq -r &#39;.[]&#39;)\nif [ -z &quot;${queryExists}&quot; ];then\n  abort &quot;Metrics alarm ${queryRootName} is missing.&quot;\n  ((iErr++))\nfi\nqueryExists=$(aws logs describe-query-definitions --region &quot;${REGION}&quot; --query-definition-name-prefix &quot;${queryApiRegionName}&quot; --query &#39;queryDefinitions[].name&#39; | jq -r &#39;.[]&#39;)\nif [ -z &quot;${queryExists}&quot; ];then\n  abort &quot;Metrics alarm ${queryApiRegionName} is missing.&quot;\n  ((iErr++))\nfi\nqueryExists=$(aws logs describe-query-definitions --region &quot;${REGION}&quot; --query-definition-name-prefix &quot;${queryResourceS3AccessName}&quot; --query &#39;queryDefinitions[].name&#39; | jq -r &#39;.[]&#39;)\nif [ -z &quot;${queryExists}&quot; ];then\n  abort &quot;Metrics alarm ${queryResourceS3AccessName} is missing.&quot;\n  ((iErr++))\nfi\nif [ ${iErr} -gt 0 ]; then\n  abort &quot;Process aborted.&quot;\nfi\n\ninfo &quot;Process succeeded.&quot;\nexit 0<\/code><\/pre><\/div>\n\n\n\n<\/details>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"disclaimer\"><a href=\"https:\/\/ranamicus.com\/?page_id=109\">\u514d\u8cac\u4e8b\u9805<\/a><\/h4>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u3053\u306e\u8a18\u4e8b\u3067\u306f\u3001IaC\uff08Infra as Code\uff09\u3092\u7528\u3044\u305f\u74b0\u5883\u69cb\u7bc9\u3092\u672c\u683c\u7684\u306b\u59cb\u3081\u308b\u6e96\u5099\u3068\u3057\u3066\u3001\u30b3\u30fc\u30c9\u3092\u683c\u7d0d\u3059\u308bS3\u30d0\u30b1\u30c3\u30c8\u3092\u7528\u610f\u3057\u307e\u3059\u3002\u4f55\u3068\u306a\u304fS3\u30d0\u30b1\u30c3\u30c8\u3092\u4f5c\u6210\u3057\u3066\u3082\u3001\u52d5\u4f5c\u306f\u3057\u307e\u3059\u304c\u3001\u3053\u3053\u3067\u306f\u3001\u3061\u3083\u3093\u3068AWS\u306e\u30d9\u30b9\u30c8\u30d7 [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":232,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"vkexunit_cta_each_option":"","footnotes":""},"categories":[10,6,7],"tags":[],"class_list":["post-229","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-aws-tech","category-tech","category-7"],"_links":{"self":[{"href":"https:\/\/ranamicus.com\/index.php?rest_route=\/wp\/v2\/posts\/229","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ranamicus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ranamicus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ranamicus.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ranamicus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=229"}],"version-history":[{"count":24,"href":"https:\/\/ranamicus.com\/index.php?rest_route=\/wp\/v2\/posts\/229\/revisions"}],"predecessor-version":[{"id":303,"href":"https:\/\/ranamicus.com\/index.php?rest_route=\/wp\/v2\/posts\/229\/revisions\/303"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ranamicus.com\/index.php?rest_route=\/wp\/v2\/media\/232"}],"wp:attachment":[{"href":"https:\/\/ranamicus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=229"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ranamicus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=229"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ranamicus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=229"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}