Post on 31-May-2020
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Webinar
https://amzn.to/JPWebinar https://amzn.to/JPArchive
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
①吹き出しをクリック②質問を入力③ Sendをクリック
#awsblackbelt
2
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
3
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
4Photographed at Okinawa Oodomari Beach
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
•
•
•
•
•
•
5
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
6
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
“HTTP pages will
be marked as affirmatively
"Not Secure" using red
color and the non-secure
icon in the URL bar if the
user interacts with any
input field.”
HTTP
URLTakes effect: October 2018 (Chrome 70)
Announcement: Evolving Chrome's security indicators (May 17, 2018)
https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure
7
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
•
•
•
•
8
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
SSL/TLS v2.0, IPA https://www.ipa.go.jp/security/ipg/documents/ipa-cryptrec-gl-3001-2.0.pdf
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
14
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
•
•
15
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
16
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
17
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
18
証明書署名リクエスト(CSR)
CA署名証明書
ルート CA
中間 CA
証明書
ルート CA
証明書
中間 CA
CA
証明書署名リクエスト(CSR)
CA署名証明書
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
•
19
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
20
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
21
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
–
–
•
–
–
–
•
–
22
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
23
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
24
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
•
•
•
•
•
•
•
•
Certificate manager
25
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
•
•
•
•
•
•
26
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
27
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
28
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Support
https://aws.amazon.com/jp/contact-us/
29
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
•
30
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
31
https://www.amazontrust.com/repository/
•
•
•
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
•
32
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
オハイオバージニア北部北カリフォルニアオレゴンムンバイ大阪ローカル
ソウルシンガポールシドニー東京カナダフランクフルト
アイルランドロンドンパリサンパウロGovCloud(US−EAST)GovCloud(US)
(2018年12月19日現在)
•
•
33
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
34
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
ACM による証明書やキーの更新や古い証明書の差し替えは、事前の通知なしに行われる可能性あり
35
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
•
•
•
36
https://docs.aws.amazon.com/ja_jp/acm/latest/userguide/troubleshooting-renewal.html
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
37
https://docs.aws.amazon.com/ja_jp/acm/latest/userguide/import-
certificate.html
※
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
38
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
AWS
TLS
TLS
TLS
ALB
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
40
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
41
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
42
*を指定することで同じドメインの複数サイトの保護が可能
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
43
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
44
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
•
•
•
45
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
47
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon Certificates
<no-reply@certificates.amazon.com>
48
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
49
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
50
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
51
ACMdemoACMdemo
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
52
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
53
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
•
54
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
•
•
•
55
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
56
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
監査レポート
出力
IAMを利用し
たアクセスコントロール
証明書
失効リスト
(CRL)
ハードウェア
セキュリティ
モジュール
57
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
組織リソース
オンプレミスサーバー
AWSサービス
デバイス
Amazon EC2
ACM統合サービス(CloudFront、ELB、API Gatewa)
58
ACM
Private CA
Instances
AWS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
証明書署名リクエスト(CSR)
CA署名証明書
ルート CA
ACM
Private CA
CA
中間 CA
証明書
ルート CA
証明書
中間 CA
59
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
•
•
•
•
•
60
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon
パブリックCA
TLS
AWS
TLS
TLS
AWS
Certificate
Manager
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
67
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
プライベート証明書
カスタム有効期限
カスタムリソースネーム
鍵アルゴリズム 署名アルゴリズム
RSA 2048 SHA256 with RSA
RSA 4096 SHA384 with RSA
SHA512 with RSA
ECDSA P256 SHA256 with ECDSA
ECDSA P384 SHA384 with ECDSA
SHA512 with ECDSA
68
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
69
https://aws.amazon.com/jp/blogs/compute/maintaining-transport-layer-security-all-the-way-to-your-container-part-2-using-aws-certificate-manager-private-
certificate-authority/
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
71
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Ruby
iOS
Python (boto)
Android
Node.js
.NET
PHP
JavaScriptJava
Xamarin
AWS
SDKs
72
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CreateCertificateAuthority
IssueCertificate
GetCertificate
RevokeCertificate
UpdateCertificateAuthority
DeleteCertificateAuthority
ListCertificateAuthorities
DescribeCertificateAuthority
GetCertificateAuthorityCsr
CreateCertificateAuthorityAuditReport
DescribeCertificateAuthorityAuditReport
ImportCertificateAuthorityCertificate
GetCertificateAuthorityCertificate
TagCertificateAuthority
UntagCertificateAuthority
ListTags
73
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
74
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
75
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Private Certificate Authorities CA 10
Private CA 50,000
78
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
1 , 1
0–1,000 $0.75
1,000–10,000 $0.35
10,000+ $0.001
•
•
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
•
• 東京
• カナダ
•
•
•
80
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
82
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
83
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
•
84
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
85
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Webinar
https://amzn.to/JPWebinar https://amzn.to/JPArchive