G-gen Tech Blog

Google Workspaceã®ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆç®¡ç†ã§ãƒ¢ãƒã‚¤ãƒ«ãƒ‡ãƒã‚¤ã‚¹ã‚’å®‰å…¨ã«ç®¡ç†ã™ã‚‹

2025-01-15T09:00:00+09:00

G-gen ã®ä¸‰æµ¦ã§ã™ã€‚å½“è¨˜äº‹ã§ã¯ã€Google Workspace ã® ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆç®¡ç†ã‚’ä½¿ç”¨ã—ã¦ã€iPhone ã‚„ Android ç«¯æœ«ãªã©ã®ãƒ¢ãƒã‚¤ãƒ«ç«¯æœ«ã‚’ç®¡ç†ã™ã‚‹æ–¹æ³•ã‚’ç´¹ä»‹ã—ã¾ã™ã€‚

æ¦‚è¦
- ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆç®¡ç†ã¨ã¯
- ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆç®¡ç†ã‚’ä½¿ç”¨ã™ã‚‹ãƒ¡ãƒªãƒƒãƒˆ
å‰ææ¡ä»¶
- åŸºæœ¬ç®¡ç†ã¨è©³ç´°ç®¡ç†
- iOS ãƒ‡ãƒã‚¤ã‚¹ã®è©³ç´°ç®¡ç†
æ¤œè¨¼æ‰‹é †
ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆè¨å®š
å‹•ä½œç¢ºèª

æ¦‚è¦

ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆç®¡ç†ã¨ã¯

ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆç®¡ç†ã¯ã€Google Workspace ãŒæä¾›ã™ã‚‹ãƒ‡ãƒã‚¤ã‚¹ç®¡ç†æ©Ÿèƒ½ã§ã™ã€‚å¾“æ¥å“¡ãŒä½¿ç”¨ã™ã‚‹ãƒ¢ãƒã‚¤ãƒ«ç«¯æœ«ã‚„ãƒ‘ã‚½ã‚³ãƒ³ã‚’ä¸€å…ƒçš„ã«ç®¡ç†ã—ã€çµ„ç¹”ã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãƒãƒªã‚·ãƒ¼ã‚’é©ç”¨ã§ãã¾ã™ã€‚

ä¸€èˆ¬çš„ã«ã€ã“ã®ã‚ˆã†ãªãƒ‡ãƒã‚¤ã‚¹ç®¡ç†ã®ä»•çµ„ã¿ã¯ MDMï¼ˆMobile Device Managementï¼‰ã¨å‘¼ã°ã‚Œã¾ã™ã€‚MDM ã¯ã€ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãƒãƒªã‚·ãƒ¼ã®é©ç”¨ã€ã‚¢ãƒ—ãƒªã®é…å¸ƒã€ãƒ‡ãƒã‚¤ã‚¹ã®ç›£è¦–ã€ç´›å¤±ãƒ»ç›—é›£æ™‚ã®ãƒ‡ãƒ¼ã‚¿æ¶ˆåŽ»ãªã©ã®æ©Ÿèƒ½ã‚’æä¾›ã™ã‚‹ãƒ„ãƒ¼ãƒ«å…¨èˆ¬ã‚’æŒ‡ã—ã¾ã™ã€‚

å‚è€ƒ : ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆç®¡ç†

ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆç®¡ç†ã‚’ä½¿ç”¨ã™ã‚‹ãƒ¡ãƒªãƒƒãƒˆ

Google Workspace ã®ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆç®¡ç†ã‚’ä½¿ç”¨ã™ã‚‹ã¨ã€ä»¥ä¸‹ã®ã‚ˆã†ãªãƒ¡ãƒªãƒƒãƒˆãŒã‚ã‚Šã¾ã™ã€‚

ãƒ¡ãƒªãƒƒãƒˆ	è©³ç´°
Google Workspace ã¨ã®ã‚·ãƒ¼ãƒ ãƒ¬ã‚¹ãªçµ±åˆ	ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã¨ç«¯æœ«ã®ç®¡ç†ã‚’ä¸€å…ƒåŒ–ã§ãã¾ã™ã€‚ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ ã‚¢ã‚¯ã‚»ã‚¹ã§ Gmail ã‚„ Google ãƒ‰ãƒ©ã‚¤ãƒ–ã¸ã®æŸ”è»Ÿãªã‚¢ã‚¯ã‚»ã‚¹åˆ¶å¾¡ã‚‚å¯èƒ½ã§ã™ã€‚
è¿½åŠ è²»ç”¨ã‚„å°‚ç”¨ã‚¢ãƒ—ãƒªä¸è¦	Business Plus ã‚„ Enterprise ãƒ—ãƒ©ãƒ³ãªã©ã«æ¨™æº–æè¼‰ã•ã‚Œã¦ãŠã‚Šã€è¿½åŠ è²»ç”¨ã‚„å°‚ç”¨ã‚¢ãƒ—ãƒªã¯ä¸è¦ã§ã™ã€‚
Android ã‚¼ãƒã‚¿ãƒƒãƒç™»éŒ²ã¨ BYOD	ã‚¼ãƒã‚¿ãƒƒãƒç™»éŒ²ã§å¤šæ•°ã®ç«¯æœ«ã‚’ç°¡å˜ã«ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ—ã§ãã¾ã™ã€‚ã¾ãŸå€‹äººæ‰€æœ‰ãƒ‡ãƒã‚¤ã‚¹ï¼ˆBYODï¼‰ã«ãŠã„ã¦ã‚‚æ¥å‹™ãƒ‡ãƒ¼ã‚¿ã¨å€‹äººãƒ‡ãƒ¼ã‚¿ã‚’åˆ†é›¢ã§ãã‚‹ã‚ˆã†ã«ãªã‚Šã€ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã¨ãƒ—ãƒ©ã‚¤ãƒã‚·ãƒ¼ã‚’ä¸¡ç«‹ã§ãã¾ã™ã€‚

ã‚¼ãƒã‚¿ãƒƒãƒç™»éŒ²åŠã³ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ ã‚¢ã‚¯ã‚»ã‚¹ã®è©³ç´°ãªè¨å®šæ‰‹é †ã«ã¤ã„ã¦ã¯ã€ä»¥ä¸‹ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã¨è¨˜äº‹ã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚

å‚è€ƒ : Android ã®ã‚¼ãƒã‚¿ãƒƒãƒç™»éŒ²ã®è¨å®š

blog.g-gen.co.jp

å‰ææ¡ä»¶

åŸºæœ¬ç®¡ç†ã¨è©³ç´°ç®¡ç†

Google Workspace ã®ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆç®¡ç†ã«ã¯ã€åŸºæœ¬ç®¡ç†ã¨è©³ç´°ç®¡ç†ãŒã‚ã‚Šã¾ã™ã€‚Google Workspace ã®ã‚¨ãƒ‡ã‚£ã‚·ãƒ§ãƒ³ã«ã‚ˆã£ã¦ã€ã©ã¡ã‚‰ã®æ©Ÿèƒ½ãŒåˆ©ç”¨ã§ãã‚‹ã‹ãŒæ±ºã¾ã‚Šã¾ã™ã€‚

æ©Ÿèƒ½ã®åç§°	è©³ç´°
åŸºæœ¬ç®¡ç†	ãƒ‡ãƒã‚¤ã‚¹ç™»éŒ²ã€ç´›å¤±æ™‚ã® Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆãƒªãƒ¢ãƒ¼ãƒˆå‰Šé™¤ã€ ãƒ‡ãƒã‚¤ã‚¹ã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ï¼ˆä¾‹ï¼šOS ãƒãƒ¼ã‚¸ãƒ§ãƒ³ï¼‰ ã®ç¢ºèªãªã©ã®åŸºæœ¬çš„ãªç®¡ç†æ©Ÿèƒ½ã‚’æä¾›ã—ã¾ã™ã€‚
è©³ç´°ç®¡ç†	çµ„ç¹”ã§è¨±å¯ã•ã‚Œã¦ã„ãªã„ã‚¢ãƒ—ãƒªã‚’ç¦æ¢ã™ã‚‹æ©Ÿèƒ½ã‚„ãƒ‡ãƒ¼ã‚¿æ“ä½œåˆ¶é™ ãªã©ã€ã‚ˆã‚Šé«˜åº¦ãªåˆ¶å¾¡ãŒå¯èƒ½ã€‚å€‹äººæ‰€æœ‰ãƒ‡ãƒã‚¤ã‚¹ï¼ˆBYODï¼‰ ã‚„ã‚¼ãƒã‚¿ãƒƒãƒç™»éŒ²ã«ã‚ˆã‚Šã€æŸ”è»Ÿã«ãƒ‡ãƒã‚¤ã‚¹ã‚’ç®¡ç†ã§ãã¾ã™ã€‚

æ©Ÿèƒ½ã®åç§°

è©³ç´°

åŸºæœ¬ç®¡ç†

ãƒ‡ãƒã‚¤ã‚¹ç™»éŒ²ã€ç´›å¤±æ™‚ã® Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆãƒªãƒ¢ãƒ¼ãƒˆå‰Šé™¤ã€
ãƒ‡ãƒã‚¤ã‚¹ã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ï¼ˆä¾‹ï¼šOS ãƒãƒ¼ã‚¸ãƒ§ãƒ³ï¼‰
ã®ç¢ºèªãªã©ã®åŸºæœ¬çš„ãªç®¡ç†æ©Ÿèƒ½ã‚’æä¾›ã—ã¾ã™ã€‚

è©³ç´°ç®¡ç†

çµ„ç¹”ã§è¨±å¯ã•ã‚Œã¦ã„ãªã„ã‚¢ãƒ—ãƒªã‚’ç¦æ¢ã™ã‚‹æ©Ÿèƒ½ã‚„ãƒ‡ãƒ¼ã‚¿æ“ä½œåˆ¶é™
ãªã©ã€ã‚ˆã‚Šé«˜åº¦ãªåˆ¶å¾¡ãŒå¯èƒ½ã€‚å€‹äººæ‰€æœ‰ãƒ‡ãƒã‚¤ã‚¹ï¼ˆBYODï¼‰
ã‚„ã‚¼ãƒã‚¿ãƒƒãƒç™»éŒ²ã«ã‚ˆã‚Šã€æŸ”è»Ÿã«ãƒ‡ãƒã‚¤ã‚¹ã‚’ç®¡ç†ã§ãã¾ã™ã€‚

å‚è€ƒ : ãƒ¢ãƒã‚¤ãƒ«ç®¡ç†æ©Ÿèƒ½ã®æ¯”è¼ƒ

iOS ãƒ‡ãƒã‚¤ã‚¹ã®è©³ç´°ç®¡ç†

iOS ãƒ‡ãƒã‚¤ã‚¹ã§è©³ç´°ç®¡ç†ã‚’è¡Œã†ã«ã¯ã€Apple ãƒ—ãƒƒã‚·ãƒ¥è¨¼æ˜Žæ›¸ãŒå¿…è¦ã§ã™ã€‚ã“ã®è¨¼æ˜Žæ›¸ã¯ Apple Push Certificates Portal ã§å–å¾—ã§ãã¾ã™ã€‚è©³ç´°ã¯ä»¥ä¸‹ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’ç¢ºèªã—ã¦ãã ã•ã„ã€‚

æ¤œè¨¼æ‰‹é †

ä»¥ä¸‹ã®æ‰‹é †ã§ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆç®¡ç†ã‚’è¨å®šã—ã€å‹•ä½œã‚’ç¢ºèªã—ã¾ã™ã€‚

ãƒ‡ãƒã‚¤ã‚¹ã®ç™»éŒ²ï¼ˆiOS/Androidï¼‰
ç®¡ç†ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã«ãƒ‡ãƒã‚¤ã‚¹ã‚’ç™»éŒ²ã—ã¾ã™ã€‚
iOS ã®ãƒãƒªã‚·ãƒ¼è¨å®š
Google ãƒ‰ãƒ©ã‚¤ãƒ–ã‚„ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã®æ¥å‹™ãƒ‡ãƒ¼ã‚¿ã‚’ãƒãƒ¼ã‚«ãƒ«ï¼ˆä¾‹ï¼šFiles ã‚¢ãƒ—ãƒªï¼‰ã«ä¿å˜ã§ããªã„ã‚ˆã†åˆ¶é™ã—ã¾ã™ã€‚
Android ã®ãƒãƒªã‚·ãƒ¼è¨å®š
æ¥å‹™ç”¨ã‚¢ãƒ—ãƒªï¼ˆä¾‹ï¼šGoogle Geminiï¼‰ã‚’ãƒªãƒ¢ãƒ¼ãƒˆé…å¸ƒã™ã‚‹ãŸã‚ã®è¨å®šã‚’ã—ã¾ã™ã€‚
iOS å‹•ä½œç¢ºèªï¼ˆãƒãƒ¼ã‚«ãƒ«ä¿å˜ä¸å¯ï¼‰
æ¥å‹™ãƒ‡ãƒ¼ã‚¿ãŒ Files ã‚¢ãƒ—ãƒªã«ä¿å˜ã§ããªã„ã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚
Android å‹•ä½œç¢ºèªï¼ˆæ¥å‹™ç”¨ã‚¢ãƒ—ãƒªã®é…å¸ƒï¼‰
æ¥å‹™ç”¨ã‚¢ãƒ—ãƒªãŒã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã•ã‚Œã€ã‚¢ãƒ³ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã§ããªã„ã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚
Android å‹•ä½œç¢ºèªï¼ˆã‚¢ã‚«ã‚¦ãƒ³ãƒˆãƒ¯ã‚¤ãƒ—ï¼‰
ç®¡ç†ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã‹ã‚‰ç«¯æœ«ä¸Šã®ä¼šç¤¾ã§ä½¿ç”¨ã—ã¦ã„ã‚‹ Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’å‰Šé™¤ã—ã¾ã™ã€‚

ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆè¨å®š

ãƒ‡ãƒã‚¤ã‚¹ã®ç™»éŒ²ï¼ˆiOS/Androidï¼‰

ãƒ‡ãƒã‚¤ã‚¹ã® Google Chrome ã§ Googleï¼ˆhttps://google.co.jpï¼‰ã«ã‚¢ã‚¯ã‚»ã‚¹ã—ã¾ã™ã€‚

Googleã«ã‚¢ã‚¯ã‚»ã‚¹

ä¼šç¤¾ã§ä½¿ç”¨ã™ã‚‹ Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã§ãƒã‚°ã‚¤ãƒ³ã™ã‚‹ã“ã¨ã§ã€ç®¡ç†ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã«ãƒ‡ãƒã‚¤ã‚¹ãŒç™»éŒ²ã•ã‚Œã¾ã™ã€‚

ä¼šç¤¾ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã§ãƒã‚°ã‚¤ãƒ³

å‚è€ƒ : iOS ãƒ‡ãƒã‚¤ã‚¹ã§ Google Workspace ã‚’è¨å®šã™ã‚‹
å‚è€ƒ : Android ãƒ‡ãƒã‚¤ã‚¹ã§ Google Workspace ã‚’è¨å®šã™ã‚‹

ãƒ‡ãƒã‚¤ã‚¹ã®ç™»éŒ²ç¢ºèªï¼ˆiOS/Androidï¼‰

Google Workspace ã®ç®¡ç†ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ï¼ˆhttps://admin.google.comï¼‰ã«ãƒã‚°ã‚¤ãƒ³ã—ã¾ã™ã€‚

å‚è€ƒ : ç®¡ç†ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã«ãƒã‚°ã‚¤ãƒ³ã™ã‚‹

[ãƒ‡ãƒã‚¤ã‚¹] > [ãƒ¢ãƒã‚¤ãƒ«ã¨ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆ] > [ãƒ‡ãƒã‚¤ã‚¹] ã¸ç§»å‹•ã—ã€ãƒ•ã‚£ãƒ«ã‚¿ã‹ã‚‰ãƒ¡ãƒ¼ãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹ã§ãƒ‡ãƒã‚¤ã‚¹ã‚’æŠ½å‡ºã—ã€ç™»éŒ²ã•ã‚Œã¦ã„ã‚‹ã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚

ãƒ¢ãƒã‚¤ãƒ«ç«¯æœ«ã®ç™»éŒ²ç¢ºèª

iOS ã®ãƒãƒªã‚·ãƒ¼è¨å®š

[ãƒ¢ãƒã‚¤ãƒ«ã¨ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆ] > [è¨å®š] > [iOS] > [ãƒ‡ãƒ¼ã‚¿å…±æœ‰] ã‚’é¸æŠžã—ã¾ã™ã€‚

ãƒ‡ãƒ¼ã‚¿å…±æœ‰ã‚’é¸æŠž

è¨å®šã‚’é©ç”¨ã™ã‚‹çµ„ç¹”éƒ¨é–€ã‚’é¸æŠžã—ã€[ãƒ‡ãƒ¼ã‚¿æ“ä½œ] ã® [ç·¨é›†] ã‚’é¸æŠžã—ã¾ã™ã€‚

ç·¨é›†ã‚’é¸æŠž

ä»¥ä¸‹ã‚’é¸æŠžã—ã€[ä¿å˜] ã¾ãŸã¯ [ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰] ã‚’é¸æŠžã—ã¾ã™ã€‚

Google Workspace ã®ãƒ‡ãƒ¼ã‚¿ãŒå¤–éƒ¨ã¨å…±æœ‰ã•ã‚Œã‚‹å¯èƒ½æ€§ã®ã‚ã‚‹æ“ä½œã‚’ iOS ã§è¡Œã†ã“ã¨ã‚’ãƒ¦ãƒ¼ã‚¶ãƒ¼ã«è¨±å¯ã—ãªã„

è¨å®šã‚’é¸æŠž

å‚è€ƒ : iOS ãƒ‡ãƒã‚¤ã‚¹ã§ã®éŽå¤±ã«ã‚ˆã‚‹ãƒ‡ãƒ¼ã‚¿æ¼æ´©ã‚’é˜²æ¢ã™ã‚‹

Android ã®ãƒãƒªã‚·ãƒ¼è¨å®š

[ãƒ¢ãƒã‚¤ãƒ«ã¨ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆ] > [è¨å®š] > [ä¸€èˆ¬] > [å…¨èˆ¬] ã‚’é¸æŠžã—ã¾ã™ã€‚

å…¨èˆ¬ã‚’é¸æŠž

è¨å®šã‚’é©ç”¨ã™ã‚‹çµ„ç¹”éƒ¨é–€ã‚’é¸æŠžã—ã€[ãƒ¢ãƒã‚¤ãƒ«ç®¡ç†] ã® [ç·¨é›†] ã‚’é¸æŠžã—ã¾ã™ã€‚

ç·¨é›†ã‚’é¸æŠž

[ã‚«ã‚¹ã‚¿ãƒ ] ã‹ã‚‰ Android ã‚’è©³ç´°ã«å¤‰æ›´ã—ã€[ä¿å˜] ã¾ãŸã¯ [ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰] ã‚’é¸æŠžã—ã¾ã™ã€‚

è¨å®šã‚’é¸æŠž

[ã‚¢ãƒ—ãƒª] > [ã‚¦ã‚§ãƒ–ã‚¢ãƒ—ãƒªã¨ãƒ¢ãƒã‚¤ãƒ«ã‚¢ãƒ—ãƒª] ã¸ç§»å‹•ã—ã€[ã‚¢ãƒ—ãƒªã‚’è¿½åŠ ] ã‹ã‚‰ [é™å®šå…¬é–‹ã® Android ã‚¢ãƒ—ãƒªã‚’è¿½åŠ ] ã‚’é¸æŠžã—ã¾ã™ã€‚

é™å®šå…¬é–‹ã®Androidã‚¢ãƒ—ãƒªã‚’è¿½åŠ ã‚’é¸æŠž

æ¤œç´¢ãƒãƒ¼ã« Gemini ã¨å…¥åŠ›ã—ã€ãƒªã‚¹ãƒˆã‹ã‚‰ Google Gemini ã‚’é¸æŠžã—ã€[é¸æŠž] ã‚’é¸æŠžã—ã¾ã™ã€‚

Geminiã‚¢ãƒ—ãƒªã‚’é¸æŠž

é¸æŠž

ã‚¢ãƒ—ãƒªã‚’é©ç”¨ã™ã‚‹å¯¾è±¡ï¼ˆå…¨ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¾ãŸã¯ç‰¹å®šã®çµ„ç¹”éƒ¨é–€ã‚„ Google ã‚°ãƒ«ãƒ¼ãƒ—ï¼‰ã‚’é¸æŠžã—ã€[ç¶šè¡Œ] ã‚’é¸æŠžã—ã¾ã™ã€‚

ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«å¯¾è±¡ã‚’é¸æŠž

ä»¥ä¸‹ã‚’é¸æŠžã—ã€[å®Œäº†] ã‚’é¸æŠžã—ã¾ã™ã€‚

è‡ªå‹•ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«
ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒã‚¢ãƒ—ãƒªã‚’ã‚¢ãƒ³ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã§ããªã„ã‚ˆã†ã«ã™ã‚‹

ã‚¢ãƒ—ãƒªã¸ã®ã‚¢ã‚¯ã‚»ã‚¹æ–¹æ³•ã‚’é¸æŠž

å‚è€ƒ : é™å®šå…¬é–‹ã® Android ã‚¢ãƒ—ãƒªã‚’ Google Play ã§ç®¡ç†ã™ã‚‹

å‹•ä½œç¢ºèª

iOS ã®å‹•ä½œç¢ºèªï¼ˆãƒãƒ¼ã‚«ãƒ«ä¿å˜ä¸å¯ï¼‰

Google ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚¢ãƒ—ãƒªã‚’èµ·å‹•ã—ã€ä¼šç¤¾ã§ä½¿ã£ã¦ã„ã‚‹ Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’é¸æŠžã—ã¾ã™ã€‚

Google ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆãƒ•ã‚¡ã‚¤ãƒ«ã‚’é–‹ãã€å³ä¸Šã® [â€¦] ã‚’é¸æŠžã—ã¾ã™ã€‚

... ã‚’é¸æŠž

[å…±æœ‰ã¨ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆ] > [ã‚³ãƒ”ãƒ¼ã‚’é€ä¿¡] > [PDF] > [OK] ã‚’é¸æŠžã—ã¾ã™ã€‚

ã‚³ãƒ”ãƒ¼ã‚’é€ä¿¡ã‚’é¸æŠž

["ãƒ•ã‚¡ã‚¤ãƒ«"ã«ä¿å˜] ã‚’é¸æŠžã™ã‚‹ã¨ã€ãƒ•ã‚¡ã‚¤ãƒ«ã‚’å…±æœ‰ã§ãã¾ã›ã‚“ã¨è¡¨ç¤ºã•ã‚Œã€ãƒãƒ¼ã‚«ãƒ«ã«ä¿å˜ãŒã§ããªã„ã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚

ãƒ•ã‚¡ã‚¤ãƒ«ã«ä¿å˜ã‚’é¸æŠž

ãƒãƒ¼ã‚«ãƒ«ã¸ã®ä¿å˜å¤±æ•—

Android ã®å‹•ä½œç¢ºèªï¼ˆæ¥å‹™ç”¨ã‚¢ãƒ—ãƒªã®é…å¸ƒï¼‰

è¨å®šã‚¢ãƒ—ãƒªã‹ã‚‰ä¼šç¤¾ã§ä½¿ã£ã¦ã„ã‚‹ Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’é¸æŠžã—ã€ä»•äº‹ç”¨ãƒ—ãƒãƒ•ã‚¡ã‚¤ãƒ«ã®ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ—ã‚’é–‹å§‹ã—ã¾ã™ã€‚

ä»•äº‹ç”¨ãƒ—ãƒãƒ•ã‚¡ã‚¤ãƒ«ã®ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ—

å‚è€ƒ : ä»•äº‹ç”¨ãƒ—ãƒãƒ•ã‚¡ã‚¤ãƒ«ã®ä½œæˆ

ä»¥ä¸‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒè¡¨ç¤ºã•ã‚ŒãŸå ´åˆã€[ãƒ¢ãƒã‚¤ãƒ«ã¨ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆ] > [ãƒ‡ãƒã‚¤ã‚¹ã®æ‰¿èª] ã‹ã‚‰ç«¯æœ«ã‚’é¸æŠžã—ã€[ãƒ‡ãƒã‚¤ã‚¹ã‚’æ‰¿èª] ã‚’é¸æŠžã—ã¾ã™ã€‚

ã“ã®ãƒ‡ãƒã‚¤ã‚¹ã¯æœ‰åŠ¹ã«ãªã£ã¦ã„ã¾ã›ã‚“ ç®¡ç†è€…ã«ã‚ˆã‚‹ãƒ‡ãƒã‚¤ã‚¹ã®æ‰¿èªãŒå¿…è¦ã§ã™ã€‚

ãƒ‡ãƒã‚¤ã‚¹æœªæ‰¿èªã‚¨ãƒ©ãƒ¼

ãƒ¢ãƒã‚¤ãƒ«ç«¯æœ«ã®æ‰¿èª

ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ—ãŒå®Œäº†ã™ã‚‹ã¨ã€è¨å®šã—ãŸã‚¢ãƒ—ãƒªãŒè¡¨ç¤ºã•ã‚Œã¾ã™ã€‚æ¥å‹™ç”¨ã‚¢ãƒ—ãƒªã¯ã‚¢ãƒ—ãƒªã®ã‚¢ã‚¤ã‚³ãƒ³ã«éž„ã®ã‚¢ã‚¤ã‚³ãƒ³ãŒè¡¨ç¤ºã•ã‚Œã¾ã™ã€‚

æ¥å‹™ç”¨ã‚¢ãƒ—ãƒªã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ç¢ºèª

æ¥å‹™ã‚¢ãƒ—ãƒªã¯ã€å…ˆã®è¨å®šã®é€šã‚Šã€ã‚¢ãƒ³ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã—ã‚ˆã†ã¨ã™ã‚‹ã¨å¤±æ•—ã—ã¾ã™ã€‚

æ¥å‹™ç”¨ã‚¢ãƒ—ãƒªã®ã‚¢ãƒ³ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ä¸å¯ç¢ºèª

Android ã®å‹•ä½œç¢ºèªï¼ˆã‚¢ã‚«ã‚¦ãƒ³ãƒˆãƒ¯ã‚¤ãƒ—ï¼‰

[ãƒ‡ãƒã‚¤ã‚¹] > [ãƒ¢ãƒã‚¤ãƒ«ã¨ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆ] > [ãƒ‡ãƒã‚¤ã‚¹] ã‹ã‚‰ç«¯æœ«ã‚’é¸æŠžã—ã¾ã™ã€‚

Android ãƒ‡ãƒã‚¤ã‚¹ã‚’é¸æŠž

[ãã®ä»–] > [ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’ãƒ¯ã‚¤ãƒ—] ã‚’é¸æŠžã—ã¾ã™ã€‚

ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’ãƒ¯ã‚¤ãƒ—ã‚’é¸æŠž

[ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’ãƒ¯ã‚¤ãƒ—] ã‚’é¸æŠžã—ã€ãƒ¯ã‚¤ãƒ—ã‚’å®Ÿè¡Œã—ã¾ã™ã€‚

ãƒ¯ã‚¤ãƒ—ã®å®Ÿè¡Œ

ãƒ¯ã‚¤ãƒ—å¾Œã®ãƒ‡ãƒã‚¤ã‚¹ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹

ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã—ãŸæ¥å‹™ã‚¢ãƒ—ãƒªãŒå‰Šé™¤ã•ã‚Œã¦ã„ã‚‹ã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚

æ¥å‹™ã‚¢ãƒ—ãƒªã®å‰Šé™¤ç¢ºèª

å‚è€ƒ : ãƒ‡ãƒã‚¤ã‚¹ã‹ã‚‰ä¼æ¥ãƒ‡ãƒ¼ã‚¿ã‚’ãƒ¯ã‚¤ãƒ—ã™ã‚‹

BigQuery MLã‚’å¾¹åº•è§£èª¬ï¼

2025-01-14T09:00:00+09:00

G-gen ã®ä½ã€…æœ¨ã§ã™ã€‚å½“è¨˜äº‹ã§ã¯ BigQuery ä¸Šã§æ©Ÿæ¢°å¦ç¿’ãƒ¢ãƒ‡ãƒ«ã‚’ä½œæˆã€è©•ä¾¡ã€å®Ÿè¡Œã™ã‚‹ãŸã‚ã®æ©Ÿèƒ½ã§ã‚ã‚‹ BigQuery ML ã«ã¤ã„ã¦è§£èª¬ã—ã¾ã™ã€‚

æ¦‚è¦
- BigQuery ã¨ã¯
- BigQuery ML ã¨ã¯
BigQuery ML ã®ä½¿ç”¨æ–¹æ³•
BigQuery ML ã§ã‚µãƒãƒ¼ãƒˆã•ã‚Œã‚‹ãƒ¢ãƒ‡ãƒ«
åŸºæœ¬çš„ãª SQL ã‚¹ãƒ†ãƒ¼ãƒˆãƒ¡ãƒ³ãƒˆãƒ»é–¢æ•°
ç‰¹å¾´é‡ã®å‰å‡¦ç†
- è‡ªå‹•å‰å‡¦ç†
- æ‰‹å‹•å‰å‡¦ç†ï¼ˆTRANSFORM ã‚¹ãƒ†ãƒ¼ãƒˆãƒ¡ãƒ³ãƒˆï¼‰
ãƒ¢ãƒ‡ãƒ«ã®ãƒ¢ãƒ‹ã‚¿ãƒªãƒ³ã‚°
BigQuery ML ã®æ–™é‡‘
ä»–ã®æ©Ÿæ¢°å¦ç¿’ç³»ãƒ—ãƒãƒ€ã‚¯ãƒˆã¨ã®çµ±åˆ
- Vertex AI
- Colab Enterprise

æ¦‚è¦

BigQuery ã¨ã¯

BigQuery ã¯ã€Google Cloud ã®ãƒ•ãƒ«ãƒžãƒãƒ¼ã‚¸ãƒ‰åˆ†æžç”¨ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ï¼ˆãƒ‡ãƒ¼ã‚¿ã‚¦ã‚§ã‚¢ãƒã‚¦ã‚¹ï¼‰ã‚µãƒ¼ãƒ“ã‚¹ã§ã™ã€‚ã‚¤ãƒ³ãƒ•ãƒ©ç®¡ç†ä¸è¦ã®åˆ†æžç”¨ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã‚’å¾“é‡èª²é‡‘ã§ä½¿ç”¨ã§ãã¾ã™ã€‚

å½“è¨˜äº‹ã§ã¯ BigQuery è‡ªä½“ã®èª¬æ˜Žã¯å‰²æ„›ã—ã¾ã™ã€‚ãƒ—ãƒãƒ€ã‚¯ãƒˆã®å…¨å®¹ã«ã¤ã„ã¦ã¯ä»¥ä¸‹ã®è¨˜äº‹ã‚’ã”ä¸€èªãã ã•ã„ã€‚

blog.g-gen.co.jp

BigQuery ML ã¨ã¯

BigQuery ML ã¨ã¯ã€BigQuery ä¸Šã§æ©Ÿæ¢°å¦ç¿’ãƒ¢ãƒ‡ãƒ«ã®ãƒˆãƒ¬ãƒ¼ãƒ‹ãƒ³ã‚°ã‚„äºˆæ¸¬ã€è©•ä¾¡ã‚’è¡Œã†ã“ã¨ãŒã§ãã‚‹æ©Ÿèƒ½ã§ã™ã€‚BigQuery ã§ä½¿ã‚ã‚Œã‚‹æ¨™æº– SQL æº–æ‹ ã® GoogleSQL ã‚’ä½¿ç”¨ã—ã€BigQuery ä¸Šã®ãƒ‡ãƒ¼ã‚¿ã‚’ä½¿ã£ãŸæ©Ÿæ¢°å¦ç¿’ãŒå®¹æ˜“ã«å®Ÿç¾ã§ãã¾ã™ã€‚

é€šå¸¸ã€æ©Ÿæ¢°å¦ç¿’ãƒ¢ãƒ‡ãƒ«ã®é–‹ç™ºã«ã¯ã€æ©Ÿæ¢°å¦ç¿’ãƒ•ãƒ¬ãƒ¼ãƒ ãƒ¯ãƒ¼ã‚¯ã«å¯¾ã™ã‚‹é«˜åº¦ãªçŸ¥è˜ã¨ãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°æŠ€è¡“ãŒè¦æ±‚ã•ã‚Œã¾ã™ã€‚ãã®ã‚ˆã†ãªå°‚é–€çš„ã‚¹ã‚ãƒ«ã‚’æŒã¤ãƒ¡ãƒ³ãƒãƒ¼ã®ç¢ºä¿ãŒé›£ã—ã„å ´åˆã§ã‚ã£ã¦ã‚‚ã€BigQuery ML ã§ã¯ SQL ã®çŸ¥è˜ãŒã‚ã‚Œã°ãƒ¢ãƒ‡ãƒ«ã®é–‹ç™ºã‚’è¡Œã†ã“ã¨ãŒã§ãã¾ã™ã€‚

BigQuery ML ã§ã¯ã€ãƒ¢ãƒ‡ãƒ«ã®ãƒˆãƒ¬ãƒ¼ãƒ‹ãƒ³ã‚°ã‚„äºˆæ¸¬ã§ä½¿ç”¨ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ã¯ BigQuery è‡ªä½“ã«æ ¼ç´ã•ã‚Œã¦ã„ã‚‹ã‚‚ã®ã‚’ã‚·ãƒ¼ãƒ ãƒ¬ã‚¹ã«ä½¿ç”¨ã™ã‚‹ã“ã¨ãŒã§ãã€ãƒ‡ãƒ¼ã‚¿ã®è“„ç©ãƒ»ãƒ¢ãƒ‡ãƒ«ã®å¦ç¿’ãƒ»äºˆæ¸¬ã®å®Ÿè¡ŒãŒ BigQuery å†…ã§å®Œçµã—ã¾ã™ã€‚ã“ã‚Œã«ã‚ˆã‚Šã€ãƒ¢ãƒ‡ãƒ«é–‹ç™ºã®ãŸã‚ã®ç¿’ç†ŸãŒå¿…è¦ãªãƒ„ãƒ¼ãƒ«ãŒæ¸›ã‚Šã€ã¾ãŸå¤§é‡ã®ãƒ‡ãƒ¼ã‚¿ç§»å‹•ã«ã‚ˆã‚‹æ™‚é–“ãƒ»æ–™é‡‘ãªã©ã®ã‚³ã‚¹ãƒˆã‚’æŠ‘ãˆã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

å‚è€ƒï¼šBigQuery ã® AI ã¨ ML ã®æ¦‚è¦

BigQuery ML ã®ä½¿ç”¨æ–¹æ³•

ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹

BigQuery ML ã¯ã€ä»¥ä¸‹ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ã§åˆ©ç”¨ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

Google Cloud ã‚³ãƒ³ã‚½ãƒ¼ãƒ«
bq ã‚³ãƒžãƒ³ãƒ‰ãƒ©ã‚¤ãƒ³ ãƒ„ãƒ¼ãƒ«
BigQuery REST API
BigQuery ã«çµ±åˆã•ã‚ŒãŸ Colab Enterprise ãƒŽãƒ¼ãƒˆãƒ–ãƒƒã‚¯
Jupyter ãƒŽãƒ¼ãƒˆãƒ–ãƒƒã‚¯ã‚„ãƒ“ã‚¸ãƒã‚¹ ã‚¤ãƒ³ãƒ†ãƒªã‚¸ã‚§ãƒ³ã‚¹ ãƒ—ãƒ©ãƒƒãƒˆãƒ•ã‚©ãƒ¼ãƒ ãªã©ã®å¤–éƒ¨ãƒ„ãƒ¼ãƒ«

Google Cloud ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã‹ã‚‰ä½¿ç”¨ã™ã‚‹ã¨ã€BigQuery ã§é€šå¸¸ã® SQL ã‚’å®Ÿè¡Œã™ã‚‹ã¨ãã¨åŒæ§˜ã®ä½¿ç”¨æ„Ÿã§ BigQuery ML ã®æ©Ÿèƒ½ã‚’åˆ©ç”¨ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

5ç•ªç›®ã® Jupyter ãƒŽãƒ¼ãƒˆãƒ–ãƒƒã‚¯ã‚’ä½¿ã£ãŸæ–¹æ³•ã«ã¤ã„ã¦ã€ä»¥ä¸‹ã®è¨˜äº‹ã§ã¯ã€ãƒ•ãƒ«ãƒžãƒãƒ¼ã‚¸ãƒ‰ã® Jupyter ãƒŽãƒ¼ãƒˆãƒ–ãƒƒã‚¯ç’°å¢ƒã§ã‚ã‚‹ Vertex AI Workbench ã‹ã‚‰ã€ãƒžã‚¸ãƒƒã‚¯ã‚³ãƒžãƒ³ãƒ‰ %%bigquery ã§ BigQuery ML ã‚’ä½¿ç”¨ã™ã‚‹ä¾‹ãŒç¤ºã•ã‚Œã¦ã„ã¾ã™ã€‚

blog.g-gen.co.jp

BigQuery Editions

BigQuery ã®èª²é‡‘ãƒ¢ãƒ¼ãƒ‰ã¨ã—ã¦ã‚ªãƒ³ãƒ‡ãƒžãƒ³ãƒ‰ã‚’é¸æŠžã—ã¦ã„ã‚‹å ´åˆã€BigQuery ML ã‚’å¾“é‡èª²é‡‘ã§ä½¿ç”¨ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

èª²é‡‘ãƒ¢ãƒ¼ãƒ‰ã¨ã—ã¦ BigQuery Editionsã‚’é¸æŠžã—ã¦ã„ã‚‹å ´åˆã€BigQuery ML ã¯ Enterprise ãƒ†ã‚£ã‚¢ãŠã‚ˆã³ Enterprise Plus ãƒ†ã‚£ã‚¢ã§ã®ã¿ä½¿ç”¨ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ï¼ˆStandard ãƒ†ã‚£ã‚¢ã§ã¯ä½¿ç”¨ä¸å¯ï¼‰ã€‚

BigQuery Editions ã®è©³ç´°ã«ã¤ã„ã¦ã¯ä»¥ä¸‹ã®è¨˜äº‹ã‚’ã”ä¸€èªãã ã•ã„ã€‚

blog.g-gen.co.jp

ã‚¯ã‚¨ãƒªã®ãƒ‰ãƒ©ã‚¤ãƒ©ãƒ³

BigQuery ML ã«é™ã‚‰ãšã€BigQuery ã§ã¯ã‚¯ã‚¨ãƒªå®Ÿè¡Œå‰ã«ãƒ‰ãƒ©ã‚¤ãƒ©ãƒ³ã‚’è¡Œã†ã“ã¨ã§ã€å®Ÿéš›ã«å‡¦ç†ã‚’è¡Œã†å‰ã«ã€å‡¦ç†ã•ã‚Œã‚‹ãƒ‡ãƒ¼ã‚¿é‡ã‚„ã‚ªãƒ³ãƒ‡ãƒžãƒ³ãƒ‰ã§ç™ºç”Ÿã™ã‚‹æ–™é‡‘ã‚’è¦‹ç©ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

ãƒ‰ãƒ©ã‚¤ãƒ©ãƒ³ã«ã‚ˆã‚Šã€å‡¦ç†ã•ã‚Œã‚‹ãƒ‡ãƒ¼ã‚¿é‡ã‚’ã‚¯ã‚¨ãƒªå®Ÿè¡Œå‰ã«ç¢ºèªã§ãã‚‹

å‚è€ƒ : ãƒ‰ãƒ©ã‚¤ãƒ©ãƒ³

BigQuery ML ã§ã‚µãƒãƒ¼ãƒˆã•ã‚Œã‚‹ãƒ¢ãƒ‡ãƒ«

ä»¥é™ã«ç´¹ä»‹ã™ã‚‹ã®ã¯2025å¹´1æœˆæ™‚ç‚¹ã§ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã‚‹ãƒ¢ãƒ‡ãƒ«ã§ã™ã€‚æœ€æ–°ã®ã‚µãƒãƒ¼ãƒˆçŠ¶æ³ã«ã¤ã„ã¦ã¯ä»¥ä¸‹ã®ãƒªãƒ³ã‚¯å…ˆã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚

å‚è€ƒï¼šBigQuery ã® AI ã¨ ML ã®æ¦‚è¦ - ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã‚‹ãƒ¢ãƒ‡ãƒ«

å†…éƒ¨ãƒ¢ãƒ‡ãƒ«

BigQuery ML ã®çµ„ã¿è¾¼ã¿ã®ãƒ¢ãƒ‡ãƒ«ã¨ã—ã¦ã€ä»¥ä¸‹ã®ãƒ¢ãƒ‡ãƒ«ã‚’ä½¿ç”¨ã—ã¦ BigQuery å†…éƒ¨ã§ãƒˆãƒ¬ãƒ¼ãƒ‹ãƒ³ã‚°ã‚’è¡Œã†ã“ã¨ãŒã§ãã¾ã™ã€‚

è²¢çŒ®åº¦åˆ†æžï¼ˆContribution analysisï¼‰ï¼ˆ2025å¹´1æœˆç¾åœ¨ã€ãƒ—ãƒ¬ãƒ“ãƒ¥ãƒ¼ï¼‰
ç·šå½¢å›žå¸°ï¼ˆLinear regressionï¼‰
ãƒã‚¸ã‚¹ãƒ†ã‚£ãƒƒã‚¯å›žå¸°ï¼ˆLogistic regressionï¼‰
K å¹³å‡æ³•ã‚¯ãƒ©ã‚¹ã‚¿ãƒªãƒ³ã‚°ï¼ˆK-means clusteringï¼‰
è¡Œåˆ—åˆ†è§£ï¼ˆMatrix factorizationï¼‰
ä¸»æˆåˆ†åˆ†æžï¼ˆPCA: Principal component analysisï¼‰
æ™‚ç³»åˆ—ï¼ˆTime seriesï¼‰

ãƒ¢ãƒ‡ãƒ«ã®ä½œæˆæ™‚ã«ä½¿ç”¨ã™ã‚‹ CREATE MODEL ã‚¹ãƒ†ãƒ¼ãƒˆãƒ¡ãƒ³ãƒˆï¼ˆå¾Œè¿°ï¼‰ã® OPTIONS ã§ã€ãƒˆãƒ¬ãƒ¼ãƒ‹ãƒ³ã‚°ã«ä½¿ç”¨ã™ã‚‹ãƒ¢ãƒ‡ãƒ«ã‚’æŒ‡å®šã§ãã¾ã™ã€‚

å¤–éƒ¨ãƒ¢ãƒ‡ãƒ«

ä»¥ä¸‹ã®ãƒ¢ãƒ‡ãƒ«ã¯ BigQuery ML ã®å¤–éƒ¨ã«ã‚ã‚Šã€åˆ¥ã® AI/ML ã‚µãƒ¼ãƒ“ã‚¹ã§ã‚ã‚‹ Vertex AI ã‚’ä½¿ç”¨ã—ã¦ãƒˆãƒ¬ãƒ¼ãƒ‹ãƒ³ã‚°ã•ã‚Œã¾ã™ã€‚

ã‚¤ãƒ³ãƒãƒ¼ãƒˆã•ã‚ŒãŸãƒ¢ãƒ‡ãƒ«

BigQuery ã®å¤–éƒ¨ã§ãƒˆãƒ¬ãƒ¼ãƒ‹ãƒ³ã‚°ã•ã‚ŒãŸã‚«ã‚¹ã‚¿ãƒ ãƒ¢ãƒ‡ãƒ«ã‚’ Cloud Storage ã‹ã‚‰ã‚¤ãƒ³ãƒãƒ¼ãƒˆã—ã€BigQuery ML ã§äºˆæ¸¬ã‚’å®Ÿè¡Œã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚Bigquery ML ã§ã‚¤ãƒ³ãƒãƒ¼ãƒˆã§ãã‚‹ãƒ¢ãƒ‡ãƒ«ã®ç¨®é¡žã¯ä»¥ä¸‹ã®é€šã‚Šã§ã™ã€‚

ãƒªãƒ¢ãƒ¼ãƒˆãƒ¢ãƒ‡ãƒ«

ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒ Vertex AI ã§ãƒ‡ãƒ—ãƒã‚¤ã—ãŸãƒ¢ãƒ‡ãƒ«

ãƒªãƒ¢ãƒ¼ãƒˆãƒ¢ãƒ‡ãƒ«ã§ã¯ã€Vertex AI ã§ãƒ‡ãƒ—ãƒã‚¤ã—ãŸæ©Ÿæ¢°å¦ç¿’ãƒ¢ãƒ‡ãƒ«ã‚’ä½¿ç”¨ã—ã¦äºˆæ¸¬ã‚’å®Ÿè¡Œã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ãƒ¢ãƒ‡ãƒ«ãŒå¤§ãã™ãŽã¦ BigQuery ã«ã‚¤ãƒ³ãƒãƒ¼ãƒˆã§ããªã„å ´åˆãªã©ã«ä½¿ç”¨ã—ã¾ã™ã€‚

Vertex AI ã§ãƒ‡ãƒ—ãƒã‚¤ã—ãŸãƒ¢ãƒ‡ãƒ«ã‚’ãƒªãƒ¢ãƒ¼ãƒˆãƒ¢ãƒ‡ãƒ«ã¨ã—ã¦ä½¿ç”¨ã™ã‚‹

Google ã®ç”Ÿæˆ AI ãƒ¢ãƒ‡ãƒ«

BigQuery ML ã‹ã‚‰ã¯ã€Gemini ç‰ã€Vertex AI ã§æä¾›ã•ã‚Œã‚‹ Google ã®ç”Ÿæˆ AI ãƒ¢ãƒ‡ãƒ«ã‚’ãƒªãƒ¢ãƒ¼ãƒˆãƒ¢ãƒ‡ãƒ«ã¨ã—ã¦åˆ©ç”¨ã§ãã¾ã™ã€‚

ä»¥ä¸‹ã®è¨˜äº‹ã§ã¯ã€BigQuery ML ã®ãƒªãƒ¢ãƒ¼ãƒˆãƒ¢ãƒ‡ãƒ«ã§ Google é–‹ç™ºã®å¤§è¦æ¨¡è¨€èªžãƒ¢ãƒ‡ãƒ«ã§ã‚ã‚‹ PaLM 2 ã‚’ä½¿ç”¨ã—ã¦ã€ãƒ†ã‚ã‚¹ãƒˆã®æ„Ÿæƒ…åˆ†æžã‚’è¡Œã£ã¦ã„ã¾ã™ã€‚

blog.g-gen.co.jp

ãƒªãƒ¢ãƒ¼ãƒˆãƒ¢ãƒ‡ãƒ«ã¨ã—ã¦ä½¿ç”¨ã§ãã‚‹ç”Ÿæˆ AI ãƒ¢ãƒ‡ãƒ«ã®æœ€æ–°æƒ…å ±ã«ã¤ã„ã¦ã¯ã€ä»¥ä¸‹ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚

å‚è€ƒï¼šGenerative AI overview

ã‚¿ã‚¹ã‚¯å›ºæœ‰ã®ã‚½ãƒªãƒ¥ãƒ¼ã‚·ãƒ§ãƒ³

BigQuery ML ã‹ã‚‰ã€Google Cloud ãŒç”¨æ„ã—ãŸã€ç‰¹å®šã®ã‚¿ã‚¹ã‚¯ã«ç‰¹åŒ–ã—ãŸæ©Ÿæ¢°å¦ç¿’ãƒ¢ãƒ‡ãƒ«ã® APIï¼ˆäº‹å‰ãƒˆãƒ¬ãƒ¼ãƒ‹ãƒ³ã‚°æ¸ˆã¿ APIï¼‰ã‚’åˆ©ç”¨ã§ãã¾ã™ã€‚

åˆ©ç”¨å¯èƒ½ãªäº‹å‰ãƒˆãƒ¬ãƒ¼ãƒ‹ãƒ³ã‚°æ¸ˆã¿ API ã«ã¯ä»¥ä¸‹ã®ã‚ˆã†ãªç¨®é¡žãŒã‚ã‚Šã¾ã™ã€‚ãã‚Œãžã‚Œ GoogleSQL ã®é–¢æ•°ã‚’ä½¿ç”¨ã—ã¦ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚’é€ä¿¡ã—ã¾ã™ã€‚

ã‚¿ã‚¹ã‚¯	API ã®åå‰	GoogleSQL ã®é–¢æ•°
è‡ªç„¶è¨€èªžå‡¦ç†	Cloud Natural Language API	ML.UNDERSTAND_TEXT
æ©Ÿæ¢°ç¿»è¨³	Cloud Translation API	ML.TRANSLATE
éŸ³å£°æ–‡å—å¤‰æ›	Speech-to-Text API	ML.TRANSCRIBE
ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆå‡¦ç†	Document AI API	ML.PROCESS_DOCUMENT
ã‚³ãƒ³ãƒ”ãƒ¥ãƒ¼ã‚¿ ãƒ“ã‚¸ãƒ§ãƒ³	Cloud Vision API	ML.ANNOTATE_IMAGE

åŸºæœ¬çš„ãª SQL ã‚¹ãƒ†ãƒ¼ãƒˆãƒ¡ãƒ³ãƒˆãƒ»é–¢æ•°

å…¬å¼ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã®ãƒãƒ¥ãƒ¼ãƒˆãƒªã‚¢ãƒ« ã‚’å…ƒã«ã€BigQuery ML ã«ãŠã‘ã‚‹åŸºæœ¬çš„ãª SQL æ–‡ã‚’è§£èª¬ã—ã¾ã™ã€‚

ãƒ¢ãƒ‡ãƒ«ã‚„å ´é¢ã«å¿œã˜ã¦ã©ã®ã‚ˆã†ãªã‚¹ãƒ†ãƒ¼ãƒˆãƒ¡ãƒ³ãƒˆãƒ»é–¢æ•°ãŒä½¿ç”¨ã§ãã‚‹ã®ã‹ã¯ã€ä»¥ä¸‹ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã§è§£èª¬ã•ã‚Œã¦ã„ã¾ã™ã€‚

å‚è€ƒï¼šå„ãƒ¢ãƒ‡ãƒ«ã®ã‚¨ãƒ³ãƒ‰ãƒ„ãƒ¼ã‚¨ãƒ³ãƒ‰ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ ã‚¸ãƒ£ãƒ¼ãƒ‹ãƒ¼

CREATE MODEL ã‚¹ãƒ†ãƒ¼ãƒˆãƒ¡ãƒ³ãƒˆ

BigQuery ML ã§ã¯ã€GoogleSQL ã® CREATE MODEL ã‚¹ãƒ†ãƒ¼ãƒˆãƒ¡ãƒ³ãƒˆã‚’ä½¿ç”¨ã—ã¦ãƒ¢ãƒ‡ãƒ«ã®ãƒˆãƒ¬ãƒ¼ãƒ‹ãƒ³ã‚°ã‚’è¡Œã„ã¾ã™ã€‚

ãƒ¢ãƒ‡ãƒ«ã®ä½œæˆã«ã¯ CREATE MODEL ã®ä»–ã«ã€ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆå†…ã«åŒã˜åå‰ã®ãƒ¢ãƒ‡ãƒ«ãŒå˜åœ¨ã—ãªã„å ´åˆã®ã¿ãƒ¢ãƒ‡ãƒ«ã‚’ä½œæˆã™ã‚‹ CREATE MODEL IF NOT EXISTS ã‚„ã€åŒã˜åå‰ã®ãƒ¢ãƒ‡ãƒ«ãŒå˜åœ¨ã—ã¦ã„ãŸå ´åˆã¯ç½®ãæ›ãˆã‚‹ CREATE OR REPLACE MODEL ã‚¹ãƒ†ãƒ¼ãƒˆãƒ¡ãƒ³ãƒˆãŒåˆ©ç”¨ã§ãã¾ã™ã€‚

ä»¥ä¸‹ã¯ã€CREATE OR REPLACE MODEL ã‚¹ãƒ†ãƒ¼ãƒˆãƒ¡ãƒ³ãƒˆã‚’ä½¿ç”¨ã—ã¦ã€bqml_tutorial ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆå†…ã« sample_model ã¨ã„ã†åå‰ã§ãƒã‚¸ã‚¹ãƒ†ã‚£ãƒƒã‚¯å›žå¸°ãƒ¢ãƒ‡ãƒ«ã‚’ä½œæˆã™ã‚‹ä¾‹ã§ã™ã€‚

#standardSQL
CREATE OR REPLACE MODEL `bqml_tutorial.sample_model` 
OPTIONS(model_type = 'logistic_reg') AS SELECT
  IF(totals.transactions IS NULL, 0, 1) AS label,
  IFNULL(device.operatingSystem, "") AS os,
  device.isMobile AS is_mobile,
  IFNULL(geoNetwork.country, "") AS country,
  IFNULL(totals.pageviews, 0) AS pageviews
FROM
  `bigquery-public-data.google_analytics_sample.ga_sessions_*`
WHERE
  _TABLE_SUFFIX BETWEEN '20160801' AND '20170630'

ä½¿ç”¨ã™ã‚‹ãƒ¢ãƒ‡ãƒ«ã¯ OPTIONS ã® model_type= ã§è¨å®šã—ã¦ã„ã¾ã™ã€‚FROM ã§æŒ‡å®šã—ãŸãƒ‡ãƒ¼ã‚¿ã‹ã‚‰ã€SELECT ã§æŒ‡å®šã—ãŸç‰¹å¾´é‡ã‚’ä½¿ç”¨ã—ã¦ãƒ¢ãƒ‡ãƒ«ã®å¦ç¿’ã‚’è¡Œã£ã¦ã„ã¾ã™ã€‚

Google Cloud ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã‚„ ML.TRAINING_INFO é–¢æ•°ã‚’ä½¿ç”¨ã™ã‚‹ã“ã¨ã§ã€ãƒ¢ãƒ‡ãƒ«ã®ãƒˆãƒ¬ãƒ¼ãƒ‹ãƒ³ã‚°æ™‚ã®çµ±è¨ˆæƒ…å ±ã‚’ç¢ºèªã™ã‚‹ã“ã¨ã‚‚ã§ãã¾ã™ã€‚

ã‚¯ã‚¨ãƒªã®çµæžœã¨ã—ã¦ãƒˆãƒ¬ãƒ¼ãƒ‹ãƒ³ã‚°æ™‚ã®çµ±è¨ˆæƒ…å ±ã‚’ç¢ºèªã§ãã‚‹

ãƒˆãƒ¬ãƒ¼ãƒ‹ãƒ³ã‚°ã—ãŸãƒ¢ãƒ‡ãƒ«ã®å„ç¨®è©•ä¾¡æŒ‡æ¨™ã¯ã€ãƒ¢ãƒ‡ãƒ«ã®è©³ç´°ã‹ã‚‰ã„ã¤ã§ã‚‚ç¢ºèªã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

ä½œæˆã—ãŸãƒ¢ãƒ‡ãƒ«ã®å„ç¨®è©•ä¾¡æŒ‡æ¨™ã‚’ç¢ºèªã™ã‚‹

å‚è€ƒï¼šãƒ¢ãƒ‡ãƒ«ã®ä½œæˆ

ML.EVALUATE é–¢æ•°

ä½œæˆã—ãŸãƒ¢ãƒ‡ãƒ«ã®è©•ä¾¡ã¯ ML.EVALUATE é–¢æ•°ã§è¡Œã†ã“ã¨ãŒã§ãã¾ã™ã€‚

ä»¥ä¸‹ã® SQL ã‚’å®Ÿè¡Œã™ã‚‹ã“ã¨ã§ã€ML.EVALUATE é–¢æ•°ã® MODEL å¼•æ•°ã§æŒ‡å®šã—ãŸãƒ¢ãƒ‡ãƒ«ã«å¯¾ã—ã¦è©•ä¾¡ã‚’è¡Œã„ã¾ã™ã€‚

#standardSQL
SELECT
  *
FROM
  ML.EVALUATE(
    MODEL `bqml_tutorial.sample_model`,
    (
      SELECT
        IF(totals.transactions IS NULL, 0, 1) AS label,
        IFNULL(device.operatingSystem, "") AS os,
        device.isMobile AS is_mobile,
        IFNULL(geoNetwork.country, "") AS country,
        IFNULL(totals.pageviews, 0) AS pageviews
      FROM
        `bigquery-public-data.google_analytics_sample.ga_sessions_*`
      WHERE
        _TABLE_SUFFIX BETWEEN '20170701' AND '20170801'
    )
  )

ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ä¸Šã§ã®å‡ºåŠ›ã¯ä»¥ä¸‹ã®ã‚ˆã†ã«ãªã‚Šã¾ã™ã€‚

ML.EVALUATE é–¢æ•°ã«ã‚ˆã‚‹ãƒ¢ãƒ‡ãƒ«ã®è©•ä¾¡

è©•ä¾¡æ™‚ã«å‡ºåŠ›ã•ã‚Œã‚‹æŒ‡æ¨™ã¯ãƒ¢ãƒ‡ãƒ«ã®ç¨®é¡žã«ã‚ˆã£ã¦ç•°ãªã‚Šã¾ã™ã€‚ã¾ãŸã€ML.CONFUSION_MATRIXï¼ˆæ··åŒè¡Œåˆ—ï¼‰ã‚„ ML.ROC_CURVEï¼ˆROC æ›²ç·šï¼‰ãªã©ã®é–¢æ•°ã‚‚æä¾›ã•ã‚Œã¦ã„ã¾ã™ã€‚

è©³ç´°ã¯ä»¥ä¸‹ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚

å‚è€ƒï¼šBigQuery ML ãƒ¢ãƒ‡ãƒ«ã®è©•ä¾¡ã®æ¦‚è¦

ML.PREDICT é–¢æ•°

ä½œæˆã—ãŸãƒ¢ãƒ‡ãƒ«ã‚’ä½¿ç”¨ã—ã¦äºˆæ¸¬ã‚’è¡Œã†ã«ã¯ã€ML.PREDICT é–¢æ•°ã‚’ä½¿ç”¨ã—ã¾ã™ã€‚

ä»¥ä¸‹ã®ã‚ˆã†ã« ML.PREDICT é–¢æ•°ã® MODEL å¼•æ•°ã§æŒ‡å®šã—ãŸãƒ¢ãƒ‡ãƒ«ã‚’ä½¿ç”¨ã—ã¦äºˆæ¸¬ã‚’è¡Œã„ã¾ã™ã€‚

#standardSQL
SELECT
  country,
  SUM(predicted_label) AS total_predicted_purchases
FROM
  ML.PREDICT(
    MODEL `bqml_tutorial.sample_model`,
    (
      SELECT
        IFNULL(device.operatingSystem, "") AS os,
        device.isMobile AS is_mobile,
        IFNULL(totals.pageviews, 0) AS pageviews,
        IFNULL(geoNetwork.country, "") AS country
      FROM
        `bigquery-public-data.google_analytics_sample.ga_sessions_*`
      WHERE
        _TABLE_SUFFIX BETWEEN '20170701' AND '20170801'
    )
  )
GROUP BY country
ORDER BY total_predicted_purchases DESC
LIMIT 10

ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ä¸Šã§ã®å‡ºåŠ›ã¯ä»¥ä¸‹ã®ã‚ˆã†ã«ãªã‚Šã¾ã™ã€‚

ML.PREDICT é–¢æ•°ã«ã‚ˆã‚‹äºˆæ¸¬

å‚è€ƒï¼šãƒ¢ãƒ‡ãƒ«æŽ¨å®šã®æ¦‚è¦

ç‰¹å¾´é‡ã®å‰å‡¦ç†

è‡ªå‹•å‰å‡¦ç†

BigQuery ML ã§ã¯è‡ªå‹•å‰å‡¦ç†ã¨ã—ã¦ã€ãƒ¢ãƒ‡ãƒ«ã®ãƒˆãƒ¬ãƒ¼ãƒ‹ãƒ³ã‚°æ™‚ã«ä»¥ä¸‹ã®å‰å‡¦ç†ã‚’è‡ªå‹•ã§è¡Œã£ã¦ã„ã¾ã™ã€‚

æ¬ æãƒ‡ãƒ¼ã‚¿ã®è£œå®Œ
å€¤ã®å¤‰æ›ï¼ˆæ¨™æº–åŒ–ã€ãƒ¯ãƒ³ãƒ›ãƒƒãƒˆã‚¨ãƒ³ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ã€ã‚¿ã‚¤ãƒ ã‚¹ã‚¿ãƒ³ãƒ—ã®å¤‰æ›ãªã©ï¼‰

è‡ªå‹•å‰å‡¦ç†ã®è©³ç´°ã«ã¤ã„ã¦ã¯ã€ä»¥ä¸‹ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚

å‚è€ƒï¼šè‡ªå‹•ç‰¹å¾´å‰å‡¦ç†

æ‰‹å‹•å‰å‡¦ç†ï¼ˆTRANSFORM ã‚¹ãƒ†ãƒ¼ãƒˆãƒ¡ãƒ³ãƒˆï¼‰

TRANSFORM ã‚¹ãƒ†ãƒ¼ãƒˆãƒ¡ãƒ³ãƒˆã‚’ä½¿ç”¨ã™ã‚‹ã“ã¨ã§ã€å‰å‡¦ç†ç”¨ã®é–¢æ•°ã‚’ä½¿ç”¨ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

ãŸã¨ãˆã°ã€ä»¥ä¸‹ã® SQL ã§ã¯ã€ML.QUANTILE_BUCKETIZE é–¢æ•°ã§ mother_age åˆ—ã®ãƒã‚±ãƒƒãƒˆåŒ–ï¼ˆãƒ“ãƒ‹ãƒ³ã‚°ï¼‰ã‚’ã€ML.FEATURE_CROSS é–¢æ•°ã§ is_male åˆ—ã¨ mother_race åˆ—ã®ç‰¹å¾´ã‚¯ãƒã‚¹ã‚’ä½œæˆã™ã‚‹å‰å‡¦ç†ã‚’è¡Œã£ã¦ã‹ã‚‰ãƒ¢ãƒ‡ãƒ«ã‚’ä½œæˆã—ã¦ã„ã¾ã™ã€‚

#standardSQL
CREATE MODEL `bqml_tutorial.natality_model` 
TRANSFORM(
  weight_pounds,
  is_male,
  gestation_weeks,
  ML.QUANTILE_BUCKETIZE(mother_age, 5) OVER() AS bucketized_mother_age,
  CAST(mother_race AS string) AS mother_race,
  ML.FEATURE_CROSS(
    STRUCT(
      is_male,
      CAST(mother_race AS STRING) AS mother_race
    )
  ) is_male_mother_race
) 
OPTIONS (
  model_type = 'linear_reg',
  input_label_cols = ['weight_pounds']
) AS SELECT
  *
FROM
  `bigquery-public-data.samples.natality`
WHERE
  weight_pounds IS NOT NULL AND RAND() < 0.001

ãã®ä»–ã€æ‰‹å‹•å‰å‡¦ç†ã«ä½¿ç”¨ã§ãã‚‹é–¢æ•°ã«ã¤ã„ã¦ã¯ä»¥ä¸‹ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚

å‚è€ƒï¼šæ‰‹å‹•ã§ã®ç‰¹å¾´ã®å‰å‡¦ç†

ãƒ¢ãƒ‡ãƒ«ã®ãƒ¢ãƒ‹ã‚¿ãƒªãƒ³ã‚°

ML.VALIDATE_DATA_SKEW é–¢æ•°ã‚„ ML.VALIDATE_DATA_DRIFT é–¢æ•°ã‚’ä½¿ç”¨ã™ã‚‹ã“ã¨ã§ã€ãƒˆãƒ¬ãƒ¼ãƒ‹ãƒ³ã‚°ã«ä½¿ç”¨ã—ãŸãƒ‡ãƒ¼ã‚¿ã¨ã€å®Ÿéš›ã®ãƒ¢ãƒ‡ãƒ«é‹ç”¨æ™‚ã«äºˆæ¸¬ã«ä½¿ç”¨ã•ã‚Œã‚‹ãƒ‡ãƒ¼ã‚¿ï¼ˆã‚µãƒ¼ãƒ“ãƒ³ã‚°ãƒ‡ãƒ¼ã‚¿ï¼‰ã®çµ±è¨ˆæƒ…å ±ã‚’æ¯”è¼ƒã—ã€ãƒ‡ãƒ¼ã‚¿ã‚¹ã‚ãƒ¥ãƒ¼ã‚„ãƒ‡ãƒ¼ã‚¿ãƒ‰ãƒªãƒ•ãƒˆã®ç™ºç”Ÿã‚’æ¤œçŸ¥ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

ãƒ‡ãƒ¼ã‚¿ã‚¹ã‚ãƒ¥ãƒ¼ï¼ˆData Skewï¼‰ã¨ã¯ã€ãƒˆãƒ¬ãƒ¼ãƒ‹ãƒ³ã‚°ã§ä½¿ç”¨ã—ãŸãƒ‡ãƒ¼ã‚¿ã®åˆ†å¸ƒã¨ã€æœ¬ç•ªç’°å¢ƒã§æä¾›ã•ã‚Œã‚‹ãƒ‡ãƒ¼ã‚¿ã®åˆ†å¸ƒãŒå¤§ããç•°ãªã£ã¦ã„ã‚‹ã“ã¨ã«ã‚ˆã‚Šã€ãƒ¢ãƒ‡ãƒ«ã®äºˆæ¸¬æ€§èƒ½ãŒä¸‹ãŒã£ã¦ã—ã¾ã†ç¾è±¡ã®ã“ã¨ã§ã™ã€‚ãƒˆãƒ¬ãƒ¼ãƒ‹ãƒ³ã‚°ãŒé©åˆ‡ã«è¡Œãˆã¦ã„ãªã„çŠ¶æ³ã§ã‚ã‚‹ã¨è€ƒãˆã‚‰ã‚Œã¾ã™ã€‚

ãƒ‡ãƒ¼ã‚¿ãƒ‰ãƒªãƒ•ãƒˆï¼ˆData Driftï¼‰ã¨ã¯ã€æœ¬ç•ªç’°å¢ƒã§æä¾›ã•ã‚Œã‚‹ãƒ‡ãƒ¼ã‚¿ã®åˆ†å¸ƒãŒæ™‚é–“ã®çµŒéŽã¨ã¨ã‚‚ã«å¤§ããå¤‰åŒ–ã—ã¦ã—ã¾ã†ã“ã¨ã«ã‚ˆã‚Šã€ãƒ¢ãƒ‡ãƒ«ã®äºˆæ¸¬æ€§èƒ½ãŒä¸‹ãŒã£ã¦ã—ã¾ã†ç¾è±¡ã®ã“ã¨ã§ã™ã€‚ãƒ¢ãƒ‡ãƒ«ã®åŠ£åŒ–ã¨æ‰ãˆã¦ã‚‚ã„ã„ã§ã—ã‚‡ã†ã€‚

ãƒ¢ãƒ‡ãƒ«ã®ãƒ¢ãƒ‹ã‚¿ãƒªãƒ³ã‚°ã«ä½¿ç”¨ã§ãã‚‹é–¢æ•°ã®ç¨®é¡žã«ã¤ã„ã¦ã¯ã€ä»¥ä¸‹ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚

å‚è€ƒï¼šãƒ¢ãƒ‡ãƒ« ãƒ¢ãƒ‹ã‚¿ãƒªãƒ³ã‚°ã®æ¦‚è¦

BigQuery ML ã®æ–™é‡‘

BigQuery ML ã®æ–™é‡‘ã®è©³ç´°ãŠã‚ˆã³æœ€æ–°æƒ…å ±ã«ã¤ã„ã¦ã¯ã€ä»¥ä¸‹ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚

å‚è€ƒï¼šBigQuery ML pricing

ã‚ªãƒ³ãƒ‡ãƒžãƒ³ãƒ‰æ–™é‡‘

BigQuery ã®èª²é‡‘ãƒ¢ãƒ¼ãƒ‰ãŒã‚ªãƒ³ãƒ‡ãƒžãƒ³ãƒ‰ã®å ´åˆã€BigQuery ã§å‡¦ç†ã•ã‚Œã‚‹ãƒ‡ãƒ¼ã‚¿ã®ãƒã‚¤ãƒˆæ•°ã«å¿œã˜ã¦èª²é‡‘ãŒç™ºç”Ÿã—ã¾ã™ã€‚ãƒ¢ãƒ‡ãƒ«ä½œæˆã¨äºˆæ¸¬ã§ãƒã‚¤ãƒˆæ•°ã‚ãŸã‚Šã®æ–™é‡‘å˜ä¾¡ãŒç•°ãªã‚‹ç‚¹ã«æ³¨æ„ãŒå¿…è¦ã§ã™ã€‚

ãŸã¨ãˆã°ã€ãƒã‚¸ã‚¹ãƒ†ã‚£ãƒƒã‚¯å›žå¸°ãƒ¢ãƒ‡ãƒ«ã‚„ç·šåž‹å›žå¸°ãƒ¢ãƒ‡ãƒ«ã®ä½œæˆæ™‚ã®ãƒˆãƒ¬ãƒ¼ãƒ‹ãƒ³ã‚°ã§ã¯ $375/1TBã€è©•ä¾¡ãƒ»äºˆæ¸¬ã‚¿ã‚¹ã‚¯ã§ã¯ $7.5/1TB ã®æ–™é‡‘ãŒç™ºç”Ÿã—ã¾ã™ï¼ˆæ±äº¬ãƒªãƒ¼ã‚¸ãƒ§ãƒ³ã€2025å¹´1æœˆæ™‚ç‚¹ï¼‰ã€‚

BigQuery Editions ã®æ–™é‡‘

èª²é‡‘ãƒ¢ãƒ¼ãƒ‰ã¨ã—ã¦ BigQuery Editions ã‚’åˆ©ç”¨ã™ã‚‹å ´åˆã€BigQuery ML ã®æ–™é‡‘ã¯ Editions ã®ä½¿ç”¨é‡ã«å«ã¾ã‚Œã¾ã™ã€‚

ä½¿ç”¨ã™ã‚‹ãƒ¢ãƒ‡ãƒ«ã«ã‚ˆã£ã¦åˆ©ç”¨ã•ã‚Œã‚‹ Editions ã®å‰²ã‚Šå½“ã¦ãŒç•°ãªã‚Šã€å†…éƒ¨ãƒ¢ãƒ‡ãƒ«ã®ä½œæˆãƒ»äºˆæ¸¬ã«ã¯ Editions ã® QUERY å‰²ã‚Šå½“ã¦ãŒã€å¤–éƒ¨ãƒ¢ãƒ‡ãƒ«ã®åˆ©ç”¨ã«ã¯ ML_EXTERNAL ãŒåˆ©ç”¨ã•ã‚Œã¾ã™ã€‚

å¤–éƒ¨ãƒ¢ãƒ‡ãƒ«ã®æ–™é‡‘

BigQuery å¤–éƒ¨ã®ãƒ¢ãƒ‡ãƒ«ã‚’ä½¿ç”¨ã—ã¦ãƒˆãƒ¬ãƒ¼ãƒ‹ãƒ³ã‚°ã‚’è¡Œã†å¤–éƒ¨ãƒ¢ãƒ‡ãƒ«ã§ã¯ã€ã‚ªãƒ³ãƒ‡ãƒžãƒ³ãƒ‰ã®æ–™é‡‘ã‚‚ã—ãã¯ BigQuery Editions ã®æ–™é‡‘ï¼ˆBigQuery ã§å‡¦ç†ã•ã‚Œã‚‹ã¶ã‚“ã®æ–™é‡‘ï¼‰ã«åŠ ãˆã€Vertex AI ã®ãƒˆãƒ¬ãƒ¼ãƒ‹ãƒ³ã‚°æ–™é‡‘ã‚‚ç™ºç”Ÿã—ã¾ã™ã€‚

ãƒªãƒ¢ãƒ¼ãƒˆãƒ¢ãƒ‡ãƒ«ã®æ–™é‡‘

ãƒªãƒ¢ãƒ¼ãƒˆãƒ¢ãƒ‡ãƒ«ã§ã‚‚å¤–éƒ¨ãƒ¢ãƒ‡ãƒ«åŒæ§˜ã«ã€ BigQuery ã§å‡¦ç†ã•ã‚Œã‚‹ã¶ã‚“ã®æ–™é‡‘ã«åŠ ãˆã€ãƒªãƒ¢ãƒ¼ãƒˆãƒ¢ãƒ‡ãƒ«ã¨ã—ã¦ä½¿ç”¨ã™ã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã®æ–™é‡‘ãŒé©ç”¨ã•ã‚Œã¾ã™ã€‚

ãŸã¨ãˆã°ã€ãƒªãƒ¢ãƒ¼ãƒˆãƒ¢ãƒ‡ãƒ«ã¨ã—ã¦ Cloud AI Vision API ã‚’ä½¿ç”¨ã™ã‚‹å ´åˆã¯ Cloud AI Vision API ã®æ–™é‡‘ãŒã€Vertex AI ã®åŸºç›¤ãƒ¢ãƒ‡ãƒ«ï¼ˆç”Ÿæˆ AI ãƒ¢ãƒ‡ãƒ«ï¼‰ã‚’ä½¿ç”¨ã™ã‚‹å ´åˆã¯ Vertex AI ã®æ–™é‡‘ãŒè¿½åŠ ã§ç™ºç”Ÿã—ã¾ã™ã€‚

ä»–ã®æ©Ÿæ¢°å¦ç¿’ç³»ãƒ—ãƒãƒ€ã‚¯ãƒˆã¨ã®çµ±åˆ

Vertex AI

Vertex AI ã¯æ©Ÿæ¢°å¦ç¿’ãƒ¢ãƒ‡ãƒ«ã®é–‹ç™ºã«é–¢ã‚ã‚‹æ§˜ã€…ãªæ©Ÿèƒ½ãŒçµ±åˆã•ã‚ŒãŸãƒ—ãƒãƒ€ã‚¯ãƒˆã§ã™ã€‚

Vertex AI ã«ã¯é–‹ç™ºã—ãŸæ©Ÿæ¢°å¦ç¿’ãƒ¢ãƒ‡ãƒ«ã‚’é›†ä¸ç®¡ç†ã™ã‚‹ãŸã‚ã® Model Registry ã¨ã„ã†æ©Ÿèƒ½ãŒã‚ã‚Šã€BigQuery ML ã§é–‹ç™ºã—ãŸãƒ¢ãƒ‡ãƒ«ã‚‚ã“ã“ã§ç®¡ç†ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

Model Registory ã§ç®¡ç†ã•ã‚Œã¦ã„ã‚‹ãƒ¢ãƒ‡ãƒ«ã¯ãƒãƒ¼ã‚¸ãƒ§ãƒ‹ãƒ³ã‚°ã‚„è©•ä¾¡ã€ãƒ‡ãƒ—ãƒã‚¤ã‚’å®¹æ˜“ã«è¡Œã†ã“ã¨ãŒã§ãã¾ã™ã€‚Vertex AI ã® Endpoints æ©Ÿèƒ½ã§ã¯ã€ãƒ•ãƒ«ãƒžãƒãƒ¼ã‚¸ãƒ‰ã®å®Ÿè¡Œç’°å¢ƒã«ãƒ¢ãƒ‡ãƒ«ã‚’ãƒ‡ãƒ—ãƒã‚¤ã—ã€ç”Ÿæˆã•ã‚ŒãŸã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆã‚’ä½¿ç”¨ã—ã¦ã‚ªãƒ³ãƒ©ã‚¤ãƒ³ã®äºˆæ¸¬ã‚’å®Ÿè¡Œã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

Vertex AI ã®è©³ç´°ã«ã¤ã„ã¦ã¯ã€ä»¥ä¸‹ã®è¨˜äº‹ã‚’ã”ä¸€èªãã ã•ã„ã€‚

blog.g-gen.co.jp

Colab Enterprise

Colab Enterprise ã¯ã€Google Cloud ä¸Šã«äº‹å‰æ§‹ç¯‰ã•ã‚ŒãŸãƒžãƒãƒ¼ã‚¸ãƒ‰ãªãƒŽãƒ¼ãƒˆãƒ–ãƒƒã‚¯ç’°å¢ƒã‚’æä¾›ã™ã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã§ã™ã€‚

Colab Enterprise ã®ãƒŽãƒ¼ãƒˆãƒ–ãƒƒã‚¯ã‚’ä½¿ç”¨ã—ã¦ã€ãƒŽãƒ¼ãƒˆãƒ–ãƒƒã‚¯ã‹ã‚‰ BigQuery ML ã«ã‚ˆã‚‹ã‚¿ã‚¹ã‚¯ã‚’å®Ÿè¡Œã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ãƒ¢ãƒ‡ãƒ«ã®é–‹ç™ºæ™‚ã« Python ã®æ©Ÿæ¢°å¦ç¿’ãƒ©ã‚¤ãƒ–ãƒ©ãƒªã‚’ä½¿ç”¨ã—ãŸè¤‡é›‘ãªãƒ‡ãƒ¼ã‚¿å‡¦ç†ãŒå¿…è¦ãªå ´åˆãªã©ã«æ´»ç”¨ã§ãã¾ã™ã€‚

Colab Enterprise ã®ã‚µãƒ¼ãƒ“ã‚¹è©³ç´°ã«ã¤ã„ã¦ã¯ã€ä»¥ä¸‹ã®è¨˜äº‹ã‚’ã”ä¸€èªãã ã•ã„ã€‚

blog.g-gen.co.jp

Evantarcã¨Workflowsã§ã‚¤ãƒ™ãƒ³ãƒˆãƒ‰ãƒªãƒ–ãƒ³ã«Cloud Run jobsã‚’å®Ÿè¡Œã—ã¦ã¿ãŸ

2025-01-10T09:00:00+09:00

G-gen ã®å‡ºå£ã§ã™ã€‚æœ¬è¨˜äº‹ã§ã¯ã€Evantarc ã¨ Workflows ã‚’åˆ©ç”¨ã—ã¦ ã‚¤ãƒ™ãƒ³ãƒˆãƒ‰ãƒªãƒ–ãƒ³ã« Cloud Run jobs ã‚’å®Ÿè¡Œã™ã‚‹æ–¹æ³•ã‚’ã”ç´¹ä»‹ã—ã¾ã™ã€‚

æ¦‚è¦
Cloud Storage ã®æº–å‚™
- Cloud Storage ãƒã‚±ãƒƒãƒˆã®ä½œæˆ
- Cloud Strage ã‚µãƒ¼ãƒ“ã‚¹ã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆã¸ã®æ¨©é™ä»˜ä¸Ž
BigQuery ãƒ†ãƒ¼ãƒ–ãƒ«ã®ä½œæˆ
Cloud Run jobs ã®ä½œæˆ
Workflows ã®ä½œæˆ
Eventarc ãƒˆãƒªã‚¬ãƒ¼ã®è¨å®š
- ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®è¨å®š
- Eventarc ã®ä½œæˆ
å‹•ä½œç¢ºèª

æ¦‚è¦

Cloud Run functions ã¨ Cloud Run jobs

ã‚¤ãƒ™ãƒ³ãƒˆãƒ‰ãƒªãƒ–ãƒ³ã«ãƒ‡ãƒ¼ã‚¿ã‚’å‡¦ç†ã™ã‚‹ã«ã¯ã€Cloud Run functions ã‚’ä½¿ã£ãŸæ–¹æ³•ãªã©ãŒã‚ã‚Šã¾ã™ã€‚ä¾‹ãˆã°ã€Cloud Storage ã«ã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆãŒæ ¼ç´ã•ã‚ŒãŸã‚‰è‡ªå‹•çš„ã« Cloud Run functions ãŒèµ·å‹•ã™ã‚‹ã‚ˆã†ãªå‡¦ç†ã‚’ã€éžå¸¸ã«ç°¡å˜ã«å®Ÿè£…ã§ãã¾ã™ã€‚ã—ã‹ã—ã€Cloud Run functions ã«ã¯æœ€å¤§9åˆ†ï¼ˆã‚¤ãƒ™ãƒ³ãƒˆãƒ‰ãƒªãƒ–ãƒ³é–¢æ•°ã®å ´åˆï¼‰ã®å®Ÿè¡Œæ™‚é–“åˆ¶é™ãŒã‚ã‚‹ãªã©ã€ã„ãã¤ã‹ã®åˆ¶ç´„ãŒã‚ã‚Šã¾ã™ã€‚

å½“è¨˜äº‹ã§ã¯ã€Cloud Run jobs ã‚’ä½¿ã£ã¦ã‚¤ãƒ™ãƒ³ãƒˆãƒ‰ãƒªãƒ–ãƒ³ãªå‡¦ç†ã‚’å®Ÿç¾ã™ã‚‹æ¤œè¨¼ã‚’è¡Œã„ã¾ã—ãŸã€‚Cloud Run jobs ã«ã¯ã€Cloud Run functions ã¨æ¯”è¼ƒã—ã¦ä»¥ä¸‹ã®ã‚ˆã†ãªãƒ¡ãƒªãƒƒãƒˆãŒã‚ã‚Šã¾ã™ã€‚

æœ€å¤§å®Ÿè¡Œæ™‚é–“ãŒ168æ™‚é–“ã§ã‚ã‚‹ã“ã¨ï¼ˆ2025å¹´1æœˆç¾åœ¨ã§ã¯24æ™‚é–“ã‚’è¶…ãˆã‚‹å‡¦ç†ã¯ Previewï¼‰
ã‚¿ã‚¹ã‚¯ã®ä¸¦åˆ—å®Ÿè¡Œæ•°ã‚’æ˜Žç¤ºçš„ã«æŒ‡å®šå¯èƒ½ã§ã‚ã‚‹ã“ã¨

Cloud Run jobs ã«ã¤ã„ã¦ã¯ä»¥ä¸‹ã®è¨˜äº‹ã§è§£èª¬ã—ã¦ã„ã¾ã™ã®ã§ã€ã”å‚ç…§ãã ã•ã„ã€‚

blog.g-gen.co.jp

ã¾ãŸä»¥ä¸‹ã®è¨˜äº‹ã§ã¯ã€Cloud Storage ã«ãƒ†ã‚ã‚¹ãƒˆãƒ•ã‚¡ã‚¤ãƒ«ãŒæ ¼ç´ã•ã‚ŒãŸã“ã¨ã‚’èµ·ç‚¹ã¨ã—ã¦ Cloud Run functions ã‚’å‘¼ã³å‡ºã—ã€Vertex AI Gemini API ã§å–å¾—ã—ãŸãƒ†ã‚ã‚¹ãƒˆã®è¦ç´„çµæžœã‚’ BigQuery ã«ä¿å˜ã™ã‚‹å‡¦ç†ã‚’å®Ÿè£…ã—ã¦ã„ã¾ã™ã€‚

blog.g-gen.co.jp

å½“è¨˜äº‹ã§ã¯ã€ä¸Šè¨˜è¨˜äº‹ã® Cloud Run functions ã®éƒ¨åˆ†ã‚’ Cloud Run jobs ã«ç½®ãæ›ãˆã¦ã€ã‚¤ãƒ™ãƒ³ãƒˆãƒ‰ãƒªãƒ–ãƒ³ã« Cloud Run jobs ã‚’å®Ÿè¡Œã™ã‚‹æ§‹æˆã‚’å®Ÿè£…ã—ã¾ã™ã€‚

æ¤œè¨¼ã®æ¦‚è¦

å½“è¨˜äº‹ã§è¡Œã£ãŸæ¤œè¨¼ã®ã‚¢ãƒ¼ã‚ãƒ†ã‚¯ãƒãƒ£ã¯ä»¥ä¸‹ã®é€šã‚Šã§ã™ã€‚

ãƒãƒ¼ã‚«ãƒ« PC ã‹ã‚‰æ—¥å ±ã®ãƒ†ã‚ã‚¹ãƒˆãƒ•ã‚¡ã‚¤ãƒ«ã‚’ Cloud Storage ã«ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰
ãƒ•ã‚¡ã‚¤ãƒ«ãŒã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ã•ã‚ŒãŸã“ã¨ã‚’æ¤œçŸ¥ã—ã¦ Eventarc ãƒˆãƒªã‚¬ãƒ¼ãŒ Workflows ã‚’èµ·å‹•
Workflows ãŒå—ã‘å–ã£ãŸã‚¤ãƒ™ãƒ³ãƒˆæƒ…å ±ã‚’ç’°å¢ƒå¤‰æ•°ã«ã‚»ãƒƒãƒˆã—ã¦ Cloud Run jobs ã‚’èµ·å‹•
Cloud Run jobs ãŒ Gemini ã§æ—¥å ±ãƒ•ã‚¡ã‚¤ãƒ«ã‚’è¦ç´„ã—ã€çµæžœã‚’ BigQuery ãƒ†ãƒ¼ãƒ–ãƒ«ã«æ ¼ç´

Eventarc

Evantarc ã¯ Google Cloud ã§ã‚¤ãƒ™ãƒ³ãƒˆãƒ‰ãƒªãƒ–ãƒ³ã‚¢ãƒ¼ã‚ãƒ†ã‚¯ãƒãƒ£ã‚’æ§‹ç¯‰ã™ã‚‹ãŸã‚ã®ãƒ•ãƒ«ãƒžãƒãƒ¼ã‚¸ãƒ‰ã‚µãƒ¼ãƒ“ã‚¹ã§ã™ã€‚ã‚¤ãƒ™ãƒ³ãƒˆã®ç™ºç”Ÿå…ƒã‹ã‚‰æ§˜ã€…ãªå®›å…ˆã¸ã®è»¢é€ã‚’ã€ã‚µãƒ¼ãƒãƒ¬ã‚¹ã§å®¹æ˜“ã«æ§‹ç¯‰ã§ãã¾ã™ã€‚

å‚è€ƒ : Eventarc ã®æ¦‚è¦
å‚è€ƒ : ã‚¤ãƒ™ãƒ³ãƒˆ ãƒ‰ãƒªãƒ–ãƒ³ ã‚¢ãƒ¼ã‚ãƒ†ã‚¯ãƒãƒ£

ä»¥ä¸‹ã®è¨˜äº‹ã§ã¯ Eventarc ã‚’ä½¿ã£ãŸã‚¢ãƒ¼ã‚ãƒ†ã‚¯ãƒãƒ£ã®ä¾‹ãŒç´¹ä»‹ã•ã‚Œã¦ã„ã¾ã™ã®ã§ã€ã”å‚ç…§ãã ã•ã„ã€‚

blog.g-gen.co.jp

Workflows

Workflowsï¼ˆã¾ãŸã¯ Cloud Workflowsï¼‰ã¯ Google Cloud ã®ãƒ•ãƒ«ãƒžãƒãƒ¼ã‚¸ãƒ‰ã§ã‚µãƒ¼ãƒãƒ¼ãƒ¬ã‚¹ãªã‚ªãƒ¼ã‚±ã‚¹ãƒˆãƒ¬ãƒ¼ã‚·ãƒ§ãƒ³ã‚µãƒ¼ãƒ“ã‚¹ã§ã™ã€‚å®šç¾©ã—ãŸé †ç•ªã« Cloud Run ã‚„ Cloud Run functions ã‚’å®Ÿè¡Œã—ãŸã‚Šã€BigQuery ã§ã‚¯ã‚¨ãƒªã‚’ç™ºè¡Œã™ã‚‹ãªã©ã€æ§˜ã€…ãª Google Cloud ã‚µãƒ¼ãƒ“ã‚¹ã‚’å®Ÿè¡Œã—ãŸã‚Šã€ä»»æ„ã® HTTP ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆã«ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚’é€ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

å‚è€ƒ : ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼ã®æ¦‚è¦

ä»¥ä¸‹ã®è¨˜äº‹ã§ Workflows ã«ã¤ã„ã¦è§£èª¬ã—ã¦ã„ã¾ã™ã®ã§ã€ã”å‚ç…§ãã ã•ã„ã€‚

blog.g-gen.co.jp

Cloud Storage ã®æº–å‚™

Cloud Storage ãƒã‚±ãƒƒãƒˆã®ä½œæˆ

æ—¥å ±ãƒ•ã‚¡ã‚¤ãƒ«ã‚’ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ã™ã‚‹ãŸã‚ã®ãƒã‚±ãƒƒãƒˆã‚’ä½œæˆã—ã¾ã™ã€‚

ãƒã‚±ãƒƒãƒˆåã«ç½®ãæ›ãˆã¦ãã ã•ã„ ã®éƒ¨åˆ†ã‚’ã€ä½œæˆã•ã‚Œã‚‹ãƒã‚±ãƒƒãƒˆåã«ç½®ãæ›ãˆã¦ã€ä»¥ä¸‹ã®ã‚³ãƒžãƒ³ãƒ‰ã‚’å®Ÿè¡Œã—ã¾ã™ã€‚

BUCKET_NAME="ä½œæˆã•ã‚Œã‚‹ãƒã‚±ãƒƒãƒˆåã«ç½®ãæ›ãˆã¦ãã ã•ã„"
gcloud storage buckets create gs://${BUCKET_NAME} --location=asia-northeast1

Cloud Strage ã‚µãƒ¼ãƒ“ã‚¹ã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆã¸ã®æ¨©é™ä»˜ä¸Ž

Cloud Storage ã‹ã‚‰ã®ãƒˆãƒªã‚¬ãƒ¼ã‚’ä½œæˆã™ã‚‹å ´åˆã€Pub/Sub ãƒ‘ãƒ–ãƒªãƒƒã‚·ãƒ£ãƒ¼ã®ãƒãƒ¼ãƒ«ã‚’ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã® Cloud Storage ã‚µãƒ¼ãƒ“ã‚¹ã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆã«ä»˜ä¸Žã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆ ID ã«ç½®ãæ›ãˆã¦ãã ã•ã„ ã®éƒ¨åˆ†ã‚’ã€ã”è‡ªèº«ã®ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆ ID ã«ç½®ãæ›ãˆã¦ã€ä»¥ä¸‹ã®ã‚³ãƒžãƒ³ãƒ‰ã‚’å®Ÿè¡Œã—ã¾ã™ã€‚

PROJECT="ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆ ID ã«ç½®ãæ›ãˆã¦ãã ã•ã„"
SERVICE_ACCOUNT="$(gcloud storage service-agent --project=${PROJECT})"
    
gcloud projects add-iam-policy-binding ${PROJECT} \
    --member="serviceAccount:${SERVICE_ACCOUNT}" \
    --role='roles/pubsub.publisher'

BigQuery ãƒ†ãƒ¼ãƒ–ãƒ«ã®ä½œæˆ

æ—¥å ±ãƒ‡ãƒ¼ã‚¿ã‚’æ ¼ç´ã™ã‚‹ãŸã‚ã® BigQuery ãƒ†ãƒ¼ãƒ–ãƒ«ã‚’ä½œæˆã—ã¾ã™ã€‚

ä»¥ä¸‹ã®ã‚³ãƒžãƒ³ãƒ‰ã§ã¯ã€report ã¨ã„ã†åå‰ã®ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆã¨ã€daily_report ã¨ã„ã†åå‰ã®ãƒ†ãƒ¼ãƒ–ãƒ«ã‚’ä½œæˆã—ã¾ã™ã€‚

# ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆã‚’ä½œæˆ
bq --location=asia-northeast1 mk \
    --dataset \
    ${PROJECT}:report
  
# ãƒ†ãƒ¼ãƒ–ãƒ«ã‚’ä½œæˆ
bq mk \
    --table \
    --schema date:DATE,name:STRING,text:STRING \
    --clustering_fields date,name \
    ${PROJECT}:report.daily_report

name ã‚«ãƒ©ãƒ ã¨ date ã‚«ãƒ©ãƒ ã‚’ã‚¯ãƒ©ã‚¹ã‚¿åŒ–ã—ã¦ãƒ†ãƒ¼ãƒ–ãƒ«ã‚’ä½œæˆã™ã‚‹ã“ã¨ã§ã€name ã‚«ãƒ©ãƒ ãŠã‚ˆã³ date ã‚«ãƒ©ãƒ ã§ãƒ•ã‚£ãƒ«ã‚¿ã‚’ã‹ã‘ã‚‹ã‚¯ã‚¨ãƒªã‚’å®Ÿè¡Œã—ãŸã¨ãã«ã‚¹ã‚ãƒ£ãƒ³é‡ã‚’å‰Šæ¸›ã—ã¦ã€ãƒ‘ãƒ•ã‚©ãƒ¼ãƒžãƒ³ã‚¹ã‚’å‘ä¸Šã•ã›ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

Cloud Run jobs ã®ä½œæˆ

ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®ä½œæˆ

Cloud Run jobs ã§ä½¿ç”¨ã™ã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’ä½œæˆã—ã¾ã™ã€‚

Cloud Run jobs ãŒ Gemini API ã§æ–‡ç« ã‚’è¦ç´„ã—ãŸã‚Šã€BigQuery ã«ãƒ‡ãƒ¼ã‚¿ã‚’æ›¸ãè¾¼ã‚“ã ã‚Šã€ãƒã‚°ã‚’å‡ºåŠ›ã—ãŸã‚Šã™ã‚‹ãŸã‚ã«ã€ä»¥ä¸‹ã®ãƒãƒ¼ãƒ«ã‚’ Workflows ã§ä½¿ç”¨ã™ã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã«ä»˜ä¸Žã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

BigQuery ãƒ‡ãƒ¼ã‚¿ç·¨é›†è€…ï¼ˆroles/bigquery.dataEditorï¼‰
BigQuery ã‚¸ãƒ§ãƒ–ãƒ¦ãƒ¼ã‚¶ãƒ¼ï¼ˆroles/bigquery.jobUserï¼‰
Storage ã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆé–²è¦§è€…ï¼ˆroles/storage.objectViewerï¼‰
Vertex AI ãƒ¦ãƒ¼ã‚¶ãƒ¼ï¼ˆroles/aiplatform.userï¼‰
ãƒã‚°æ›¸ãè¾¼ã¿ï¼ˆroles/logging.logWriterï¼‰

ä»¥ä¸‹ã®ã‚³ãƒžãƒ³ãƒ‰ã‚’å®Ÿè¡Œã™ã‚‹ã¨ã€sa-daily-report-job ã¨ã„ã†åå‰ã®ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆãŒä½œæˆã•ã‚Œã€ãã®å¾Œã€å¿…è¦ãªãƒãƒ¼ãƒ«ãŒä»˜ä¸Žã•ã‚Œã¾ã™ã€‚

gcloud iam service-accounts create sa-daily-report-job
  
gcloud projects add-iam-policy-binding ${PROJECT} \
    --member=serviceAccount:sa-daily-report-job@${PROJECT}.iam.gserviceaccount.com \
    --role=roles/bigquery.dataEditor
  
gcloud projects add-iam-policy-binding ${PROJECT} \
    --member=serviceAccount:sa-daily-report-job@${PROJECT}.iam.gserviceaccount.com \
    --role=roles/bigquery.jobUser
  
gcloud projects add-iam-policy-binding ${PROJECT} \
    --member=serviceAccount:sa-daily-report-job@${PROJECT}.iam.gserviceaccount.com \
    --role=roles/storage.objectViewer
  
gcloud projects add-iam-policy-binding ${PROJECT} \
    --member=serviceAccount:sa-daily-report-job@${PROJECT}.iam.gserviceaccount.com \
    --role=roles/aiplatform.user
  
gcloud projects add-iam-policy-binding ${PROJECT} \
    --member=serviceAccount:sa-daily-report-job@${PROJECT}.iam.gserviceaccount.com \
    --role=roles/logging.logWriter

Docker ã‚³ãƒ³ãƒ†ãƒŠã®ä½œæˆã«å¿…è¦ãªãƒªã‚½ãƒ¼ã‚¹ã®ä½œæˆ

ä¸»è¦ãªå‡¦ç†ã‚’ Python ã‚³ãƒ¼ãƒ‰ã§å®Ÿè¡Œã™ã‚‹ main.pyã€ã‚³ãƒ¼ãƒ‰å†…ã§åˆ©ç”¨ã™ã‚‹ãƒ‘ãƒƒã‚±ãƒ¼ã‚¸ã‚’ãƒªã‚¹ãƒˆåŒ–ã—ãŸ requirements.txtã€ãã—ã¦ Procfile ã‚’ä½œæˆã—ã¾ã™ã€‚

Procfile ã¨ã¯ã€ã‚³ãƒ³ãƒ†ãƒŠã®èµ·å‹•æ™‚ã«å‘¼ã³å‡ºã•ã‚Œã‚‹ãƒ—ãƒã‚»ã‚¹ã‚’å®šç¾©ã™ã‚‹ãƒ•ã‚¡ã‚¤ãƒ«ã§ã€Python ã§ Buildpack ã‚’åˆ©ç”¨ã™ã‚‹å ´åˆã«ãŠã„ã¦ã¯ã€ãƒ•ã‚¡ã‚¤ãƒ«ã®ä½œæˆãŒå¿…é ˆã«ãªã‚Šã¾ã™ã€‚Buildpack ã‚’åˆ©ç”¨ã™ã‚Œã°ã€Dockerfile ã‚’ä½œæˆã›ãšã«ã‚³ãƒ¼ãƒ‰ã‚’ã‚³ãƒ³ãƒ†ãƒŠã‚¤ãƒ¡ãƒ¼ã‚¸ã«å¤‰æ›ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

å‚è€ƒ : Google Cloud ã® Buildpack
å‚è€ƒ : Procfile ã«ã¤ã„ã¦

main.py

import vertexai
from vertexai.generative_models import GenerativeModel, Part, SafetySetting
import os
import argparse
from datetime import datetime
import logging
from google.cloud import bigquery, storage
import google.cloud.logging
  
PROJECT_ID = os.environ.get("PROJECT_ID")
REGION = os.environ.get("REGION")
DATASET_ID = os.environ.get("DATASET_ID")
TABLE_ID = os.environ.get("TABLE_ID")
TABLE_NAME = f"{PROJECT_ID}.{DATASET_ID}.{TABLE_ID}"
  
INPUT_BUCKET = os.environ.get("INPUT_BUCKET")
INPUT_FILE = os.environ.get("INPUT_FILE")
  
# Vertex AI ã®åˆæœŸåŒ–
vertexai.init(project=PROJECT_ID, location=REGION)
   
# Cloud Logging ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã®ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹åŒ–
logger_client = google.cloud.logging.Client()
logger_client.setup_logging()
logger = logging.getLogger()
logger.setLevel(logging.DEBUG)
  
# Cloud Storage ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã®ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹åŒ–
storage_client = storage.Client()
   
# Cloud Storage ã‹ã‚‰ãƒ•ã‚¡ã‚¤ãƒ«ã‚’èªã‚“ã§ Gemini ã«è¦ç´„ã•ã›ã‚‹é–¢æ•°
def summarize_text_from_file() -> str:
     
    try:
        # Cloud Storage ã«ã‚ã‚‹ãƒ•ã‚¡ã‚¤ãƒ«ã®ãƒ†ã‚ã‚¹ãƒˆã‚’èªã¿å–ã‚‹
        bucket = storage_client.bucket(INPUT_BUCKET)
        blob = bucket.blob(INPUT_FILE)
        file_content = blob.download_as_string()
        text = file_content.decode("utf-8")
  
    except Exception as e:
        logger.error(f"Error during reading file: {e}")
        raise
  
    try:
        # Gemini ã«è¦ç´„ã•ã›ã‚‹
        model = GenerativeModel("gemini-1.5-flash-002")
        generation_config = {
            "max_output_tokens": 500,
            "temperature": 0.1,
            "top_p": 0.1,
        }
        response = model.generate_content(
            f"""ä»¥ä¸‹ã®æ–‡ç« ã‚’è¦ç´„ã—ã¦ãã ã•ã„:\n{file_content}\nè¦ç´„:\n""", 
            generation_config=generation_config
        )
    except Exception as e:
        logger.error(f"Error during summarization: {e}")
        raise
  
    return response.candidates[0].content.parts[0].text
  
  
# BigQuery ã®ãƒ†ãƒ¼ãƒ–ãƒ«ã«ãƒ‡ãƒ¼ã‚¿ã‚’æŒ¿å…¥ã™ã‚‹é–¢æ•°
def insert_into_bigquery(summary_text: str):
  
    try:
        # ãƒ•ã‚¡ã‚¤ãƒ«ã®åå‰ã‹ã‚‰æ—¥ä»˜ã¨åå‰ã‚’å–å¾—ã™ã‚‹
        file = INPUT_FILE.split("/")[-1] # ãƒ•ã‚©ãƒ«ãƒ€éƒ¨åˆ†ã‚’æ¶ˆã™
        date_str, name_txt = file.split("_")
        name = name_txt.split(".")[0]
  
        try:
            date_object = datetime.strptime(date_str, '%Y%m%d') 
            formatted_date = date_object.strftime("%Y-%m-%d")
        except ValueError:
            raise ValueError("Invalid filename date format.  Expected YYYYMMDD.")       
  
        client = bigquery.Client(project=PROJECT_ID)
        table_ref = client.get_table(f"{TABLE_NAME}")
  
        # é‡è¤‡ã«ãªã‚‰ãªã„ã‚ˆã†ã«ã€ãƒ‡ãƒ¼ã‚¿ã‚’æŒ¿å…¥ã™ã‚‹
        query = f"""MERGE {TABLE_NAME} t
                    USING (
                        SELECT CAST('{formatted_date}' AS DATE) AS date, 
                                    '{name}' AS name, 
                                    '''{summary_text}''' AS text) i
                        ON t.date = i.date AND t.name = i.name
                    WHEN MATCHED THEN
                        UPDATE SET text = i.text
                    WHEN NOT MATCHED THEN
                        INSERT (date, name, text) VALUES (i.date, i.name, i.text)"""
  
        query_job = client.query(query)
  
        try:
            query_job.result() 
            logger.debug(f"{INPUT_FILE} insert successful.")
        except Exception as e:
            logger.error(f"{INPUT_FILE} insert failed: {e}")
            raise
  
    except Exception as e:
        logger.error(f"An unexpected error occurred while insert into bigquery: {e}")
        raise
  
  
if __name__ == "__main__":
    summary_result = summarize_text_from_file()
    insert_into_bigquery(summary_result)

requirements.txt

google-cloud-aiplatform==1.73.0
google-cloud-bigquery==3.25.0
google-cloud-logging==3.11.2

Procfile

Buildpacks ã§ã¯ web ãƒ—ãƒã‚»ã‚¹ã‚’å®šç¾©ã™ã‚‹ã“ã¨ãŒå¿…é ˆã§ã™ã€‚web ãƒ—ãƒã‚»ã‚¹ã‚’å®šç¾©ã—ãªã‹ã£ãŸå ´åˆã€ web process not found in Procfile ã¨ã„ã†ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã™ã€‚
ãŸã ã—ã€ä»Šå›žã¯ HTTP ãƒˆãƒ©ãƒ•ã‚£ãƒƒã‚¯ã‚’å—ä¿¡ã™ã‚‹å¿…è¦ãŒãªã„ã®ã§ã€å®Ÿéš›ã«ã¯ web ãƒ—ãƒã‚»ã‚¹ã¯ä½¿ç”¨ã•ã‚Œã¾ã›ã‚“ã€‚

web: echo "no web"

python: python

Artifact Registry ã®ä½œæˆ

ã‚³ãƒ³ãƒ†ãƒŠã‚¤ãƒ¡ãƒ¼ã‚¸ã‚’ä¿å˜ã™ã‚‹ãŸã‚ã® Artifact Registry æ¨™æº–ãƒªãƒã‚¸ãƒˆãƒªã‚’ä½œæˆã—ã¾ã™ã€‚

ä»¥ä¸‹ã®ã‚³ãƒžãƒ³ãƒ‰ã§ã¯ã€my-repo ã¨ã„ã†åå‰ã®ãƒªãƒã‚¸ãƒˆãƒªã‚’ä½œæˆã—ã¾ã™ã€‚

gcloud artifacts repositories create my-repo \
    --repository-format=docker \
    --location=asia-northeast1

Artifact Registry ã«ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰

Buildpack ã‚’ä½¿ç”¨ã—ã¦ã‚³ãƒ³ãƒ†ãƒŠã‚¤ãƒ¡ãƒ¼ã‚¸ã‚’ãƒ“ãƒ«ãƒ‰ã—ã€ä½œæˆã—ãŸ Artifact Registry ãƒªãƒã‚¸ãƒˆãƒªã«ãƒ—ãƒƒã‚·ãƒ¥ã—ã¾ã™ã€‚

ä»¥ä¸‹ã®ã‚³ãƒžãƒ³ãƒ‰ã§ã¯ã€ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰ã‚’ãƒ“ãƒ«ãƒ‰ã—ã€my-repo ãƒªãƒã‚¸ãƒˆãƒªã« daily-report-job ã¨ã„ã†ã‚¤ãƒ¡ãƒ¼ã‚¸åã§ãƒ—ãƒƒã‚·ãƒ¥ã—ã¾ã™ã€‚

gcloud builds submit --pack image=asia-northeast1-docker.pkg.dev/${PROJECT}/my-repo/daily-report-job

Cloud Run jobs ã®ä½œæˆ

ä»¥ä¸‹ã®ã‚³ãƒžãƒ³ãƒ‰ã§ã¯ã€daily-report-job ã¨ã„ã†åå‰ã® Cloud Run jobs ã‚’ä½œæˆã—ã¾ã™ã€‚

gcloud run jobs create daily-report-job \
  --image=asia-northeast1-docker.pkg.dev/${PROJECT}/my-repo/daily-report-job:latest \
  --command=python \
  --args=main.py \
  --region=asia-northeast1 \
  --service-account=sa-daily-report-job@${PROJECT}.iam.gserviceaccount.com
  --set-env-vars=INPUT_BUCKET=${BUCKET_NAME},INPUT_FILE=input_file.txt,PROJECT_ID=${PROJECT},DATASET_ID=report,TABLE_ID=daily_report

ç’°å¢ƒå¤‰æ•° INPUT_BUCKET ãŠã‚ˆã³ INPUT_FILE ã¯ã€å®Ÿéš›ã«ã¯ Workflows ãŒã‚¸ãƒ§ãƒ–ã‚’èµ·å‹•ã™ã‚‹éš›ã«é€ã‚‰ã‚Œã¦ããŸã‚¤ãƒ™ãƒ³ãƒˆæƒ…å ±ã‚’åˆ©ç”¨ã—ã¦ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã•ã‚Œã¾ã™ã€‚

Workflows ã®ä½œæˆ

ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®è¨å®š

Workflows ã§ä½¿ç”¨ã™ã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’ä½œæˆã—ã¾ã™ã€‚

Workflows ã¯ç’°å¢ƒå¤‰æ•°ã‚’ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã—ã¦ Cloud Run jobs ã‚’èµ·å‹•ã—ã€å®Ÿè¡Œçµæžœã‚’å—ã‘å–ã‚‹ãŸã‚ã«ã€ä»¥ä¸‹ã®ãƒãƒ¼ãƒ«ã‚’ Workflows ã§ä½¿ç”¨ã™ã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã«ä»˜ä¸Žã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

Cloud Run ãƒ‡ãƒ™ãƒãƒƒãƒ‘ãƒ¼ï¼ˆroles/run.developerï¼‰

ãªãŠç’°å¢ƒå¤‰æ•°ã‚’ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã—ã¦ Cloud Run jobs ã‚’èµ·å‹•ã™ã‚‹ãƒãƒ¼ãƒ«ã¨ã—ã¦ã€ä¸Šè¨˜ã®ä»–ã«ã€Œã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã‚’ä½¿ç”¨ã™ã‚‹ Cloud Run ã‚¸ãƒ§ãƒ– ã‚¨ã‚°ã‚¼ã‚ãƒ¥ãƒ¼ã‚¿ï¼ˆroles/run.jobsExecutorWithOverridesï¼‰ã€ãƒãƒ¼ãƒ«ãŒã‚ã‚Šã¾ã™ãŒã€ã“ã¡ã‚‰ã ã¨å®Ÿè¡Œçµæžœã‚’å—ã‘å–ã‚‹ãŸã‚ã«å¿…è¦ãª run.executions.get æ¨©é™ãŒä¸è¶³ã—ã¦ã„ã‚‹ãŸã‚ã€ä¸Šè¨˜ã®ãƒãƒ¼ãƒ«ã¨ã—ã¦ã„ã¾ã™ã€‚

ä»¥ä¸‹ã®ã‚³ãƒžãƒ³ãƒ‰ã‚’å®Ÿè¡Œã™ã‚‹ã¨ã€sa-cloud-run-job-workflow ã¨ã„ã†åå‰ã®ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆãŒä½œæˆã•ã‚Œã€ãã®å¾Œã€å¿…è¦ãªãƒãƒ¼ãƒ«ãŒä»˜ä¸Žã•ã‚Œã¾ã™ã€‚

gcloud iam service-accounts create sa-cloud-run-job-workflow
  
gcloud projects add-iam-policy-binding ${PROJECT} \
    --member=serviceAccount:sa-cloud-run-job-workflow@${PROJECT}.iam.gserviceaccount.com \
    --role=roles/run.developer

ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼ã®ä½œæˆ

Cloud Run jobs ã‚’å®Ÿè¡Œã™ã‚‹ãŸã‚ã®ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼ã‚’ã€cloud-run-job-workflow.yaml ã¨ã„ã† YAML ãƒ•ã‚¡ã‚¤ãƒ«ã«å®šç¾©ã—ã¾ã™ã€‚

cloud-run-job-workflow.yaml

main:
    params: [event]
    steps:
        - init:
            assign:
                - project_id: ${sys.get_env("GOOGLE_CLOUD_PROJECT_ID")}
                - event_bucket: ${event.data.bucket}
                - event_file: ${event.data.name}
                - job_name: daily-report-job
                - job_location: asia-northeast1
        - run_job:
            call: googleapis.run.v1.namespaces.jobs.run
            args:
                name: ${"namespaces/" + project_id + "/jobs/" + job_name}
                location: ${job_location}
                body:
                    overrides:
                        containerOverrides:
                            env:
                                - name: INPUT_BUCKET
                                  value: ${event_bucket}
                                - name: INPUT_FILE
                                  value: ${event_file}
            result: job_execution
        - finish:
            return: ${job_execution}

ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼ã®ãƒ‡ãƒ—ãƒã‚¤

ä»¥ä¸‹ã®ã‚³ãƒžãƒ³ãƒ‰ã‚’å®Ÿè¡Œã—ã¦ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼ã‚’ãƒ‡ãƒ—ãƒã‚¤ã—ã¾ã™ã€‚

gcloud workflows deploy cloud-run-job-workflow \
    --location=asia-northeast1 \
    --source=cloud-run-job-workflow.yaml
    --service-account=serviceAccount:sa-cloud-run-job-workflow@${PROJECT}.iam.gserviceaccount.com

Eventarc ãƒˆãƒªã‚¬ãƒ¼ã®è¨å®š

ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®è¨å®š

Eventarc ã§ä½¿ç”¨ã™ã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’ä½œæˆã—ã¾ã™ã€‚

Eventarc ã¯ Cloud Storage ã‹ã‚‰ã‚¤ãƒ™ãƒ³ãƒˆã‚’å—ä¿¡ã—ã¦ Workflows ã‚’èµ·å‹•ã™ã‚‹ãŸã‚ã€ä»¥ä¸‹ã®ãƒãƒ¼ãƒ«ã‚’ Eventarc ã§ä½¿ç”¨ã™ã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã«ä»˜ä¸Žã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

Eventarc ã‚¤ãƒ™ãƒ³ãƒˆå—ä¿¡è€…ï¼ˆroles/eventarc.eventReceiverï¼‰
ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼èµ·å‹•å…ƒï¼ˆroles/workflows.invokerï¼‰

ä»¥ä¸‹ã®ã‚³ãƒžãƒ³ãƒ‰ã‚’å®Ÿè¡Œã™ã‚‹ã¨ã€ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ sa-cloud-run-job-workflow-trigger ãŒä½œæˆã•ã‚Œã€ãã®ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã«å¿…è¦ãªæ¨©é™ãŒä»˜ä¸Žã•ã‚Œã¾ã™ã€‚

gcloud iam service-accounts create sa-cloud-run-job-workflow-trigger
  
gcloud projects add-iam-policy-binding ${PROJECT} \
    --member=serviceAccount:sa-cloud-run-job-workflow-trigger@${PROJECT}.iam.gserviceaccount.com \
    --role=roles/eventarc.eventReceiver
  
gcloud projects add-iam-policy-binding ${PROJECT} \
    --member=serviceAccount:sa-cloud-run-job-workflow-trigger@${PROJECT}.iam.gserviceaccount.com \
    --role=roles/workflows.invoker

Eventarc ã®ä½œæˆ

ä»¥ä¸‹ã®ã‚³ãƒžãƒ³ãƒ‰ã§ã€Eventarc ãƒˆãƒªã‚¬ãƒ¼ã‚’ cloud-run-job-workflow-trigger ã¨ã„ã†åå‰ã§ä½œæˆã—ã¾ã™ã€‚

ã“ã®ã‚³ãƒžãƒ³ãƒ‰ã§ã¯ã€ã•ãã»ã©ä½œæˆã—ãŸã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ sa-cloud-run-job-workflow-trigger ã‚’æŒ‡å®šã—ãŸã‚Šã€destination-workflow ã‚ªãƒ—ã‚·ãƒ§ãƒ³ã§å®›å…ˆã®ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼ã§ã‚ã‚‹ cloud-run-job-workflow ã‚’æŒ‡å®šã—ã¦ã„ã¾ã™ã€‚

gcloud eventarc triggers create cloud-run-job-workflow-trigger \
    --location=asia-northeast1 \
    --destination-workflow=cloud-run-job-workflow  \
    --destination-workflow-location=asia-northeast1 \
    --event-filters="type=google.cloud.storage.object.v1.finalized" \
    --event-filters="bucket=${BUCKET_NAME}" \
    --service-account=sa-cloud-run-job-workflow-trigger@${PROJECT}.iam.gserviceaccount.com

å‹•ä½œç¢ºèª

ã¾ãšã¯ã€æ—¥å ±ã®ãƒ†ã‚ã‚¹ãƒˆãƒ•ã‚¡ã‚¤ãƒ«ã‚’ç”¨æ„ã—ã¾ã™ã€‚ä¾‹ã¨ã—ã¦ã€ä»¥ä¸‹ã®ãƒ†ã‚ã‚¹ãƒˆãŒæ›¸ãè¾¼ã¾ã‚ŒãŸãƒ†ã‚ã‚¹ãƒˆãƒ•ã‚¡ã‚¤ãƒ« 20241231_å±±ç”°å¤ªéƒŽ.txt ã‚’ä½œæˆã—ã¾ã™ã€‚

ä»Šæ—¥ã®æ¥å‹™å†…å®¹:

åˆå‰: æ˜¨æ—¥å–å¾—ã—ãŸã‚ªãƒ³ãƒ©ã‚¤ãƒ³ã‚¹ãƒˆã‚¢ã®é¡§å®¢è¡Œå‹•ãƒã‚°ãƒ‡ãƒ¼ã‚¿(ç´„5TB)ã®BigQueryã¸ã®ãƒãƒ¼ãƒ‰ä½œæ¥ã‚’å®Ÿæ–½ã€‚Dataflowãƒ‘ã‚¤ãƒ—ãƒ©ã‚¤ãƒ³ã‚’ç”¨ã„ã¦ã€ãƒ‘ãƒ¼ãƒ†ã‚£ã‚·ãƒ§ãƒ‹ãƒ³ã‚°ã¨ã‚¯ãƒ©ã‚¹ã‚¿ãƒªãƒ³ã‚°ã‚’è¡Œã„ã€ã‚¯ã‚¨ãƒªãƒ‘ãƒ•ã‚©ãƒ¼ãƒžãƒ³ã‚¹ã®æœ€é©åŒ–ã‚’å›³ã£ãŸã€‚ãƒãƒ¼ãƒ‰å®Œäº†å¾Œã€ãƒ‡ãƒ¼ã‚¿ã®æ•´åˆæ€§ã‚’ç¢ºèªã—ã€ãƒ‡ãƒ¼ã‚¿å“è³ªã«å•é¡ŒãŒãªã„ã“ã¨ã‚’æ¤œè¨¼ã—ãŸã€‚ãƒãƒ¼ãƒ‰æ™‚é–“ã¯äºˆæƒ³é€šã‚Šç´„3æ™‚é–“ã§ã‚ã£ãŸãŒã€ä¸€éƒ¨ãƒ‡ãƒ¼ã‚¿ã®é‡è¤‡ãŒç¢ºèªã•ã‚ŒãŸãŸã‚ã€é‡è¤‡ãƒ‡ãƒ¼ã‚¿å‰Šé™¤ã‚¯ã‚¨ãƒªã‚’è¨˜è¿°ã—å®Ÿè¡Œã€‚ç´„1%ã®é‡è¤‡ãƒ‡ãƒ¼ã‚¿ãŒå‰Šé™¤ã•ã‚ŒãŸã€‚

åˆå¾Œ: BigQueryä¸Šã§é¡§å®¢ã‚»ã‚°ãƒ¡ãƒ³ãƒ†ãƒ¼ã‚·ãƒ§ãƒ³ã®ãŸã‚ã®SQLã‚¯ã‚¨ãƒªã‚’é–‹ç™ºãƒ»å®Ÿè¡Œã€‚è³¼è²·é »åº¦ã€å¹³å‡è³¼å…¥é¡ã€æœ€çµ‚è³¼å…¥æ—¥ãªã©ã‚’åŸºã«ã€"é«˜é »åº¦è³¼å…¥è€…", "ä½Žé »åº¦ä½Žé¡è³¼å…¥è€…", "ä¼‘çœ é¡§å®¢" ã®3ã¤ã®ã‚»ã‚°ãƒ¡ãƒ³ãƒˆã«åˆ†é¡žã™ã‚‹ã‚¯ã‚¨ãƒªã‚’ä½œæˆã—ãŸã€‚å„ã‚»ã‚°ãƒ¡ãƒ³ãƒˆã®äººå£çµ±è¨ˆãƒ‡ãƒ¼ã‚¿(å¹´é½¢ã€æ€§åˆ¥ãªã©)ã¨ã®é–¢é€£æ€§ã‚’åˆ†æžã™ã‚‹ãŸã‚ã«ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼å±žæ€§ãƒ†ãƒ¼ãƒ–ãƒ«ã¨çµåˆã—åˆ†æžã‚’å®Ÿæ–½ã€‚ åˆ†æžçµæžœã‚’å¯è¦–åŒ–ã™ã‚‹ãŸã‚ã«ã€Looker Studioã‚’ç”¨ã„ãŸãƒ€ãƒƒã‚·ãƒ¥ãƒœãƒ¼ãƒ‰ã‚’ä½œæˆé–‹å§‹ã€‚æœ¬æ—¥ä¸ã«ä¸»è¦æŒ‡æ¨™ã®è¡¨ç¤ºã¾ã§å®Œäº†ã•ã›ãŸã€‚

ãã®ä»–: ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆXã®ä»Šå¾Œã®åˆ†æžè¨ˆç”»ã«ã¤ã„ã¦ãƒãƒ¼ãƒ ãƒªãƒ¼ãƒ€ãƒ¼ã¨ãƒŸãƒ¼ãƒ†ã‚£ãƒ³ã‚°ã‚’å®Ÿæ–½ã€‚ é¡§å®¢ãƒãƒ£ãƒ¼ãƒ³äºˆæ¸¬ãƒ¢ãƒ‡ãƒ«æ§‹ç¯‰ã®ãŸã‚ã®ãƒ‡ãƒ¼ã‚¿æº–å‚™ã«ã¤ã„ã¦è°è«–ã—ã€å¿…è¦ãªãƒ‡ãƒ¼ã‚¿é …ç›®ã¨ãƒ‡ãƒ¼ã‚¿ã‚½ãƒ¼ã‚¹ã‚’ç‰¹å®šã—ãŸã€‚æ¥é€±ã‹ã‚‰æ©Ÿæ¢°å¦ç¿’ãƒ¢ãƒ‡ãƒ«ã®æ§‹ç¯‰ã«ç€æ‰‹ã™ã‚‹äºˆå®šã€‚ ã¾ãŸã€BigQueryã®æ–™é‡‘ã‚’ç›£è¦–ã—ã€ã‚³ã‚¹ãƒˆæœ€é©åŒ–ã®ãŸã‚ã®æ¤œè¨Žã‚’é–‹å§‹ã—ãŸã€‚ãƒ‘ãƒ¼ãƒ†ã‚£ã‚·ãƒ§ãƒ‹ãƒ³ã‚°ã¨ã‚¯ãƒ©ã‚¹ã‚¿ãƒªãƒ³ã‚°ã®åŠ¹æžœã‚’æ¤œè¨¼ã—ã€æ›´ãªã‚‹æœ€é©åŒ–ã®å¯èƒ½æ€§ã‚’æŽ¢ã‚‹ã€‚

èª²é¡Œã¨å•é¡Œç‚¹:

ãƒ‡ãƒ¼ã‚¿ãƒã‚°ã«å«ã¾ã‚Œã‚‹ä¸€éƒ¨ã®é¡§å®¢IDã«é‡è¤‡ãŒè¦‹ã‚‰ã‚ŒãŸã€‚ãƒ‡ãƒ¼ã‚¿åŽé›†å…ƒã§ã®ãƒ‡ãƒ¼ã‚¿ã‚¯ãƒ¬ãƒ³ã‚¸ãƒ³ã‚°ã®å¿…è¦æ€§ã‚’æŒ‡æ‘˜ã—ã€é–¢ä¿‚éƒ¨ç½²ã¸ã®å ±å‘Šã‚’æ¤œè¨Žã—ã¦ã„ã‚‹ã€‚
Looker Studioãƒ€ãƒƒã‚·ãƒ¥ãƒœãƒ¼ãƒ‰ã®ä½œæˆã«æ™‚é–“ãŒã‹ã‹ã£ã¦ã„ã‚‹ã€‚ã‚ˆã‚ŠåŠ¹çŽ‡çš„ãªå¯è¦–åŒ–ãƒ„ãƒ¼ãƒ«ã®æ¤œè¨ŽãŒå¿…è¦ã‹ã‚‚ã—ã‚Œãªã„ã€‚
æ˜Žæ—¥ã®äºˆå®š:

ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆX: é¡§å®¢ãƒãƒ£ãƒ¼ãƒ³äºˆæ¸¬ãƒ¢ãƒ‡ãƒ«æ§‹ç¯‰ã®ãŸã‚ã®ãƒ‡ãƒ¼ã‚¿æº–å‚™é–‹å§‹ã€‚å¿…è¦ãªãƒ‡ãƒ¼ã‚¿ã®æŠ½å‡ºã¨å‰å‡¦ç†ã‚’è¡Œã†ã€‚
ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆY (æº–å‚™æ®µéšŽ): ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆYã®è¦ä»¶å®šç¾©æ›¸ä½œæˆã«å‘ã‘ã¦ã€é–¢ä¿‚è€…ã¨ã®æ‰“ã¡åˆã‚ã›ã‚’è¡Œã†ã€‚
ã‚³ãƒ¡ãƒ³ãƒˆ:

æœ¬æ—¥ã€ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆXã®ãƒ‡ãƒ¼ã‚¿åˆ†æžãŒå¤§ããé€²å±•ã—ãŸã€‚BigQueryã¨Dataflowãƒ‘ã‚¤ãƒ—ãƒ©ã‚¤ãƒ³ã‚’ç”¨ã„ãŸãƒ‡ãƒ¼ã‚¿å‡¦ç†ã¯åŠ¹çŽ‡çš„ã§ã‚ã£ãŸã€‚ã—ã‹ã—ã€ãƒ‡ãƒ¼ã‚¿å“è³ªã«é–¢ã™ã‚‹èª²é¡Œã‚‚æµ®ãå½«ã‚Šã«ãªã£ãŸãŸã‚ã€é–¢ä¿‚éƒ¨ç½²ã¨ã®é€£æºã‚’å¼·åŒ–ã—ã€ãƒ‡ãƒ¼ã‚¿ã‚¯ã‚ªãƒªãƒ†ã‚£å‘ä¸Šã«åŠªã‚ã‚‹å¿…è¦ãŒã‚ã‚‹ã€‚

ã“ã®æ—¥å ±ãƒ•ã‚¡ã‚¤ãƒ«ã‚’ Cloud Storage ã«ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ã—ã¾ã™ã€‚

gcloud storage cp 20241231_å±±ç”°å¤ªéƒŽ.txt gs://${BUCKET_NAME}

BigQuery ã‚’è¦‹ã‚‹ã¨ã€ãƒ†ãƒ¼ãƒ–ãƒ«ã«æ—¥å ±ã®ãƒ‡ãƒ¼ã‚¿ãŒæ›¸ãè¾¼ã¾ã‚Œã¦ã„ã‚‹ã“ã¨ãŒç¢ºèªã§ãã¾ã—ãŸã€‚

ä»¥ä¸‹ã¯ã€è¦ç´„å¾Œã®æ–‡ç« ã§ã™ã€‚

ã“ã®ãƒã‚°ã¯ã€BigQueryã¨Dataflowã‚’ç”¨ã„ãŸãƒ‡ãƒ¼ã‚¿å‡¦ç†ã«é–¢ã™ã‚‹å ±å‘Šã§ã™ã€‚

**åˆå‰:** 5TBã®ã‚ªãƒ³ãƒ©ã‚¤ãƒ³ã‚¹ãƒˆãƒªãƒ¼ãƒ ãƒ‡ãƒ¼ã‚¿ã®BigQueryã¸ã®ãƒãƒ¼ãƒ‰ä½œæ¥ã‚’å®Ÿæ–½ã€‚Dataflowãƒ‘ã‚¤ãƒ—ãƒ©ã‚¤ãƒ³ã‚’ç”¨ã„ã¦ãƒ‘ãƒ¼ãƒ†ã‚£ã‚·ãƒ§ãƒ‹ãƒ³ã‚°ã¨ã‚¯ãƒ¬ãƒ³ã‚¸ãƒ³ã‚°ã‚’è¡Œã„ã€ã‚¯ã‚¨ãƒªã®æœ€é©åŒ–ã‚’å®Ÿç¾ã—ã¾ã—ãŸã€‚å‡¦ç†æ™‚é–“ã¯äºˆæƒ³é€šã‚Šç´„3æ™‚é–“ã§ã—ãŸãŒã€ä¸€éƒ¨ãƒ‡ãƒ¼ã‚¿ã®æ¬ æãŒç¢ºèªã•ã‚Œã€1%ã®ãƒ‡ãƒ¼ã‚¿ãŒå¾©æ—§ä¸èƒ½ã§ã—ãŸã€‚

**åˆå¾Œ:** BigQueryä¸Šã§ã€èª²é‡‘ã‚¿ã‚¤ãƒ—ã€å¹³å‡èª²é‡‘é¡ã€æœ€çµ‚èª²é‡‘æ—¥ãªã©ã‚’åŸºã«ã€ã€Œé«˜èª²é‡‘ãƒ¦ãƒ¼ã‚¶ãƒ¼ã€ã€ã€Œä½Žèª²é‡‘ãƒ¦ãƒ¼ã‚¶ãƒ¼ã€ã€ã€Œæ½œåœ¨é¡§å®¢ã€ã®3ã¤ã®ã‚»ã‚°ãƒ¡ãƒ³ãƒˆã«åˆ†é¡žã™ã‚‹SQLã‚¯ã‚¨ãƒªã‚’ä½œæˆãƒ»å®Ÿè¡Œã—ã¾ã—ãŸã€‚å„ã‚»ã‚°ãƒ¡ãƒ³ãƒˆã®ãƒ¦ãƒ¼ã‚¶ãƒ¼å±žæ€§ï¼ˆå¹´é½¢ã€æ€§åˆ¥ãªã©ï¼‰ã¨ã®é–¢é€£æ€§ã‚’åˆ†æžã—ã€Looker Studioã§è¦–è¦šåŒ–ã—ã¾ã—ãŸã€‚

**ãã®ä»–:** ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆXã®ä»Šå¾Œã®åˆ†æžè¨ˆç”»ã¨ã—ã¦ã€ãƒãƒ£ãƒ¼ãƒ³äºˆæ¸¬ãƒ¢ãƒ‡ãƒ«ã¨ãƒ—ãƒãƒ¢ãƒ¼ã‚·ãƒ§ãƒ³æ–½ç–ã®ãƒ‡ãƒ¼ã‚¿æ•´å‚™ã‚’æ±ºå®šã—ã¾ã—ãŸã€‚BigQueryã®ãƒã‚°ã‚’ç›£è¦–ã—ã€ã‚³ã‚¹ãƒˆæœ€é©åŒ–ã®ãŸã‚ã®æ”¹å–„ç–ã‚’æ¤œè¨Žã—ã¾ã™ã€‚ãƒ‘ãƒ¼ãƒ†ã‚£ã‚·ãƒ§ãƒ‹ãƒ³ã‚°ã¨ã‚¯ãƒ¬ãƒ³ã‚¸ãƒ³ã‚°ã®ãƒã‚¤ãƒ³ãƒˆã‚’æ˜Žç¢ºåŒ–ã—ã€ä»Šå¾Œã®ãƒ‡ãƒ¼ã‚¿å“è³ªå‘ä¸Šã«ç¹‹ã’ã¾ã™ã€‚

**èª²é¡Œã¨å•é¡Œç‚¹:** ä¸€éƒ¨ã®é¡§å®¢IDã«ãƒ‡ãƒ¼ã‚¿æ¬ æãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚ãƒ‡ãƒ¼ã‚¿ã®å®Œå…¨æ€§ç¢ºä¿ã®ãŸã‚ã€ãƒ‡ãƒ¼ã‚¿ã‚¯ãƒ¬ãƒ³ã‚¸ãƒ³ã‚°ã¨ãƒ¢ãƒ‹ã‚¿ãƒªãƒ³ã‚°ã®å¼·åŒ–ãŒå¿…è¦ã§ã™ã€‚Looker Studioã§ã®ãƒ€ãƒƒã‚·ãƒ¥ãƒœãƒ¼ãƒ‰ä½œæˆã«æ™‚é–“ãŒã‹ã‹ã£ã¦ã„ã¾ã™ã€‚ã‚ˆã‚ŠåŠ¹çŽ‡çš„ãªå¯è¦–åŒ–æ–¹æ³•ã®æ¤œè¨ŽãŒå¿…è¦ã§ã™ã€‚

**ä»Šå¾Œã®äºˆå®š:** ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆXã§ã¯ã€ãƒãƒ£ãƒ¼ãƒ³äºˆæ¸¬ã®ãŸã‚ã®ãƒ‡ãƒ¼ã‚¿æ•´å‚™ã¨å¿…è¦ãªãƒ‡ãƒ¼ã‚¿ã®æŠ½å‡ºãƒ»å‰å‡¦ç†ã‚’è¡Œã„ã¾ã™ã€‚ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆY(ãƒãƒ£ãƒ¼ãƒ³äºˆæ¸¬ãƒ¢ãƒ‡ãƒ«)ã§ã¯ã€è¦ä»¶å®šç¾©æ›¸ã‚’ä½œæˆã—ã€é–¢ä¿‚è€…ã¨ã®æ‰“ã¡åˆã‚ã›ã‚’è¡Œã„ã¾ã™ã€‚

å…¨ä½“ã¨ã—ã¦ã€ãƒ‡ãƒ¼ã‚¿å‡¦ç†ã¯æ¦‚ãæˆåŠŸã—ã¾ã—ãŸãŒã€ãƒ‡ãƒ¼ã‚¿æ¬ æã‚„å¯è¦–åŒ–ã®åŠ¹çŽ‡æ€§ã¨ã„ã£ãŸèª²é¡ŒãŒæ®‹ã£ã¦ãŠã‚Šã€ä»Šå¾Œã®æ”¹å–„ãŒå¿…è¦ã§ã‚ã‚‹ã“ã¨ãŒå ±å‘Šã•ã‚Œã¦ã„ã¾ã™ã€‚

Gemini APIã¸ã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆã§ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰429ã€ŒResource exhausted, please try again later.ã€

2025-01-09T10:15:00+09:00

G-genã®æ‰æ‘ã§ã™ã€‚Vertex API çµŒç”±ã§ Gemini ãƒ¢ãƒ‡ãƒ«ã¸ API ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚’é€ä¿¡ã™ã‚‹éš›ã«ã€ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ 429 ã§ Resource exhausted, please try again later. ã¨ã„ã†ã‚¨ãƒ©ãƒ¼ãŒé »ç¹ã«ç™ºç”Ÿã—ã¾ã—ãŸã€‚ãã®åŽŸå› ã¨å¯¾å‡¦æ³•ã‚’ç´¹ä»‹ã—ã¾ã™ã€‚

äº‹è±¡
åŽŸå›
å¯¾å‡¦æ³•

äº‹è±¡

Vertex API çµŒç”±ã§ Gemini ãƒ¢ãƒ‡ãƒ«ã¸ API ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚’é€ä¿¡ã—ãŸéš›ã€ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ 429 ã§ Resource exhausted, please try again later. ã¨ã„ã†ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚ãƒ¬ã‚¹ãƒãƒ³ã‚¹å†…ã® status ã¯ RESOURCE_EXHAUSTED ã§ã™ã€‚

ã—ã°ã‚‰ãã—ã¦å†è©¦è¡Œã™ã‚‹ã¨ãƒªã‚¯ã‚¨ã‚¹ãƒˆãŒæˆåŠŸã™ã‚‹ã¨ããŒã‚ã‚Šã¾ã™ãŒã€ã—ã°ã—ã°åŒã˜ã‚¨ãƒ©ãƒ¼ã¨ãªã‚Šã¾ã™ã€‚

åŽŸå›

ã“ã®ã‚¨ãƒ©ãƒ¼ã¯ã€å‡¦ç†ã®ãŸã‚ã®ãƒªã‚½ãƒ¼ã‚¹ãŒ Google å´ã§æž¯æ¸‡ã™ã‚‹ã“ã¨ã‚’é˜²ããŸã‚ã€Google ã«ã‚ˆã£ã¦ API åˆ©ç”¨ãŒåˆ¶é™ã•ã‚Œã¦ã„ã‚‹ã“ã¨ã‚’æ„å‘³ã—ã¦ã„ã¾ã™ã€‚Google ã¯éšæ™‚ã€ç‰©ç†ã‚¤ãƒ³ãƒ•ãƒ©ã‚¹ãƒˆãƒ©ã‚¯ãƒãƒ£ã‚’å¼·åŒ–ã—ã¦ã„ã¾ã™ãŒã€Gemini API ã¯å¤šãã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã«åˆ©ç”¨ã•ã‚Œã¦ã„ã‚‹ãŸã‚ã€ã—ã°ã—ã°ã“ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒè¡¨ç¤ºã•ã‚Œã‚‹ã“ã¨ãŒã‚ã‚Šã¾ã™ã€‚

å‚è€ƒ : ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ 429

å¯¾å‡¦æ³•

2ã¤ã®å¯¾å‡¦æ¡ˆ

æ¬¡ã®ã„ãšã‚Œã‹ã®å¯¾å‡¦æ³•ãŒè€ƒãˆã‚‰ã‚Œã¾ã™ã€‚

ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã«ã‚¨ã‚¯ã‚¹ãƒãƒãƒ³ã‚·ãƒ£ãƒ«ãƒãƒƒã‚¯ã‚ªãƒ•ï¼ˆexponential backoffã€æŒ‡æ•°ãƒãƒƒã‚¯ã‚ªãƒ•ï¼‰ã‚’å®Ÿè£…ã™ã‚‹
Provisioned Throughputï¼ˆãƒ—ãƒãƒ“ã‚¸ãƒ§ãƒ‹ãƒ³ã‚°ã•ã‚ŒãŸã‚¹ãƒ«ãƒ¼ãƒ—ãƒƒãƒˆï¼‰ã‚’è³¼å…¥ã™ã‚‹

ã‚¨ã‚¯ã‚¹ãƒãƒãƒ³ã‚·ãƒ£ãƒ«ãƒãƒƒã‚¯ã‚ªãƒ•

1. ã®ã‚¨ã‚¯ã‚¹ãƒãƒãƒ³ã‚·ãƒ£ãƒ«ãƒãƒƒã‚¯ã‚ªãƒ•ï¼ˆæŒ‡æ•°ãƒãƒƒã‚¯ã‚ªãƒ•ï¼‰ã¯ã€ã‚¯ãƒ©ã‚¦ãƒ‰ã‚µãƒ¼ãƒ“ã‚¹ã® API ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚’ä½¿ç”¨ã™ã‚‹ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã‚’å®Ÿè£…ã™ã‚‹éš›ã«ä¸€èˆ¬çš„ãªæ‰‹æ³•ã§ã™ã€‚

ã‚¨ã‚¯ã‚¹ãƒãƒãƒ³ã‚·ãƒ£ãƒ«ãƒãƒƒã‚¯ã‚ªãƒ•ã§ã¯ã€API ãƒªã‚¯ã‚¨ã‚¹ãƒˆãŒã‚µãƒ¼ãƒãƒ¼å´ã‚¨ãƒ©ãƒ¼ã‚„ä¸€æ™‚çš„ãªéšœå®³ã§å¤±æ•—ã—ãŸå ´åˆã«ã€å¾…æ©Ÿæ™‚é–“ã‚’1ç§’ã€2ç§’ã€4ç§’ã€8ç§’...ã®ã‚ˆã†ã«ã¹ãä¹—ã—ãªãŒã‚‰å†è©¦è¡Œã‚’ç¹°ã‚Šè¿”ã—ã¾ã™ã€‚

å†è©¦è¡Œã‚’ç„¡é™ã«ç¹°ã‚Šè¿”ã•ãªã„ã‚ˆã†ã€è©¦è¡Œå›žæ•°ãŒè¦å®šã®å›žæ•°ã«é”ã—ã¦ã‚‚ãƒªã‚¯ã‚¨ã‚¹ãƒˆãŒæˆåŠŸã—ãªã„å ´åˆã€ã‚¨ãƒ©ãƒ¼çµ‚äº†ã•ã›ã‚‹ã‚ˆã†å®Ÿè£…ã—ã¾ã™ã€‚ã“ã®ã‚ˆã†ã«ãƒªãƒˆãƒ©ã‚¤å›žæ•°ã«ä¸Šé™ã‚’è¨ã‘ã‚‹ã“ã¨ã‚’ truncated exponential backoffï¼ˆåˆ‡ã‚Šæ¨ã¦åž‹ã‚¨ã‚¯ã‚¹ãƒãƒãƒ³ã‚·ãƒ£ãƒ«ãƒãƒƒã‚¯ã‚ªãƒ•ï¼‰ã¨ã‚‚å‘¼ã³ã¾ã™ã€‚

å‚è€ƒ : æŒ‡æ•°ãƒãƒƒã‚¯ã‚ªãƒ• ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ

ã“ã®æ‰‹æ³•ã‚’å–ã‚‹ã“ã¨ã«ã‚ˆã‚Šã€ãƒªãƒ¼ã‚¸ãƒ§ãƒ³ã§å¤šãã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‹ã‚‰ã® API ãƒªã‚¯ã‚¨ã‚¹ãƒˆãŒè¼»è¼³ã—ã¦ãƒªã‚½ãƒ¼ã‚¹ãŒæž¯æ¸‡ã—ã¦ã„ã‚‹å ´åˆã§ã‚‚ã€ã—ã°ã‚‰ãå¾…ã£ã¦ã‹ã‚‰å†è©¦è¡Œã™ã‚‹ã“ã¨ã§ã€æœ€çµ‚çš„ã« API ãƒªã‚¯ã‚¨ã‚¹ãƒˆãŒæˆåŠŸã™ã‚‹å¯èƒ½æ€§ã‚’é«˜ã‚ã‚‰ã‚Œã¾ã™ã€‚

Provisioned Throughput

Provisioned Throughput ã¨ã¯

2. ã® Provisioned Throughputï¼ˆãƒ—ãƒãƒ“ã‚¸ãƒ§ãƒ‹ãƒ³ã‚°ã•ã‚ŒãŸã‚¹ãƒ«ãƒ¼ãƒ—ãƒƒãƒˆï¼‰ã¨ã¯ã€Gemini ã‚„ Claude ã® API ã‚¹ãƒ«ãƒ¼ãƒ—ãƒƒãƒˆã‚’äº‹å‰ã«äºˆç´„è³¼å…¥ã—ã¦ãŠãã€å›ºå®šé‡‘é¡ã§åˆ©ç”¨ã™ã‚‹æœˆé¡ã‚µãƒ–ã‚¹ã‚¯ãƒªãƒ—ã‚·ãƒ§ãƒ³ã‚µãƒ¼ãƒ“ã‚¹ã§ã™ã€‚

Provisioned Throughput ã¯ã€äº‹å‰ã«ãƒ¢ãƒ‡ãƒ«ã¨ãƒã‚±ãƒ¼ã‚·ãƒ§ãƒ³ï¼ˆãƒªãƒ¼ã‚¸ãƒ§ãƒ³ï¼‰ã‚’æŒ‡å®šã—ã¦è³¼å…¥ã—ã¾ã™ã€‚ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã‚‹ãƒ¢ãƒ‡ãƒ«ã¯ gemini-1.5-flashã€gemini-1.5-proã€imagen-3.0-generate-001ã€Anthropic Claude 3.5 Sonnet ãªã©ã§ã™ã€‚å¯¾è±¡ãƒ¢ãƒ‡ãƒ«ã®ä¸€è¦§ã¯ä»¥ä¸‹ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚

å‚è€ƒ : ãƒ—ãƒãƒ“ã‚¸ãƒ§ãƒ‹ãƒ³ã‚°ã•ã‚ŒãŸã‚¹ãƒ«ãƒ¼ãƒ—ãƒƒãƒˆ

å‰è¿°ã®ã‚¨ã‚¯ã‚¹ãƒãƒãƒ³ã‚·ãƒ£ãƒ«ãƒãƒƒã‚¯ã‚ªãƒ•ã¯ãƒªã‚½ãƒ¼ã‚¹æž¯æ¸‡ã«å¯¾ã™ã‚‹æ ¹æœ¬çš„ãªå¯¾å‡¦ã«ã¯ãªã£ã¦ã„ã¾ã›ã‚“ãŒã€Provisioned Throughput ã‚’è³¼å…¥ã™ã‚‹æ–¹æ³•ã§ã¯ã€å¾“é‡èª²é‡‘åˆ©ç”¨ã‚ˆã‚Šã‚‚ãƒªã‚½ãƒ¼ã‚¹ãŒå„ªå…ˆã—ã¦ç¢ºä¿ã•ã‚Œã¾ã™ã€‚é‡è¦ãªæœ¬ç•ªç’°å¢ƒã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã§ã® Gemini ã®åˆ©ç”¨ã‚„ã€æœˆé¡åˆ©ç”¨æ–™é‡‘ã‚’å›ºå®šã—ãŸã„å ´åˆãªã©ã«åˆ©ç”¨ã‚’æ¤œè¨Žã—ã¾ã™ã€‚

GSU

Provisioned Throughput ã¯ã€GSUï¼ˆGenerative AI Scale Unitï¼‰ã¨ã„ã†å˜ä½ã§è³¼å…¥ã—ã¾ã™ã€‚1 GSU ã¯ã€ä¾‹ãˆã° Gemini 1.5 Pro ã®å ´åˆã€800æ–‡å—/ç§’ã§ã™ã€‚

ã“ã®ç§’ã‚ãŸã‚Šã®æ–‡å—æ•°ã«ã¤ã„ã¦ã€1æ–‡å—ã®ã‚¤ãƒ³ãƒ—ãƒƒãƒˆã¯1æ–‡å—ã¨ã—ã¦ã‚«ã‚¦ãƒ³ãƒˆã•ã‚Œã¾ã™ãŒã€ä¾‹ãˆã° Gemini 1.5 Pro ã®å ´åˆã€1æ–‡å—ã®ã‚¢ã‚¦ãƒˆãƒ—ãƒƒãƒˆã¯3æ–‡å—ã¨ã—ã¦ã‚«ã‚¦ãƒ³ãƒˆã•ã‚Œã¾ã™ã€‚ã¾ãŸ1æžšã®ç”»åƒã¯1,052æ–‡å—ã¨ã—ã¦ã‚«ã‚¦ãƒ³ãƒˆã•ã‚Œã¾ã™ã€‚ã“ã®æ¶ˆè²»æ–‡å—æ•°ã‚’ãƒãƒ¼ãƒ³ãƒ€ã‚¦ãƒ³çŽ‡ã¨ã„ã„ã¾ã™ã€‚

1 GSU ã‚ãŸã‚Šã®ã‚¹ãƒ«ãƒ¼ãƒ—ãƒƒãƒˆï¼ˆæ–‡å—/ç§’ï¼‰ã‚„ãƒãƒ¼ãƒ³ãƒ€ã‚¦ãƒ³çŽ‡ã¯ãƒ¢ãƒ‡ãƒ«ã«ã‚ˆã£ã¦ç•°ãªã‚‹ã®ã§ã€ä»¥ä¸‹ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚

å‚è€ƒ : ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã‚‹ãƒ¢ãƒ‡ãƒ«

è³¼å…¥æœŸé–“

Provisioned Throughput ã¯1ãƒ¶æœˆã€3ãƒ¶æœˆã€1å¹´ã®æœŸé–“ã§è³¼å…¥ã§ãã¾ã™ã€‚è‡ªå‹•æ›´æ–°ã‚’æœ‰åŠ¹ã«ã™ã‚‹ã“ã¨ã§ã€æ›´æ–°ä½œæ¥ã‚’çœç•¥ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ä¸€åº¦è³¼å…¥ã™ã‚‹ã¨ã€ã‚³ãƒŸãƒƒãƒˆã—ãŸæœŸé–“ã¯æ³¨æ–‡ã‚’ã‚ãƒ£ãƒ³ã‚»ãƒ«ã™ã‚‹ã“ã¨ã¯ã§ãã¾ã›ã‚“ã€‚

è³¼å…¥æ™‚ã«ã¯ãƒ¢ãƒ‡ãƒ«ã‚’æŒ‡å®šã™ã‚‹å¿…è¦ãŒã‚ã‚Šã€ç”Ÿæˆ AI ã§ã¯é »ç¹ã«æ–°ã—ã„ãƒ¢ãƒ‡ãƒ«ãŒç™»å ´ã™ã‚‹ã“ã¨ã‚’è€ƒæ…®ã™ã‚‹ã¨ã€1å¹´å˜ä½ã®è³¼å…¥ã«ã¯æ…Žé‡ã«ãªã‚‹ã¹ãã¨è€ƒãˆã‚‰ã‚Œã¾ã™ã€‚ãŸã ã—ä»¥ä¸‹ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã§ã¯ã€åŒã˜ãƒªãƒ¼ã‚¸ãƒ§ãƒ³å†…ã§ã‹ã¤åŒã˜äº‹æ¥è€…ã‹ã‚‰æä¾›ã•ã‚Œã¦ã„ã‚‹ãƒ¢ãƒ‡ãƒ«ã§ã‚ã‚Œã°ã€ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®åˆ‡ã‚Šæ›¿ãˆãŒã§ãã‚‹ã“ã¨ã‚‚ç¤ºã•ã‚Œã¦ã„ã¾ã™ã€‚

å‚è€ƒ : å®šæœŸè³¼å…¥ã‚’é–‹å§‹ã™ã‚‹å‰ã«è€ƒæ…®ã™ã¹ãã“ã¨

è³¼å…¥æ–¹æ³•ã¨æ–™é‡‘

è³¼å…¥ã¯ Google Cloud ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã®ã€Œãƒ—ãƒãƒ“ã‚¸ãƒ§ãƒ‹ãƒ³ã‚°ã•ã‚ŒãŸã‚¹ãƒ«ãƒ¼ãƒ—ãƒƒãƒˆã€ç”»é¢ï¼ˆhttps://console.cloud.google.com/vertex-ai/provisioned-throughputï¼‰ã‹ã‚‰è³¼å…¥ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

åŒç”»é¢ã§ãƒ¢ãƒ‡ãƒ«ã€ãƒªãƒ¼ã‚¸ãƒ§ãƒ³ã€GSU æ•°ã€æœŸé–“ã‚’å…¥åŠ›ã™ã‚‹ã¨ã€æ–™é‡‘è¦‹ç©ã‚‚ã‚ŠãŒè¡¨ç¤ºã•ã‚Œã¾ã™ã€‚

è³¼å…¥ã«å¿…è¦ãªæ¨©é™ãªã©ã®è©³ç´°ã¯ã€ä»¥ä¸‹ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’ã”å‚ç…§ãã ã•ã„ã€‚

å‚è€ƒ : ãƒ—ãƒãƒ“ã‚¸ãƒ§ãƒ‹ãƒ³ã‚°ã•ã‚ŒãŸã‚¹ãƒ«ãƒ¼ãƒ—ãƒƒãƒˆã‚’è³¼å…¥ã™ã‚‹

è€ƒæ…®äº‹é …

è€ƒæ…®äº‹é …ã¨ã—ã¦ã¯ã€ä»¥ä¸‹ãŒæŒ™ã’ã‚‰ã‚Œã¾ã™ã€‚

å®Ÿéš›ã®ã‚¹ãƒ«ãƒ¼ãƒ—ãƒƒãƒˆãŒ Provisioned Throughput ã®æ³¨æ–‡é‡ã‚’è¶…ãˆã‚‹ã¨ã€è¶…éŽåˆ†ã¯å¾“é‡èª²é‡‘ã§å‡¦ç†ã•ã‚Œã‚‹
æœªä½¿ç”¨ã®ã‚¹ãƒ«ãƒ¼ãƒ—ãƒƒãƒˆã¯ç¿Œæœˆã«ç¹°ã‚Šè¶Šã›ãªã„

ãã®ä»–ã®è€ƒæ…®äº‹é …ã«ã¤ã„ã¦ã¯ä»¥ä¸‹ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’æ³¨æ„æ·±ãã”å‚ç…§ãã ã•ã„ã€‚

å‚è€ƒ : å®šæœŸè³¼å…¥ã‚’é–‹å§‹ã™ã‚‹å‰ã«è€ƒæ…®ã™ã¹ãã“ã¨

çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã€Œãƒ‰ãƒ¡ã‚¤ãƒ³ã§åˆ¶é™ã•ã‚ŒãŸå…±æœ‰ã€(constraints/iam.allowedPolicyMemberDomains)ãŒé©ç”¨ã•ã‚Œã¦ã„ã¾ã™ã€‚ã¸ã®å¯¾å‡¦æ³•

2025-01-08T09:00:00+09:00

G-gen ã®æ¦äº•ã§ã™ã€‚å½“è¨˜äº‹ã§ã¯ IAM ãƒãƒªã‚·ãƒ¼ã‚’ç·¨é›†ã—ã‚ˆã†ã¨ã—ãŸéš›ã«ã€çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã€Œãƒ‰ãƒ¡ã‚¤ãƒ³ã§åˆ¶é™ã•ã‚ŒãŸå…±æœ‰ã€ï¼ˆconstraints/iam.allowedPolicyMemberDomainsï¼‰ãŒé©ç”¨ã•ã‚Œã¦ã„ã¾ã™ã€‚ ã¨è¡¨ç¤ºã•ã‚Œã¦ã‚¨ãƒ©ãƒ¼ã«ãªã£ãŸã¨ãã®å¯¾å‡¦æ³•ã‚’ç´¹ä»‹ã—ã¾ã™ã€‚

äº‹è±¡ã¨ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸
åŽŸå›
å¯¾å‡¦æ–¹æ³•
å¯¾å‡¦æ‰‹é †
çµæžœã®ç¢ºèª
æœ€å¾Œã«
- ãƒ¯ãƒ¼ã‚¯ã‚¢ãƒ©ã‚¦ãƒ³ãƒ‰
- é–¢é€£è¨˜äº‹

äº‹è±¡ã¨ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸

Google Cloudï¼ˆæ—§ç§° GCPï¼‰ã§ã€IAM ãƒãƒªã‚·ãƒ¼ã‚’ç·¨é›†ã—ã€Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã« IAM ãƒãƒ¼ãƒ«ã‚’ç´ã¥ã‘ã‚ˆã†ã¨ã—ãŸéš›ã«ã€ä»¥ä¸‹ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒè¡¨ç¤ºã•ã‚Œã€ç·¨é›†ãŒå¤±æ•—ã—ã¾ã—ãŸã€‚

çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã€Œãƒ‰ãƒ¡ã‚¤ãƒ³ã§åˆ¶é™ã•ã‚ŒãŸå…±æœ‰ã€ï¼ˆconstraints/iam.allowedPolicyMemberDomainsï¼‰ãŒé©ç”¨ã•ã‚Œã¦ã„ã¾ã™ã€‚

IAM ãƒãƒªã‚·ãƒ¼ã®æ›´æ–°ã«å¤±æ•—ã—ã¾ã—ãŸ
çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã€Œãƒ‰ãƒ¡ã‚¤ãƒ³ã§åˆ¶é™ã•ã‚ŒãŸå…±æœ‰ã€ï¼ˆconstraints/iam.allowedPolicyMemberDomainsï¼‰ãŒé©ç”¨ã•ã‚Œã¦ã„ã¾ã™ã€‚ãƒãƒªã‚·ãƒ¼ã§ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ã¨ã—ã¦è¿½åŠ ã§ãã‚‹ã®ã¯ã€è¨±å¯ã•ã‚ŒãŸãƒ‰ãƒ¡ã‚¤ãƒ³ã®ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ã®ã¿ã§ã™ã€‚ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ã®ãƒ¡ãƒ¼ãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’ä¿®æ£ã—ã¦ã€ã‚‚ã†ä¸€åº¦ãŠè©¦ã—ãã ã•ã„ã€‚å…±æœ‰å…ˆã®ãƒ‰ãƒ¡ã‚¤ãƒ³ã®åˆ¶é™ã®è©³ç´°

ãƒªã‚¯ã‚¨ã‚¹ãƒˆ ID: (æ•°å—)

åŽŸå›

ã“ã®äº‹è±¡ã¯ã€çµ„ç¹”ãƒãƒªã‚·ãƒ¼ã®åˆ¶ç´„ iam.allowedPolicyMemberDomains ãŒçµ„ç¹”ãƒ¬ãƒ™ãƒ«ã€ãƒ•ã‚©ãƒ«ãƒ€ãƒ¬ãƒ™ãƒ«ã¾ãŸã¯ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆãƒ¬ãƒ™ãƒ«ã§æœ‰åŠ¹åŒ–ã•ã‚Œã¦ã„ã‚‹ã¨ãã«ç™ºç”Ÿã—ã¾ã™ã€‚

iam.allowedPolicyMemberDomains ã¯ã€è¨±å¯ã•ã‚Œã¦ã„ãªã„çµ„ç¹”ã«æ‰€å±žã™ã‚‹ Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã¸ã®æ¨©é™ä»˜ä¸Žã‚’ç¦æ¢ã™ã‚‹åˆ¶ç´„ã§ã™ã€‚ä¾‹ã¨ã—ã¦ã€g-gen.co.jp ã¨ã„ã†çµ„ç¹”ã® Google Cloud ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã§ã€example.comï¼ˆä»–çµ„ç¹”ï¼‰ã®ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ã«å¯¾ã—ã¦ IAM ãƒãƒ¼ãƒ«ã‚’ä»˜ä¸Žã—ã‚ˆã†ã¨ã™ã‚‹ã‚±ãƒ¼ã‚¹ãŒè©²å½“ã—ã¾ã™ã€‚

å‚è€ƒï¼šãƒ‰ãƒ¡ã‚¤ãƒ³åˆ¥ã® ID ã®åˆ¶é™

ã“ã®åˆ¶ç´„ã¯ã€2024å¹´åˆé ä»¥é™ã«ä½œæˆã•ã‚ŒãŸ Google Cloud çµ„ç¹”ã§ã¯ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§æœ‰åŠ¹åŒ–ã•ã‚Œã¦ã„ã¾ã™ã€‚ãã‚Œä»¥å‰ã«ä½œæˆã•ã‚ŒãŸçµ„ç¹”ã§ã‚‚ã€ç®¡ç†è€…ãŒæ˜Žç¤ºçš„ã«ã“ã®åˆ¶ç´„ã‚’æœ‰åŠ¹åŒ–ã—ã¦ã„ã‚‹å ´åˆã¯ã€ã“ã®äº‹è±¡ãŒç™ºç”Ÿã—ã¾ã™ã€‚

å‚è€ƒï¼šçµ„ç¹”ãƒªã‚½ãƒ¼ã‚¹ã«é©ç”¨ã•ã‚Œã‚‹çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼

ãªãŠçµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã¨ã¯ã€ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚„çµ±åˆ¶ã®å‘ä¸Šã®ãŸã‚ã«ã€æ‰€å®šã®ãƒ«ãƒ¼ãƒ«ã‚’ Google Cloud ç’°å¢ƒå…¨ä½“ã«é©ç”¨ã™ã‚‹ä»•çµ„ã¿ã®ã“ã¨ã§ã™ã€‚çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã®è©³ç´°ã¯ã€ä»¥ä¸‹ã®è¨˜äº‹ã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚

blog.g-gen.co.jp

å¯¾å‡¦æ–¹æ³•

çµ„ç¹”ãƒãƒªã‚·ãƒ¼ã®åˆ¶ç´„ iam.allowedPolicyMemberDomains ã¯ãƒªã‚¹ãƒˆåž‹ã®åˆ¶ç´„ã§ã€ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§ã¯è‡ªçµ„ç¹”ã®ã¿ãŒè¨±å¯ã•ã‚Œã¦ã„ã¾ã™ã€‚

ã—ãŸãŒã£ã¦ã€ä»–çµ„ç¹”ã® Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã« IAM ãƒãƒ¼ãƒ«ã‚’ä»˜ä¸Žã—ãŸã„å ´åˆã¯ã“ã®åˆ¶ç´„ã®è¨±å¯ãƒªã‚¹ãƒˆã«ã€ãã®çµ„ç¹”ã‚’æ˜Žç¤ºçš„ã«è¿½åŠ ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

çµ„ç¹”ãƒãƒªã‚·ãƒ¼ã®åˆ¶ç´„ã¯ã€çµ„ç¹”ãƒ¬ãƒ™ãƒ«ã€ãƒ•ã‚©ãƒ«ãƒ€ãƒ¬ãƒ™ãƒ«ã€ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆãƒ¬ãƒ™ãƒ«ã§é©ç”¨ã™ã‚‹ã“ã¨ãŒã§ãã€è¦ªãƒªã‚½ãƒ¼ã‚¹ã®ãƒãƒªã‚·ãƒ¼ã¯åãƒªã‚½ãƒ¼ã‚¹ã«ç¶™æ‰¿ã•ã‚Œã¾ã™ã€‚ãŸã ã—ã€æ˜Žç¤ºçš„ã«è¨å®šã™ã‚‹ã“ã¨ã§ã€åãƒªã‚½ãƒ¼ã‚¹å´ã§è¦ªãƒªã‚½ãƒ¼ã‚¹ã®åˆ¶ç´„ã‚’ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ï¼ˆä¸Šæ›¸ãï¼‰ã™ã‚‹ã“ã¨ã‚‚å¯èƒ½ã§ã™ã€‚

ã‚ˆã£ã¦ã€å–ã‚Šå¾—ã‚‹é¸æŠžè‚¢ã¨ã—ã¦ã¯ã€ä»¥ä¸‹ã®ã„ãšã‚Œã‹ã«ãªã‚Šã¾ã™ã€‚

iam.allowedPolicyMemberDomains ã‚’çµ„ç¹”ãƒ¬ãƒ™ãƒ«ã§ç·¨é›†ã™ã‚‹
iam.allowedPolicyMemberDomains ã‚’ãƒ•ã‚©ãƒ«ãƒ€ãƒ¬ãƒ™ãƒ«ã§ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã—ã¦ç·¨é›†ã™ã‚‹
iam.allowedPolicyMemberDomains ã‚’ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆãƒ¬ãƒ™ãƒ«ã§ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã—ã¦ç·¨é›†ã™ã‚‹

ä¸Šè¨˜ã®ã†ã¡ 1.ã€2. ã®å ´åˆã€çµ„ç¹”å…¨ä½“ã‚‚ã—ãã¯ãƒ•ã‚©ãƒ«ãƒ€å…¨ä½“ã§å½±éŸ¿ãŒåŠã³ã¾ã™ãŒã€3. ã®å½±éŸ¿ç¯„å›²ã¯å½“è©²ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã®ã¿ã§ã™ã€‚

ã”è‡ªèº«ã®ç’°å¢ƒæ§‹æˆã¨ç…§ã‚‰ã—åˆã‚ã›ã€å½±éŸ¿ç¯„å›²ã‚’ååˆ†ã«ç†è§£ã—ãŸã†ãˆã§é©åˆ‡ãªã‚¹ã‚³ãƒ¼ãƒ—ã§è¨å®šã„ãŸã ãã“ã¨ã‚’æŽ¨å¥¨ã—ã¾ã™ã€‚

å¯¾å‡¦æ‰‹é †

é¡§å®¢ ID ã®ç¢ºèª

è¨±å¯ãƒªã‚¹ãƒˆã«å¤–éƒ¨çµ„ç¹”ã‚’è¿½åŠ ã™ã‚‹ã«ã¯ã€ãã®çµ„ç¹”ã®é¡§å®¢ IDã‚’æŠŠæ¡ã—ã¦ãŠãå¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

ä»¥ä¸‹ã‚’å‚è€ƒã«è¿½åŠ å¯¾è±¡çµ„ç¹”ã®é¡§å®¢ ID ã‚’å–å¾—ã—ã¦ãã ã•ã„ã€‚

å‚è€ƒ : Google Workspace ãŠå®¢æ§˜ ID ã®å–å¾— (gcloud / APIã‹ã‚‰å–å¾—)
å‚è€ƒ : é¡§å®¢ ID ã®ç¢ºèª (Admin ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã‹ã‚‰å–å¾—)

ã¾ãŸã€ä»¥ä¸‹ã®è¨˜äº‹ã‚‚å‚è€ƒã«ã—ã¦ãã ã•ã„ã€‚

blog.g-gen.co.jp

IAM æ¨©é™ã®ç¢ºèª

å½“æ‰‹é †ã‚’å®Ÿæ–½ã™ã‚‹ã«ã¯ã€æ“ä½œã™ã‚‹ Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã€ã‚‚ã—ãã¯ã‚¢ã‚«ã‚¦ãƒ³ãƒˆãŒæ‰€å±žã™ã‚‹ã‚°ãƒ«ãƒ¼ãƒ—ãŒã€çµ„ç¹”ãƒ¬ãƒ™ãƒ«ã§çµ„ç¹”ãƒãƒªã‚·ãƒ¼ç®¡ç†è€…ï¼ˆroles/orgpolicy.policyAdminï¼‰ãƒãƒ¼ãƒ«ã‚’æŒã£ã¦ã„ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

çµ„ç¹”ãƒãƒªã‚·ãƒ¼ç®¡ç†è€…ã‚’ä»˜ä¸Žã§ãã‚‹æœ€ã‚‚ä¸‹ä½ãƒ¬ãƒ™ãƒ«ã®ãƒªã‚½ãƒ¼ã‚¹ã¯ã€Œçµ„ç¹”ã€ã§ã™ã€‚ã‚ˆã£ã¦ã€ãƒ•ã‚©ãƒ«ãƒ€ã‚„ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆãƒ¬ãƒ™ãƒ«ã§åˆ¶ç´„ã‚’ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã™ã‚‹å ´åˆã§ã‚‚ã€çµ„ç¹”ãƒ¬ãƒ™ãƒ«ã§çµ„ç¹”ãƒãƒªã‚·ãƒ¼ç®¡ç†è€…ãƒãƒ¼ãƒ«ã‚’æŒã£ã¦ã„ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

ä½œæ¥è€…ã® Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆãŒå¿…è¦ãªæ¨©é™ã‚’æŒã£ã¦ã„ãªã„å ´åˆã¯ã€çµ„ç¹”ãƒ¬ãƒ™ãƒ«ã§ IAM ãƒãƒ¼ãƒ«ã€Œçµ„ç¹”ãƒãƒªã‚·ãƒ¼ç®¡ç†è€…ã€ã‚’ä»˜ä¸Žã—ã¦ãã ã•ã„ã€‚

å‚è€ƒ : IAM ã‚’ä½¿ç”¨ã—ãŸçµ„ç¹”ãƒªã‚½ãƒ¼ã‚¹ã®ã‚¢ã‚¯ã‚»ã‚¹åˆ¶å¾¡

çµ„ç¹”ã€ãƒ•ã‚©ãƒ«ãƒ€ã¾ãŸã¯ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã‚’é¸æŠž

Google Cloud ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã«ãƒã‚°ã‚¤ãƒ³ã—ã€ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã‚»ãƒ¬ã‚¯ã‚¿ãƒ¼ã‚’ã‚¯ãƒªãƒƒã‚¯ã—ã¦ã€åˆ¶ç´„ã‚’ç„¡åŠ¹åŒ–ã‚’é©ç”¨ã™ã‚‹çµ„ç¹”ã€ãƒ•ã‚©ãƒ«ãƒ€ã€ã¾ãŸã¯ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã‚’é¸æŠžã—ã¾ã™ã€‚

å½“è¨˜äº‹ã®ã€Œå¯¾å‡¦æ–¹æ³•ã€ã‚’ã‚ˆããŠèªã¿ã«ãªã‚Šã€åˆ¶ç´„ã®ç·¨é›†ä½ç½®ã‚’æ±ºã‚ãŸã†ãˆã§é¸æŠžã—ã¦ãã ã•ã„ã€‚

çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ç”»é¢ã¸é·ç§»

ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ä¸Šéƒ¨ã®æ¤œç´¢ãƒœãƒƒã‚¯ã‚¹ã«ã€Œçµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã€ã¨å…¥åŠ›ã—ã€ã‚µã‚¸ã‚§ã‚¹ãƒˆã•ã‚ŒãŸçµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã‚’é¸æŠžã—ã¾ã™ã€‚

ã¾ãŸã¯ã€IAM ã¨ç®¡ç†ç”»é¢ã‹ã‚‰ç›´æŽ¥é·ç§»ã—ã¦ã‚‚æ§‹ã„ã¾ã›ã‚“ã€‚

åˆ¶ç´„ã®ç·¨é›†ç”»é¢ã¸é·ç§»

åˆ¶ç´„ä¸€è¦§ã®ä¸Šéƒ¨ã®ãƒ•ã‚£ãƒ«ã‚¿ã« constraints/iam.allowedPolicyMemberDomains ã‚’å…¥åŠ›ã—ã€ãƒ•ã‚£ãƒ«ã‚¿çµæžœã®ä¸ã‹ã‚‰ Domain restricted sharing ã‚’ã‚¯ãƒªãƒƒã‚¯ã—ã¦ç·¨é›†ç”»é¢ã¸é·ç§»ã—ã¾ã™ã€‚

åˆ¶ç´„ã‚’ç·¨é›†

ãƒãƒªã‚·ãƒ¼ã‚’ç®¡ç†ã‚’ã‚¯ãƒªãƒƒã‚¯ã—ã¾ã™ã€‚

ä»¥ä¸‹ã®é †ã§ãƒ«ãƒ¼ãƒ«ã‚’è¿½åŠ ã—ã€æœ€å¾Œã«ãƒãƒªã‚·ãƒ¼ã‚’è¨å®šã‚’ã‚¯ãƒªãƒƒã‚¯ã—ã¾ã™ã€‚

#	é …ç›®	è¨å®šå€¤
1	ãƒãƒªã‚·ãƒ¼ã®ã‚½ãƒ¼ã‚¹	`è¦ªã®ãƒãƒªã‚·ãƒ¼ã‚’ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã™ã‚‹`
2	ãƒãƒªã‚·ãƒ¼ã®é©ç”¨	`è¦ªã¨çµåˆã™ã‚‹` â€»è¦ªã®è¨å®šã‚’ä¸Šæ›¸ãã™ã‚‹å ´åˆã¯`äº¤æ›`ã‚’é¸æŠžã™ã‚‹
3	ãƒãƒªã‚·ãƒ¼ã®å€¤	`ã‚«ã‚¹ã‚¿ãƒ` ã‚’é¸æŠžã™ã‚‹
4	ãƒãƒªã‚·ãƒ¼ã‚¿ã‚¤ãƒ—	`è¨±å¯`ã‚’é¸æŠžã™ã‚‹
5	ã‚«ã‚¹ã‚¿ãƒ å€¤	`é¡§å®¢ID`ã‚’å…¥åŠ›ã™ã‚‹

çµæžœã®ç¢ºèª

è¨å®šãŒå®Œäº†ã™ã‚‹ã¨ã€ä»¥ä¸‹ã®ã‚ˆã†ãªè¡¨ç¤ºã«ãªã‚Šã¾ã™ã€‚

æœ€å¾Œã«

ãƒ¯ãƒ¼ã‚¯ã‚¢ãƒ©ã‚¦ãƒ³ãƒ‰

çµ„ç¹”ãƒãƒªã‚·ãƒ¼ã®å¤‰æ›´ãŒé›£ã—ã„å ´åˆã¯ã€Google ã‚°ãƒ«ãƒ¼ãƒ—ã«å¤–éƒ¨çµ„ç¹”ã®ãƒ¡ãƒ³ãƒãƒ¼ã‚’è¿½åŠ ã—ã€ãã®ã‚°ãƒ«ãƒ¼ãƒ—ã«æ¨©é™ã‚’ä»˜ä¸Žã™ã‚‹ã“ã¨ã§ãƒ‰ãƒ¡ã‚¤ãƒ³åˆ¶é™ã®åˆ¶ç´„ã‚’å›žé¿ã™ã‚‹ã“ã¨ã‚‚å¯èƒ½ã§ã™ã€‚

è©³ç´°ã¯ä»¥ä¸‹ã®å…¬å¼ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’ã”ç¢ºèªãã ã•ã„ã€‚

å‚è€ƒ : Google ã‚°ãƒ«ãƒ¼ãƒ—

é–¢é€£è¨˜äº‹

blog.g-gen.co.jp

2024å¹´12æœˆã®ã‚¤ãƒã‚ªã‚·Google Cloudã‚¢ãƒƒãƒ—ãƒ‡ãƒ¼ãƒˆ

2025-01-06T09:00:00+09:00

G-gen ã®æ‰æ‘ã§ã™ã€‚2024å¹´12æœˆã®ã‚¤ãƒã‚ªã‚· Google Cloudï¼ˆæ—§ç§° GCPï¼‰ã‚¢ãƒƒãƒ—ãƒ‡ãƒ¼ãƒˆã‚’ã¾ã¨ã‚ã¦ã”ç´¹ä»‹ã—ã¾ã™ã€‚è¨˜è¼‰ã¯å…¨ã¦ã€è¨˜äº‹å…¬é–‹å½“æ™‚ã®ã‚‚ã®ã§ã™ã®ã§ã”ç•™æ„ãã ã•ã„ã€‚

ã¯ã˜ã‚ã«
Google ãƒ•ã‚©ãƒ¼ãƒ ã§æ–°ã—ã„æ¨©é™ã€ŒResponderï¼ˆå›žç”è€…ï¼‰ã€ãŒåˆ©ç”¨å¯èƒ½ã«
Vertex AI Search ã§ gemini-1.5-flash-002-high-fidelityï¼ˆPreviewï¼‰
Google Deepmindã€å¤§è¦æ¨¡ä¸–ç•Œãƒ¢ãƒ‡ãƒ« Genie 2 ã‚’ç™ºè¡¨
Parameter Manager ãŒ Preview å…¬é–‹
ç”»åƒç”Ÿæˆãƒ¢ãƒ‡ãƒ«ã€ŒImagen 3ã€ãŒä¸€èˆ¬å…¬é–‹
Gemini 2.0 ãŒç™ºè¡¨
BigQuery ã®ã‚¯ãƒã‚¹ãƒªãƒ¼ã‚¸ãƒ§ãƒ³ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆãƒ¬ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ãŒ GA
BigQuery ã§ BigQuery Managed Disaster Recovery ãŒ GA
VPC SC ã® Ingress/Egress rules ã® Google ã‚°ãƒ«ãƒ¼ãƒ—æŒ‡å®šãŒ GA
Google Workspace ã§ NotebookLM Plus ãŒåˆ©ç”¨å¯èƒ½ã«
æ–°ã‚µãƒ¼ãƒ“ã‚¹ Google Agentspace ãŒç™ºè¡¨
Compute Engine ã§ Windows Server 2025 ãŒåˆ©ç”¨å¯èƒ½ã«
Cloud IAM ã§ Principal access boundary policies ãŒ Preview â†’ GA
Looker Studio ã®ãƒ‡ãƒ¼ã‚¿ã‚½ãƒ¼ã‚¹ç·¨é›†ç”»é¢ã§ãƒ‡ãƒ¼ã‚¿ã®ãƒ—ãƒ¬ãƒ“ãƒ¥ãƒ¼ãŒå¯èƒ½ã«
å…¨ã‚¨ãƒ‡ã‚£ã‚·ãƒ§ãƒ³ã§ AppSheet ç®¡ç†ç”»é¢ãŒåˆ©ç”¨å¯èƒ½ã«
Gemini 2.0 Flash Thinking ã®è©¦é¨“é‹ç”¨ç‰ˆãŒ Google AI Studio ã§å…¬é–‹
Google ãƒ‰ãƒ©ã‚¤ãƒ–ã§å‹•ç”»ã‚’ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰å¾Œã™ãã«å†ç”Ÿã§ãã‚‹ã‚ˆã†ã«

ã¯ã˜ã‚ã«

å½“è¨˜äº‹ã§ã¯ã€æ¯Žæœˆã® Google Cloudï¼ˆæ—§ç§° GCPï¼‰ã‚„ Google Workspaceï¼ˆæ—§ç§° GSuiteï¼‰ã®ã‚¢ãƒƒãƒ—ãƒ‡ãƒ¼ãƒˆã®ã†ã¡ã€ç‰¹ã«é‡è¦ãªã‚‚ã®ã‚’ã¾ã¨ã‚ã¾ã™ã€‚

ã¾ãŸå½“è¨˜äº‹ã¯ã€Google Cloud ã«é–¢ã™ã‚‹ã‚ã‚‹ç¨‹åº¦ã®çŸ¥è˜ã‚’å‰æã«è¨˜è¼‰ã•ã‚Œã¦ã„ã¾ã™ã€‚å‰æçŸ¥è˜ã‚’å¾—ã‚‹ã«ã¯ã€ãœã²ä»¥ä¸‹ã®è¨˜äº‹ã‚‚ã”å‚ç…§ãã ã•ã„ã€‚

blog.g-gen.co.jp

ãƒªãƒ³ã‚¯å…ˆã®å…¬å¼ã‚¬ã‚¤ãƒ‰ã¯ã€è‹±èªžç‰ˆã§è¡¨ç¤ºã—ãªã„ã¨æœ€æ–°æƒ…å ±ãŒåæ˜ ã•ã‚Œã¦ã„ãªã„å ´åˆãŒã‚ã‚Šã¾ã™ãŸã‚ã”æ³¨æ„ãã ã•ã„ã€‚

Google ãƒ•ã‚©ãƒ¼ãƒ ã§æ–°ã—ã„æ¨©é™ã€ŒResponderï¼ˆå›žç”è€…ï¼‰ã€ãŒåˆ©ç”¨å¯èƒ½ã«

Adding granular control options for who can respond to Google Forms (2024-12-03)

Google ãƒ•ã‚©ãƒ¼ãƒ ã§æ–°ã—ã„æ¨©é™ã€ŒResponderï¼ˆå›žç”è€…ï¼‰ã€ãŒåˆ©ç”¨å¯èƒ½ã«ã€‚

å¾“æ¥ã¯ãƒ•ã‚©ãƒ¼ãƒ ã‚’ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆå…¬é–‹ã™ã‚‹ã‹ã€å›žç”å¯èƒ½ãªäººã‚’çµžã‚‹ã¨ãã¯ç‰¹å®šãƒ‰ãƒ¡ã‚¤ãƒ³ã«ã—ã‹é™å®šã§ããªã‹ã£ãŸã€‚ä»Šå¾Œã¯ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚„ã‚°ãƒ«ãƒ¼ãƒ—ã«é™å®šã—ã¦å…¬é–‹ã™ã‚‹ã“ã¨ãŒå¯èƒ½ã«ãªã£ãŸã€‚

Vertex AI Search ã§ gemini-1.5-flash-002-high-fidelityï¼ˆPreviewï¼‰

High fidelity models (2024-12-04)

Vertex AI Search ã§ gemini-1.5-flash-002-high-fidelity ãƒ¢ãƒ‡ãƒ«ãŒ Preview å…¬é–‹ã€‚

gemini-1.5-flash-002-high-fidelity ãƒ¢ãƒ‡ãƒ«ã¨ã¯ã€ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆãƒ™ãƒ¼ã‚¹ã®è³ªå•ã«æœ€é©åŒ–ã•ã‚ŒãŸ RAG ç”¨ãƒ¢ãƒ‡ãƒ«ã€‚æ£ç¢ºæ€§ã‚„å®‰å…¨æ€§ã‚’é‡è¦–ã—ãŸãƒãƒ¥ãƒ¼ãƒ‹ãƒ³ã‚°ãŒã•ã‚Œã¦ã„ã‚‹ã€‚é‡‘èžã€ãƒ˜ãƒ«ã‚¹ã‚±ã‚¢ãªã©æ£ç¢ºæ€§ãŒé‡è¦ãªç”¨é€”ã‚’æƒ³å®šã€‚

Google Deepmindã€å¤§è¦æ¨¡ä¸–ç•Œãƒ¢ãƒ‡ãƒ« Genie 2 ã‚’ç™ºè¡¨

Genie 2: A large-scale foundation world model (2024-12-04)

Google Deepmind ãŒã€åŸºç›¤ä¸–ç•Œãƒ¢ãƒ‡ãƒ«ï¼ˆA large-scale foundation world modelï¼‰Genie 2 ã‚’ç™ºè¡¨ã—ãŸã€‚

ã‚¢ã‚¯ã‚·ãƒ§ãƒ³åˆ¶å¾¡å¯èƒ½ã§ãƒ—ãƒ¬ã‚¤å¯èƒ½ãª 3D ç’°å¢ƒã‚’ç”Ÿæˆã§ãã‚‹ã€‚ç”Ÿæˆã—ãŸãƒ¯ãƒ¼ãƒ«ãƒ‰ã¯ã€ã‚ãƒ¼ãƒœãƒ¼ãƒ‰ã¨ãƒžã‚¦ã‚¹å…¥åŠ›ã‚’ä½¿ç”¨ã—ã¦ã€äººé–“ã¾ãŸã¯ AI ã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆã«ã‚ˆã£ã¦ãƒ—ãƒ¬ã‚¤ã§ãã‚‹ã€‚ä¸€äººç§°è¦–ç‚¹ã€ã‚¢ã‚¤ã‚½ãƒ¡ãƒˆãƒªãƒƒã‚¯ ãƒ“ãƒ¥ãƒ¼ã€ä¸‰äººç§°é‹è»¢ãƒ“ãƒ‡ã‚ªãªã©ã€ã•ã¾ã–ã¾ãªç’°å¢ƒã‚’ç”Ÿæˆå¯èƒ½ã€‚

Parameter Manager ãŒ Preview å…¬é–‹

Parameter Manager overview (2024-12-06)

Secret Manager ã®æ´¾ç”Ÿæ©Ÿèƒ½ã¨ã—ã¦ Parameter Manager ãŒ Preview å…¬é–‹ã€‚

ç’°å¢ƒè¨å®šå€¤ã‚’é›†ä¸ç®¡ç†ã™ã‚‹ä»•çµ„ã¿ã€‚ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆç®¡ç†ã‚‚å¯èƒ½ã ãŒã€Secret Manager ã«ã¯å˜åœ¨ã™ã‚‹ã€Œrotation schedulesã€ãŒç„¡ã„ãªã©ã®å·®ç•°ãŒã‚ã‚‹ã€‚ç¾åœ¨ gcloud/REST ã®ã¿ã§æä¾›ã€‚ ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆæƒ…å ±ã¯ Secret Manager ã§ã€ãã®ä»–ã®ç’°å¢ƒå›ºæœ‰è¨å®šå€¤ã¯ Parameter Manager ã§ç®¡ç†ã™ã‚‹ã“ã¨ãŒæƒ³å®šã•ã‚Œã‚‹

Parameter Manager ã‹ã‚‰ Secret Manager ã®ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã‚’å‚ç…§ã™ã‚‹ã“ã¨ã‚‚ã§ãã€ã¡ã‚‡ã†ã© AWS Secret Manager ã¨ Parameter Store ã®é–¢ä¿‚ã«ä¼¼ã¦ã„ã‚‹ã€‚

ç”»åƒç”Ÿæˆãƒ¢ãƒ‡ãƒ«ã€ŒImagen 3ã€ãŒä¸€èˆ¬å…¬é–‹

Imagen on Vertex AI | AI Image Generator (2024-12-10)

ç”»åƒç”Ÿæˆãƒ¢ãƒ‡ãƒ«ã€ŒImagen 3ã€ãŒä¸€èˆ¬å…¬é–‹ã•ã‚ŒãŸã€‚ã“ã‚Œã¾ã§ã¯è¨±å¯ãƒªã‚¹ãƒˆåˆ¶ã ã£ãŸãŒVertex AIçµŒç”±ã§å…¨ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒåˆ©ç”¨å¯èƒ½ã«ãªã£ãŸã€‚ä»¥ä¸‹ã®ãƒ¢ãƒ‡ãƒ«ãŒåˆ©ç”¨å¯èƒ½ã€‚

imagen-3.0-generate-001
imagen-3.0-fast-generate-001

ãŸã ã—ç”»åƒã®ç·¨é›†ã‚„ few-shot learning ãŒå¯èƒ½ãªä»¥ä¸‹ã®ãƒ¢ãƒ‡ãƒ«ã¯å¼•ãç¶šãã€è¨±å¯åˆ¶ã€‚

imagen-3.0-capability

Gemini 2.0 ãŒç™ºè¡¨

Googleã€ã€ŒGemini 2.0ã€ã‚’ç™ºè¡¨ã€AIãƒ¢ãƒ‡ãƒ«ã¯â€ã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆæ™‚ä»£â€ã« (2024-12-12)

Google ãŒç”ŸæˆAIãƒ¢ãƒ‡ãƒ« Gemini ã®æœ€æ–°ç‰ˆã€Gemini 2.0 ã‚’ç™ºè¡¨ã€‚

ãƒžãƒ«ãƒãƒ¢ãƒ¼ãƒ€ãƒ«å¯¾å¿œãŒã•ã‚‰ã«å¼·åŒ–ã€‚gemini-2.0-flash-exp ãŒ Gemini ã‚¢ãƒ—ãƒªã‚„ Vertex AI Studioã€Google AI Studio ã§æ—¢ã«ä½¿ç”¨å¯èƒ½ã«ãªã£ã¦ã„ã‚‹ã€‚

BigQuery ã®ã‚¯ãƒã‚¹ãƒªãƒ¼ã‚¸ãƒ§ãƒ³ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆãƒ¬ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ãŒ GA

Cross-region dataset replication (2024-12-11)

BigQuery ã§ã‚¯ãƒã‚¹ãƒªãƒ¼ã‚¸ãƒ§ãƒ³ ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆãƒ¬ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ãŒ Preview â†’ GAã€‚

åˆ¥ãƒªãƒ¼ã‚¸ãƒ§ãƒ³ã«ãƒ‡ãƒ¼ã‚¿ã‚’éžåŒæœŸã§è¤‡è£½ã—ã€ãƒ‡ãƒ¼ã‚¿ã®å …ç‰¢æ€§ã¨å¯ç”¨æ€§ã‚’é«˜ã‚ã‚‰ã‚Œã‚‹ã€‚ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆã®ãƒªãƒ¼ã‚¸ãƒ§ãƒ³é–“ç§»è¡Œã«ã‚‚åˆ©ç”¨å¯èƒ½ã€‚

ãŸã ã—ãƒ—ãƒ©ã‚¤ãƒžãƒªãƒªãƒ¼ã‚¸ãƒ§ãƒ³ãŒéšœå®³æ™‚ã€ã‚»ã‚«ãƒ³ãƒ€ãƒªãƒªãƒ¼ã‚¸ãƒ§ãƒ³ã¯ Read Only ã«ãªã‚‹ã€‚è©³ç´°ã¯ä»¥ä¸‹ã®è¨˜äº‹ã‚‚å‚ç…§ã€‚

blog.g-gen.co.jp

BigQuery ã§ BigQuery Managed Disaster Recovery ãŒ GA

Managed disaster recovery (2024-12-11)

BigQuery ã§ BigQuery Managed Disaster Recovery ãŒ Preview â†’ GAã€‚

ãƒªãƒ¼ã‚¸ãƒ§ãƒ³éšœå®³ã®ã¨ãã«ãƒ‡ãƒ¼ã‚¿ã®ã¿ãªã‚‰ãšã‚³ãƒ³ãƒ”ãƒ¥ãƒ¼ãƒˆãƒªã‚½ãƒ¼ã‚¹äºˆç´„ã‚‚ãƒ•ã‚§ã‚¤ãƒ«ã‚ªãƒ¼ãƒã—ã€æ›¸ãè¾¼ã¿ã‚’å«ã‚€ãƒ¯ãƒ¼ã‚¯ãƒãƒ¼ãƒ‰ã‚’ç¶™ç¶šã§ãã‚‹ã€‚

VPC SC ã® Ingress/Egress rules ã® Google ã‚°ãƒ«ãƒ¼ãƒ—æŒ‡å®šãŒ GA

VPC Service Controls release notes - December 11, 2024 (2024-12-11)

VPC Service Controls å¢ƒç•Œã§ Ingress/Egress rules ã§ã® Google ã‚°ãƒ«ãƒ¼ãƒ—æŒ‡å®šãŒ Preview â†’ GAã€‚

å¾“æ¥ã¯ Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’ç›´æŽ¥æŒ‡å®šã™ã‚‹å¿…è¦ãŒã‚ã£ãŸãŒã€ã‚°ãƒ«ãƒ¼ãƒ—æŒ‡å®šãŒã§ãã‚‹ã‚ˆã†ã«ãªã‚Šã€é‹ç”¨ã®ç…©é›‘ã•ãŒã‚„ã‚„è§£æ¶ˆã•ã‚Œã‚‹ã€‚

Google Workspace ã§ NotebookLM Plus ãŒåˆ©ç”¨å¯èƒ½ã«

NotebookLM Plus now available to Google Workspace customers (2024-12-13)

Google Workspace ã§ NotebookLM Plus ãŒåˆ©ç”¨å¯èƒ½ã«ã€‚ã‚‚ã¨ã‚‚ã¨ç„¡æ–™ã§åˆ©ç”¨ã§ããŸ NotebookLM ã®æœ‰å„Ÿç‰ˆã€‚Plus ã§ã¯æ§˜ã€…ãªæ©Ÿèƒ½ã€åˆ¶é™ç·©å’Œã€ãƒ‡ãƒ¼ã‚¿ã®ä¿è·ãŒè¿½åŠ ã•ã‚Œã‚‹ã€‚

NotebookLM ã¯è‡ªåˆ†å°‚ç”¨ã®AIãƒŽãƒ¼ãƒˆãƒ–ãƒƒã‚¯ã€‚ãƒ‡ãƒ¼ã‚¿ã‚’ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ã—ã¦ç”ŸæˆAIã«èªã¿è¾¼ã¾ã›ç”Ÿæˆãƒ†ã‚ã‚¹ãƒˆã‚„è‡ªåˆ†ã®ãƒ¡ãƒ¢ã‚‚è¨˜è¿°ã—ã¦ãŠã‘ã‚‹ã€‚åˆ†æžã‚„è³‡æ–™ä½œæˆã€æƒ…å ±æ•´ç†ãªã©ã«åˆ©ç”¨ã§ãã‚‹ã€‚

è¦Geminiã‚¢ãƒ‰ã‚ªãƒ³ãƒ©ã‚¤ã‚»ãƒ³ã‚¹ã€‚

æ–°ã‚µãƒ¼ãƒ“ã‚¹ Google Agentspace ãŒç™ºè¡¨

Introducing Google Agentspace: Bringing AI agents and AI-powered search to enterprises (2024-12-14)

æ–°ã‚µãƒ¼ãƒ“ã‚¹ Google Agentspace ãŒç™ºè¡¨ã€‚Early accessã«ç”³è¾¼å¯èƒ½ã€‚ä»¥ä¸‹ã®æ©Ÿèƒ½ã‚’å‚™ãˆã‚‹ã€‚

è‡ªç¤¾ãƒ‡ãƒ¼ã‚¿ã‚’ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ã—ã¦AIã‹ã‚‰åˆ©ç”¨ã§ãã‚‹ NotebookLM Plus
ã‚³ãƒ³ãƒ•ãƒ«ã‚„ Google ãƒ‰ãƒ©ã‚¤ãƒ–ã€SharePoint ç‰ã‹ã‚‰æ¤œç´¢ã§ãã‚‹ã‚¨ãƒ³ã‚¿ãƒ¼ãƒ—ãƒ©ã‚¤ã‚ºã‚µãƒ¼ãƒ
äººã®ä»£ã‚ã‚Šã«ã‚¿ã‚¹ã‚¯ã‚’ã“ãªã™ã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆ

Compute Engine ã§ Windows Server 2025 ãŒåˆ©ç”¨å¯èƒ½ã«

Windows Server (2024-12-16)

Compute Engine ã§ Windows Server 2025 ãŒåˆ©ç”¨å¯èƒ½ã«ãªã£ãŸã€‚EoSï¼ˆã‚¤ãƒ¡ãƒ¼ã‚¸å»ƒæ¢æ—¥ï¼‰ã¯ 2034-10-10ã€‚

ãªãŠãã®å‰ã® Windows Server 2022 ã® EoS ã¯ 2031-10-14ã€‚

Cloud IAM ã§ Principal access boundary policies ãŒ Preview â†’ GA

Principal access boundary policies (2024-12-17)

Cloud IAM ã§ Principal access boundary policies ãŒ Preview â†’ GAã€‚

è‡ªçµ„ç¹”ã®ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ãŒã©ã®ãƒªã‚½ãƒ¼ã‚¹ã«ã‚¢ã‚¯ã‚»ã‚¹ã§ãã‚‹ã‹ã®å¢ƒç•Œï¼ˆboundaryï¼‰ã‚’è¨ã‘ã‚‰ã‚Œã‚‹ã€‚ã‚¢ã‚¯ã‚»ã‚¹å…ˆã‚’è‡ªçµ„ç¹”ã®ãƒªã‚½ãƒ¼ã‚¹ã«é™å®šã—ãŸã‚Šã€ç‰¹å®šãƒ•ã‚©ãƒ«ãƒ€å†…ã«é™å®šã—ãŸã‚Šã§ãã‚‹ã€‚

Looker Studio ã®ãƒ‡ãƒ¼ã‚¿ã‚½ãƒ¼ã‚¹ç·¨é›†ç”»é¢ã§ãƒ‡ãƒ¼ã‚¿ã®ãƒ—ãƒ¬ãƒ“ãƒ¥ãƒ¼ãŒå¯èƒ½ã«

Preview your data (2024-12-17)

Looker Studio ã§ãƒ‡ãƒ¼ã‚¿ã‚½ãƒ¼ã‚¹ã®ç·¨é›†ç”»é¢ã§ãƒ‡ãƒ¼ã‚¿å†…å®¹ã‚’ãƒ—ãƒ¬ãƒ“ãƒ¥ãƒ¼ã§ãã‚‹ã‚ˆã†ã«ãªã£ãŸã€‚

BigQueryã€Google ã‚¹ãƒ—ãƒ¬ãƒƒãƒ‰ã‚·ãƒ¼ãƒˆã€Lookerã€Excelã€CSV ã«å¯¾å¿œã€‚

å…¨ã‚¨ãƒ‡ã‚£ã‚·ãƒ§ãƒ³ã§ AppSheet ç®¡ç†ç”»é¢ãŒåˆ©ç”¨å¯èƒ½ã«

Now generally available: Monitor and manage AppSheet usage in your organization with the AppSheet Admin console (2024-12-18)

Google Workspace ã®å…¨ã‚¨ãƒ‡ã‚£ã‚·ãƒ§ãƒ³ã§ AppSheet ã®ç®¡ç†ç”»é¢ãŒåˆ©ç”¨å¯èƒ½ã«ãªã£ãŸã€‚

ã‚¢ãƒ—ãƒªã®åˆ©ç”¨çŠ¶æ³ã€èª°ãŒã‚¢ãƒ—ãƒªã‚’ãŸãã•ã‚“ä½œã£ã¦ã„ã‚‹ã‹ã€ãƒ©ã‚¤ã‚»ãƒ³ã‚¹æ•°ã€ãªã©ãŒæ¨ªæ–ã§é–²è¦§ã§ãã‚‹ç®¡ç†ç”»é¢ã€‚

Gemini 2.0 Flash Thinking ã®è©¦é¨“é‹ç”¨ç‰ˆãŒ Google AI Studio ã§å…¬é–‹

Gemini 2.0 Flash ã®æ€è€ƒãƒ¢ãƒ¼ãƒ‰ (2024-12-19)

Gemini 2.0 Flash Thinking ã®è©¦é¨“é‹ç”¨ç‰ˆï¼ˆgemini-2.0-flash-thinking-exp-1219ï¼‰ãŒ Vertex AIï¼ˆGenerative AI on Vertex AIï¼‰ã¨ Google AI Studio ã§å…¬é–‹ã€‚

ã“ã®ãƒ¢ãƒ‡ãƒ«ã§ã¯ã€ç”Ÿæˆçµæžœã ã‘ã§ãªãã€ç”Ÿæˆã«è‡³ã£ãŸã€Œæ€è€ƒã€ãƒ—ãƒã‚»ã‚¹ã‚‚ç”Ÿæˆã—ã¦è¡¨ç¤ºã™ã‚‹ã€‚

Google ãƒ‰ãƒ©ã‚¤ãƒ–ã§å‹•ç”»ã‚’ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰å¾Œã™ãã«å†ç”Ÿã§ãã‚‹ã‚ˆã†ã«

Google Workspace Updates Weekly Recap - December 20, 2024 (2024-12-20)

Google ãƒ‰ãƒ©ã‚¤ãƒ–ã§å‹•ç”»ã‚’ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰å¾Œã€ã™ãã«å†ç”Ÿã§ãã‚‹ã‚ˆã†ã«ãªã£ãŸã€‚

ã“ã‚Œã¾ã§ã¯ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰å¾Œã«æ•°åˆ†ã€œæ•°ååˆ†ã€å‡¦ç†ã®æ™‚é–“ãŒå¿…è¦ã ã£ãŸã€‚

Compute Engineã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã«ãƒãƒ¼ã‚«ãƒ«Kubernetesã‚¯ãƒ©ã‚¹ã‚¿ã‚’æ§‹ç¯‰ã™ã‚‹ï¼ˆMinikubeï¼‰

2024-12-27T09:00:00+09:00

G-gen ã®ä½ã€…æœ¨ã§ã™ã€‚å½“è¨˜äº‹ã§ã¯ã‚³ãƒ³ãƒ†ãƒŠ ã‚ªãƒ¼ã‚±ã‚¹ãƒˆãƒ¬ãƒ¼ã‚·ãƒ§ãƒ³ ãƒ„ãƒ¼ãƒ«ã§ã‚ã‚‹ Kubenretes ã®å¦ç¿’ç”¨ã®ãŸã‚ã€Minikube ã‚’ä½¿ã£ã¦ Compute Engineï¼ˆGoogle Compute Engineã€GCEï¼‰ä»®æƒ³ãƒžã‚·ãƒ³ä¸Šã«ãƒãƒ¼ã‚«ãƒ« Kubernetes ã‚¯ãƒ©ã‚¹ã‚¿ã‚’æ§‹ç¯‰ã—ã¦ã„ãã¾ã™ã€‚

ã¯ã˜ã‚ã«
- å½“è¨˜äº‹ã®ç›®çš„
- Minikube ã¨ã¯
Compute Engine ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã®ä½œæˆ
Docker ã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«
Minikube ã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«
- APT ãƒªãƒã‚¸ãƒˆãƒªã®ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ—
- ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«
Minikube ã®å®Ÿè¡Œ
ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ã®å–å¾—

ã¯ã˜ã‚ã«

å½“è¨˜äº‹ã®ç›®çš„

å½“è¨˜äº‹ã§ã¯ Minikube ã¨ã„ã† OSSï¼ˆã‚ªãƒ¼ãƒ—ãƒ³ã‚½ãƒ¼ã‚¹ã‚½ãƒ•ãƒˆã‚¦ã‚§ã‚¢ï¼‰ã‚’ä½¿ç”¨ã—ã¦ã€Compute Engine ã®ä»®æƒ³ãƒžã‚·ãƒ³ï¼ˆã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ï¼‰ä¸Šã«å¦ç¿’ç”¨ã® Kubernetes ã‚¯ãƒ©ã‚¹ã‚¿ã‚’æ§‹ç¯‰ã™ã‚‹æ–¹æ³•ã‚’ç´¹ä»‹ã—ã¾ã™ã€‚

Kubernetes ã¯ã‚³ãƒ³ãƒ†ãƒŠ ã‚ªãƒ¼ã‚±ã‚¹ãƒˆãƒ¬ãƒ¼ã‚·ãƒ§ãƒ³ ãƒ„ãƒ¼ãƒ«ã®ãƒ‡ãƒ•ã‚¡ã‚¯ãƒˆã‚¹ã‚¿ãƒ³ãƒ€ãƒ¼ãƒ‰ã§ã‚ã‚Šã€ãƒžãƒãƒ¼ã‚¸ãƒ‰ãª Kubernetes ã‚¯ãƒ©ã‚¹ã‚¿ã‚’æä¾›ã™ã‚‹ Google Kubernetes Engineï¼ˆGKEï¼‰ã¯ Google Cloud ã«ãŠã‘ã‚‹ä»£è¡¨çš„ãªã‚µãƒ¼ãƒ“ã‚¹ã®ä¸€ã¤ã§ã™ã€‚

å‚è€ƒ : Kubernetes ã®åŸºæœ¬ã‚’è§£èª¬ - G-gen Tech Blog
å‚è€ƒ : Google Kubernetes Engineï¼ˆGKEï¼‰ã‚’å¾¹åº•è§£èª¬ - G-gen Tech Blog

Kubernetes ã¯ã‚³ãƒ³ãƒ†ãƒŠã®é‹ç”¨ç®¡ç†ã®ãŸã‚ã®éžå¸¸ã«å¼·åŠ›ãªãƒ„ãƒ¼ãƒ«ã§ã‚ã‚‹åé¢ã€ç‹¬è‡ªã®ç”¨èªžã‚„è¨å®šãƒ•ã‚¡ã‚¤ãƒ«ã€é«˜é »åº¦ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚¢ãƒƒãƒ—ãªã©ã€å¦ç¿’ã‚³ã‚¹ãƒˆãŒé«˜ã„ã“ã¨ã§çŸ¥ã‚‰ã‚Œã¦ã„ã¾ã™ã€‚å½“è¨˜äº‹ã®å†…å®¹ã¯ã€Kubernetes ã«å…¥é–€ã™ã‚‹ãŸã‚ã®ç°¡æ˜“çš„ãªå¦ç¿’ç’°å¢ƒã‚’ã€ä½Žã‚³ã‚¹ãƒˆã§ç”¨æ„ã™ã‚‹ã“ã¨ã‚’ç›®çš„ã¨ã—ã¦ã„ã¾ã™ã€‚

å¦ç¿’ç’°å¢ƒã¨ã—ã¦ Compute Engine ã‚’ç”¨ã„ã‚‹ãƒ¡ãƒªãƒƒãƒˆã¨ã—ã¦ã€ä½¿ç”¨ã—ãªã„ã¨ãã¯ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã‚’åœæ¢ã—ã¦æ–™é‡‘ã‚’ç¯€ç´„ã§ãã‚‹ç‚¹ã‚„ã€ãƒžã‚·ãƒ³ã‚¤ãƒ¡ãƒ¼ã‚¸ç‰ã‚’ä½¿ç”¨ã—ã¦ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ã‚’å–å¾—ã—ã€å¿…è¦ã«å¿œã˜ã¦æ‰‹è»½ã«ãƒªã‚¹ãƒˆã‚¢ã™ã‚‹ã“ã¨ãŒã§ãã‚‹ç‚¹ãŒã‚ã‚Šã¾ã™ã€‚

ãªãŠã€GKE ã§ã¯è«‹æ±‚å…ˆã‚¢ã‚«ã‚¦ãƒ³ãƒˆã«ã¤ãæœˆé¡ $74.40 ã®ç„¡æ–™æž ãŒæä¾›ã•ã‚Œã¦ã„ã¾ã™ã€‚å®Ÿéš›ã® GKE ã‚¯ãƒ©ã‚¹ã‚¿ã‚’ä½¿ç”¨ã—ã¦å¦ç¿’ã‚’è¡Œã„ãŸã„å ´åˆã¯ã€Autopilot ã‚¯ãƒ©ã‚¹ã‚¿ã§ã“ã®ç„¡æ–™æž ã‚’åˆ©ç”¨ã—ã¦ã¿ã‚‹ã®ã‚‚ã‚ˆã„ã§ã—ã‚‡ã†ã€‚

å‚è€ƒ : ã‚¯ãƒ©ã‚¹ã‚¿ç®¡ç†æ‰‹æ•°æ–™ã¨ç„¡æ–™æž

ãŸã ã—ã€GKE ã¯è†¨å¤§ãªé‡ã®ãƒã‚°ã‚’ Cloud Logging ã«å‡ºåŠ›ã™ã‚‹ãŸã‚ã€Cloud Logging ã®æ–™é‡‘ã«ã‚‚æ³¨æ„ã‚’æ‰•ã†å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

ã¾ãŸã€ä»¥ä¸‹ã®è¨˜äº‹ã§ã¯ Terraform ã‚’ä½¿ç”¨ã—ã¦ Autopilot ãƒ¢ãƒ¼ãƒ‰ã® GKE ã‚¯ãƒ©ã‚¹ã‚¿ã‚’ä½œæˆã™ã‚‹æ–¹æ³•ã‚’ç´¹ä»‹ã—ã¦ã„ã¾ã™ã®ã§ã€å‚è€ƒã«ã—ã¦ãã ã•ã„ã€‚

blog.g-gen.co.jp

Minikube ã¨ã¯

Minikube ã¯ãƒãƒ¼ã‚«ãƒ«ç’°å¢ƒã§ Kubernetes ã‚’å®Ÿè¡Œã™ã‚‹ãŸã‚ã®ãƒ„ãƒ¼ãƒ«ã§ã™ã€‚Minikube ã‚’ä½¿ã†ã¨ã€ä»®æƒ³ãƒžã‚·ãƒ³ä¸Šã«ã‚·ãƒ³ã‚°ãƒ«ãƒŽãƒ¼ãƒ‰ã® Kubernetes ã‚¯ãƒ©ã‚¹ã‚¿ã‚’æ§‹ç¯‰ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚Minikube ã§ã¯ Kubernetes ã®å…¨ã¦ã®æ©Ÿèƒ½ã‚’ä½¿ç”¨ã§ãã‚‹ã‚ã‘ã§ã¯ã‚ã‚Šã¾ã›ã‚“ãŒã€åŸºæœ¬çš„ãªå‹•ä½œã®ç¢ºèªã‚„é–‹ç™ºç’°å¢ƒã¨ã—ã¦åˆ©ç”¨ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

å½“è¨˜äº‹ã§ã¯ã€ä»¥ä¸‹ã®å…¬å¼ãƒãƒ¥ãƒ¼ãƒˆãƒªã‚¢ãƒ«ã‚’å…ƒã« Minikube ã‚’ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã—ã€ã‚¯ãƒ©ã‚¹ã‚¿ã®æ§‹ç¯‰ã‚’è¡Œã„ã¾ã™ã€‚

å‚è€ƒ : Minikubeã‚’ä½¿ç”¨ã—ã¦ãƒãƒ¼ã‚«ãƒ«ç’°å¢ƒã§Kubernetesã‚’å‹•ã‹ã™
å‚è€ƒ : minikube start

Compute Engine ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã®ä½œæˆ

ä½œæ¥ã®æ¦‚è¦

Google Cloud ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã« Compute Engine ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã‚’ä½œæˆã—ã¾ã™ã€‚

ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã¯ VPC å†…ã®ã‚µãƒ–ãƒãƒƒãƒˆã«ä½œæˆã™ã‚‹å¿…è¦ãŒã‚ã‚‹ãŸã‚ã€ãã‚Œã‚‰ã®ãƒªã‚½ãƒ¼ã‚¹ã‚’å…ˆã«ä½œæˆã—ã€ãã®ä¸ã«ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã‚’ä½œæˆã—ã¾ã™ã€‚

ãã—ã¦ã€ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹å†…ã§ä½œæ¥ã™ã‚‹éš›ã« VPC ã®å¤–éƒ¨ã‹ã‚‰æŽ¥ç¶šã§ãã‚‹ã‚ˆã†ã«ã€æŽ¥ç¶šã‚’è¨±å¯ã™ã‚‹ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ãƒ«ãƒ¼ãƒ«ã‚’è¨å®šã—ã¦ãŠãã¾ã™ã€‚

å½“è¨˜äº‹ã§ä½œæˆã™ã‚‹ Compute Engine ç’°å¢ƒã®æ§‹æˆ

å½“è¨˜äº‹ã§ã¯ gcloud ã‚³ãƒžãƒ³ãƒ‰ã‚’ç”¨ã„ã¦ãƒªã‚½ãƒ¼ã‚¹ã®ä½œæˆã‚’è¡Œã£ã¦ã„ãã¾ã™ã€‚gcloud ã‚³ãƒžãƒ³ãƒ‰ã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã«ã¤ã„ã¦ã¯ä»¥ä¸‹ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚

å‚è€ƒ : gcloud CLI ã‚’ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã™ã‚‹

ã¾ãŸã€Google Cloud ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã‹ã‚‰åˆ©ç”¨ã§ãã‚‹ Cloud Shellï¼ˆãƒ–ãƒ©ã‚¦ã‚¶ãƒ™ãƒ¼ã‚¹ã®ã‚¿ãƒ¼ãƒŸãƒŠãƒ«ç’°å¢ƒï¼‰ã«ã¯ gcloud ã‚³ãƒžãƒ³ãƒ‰ãŒãƒ—ãƒªã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã•ã‚Œã¦ã„ã‚‹ãŸã‚ã€ä»¥é™ã®ä½œæ¥ã‚’ãã®ã¾ã¾å®Ÿæ–½ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

å‚è€ƒ : Cloud Shell ã‚’ä½¿ç”¨ã™ã‚‹

ã‚·ã‚§ãƒ«å¤‰æ•°ã®è¨å®š

ã‚³ãƒžãƒ³ãƒ‰ã§ä½•åº¦ã‹ä½¿ç”¨ã™ã‚‹å€¤ã‚’ã‚·ã‚§ãƒ«å¤‰æ•°ã«æ ¼ç´ã—ã¦ãŠãã¾ã™ã€‚å½“è¨˜äº‹ã§ã¯ SUFFIX ã®å€¤ã‚’ minikube ã¨ã—ã¦é€²ã‚ã¦ã„ãã¾ã™ã€‚PROJECT ã«ã¯ãƒªã‚½ãƒ¼ã‚¹ã‚’ä½œæˆã™ã‚‹ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã® ID ã‚’ã€REGION ã«ã¯ asia-northeast1 ãªã©ã®ãƒªãƒ¼ã‚¸ãƒ§ãƒ³ã‚’æŒ‡å®šã—ã¾ã™ã€‚

SUFFIX={é©å½“ãªå€¤}  # å½“è¨˜äº‹ã§ã¯ minikube 
PROJECT={ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆID}
REGION={ãƒªã‚½ãƒ¼ã‚¹ã‚’ä½œæˆã™ã‚‹ãƒªãƒ¼ã‚¸ãƒ§ãƒ³}

VPCãƒ»ã‚µãƒ–ãƒãƒƒãƒˆã®ä½œæˆ

VPC ã®ä½œæˆ

ä»¥ä¸‹ã®ã‚³ãƒžãƒ³ãƒ‰ã§ VPC ã‚’ä½œæˆã—ã¾ã™ã€‚ã‚µãƒ–ãƒãƒƒãƒˆã‚’æ‰‹å‹•ã§ä½œæˆã™ã‚‹ãŸã‚ã€--subnet-mode ãƒ•ãƒ©ã‚°ã§ custom ã‚’æŒ‡å®šã—ã¾ã™ã€‚

# VPC ã‚’ä½œæˆã™ã‚‹
$ gcloud compute networks create vpc-${SUFFIX} \
    --subnet-mode=custom \
    --project=${PROJECT}

å‚è€ƒ : gcloud compute networks createï¼ˆã‚³ãƒžãƒ³ãƒ‰ãƒªãƒ•ã‚¡ãƒ¬ãƒ³ã‚¹ï¼‰

ã‚µãƒ–ãƒãƒƒãƒˆã®ä½œæˆ

ä½œæˆã—ãŸ VPC ã‚’æŒ‡å®šã—ã€ãã®ä¸ã«ã‚µãƒ–ãƒãƒƒãƒˆã‚’ä½œæˆã—ã¾ã™ã€‚--range ãƒ•ãƒ©ã‚°ã§ã¯ã‚µãƒ–ãƒãƒƒãƒˆã«å‰²ã‚Šå½“ã¦ã‚‹ãƒ—ãƒ©ã‚¤ãƒ™ãƒ¼ãƒˆ IP ã‚¢ãƒ‰ãƒ¬ã‚¹ã®ç¯„å›²ã‚’ CIDR ã§æŒ‡å®šã—ã¾ã™ã€‚å½“è¨˜äº‹ã§ã¯ 192.168.144.0/28 ã‚’å‰²ã‚Šå½“ã¦ã¦ã„ã¾ã™ã€‚

# ã‚µãƒ–ãƒãƒƒãƒˆã‚’ä½œæˆã™ã‚‹
$ gcloud compute networks subnets create subnet-${SUFFIX} \
    --network=vpc-${SUFFIX} \
    --region=${REGION} \
    --range=192.168.144.0/28 \
    --project=${PROJECT}

å‚è€ƒ : gcloud compute networks subnets createï¼ˆã‚³ãƒžãƒ³ãƒ‰ãƒªãƒ•ã‚¡ãƒ¬ãƒ³ã‚¹ï¼‰

ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã®ä½œæˆ

Minikube ã®è¦ä»¶ã«ã¤ã„ã¦

å…¬å¼ãƒãƒ¥ãƒ¼ãƒˆãƒªã‚¢ãƒ«ã«ã‚ˆã‚‹ã¨ã€Minikube ã®ãƒªã‚½ãƒ¼ã‚¹è¦ä»¶ã¯ä»¥ä¸‹ã®ã‚ˆã†ã«ãªã£ã¦ã„ã¾ã™ã€‚

2ã¤ä»¥ä¸Šã® CPU
2 GB ä»¥ä¸Šã®ãƒ¡ãƒ¢ãƒªå®¹é‡
20 GB ä»¥ä¸Šã®ãƒ‡ã‚£ã‚¹ã‚¯é ˜åŸŸ

ãŸã¨ãˆã°ãƒ¡ãƒ¢ãƒªãŒä¸è¶³ã—ã¦ã„ã‚‹å ´åˆã€Minikube ã‚’å®Ÿè¡Œã—ã‚ˆã†ã¨ã—ã¦ã‚‚ã€ä»¥ä¸‹ã®ã‚ˆã†ã«ã‚¨ãƒ©ãƒ¼ãŒå‡ºã¦çµ‚äº†ã—ã¦ã—ã¾ã„ã¾ã™ã€‚

# ãƒ¡ãƒ¢ãƒªä¸è¶³ã®å ´åˆã€Minikube ã‚’å®Ÿè¡Œã§ããªã„
$ minikube start --driver=docker
ðŸ˜„  minikube v1.34.0 on Debian 12.7 (amd64)
âœ¨  Using the docker driver based on user configuration

â›”  Exiting due to RSRC_INSUFFICIENT_CONTAINER_MEMORY: docker only has 969MiB available, less than the required 1800MiB for Kubernetes

å½“è¨˜äº‹ã§ã¯ãƒ¡ãƒ¢ãƒªå®¹é‡ã«ã‚ã‚‹ç¨‹åº¦ä½™è£•ãŒã‚ã‚‹ãƒžã‚·ãƒ³ã‚¿ã‚¤ãƒ—ã§ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã‚’ä½œæˆã—ã¾ã™ã€‚

ãƒžã‚·ãƒ³ã‚¿ã‚¤ãƒ—ã¯ç°¡å˜ã«å¤‰æ›´ã™ã‚‹ã“ã¨ãŒã§ãã‚‹ãŸã‚ã€ã¾ãšã¯å°ã•ã‚ã®ãƒžã‚·ãƒ³ã‚¿ã‚¤ãƒ—ã§è©¦ã—ã¦ã¿ã¦ã€è¶³ã‚Šãªã‘ã‚Œã°ãƒªã‚½ãƒ¼ã‚¹ã‚’å¢—ã‚„ã—ã¦ã‚‚ã‚ˆã„ã§ã—ã‚‡ã†ã€‚

å‚è€ƒ : ã‚³ãƒ³ãƒ”ãƒ¥ãƒ¼ãƒ†ã‚£ãƒ³ã‚° ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã®ãƒžã‚·ãƒ³ã‚¿ã‚¤ãƒ—ã®ç·¨é›† - ãƒžã‚·ãƒ³ã‚¿ã‚¤ãƒ—ã‚’å¤‰æ›´ã™ã‚‹

ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã®ä½œæˆ

å‰ã®æ‰‹é †ã§ä½œæˆã—ãŸ VPC ã¨ã‚µãƒ–ãƒãƒƒãƒˆã‚’æŒ‡å®šã—ã€Compute Engine ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã‚’ä½œæˆã—ã¾ã™ã€‚

å½“è¨˜äº‹ã§ã¯ä»¥ä¸‹ã®è¨å®šå€¤ã§ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã‚’ä½œæˆã—ã¾ã™ã€‚

é …ç›®	gcloud ã‚³ãƒžãƒ³ãƒ‰ã®ãƒ•ãƒ©ã‚°	å€¤	å‚™è€ƒ
ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹å		vm-${SUFFIX}
VPC	`--network`	vpc-${SUFFIX}
ã‚µãƒ–ãƒãƒƒãƒˆ	`--subnet`	subnet-${SUFFIX}
OS ã‚¤ãƒ¡ãƒ¼ã‚¸	`--image-family` `--image-project`	debian-12 debian-cloud	ä»¥é™ã®æ‰‹é †ã¯ã“ã“ã§æŒ‡å®šã—ãŸ OS ã‚’å‰æã¨ã™ã‚‹ç‚¹ã«æ³¨æ„
ãƒžã‚·ãƒ³ã‚¿ã‚¤ãƒ—	`--machine-type`	e2-medium	2 vCPUã€ãƒ¡ãƒ¢ãƒª4GB å¿…è¦ã«å¿œã˜ã¦å¤‰æ›´å¯ï¼ˆå‚è€ƒï¼‰
ãƒ‡ã‚£ã‚¹ã‚¯ã‚µã‚¤ã‚º	--boot-disk-size	20GB	Minikube ã®ãƒªã‚½ãƒ¼ã‚¹è¦ä»¶ã«æº–æ‹
ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã‚¿ã‚°	`--tags`	ssh	å¾Œã§ä½œæˆã™ã‚‹ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ãƒ«ãƒ¼ãƒ«ã‚’ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã«ç´ä»˜ã‘ã‚‹éš›ã«ä½¿ç”¨

# Compute Engine ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã‚’ä½œæˆã™ã‚‹
$ gcloud compute instances create vm-${SUFFIX} \
    --network=vpc-${SUFFIX} \
    --subnet=subnet-${SUFFIX} \
    --zone=${REGION}-a \
    --image-family=debian-12 \
    --image-project=debian-cloud \
    --machine-type=e2-medium \
    --boot-disk-size=20GB \
    --tags=ssh \
    --project=${PROJECT}

å‚è€ƒ : gcloud compute instances createï¼ˆã‚³ãƒžãƒ³ãƒ‰ãƒªãƒ•ã‚¡ãƒ¬ãƒ³ã‚¹ï¼‰

ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ãƒ«ãƒ¼ãƒ«ã®è¨å®š

ä½œæˆã—ãŸã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã« SSH ã§ã‚¢ã‚¯ã‚»ã‚¹ã§ãã‚‹ã‚ˆã†ã«ã€VPC ã«å†…å‘ãã®ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ãƒ«ãƒ¼ãƒ«ã‚’ä½œæˆã—ã¾ã™ã€‚--target-tags ãƒ•ãƒ©ã‚°ã§ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã«è¨å®šã—ãŸã‚‚ã®ã¨åŒã˜ã‚¿ã‚°ã‚’æŒ‡å®šã™ã‚‹ã“ã¨ã§ã€ã“ã®ãƒ«ãƒ¼ãƒ«ã‚’ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã«ç´ä»˜ã‘ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

ãªãŠã€å½“è¨˜äº‹ã§ã¯ä¾¿å®œä¸Š --source-ranges ãƒ•ãƒ©ã‚°ã€ã¤ã¾ã‚Šã‚¢ã‚¯ã‚»ã‚¹å…ƒã® IP ã‚¢ãƒ‰ãƒ¬ã‚¹ç¯„å›²ã‚’ 0.0.0.0/0ï¼ˆä»»æ„ã® IP ã‚¢ãƒ‰ãƒ¬ã‚¹ï¼‰ã«è¨å®šã—ã¦ã„ã¾ã™ãŒã€ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚’è€ƒæ…®ã—ã¦è‡ªèº«ã® PC ã® IP ã‚¢ãƒ‰ãƒ¬ã‚¹ç‰ã‚’è¨å®šã™ã‚‹ã“ã¨ã‚‚ã§ãã¾ã™ã€‚

# SSH ã‚’è¨±å¯ã™ã‚‹ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ãƒ«ãƒ¼ãƒ«ã‚’ä½œæˆã™ã‚‹
$ gcloud compute firewall-rules create vpc-${SUFFIX}-allow-ssh \
    --direction=INGRESS \
    --source-ranges=0.0.0.0/0 \
    --allow=tcp:22 \
    --target-tags=ssh \
    --network=vpc-${SUFFIX} \
    --project=${PROJECT}

å‚è€ƒ : gcloud compute firewall-rules createï¼ˆã‚³ãƒžãƒ³ãƒ‰ãƒªãƒ•ã‚¡ãƒ¬ãƒ³ã‚¹ï¼‰

ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã« SSH æŽ¥ç¶š

ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã‹ã‚‰ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã«æŽ¥ç¶šï¼ˆGUI ã®å ´åˆï¼‰

Minikube ã‚’ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã™ã‚‹ãŸã‚ã€ä½œæˆã—ãŸã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã« SSH æŽ¥ç¶šã—ã¾ã™ã€‚

Google Cloud ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã‹ã‚‰ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã« SSH æŽ¥ç¶šã™ã‚‹å ´åˆã€ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ä¸€è¦§ç”»é¢ã§ã€ŒSSHã€ã‚’é¸æŠžã—ã¾ã™ã€‚

Google Cloud ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã‹ã‚‰ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã« SSH æŽ¥ç¶šã™ã‚‹

gcloud ã‚³ãƒžãƒ³ãƒ‰ã§ SSH æŽ¥ç¶šï¼ˆCLI ã®å ´åˆï¼‰

gcloud ã§ã¯ã€ä»¥ä¸‹ã®ã‚³ãƒžãƒ³ãƒ‰ã‚’ä½¿ç”¨ã—ã¦ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã« SSH æŽ¥ç¶šã§ãã¾ã™ã€‚

# ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã« SSH æŽ¥ç¶šã™ã‚‹
$ gcloud compute ssh vm-${SUFFIX} \
    --zone=${REGION}-a \
    --project=${PROJECT}

å‚è€ƒ : gcloud compute sshï¼ˆã‚³ãƒžãƒ³ãƒ‰ãƒªãƒ•ã‚¡ãƒ¬ãƒ³ã‚¹ï¼‰

Docker ã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«

Minikube ã® driver ã«ã¤ã„ã¦

Minikube ã§ã¯å‹•ä½œç’°å¢ƒï¼ˆdriverï¼‰ã¨ã—ã¦ Docker ã‚„ VirtualBox ãªã©ã€ã„ãã¤ã‹ã®é¸æŠžè‚¢ãŒæä¾›ã•ã‚Œã¦ã„ã¾ã™ã€‚

å‚è€ƒ : Drivers

å½“è¨˜äº‹ã§ã¯æŽ¨å¥¨ driver ã®1ã¤ã§ã‚ã‚‹ Docker ã‚’ä½¿ç”¨ã—ã¦æ§‹ç¯‰ã‚’é€²ã‚ã¦ã„ãã¾ã™ã€‚

ä»¥ä¸‹ã® Docker å…¬å¼ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã®æ‰‹é †ã«æ²¿ã£ã¦ã€Docker ã‚’ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã—ã¦ã„ãã¾ã™ã€‚

å‚è€ƒ : Install Docker Engine on Debian

ãƒ‘ãƒƒã‚±ãƒ¼ã‚¸ãƒªã‚¹ãƒˆã®æ›´æ–°

ä»¥é™ã®æ‰‹é †ã«ã¤ã„ã¦ã¯ã€SSH æŽ¥ç¶šã—ãŸ Compute Engine VM ä¸Šã§ã‚³ãƒžãƒ³ãƒ‰ã‚’å®Ÿè¡Œã—ã¦ãã ã•ã„ã€‚

ã¾ãšã¯ã€APT ã®ãƒ‘ãƒƒã‚±ãƒ¼ã‚¸ã‚’æœ€æ–°åŒ–ã—ã¦ãŠãã¾ã™ã€‚

# ãƒ‘ãƒƒã‚±ãƒ¼ã‚¸ãƒªã‚¹ãƒˆã‚’æœ€æ–°ã®çŠ¶æ…‹ã«ã™ã‚‹
$ sudo apt update
  
# ãƒ‘ãƒƒã‚±ãƒ¼ã‚¸ã®æœ€æ–°åŒ–ï¼ˆæ™‚é–“ãŒã‹ã‹ã‚‹å¯èƒ½æ€§ã‚ã‚Šï¼‰
$ sudo apt upgrade -y

ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«

APT ãƒªãƒã‚¸ãƒˆãƒªã®ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ—

ã¾ãšã€Docker ãƒ‘ãƒƒã‚±ãƒ¼ã‚¸ã®æ¤œè¨¼ã«å¿…è¦ãª GPG Key ã‚’ç”¨æ„ã—ã¾ã™ã€‚

# Docker ã®ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã«å¿…è¦ãªãƒ‘ãƒƒã‚±ãƒ¼ã‚¸ã‚’ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã™ã‚‹
$ sudo apt install ca-certificates curl
  
# keyrings ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã®ãƒ‘ãƒ¼ãƒŸãƒƒã‚·ãƒ§ãƒ³ã‚’è¨å®šã™ã‚‹
$ sudo install -m 0755 -d /etc/apt/keyrings
  
# Docker å…¬å¼ã® GPG Key ã‚’ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã—ã¦ keyrings ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«æ ¼ç´ã™ã‚‹
$ sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
  
# GPG Key ã®ãƒ‘ãƒ¼ãƒŸãƒƒã‚·ãƒ§ãƒ³ã‚’å¤‰æ›´ã™ã‚‹
$ sudo chmod a+r /etc/apt/keyrings/docker.asc

apt ã‚³ãƒžãƒ³ãƒ‰ã®ãƒ‘ãƒƒã‚±ãƒ¼ã‚¸å–å¾—å…ƒã®ãƒªãƒã‚¸ãƒˆãƒªã¨ã—ã¦ Docker é–¢é€£ã®ãƒªãƒã‚¸ãƒˆãƒªã‚’è¿½åŠ ã—ã¾ã™ã€‚

# Docker ã®ãƒªãƒã‚¸ãƒˆãƒªã‚’è¿½åŠ ã™ã‚‹
$ echo \
    "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
    $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
    sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Docker ã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«

Docker ã®å®Ÿè¡Œã«å¿…è¦ãªãƒ‘ãƒƒã‚±ãƒ¼ã‚¸ã‚’ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã—ã¾ã™ã€‚

# ãƒ‘ãƒƒã‚±ãƒ¼ã‚¸ãƒªã‚¹ãƒˆã‚’æ›´æ–°ã™ã‚‹
$ sudo apt update
  
# Docker ã®å®Ÿè¡Œã«å¿…è¦ãªãƒ‘ãƒƒã‚±ãƒ¼ã‚¸ã‚’ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã™ã‚‹
$ sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Docker ã®å‹•ä½œç¢ºèª

Docker ã§é©å½“ãªã‚³ãƒ³ãƒ†ãƒŠã‚’å®Ÿè¡Œã—ã¦ã¿ã¾ã™ã€‚ã“ã“ã§ã¯ Docker å…¬å¼ã‚³ãƒ³ãƒ†ãƒŠã‚¤ãƒ¡ãƒ¼ã‚¸ã® hello-world ã‚’ä½¿ç”¨ã—ã¾ã™ã€‚

# hello-world ã‚³ãƒ³ãƒ†ãƒŠã®èµ·å‹•
$ sudo docker run --name hello hello-world
  
-------------------- å‡ºåŠ›ä¾‹ --------------------
  
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
c1ec31eb5944: Pull complete 
Digest: sha256:d211f485f2dd1dee407a80973c8f129f00d54604d2c90732e8e320e5038a0348
Status: Downloaded newer image for hello-world:latest
  
Hello from Docker!
This message shows that your installation appears to be working correctly.
  
To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.
  
To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash
  
Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/
  
For more examples and ideas, visit:
 https://docs.docker.com/get-started/

ã‚¯ãƒªãƒ¼ãƒ³ã‚¢ãƒƒãƒ—

å‹•ä½œç¢ºèªç”¨ã® hello-world ã‚³ãƒ³ãƒ†ãƒŠã¨ã€ãã®ã‚³ãƒ³ãƒ†ãƒŠã‚¤ãƒ¡ãƒ¼ã‚¸ã‚’å‰Šé™¤ã—ã¦ã„ãã¾ã™ã€‚

hello-world ã‚³ãƒ³ãƒ†ãƒŠã¯åœæ¢ã—ãŸçŠ¶æ…‹ã§æ®‹ã£ã¦ã„ã¾ã™ã€‚

# ã‚³ãƒ³ãƒ†ãƒŠä¸€è¦§ã‚’ç¢ºèªã™ã‚‹
$ sudo docker container ls -a
  
-------------------- å‡ºåŠ›ä¾‹ --------------------
CONTAINER ID   IMAGE         COMMAND    CREATED          STATUS                      PORTS     NAMES
0f6492b1ab35   hello-world   "/hello"   48 seconds ago   Exited (0) 47 seconds ago             hello

ã¾ãŸã€ã‚³ãƒ³ãƒ†ãƒŠå®Ÿè¡Œã«ä½¿ç”¨ã•ã‚ŒãŸã‚³ãƒ³ãƒ†ãƒŠã‚¤ãƒ¡ãƒ¼ã‚¸ã‚‚ãƒãƒ¼ã‚«ãƒ«ã«ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã•ã‚Œã¦ã„ã‚‹ãŸã‚ã€ã“ã‚Œã‚’å‰Šé™¤ã—ã¦ã„ãã¾ã™ã€‚

# ã‚³ãƒ³ãƒ†ãƒŠã‚¤ãƒ¡ãƒ¼ã‚¸ã®ä¸€è¦§ã‚’ç¢ºèªã™ã‚‹
$ sudo docker image ls
  
-------------------- å‡ºåŠ›ä¾‹ --------------------
  
REPOSITORY    TAG       IMAGE ID       CREATED         SIZE
hello-world   latest    d2c94e258dcb   18 months ago   13.3kB

ä»¥ä¸‹ã®ã‚³ãƒžãƒ³ãƒ‰ã§ã€åœæ¢ã—ãŸã‚³ãƒ³ãƒ†ãƒŠã¨ã‚³ãƒ³ãƒ†ãƒŠã‚¤ãƒ¡ãƒ¼ã‚¸ã‚’å‰Šé™¤ã—ã¾ã™ã€‚

# ã‚³ãƒ³ãƒ†ãƒŠã‚’å‰Šé™¤ã™ã‚‹
$ sudo docker container rm hello
  
# hello-world ã‚³ãƒ³ãƒ†ãƒŠã‚¤ãƒ¡ãƒ¼ã‚¸ã‚’å‰Šé™¤ã™ã‚‹
$ sudo docker image rm hello-world:latest

Minikube ã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«

APT ãƒªãƒã‚¸ãƒˆãƒªã®ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ—

ã¾ãšã€Kubernetes ã®ãƒªãƒã‚¸ãƒˆãƒªã‚’ APT ã®ãƒ‘ãƒƒã‚±ãƒ¼ã‚¸å–å¾—å…ƒã¨ã—ã¦ç™»éŒ²ã—ã¾ã™ã€‚

# Kubernetes ã®ãƒªãƒã‚¸ãƒˆãƒªã‚’ç™»éŒ²
$ echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /" | sudo tee /etc/apt/sources.list.d/kubernetes.list

ãƒ‘ãƒƒã‚±ãƒ¼ã‚¸ã®æ¤œè¨¼ã«ä½¿ç”¨ã™ã‚‹ GPG Key ã‚’ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã—ã¾ã™ã€‚

# GPG Key ã®ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg

æ”¹ã‚ã¦ãƒ‘ãƒƒã‚±ãƒ¼ã‚¸ãƒªã‚¹ãƒˆã‚’æ›´æ–°ã—ã¾ã™ã€‚

# ãƒ‘ãƒƒã‚±ãƒ¼ã‚¸ãƒªã‚¹ãƒˆã‚’æ›´æ–°ã™ã‚‹
$ sudo apt update

å‚è€ƒ : How to migrate to the Kubernetes community-owned repositories?

ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«

Minikube ã®ãƒ‘ãƒƒã‚±ãƒ¼ã‚¸ã‚’ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã—ã€dpkg ã‚³ãƒžãƒ³ãƒ‰ã§ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã‚’å®Ÿè¡Œã—ã¾ã™ã€‚

# Minikube ã®ãƒ‘ãƒƒã‚±ãƒ¼ã‚¸ã‚’ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã™ã‚‹
$ curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube_latest_amd64.deb
  
# Minikube ã‚’ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã™ã‚‹
$ sudo dpkg -i minikube_latest_amd64.deb
  
-------------------- å‡ºåŠ›ä¾‹ --------------------
  
Selecting previously unselected package minikube.
(Reading database ... 73229 files and directories currently installed.)
Preparing to unpack minikube_latest_amd64.deb ...
Unpacking minikube (1.34.0-0) ...
Setting up minikube (1.34.0-0) ...

Minikube ã®å®Ÿè¡Œ

Minikube å®Ÿè¡Œãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚’ docker ã‚°ãƒ«ãƒ¼ãƒ—ã«è¿½åŠ

Minikube ã‚’å®Ÿè¡Œã™ã‚‹ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚’ docker ã‚°ãƒ«ãƒ¼ãƒ—ã«æ‰€å±žã•ã›ã¾ã™ã€‚

ã“ã®æ‰‹é †ã‚’ã‚¹ã‚ãƒƒãƒ—ã™ã‚‹ã¨ã€Minikube å®Ÿè¡Œæ™‚ã«ä»¥ä¸‹ã®ã‚ˆã†ãªæ¨©é™ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¦ã—ã¾ã„ã¾ã™ã€‚

$ minikube start --driver=docker
ðŸ˜„  minikube v1.34.0 on Debian 12.7 (amd64)
âœ¨  Using the docker driver based on user configuration
  
ðŸ’£  Exiting due to PROVIDER_DOCKER_NEWGRP: "docker version --format <no value>-<no value>:<no value>" exit status 1: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.47/version": dial unix /var/run/docker.sock: connect: permission denied
ðŸ’¡  Suggestion: Add your user to the 'docker' group: 'sudo usermod -aG docker $USER && newgrp docker'
ðŸ“˜  Documentation: https://docs.docker.com/engine/install/linux-postinstall/

Suggestion: ã®é …ç›®ã«è¨˜è¼‰ã•ã‚Œã¦ã„ã‚‹ã‚³ãƒžãƒ³ãƒ‰ã‚’å®Ÿè¡Œã—ã€ç¾åœ¨ä»®æƒ³ãƒžã‚·ãƒ³ã®ãƒã‚°ã‚¤ãƒ³ã«ä½¿ç”¨ã—ã¦ã„ã‚‹ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚’ docker ã‚°ãƒ«ãƒ¼ãƒ—ã«è¿½åŠ ã—ã¾ã™ã€‚

# ç¾åœ¨ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚’ docker ã‚°ãƒ«ãƒ¼ãƒ—ã«è¿½åŠ ã™ã‚‹
$ sudo usermod -aG docker $USER && newgrp docker

Minikube ã®å®Ÿè¡Œ

minikube start ã‚³ãƒžãƒ³ãƒ‰ã§ Minikube ã‚’å®Ÿè¡Œã—ã¾ã™ã€‚--driver ãƒ•ãƒ©ã‚°ã§ Docker ã‚’ãƒ‰ãƒ©ã‚¤ãƒã¨ã—ã¦è¨å®šã—ã¦ã„ã¾ã™ã€‚

$ minikube start --driver=docker
  
-------------------- å‡ºåŠ›ä¾‹ --------------------
  
ðŸ˜„  minikube v1.34.0 on Debian 12.8 (amd64)
âœ¨  Using the docker driver based on user configuration
ðŸ“Œ  Using Docker driver with root privileges
ðŸ‘  Starting "minikube" primary control-plane node in "minikube" cluster
ðŸšœ  Pulling base image v0.0.45 ...
ðŸ’¾  Downloading Kubernetes v1.31.0 preload ...
    > preloaded-images-k8s-v18-v1...:  326.69 MiB / 326.69 MiB  100.00% 37.80 M
    > gcr.io/k8s-minikube/kicbase...:  487.90 MiB / 487.90 MiB  100.00% 46.45 M
ðŸ”¥  Creating docker container (CPUs=2, Memory=2200MB) ...
ðŸ³  Preparing Kubernetes v1.31.0 on Docker 27.2.0 ...
    â–ª Generating certificates and keys ...
    â–ª Booting up control plane ...
    â–ª Configuring RBAC rules ...
ðŸ”—  Configuring bridge CNI (Container Networking Interface) ...
ðŸ”Ž  Verifying Kubernetes components...
    â–ª Using image gcr.io/k8s-minikube/storage-provisioner:v5
ðŸŒŸ  Enabled addons: storage-provisioner, default-storageclass
ðŸ’¡  kubectl not found. If you need it, try: 'minikube kubectl -- get pods -A'
ðŸ„  Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default

Minikube ã®çŠ¶æ…‹ã¯ minikube status ã‚³ãƒžãƒ³ãƒ‰ã§ç¢ºèªã§ãã¾ã™ã€‚

# Minikube ã®çŠ¶æ…‹ã‚’ç¢ºèªã™ã‚‹
$ minikube status
  
-------------------- å‡ºåŠ›ä¾‹ --------------------
  
minikube
type: Control Plane
host: Running
kubelet: Running
apiserver: Running
kubeconfig: Configured

ä¸€èˆ¬ã« Kubernetes ã®ç®¡ç†æ“ä½œã«ã¯ kubectl ã‚³ãƒžãƒ³ãƒ‰ã‚’ä½¿ç”¨ã—ã¾ã™ãŒã€Minikube ã§ã¯ minikube kubectl ã‚’ä½¿ç”¨ã—ã¾ã™ã€‚

# Minikube ã®ãƒŽãƒ¼ãƒ‰ã‚’ç¢ºèªã™ã‚‹
$ minikube kubectl -- get nodes
  
-------------------- å‡ºåŠ›ä¾‹ --------------------
  
NAME       STATUS   ROLES           AGE   VERSION
minikube   Ready    control-plane   11m   v1.31.0

æ¯Žå›ž minikube ã®éƒ¨åˆ†ã‹ã‚‰ã‚³ãƒžãƒ³ãƒ‰ã‚’å…¥åŠ›ã™ã‚‹ã®ã¯æ‰‹é–“ãªã®ã§ã€ã‚¨ã‚¤ãƒªã‚¢ã‚¹ã‚’è¨å®šã—ã¦ kubectl ã ã‘ã§ã‚³ãƒžãƒ³ãƒ‰ã‚’å®Ÿè¡Œã§ãã‚‹ã‚ˆã†ã«ã—ã¾ã™ã€‚ã‚¨ã‚¤ãƒªã‚¢ã‚¹ã¯ .bashrc ãƒ•ã‚¡ã‚¤ãƒ«ã«è¨å®šã—ã¦ãŠãã¾ã™ã€‚

# ã‚¨ã‚¤ãƒªã‚¢ã‚¹ã‚’è¨å®šã™ã‚‹ï¼ˆ.bashrc ã«è¿½è¨˜ï¼‰
$ echo "alias kubectl='minikube kubectl --'" >> .bashrc
  
# .bashrc ã®è¿½è¨˜å†…å®¹ã‚’åæ˜ ã™ã‚‹
$ source .bashrc
  
# ã‚¨ã‚¤ãƒªã‚¢ã‚¹ã§å®Ÿè¡Œã§ãã‚‹ã“ã¨ã‚’ç¢ºèªã™ã‚‹
$ kubectl get nodes
  
-------------------- å‡ºåŠ›ä¾‹ --------------------
  
NAME       STATUS   ROLES           AGE   VERSION
minikube   Ready    control-plane   13m   v1.31.0

Pod ã®ä½œæˆ

Minikube ã®ã‚¯ãƒ©ã‚¹ã‚¿ã‚’å®Ÿè¡Œã§ããŸã®ã§ã€Kubernetes ã§ç®¡ç†ã§ãã‚‹æœ€å°å˜ä½ã®ã‚³ãƒ³ãƒ”ãƒ¥ãƒ¼ãƒ†ã‚£ãƒ³ã‚° ãƒªã‚½ãƒ¼ã‚¹ã§ã‚ã‚‹ Pod ã‚’ä½œæˆã—ã¦ã¿ã¾ã™ã€‚

vim ç‰ã®ã‚¨ãƒ‡ã‚£ã‚¿ã‚’ä½¿ç”¨ã—ã¦ã€sample-pod.yaml ã¨ã—ã¦ä»¥ä¸‹ã®ãƒžãƒ‹ãƒ•ã‚§ã‚¹ãƒˆãƒ•ã‚¡ã‚¤ãƒ«ã‚’ä½œæˆã—ã¾ã™ã€‚ã“ã® Pod ã¯ã€Web ã‚µãƒ¼ãƒã§ã‚ã‚‹ nginx ã®ã‚³ãƒ³ãƒ†ãƒŠã‚’å®Ÿè¡Œã—ã¾ã™ã€‚

# sample-pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    app: sample
spec:
  containers:
  - name: nginx
    image: nginx:1.27
    ports:
    - containerPort: 80

kubectl apply ã‚³ãƒžãƒ³ãƒ‰ã§ãƒžãƒ‹ãƒ•ã‚§ã‚¹ãƒˆãƒ•ã‚¡ã‚¤ãƒ«ã‚’ã‚¯ãƒ©ã‚¹ã‚¿ã«é©ç”¨ã—ã¾ã™ã€‚ã“ã‚Œã«ã‚ˆã‚Šã€YAML ãƒ•ã‚¡ã‚¤ãƒ«ã«è¨˜è¼‰ã—ãŸè¨å®šå†…å®¹ã® Pod ãŒ Minikube ã‚¯ãƒ©ã‚¹ã‚¿ä¸Šã§å®Ÿè¡Œã•ã‚Œã¾ã™ã€‚

# ãƒžãƒ‹ãƒ•ã‚§ã‚¹ãƒˆãƒ•ã‚¡ã‚¤ãƒ«ã‚’ã‚¯ãƒ©ã‚¹ã‚¿ã«é©ç”¨ã—ã¦ Pod ã‚’ä½œæˆã™ã‚‹
$ kubectl apply -f sample-pod.yaml

kubectl get pods ã§ Pod ã®ä¸€è¦§ã‚’å–å¾—ã—ã¾ã™ã€‚å…ˆç¨‹ãƒžãƒ‹ãƒ•ã‚§ã‚¹ãƒˆãƒ•ã‚¡ã‚¤ãƒ«ã‚’é©ç”¨ã—ãŸ Pod ãŒå®Ÿè¡Œã•ã‚Œã¦ã„ã¾ã™ã€‚

# Pod ã®ä¸€è¦§ã‚’å–å¾—ã™ã‚‹
$ kubectl get pods
  
-------------------- å‡ºåŠ›ä¾‹ --------------------
  
NAME    READY   STATUS    RESTARTS   AGE
nginx   1/1     Running   0          2m15s

Pod ã®å…¬é–‹

Service ãƒªã‚½ãƒ¼ã‚¹ã¨ã—ã¦ NodePort ã‚’ä½œæˆã—ã¦ã€å…ˆç¨‹ä½œæˆã—ãŸ Pod ã® nginx ã‚³ãƒ³ãƒ†ãƒŠã« Minikube ã‚¯ãƒ©ã‚¹ã‚¿ã®å¤–éƒ¨ã‹ã‚‰æŽ¥ç¶šã§ãã‚‹ã‚ˆã†ã«ã—ã¾ã™ã€‚

Pod åŒæ§˜ã€Service ã‚‚ãƒžãƒ‹ãƒ•ã‚§ã‚¹ãƒˆãƒ•ã‚¡ã‚¤ãƒ«ã‹ã‚‰ä½œæˆã§ãã¾ã™ãŒã€ã“ã“ã§ã¯ç°¡æ˜“çš„ã« kubectl expose ã‚³ãƒžãƒ³ãƒ‰ã§ä½œæˆã—ã¾ã™ã€‚

# NodePort ã‚’ä½œæˆã—ã¦ Pod ã‚’å…¬é–‹ã™ã‚‹
$ kubectl expose pod/nginx --type=NodePort --port=80

kubectl get services ã‚³ãƒžãƒ³ãƒ‰ã§ Service ãƒªã‚½ãƒ¼ã‚¹ã®ä¸€è¦§ã‚’ç¢ºèªã—ã¾ã™ã€‚NodePort ã‚¿ã‚¤ãƒ—ã® Service ãŒä½œæˆã•ã‚Œã¦ã„ã¾ã™ï¼ˆ2è¡Œç›®ï¼‰ã€‚

# Service ã®ä¸€è¦§ã‚’å–å¾—ã™ã‚‹
$ kubectl get services
  
-------------------- å‡ºåŠ›ä¾‹ --------------------
  
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   10.96.0.1        <none>        443/TCP        49m
nginx        NodePort    10.110.131.236   <none>        80:30134/TCP   116s

minikube service nginx --url ã§ NodePort ã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ãŸã‚ã® URL ã‚’å–å¾—ã§ãã‚‹ãŸã‚ã€ã“ã® URL ã«ã‚¢ã‚¯ã‚»ã‚¹ã—ã¦ã¿ã¾ã™ã€‚ã“ã“ã¾ã§æ‰‹é †é€šã‚Šã«ãƒªã‚½ãƒ¼ã‚¹ã‚’ä½œæˆã—ã¦ã„ã‚Œã°ã€Pod å†…ã® nginx ã‚³ãƒ³ãƒ†ãƒŠã‹ã‚‰ãƒ¬ã‚¹ãƒãƒ³ã‚¹ãŒè¿”ã£ã¦ãã¾ã™ã€‚

$ curl $(minikube service nginx --url)
  
-------------------- å‡ºåŠ›ä¾‹ --------------------
  
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

ã‚¯ãƒªãƒ¼ãƒ³ã‚¢ãƒƒãƒ—

å‹•ä½œç¢ºèªç”¨ã«ä½œæˆã—ãŸå„ãƒªã‚½ãƒ¼ã‚¹ã‚’å‰Šé™¤ã—ã¾ã™ã€‚

Service ãƒªã‚½ãƒ¼ã‚¹ã‚’ kubectl delete ã‚³ãƒžãƒ³ãƒ‰ã§å‰Šé™¤ã—ã¾ã™ã€‚

# Service ã‚’å‰Šé™¤ã™ã‚‹
$ kubectl delete services nginx

Pod ã¯ãƒžãƒ‹ãƒ•ã‚§ã‚¹ãƒˆãƒ•ã‚¡ã‚¤ãƒ«ã‹ã‚‰ä½œæˆã—ãŸã®ã§ã€kubectl delete ã‚³ãƒžãƒ³ãƒ‰ã§ -f ãƒ•ãƒ©ã‚°ã‚’ä½¿ç”¨ã—ã€ãƒªã‚½ãƒ¼ã‚¹ä½œæˆæ™‚ã«ä½¿ç”¨ã—ãŸãƒžãƒ‹ãƒ•ã‚§ã‚¹ãƒˆãƒ•ã‚¡ã‚¤ãƒ«ã‚’æŒ‡å®šã—ã¾ã™ã€‚

# Pod ã‚’å‰Šé™¤ã™ã‚‹
$ kubectl delete -f sample-pod.yaml

ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ã®å–å¾—

Minikube ã‚’æ§‹ç¯‰ã—ãŸã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã®ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ã‚’å–å¾—ã—ã¦ãŠãã¨ã€å¦ç¿’ä¸ã«ç’°å¢ƒã‚’å£Šã—ã¦ã—ã¾ã£ãŸå ´åˆãªã©ã«å®¹æ˜“ã«å¾©å…ƒã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

ä»¥ä¸‹ã®è¨˜äº‹ã§ Compute Engine ã®ãƒžã‚·ãƒ³ã‚¤ãƒ¡ãƒ¼ã‚¸ã®å–å¾—æ–¹æ³•ã€ãŠã‚ˆã³ãƒžã‚·ãƒ³ã‚¤ãƒ¡ãƒ¼ã‚¸ã‹ã‚‰ã®ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã®å¾©å…ƒæ–¹æ³•ã‚’è§£èª¬ã—ã¦ã„ã‚‹ã®ã§ã€ã“ã¡ã‚‰ã®æ‰‹é †ã‚’å‚è€ƒã«ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ã‚’å–å¾—ã—ã¦ãŠãã¨ã‚ˆã„ã§ã—ã‚‡ã†ã€‚

å‚è€ƒ : Compute Engineã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã«PostgreSQLã‚µãƒ¼ãƒã‚’æ§‹ç¯‰ã™ã‚‹ - ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ã®å–å¾—ã¨ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã®å¾©å…ƒ

ã‚³ãƒã‚¯ãƒ†ãƒƒãƒ‰ã‚·ãƒ¼ãƒˆã®æŠ½å‡ºæ©Ÿèƒ½ã§è¡Œæ•°åˆ¶é™ã‚’10ä¸‡è¡Œä»¥ä¸Šã«ã™ã‚‹æ–¹æ³•

2024-12-26T09:00:00+09:00

G-gen ã®å ‚åŽŸã§ã™ã€‚å½“è¨˜äº‹ã§ã¯ã€Google ã‚¹ãƒ—ãƒ¬ãƒƒãƒ‰ã‚·ãƒ¼ãƒˆï¼ˆGoogle Sheetsï¼‰ã®æ©Ÿèƒ½ã§ã‚ã‚‹ã‚³ãƒã‚¯ãƒ†ãƒƒãƒ‰ã‚·ãƒ¼ãƒˆã§ã€ãƒ‡ãƒ¼ã‚¿ã®æŠ½å‡ºæ©Ÿèƒ½ã‚’ä½¿ã†éš›ã€è¡Œæ•°åˆ¶é™ãŒ10ä¸‡è¡Œã¾ã§ã—ã‹é¸ã¹ãªã„å ´åˆã®å¯¾å‡¦æ³•ã‚’ç´¹ä»‹ã—ã¾ã™ã€‚

ã‚³ãƒã‚¯ãƒ†ãƒƒãƒ‰ã‚·ãƒ¼ãƒˆã¨ã¯
- æ¦‚è¦
- ãƒ‡ãƒ¼ã‚¿ã®æŠ½å‡º
äº‹è±¡
è§£æ±ºæ–¹æ³•

ã‚³ãƒã‚¯ãƒ†ãƒƒãƒ‰ã‚·ãƒ¼ãƒˆã¨ã¯

æ¦‚è¦

ã‚³ãƒã‚¯ãƒ†ãƒƒãƒ‰ã‚·ãƒ¼ãƒˆï¼ˆConnected Sheetsï¼‰ã¯ã€Google ã‚¹ãƒ—ãƒ¬ãƒƒãƒ‰ã‚·ãƒ¼ãƒˆã®æ©Ÿèƒ½ã§ã™ã€‚ã‚³ãƒã‚¯ãƒ†ãƒƒãƒ‰ã‚·ãƒ¼ãƒˆã‚’ç”¨ã„ã‚‹ã¨ã€Google Cloudï¼ˆæ—§ç§° GCPï¼‰ã®ãƒ‡ãƒ¼ã‚¿åˆ†æžã‚µãƒ¼ãƒ“ã‚¹ã§ã‚ã‚‹ BigQuery ã®ãƒ†ãƒ¼ãƒ–ãƒ«ã‚„ãƒ“ãƒ¥ãƒ¼ã‚’ Google ã‚¹ãƒ—ãƒ¬ãƒƒãƒ‰ã‚·ãƒ¼ãƒˆä¸Šã§å¯è¦–åŒ–ã€åˆ†æžã§ãã¾ã™ã€‚

è©³ã—ãã¯ä»¥ä¸‹ã®è¨˜äº‹ã‚’ã”å‚ç…§ãã ã•ã„ã€‚

blog.g-gen.co.jp

ãƒ‡ãƒ¼ã‚¿ã®æŠ½å‡º

ãƒ‡ãƒ¼ã‚¿ã®æŠ½å‡ºã¯ã€BigQuery ã®ãƒ‡ãƒ¼ã‚¿ã‚’ã‚¹ãƒ—ãƒ¬ãƒƒãƒ‰ã‚·ãƒ¼ãƒˆã«å–ã‚Šè¾¼ã‚€æ©Ÿèƒ½ã§ã™ã€‚ãƒ‡ãƒ¼ã‚¿ã®æŠ½å‡ºã‚’è¡Œã†ã¨ãƒ‡ãƒ¼ã‚¿ã®å‡¦ç†ãŒã‚¹ãƒ—ãƒ¬ãƒƒãƒ‰ã‚·ãƒ¼ãƒˆä¸Šã§å®Œçµã™ã‚‹ãŸã‚ã€BigQuery ã®æ–™é‡‘ã‚’æŠ‘ãˆã‚‹ã“ã¨ãŒå‡ºæ¥ã¾ã™ã€‚åå¯¾ã«ãƒ‡ãƒ¼ã‚¿ã®æŠ½å‡ºã‚’è¡Œã‚ãªã„ã¨ã€é–¢æ•°ã‚’ç”¨ã„ã¦ãƒ‡ãƒ¼ã‚¿ã‚’è¨ˆç®—ã™ã‚‹ã¨ãç‰ã«éƒ½åº¦ BigQuery ã«ãƒªã‚¯ã‚¨ã‚¹ãƒˆãŒç™ºè¡Œã•ã‚Œã‚‹ãŸã‚ã€BigQuery ã®ã‚¹ã‚ãƒ£ãƒ³æ–™é‡‘ãŒç™ºç”Ÿã—ã¾ã™ã€‚

ãƒ‡ãƒ¼ã‚¿ã®æŠ½å‡ºæ©Ÿèƒ½ã§ã¯ã€æœ€å¤§ 500,000 è¡Œã®ãƒ‡ãƒ¼ã‚¿ã‚’æŠ½å‡ºã™ã‚‹ã“ã¨ãŒå¯èƒ½ã§ã™ã€‚ãŸã ã—ã€ãƒ‡ãƒ¼ã‚¿ã‚µã‚¤ã‚ºã¯ 10 MB ä»¥ä¸‹ã€ç·ã‚»ãƒ«æ•°ã¯ 5,000,000 ä»¥ä¸‹ã¨ã„ã†åˆ¶é™ã‚‚ã‚ã‚Šã¾ã™ã€‚

å‚è€ƒ : Analyze & refresh BigQuery data in Google Sheets using Connected Sheets > Pull data into an extract

äº‹è±¡

ãƒ‡ãƒ¼ã‚¿ã®æŠ½å‡ºæ©Ÿèƒ½ã¯ã€å…ˆè¿°ã®é€šã‚Šæœ€å¤§ 500,000 è¡Œã®ãƒ‡ãƒ¼ã‚¿æŠ½å‡ºãŒå¯èƒ½ã§ã™ã€‚

ã—ã‹ã—2024å¹´12æœˆç¾åœ¨ã€Google ã‚¹ãƒ—ãƒ¬ãƒƒãƒ‰ã‚·ãƒ¼ãƒˆã®è¨å®šç”»é¢ã§ãƒ‡ãƒ¼ã‚¿ã®æŠ½å‡ºã‚’è¨å®šã—ã‚ˆã†ã¨ã™ã‚‹ã¨ã€è¡Œæ•°åˆ¶é™ãŒ 100,000 è¡Œã¾ã§ã—ã‹é¸æŠžã§ãã¾ã›ã‚“ã€‚

ã‚‚ã¡ã‚ã‚“ã€ã“ã®çŠ¶æ…‹ã§è¨å®šã‚’é©ç”¨ã—ã¦ã‚‚ã€100,000 è¡Œã¾ã§ã—ã‹ãƒ‡ãƒ¼ã‚¿ã¯å‡ºåŠ›ã•ã‚Œã¾ã›ã‚“ã€‚ãªãŠå½“è¨˜äº‹ã®æ¤œè¨¼ã§ã¯ kaggle ã§å…¬é–‹ã•ã‚Œã¦ã„ã‚‹ Black Friday ã®ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆã‚’ç”¨ã„ã¦ãŠã‚Šã€ãƒ¬ã‚³ãƒ¼ãƒ‰æ•°ã¯ 550,068 è¡Œã§ã™ã€‚

å…¨ã¦ã® Google Workspace ç’°å¢ƒã§ã“ã®ã‚ˆã†ãªçŠ¶æ³ãŒè¦‹ã‚‰ã‚Œã‚‹ã‹ã¯æœªç¢ºèªã§ã™ãŒã€å½“ç¤¾ãŒæ‰€æœ‰ã™ã‚‹è¤‡æ•°ã® Google Workspace ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã§ã¯ã€2024å¹´12æœˆç¾åœ¨ã€ã„ãšã‚Œã‚‚åŒæ§˜ã®äº‹è±¡ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚

è§£æ±ºæ–¹æ³•

å•é¡Œã¨ãªã£ã¦ã„ã‚‹è¡Œæ•°åˆ¶é™ã®è¨å®šç®‡æ‰€ã«ã¯ã€å®Ÿã¯ç›´æŽ¥æ•°å—ã‚’æ›¸ãè¾¼ã‚€ã“ã¨ãŒã§ãã¾ã™ã€‚

æ‰‹å‹•ã§ã€Œ123,456ã€ã‚’æ›¸ãè¾¼ã‚“ã ä¾‹

ãã®ãŸã‚ã€100,000 è¡Œä»¥ä¸Šã®ãƒ¬ã‚³ãƒ¼ãƒ‰ã‚’è¡¨ç¤ºã•ã›ãŸã„å ´åˆã¯æ‰‹å‹•ã§æ•°å—ã‚’æ›¸ãæ›ãˆã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚ã“ã®ä¾‹ã§ã¯ç›´æŽ¥ã€Œ500,000ã€ã¨æ›¸ãè¾¼ã‚€ã“ã¨ã§ã€ä¸‹å›³ã®ã‚ˆã†ã« 500,000 è¡Œã¾ã§ãƒ¬ã‚³ãƒ¼ãƒ‰ã‚’è¡¨ç¤ºã•ã›ã‚‹ã“ã¨ãŒã§ãã¾ã—ãŸã€‚

ãŸã ã—å…ˆè¿°ã®é€šã‚Šã€ãƒ‡ãƒ¼ã‚¿ã‚µã‚¤ã‚ºã¯ 10 MB ä»¥ä¸‹ã€ç·ã‚»ãƒ«æ•°ã¯ 5,000,000 ä»¥ä¸‹ã¨ã„ã†åˆ¶é™ã‚‚åŒæ™‚ã«é©ç”¨ã•ã‚Œã‚‹ãŸã‚ã€ã©ã‚Œã‹ã«æŠµè§¦ã—ãŸå ´åˆã¯ãã‚ŒãŒä¸Šé™ã¨ãªã‚Šã¾ã™ã€‚

ã‚»ãƒ«æ•°ãŒ 5,000,000 ã‚’è¶…ãˆãŸéš›ã®ã‚¨ãƒ©ãƒ¼

Direct VPC EgressçµŒç”±ã§Cloud NATã‚’åˆ©ç”¨ã™ã‚‹ã¨Cloud NATã®ãƒ¢ãƒ‹ã‚¿ãƒªãƒ³ã‚°æŒ‡æ¨™ãŒè¨˜éŒ²ã•ã‚Œãªã„

2024-12-25T09:00:00+09:00

G-gen ã®ä½ã€…æœ¨ã§ã™ã€‚å½“è¨˜äº‹ã§ã¯ã€Direct VPC Egress ã‚’çµŒç”±ã—ã¦ Cloud NAT ã‚’åˆ©ç”¨ã™ã‚‹éš›ã®æ³¨æ„ç‚¹ã¨ã—ã¦ã€Cloud NAT ã®ãƒ¢ãƒ‹ã‚¿ãƒªãƒ³ã‚°æŒ‡æ¨™ãŒ Cloud Monitoring ã«è¨˜éŒ²ã•ã‚Œãªã„ä»•æ§˜ã«ã¤ã„ã¦è§£èª¬ã—ã¾ã™ã€‚

Direct VPC Egress çµŒç”±ã® Cloud NAT åˆ©ç”¨
åˆ¶é™äº‹é …
æƒ³å®šã•ã‚Œã‚‹å•é¡Œ
å¯¾ç–

Direct VPC Egress çµŒç”±ã® Cloud NAT åˆ©ç”¨

Cloud Run ã‚„ Cloud Run functionsï¼ˆæ—§ç§° Cloud Functiionsï¼‰ãªã©ã®ã‚µãƒ¼ãƒãƒ¼ãƒ¬ã‚¹ ã‚³ãƒ³ãƒ”ãƒ¥ãƒ¼ãƒ†ã‚£ãƒ³ã‚° ã‚µãƒ¼ãƒ“ã‚¹ã§ã¯ã€å‡¦ç†ã‚’è¡Œã†éš›ã«ã ã‘å®Ÿè¡Œç’°å¢ƒã‚’èµ·å‹•ã—ã€å‡¦ç†ã‚’ã—ãªã„ã¨ãã¯å®Ÿè¡Œç’°å¢ƒã‚’åœæ¢ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ã“ã®ãŸã‚å®Ÿè¡Œç’°å¢ƒãŒèµ·å‹•ã™ã‚‹ãŸã³ã«ã€å®Ÿè¡Œç’°å¢ƒã® IP ã‚¢ãƒ‰ãƒ¬ã‚¹ã¯å¤‰ã‚ã£ã¦ã—ã¾ã„ã¾ã™ã€‚

ã“ã‚Œã‚‰ã®å®Ÿè¡Œç’°å¢ƒã‹ã‚‰ã€æŽ¥ç¶šå…ƒ IP ã‚¢ãƒ‰ãƒ¬ã‚¹ãŒåˆ¶é™ã•ã‚Œã¦ã„ã‚‹å¤–éƒ¨ã® Web API ç‰ã¸ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚’é€ä¿¡ã™ã‚‹å ´åˆã€å®Ÿè¡Œç’°å¢ƒã®å¤–éƒ¨ IP ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’å›ºå®šã™ã‚‹å¿…è¦ãŒã§ã¦ãã¾ã™ã€‚ã“ã®ã¨ãã€Cloud NAT ã‚’ä½¿ç”¨ã™ã‚‹ã“ã¨ã§ã€å¤–éƒ¨ã‚¢ã‚¯ã‚»ã‚¹ã«ä½¿ç”¨ã•ã‚Œã‚‹ IP ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’å›ºå®šã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚Cloud NAT ã¯ VPC ã«ç´ä»˜ã„ãŸãƒªã‚½ãƒ¼ã‚¹ã§ã‚ã‚‹ãŸã‚ã€Cloud Run ç‰ã‹ã‚‰ VPC ã«æŽ¥ç¶šã™ã‚‹ãŸã‚ã«ã¯ Direct VPC Egress ã‚’ä½¿ç”¨ã—ã¾ã™ã€‚

å‚è€ƒ : Cloud NAT ã®æ¦‚è¦
å‚è€ƒ : ãƒ€ã‚¤ãƒ¬ã‚¯ãƒˆ VPC ä¸‹ã‚Šï¼ˆå¤–å‘ãï¼‰

Cloud Run ã§ Direct VPC Egress ã‚’ä½¿ç”¨ã—ã¦ Cloud NAT ã§å¤–éƒ¨ IP ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’å›ºå®šã™ã‚‹æ–¹æ³•ã«ã¤ã„ã¦ã¯ã€ä»¥ä¸‹ã®è¨˜äº‹ã§è§£èª¬ã—ã¦ã„ã¾ã™ã€‚

blog.g-gen.co.jp

ã¾ãŸã€Direct VPC Egress ã®è©³ç´°ã«ã¤ã„ã¦ã¯ä»¥ä¸‹ã®è¨˜äº‹ã‚’ã”ä¸€èªãã ã•ã„ã€‚

blog.g-gen.co.jp

åˆ¶é™äº‹é …

Cloud Run ã®å…¬å¼ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã«ã¯ Direct VPC Egress ã®åˆ¶é™äº‹é …ãŒè¨˜è¼‰ã•ã‚Œã¦ã„ã‚‹ã»ã‹ã€Cloud NAT ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã«ã‚‚åˆ¶é™ãŒè¨˜è¼‰ã•ã‚Œã¦ã„ã¾ã™ã€‚

å‚è€ƒ : Direct VPC egress with a VPC network - Limitations
å‚è€ƒ : Cloud NAT product interactions - Direct VPC egress interactions

å¾Œè€…ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã«ã¯ã€ä»¥ä¸‹ã®ã‚ˆã†ãªåˆ¶é™ãŒè¨˜è¼‰ã•ã‚Œã¦ã„ã¾ã™ã€‚

Direct VPC Egress ã® Cloud NAT æŒ‡æ¨™ã¯ Cloud Monitoring ã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã•ã‚Œãªã„
Direct VPC Egress ã® Cloud NAT ãƒã‚°ã«ã¯ã€ç™ºä¿¡å…ƒã® Cloud Run ã‚µãƒ¼ãƒ“ã‚¹ã€ãƒªãƒ“ã‚¸ãƒ§ãƒ³ã€ã‚¸ãƒ§ãƒ–ã®åå‰ã¯è¡¨ç¤ºã•ã‚Œãªã„
Direct VPC Egress ã§ã¯ãƒ—ãƒ©ã‚¤ãƒ™ãƒ¼ãƒˆ NAT ãŒä½¿ç”¨ã§ããªã„

å½“è¨˜äº‹ã§ã¯ã“ã‚Œã‚‰ã®3ã¤ã®åˆ¶é™ã®ã†ã¡ã€1 ã®ãƒ¢ãƒ‹ã‚¿ãƒªãƒ³ã‚°ã«é–¢ã™ã‚‹åˆ¶é™ã«ã¤ã„ã¦æŽ˜ã‚Šä¸‹ã’ã¾ã™ã€‚

æƒ³å®šã•ã‚Œã‚‹å•é¡Œ

å‰è¿°ã® 1 ã®åˆ¶é™ã¯ã€Direct VPC Egress çµŒç”±ã§ Cloud Run ã‚„ Cloud Run functions ã‹ã‚‰ Cloud NAT ãŒåˆ©ç”¨ã•ã‚ŒãŸå ´åˆã€ãã®åˆ©ç”¨çŠ¶æ³ãŒ Cloud Monitoring ã§å¯è¦–åŒ–ã§ããªã„ã“ã¨ã‚’æ„å‘³ã—ã¦ã„ã¾ã™ã€‚

Direct VPC EgressçµŒç”±ã§Cloud NATã‚’ä½¿ç”¨ã™ã‚‹ã¨ã€Cloud NATã®ãƒ¢ãƒ‹ã‚¿ãƒªãƒ³ã‚°æŒ‡æ¨™ãŒè¡¨ç¤ºã•ã‚Œãªã„

ã“ã®å ´åˆã€Cloud NAT ã«é«˜è² è·ãŒåŽŸå› ã§å•é¡ŒãŒç”Ÿã˜ãŸã¨ãã®åŽŸå› èª¿æŸ»ãŒé›£ã—ããªã‚Šã¾ã™ã€‚ãŸã¨ãˆã°ä»¥ä¸‹ã®è¨˜äº‹ã§ç´¹ä»‹ã—ã¦ã„ã‚‹ã‚±ãƒ¼ã‚¹ã§ã¯ã€Cloud Run ã‹ã‚‰ã®å…¨ã¦ã®ã‚¢ã‚¦ãƒˆãƒã‚¦ãƒ³ãƒ‰ ãƒˆãƒ©ãƒ•ã‚£ãƒƒã‚¯ãŒæ„å›³ã›ãš Cloud NAT ã«å‘ã‹ã£ã¦ã—ã¾ã£ãŸã“ã¨ã§ã€Cloud NAT ãŒåˆ©ç”¨ã§ãã‚‹ãƒãƒ¼ãƒˆæ•°ãŒä¸Šé™ã«é”ã—ã¦ã—ã¾ã„ã€æŽ¥ç¶šã‚¨ãƒ©ãƒ¼ãŒå¤šç™ºã™ã‚‹çŠ¶æ³ã«ãªã‚Šã¾ã—ãŸã€‚

blog.g-gen.co.jp

ã“ã®ã‚±ãƒ¼ã‚¹ã«ãŠã‘ã‚‹ Cloud NAT ã®é«˜è² è·ã¯è¨å®šãƒŸã‚¹ã«ã‚ˆã£ã¦èµ·ã“ã£ãŸã‚‚ã®ã§ã™ãŒã€ãƒªã‚¯ã‚¨ã‚¹ãƒˆã®æ€¥å¢—ã«ã‚ˆã‚Š Cloud Run ãŒã‚¹ã‚±ãƒ¼ãƒ«ã—ãŸå ´åˆãªã©ã€é€šå¸¸ã®åˆ©ç”¨æ™‚ã«ã‚‚ç™ºç”Ÿã™ã‚‹å¯èƒ½æ€§ã¯ã‚ã‚Šã¾ã™ã€‚æœ¬æ¥ Cloud NAT ã®ãƒãƒ¼ãƒˆä½¿ç”¨çŠ¶æ³ã¯ Cloud Monitoring ã§å¯è¦–åŒ–ã§ãã¾ã™ãŒã€Direct VPC Egress çµŒç”±ã®ãƒˆãƒ©ãƒ•ã‚£ãƒƒã‚¯ã«ã¤ã„ã¦ã¯ã€ã“ã®æŒ‡æ¨™ãŒè¨˜éŒ²ã•ã‚Œã¾ã›ã‚“ã€‚

å¯¾ç–

Cloud NAT ã®ãƒã‚°ã‚’æœ‰åŠ¹ã«ã™ã‚‹

Cloud NAT ã®ãƒã‚°ã¯ä½œæˆæ™‚ã®ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§ã¯ç„¡åŠ¹ã«ãªã£ã¦ã„ã¾ã™ãŒã€ã“ã‚Œã‚’æœ‰åŠ¹åŒ–ã™ã‚‹ã“ã¨ã§ã€ã‚¨ãƒ©ãƒ¼ãƒã‚°ã‹ã‚‰ Cloud NAT ã®ç•°å¸¸ã‚’æ¤œçŸ¥ã§ãã‚‹å¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚

ãŸã ã—ã€å‰è¿°ã®åˆ¶é™äº‹é …ã«è¨˜è¼‰ã—ãŸã‚ˆã†ã«ã€Direct VPC Egress ã® Cloud NAT ãƒã‚°ã«ã¯ç™ºä¿¡å…ƒã®æƒ…å ±ãŒè¨˜éŒ²ã•ã‚Œãªã„ç‚¹ã«ã¯æ³¨æ„ãŒå¿…è¦ã§ã™ã€‚

Cloud NATã®ãƒã‚°ã‚’æœ‰åŠ¹åŒ–ã™ã‚‹

Cloud NAT ã®ãƒãƒ¼ãƒˆå‰²ã‚Šå½“ã¦æ•°ã«ä½™è£•ã‚’ã‚‚ãŸã›ã‚‹

Cloud NAT ã«ã¯åˆ©ç”¨ã§ãã‚‹ãƒãƒ¼ãƒˆæ•°ã‚’å‹•çš„ã«å¤‰æ›´ã™ã‚‹å‹•çš„ãƒãƒ¼ãƒˆã®å‰²ã‚Šå½“ã¦æ©Ÿèƒ½ãŒã‚ã‚Šã¾ã™ã€‚ã—ã‹ã—ã€å‹•çš„ãƒãƒ¼ãƒˆã®å‰²ã‚Šå½“ã¦ã‚’ä½¿ã†ã¨ã€ãƒãƒ¼ãƒˆæ•°ãŒã‚¹ã‚±ãƒ¼ãƒ«ã‚¢ã‚¦ãƒˆã™ã‚‹ã‚¿ã‚¤ãƒŸãƒ³ã‚°ã§ãƒ‘ã‚±ãƒƒãƒˆãŒãƒ‰ãƒãƒƒãƒ—ã—ã¦ã—ã¾ã†å•é¡ŒãŒã‚ã‚Šã¾ã™ã€‚

å‹•çš„ãƒãƒ¼ãƒˆã®å‰²ã‚Šå½“ã¦ã‚’ä½¿ç”¨ã—ãªã„å ´åˆã€é™çš„ã«ãƒãƒ¼ãƒˆã®å‰²ã‚Šå½“ã¦ãŒè¡Œã‚ã‚Œã¾ã™ã€‚ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§ã¯64å€‹ã®ãƒãƒ¼ãƒˆãŒåˆ©ç”¨ã§ãã¾ã™ãŒã€æ‰‹å‹•ã§å¤‰æ›´ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

å‚è€ƒ : é™çš„ãƒãƒ¼ãƒˆã®å‰²ã‚Šå½“ã¦

Direct VPC Egress ã‚’ä½¿ç”¨ã—ã¦ã„ã‚‹ã¨ãã¯ Cloud NAT ã®æŒ‡æ¨™ãŒåˆ©ç”¨ã§ããªã„ãŸã‚ã€é©åˆ‡ãªãƒãƒ¼ãƒˆæ•°ã‚’æ¤œè¨Žã™ã‚‹ã“ã¨ã‚‚é›£ã—ã„ã§ã™ãŒã€å•é¡ŒãŒèµ·ã“ã£ãŸã¨ãã«ãƒãƒ¼ãƒˆæ•°ã‚’å¢—ã‚„ã™é¸æŠžè‚¢ãŒã‚ã‚‹ã“ã¨ã¯ç†è§£ã—ã¦ãŠãã¨ã‚ˆã„ã§ã—ã‚‡ã†ã€‚

ã‚µãƒ¼ãƒãƒ¼ãƒ¬ã‚¹ VPC ã‚¢ã‚¯ã‚»ã‚¹ã‚’åˆ©ç”¨ã™ã‚‹

ã‚µãƒ¼ãƒãƒ¼ãƒ¬ã‚¹ VPC ã‚¢ã‚¯ã‚»ã‚¹çµŒç”±ã§ Cloud NAT ã‚’ä½¿ç”¨ã™ã‚‹å ´åˆã€Direct VPC Egress ã¨æ¯”è¼ƒã—ã¦æ–™é‡‘ã‚„ãƒ‘ãƒ•ã‚©ãƒ¼ãƒžãƒ³ã‚¹é¢ã®ãƒ‡ãƒ¡ãƒªãƒƒãƒˆã¯ã‚ã‚Šã¾ã™ãŒã€å½“è¨˜äº‹ã§è§£èª¬ã—ãŸãƒ¢ãƒ‹ã‚¿ãƒªãƒ³ã‚°ã«é–¢ã™ã‚‹å•é¡Œã¯ç™ºç”Ÿã—ã¾ã›ã‚“ã€‚

å‚è€ƒ : ã‚µãƒ¼ãƒãƒ¼ãƒ¬ã‚¹ VPC ã‚¢ã‚¯ã‚»ã‚¹

Cloud Run ã§ã‚µãƒ¼ãƒãƒ¼ãƒ¬ã‚¹ VPC ã‚¢ã‚¯ã‚»ã‚¹ã‚’ä½¿ç”¨ã—ã¦ Cloud NAT ã§å¤–éƒ¨ IP ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’å›ºå®šã™ã‚‹æ–¹æ³•ã«ã¤ã„ã¦ã¯ã€ä»¥ä¸‹ã®è¨˜äº‹ã§è§£èª¬ã—ã¦ã„ã¾ã™ã€‚

blog.g-gen.co.jp

å…¨Geminiãƒ—ãƒãƒ€ã‚¯ãƒˆã‚’å¾¹åº•è§£èª¬ï¼

2024-12-24T09:00:00+09:00

G-gen ã®ç±³å·ã§ã™ã€‚Google ãŒé–‹ç™ºã—ãŸå¤§è¦æ¨¡è¨€èªžãƒ¢ãƒ‡ãƒ« Gemini ã¯ã€ãã®é«˜ã„æ€§èƒ½ã¨å¤šå²ã«ã‚ãŸã‚‹ãƒ—ãƒãƒ€ã‚¯ãƒˆå±•é–‹ã§æ³¨ç›®ã‚’é›†ã‚ã¦ã„ã¾ã™ã€‚å½“è¨˜äº‹ã§ã¯ã€Gemini ãƒ—ãƒãƒ€ã‚¯ãƒˆã®å…¨è²Œã‚’ç¶²ç¾…çš„ã«è§£èª¬ã—ã¾ã™ã€‚

ã¯ã˜ã‚ã«
ç”Ÿæˆ AI åŸºç›¤ãƒ¢ãƒ‡ãƒ« ã¨ã—ã¦ã® Gemini
Gemini ãƒ—ãƒãƒ€ã‚¯ãƒˆ
å°Žå…¥ã™ã¹ã Gemini ãƒ—ãƒãƒ€ã‚¯ãƒˆ
ãƒ“ã‚¸ãƒã‚¹å°Žå…¥ã«ãŠã‘ã‚‹æ³¨æ„ç‚¹
å°Žå…¥äº‹ä¾‹

ã¯ã˜ã‚ã«

Gemini ã¯ã€Google ãŒé–‹ç™ºã—ãŸç”Ÿæˆ AI åŸºç›¤ãƒ¢ãƒ‡ãƒ«ã€ãŠã‚ˆã³ãã‚Œã‚’åˆ©ç”¨ã—ãŸç”Ÿæˆ AI ãƒ—ãƒãƒ€ã‚¯ãƒˆç¾¤ã§ã™ã€‚Gemini ã‚’ç”¨ã„ãŸãƒ—ãƒãƒ€ã‚¯ãƒˆã«ã¯ã€ä»¥ä¸‹ãŒã‚ã‚Šã¾ã™ã€‚

ãƒ—ãƒãƒ€ã‚¯ãƒˆå	æ¦‚è¦
Gemini ã‚¢ãƒ—ãƒª	ãƒ–ãƒ©ã‚¦ã‚¶ã‚„ãƒ¢ãƒã‚¤ãƒ«ã‚¢ãƒ—ãƒªã‹ã‚‰åˆ©ç”¨ãªç”Ÿæˆ AI ãƒãƒ£ãƒƒãƒˆã‚¢ãƒ—ãƒª
Gemini for Google Workspace	Google Workspace ã«çµ„ã¿è¾¼ã¾ã‚ŒãŸæ¥å‹™è£œåŠ© AI
Gemini for Google Cloud	Google Cloud ä¸Šã®é–‹ç™ºã‚’åŠ¹çŽ‡åŒ–ã™ã‚‹ãƒ„ãƒ¼ãƒ«ç¾¤
Generative AI on Vertex AI	Google Cloud ã® Vertex AI API çµŒç”±ã§ Gemini ãƒ¢ãƒ‡ãƒ«ã‚’å‘¼ã³å‡ºã—
Gemini API	Google AI Studio ã® API çµŒç”±ã§ Gemini ãƒ¢ãƒ‡ãƒ«ã‚’å‘¼ã³å‡ºã—

ãã‚Œãžã‚Œã«ç•°ãªã‚‹æ©Ÿèƒ½ã‚„ç‰¹å¾´ãŒã‚ã‚Šã€ãƒ“ã‚¸ãƒã‚¹ã‚·ãƒ¼ãƒ³ã«åˆã‚ã›ã¦æœ€é©ãªãƒ—ãƒãƒ€ã‚¯ãƒˆã‚’é¸æŠžã§ãã¾ã™ã€‚å½“è¨˜äº‹ã§ã¯ã“ã‚Œã‚‰ã‚’ Gemini ãƒ—ãƒãƒ€ã‚¯ãƒˆã¨å‘¼ç§°ã—ã¦ã€ãã‚Œãžã‚Œç´¹ä»‹ã—ã¾ã™ã€‚

Gemini ãƒ—ãƒãƒ€ã‚¯ãƒˆä¸€è¦§

ç”Ÿæˆ AI åŸºç›¤ãƒ¢ãƒ‡ãƒ« ã¨ã—ã¦ã® Gemini

ãƒ¢ãƒ‡ãƒ«ã¨ã¯

ã¾ãšã€æ©Ÿæ¢°å¦ç¿’ã«ãŠã‘ã‚‹ãƒ¢ãƒ‡ãƒ«ã¨ã¯ã€å¤§é‡ã®ãƒ‡ãƒ¼ã‚¿ã‹ã‚‰ãƒ‘ã‚¿ãƒ¼ãƒ³ã‚„ãƒ«ãƒ¼ãƒ«ã‚’å¦ç¿’ã—ã€ç‰¹å®šã®ã‚¿ã‚¹ã‚¯ã‚’å®Ÿè¡Œã§ãã‚‹ã‚ˆã†ã«ãªã£ãŸä»•çµ„ã¿ã®ã“ã¨ã‚’æŒ‡ã—ã¾ã™ã€‚

ä¾‹ãˆã°ç”»åƒèªè˜ãƒ¢ãƒ‡ãƒ«ã¯ã€ãŸãã•ã‚“ã®çŒ«ã®ç”»åƒãƒ‡ãƒ¼ã‚¿ã‹ã‚‰ã€â€œçŒ«ã‚‰ã—ã•â€ ã‚’å¦ç¿’ã™ã‚‹ã“ã¨ã§ã€äººãŒæ•™ãˆã‚‹ã“ã¨ãªãåˆã‚ã¦è¦‹ã‚‹çŒ«ã®ç”»åƒã§ã‚‚ã€Œã“ã‚Œã¯çŒ«ã ã€ã¨èªè˜ã§ãã¾ã™ã€‚

Gemini ã‚‚æ©Ÿæ¢°å¦ç¿’ãƒ¢ãƒ‡ãƒ«ã®1ã¤ã§ã™ã€‚Gemini ã¯ãƒžãƒ«ãƒãƒ¢ãƒ¼ãƒ€ãƒ«ãªç”Ÿæˆ AI ãƒ¢ãƒ‡ãƒ«ã§ã™ã€‚ãƒžãƒ«ãƒãƒ¢ãƒ¼ãƒ€ãƒ«ãªãƒ¢ãƒ‡ãƒ«ã¨ã¯ã€ãƒ†ã‚ã‚¹ãƒˆã€ç”»åƒã€éŸ³å£°ã€å‹•ç”»ãªã©ã€è¤‡æ•°ã®ç¨®é¡žã®æƒ…å ±ã‚’ç†è§£ã—ã€ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã‚’ç”Ÿæˆã™ã‚‹ã“ã¨ãŒã§ãã‚‹ã“ã¨ã‚’æŒ‡ã—ã¾ã™ã€‚

å½“è¨˜äº‹ã§ç´¹ä»‹ã™ã‚‹ Gemini ãƒ—ãƒãƒ€ã‚¯ãƒˆã¯ã€ã“ã® Gemini ãƒ¢ãƒ‡ãƒ«ã‚’ç”¨ã„ã¦ã„ã¾ã™ã€‚

Gemini ã®ãƒ¢ãƒ‡ãƒ«ãƒ•ã‚¡ãƒŸãƒªãƒ¼

Gemini ãƒ¢ãƒ‡ãƒ«ãƒ•ã‚¡ãƒŸãƒªãƒ¼

Gemini ã®ãƒ¢ãƒ‡ãƒ«ã«ã¯è¤‡æ•°ã®ç¨®é¡žãŒã‚ã‚Šã€ãã‚Œãžã‚Œå¾—æ„ãªã‚¿ã‚¹ã‚¯ã‚„èƒ½åŠ›ãŒç•°ãªã‚Šã¾ã™ã€‚Gemini ã‚¢ãƒ—ãƒªã‚„ Gemini for Google Workspace ã«çµ„ã¿è¾¼ã¾ã‚Œã¦ã„ã‚‹ãƒ¢ãƒ‡ãƒ«ã‚„ã€Google Cloud ã‹ã‚‰ API çµŒç”±ã§åˆ©ç”¨ã§ãã‚‹ãƒ¢ãƒ‡ãƒ«ã«ã¯ã€ä»¥ä¸‹ã®ã‚ˆã†ãªã‚‚ã®ãŒã‚ã‚Šã¾ã™ã€‚

Gemini Ultra
Gemini ãƒ•ã‚¡ãƒŸãƒªãƒ¼ã®ä¸ã§ã‚‚æœ€ã‚‚é«˜æ€§èƒ½ãªãƒ¢ãƒ‡ãƒ«ã§ã™ã€‚è¤‡é›‘ãªæŽ¨è«–ã‚„é«˜åº¦ãªã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ãªã©ã€å°‚é–€çš„ãªçŸ¥è˜ã‚’å¿…è¦ã¨ã™ã‚‹ã‚¿ã‚¹ã‚¯ã«å„ªã‚Œã¦ã„ã¾ã™ã€‚

Gemini Pro
å¹…åºƒã„ã‚¿ã‚¹ã‚¯ã«å¯¾å¿œã§ãã‚‹æ±Žç”¨æ€§ã®é«˜ã„ãƒ¢ãƒ‡ãƒ«ã§ã™ã€‚æ–‡ç« ç”Ÿæˆã€ç¿»è¨³ã€è³ªç–‘å¿œç”ãªã©ã€æ§˜ã€…ãªç”¨é€”ã§åˆ©ç”¨ã§ãã¾ã™ã€‚

Gemini Flash
é«˜é€Ÿãªå¿œç”é€Ÿåº¦ã‚’èª‡ã‚‹ãƒ¢ãƒ‡ãƒ«ã§ã™ã€‚ãƒ¬ã‚¤ãƒ†ãƒ³ã‚·ãŒé‡è¦ãªã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã«æœ€é©ã§ã™ã€‚

Gemini Nano
è»½é‡ãªãƒ¢ãƒ‡ãƒ«ã§ã™ã€‚ã‚¹ãƒžãƒ¼ãƒˆãƒ•ã‚©ãƒ³ãªã©ã®ãƒ‡ãƒã‚¤ã‚¹ä¸Šã§å‹•ä½œã™ã‚‹ã‚ˆã†ã«è¨è¨ˆã•ã‚Œã¦ãŠã‚Šã€é™ã‚‰ã‚ŒãŸè¨ˆç®—è³‡æºã§ã‚‚åŠ¹çŽ‡çš„ã«å‹•ä½œã—ã¾ã™ã€‚

ã“ã‚Œã‚‰ã®ãƒ¢ãƒ‡ãƒ«ã¯ã€Gemini ãƒ—ãƒãƒ€ã‚¯ãƒˆã«çµ„ã¿è¾¼ã¾ã‚Œã¦ã„ã¾ã™ã€‚ç§ãŸã¡ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‹ã‚‰æ˜Žç¤ºçš„ã«ãƒ¢ãƒ‡ãƒ«ã®ç¨®é¡žãŒé¸æŠžã§ãã‚‹ãƒ—ãƒãƒ€ã‚¯ãƒˆã‚‚ã‚ã‚Œã°ã€Google ãŒæœ€é©ãªãƒ¢ãƒ‡ãƒ«ã‚’é¸æŠžã—ã¦çµ„ã¿è¾¼ã¿æ¸ˆã¿ã®ã“ã¨ã‚‚ã‚ã‚Šã¾ã™ã€‚

Gemini ãƒ¢ãƒ‡ãƒ«ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³

ä¸Šè¨˜ã®ãƒ¢ãƒ‡ãƒ«ã«åŠ ãˆã¦ã€Gemini ã«ã¯ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¨ã„ã†æ¦‚å¿µãŒã‚ã‚Šã¾ã™ã€‚ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¯ã€ãƒ¢ãƒ‡ãƒ«ã®æ”¹å–„ã‚„æ©Ÿèƒ½è¿½åŠ ãŒè¡Œã‚ã‚Œã‚‹ãŸã³ã«æ›´æ–°ã•ã‚Œã¦ã„ãã¾ã™ã€‚

ä¾‹ãˆã°2024å¹´12æœˆç¾åœ¨ã€Gemini Pro ã®ä¸€èˆ¬åˆ©ç”¨å¯èƒ½ãªãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¯ Gemini 1.0 Pro ã¨ Gemini 1.5 Pro ã®2ã¤ã§ã™ã€‚

1.0 ã‹ã‚‰ 1.5 ã¸ã®ã‚¢ãƒƒãƒ—ãƒ‡ãƒ¼ãƒˆã«ã‚ˆã‚Šã€ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¦ã‚£ãƒ³ãƒ‰ã‚¦ï¼ˆä¸€åº¦ã«å‡¦ç†ã§ãã‚‹æƒ…å ±é‡ã€å˜ä½ã¯ãƒˆãƒ¼ã‚¯ãƒ³ï¼‰ãŒã‚ˆã‚Šå¤§ãããªã£ãŸã‚Šã€æŽ¨è«–èƒ½åŠ›ã€ã‚³ãƒ¼ãƒ‰ç”Ÿæˆèƒ½åŠ›ãŒå‘ä¸Šã—ã¾ã—ãŸã€‚

2024å¹´12æœˆã«ã¯ã€Gemini 2.0 ãŒç™ºè¡¨ã•ã‚Œã¾ã—ãŸã€‚2024å¹´12æœˆç¾åœ¨ã€Google Cloudï¼ˆVertex AIï¼‰ç‰ã§ Gemini 2.0 Flash ã®è©¦é¨“é‹ç”¨ç‰ˆãŒåˆ©ç”¨å¯èƒ½ã§ã‚ã‚‹ã»ã‹ã€Gemini ã‚¢ãƒ—ãƒªã§ã‚‚ 2.0 ã®è©¦é¨“é‹ç”¨ç‰ˆãŒæ—¢ã«åˆ©ç”¨å¯èƒ½ã«ãªã£ã¦ã„ã¾ã™ã€‚

å‚è€ƒ : Gemini 2.0: ã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆæ™‚ä»£ã«å‘ã‘ãŸæ–°ã—ã„ AI ãƒ¢ãƒ‡ãƒ«
å‚è€ƒ : The next chapter of the Gemini era for developers

Gemini ãƒ—ãƒãƒ€ã‚¯ãƒˆ

Gemini ã‚¢ãƒ—ãƒª

Gemini ã‚¢ãƒ—ãƒªã¯ãƒãƒ£ãƒƒãƒˆãƒ„ãƒ¼ãƒ«

Gemini ã‚¢ãƒ—ãƒªã¨ã¯

Gemini ã‚¢ãƒ—ãƒªï¼ˆGemini appï¼‰ã¨ã¯ã€ä»¥ä¸‹ã®2ã¤ã®ãƒãƒ£ãƒƒãƒˆãƒ—ãƒãƒ€ã‚¯ãƒˆã®ç·ç§°ã§ã™ã€‚

Gemini ã‚¦ã‚§ãƒ–ã‚¢ãƒ—ãƒªï¼ˆgemini.google.com ã®ã“ã¨ã€‚ã‹ã¤ã¦ Bard ã¨å‘¼ã°ã‚Œã¦ã„ãŸ Web ãƒ–ãƒ©ã‚¦ã‚¶å‘ã‘ç”Ÿæˆ AI ãƒãƒ£ãƒƒãƒˆï¼‰
ã‚¹ãƒžãƒ¼ãƒˆãƒ•ã‚©ãƒ³å‘ã‘ç”Ÿæˆ AI ãƒãƒ£ãƒƒãƒˆã‚¢ãƒ—ãƒªï¼ˆAndroid ãŠã‚ˆã³ iOS å‘ã‘ï¼‰

ã„ãšã‚Œã‚‚ã€Google ã®ç”Ÿæˆ AI åŸºç›¤ãƒ¢ãƒ‡ãƒ«ã§ã‚ã‚‹ Gemini ã‚’åŸºç›¤ã¨ã—ãŸãƒãƒ£ãƒƒãƒˆã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã§ã€Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã•ãˆã‚ã‚Œã°ç„¡æ–™ã§åˆ©ç”¨ã§ãã¾ã™ã€‚

å‚è€ƒ : gemini.google.com
å‚è€ƒ : Gemini ã‚¢ãƒ—ãƒª ãƒ˜ãƒ«ãƒ—

ãƒ‡ãƒ¼ã‚¿ä¿è·

Gemini ã‚¢ãƒ—ãƒªã¯ã€Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆãŒã‚ã‚Œã°èª°ã§ã‚‚ç„¡æ–™ã§åˆ©ç”¨ã§ãã¾ã™ã€‚ãŸã ã—ã€ç„¡å„Ÿã® Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã§ Gemini ã‚¢ãƒ—ãƒªã‚’ä½¿ã†å ´åˆã€å…¥åŠ›ã—ãŸãƒ‡ãƒ¼ã‚¿ã¯ Google ã«ã‚ˆã£ã¦ã‚µãƒ¼ãƒ“ã‚¹æ”¹å–„ã®ãŸã‚ã«åˆ©ç”¨ã•ã‚Œã‚‹å ´åˆãŒã‚ã‚Šã¾ã™ã€‚

ä¸€æ–¹ã§ä»¥ä¸‹ã®ã‚¨ãƒ‡ã‚£ã‚·ãƒ§ãƒ³ã® Google Workspace ã§ç®¡ç†ã•ã‚ŒãŸã‚¢ã‚«ã‚¦ãƒ³ãƒˆã§ã‚ã‚Œã°ã€Œã‚¨ãƒ³ã‚¿ãƒ¼ãƒ—ãƒ©ã‚¤ã‚ºã‚°ãƒ¬ãƒ¼ãƒ‰ã®ãƒ‡ãƒ¼ã‚¿ä¿è·ã€ãŒé©ç”¨ã•ã‚Œã¾ã™ã€‚ã“ã®å ´åˆã€ãƒ‡ãƒ¼ã‚¿ã¯ Google ã«ã‚ˆã£ã¦ã‚µãƒ¼ãƒ“ã‚¹æ”¹å–„ã®ãŸã‚ã«åˆ©ç”¨ã•ã‚Œã‚‹ã“ã¨ã¯ãªãã€äººé–“ã®ãƒ¬ãƒ“ãƒ¥ãƒ¯ãƒ¼ã«ã‚ˆã£ã¦è¦‹ã‚‰ã‚Œã‚‹ã“ã¨ã‚‚ã‚ã‚Šã¾ã›ã‚“ã€‚

Business Starter / Business Standard / Business Plus
Enterprise Starter / Enterprise Standard / Enterprise Plus
Essentials
Enterprise Essentials / Enterprise Essentials Plus
Frontline Starter / Frontline Standard
Nonprofits

ã•ã‚‰ã« Google Workspace ã§ã¯ã€Gemini ã‚¢ãƒ—ãƒªã‚’åˆ©ç”¨ã§ãã‚‹ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚’é™å®šã—ãŸã‚Šã€é€†ã«çµ„ç¹”å…¨ä½“ã§åˆ©ç”¨å¯èƒ½ã«ã™ã‚‹ãªã©ã€åˆ©ç”¨å¯å¦ã®ã‚³ãƒ³ãƒˆãƒãƒ¼ãƒ«ã‚‚å¯èƒ½ã§ã™ã€‚

Gemini Advanced

Gemini Advanced ã¯ã€æ§˜ã€…ãªè¿½åŠ æ©Ÿèƒ½ã‚’å«ã‚€ã€Gemini ã®æœ‰å„Ÿç‰ˆã§ã™ã€‚Gemini Advanced ã§ã¯ã€Gemini ã‚¢ãƒ—ãƒªã§æœ€æ–°ç‰ˆã® Gemini ãƒ¢ãƒ‡ãƒ«ã‚’é¸æŠžã§ãã‚‹ã‚ˆã†ã«ãªã£ãŸã‚Šã€æƒ…å ±ãƒ¬ãƒãƒ¼ãƒˆã‚’ç°¡å˜ã«ä½œæˆã§ãã‚‹ Deep Researchã€é•·æ–‡ãƒ†ã‚ã‚¹ãƒˆã‚„ãƒ•ã‚¡ã‚¤ãƒ«ã®åˆ†æžã€Gmail ã‚„ Google ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã¨ã®ã‚·ãƒ¼ãƒ ãƒ¬ã‚¹ãªé€£æºãªã©ãŒåˆ©ç”¨å¯èƒ½ã§ã™ã€‚

å€‹äººã®å ´åˆã€å€‹äººå‘ã‘ã®æœ‰å„Ÿ Google ã‚µãƒ¼ãƒ“ã‚¹ã§ã‚ã‚‹ Google One AI ãƒ—ãƒ¬ãƒŸã‚¢ãƒ ãƒ—ãƒ©ãƒ³ã«åŠ å…¥ã™ã‚‹ã“ã¨ã§åˆ©ç”¨å¯èƒ½ã«ãªã‚Šã¾ã™ã€‚Google Workspace ã®å ´åˆã€Gemini for Google Workspace ã‚¢ãƒ‰ã‚ªãƒ³ã‚’è³¼å…¥ã™ã‚‹ã¨åˆ©ç”¨å¯èƒ½ã«ãªã‚Šã¾ã™ã€‚

å‚è€ƒ : Gemini Advanced
å‚è€ƒ : Gemini Advanced ã«ã‚¢ãƒƒãƒ—ã‚°ãƒ¬ãƒ¼ãƒ‰ã™ã‚‹

Gems

Gemini ã‚¦ã‚§ãƒ–ã‚¢ãƒ—ãƒªã®æ‹¡å¼µæ©Ÿèƒ½ã¨ã—ã¦ã€Gems ãŒã‚ã‚Šã¾ã™ã€‚Gems ã¯ Gemini ã‚¦ã‚§ãƒ–ã‚¢ãƒ—ãƒªã‚’ã‚«ã‚¹ã‚¿ãƒžã‚¤ã‚ºã™ã‚‹ãŸã‚ã®æ©Ÿèƒ½ã§ã™ã€‚2024å¹´8æœˆ28æ—¥ã«ã€Gemini Advanced ãƒ¦ãƒ¼ã‚¶ãƒ¼å‘ã‘ã«å…¬é–‹ã•ã‚Œã¾ã—ãŸã€‚

ä¾‹ãˆã°ã€YouTube å‹•ç”»ã®è¦ç´„ã‚’è¡¨ç¤ºã™ã‚‹ã®ã«ç‰¹åŒ–ã—ãŸ Gems ã‚„ã€ç”»åƒã‹ã‚‰ãƒ†ã‚ã‚¹ãƒˆã‚’æŠ½å‡ºã™ã‚‹ã“ã¨ã«ç‰¹åŒ–ã—ãŸ Gems ãªã©ã‚’ä½œæˆã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

è©³ç´°ã¯ä»¥ä¸‹ã®è¨˜äº‹ã‚’å‚è€ƒã«ã—ã¦ãã ã•ã„ã€‚

blog.g-gen.co.jp

Gemini for Google Workspace

Gemini for Google Workspace ã¯æ¥å‹™è£œåŠ©ãƒ„ãƒ¼ãƒ«

Gemini for Google Workspace ã¨ã¯

Gemini for Google Workspace ã¨ã¯ã€Google Workspace ã«ã‚¢ãƒ‰ã‚ªãƒ³ã—ã¦åˆ©ç”¨ã™ã‚‹ AI ã‚¢ã‚·ã‚¹ã‚¿ãƒ³ãƒˆæ©Ÿèƒ½ã§ã™ã€‚åˆ©ç”¨ã«ã¯ã€Gemini for Google Workspace ã‚¢ãƒ‰ã‚ªãƒ³ã®è¿½åŠ è³¼å…¥ãŒå¿…è¦ã§ã™ã€‚

Gemini ã®å¼·åŠ›ãª AI æŠ€è¡“ãŒ Gmailã€Google ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã€Google ã‚¹ãƒ©ã‚¤ãƒ‰ã€Google ã‚¹ãƒ—ãƒ¬ãƒƒãƒ‰ã‚·ãƒ¼ãƒˆãªã©ã€æ™®æ®µä½¿ã„æ…£ã‚ŒãŸ Google Workspace ã‚¢ãƒ—ãƒªã«çµ±åˆã•ã‚Œã‚‹ã“ã¨ã§ã€æ¥å‹™ãŒåŠ¹çŽ‡åŒ–ã•ã‚Œã¾ã™ã€‚

ã¾ãŸ Gemini for Google Workspace ã§ã¯ã‚¨ãƒ³ã‚¿ãƒ¼ãƒ—ãƒ©ã‚¤ã‚ºã‚°ãƒ¬ãƒ¼ãƒ‰ã®ãƒ‡ãƒ¼ã‚¿ä¿è·ãŒé©ç”¨ã•ã‚Œã¦ãŠã‚Šã€ãƒ‡ãƒ¼ã‚¿ã¯ Google ã«ã‚ˆã£ã¦ã‚µãƒ¼ãƒ“ã‚¹æ”¹å–„ã®ãŸã‚ã«åˆ©ç”¨ã•ã‚Œã‚‹ã“ã¨ã¯ãªãã€äººé–“ã®ãƒ¬ãƒ“ãƒ¥ãƒ¯ãƒ¼ã«ã‚ˆã£ã¦è¦‹ã‚‰ã‚Œã‚‹ã“ã¨ã‚‚ãªã„ãŸã‚ã€å®‰å¿ƒã—ã¦æ¥å‹™ã«åˆ©ç”¨ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

å‚è€ƒ : Gemini for Google Workspace
å‚è€ƒ : Gemini for Google Workspace ã«é–¢ã™ã‚‹ã‚ˆãã‚ã‚‹è³ªå•

ã‚µã‚¤ãƒ‰ãƒ‘ãƒãƒ«

Gemini for Google Workspace ã§ã¯ã€ã‚µã‚¤ãƒ‰ãƒ‘ãƒãƒ«ã‚’é€šã—ã¦ Gemini ãŒåˆ©ç”¨ã§ãã¾ã™ã€‚

Gemini ãŒçµ±åˆã•ã‚Œã¦ã„ã‚‹ Google Workspace ã‚¢ãƒ—ãƒªï¼ˆGoogle ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã€Google ã‚¹ãƒ—ãƒ¬ãƒƒãƒ‰ã‚·ãƒ¼ãƒˆãªã©ï¼‰ã§ã¯ã€Gemini ã‚¢ã‚¤ã‚³ãƒ³ãŒè¡¨ç¤ºã•ã‚Œã¾ã™ã€‚ä¾‹ãˆã° Google ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã®å ´åˆã€ç”»é¢å³ä¸Šã« Gemini ã‚¢ã‚¤ã‚³ãƒ³ãŒã‚ã‚Šã¾ã™ã€‚ã“ã®ã‚¢ã‚¤ã‚³ãƒ³ã‚’ã‚¯ãƒªãƒƒã‚¯ã™ã‚‹ã¨ã€ã‚µã‚¤ãƒ‰ãƒ‘ãƒãƒ«ã«ãƒ—ãƒãƒ³ãƒ—ãƒˆå…¥åŠ›ç”»é¢ãŒè¡¨ç¤ºã•ã‚Œã€Gemini ã«æŒ‡ç¤ºã‚’å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚Gemini ã¯æŒ‡ç¤ºã‚’å—ã‘å–ã‚‹ã¨ã€æ•°ç§’ã§ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã‚’ç”Ÿæˆã—ã¦ãã‚Œã¾ã™ã€‚

Google ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆä¸Šã® Gemini ã‚µã‚¤ãƒ‰ãƒ‘ãƒãƒ«

Gemini for Google Workspace ã‚¢ãƒ‰ã‚ªãƒ³

Gemini for Google Workspace ã®åˆ©ç”¨ã«ã¯ã€Gemini for Google Workspace ã‚¢ãƒ‰ã‚ªãƒ³ã®è¿½åŠ è³¼å…¥ãŒå¿…è¦ã§ã™ã€‚Gemini for Google Workspace ã‚¢ãƒ‰ã‚ªãƒ³ã¯ Gemini ã‚¢ãƒ‰ã‚ªãƒ³ã¨ã‚‚å‘¼ã°ã‚Œã€ä»¥ä¸‹ã®ç¨®é¡žãŒã‚ã‚Šã¾ã™ï¼ˆä¾¡æ ¼ã¯2024å¹´12æœˆç¾åœ¨ï¼‰ã€‚

Gemini for GWS ã‚¨ãƒ‡ã‚£ã‚·ãƒ§ãƒ³	æ–™é‡‘ï¼ˆãƒ¦ãƒ¼ã‚¶ãƒ¼/æœˆï¼‰	ä¸»ãªæ©Ÿèƒ½	ãƒ¦ãƒ¼ã‚¹ã‚±ãƒ¼ã‚¹
Gemini Business	å¹´é–“å¥‘ç´„ : 2,260å†† ãƒ•ãƒ¬ã‚ã‚·ãƒ–ãƒ« : 2,712å††	- Gmailã€ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã€ã‚¹ãƒ—ãƒ¬ãƒƒãƒ‰ã‚·ãƒ¼ãƒˆã€ã‚¹ãƒ©ã‚¤ãƒ‰ã§ã®AIæ”¯æ´ - ä¼æ¥å‘ã‘ Gemini ã‚¢ãƒ—ãƒªã®åˆ©ç”¨	- æƒ…å ±åŽé›†ã€ãƒ–ãƒ¬ã‚¹ãƒˆã€ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ä½œæˆã€ãƒ‡ã‚¶ã‚¤ãƒ³ä½œæˆãªã©æ—¥å¸¸çš„ãªæ¥å‹™åŠ¹çŽ‡åŒ– - ç°¡å˜ãªãƒ‡ãƒ¼ã‚¿åˆ†æž
Gemini Enterprise	å¹´é–“å¥‘ç´„ : 3,400å†† ãƒ•ãƒ¬ã‚ã‚·ãƒ–ãƒ« : 4,080å††	- Gemini Business ã®å…¨æ©Ÿèƒ½ã«åŠ ãˆã€é«˜åº¦ãªæ©Ÿèƒ½ - Meet ã®è°äº‹éŒ²ä½œæˆã€ãƒªã‚¢ãƒ«ã‚¿ã‚¤ãƒ ç¿»è¨³ - Chat ã®ä¼šè©±è¦ç´„	- é«˜åº¦ãªæ¥å‹™åŠ¹çŽ‡åŒ– - å¤§è¦æ¨¡ãªãƒ‡ãƒ¼ã‚¿åˆ†æžã¨å¯è¦–åŒ– - å°‚é–€çš„ãªãƒ¬ãƒãƒ¼ãƒˆä½œæˆ - è¤‡é›‘ãªã‚¿ã‚¹ã‚¯ã®è‡ªå‹•åŒ– - çµ„ç¹”å…¨ä½“ã®ç”Ÿç”£æ€§å‘ä¸Š
AI Security	å¹´é–“å¥‘ç´„ : 1,356å†† ãƒ•ãƒ¬ã‚ã‚·ãƒ–ãƒ« : 1,130å††	- AI ã‚’æ´»ç”¨ã—ãŸã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£å¼·åŒ–ï¼ˆæ©Ÿå¯†ä¿æŒã®ãŸã‚ã®è‡ªå‹•ãƒ©ãƒ™ãƒ«ä»˜ã‘ï¼‰ã«é™å®š	- ã‚µã‚¤ãƒãƒ¼ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£è„…å¨ã®æ¤œçŸ¥ã¨é˜²å¾¡ - ãƒ•ã‚£ãƒƒã‚·ãƒ³ã‚°ãƒ¡ãƒ¼ãƒ«ã®æ¤œå‡º - ãƒžãƒ«ã‚¦ã‚§ã‚¢ã®æ¤œçŸ¥ - ä¸æ£ã‚¢ã‚¯ã‚»ã‚¹ã®é˜²æ¢ - ãƒ‡ãƒ¼ã‚¿æ¼æ´©ã®é˜²æ¢
AI Meetings and Messaging	å¹´é–“å¥‘ç´„ : 1,356å†† ãƒ•ãƒ¬ã‚ã‚·ãƒ–ãƒ« : 1,130å††	- AI ã‚’æ´»ç”¨ã—ãŸä¼šè°ã¨ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ³ã‚°ã®åŠ¹çŽ‡åŒ–ã«é™å®š	- ä¼šè°ã®è‡ªå‹•è¦ç´„ - ä¼šè°ä¸ã®ãƒªã‚¢ãƒ«ã‚¿ã‚¤ãƒ ç¿»è¨³ - ä¼šè°å¾Œã®ã‚¢ã‚¯ã‚·ãƒ§ãƒ³ã‚¢ã‚¤ãƒ†ãƒ ã®è‡ªå‹•ç”Ÿæˆ - ãƒãƒ£ãƒƒãƒˆã®è¦ç´„ãƒ»è‡ªå‹•è¦ç´„

ã‚¢ãƒ‰ã‚ªãƒ³ã®é•ã„ã‚„è©³ç´°ã«ã¤ã„ã¦ã¯ã€ä»¥ä¸‹ã‚’å‚è€ƒã«ã—ã¦ãã ã•ã„ã€‚

å‚è€ƒ : Gemini for Google Workspace ã‚¢ãƒ‰ã‚ªãƒ³ã®æ¯”è¼ƒ

Gemini for Google Cloud

Gemini for Google Cloud ã¯é–‹ç™ºè£œåŠ©ãƒ„ãƒ¼ãƒ«

Gemini for Google Cloud ã¨ã¯

Gemini for Google Cloud ã¯ã€Google Cloud ä¸Šã§ã®é–‹ç™ºã«å½¹ã«ç«‹ã¤ã€é–‹ç™ºè€…å‘ã‘ã® AI ã‚¢ã‚·ã‚¹ã‚¿ãƒ³ãƒˆæ©Ÿèƒ½ã§ã™ã€‚ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰ã®è‡ªå‹•ç”Ÿæˆã€ãƒ‡ãƒ¼ã‚¿åˆ†æžã®åŠ¹çŽ‡åŒ–ã€ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã®å¼·åŒ–ãªã©ãŒå¯èƒ½ã§ã™ã€‚

ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³é–‹ç™ºè€…ã¯ã‚‚ã¡ã‚ã‚“ã€ãƒ‡ãƒ¼ã‚¿ã‚µã‚¤ã‚¨ãƒ³ãƒ†ã‚£ã‚¹ãƒˆã‚„ãƒ“ã‚¸ãƒã‚¹ã‚¢ãƒŠãƒªã‚¹ãƒˆã€ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£æ‹…å½“è€…ãªã©ã€æ§˜ã€…ãª Google Cloud ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ã‚ªãƒšãƒ¬ãƒ¼ã‚·ãƒ§ãƒ³ãƒ»é–‹ç™ºã‚’æ”¯æ´ã—ã¾ã™ã€‚

å‚è€ƒ : Gemini for Google Cloud ã®æ¦‚è¦

æ©Ÿèƒ½ä¸€è¦§

Gemini for Google Cloud ã«ã¯ä»¥ä¸‹ã®æ©Ÿèƒ½ãŒå«ã¾ã‚Œã¦ã„ã¾ã™ã€‚

æ©Ÿèƒ½å	æ¦‚è¦
Gemini in BigQuery	ãƒ‡ãƒ¼ã‚¿åˆ†æžã€å¯è¦–åŒ–ã€SQL ã‚„ Python ã®ã‚³ãƒ¼ãƒ‰ç”Ÿæˆãªã©ã‚’æ”¯æ´
Gemini Code Assist	IDE ã¨é€£æºã—ã¦åˆ©ç”¨ã€‚ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰é–‹ç™ºã€ãƒ‡ãƒ—ãƒã‚¤ã€ãƒˆãƒ©ãƒ–ãƒ«ã‚·ãƒ¥ãƒ¼ãƒ†ã‚£ãƒ³ã‚°ã‚’æ”¯æ´
Gemini in Colab Enterprise	Colab EnterpriseãƒŽãƒ¼ãƒˆãƒ–ãƒƒã‚¯ã§ã®Pythonã‚³ãƒ¼ãƒ‰ç”Ÿæˆã‚’æ”¯æ´
Gemini in Databases	ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ç®¡ç†ã€ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£å‘ä¸Šãªã©ã‚’æ”¯æ´
Gemini in Looker	Lookerï¼ˆGoogle Cloud ã‚³ã‚¢ï¼‰ã‚„ Looker Studio Pro ã§ãƒ‡ãƒ¼ã‚¿å¯è¦–åŒ–ã‚„è§£é‡ˆã‚’æ”¯æ´
Gemini in Security Command Center	ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã«é–¢ã™ã‚‹æ¤œç´¢ã‚¯ã‚¨ãƒªç”Ÿæˆã€ã‚±ãƒ¼ã‚¹è§£é‡ˆã€æ”»æ’ƒãƒ‘ã‚¹æŠŠæ¡ã‚’æ”¯æ´

ä»¥ä¸‹ã®å½“ç¤¾è¨˜äº‹ã‚‚å‚è€ƒã«ã—ã¦ãã ã•ã„ã€‚

blog.g-gen.co.jp

æ–™é‡‘

Gemini for Google Cloud ã‚’åˆ©ç”¨ã™ã‚‹ã«ã¯ã€Gemini Code Assist ã‚µãƒ–ã‚¹ã‚¯ãƒªãƒ—ã‚·ãƒ§ãƒ³ã‚’è³¼å…¥ã—ã¦ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã«å‰²ã‚Šå½“ã¦ã¾ã™ã€‚ãƒ©ã‚¤ã‚»ãƒ³ã‚¹ã‚’å‰²ã‚Šå½“ã¦ã‚‰ã‚ŒãŸãƒ¦ãƒ¼ã‚¶ãƒ¼ã¯ã€Gemini in BigQueryã€Gemini in Databasesã€Gemini in Colab Enterprise ãªã©ã®æ©Ÿèƒ½ãŒåˆ©ç”¨å¯èƒ½ã«ãªã‚Šã¾ã™ã€‚

å‚è€ƒ : Gemini Code Assist ã‚’è¨å®šã™ã‚‹

Gemini Code Assist ã‚µãƒ–ã‚¹ã‚¯ãƒªãƒ—ã‚·ãƒ§ãƒ³ã«ã¯ Standard ã¨ Enterprise ã®2ã‚¨ãƒ‡ã‚£ã‚·ãƒ§ãƒ³ãŒã‚ã‚Šã€ã©ã¡ã‚‰ã‚’é¸ã¶ã‹ã«ã‚ˆã£ã¦ä»˜éšã™ã‚‹æ©Ÿèƒ½ãŒç•°ãªã‚Šã¾ã™ã€‚ä»¥ä¸‹ã¯ã€2024å¹´12æœˆç¾åœ¨ã®ä¾¡æ ¼ã§ã™ã€‚æœ€æ–°ã®ä¾¡æ ¼ã¯ã€å¿…ãšå…¬å¼ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚

ã‚¨ãƒ‡ã‚£ã‚·ãƒ§ãƒ³	æ–™é‡‘ï¼ˆæœˆé¡ï¼‰	æ–™é‡‘ï¼ˆ12ãƒ¶æœˆã‚³ãƒŸãƒƒãƒˆï¼‰
Standard	$22.80 / æœˆ / äºº	$19.0 / æœˆ / äºº
Enterprise	$54.0 / æœˆ / äºº	$45.0 / æœˆ / äºº

å‚è€ƒï¼šGemini for Google Cloud ã®æ–™é‡‘

ã¾ãŸã€Gemini in BigQuery ã®ã¿åˆ©ç”¨ã—ãŸã„å ´åˆã€BigQuery Editions ã® Enterprise Plus ã‚¨ãƒ‡ã‚£ã‚·ãƒ§ãƒ³ã‚’æœ‰åŠ¹åŒ–ã™ã‚‹ã“ã¨ã§åˆ©ç”¨å¯èƒ½ã«ãªã‚Šã¾ã™ã€‚

ã“ã¡ã‚‰ã®å ´åˆã€Gemini Code Assist ã‚’ã‚µãƒ–ã‚¹ã‚¯ãƒ©ã‚¤ãƒ–ã™ã‚‹å¿…è¦ã¯ã‚ã‚Šã¾ã›ã‚“ã€‚ã¾ãŸã“ã¡ã‚‰ã®åˆ©ç”¨æ–¹æ³•ã®å ´åˆã€SQL ã‚„ Python ã®ã‚³ãƒ¼ãƒ‰ç”Ÿæˆã€å¯è¦–åŒ–è£œåŠ©ãªã© Gemini Code Assist ã«å«ã¾ã‚Œã‚‹ Gemini in BigQuery ã®ã™ã¹ã¦ã®æ©Ÿèƒ½ã«åŠ ãˆã¦ã€ãƒ‘ãƒ¼ãƒ†ã‚£ã‚·ãƒ§ãƒ‹ãƒ³ã‚°ã¨ã‚¯ãƒ©ã‚¹ã‚¿ãƒªãƒ³ã‚°ã®ãƒ¬ã‚³ãƒ¡ãƒ³ãƒ‡ãƒ¼ã‚·ãƒ§ãƒ³ã‚„ãƒžãƒ†ãƒªã‚¢ãƒ©ã‚¤ã‚ºãƒ‰ãƒ»ãƒ“ãƒ¥ãƒ¼ã®ãƒ¬ã‚³ãƒ¡ãƒ³ãƒ‡ãƒ¼ã‚·ãƒ§ãƒ³ãªã©ã€è¿½åŠ ã®ç”Ÿæˆ AI æ©Ÿèƒ½ã‚‚åˆ©ç”¨å¯èƒ½ã«ãªã‚Šã¾ã™ã€‚

Generative AI on Vertex AI

Generative AI on Vertex AI ã§ã¯ Google Cloud çµŒç”±ã§ Gemini ã‚’åˆ©ç”¨

Generative AI on Vertex AI ã¨ã¯

Generative AI on Vertex AI ã¨ã¯ã€Google Cloud ã® AI/ML ãƒ—ãƒ©ãƒƒãƒˆãƒ•ã‚©ãƒ¼ãƒ ãƒ—ãƒãƒ€ã‚¯ãƒˆã§ã‚ã‚‹ Vertex AI ã® REST API ã‚’é€šã—ã¦ã€Gemini ãªã©ã®ç”Ÿæˆ AI ãƒ¢ãƒ‡ãƒ«ã‚’åˆ©ç”¨ã™ã‚‹æ‰‹æ³•ã®ã“ã¨ã§ã™ã€‚ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³é–‹ç™ºè€…ã¯ Vertex AI API ã‚’é€šã—ã¦ Gemini ãƒ¢ãƒ‡ãƒ«ã«ãƒ—ãƒãƒ³ãƒ—ãƒˆã‚’å…¥åŠ›ã—ã€ãƒ¬ã‚¹ãƒãƒ³ã‚¹ã‚’å¾—ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

ã“ã‚Œã«ã‚ˆã‚Šã€Gemini ã‚’è‡ªç¤¾é–‹ç™ºã®ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã«çµ„ã¿è¾¼ã‚€ã“ã¨ãŒã§ãã¾ã™ã€‚

å‚è€ƒ : Generative AI on Vertex AI

Vertex AI API ã¯ã€HTTPS ã§ã®å‘¼ã³å‡ºã—ã‚„ã€Python ã‚„ Java ãªã©ã®å„ãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°è¨€èªžç”¨ã®å…¬å¼ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãƒ©ã‚¤ãƒ–ãƒ©ãƒªã€ã¾ãŸ BigQuery ML ãªã©ã‹ã‚‰åˆ©ç”¨ã§ãã¾ã™ã€‚

Google Cloud ãƒ—ãƒãƒ€ã‚¯ãƒˆã§ã™ã®ã§ã€èªè¨¼ãƒ»èªå¯ã¯ IAM ã«ã‚ˆã£ã¦ç®¡ç†ã•ã‚Œã¦ãŠã‚Šã€ã¾ãŸèª²é‡‘ã‚‚ Google Cloud åˆ©ç”¨æ–™ã¨ã—ã¦è«‹æ±‚ã•ã‚Œã¾ã™ã€‚

ãƒ‡ãƒ¼ã‚¿ã®ä¿è·

Vertex AI API çµŒç”±ã§ Gemini ã«å…¥åŠ›ã•ã‚Œã‚‹ãƒ—ãƒãƒ³ãƒ—ãƒˆã‚„ãƒãƒ¥ãƒ¼ãƒ‹ãƒ³ã‚°ãƒ‡ãƒ¼ã‚¿ã¯ä¿è·ã•ã‚Œã¦ãŠã‚Šã€ãƒ‡ãƒ¼ã‚¿ãŒ Google ã«ã‚ˆã£ã¦ã‚µãƒ¼ãƒ“ã‚¹æ”¹å–„ã«åˆ©ç”¨ã•ã‚Œã‚‹ã“ã¨ã¯ã‚ã‚Šã¾ã›ã‚“ã€‚

å‚è€ƒ : ç”Ÿæˆ AI ã¨ãƒ‡ãƒ¼ã‚¿ ã‚¬ãƒãƒŠãƒ³ã‚¹
å‚è€ƒ : Gemini API ã«é–¢ã™ã‚‹ã‚ˆãã‚ã‚‹è³ªå•

ãƒ¦ãƒ¼ã‚¹ã‚±ãƒ¼ã‚¹

ä»¥ä¸‹ã®å½“ç¤¾è¨˜äº‹ã§ã¯ã€Vertex AI API çµŒç”±ã§ Gemini ã‚’å‘¼ã³å‡ºã™ã“ã¨ã§ç”Ÿæˆ AI ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã‚’é–‹ç™ºã—ãŸäº‹ä¾‹ã‚’ç´¹ä»‹ã—ã¦ã„ã¾ã™ã€‚

blog.g-gen.co.jp

ãã®ä»–ã®ãƒ—ãƒãƒ€ã‚¯ãƒˆ

Google Cloud ã«ã¯ Vertex AI API çµŒç”±ã§ã® Gemini å‘¼ã³å‡ºã—ã®ã»ã‹ã€Gemini ã‚’åˆ©ç”¨ã—ãŸå„ç¨®ãƒ—ãƒãƒ€ã‚¯ãƒˆãŒã‚ã‚Šã¾ã™ã€‚

Vertex AI Agent Builder ã¯ Vertex AI ã®æ´¾ç”Ÿãƒ—ãƒãƒ€ã‚¯ãƒˆã®1ã¤ã§ã™ã€‚ã“ã®ãƒ—ãƒãƒ€ã‚¯ãƒˆã® Vertex AI Search æ©Ÿèƒ½ã«ã‚ˆã‚Šã€RAG æ§‹æˆï¼ˆç”Ÿæˆ AI ã«ã‚ˆã‚Šç”Ÿæˆã•ã‚ŒãŸã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã‚’ãƒ‡ãƒ¼ã‚¿ã«ã‚ˆã‚Šæ ¹æ‹ ã¥ã‘ã™ã‚‹ã‚¢ãƒ¼ã‚ãƒ†ã‚¯ãƒãƒ£ï¼‰ã‚’ç°¡å˜ã«æ§‹æˆã—ãŸã‚Šã€Google ã‚¯ã‚ªãƒªãƒ†ã‚£ã®ä¼æ¥ãƒ‡ãƒ¼ã‚¿æ¤œç´¢ï¼ˆã‚¨ãƒ³ã‚¿ãƒ¼ãƒ—ãƒ©ã‚¤ã‚ºã‚µãƒ¼ãƒï¼‰ã‚’å®¹æ˜“ã«æ§‹ç¯‰ã§ãã¾ã™ã€‚

ä»¥ä¸‹ã®è¨˜äº‹ã‚‚å‚ç…§ã—ã¦ãã ã•ã„ã€‚

blog.g-gen.co.jp

æ–™é‡‘

Generative AI on Vertex AI ã§ã® Gemini åˆ©ç”¨ã®æ–™é‡‘ã¯ã€å…¥åŠ›ã—ãŸãƒ‡ãƒ¼ã‚¿ã¨å‡ºåŠ›ã—ãŸãƒ‡ãƒ¼ã‚¿ã®ãƒœãƒªãƒ¥ãƒ¼ãƒ ã«å¿œã˜ãŸå¾“é‡èª²é‡‘ã§ã™ã€‚å›ºå®šæ–™é‡‘ã¯ç™ºç”Ÿã—ã¾ã›ã‚“ã€‚

ä»¥ä¸‹ã¯ã€æ–™é‡‘å˜ä¾¡ã®ä¸€éƒ¨æŠœç²‹ã§ã™ã€‚æƒ…å ±ã¯2024å¹´12æœˆç¾åœ¨ã®ã‚‚ã®ã§ã™ã®ã§ã€å¿…ãšæœ€æ–°ã®å…¬å¼ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’ã”å‚ç…§ãã ã•ã„ã€‚

ãƒ¢ãƒ‡ãƒ«	ã‚¿ã‚¤ãƒ—	å˜ä¾¡ï¼ˆå…¥åŠ›ãƒˆãƒ¼ã‚¯ãƒ³ãŒ128Kä»¥ä¸‹ã®å ´åˆï¼‰
Gemini 1.5 Flash	ãƒ†ã‚ã‚¹ãƒˆå…¥åŠ›	$0.00001875 / 1,000 æ–‡å—
Gemini 1.5 Flash	ç”»åƒå…¥åŠ›	$0.00002 / ç”»åƒ
Gemini 1.5 Flash	ãƒ†ã‚ã‚¹ãƒˆå‡ºåŠ›	$0.000075 / 1,000 æ–‡å—

å‚è€ƒï¼šVertex AI ã®æ–™é‡‘

ãªãŠã€ä¸€èˆ¬çš„ãªç”Ÿæˆ AI åŸºç›¤ãƒ¢ãƒ‡ãƒ«ã‚µãƒ¼ãƒ“ã‚¹ã§ã¯å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã®é‡ã‚’ãƒˆãƒ¼ã‚¯ãƒ³ã¨ã„ã†å˜ä½ã§è¨ˆæ¸¬ã—ã€ãƒˆãƒ¼ã‚¯ãƒ³å˜ä½ã§ã®èª²é‡‘ã¨ãªã‚Šã¾ã™ã€‚ä¸€æ–¹ã® Gemini ã§ã¯ã€å…¥åŠ›æ–‡å—æ•°ã‚„ç”»åƒã®æžšæ•°ãªã©ã§è¨ˆæ¸¬ã™ã‚‹ãŸã‚è¦‹ç©ã‚‚ã‚ŠãŒå®¹æ˜“ãªã»ã‹ã€ç‰¹ã«æ—¥æœ¬èªžã«ãŠã„ã¦ã¯ãƒˆãƒ¼ã‚¯ãƒ³æ•°ã§ã®è¨ˆæ¸¬ã‚ˆã‚Šã‚‚å®‰ä¾¡ã«ãªã‚‹å‚¾å‘ã«ã‚ã‚Šã¾ã™ã€‚

Gemini API

Gemini API ã§ã¯ Google AI Studio çµŒç”±ã§ Gemini ã‚’åˆ©ç”¨

Gemini API ã¨ã¯

Gemini API ã¯ã€å€‹äººåˆ©ç”¨ã‚„å°è¦æ¨¡ãƒ‡ãƒ™ãƒãƒƒãƒ‘ãƒ¼å‘ã‘ã®ã€API çµŒç”±ã§ Gemini ãƒ¢ãƒ‡ãƒ«ã‚’å‘¼ã³å‡ºã—å¯èƒ½ãªãƒ—ãƒãƒ€ã‚¯ãƒˆã§ã™ã€‚Google Cloud ã¨ã¯ç‹¬ç«‹ã—ã¦ãŠã‚Šã€å˜ä¸€ã‚µãƒ¼ãƒ“ã‚¹ã¨ã—ã¦æä¾›ã•ã‚Œã¦ã„ã¾ã™ã€‚Gemini API ã¯åˆ©ç”¨è¦ç´„ã«å¾“ã„ã€å•†ç”¨åˆ©ç”¨ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

Gemini API ã¯ Google AI Studio ã¨ã„ã† AI é–‹ç™ºç”¨ãƒ—ãƒ©ãƒƒãƒˆãƒ•ã‚©ãƒ¼ãƒ çµŒç”±ã§æä¾›ã•ã‚Œã¦ãŠã‚Šã€Google Cloud ã® Generative AI on Vertex AI ã¨åŒã˜ã REST API ã‚„ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãƒ©ã‚¤ãƒ–ãƒ©ãƒªçµŒç”±ã§åˆ©ç”¨ã§ãã¾ã™ã€‚

Gemini API ã«ã¯ç„¡æ–™æž ãŒã‚ã‚Šã€ä¸€å®šã®ãƒ¬ãƒ¼ãƒˆåˆ¶é™ã®ã‚‚ã¨åˆ©ç”¨å¯èƒ½ã§ã™ã€‚æœ‰å„Ÿç‰ˆã¯ã€ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚„ç”Ÿæˆã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã®ãƒœãƒªãƒ¥ãƒ¼ãƒ ã«åŸºã¥ã„ãŸå¾“é‡èª²é‡‘ã§ã™ã€‚

Google Cloud ã¨ã¯ç‹¬ç«‹ã—ã¦ã„ã‚‹ãŸã‚ã€èªè¨¼ã¯ IAM ã§ã¯ãªãã€Google AI Studio ã‹ã‚‰ç™ºè¡Œã™ã‚‹ API ã‚ãƒ¼ã§è¡Œã‚ã‚Œã¾ã™ã€‚

å‚è€ƒ : Gemini API ã‚’ä½¿ã£ã¦ã¿ã‚‹
å‚è€ƒ : Google AI Studio

ãƒ‡ãƒ¼ã‚¿ã®ä¿è·

Gemini API ã‚’ç„¡æ–™æž ã§åˆ©ç”¨ã™ã‚‹å ´åˆã€å…¥åŠ›ã—ãŸãƒ‡ãƒ¼ã‚¿ã‚„ç”Ÿæˆã•ã‚ŒãŸã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã¯ã€Google ã®ã‚µãƒ¼ãƒ“ã‚¹æ”¹å–„ã«åˆ©ç”¨ã•ã‚ŒãŸã‚Šã€äººé–“ã®ãƒ¬ãƒ“ãƒ¥ãƒ¯ãƒ¼ã«è¦‹ã‚‰ã‚Œã‚‹å¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚Google ã¯ã“ã‚Œã‚’åˆ©ç”¨è¦ç´„ã«æ˜Žè¨˜ã—ã¦ãŠã‚Šã€æ©Ÿå¯†æƒ…å ±ã‚„å€‹äººæƒ…å ±ã‚’é€ä¿¡ã—ãªã„ã“ã¨ã‚’æ±‚ã‚ã¦ã„ã¾ã™ã€‚

Gemini API ã®æœ‰å„Ÿç‰ˆã‚’åˆ©ç”¨ã™ã‚‹å ´åˆã¯ãƒ‡ãƒ¼ã‚¿ãŒä¿è·ã•ã‚Œã€ã‚µãƒ¼ãƒ“ã‚¹æ”¹å–„ã«åˆ©ç”¨ã•ã‚ŒãŸã‚Šã€äººé–“ã®ãƒ¬ãƒ“ãƒ¥ãƒ¯ãƒ¼ã«è¦‹ã‚‰ã‚Œã‚‹ã“ã¨ã¯ã‚ã‚Šã¾ã›ã‚“ã€‚

å‚è€ƒ : Gemini API è¿½åŠ åˆ©ç”¨è¦ç´„

æ–™é‡‘

Google AI Studio çµŒç”±ã§ã® Gemini API ã¯ã€å…¥åŠ›ã—ãŸãƒ‡ãƒ¼ã‚¿ã¨å‡ºåŠ›ã—ãŸãƒ‡ãƒ¼ã‚¿ã®ãƒœãƒªãƒ¥ãƒ¼ãƒ ã«å¿œã˜ãŸå¾“é‡èª²é‡‘ã§ã™ã€‚ãŸã ã—ã€Google Cloud ã® Generative AI on Vertex AI ã§åˆ©ç”¨ã™ã‚‹å ´åˆã¨ã¯ç•°ãªã‚‹æ–™é‡‘è¨å®šãŒã•ã‚Œã¦ãŠã‚Šã€æ–‡å—æ•°ã‚„ç”»åƒã®æžšæ•°ã§ã¯ãªãã€ãƒˆãƒ¼ã‚¯ãƒ³é‡ã«å¿œã˜ãŸèª²é‡‘ã§ã™ã€‚

å‚è€ƒ : æ–™é‡‘ãƒ¢ãƒ‡ãƒ«

å°Žå…¥ã™ã¹ã Gemini ãƒ—ãƒãƒ€ã‚¯ãƒˆ

ç”Ÿæˆ AI ã§ç¤¾å†…æ¥å‹™ã‚’åŠ¹çŽ‡åŒ–ã—ãŸã„å ´åˆ

ç¤¾å†…æ¥å‹™ã‚’åŠ¹çŽ‡åŒ–ã—ãŸã„å ´åˆã¯ã€Gemini ã‚¢ãƒ—ãƒªã‚„ Gemini for Google Workspace ã®å°Žå…¥ã‚’æ¤œè¨Žã—ã¾ã™ã€‚

ã“ã‚Œã‚‰ã®ãƒ—ãƒãƒ€ã‚¯ãƒˆã«ã‚ˆã‚Šã€ä»¥ä¸‹ã®ã‚ˆã†ãªåŠ¹æžœãŒæœŸå¾…ã§ãã¾ã™ã€‚

å€‹äººã‚„ãƒãƒ¼ãƒ ã®ç”Ÿç”£æ€§å‘ä¸Š
ãƒ¡ãƒ¼ãƒ«ã€ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆä½œæˆã€ãƒ—ãƒ¬ã‚¼ãƒ³ãƒ†ãƒ¼ã‚·ãƒ§ãƒ³ä½œæˆã€æƒ…å ±åŽé›†ãªã©ã‚’åŠ¹çŽ‡åŒ–

ã»ã¨ã‚“ã©ã® Google Workspace ã®ã‚¨ãƒ‡ã‚£ã‚·ãƒ§ãƒ³ã§ã¯ Gemini ã‚¢ãƒ—ãƒªãŒãƒ‡ãƒ¼ã‚¿ä¿è·ä»˜ãã§åˆ©ç”¨å¯èƒ½ã«ãªã£ã¦ãŠã‚Šã€gemini.google.com ã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ã“ã¨ã§ã™ãã«æ¥å‹™åˆ©ç”¨ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

è‡ªç¤¾ãƒ‡ãƒ¼ã‚¿ã‚’åŠ¹çŽ‡çš„ã«æ¤œç´¢ã—ãŸã‚Šç”Ÿæˆ AI ã«è³ªå•ã«ç”ãˆã•ã›ãŸã„å ´åˆ

è‡ªç¤¾ã®å¤§é‡ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆé¡žã®ä¸ã‹ã‚‰å¿…è¦ãªãƒ‡ãƒ¼ã‚¿ã‚’åŠ¹çŽ‡çš„ã«æ¤œç´¢ã—ãŸã‚Šã€ç”Ÿæˆ AI ã«è¦ç´„ã•ã›ãŸã„å ´åˆã€Google Cloud ãƒ—ãƒãƒ€ã‚¯ãƒˆã®1ã¤ã§ã‚ã‚‹Vertex AI Agent Builderï¼ˆVertex AI Searchï¼‰ã‚’ä½¿ã„ã¾ã™ã€‚

è“„ç©ã•ã‚ŒãŸå¤§é‡ã®è‡ªç¤¾ãƒ‡ãƒ¼ã‚¿ã‚’ã‚‚ã¨ã«ç”Ÿæˆ AI ã«ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã‚’ç”Ÿæˆã•ã›ãŸã‚Šã€æ—¥æœ¬èªžã§ã®è³ªå•ã«ç”ãˆã•ã›ãŸã‚Šã™ã‚‹ã“ã¨ã‚‚ã§ãã¾ã™ã€‚

è‡ªç¤¾ã®æ–°ã‚µãƒ¼ãƒ“ã‚¹ã«ç”Ÿæˆ AI ã‚’çµ„ã¿è¾¼ã‚€å ´åˆ

è‡ªç¤¾ã®ã‚¢ãƒ—ãƒªã«ç”Ÿæˆ AI ã‚’çµ„ã¿è¾¼ã‚“ã ã‚Šã€é¡§å®¢ã¸æä¾›ã™ã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã«ç”Ÿæˆ AI ã‚’æ´»ç”¨ã—ãŸã„å ´åˆã€Generative AI on Vertex AI ã‚’ä½¿ã„ã¾ã™ã€‚

è‡ªç¤¾ã‚¢ãƒ—ãƒªã‹ã‚‰ Vertex AI çµŒç”±ã§ Gemini ã‚’å‘¼ã³å‡ºã—ã€ãƒ—ãƒãƒ³ãƒ—ãƒˆã‚’å…¥åŠ›ã—ã¦ã€ç”Ÿæˆçµæžœã‚’å¾—ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ã‚·ã‚¹ãƒ†ãƒ é–‹ç™ºã®çŸ¥è˜ã•ãˆã‚ã‚Œã°ã€æ©Ÿæ¢°å¦ç¿’ã®çŸ¥è˜ãŒãªãã¨ã‚‚ã€Vertex AI ã‚„ Vertex AI Agent Builderï¼ˆVertex AI Searchï¼‰ã® API å‘¼ã³å‡ºã—ã«ã‚ˆã‚Šé«˜å“è³ªãªæ¤œç´¢ã‚„ RAG ã‚’å®Ÿç¾ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

ã‚·ã‚¹ãƒ†ãƒ é–‹ç™ºã‚’åŠ¹çŽ‡åŒ–ã—ãŸã„å ´åˆ

ã‚·ã‚¹ãƒ†ãƒ é–‹ç™ºã‚’åŠ¹çŽ‡åŒ–ã—ãŸã„å ´åˆã€ã‚³ãƒ¼ãƒ‰ç”Ÿæˆè£œåŠ©æ©Ÿèƒ½ãªã©ã‚’å‚™ãˆãŸ Gemini for Google Cloud ã‚’ä½¿ã„ã¾ã™ã€‚

Gemini for Google Cloud ã®1æ©Ÿèƒ½ã§ã‚ã‚‹ Gemini Code Assist ã¯ã€æœˆé¡ã‚µãƒ–ã‚¹ã‚¯ãƒªãƒ—ã‚·ãƒ§ãƒ³åˆ¶ã§ã‚ã‚Šã€é«˜åº¦ãªé–‹ç™ºè£œåŠ©æ©Ÿèƒ½ã‚’å‚™ãˆã¦ã„ã¾ã™ã€‚

ãƒ“ã‚¸ãƒã‚¹å°Žå…¥ã«ãŠã‘ã‚‹æ³¨æ„ç‚¹

ç”Ÿæˆ AI ã®ãƒ“ã‚¸ãƒã‚¹é©ç”¨

OpenAI ç¤¾ãŒ2022å¹´11æœˆã«ç”Ÿæˆ AI ãƒãƒ£ãƒƒãƒˆãƒœãƒƒãƒˆ Chat GPT ã‚’å…¬é–‹ã—ã¦ã‹ã‚‰ã€çž¬ãé–“ã«ç”Ÿæˆ AI ãƒ–ãƒ¼ãƒ ãŒå·»ãèµ·ã“ã‚Šã¾ã—ãŸã€‚2023å¹´ã«ã¯å¤šãã®ä¼æ¥ãŒã€ç”Ÿæˆ AI ã®ãƒ“ã‚¸ãƒã‚¹åˆ©ç”¨ã‚’è©¦ã¿ã‚‹ PoCï¼ˆProof of Conceptï¼‰ã‚’è¡Œã„ã€2024å¹´ã«ã¯å®Ÿéš›ã«æ¥å‹™ã§åˆ©ç”¨ã™ã‚‹ä¼æ¥ã‚‚å¢—ãˆã¾ã—ãŸã€‚

ç”Ÿæˆ AI ãƒ–ãƒ¼ãƒ ã«ä¹—ã‚Šé…ã‚Œã¾ã„ã¨ã€2025å¹´ã‚‚å¤šãã®ä¼æ¥ãŒç”Ÿæˆ AI ã® PoC ã‚„ã€æ¥å‹™ã¸ã®é©ç”¨ã‚’è©¦ã¿ã‚‹ã‚‚ã®ã¨è€ƒãˆã‚‰ã‚Œã¾ã™ã€‚ã—ã‹ã—ã€ç”Ÿæˆ AI ã¯éŠ€ã®å¼¾ä¸¸ï¼ˆä¸‡èƒ½è–¬ï¼‰ã§ã¯ã‚ã‚Šã¾ã›ã‚“ã€‚ä»¥ä¸‹ã«èª¬æ˜Žã™ã‚‹æ€§è³ªã‚’é©åˆ‡ã«ç†è§£ã—ã€ãƒ“ã‚¸ãƒã‚¹ã«é©ç”¨ã™ã‚‹ã“ã¨ã‚’æ¤œè¨Žã—ã¦ãã ã•ã„ã€‚

ç”Ÿæˆ AI ã¯ç¢ºçŽ‡ã‚¨ãƒ³ã‚¸ãƒ³ã§ã‚ã‚‹ã“ã¨ã‚’ç†è§£ã™ã‚‹

Gemini ã‚’å«ã‚€ç”Ÿæˆ AI ã¯ã€å¤§é‡ã®ãƒ‡ãƒ¼ã‚¿ã‹ã‚‰å¦ç¿’ã—ã€ç¢ºçŽ‡çš„ã«æœ€ã‚‚ãã‚Œã‚‰ã—ã„å›žç”ã‚’ç”Ÿæˆã™ã‚‹ã€Œç¢ºçŽ‡ã‚¨ãƒ³ã‚¸ãƒ³ã€ã§ã™ã€‚ãã®ãŸã‚ã€å®Œç’§ãªå›žç”ã‚’è¿”ã™ã¨ã¯é™ã‚Šã¾ã›ã‚“ã—ã€æ¯Žå›žåŒã˜ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ãŒç”Ÿæˆã•ã‚Œã‚‹ã¨ã‚‚é™ã‚Šã¾ã›ã‚“ã€‚

ã“ã®ç‚¹ã‚’ç†è§£ã—ãŸä¸Šã§ã€Gemini ã‚’æ´»ç”¨ã™ã‚‹æ¥å‹™ã¨ãã†ã§ãªã„æ¥å‹™ã‚’è¦‹æ¥µã‚ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚ã“ã‚Œã‚’ç†è§£ã—ã¦ã„ãªã„ã¨ã€ç²¾åº¦å‘ä¸Šã«å ±ã‚ã‚Œãªã„åŠ´åŠ›ã‚’æ³¨ãŽç¶šã‘ã‚‹ã“ã¨ã«ãªã£ã¦ã—ã¾ã„ã¾ã™ã€‚

å‚è€ƒ : The Prompt: ç¢ºçŽ‡ã€ãƒ‡ãƒ¼ã‚¿ã€ãã—ã¦ç”Ÿæˆ AI ã«å‘ãåˆã†ãƒžã‚¤ãƒ³ãƒ‰ã‚»ãƒƒãƒˆã¨ã¯

ç”Ÿæˆ AI ã«å‘ã„ã¦ã‚‹æ¥å‹™ / å‘ã„ã¦ãªã„æ¥å‹™

å‘ã„ã¦ã„ã‚‹æ¥å‹™

å‰è¿°ã®æ€§è³ªã‹ã‚‰ã€ç”Ÿæˆ AI ã¯ä»¥ä¸‹ã®ã‚ˆã†ãªæ¥å‹™é ˜åŸŸã‚’å¾—æ„ã¨ã—ã¦ã„ã¾ã™ã€‚

å‰µé€ çš„ãªä½œæ¥
æ–°ã—ã„ã‚¢ã‚¤ãƒ‡ã‚¢ã®å‰µå‡ºã€æ–‡ç« ã‚„ã‚³ãƒ¼ãƒ‰ã®ä½œæˆã€ãƒ‡ã‚¶ã‚¤ãƒ³ã€ç¿»è¨³ãªã©

æƒ…å ±åŽé›†ã€åˆ†æž
å¤§é‡ã®ãƒ‡ãƒ¼ã‚¿ã®è¦ç´„ã€ãƒˆãƒ¬ãƒ³ãƒ‰åˆ†æžã€ãƒ¬ãƒãƒ¼ãƒˆä½œæˆãªã©

ã‚³ãƒŸãƒ¥ãƒ‹ã‚±ãƒ¼ã‚·ãƒ§ãƒ³
é«˜åº¦ãªæ£ç¢ºæ€§ãŒæ±‚ã‚ã‚‰ã‚Œãªã„é¡§å®¢å¯¾å¿œã€ç¤¾å†…ã‚³ãƒŸãƒ¥ãƒ‹ã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã€æ•™è‚²ãªã©

åå¾©çš„ãªä½œæ¥
ãƒ‡ãƒ¼ã‚¿å…¥åŠ›ã€è°äº‹éŒ²ä½œæˆã€å˜ç´”ãªè³ªå•ã¸ã®å›žç”ãªã©

å‘ã„ã¦ã„ãªã„æ¥å‹™

åå¯¾ã«ã€ä»¥ä¸‹ã®ã‚ˆã†ãªæ¥å‹™ã«ã¯å‘ã„ã¦ã„ã¾ã›ã‚“ã€‚

é«˜åº¦ãªåˆ¤æ–ã‚„æ„æ€æ±ºå®š
å°‚é–€çŸ¥è˜ã‚„å€«ç†è¦³ãŒæ±‚ã‚ã‚‰ã‚Œã‚‹æ¥å‹™

æ£ç¢ºæ€§ãŒæ±‚ã‚ã‚‰ã‚Œã‚‹æ¥å‹™
åŒ»ç™‚è¨ºæ–ã€é‡‘èžå–å¼•ã€æ³•å¾‹ç›¸è«‡ãªã©

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ä¸Šã€é«˜åº¦ã«ã‚»ãƒ³ã‚·ãƒ†ã‚£ãƒ–ãªæ¥å‹™
é‡è¦ãªå€‹äººæƒ…å ±ã‚„æ©Ÿå¯†æƒ…å ±ã‚’å«ã¿ã€éžå¸¸ã«é«˜åº¦ãªã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ä¸Šã®è€ƒæ…®ãŒå¿…è¦ãªæ¥å‹™

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

ãƒ‡ãƒ¼ã‚¿ä¿è·

ç”Ÿæˆ AI ã®æ¥å‹™åˆ©ç”¨ã§ã¯ã€å…¥åŠ›ã—ãŸãƒ—ãƒãƒ³ãƒ—ãƒˆã‚„ç”Ÿæˆã•ã‚ŒãŸã‚³ãƒ³ãƒ†ãƒ³ãƒ„ãŒã€ç”Ÿæˆ AI ã‚µãƒ¼ãƒ“ã‚¹æä¾›äº‹æ¥è€…ã«ã‚ˆã£ã¦ã©ã†æ‰±ã‚ã‚Œã‚‹ã‹ã«ååˆ†æ³¨æ„ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

å¤šãã®å ´åˆã€ç„¡å„Ÿã®ç”Ÿæˆ AI ãƒ—ãƒãƒ€ã‚¯ãƒˆã§ã¯ã€å…¥å‡ºåŠ›ãƒ‡ãƒ¼ã‚¿ãŒäº‹æ¥è€…ã®ã‚µãƒ¼ãƒ“ã‚¹æ”¹å–„ã®ãŸã‚ã«åˆ©ç”¨ã•ã‚Œã¾ã™ã€‚ã“ã‚Œã‚’é˜²ãã«ã¯ã€æœ‰å„Ÿç‰ˆã‚’è³¼å…¥ã—ã€ã‚ªãƒ—ãƒˆã‚¢ã‚¦ãƒˆã¨å‘¼ã°ã‚Œã‚‹ã€Œäº‹æ¥è€…ã«ã‚ˆã£ã¦å…¥å‡ºåŠ›ãƒ‡ãƒ¼ã‚¿ãŒã‚µãƒ¼ãƒ“ã‚¹æ”¹å–„ã«ç”¨ã„ã‚‰ã‚Œãªã„ã‚ˆã†ã«ã™ã‚‹ã€ã‚ªãƒ—ã‚·ãƒ§ãƒ³ã‚’æœ‰åŠ¹åŒ–ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

Gemini ã®å ´åˆã€ç„¡å„Ÿç‰ˆã® Gemini ã‚¢ãƒ—ãƒªã‚„ç„¡å„Ÿç‰ˆã® Gemini APIï¼ˆGoogle AI Studioï¼‰ã§ã¯ã€å…¥å‡ºåŠ›ãƒ‡ãƒ¼ã‚¿ãŒã‚µãƒ¼ãƒ“ã‚¹æ”¹å–„ã«åˆ©ç”¨ã•ã‚Œã‚‹ã“ã¨ãŒåˆ©ç”¨è¦ç´„ã«æ˜Žè¨˜ã•ã‚Œã¦ã„ã¾ã™ã€‚

ä¸€æ–¹ã§ã€Gemini for Google Workspace ã‚„ Generative AI on Vertex AIï¼ˆGoogle Cloudï¼‰ã§ã¯ã€å…¥å‡ºåŠ›ãƒ‡ãƒ¼ã‚¿ã«ã‚¨ãƒ³ã‚¿ãƒ¼ãƒ—ãƒ©ã‚¤ã‚ºã‚°ãƒ¬ãƒ¼ãƒ‰ã®ãƒ‡ãƒ¼ã‚¿ä¿è·ãŒé©ç”¨ã•ã‚Œã€ã‚µãƒ¼ãƒ“ã‚¹æ”¹å–„ãªã©ã«ã¯åˆ©ç”¨ã•ã‚Œã¾ã›ã‚“ã€‚

ã“ã®ç‚¹ã‚’ã‚ˆãç†è§£ã—ã€åˆ©ç”¨è¦ç´„ãªã©ã‚’ç¢ºèªã—ã¦ãã ã•ã„ã€‚

ç”Ÿæˆ AI ã‚¢ãƒ—ãƒªã¸ã®æ”»æ’ƒ

ç‰¹ã«è‡ªç¤¾ã‚¢ãƒ—ãƒªã«ç”Ÿæˆ AI ã‚’çµ„ã¿è¾¼ã‚“ã§ä¸€èˆ¬ãƒ¦ãƒ¼ã‚¶ãƒ¼å‘ã‘ã«å…¬é–‹ã™ã‚‹å ´åˆã€ç”Ÿæˆ AI ã®è„†å¼±æ€§ã‚’çªãæ”»æ’ƒæ‰‹æ³•ã§ã‚ã‚‹ãƒ—ãƒãƒ³ãƒ—ãƒˆã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ãªã©ã«ååˆ†æ³¨æ„ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

ãƒ—ãƒãƒ³ãƒ—ãƒˆã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ã¯ã€ç”Ÿæˆ AI ã«æ‚ªæ„ã‚’æŒã£ã¦å·¥å¤«ã—ãŸãƒ—ãƒãƒ³ãƒ—ãƒˆã‚’æŠ•å…¥ã—ã€æœ¬æ¥ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒã—ã‚‹ã¹ãã§ã¯ãªã„æƒ…å ±ç‰ã‚’ç”ãˆã•ã›ã‚‹æ‰‹æ³•ã§ã™ã€‚ã“ã‚Œã«ã‚ˆã‚Šã€æ©Ÿå¯†æƒ…å ±ã‚„ã‚·ã‚¹ãƒ†ãƒ ã®å†…éƒ¨æ§‹é€ ãŒæ¼æ´©ã™ã‚‹ãƒªã‚¹ã‚¯ãŒã‚ã‚Šã¾ã™ã€‚

ã€Œã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³å†…éƒ¨æ§‹é€ ã«ãŠã‘ã‚‹ãƒ‡ãƒ¼ã‚¿ã®ã‚¢ã‚¯ã‚»ã‚¹æ¨©é™è¨è¨ˆã€ã€Œã‚·ã‚¹ãƒ†ãƒ å´ãƒ—ãƒãƒ³ãƒ—ãƒˆã®å·¥å¤«ã€ã€Œãƒ¬ã‚¹ãƒãƒ³ã‚¹ã¸ã®ãƒ•ã‚£ãƒ«ã‚¿è¨å®šã€ã€Œç”Ÿæˆ AI ãŒæ‹…å½“ã™ã‚‹æ©Ÿèƒ½ç¯„å›²ã®èª¿æ•´ã€ãªã©ã€é©åˆ‡ãªå¯¾å‡¦ã‚’è¡Œã†ã“ã¨ã§ãƒªã‚¹ã‚¯ã‚’ä½Žæ¸›ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

ä¸é©åˆ‡ãªç”Ÿæˆã‚³ãƒ³ãƒ†ãƒ³ãƒ„

ç”Ÿæˆ AI ã¯ç¢ºçŽ‡è«–çš„ãªä»•çµ„ã¿ã§ã‚ã‚‹ãŸã‚ã€ä¸é©åˆ‡ãªç”Ÿæˆã‚³ãƒ³ãƒ†ãƒ³ãƒ„ãŒç”Ÿæˆã•ã‚Œã‚‹å¯èƒ½æ€§ã‚’å¦å®šã§ãã¾ã›ã‚“ã€‚ç‰¹ã«å¤–éƒ¨ã«å…¬é–‹ã™ã‚‹å¯èƒ½æ€§ã®ã‚ã‚‹ç”Ÿæˆ AI ã‚’çµ„ã¿è¾¼ã‚“ã è‡ªç¤¾ã‚¢ãƒ—ãƒªã§ã¯ã€æ”¿æ²»ã€å®—æ•™ã€æ€§çš„ãªã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã€å·®åˆ¥çš„ãªç™ºè¨€ã€ãƒ–ãƒ©ãƒ³ãƒ‰ã‚¤ãƒ¡ãƒ¼ã‚¸ã‚’æ¯€æã™ã‚‹ã‚ˆã†ãªã‚³ãƒ³ãƒ†ãƒ³ãƒ„ãªã©ãŒç”Ÿæˆã•ã‚Œã‚‹ãƒªã‚¹ã‚¯ã‚’ä½Žæ¸›ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

ã‚·ã‚¹ãƒ†ãƒ ãƒ—ãƒãƒ³ãƒ—ãƒˆã‚’å·¥å¤«ã™ã‚‹ã“ã¨ã§ãã†ã„ã£ãŸç”Ÿæˆã‚’æŠ‘æ¢ã—ãŸã‚Šã€Gemini ã§ã¯å®‰å…¨ãƒ•ã‚£ãƒ«ã‚¿ã«ã‚ˆã£ã¦ãã®ã‚ˆã†ãªã‚³ãƒ³ãƒ†ãƒ³ãƒ„ãŒè¿”ç”ã•ã‚Œã‚‹ã“ã¨ã‚’é˜²ãã“ã¨ãŒã§ãã¾ã™ã€‚

å‚è€ƒ : å®‰å…¨ã«é–¢ã™ã‚‹ã‚·ã‚¹ãƒ†ãƒ æŒ‡ç¤º
å‚è€ƒ : å®‰å…¨ãƒ•ã‚£ãƒ«ã‚¿ã‚’æ§‹æˆã™ã‚‹

å°Žå…¥äº‹ä¾‹

æ¥ç¨®ã‚„æ¥æ…‹ã‚’å•ã‚ãšã€æ§˜ã€…ãªä¼æ¥ãŒ Gemini ã‚’å°Žå…¥ã—ã€æ¥å‹™åŠ¹çŽ‡åŒ–ã‚„é¡§å®¢æº€è¶³åº¦ã‚’å‘ä¸Šã—ã¦ã„ã¾ã™ã€‚å…·ä½“çš„ãªå°Žå…¥äº‹ä¾‹ã¯ã€ä»¥ä¸‹ã®è¨˜äº‹ã‚’å‚è€ƒã«ã—ã¦ãã ã•ã„ã€‚

g-gen.co.jp

G-gen ç¤¾ã®æä¾›ã™ã‚‹ã€ŒGenerative AI æ´»ç”¨æ”¯æ´ã‚½ãƒªãƒ¥ãƒ¼ã‚·ãƒ§ãƒ³ã€ã§ã¯ã€Google Cloud ã®ã‚¹ãƒšã‚·ãƒ£ãƒªã‚¹ãƒˆã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ãŒã€è²´ç¤¾ã® Gemini æ´»ç”¨ã‚’æ”¯æ´ã—ã¾ã™ã€‚é–‹ç™ºã‚’å†…è£½åŒ–ã™ã‚‹å ´åˆã¨ã€å¤–æ³¨ã™ã‚‹å ´åˆã®ä¸¡æ–¹ã§æ´»ç”¨ã„ãŸã ã‘ã¾ã™ã€‚

g-gen.co.jp

Microsoft Teamsã‹ã‚‰Google Chatã¸ã®ãƒ‡ãƒ¼ã‚¿ç§»è¡Œã‚’æ¤œè¨¼ã—ã¦ã¿ãŸ

2024-12-23T09:00:00+09:00

G-gen ã®ä¸‰æµ¦ã§ã™ã€‚å½“è¨˜äº‹ã§ã¯2024å¹´12æœˆ17æ—¥ã«ãƒ™ãƒ¼ã‚¿ç‰ˆã¨ã—ã¦å…¬é–‹ã•ã‚ŒãŸ Microsoft Teams ã‹ã‚‰ Google Chat ã¸ã®ç§»è¡Œãƒ„ãƒ¼ãƒ«ã®æ¤œè¨¼çµæžœã‚’ã”ç´¹ä»‹ã—ã¾ã™ã€‚

æ¦‚è¦
æ¤œè¨¼æ¦‚è¦
- æ¤œè¨¼ç’°å¢ƒ
- æ¤œè¨¼ã®æµã‚Œ
è¨å®šæ‰‹é †

æ¦‚è¦

Microsoft Teams ã‹ã‚‰ã®ãƒ‡ãƒ¼ã‚¿ç§»è¡Œ ã¨ã¯

Teams ã‹ã‚‰ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ç§»è¡Œæ©Ÿèƒ½ã¯ã€Google Workspace ã®ç®¡ç†æ©Ÿèƒ½ã§ã‚ã‚Šã€Microsoft Teamsï¼ˆä»¥ä¸‹ã€Teamsï¼‰ã®ãƒãƒ£ãƒ³ãƒãƒ«ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ Google Chatï¼ˆä»¥ä¸‹ã€Chatï¼‰ã®ã‚¹ãƒšãƒ¼ã‚¹ã«ç§»è¡Œã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

å‚è€ƒ : Teams ã‹ã‚‰ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ç§»è¡Œã«ã¤ã„ã¦ï¼ˆãƒ™ãƒ¼ã‚¿ç‰ˆï¼‰

å‰ææ¡ä»¶

2024å¹´12æœˆç¾åœ¨ã€æœ¬æ©Ÿèƒ½ã¯ãƒ™ãƒ¼ã‚¿ç‰ˆã§ã‚ã‚Šã€æ£å¼ãƒªãƒªãƒ¼ã‚¹ã•ã‚Œã¦ã„ã¾ã›ã‚“ã€‚ãƒ™ãƒ¼ã‚¿ç‰ˆæ©Ÿèƒ½ã®æœ¬ç•ªç’°å¢ƒã§ã®åˆ©ç”¨ã¯éžæŽ¨å¥¨ã®ãŸã‚ã€ãƒ†ã‚¹ãƒˆã‚„æ¤œè¨¼ã§ä½¿ç”¨ã—ã¦ãã ã•ã„ã€‚è©³ç´°ã¯ä»¥ä¸‹ã®åˆ©ç”¨è¦ç´„ã‚’ã”ç¢ºèªãã ã•ã„ã€‚

å‚è€ƒ : Google Workspace ã‚µãƒ¼ãƒ“ã‚¹å›ºæœ‰ã®åˆ©ç”¨è¦ç´„

å½“æ©Ÿèƒ½ã§ç§»è¡Œã‚’å®Ÿæ–½ã™ã‚‹ã«ã¯ã€Google Workspace å´ã§ã¯ç‰¹æ¨©ç®¡ç†è€…ãƒãƒ¼ãƒ«ãŒã€Teams å´ã§ã¯ã‚°ãƒãƒ¼ãƒãƒ«ç®¡ç†è€…ãƒãƒ¼ãƒ«ãŒå¿…è¦ã§ã™ã€‚

åˆ¶ç´„

å½“æ©Ÿèƒ½ã«ã¯ä»¥ä¸‹ã®ã‚ˆã†ãªåˆ¶é™ãŒã‚ã‚Šã¾ã™ã€‚

ãƒãƒ¼ãƒ å†…ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã¿ç§»è¡Œå¯èƒ½ã§ã™ã€‚ãƒ¦ãƒ¼ã‚¶ãƒ¼é–“ã®å€‹åˆ¥ãƒãƒ£ãƒƒãƒˆã‚„ãƒ€ã‚¤ãƒ¬ã‚¯ãƒˆãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã¯ç§»è¡Œã§ãã¾ã›ã‚“ã€‚
Teams ã®ã€Œãƒãƒ¼ãƒ ã€ã¯ Chat ã®ã€Œã‚¹ãƒšãƒ¼ã‚¹ã€ã«å¤‰æ›ã•ã‚Œã¾ã™ã€‚ãŸã ã—ã€å…ƒã®æ¨©é™ï¼ˆæ¨™æº–ã€ãƒ—ãƒ©ã‚¤ãƒ™ãƒ¼ãƒˆï¼‰ã¯ã™ã¹ã¦åˆ¶é™ä»˜ãã‚¹ãƒšãƒ¼ã‚¹ã«å¤‰æ›ã•ã‚Œã¾ã™ã€‚åˆ¶é™ä»˜ãã‚¹ãƒšãƒ¼ã‚¹ã¯å¾Œã‹ã‚‰å¤‰æ›´å¯èƒ½ã§ã™ã€‚

ç§»è¡Œã«é–¢ã™ã‚‹åˆ¶é™ã®è©³ç´°ã¯ã€ä»¥ä¸‹å…¬å¼ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’ã”ç¢ºèªãã ã•ã„ã€‚

å‚è€ƒ : ãƒãƒ£ãƒƒãƒˆã®ç§»è¡Œã§ç§»è¡Œã•ã‚Œã‚‹ãƒ‡ãƒ¼ã‚¿ï¼ˆãƒ™ãƒ¼ã‚¿ç‰ˆï¼‰

æ¤œè¨¼æ¦‚è¦

æ¤œè¨¼ç’°å¢ƒ

æ¤œè¨¼ç’°å¢ƒã¯ä»¥ä¸‹ã®ã¨ãŠã‚Šã§ã™ã€‚å®Ÿéš›ã®ç§»è¡Œã‚±ãƒ¼ã‚¹ã‚’æƒ³å®šã—ã€Teams ã¨ Chat ã®ãƒ‰ãƒ¡ã‚¤ãƒ³ãŠã‚ˆã³ãƒ¦ãƒ¼ã‚¶ãƒ¼æƒ…å ±ã‚’çµ±ä¸€ã—ãŸç’°å¢ƒã§æ¤œè¨¼ã—ã¾ã—ãŸã€‚

ãƒ—ãƒ©ãƒƒãƒˆãƒ•ã‚©ãƒ¼ãƒ	ãƒ‰ãƒ¡ã‚¤ãƒ³å	ãƒ¦ãƒ¼ã‚¶ãƒ¼å	ãƒ©ã‚¤ã‚»ãƒ³ã‚¹
Google Workspace	miurak-test.com	[email protected]	Google Workspace Business Standard
Microsoft 365	miurak-test.com	[email protected]	Microsoft 365 Business Basic

Teams ã®ãƒãƒ¼ãƒ ã¯ä»¥ä¸‹ã®ã¨ãŠã‚Šã§ã™ã€‚

è¦ªãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒª	ãƒãƒ¼ãƒ å	ç¨®é¡ž	æ‰€æœ‰è€…
æ—¢å®šã®ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒª	ä¸€èˆ¬	æ¨™æº–	[email protected]
æ—¢å®šã®ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒª	teams-channel-private	ãƒ—ãƒ©ã‚¤ãƒ™ãƒ¼ãƒˆ	[email protected]
æ—¢å®šã®ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒª	teams-channel-public	æ¨™æº–	[email protected]

ãƒãƒ¼ãƒ è¨å®š

æ¤œè¨¼ã®æµã‚Œ

ä»¥ä¸‹ã®æ‰‹é †ã§ãƒ‡ãƒ¼ã‚¿ã®ç§»è¡Œã‚’å®Ÿæ–½ã—ã¾ã™ã€‚

é …ç›®	ä½œæ¥	ãƒ—ãƒ©ãƒƒãƒˆãƒ•ã‚©ãƒ¼ãƒ
1	Teams ã®ã‚°ãƒ«ãƒ¼ãƒ— ID ã‚’ç¢ºèª	Microsoft 365
2	ç§»è¡Œç”¨ã® csv ãƒ•ã‚¡ã‚¤ãƒ«ã®æº–å‚™	Google Workspace
3	ãƒ‡ãƒ¼ã‚¿ç§»è¡Œã®å®Ÿæ–½	Google Workspace
4	ç§»è¡Œå¾Œã«ã€Teams ã§æ–°è¦ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’é€ä¿¡	Microsoft 365
5	å·®åˆ†ç§»è¡Œã®å®Ÿæ–½	Google Workspace
6	ç§»è¡Œã‚’å®Œäº†ã—ã€ã‚¹ãƒšãƒ¼ã‚¹ã‚’å±•é–‹	Google Workspace

è¨å®šæ‰‹é †

[Microsoft 365] Teams ã®ã‚°ãƒ«ãƒ¼ãƒ— ID ã‚’ç¢ºèª

Microsoft Teams ç®¡ç†ã‚»ãƒ³ã‚¿ãƒ¼ï¼ˆhttps://admin.teams.microsoft.comï¼‰ã«ãƒã‚°ã‚¤ãƒ³ã—ã¾ã™ã€‚

å‚è€ƒ : Microsoft Teams ç®¡ç†ã‚»ãƒ³ã‚¿ãƒ¼ã§ãƒãƒ¼ãƒ ã‚’ç®¡ç†ã™ã‚‹

[Teams] > [ãƒãƒ¼ãƒ ã‚’ç®¡ç†] > [ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆ] ã‹ã‚‰ã€ãƒãƒ¼ãƒ æƒ…å ±ã‚’ csv å½¢å¼ã§ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚

ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚’é¸æŠž

ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚’å®Ÿè¡Œ

csv ã‚’ç¢ºèªã—ã€Groups Id ã‚’æŽ§ãˆã¦ãã ã•ã„ã€‚

ã‚°ãƒ«ãƒ¼ãƒ—IDã®ç¢ºèª

[Google Workspace] ç§»è¡Œç”¨ã® csv ãƒ•ã‚¡ã‚¤ãƒ«ã®æº–å‚™

Google Workspace ã®ç®¡ç†ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ï¼ˆhttps://admin.google.comï¼‰ã«ãƒã‚°ã‚¤ãƒ³ã—ã¾ã™ã€‚

å‚è€ƒ : ç®¡ç†ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã«ãƒã‚°ã‚¤ãƒ³ã™ã‚‹

[ãƒ‡ãƒ¼ã‚¿] > [ãƒ‡ãƒ¼ã‚¿ã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã¨ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆ] > [ãƒ‡ãƒ¼ã‚¿ç§»è¡Œï¼ˆæ–°è¦ï¼‰] ã¸ç§»å‹•ã—ã€ã‚¹ãƒ†ãƒƒãƒ— 2 ã® [ã‚µãƒ³ãƒ—ãƒ« csv ã‚’ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰] ã‚’é¸æŠžã—ã¾ã™ã€‚

ç§»è¡Œç”¨ã®ã‚µãƒ³ãƒ—ãƒ« csv ã®ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰

ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã—ãŸ csv ã‚’é–‹ãã€Source MicrosoftTeamsID ã®ç®‡æ‰€ã«ã€å‰ã®æ‰‹é †ã§ç¢ºèªã—ãŸ Teams ã® Groups Id ã‚’å…¥åŠ›ã—ã€ä¿å˜ã—ã¾ã™ã€‚

ç§»è¡Œç”¨ã® csv ãƒ•ã‚¡ã‚¤ãƒ«ã®ç·¨é›†

[Google Workspace] ãƒ‡ãƒ¼ã‚¿ç§»è¡Œã®å®Ÿæ–½

ãƒãƒ£ãƒƒãƒˆã®ç§»è¡Œã® [ã‚¹ãƒ†ãƒƒãƒ— 1] ã§ [Microsoft ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã«æŽ¥ç¶š] ã‚’é¸æŠžã—ã€ç§»è¡Œãƒ„ãƒ¼ãƒ«ã«æ¨©é™ã‚’ä»˜ä¸Žã—ã¾ã™ã€‚

Microsoftã‚¢ã‚«ã‚¦ãƒ³ãƒˆã«æŽ¥ç¶š

Microsoftã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’é¸æŠž

ã‚¢ã‚¯ã‚»ã‚¹è¨±å¯å†…å®¹ã‚’ç¢ºèªã—ã¦æ‰¿è«¾

æŽ¥ç¶šã‚’ç¢ºèª

[ã‚¹ãƒ†ãƒƒãƒ— 2] ã® [ç§»è¡Œãƒžãƒƒãƒ—ã® csv ã‚’ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰] ã‚’é¸æŠžã—ã€å‰ã®æ‰‹é †ã§ä½œæˆã—ãŸ csv ãƒ•ã‚¡ã‚¤ãƒ«ã‚’é¸æŠžã—ã¾ã™ã€‚

ä½œæˆã—ãŸcsvã®ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰

[ã‚¹ãƒ†ãƒƒãƒ— 3] ã¯ã€Teams ã¨ Chat ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼åãŒç•°ãªã‚‹å ´åˆã®ã¿å®Ÿæ–½ã—ã¾ã™ã€‚ä»Šå›žã¯åŒã˜ãŸã‚ã€çœç•¥ã—ã¾ã™ã€‚

ä¾‹: Microsoft 365 ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒ [email protected] ã§ã€ã“ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚’ Google Workspace ã® [email protected] ã«é–¢é€£ä»˜ã‘ãŸã„å ´åˆã«å®Ÿæ–½ã—ã¾ã™ã€‚

ãƒ¦ãƒ¼ã‚¶ãƒ¼IDã®é–¢é€£ä»˜ã‘

å‚è€ƒ : ã‚¹ãƒ†ãƒƒãƒ— 4: ID ãƒžãƒƒãƒ—ã‚’ä½œæˆã—ã¦ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ã™ã‚‹ï¼ˆå¿…è¦ãªå ´åˆï¼‰

[ã‚¹ãƒ†ãƒƒãƒ— 4] ã§ä»¥ä¸‹ã‚’é¸æŠžã—ã¦ [ä¿å˜] ã—ã¦ãã ã•ã„ã€‚

ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ç§»è¡Œé–‹å§‹æ—¥ï¼šTeams ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ Chat ã¸ç§»è¡Œã™ã‚‹é–‹å§‹æ—¥ã‚’é¸æŠžã—ã¾ã™ã€‚
ãƒžãƒƒãƒ”ãƒ³ã‚°ã•ã‚Œã¦ã„ãªã„ IDï¼šæœ‰åŠ¹åŒ–
- ID ã®ç§»è¡Œå…ƒãƒ‰ãƒ¡ã‚¤ãƒ³ã‚’ä¿æŒã™ã‚‹ï¼šTeams ã¨ Chat ã®ãƒ‰ãƒ¡ã‚¤ãƒ³ãŒåŒã˜å ´åˆã¯ã“ã¡ã‚‰ã‚’é¸æŠž
- ID ã«ã‚¿ãƒ¼ã‚²ãƒƒãƒˆãƒ‰ãƒ¡ã‚¤ãƒ³ã‚’ä½¿ç”¨ã™ã‚‹ï¼šTeams ã¨ Chat ã®ãƒ‰ãƒ¡ã‚¤ãƒ³ãŒç•°ãªã‚‹å ´åˆã¯ã“ã¡ã‚‰ã‚’é¸æŠž

ç§»è¡Œè¨å®šã®é¸æŠž

[ã‚¹ãƒ†ãƒƒãƒ— 5] ã® [ç§»è¡Œã‚’é–‹å§‹] ã‚’é¸æŠžã—ã¾ã™ã€‚

ç§»è¡Œã®é–‹å§‹

ç§»è¡ŒãŒå®Œäº†ã—ãŸã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚è©³ç´°ã¯ [ç§»è¡Œãƒ¬ãƒãƒ¼ãƒˆ] ã¾ãŸã¯ [æ¦‚è¦ãƒ¬ãƒãƒ¼ãƒˆ] ã‚’ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã§ç¢ºèªã§ãã¾ã™ã€‚

â€» ã“ã®æ™‚ç‚¹ã§ã¯ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼å´ã«ç§»è¡Œã—ãŸã‚¹ãƒšãƒ¼ã‚¹ã¯è¡¨ç¤ºã•ã‚Œã¾ã›ã‚“ã€‚å·®åˆ†ã‚’å«ã‚ãŸç§»è¡Œä½œæ¥ã‚’ã™ã¹ã¦å®Œäº†ã—ã€æœ€å¾Œã« [ã‚¹ãƒšãƒ¼ã‚¹ã‚’ãƒãƒ¼ãƒ«ã‚¢ã‚¦ãƒˆ] ã™ã‚‹ã“ã¨ã§è¡¨ç¤ºã•ã‚Œã¾ã™ã€‚

ç§»è¡Œå®Œäº†ç¢ºèª

æ¦‚è¦ãƒ¬ãƒãƒ¼ãƒˆ

[Microsoft 365] ç§»è¡Œå¾Œã«ã€Teams ã§æ–°è¦ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’é€ä¿¡

ãƒ‡ãƒ¼ã‚¿ã®ç§»è¡Œå¾Œã« Teams ã®ãƒãƒ£ãƒ³ãƒãƒ«ã§æ–°è¦ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’é€ä¿¡ã—ã¾ã™ã€‚

å·®åˆ†æ¤œçŸ¥ç”¨ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸

[Google Workspace] å·®åˆ†ç§»è¡Œã®å®Ÿæ–½

ãƒãƒ£ãƒƒãƒˆã®ç§»è¡Œã‹ã‚‰ [ã‚¹ãƒ†ãƒƒãƒ— 5] ã® [å·®åˆ†ç§»è¡Œã‚’å®Ÿè¡Œ] ã‚’é¸æŠžã—ã¾ã™ã€‚

å·®åˆ†ç§»è¡Œã‚’å®Ÿæ–½

å‡¦ç†ãŒæˆåŠŸã—ãŸã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚

å·®åˆ†ç§»è¡Œã®æˆåŠŸ

æ¦‚è¦ãƒ¬ãƒãƒ¼ãƒˆ

[Google Workspace] ç§»è¡Œã‚’å®Œäº†ã—ã€ã‚¹ãƒšãƒ¼ã‚¹ã‚’å±•é–‹

ã™ã¹ã¦ã®ç§»è¡ŒãŒå®Œäº†ã—ãŸã‚‰ã€[ã‚¹ãƒšãƒ¼ã‚¹ã‚’ãƒãƒ¼ãƒ«ã‚¢ã‚¦ãƒˆ] ã‚’é¸æŠžã—ã¾ã™ã€‚

ã‚¹ãƒšãƒ¼ã‚¹ã®ãƒãƒ¼ãƒ«ã‚¢ã‚¦ãƒˆã‚’å®Ÿæ–½

æ³¨æ„äº‹é …ã‚’ç¢ºèªã—ãŸã†ãˆã§ã€[ã‚¹ãƒšãƒ¼ã‚¹ã‚’ãƒãƒ¼ãƒ«ã‚¢ã‚¦ãƒˆ] ã‚’å®Ÿè¡Œã—ã¾ã™ã€‚ã“ã®æ“ä½œã‚’è¡Œã†ã¨ã€Teams å´ã§æ–°ãŸã«è¿½åŠ ã•ã‚ŒãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚„å¤‰æ›´å†…å®¹ã¯ Chat ã«ç§»è¡Œã•ã‚Œã¾ã›ã‚“ã€‚äº‹å‰ã«ååˆ†ã«ç¢ºèªã—ãŸã†ãˆã§é€²ã‚ã¦ãã ã•ã„ã€‚

æ³¨æ„äº‹é …ã‚’ç¢ºèªã—ãŸã†ãˆã§ã€[ã‚¹ãƒšãƒ¼ã‚¹ã‚’ãƒãƒ¼ãƒ«ã‚¢ã‚¦ãƒˆ] ã‚’å®Ÿè¡Œã—ã¾ã™ã€‚ç‰¹ã«ä»¥ä¸‹ã®ç‚¹ã«ã”æ³¨æ„ãã ã•ã„

ã“ã®æ“ä½œã¯ã€ç§»è¡Œé–‹å§‹ã‹ã‚‰30æ—¥ä»¥å†…ã«å®Œäº†ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚
- 30æ—¥ã‚’éŽãŽã‚‹ã¨ã€ç§»è¡Œã‚’æœ€åˆã‹ã‚‰ã‚„ã‚Šç›´ã™å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚
ãƒãƒ¼ãƒ«ã‚¢ã‚¦ãƒˆå¾Œã€Teams å´ã§ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚„å¤‰æ›´ã¯å†ç§»è¡Œã§ãã¾ã›ã‚“ã€‚

æ³¨æ„äº‹é …ã®ç¢ºèªã¨ãƒãƒ¼ãƒ«ã‚¢ã‚¦ãƒˆå®Ÿè¡Œ

å‚è€ƒ : æ‰‹é † 3: ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒã‚¹ãƒšãƒ¼ã‚¹ã¨ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’åˆ©ç”¨ã§ãã‚‹ã‚ˆã†ã«ã™ã‚‹

ã‚¹ãƒšãƒ¼ã‚¹ã®å…¬é–‹ãŒå®Œäº†ã—ãŸã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚

å…¬é–‹ç¢ºèª

Chat ã‚’ç¢ºèªã—ã€å·®åˆ†ç”¨ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚‚å«ã‚ã¦ç§»è¡Œã§ãã‚‹ã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚

Google Chat ã§ã®ãƒ‡ãƒ¼ã‚¿ç§»è¡Œç¢ºèª

ã‚¤ãƒ³ãƒ™ãƒ³ãƒˆãƒªãƒ¬ãƒãƒ¼ãƒˆã‚’ä½¿ã£ãŸGoogle ãƒ‰ãƒ©ã‚¤ãƒ–ã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãƒªã‚¹ã‚¯ç®¡ç†

2024-12-20T09:00:00+09:00

G-gen ã®ä¸‰æµ¦ã§ã™ã€‚å½“è¨˜äº‹ã§ã¯ã€Google ãƒ‰ãƒ©ã‚¤ãƒ–ã®ã‚¤ãƒ³ãƒ™ãƒ³ãƒˆãƒªãƒ¬ãƒãƒ¼ãƒˆæ©Ÿèƒ½ã‚’ä½¿ã£ãŸã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãƒªã‚¹ã‚¯ã®ç®¡ç†æ–¹æ³•ã‚’ç´¹ä»‹ã—ã¾ã™ã€‚

æ¦‚è¦
- ãƒ‰ãƒ©ã‚¤ãƒ–ã‚¤ãƒ³ãƒ™ãƒ³ãƒˆãƒªã¨ã¯
- å‰ææ¡ä»¶
è¨å®šã®æ¦‚è¦
è¨å®šæ‰‹é †
ãƒ‡ãƒ¼ã‚¿æŠ½å‡ºä¾‹

æ¦‚è¦

ãƒ‰ãƒ©ã‚¤ãƒ–ã‚¤ãƒ³ãƒ™ãƒ³ãƒˆãƒªã¨ã¯

Google ãƒ‰ãƒ©ã‚¤ãƒ–ã®ã‚¤ãƒ³ãƒ™ãƒ³ãƒˆãƒªãƒ¬ãƒãƒ¼ãƒˆæ©Ÿèƒ½ã¯ã€çµ„ç¹”å†…ã® Google ãƒ‰ãƒ©ã‚¤ãƒ–ã‚„å…±æœ‰ãƒ‰ãƒ©ã‚¤ãƒ–ã®åˆ©ç”¨çŠ¶æ³ã‚’æŠŠæ¡ã—ã€ç®¡ç†è€…ãŒãƒ‡ãƒ¼ã‚¿ã‚’ç›£æŸ»ãƒ»ç®¡ç†ã™ã‚‹ãŸã‚ã®æ©Ÿèƒ½ã§ã™ã€‚

ã“ã®æ©Ÿèƒ½ã‚’ä½¿ãˆã°ã€ãƒ‰ãƒ©ã‚¤ãƒ–å†…ã®ãƒ•ã‚¡ã‚¤ãƒ«æƒ…å ±ã‚„ã‚¢ã‚¯ã‚»ã‚¹æ¨©ã€æ›´æ–°æ—¥æ™‚ã‚’é€±æ¬¡ã§ BigQuery ã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã§ãã¾ã™ã€‚ã“ã‚Œã«ã‚ˆã‚Šã€ãƒ‡ãƒ¼ã‚¿æ¼æ´©ãƒªã‚¹ã‚¯ã®è»½æ¸›ã‚„åˆ©ç”¨çŠ¶æ³ã®å¯è¦–åŒ–ãŒå¯èƒ½ã§ã™ã€‚

å‰ææ¡ä»¶

ãƒ‰ãƒ©ã‚¤ãƒ–ã‚¤ãƒ³ãƒ™ãƒ³ãƒˆãƒªãƒ¬ãƒãƒ¼ãƒˆæ©Ÿèƒ½ã¯ã€ä»¥ä¸‹ã® Google Workspace ã‚¨ãƒ‡ã‚£ã‚·ãƒ§ãƒ³ã§ä½¿ç”¨ã§ãã¾ã™ã€‚

Enterprise Standard
Enterprise Plus
Education Standard
Education Plus
Enterprise Essentials Plus
Cloud Identity Premium

è©³ç´°ã¯ä»¥ä¸‹ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’ã”å‚ç…§ãã ã•ã„ã€‚

å‚è€ƒ : çµ„ç¹”ã®ãƒ‰ãƒ©ã‚¤ãƒ–ã®ã‚¤ãƒ³ãƒ™ãƒ³ãƒˆãƒªã‚’ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã™ã‚‹

è¨å®šã®æ¦‚è¦

ä»¥ä¸‹ã®æ‰‹é †ã§ã‚¤ãƒ³ãƒ™ãƒ³ãƒˆãƒªãƒ¬ãƒãƒ¼ãƒˆã‚’è¨å®šã—ã€å‹•ä½œã‚’ç¢ºèªã—ã¾ã™ã€‚

é †ç•ª	ä½œæ¥å ´æ‰€	ä½œæ¥å	å†…å®¹
1	Google Cloud	BigQuery ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆä½œæˆ	ã‚¤ãƒ³ãƒ™ãƒ³ãƒˆãƒªãƒ¬ãƒãƒ¼ãƒˆã‚’ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã™ã‚‹ BigQuery ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆã‚’ä½œæˆã—ã¾ã™ã€‚
2	Google Workspace	ã‚¤ãƒ³ãƒ™ãƒ³ãƒˆãƒªãƒ¬ãƒãƒ¼ãƒˆã®æœ‰åŠ¹åŒ–	ã‚¤ãƒ³ãƒ™ãƒ³ãƒˆãƒªãƒ¬ãƒãƒ¼ãƒˆã‚’æœ‰åŠ¹åŒ–ã—ã¾ã™ã€‚
3	Google Cloud	ãƒ¬ãƒãƒ¼ãƒˆãƒ‡ãƒ¼ã‚¿ã®ç¢ºèª	BigQuery ã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã•ã‚ŒãŸãƒ‡ãƒ¼ã‚¿ã‚’ç¢ºèªã—ã¾ã™ã€‚

è¨å®šæ‰‹é †

[Google Cloud] BigQuery ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆã®ä½œæˆ

BigQuery ã®ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆã‚’ä½œæˆã—ã¾ã™ã€‚Google Workspace ã§ãƒ‡ãƒ¼ã‚¿ ãƒªãƒ¼ã‚¸ãƒ§ãƒ³ ãƒãƒªã‚·ãƒ¼ã‚’ä½¿ç”¨ã—ã¦ã„ã‚‹å ´åˆã¯ã€BigQuery ã®ãƒªãƒ¼ã‚¸ãƒ§ãƒ³ã‚’ãƒãƒªã‚·ãƒ¼ã§æŒ‡å®šã—ãŸãƒªãƒ¼ã‚¸ãƒ§ãƒ³ã¨åŒä¸€ã«ã—ã¾ã™ã€‚

å‚è€ƒ : ãƒ‡ãƒ¼ã‚¿ã®åœ°ç†çš„ãªå ´æ‰€ã‚’é¸æŠžã™ã‚‹

# ç’°å¢ƒå¤‰æ•°ã‚’è¨å®š
PROJECT_ID="my_project" # Google Cloud ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆ ID ã‚’è¨å®š
BQ_DATASET="my_dataset" # BigQuery ã®ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆåã‚’è¨å®š
BQ_LOCATION="US" # BigQuery ã®ãƒªãƒ¼ã‚¸ãƒ§ãƒ³ã‚’è¨å®š
GWS_USER="[email protected]" # Google Workspace ç®¡ç†è€…ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’è¨å®š
ã€€
# BigQuery ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆã‚’ä½œæˆ
bq --project_id=$PROJECT_ID \
   mk --location=$BQ_LOCATION \
   $BQ_DATASET
ã€€
# Google Workspace ç®¡ç†è€…ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã« BigQuery ã®ç·¨é›†æ¨©é™ã‚’ä»˜ä¸Ž
gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member="user:$GWS_USER" \
    --role="roles/bigquery.dataEditor"
ã€€
# Google Workspace ç®¡ç†è€…ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã« IAM ã®ç®¡ç†æ¨©é™ã‚’ä»˜ä¸Ž
gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member="user:$GWS_USER" \
    --role="roles/resourcemanager.projectIamAdmin"

[Google Workspace] ã‚¤ãƒ³ãƒ™ãƒ³ãƒˆãƒªãƒ¬ãƒãƒ¼ãƒˆã®æœ‰åŠ¹åŒ–

Google Workspace ã®ç®¡ç†ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ï¼ˆhttps://admin.google.comï¼‰ã«ãƒã‚°ã‚¤ãƒ³ã—ã¾ã™ã€‚

å‚è€ƒ : ç®¡ç†ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã«ãƒã‚°ã‚¤ãƒ³ã™ã‚‹

[ãƒ¬ãƒãƒ¼ãƒˆ] > [ãƒ‡ãƒ¼ã‚¿çµ±åˆ] ã¸ç§»å‹•ã—ã€[ãƒ‰ãƒ©ã‚¤ãƒ–ã®ã‚¤ãƒ³ãƒ™ãƒ³ãƒˆãƒªã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆ] ã‚’é¸æŠžã—ã¾ã™ã€‚

ãƒ‡ãƒ¼ã‚¿çµ±åˆ

ä»¥ä¸‹ã‚’è¨å®šã—ã€[ä¿å˜] ã‚’é¸æŠžã—ã¾ã™ã€‚

ãƒ‰ãƒ©ã‚¤ãƒ–ã®ã‚¤ãƒ³ãƒ™ãƒ³ãƒˆãƒª ãƒ¬ãƒãƒ¼ãƒˆã® Google BigQuery ã¸ã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚’æœ‰åŠ¹ã«ã™ã‚‹ï¼šæœ‰åŠ¹åŒ–
BigQuery ã®ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆ IDï¼šãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆ ID
ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆå†…ã®æ—¢å˜ã®ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆï¼šãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆå

ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆå…ˆã®è¨å®š

ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã®æœ‰åŠ¹åŒ–ã‹ã‚‰åˆå›žã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã¾ã§ã¯1ï½ž2é€±é–“ã‹ã‹ã‚Šã¾ã™ã€‚2å›žç›®ä»¥é™ã¯é€±æ¬¡ã§ãƒ‡ãƒ¼ã‚¿ãŒæ›´æ–°ã•ã‚Œã¾ã™ã€‚

å‚è€ƒ : çµ„ç¹”ã®ãƒ‰ãƒ©ã‚¤ãƒ–ã®ã‚¤ãƒ³ãƒ™ãƒ³ãƒˆãƒªã‚’ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã™ã‚‹

ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆãŒå®Œäº†ã—ãªã„å ´åˆã€ç®¡ç†è€…ã®ãƒã‚°ã‚¤ãƒ™ãƒ³ãƒˆã‚’ç¢ºèªã—ã€ã‚¨ãƒ©ãƒ¼ã®æœ‰ç„¡ã‚’ã”ç¢ºèªãã ã•ã„ã€‚

å‚è€ƒ : ãƒ‰ãƒ©ã‚¤ãƒ–ã®ã‚¤ãƒ³ãƒ™ãƒ³ãƒˆãƒªã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«é–¢é€£ã™ã‚‹ã‚¤ãƒ™ãƒ³ãƒˆ

[Google Cloud] ãƒ¬ãƒãƒ¼ãƒˆãƒ‡ãƒ¼ã‚¿ã®ç¢ºèª

Google Cloud ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã‹ã‚‰ãƒã‚°ã‚¤ãƒ³ã—ã€æ¤œç´¢ãƒãƒ¼ã«BigQueryã¨å…¥åŠ›ã—ã€[BigQuery] ã‚’é¸æŠžã—ã¾ã™ã€‚

BigQueryæ¤œç´¢

ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆã‚¢ã‚¤ã‚³ãƒ³ã‚’é¸æŠžã—ã€[inventory] ã¨ã„ã†åå‰ã®ãƒ†ãƒ¼ãƒ–ãƒ«ãŒè¡¨ç¤ºã•ã‚Œã‚‹ã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚

ã‚¤ãƒ³ãƒ™ãƒ³ãƒˆãƒªã®ç¢ºèª

ãƒ‡ãƒ¼ã‚¿æŠ½å‡ºä¾‹

ã‚µãƒ³ãƒ—ãƒ«ã‚¯ã‚¨ãƒªâ‘ ï¼šã‚¢ã‚¯ã‚»ã‚¹æ¨©ãŒã€Œãƒªãƒ³ã‚¯ã‚’çŸ¥ã£ã¦ã„ã‚‹ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆä¸Šã®èª°ã‚‚ãŒã‚¢ã‚¯ã‚»ã‚¹ã§ãã‚‹ã€ãƒ•ã‚¡ã‚¤ãƒ«ã®æŠ½å‡º

æƒ³å®šãƒ¦ãƒ¼ã‚¹ã‚±ãƒ¼ã‚¹
- èª¤ã£ã¦å¤–éƒ¨å…±æœ‰ã•ã‚Œã¦ã„ã‚‹ãƒ•ã‚¡ã‚¤ãƒ«ã®æ¤œå‡º
- ãƒ‡ãƒ¼ã‚¿æ¼æ´©ãƒªã‚¹ã‚¯ã®é«˜ã„ãƒ•ã‚¡ã‚¤ãƒ«ã®ç‰¹å®š
- ç›£æŸ»å¯¾å¿œã®ãŸã‚ã®å¤–éƒ¨å…±æœ‰ãƒ•ã‚¡ã‚¤ãƒ«ã®ä¸€è¦§ä½œæˆ

SELECT
  id AS file_id,
  CONCAT('https://drive.google.com/file/d/', id, '/view') AS file_url,  -- ãƒ•ã‚¡ã‚¤ãƒ«ã®URLã‚’ç”Ÿæˆ
  title AS file_name,                                                 -- ãƒ•ã‚¡ã‚¤ãƒ«å
  owner.user.email AS owner_email,                                     -- ã‚ªãƒ¼ãƒŠãƒ¼ã®ãƒ¡ãƒ¼ãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹
  perm.email AS shared_with_email,                                   -- å…±æœ‰ç›¸æ‰‹ã®ãƒ¡ãƒ¼ãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹ï¼ˆanyone ã®å ´åˆã¯ nullï¼‰
  perm.role AS shared_role,                                         -- å…±æœ‰å½¹å‰²ï¼ˆanyone ã®å ´åˆã¯ nullï¼‰
  perm.type AS shared_type                                           -- å…±æœ‰ã‚¿ã‚¤ãƒ—
FROM
  `my_project.my_dataset.inventory`,                                   -- ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆã‚’æŒ‡å®š
  UNNEST(access.permissions) AS perm                                 -- permissions ã‚’å±•é–‹
WHERE perm.type = 'ANYONE'                                            -- å…±æœ‰ã‚¿ã‚¤ãƒ—ãŒ anyone ã®ãƒ•ã‚¡ã‚¤ãƒ«ã‚’æŠ½å‡º
ORDER BY id;                                                          -- file_id ã§ã‚½ãƒ¼ãƒˆ

å®Ÿè¡Œçµæžœ

ã‚µãƒ³ãƒ—ãƒ«ã‚¯ã‚¨ãƒªâ‘¡ï¼šç‰¹å®šã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒã‚ªãƒ¼ãƒŠãƒ¼ã¨ãªã£ã¦ã„ã‚‹ãƒ•ã‚¡ã‚¤ãƒ«ã‚’æŠ½å‡ºï¼ˆãƒžã‚¤ãƒ‰ãƒ©ã‚¤ãƒ–ã‚‚å«ã‚€ï¼‰

æƒ³å®šãƒ¦ãƒ¼ã‚¹ã‚±ãƒ¼ã‚¹
- é€€è·è€…ã®ãƒ‡ãƒ¼ã‚¿æ•´ç†ã¨å¼•ç¶™ãŽ
- ç‰¹å®šãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ãƒ•ã‚¡ã‚¤ãƒ«ã‚¢ã‚¯ã‚»ã‚¹çŠ¶æ³ã®ç¢ºèª
- é‡è¦ãƒ‡ãƒ¼ã‚¿ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼å˜ä½ã§ã®ç®¡ç†

SELECT
  child.id AS file_id,                          -- ãƒ•ã‚¡ã‚¤ãƒ«ID
  child.title AS file_name,                    -- ãƒ•ã‚¡ã‚¤ãƒ«å
  child.owner.user.email AS owner_email,        -- ã‚ªãƒ¼ãƒŠãƒ¼ã®ãƒ¡ãƒ¼ãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹
  child.org_unit_path AS org_unit,            -- æ‰€å±žçµ„ç¹”å˜ä½
  parent.title AS parent_folder_name,          -- è¦ªãƒ•ã‚©ãƒ«ãƒ€å
  child.trashed AS is_trashed,                 -- ã‚´ãƒŸç®±ã«å…¥ã£ã¦ã„ã‚‹ã‹ (true:ã‚´ãƒŸç®±å…¥ã‚Š)
  child.mime_type,                           -- MIMEã‚¿ã‚¤ãƒ—
  child.size_bytes / (1024 * 1024) AS file_size_mb,  -- ãƒ•ã‚¡ã‚¤ãƒ«ã‚µã‚¤ã‚ºï¼ˆMBï¼‰
  child.create_time_micros AS created_time,    -- ä½œæˆæ—¥æ™‚ï¼ˆãƒžã‚¤ã‚¯ãƒç§’ï¼‰
  child.last_modified_time_micros AS last_modified_time -- æœ€çµ‚æ›´æ–°æ—¥æ™‚ï¼ˆãƒžã‚¤ã‚¯ãƒç§’ï¼‰
FROM
  `my_project.my_dataset.inventory` AS child  -- ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆã‚’æŒ‡å®š
LEFT JOIN
  `my_project.my_dataset.inventory` AS parent  -- è¦ªãƒ•ã‚©ãƒ«ãƒ€æƒ…å ±ã‚’å–å¾—ã™ã‚‹ãŸã‚ã«è‡ªå·±çµåˆ
ON child.parent = parent.id                     -- è¦ªãƒ•ã‚©ãƒ«ãƒ€ã®IDã§çµåˆ
WHERE child.owner.user.email = '[email protected]'  -- æŠ½å‡ºã—ãŸã„ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ãƒ¡ãƒ¼ãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’æŒ‡å®š
ORDER BY
  child.last_modified_time_micros DESC;        -- æœ€çµ‚æ›´æ–°æ—¥æ™‚ã§é™é †ã‚½ãƒ¼ãƒˆ

å®Ÿè¡Œçµæžœ

ã‚µãƒ³ãƒ—ãƒ«ã‚¯ã‚¨ãƒªâ‘¢ï¼šçµ„ç¹”å¤–ã®ãƒ‰ãƒ¡ã‚¤ãƒ³ã¨å…±æœ‰ã•ã‚Œã¦ã„ã‚‹ãƒ•ã‚¡ã‚¤ãƒ«ã‚’æŠ½å‡º

æƒ³å®šãƒ¦ãƒ¼ã‚¹ã‚±ãƒ¼ã‚¹
- çµ„ç¹”å¤–ã¨ã®ãƒ•ã‚¡ã‚¤ãƒ«å…±æœ‰çŠ¶æ³ã®æŠŠæ¡
- ãƒ•ã‚¡ã‚¤ãƒ«å…±æœ‰ãƒãƒªã‚·ãƒ¼é•åã®æ¤œå‡º
- å¤–éƒ¨ãƒ‰ãƒ¡ã‚¤ãƒ³ã¨ã®ãƒ‡ãƒ¼ã‚¿å…±æœ‰ç¯„å›²ã®ç›£è¦–

SELECT
  id AS file_id,                           -- ãƒ•ã‚¡ã‚¤ãƒ«ID
  title AS file_name,                     -- ãƒ•ã‚¡ã‚¤ãƒ«å
  owner.user.email AS owner_email,         -- ã‚ªãƒ¼ãƒŠãƒ¼ã®ãƒ¡ãƒ¼ãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹
  perm.email AS shared_with_email,       -- å…±æœ‰ç›¸æ‰‹ã®ãƒ¡ãƒ¼ãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹
  perm.domain AS shared_with_domain,     -- å…±æœ‰ç›¸æ‰‹ã®ãƒ‰ãƒ¡ã‚¤ãƒ³
  perm.role AS shared_role               -- å…±æœ‰å½¹å‰²
FROM
  `my_project.my_dataset.inventory`,       -- ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆã‚’æŒ‡å®š
  UNNEST(access.permissions) AS perm     -- permissions ã‚’å±•é–‹
WHERE perm.domain NOT IN ('example.com')  -- è‡ªç¤¾ãƒ‰ãƒ¡ã‚¤ãƒ³ä»¥å¤–ã¨å…±æœ‰ã•ã‚Œã¦ã„ã‚‹ãƒ•ã‚¡ã‚¤ãƒ«ã‚’æŠ½å‡º
ORDER BY
  shared_with_domain, file_name;          -- ãƒ‰ãƒ¡ã‚¤ãƒ³ã€ãƒ•ã‚¡ã‚¤ãƒ«åã§ã‚½ãƒ¼ãƒˆ

å®Ÿè¡Œçµæžœ

ä¸Šè¨˜ä»¥å¤–ã«ã‚‚å…¬å¼ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã«ã‚µãƒ³ãƒ—ãƒ«ã‚¯ã‚¨ãƒªãŒã‚ã‚Šã¾ã™ã®ã§ã€ã”ç¢ºèªãã ã•ã„ã€‚

å‚è€ƒ : ã‚¯ã‚¨ãƒªã®ä¾‹

æ–°ã—ãè¿½åŠ ã•ã‚ŒãŸCloud Runå®Ÿè¡Œç”¨ã®äº‹å‰å®šç¾©ãƒãƒ¼ãƒ«ã‚’è§£èª¬

2024-12-19T09:00:00+09:00

2024å¹´12æœˆ17æ—¥ã‚ˆã‚Šã€Cloud Run ã‚’å‘¼ã³å‡ºã™ãŸã‚ã®æ¨©é™ã‚’æŒã¤3ã¤ã®äº‹å‰å®šç¾©ãƒãƒ¼ãƒ«ãŒæ–°ãŸã«åˆ©ç”¨å¯èƒ½ã¨ãªã‚Šã¾ã—ãŸã€‚å½“è¨˜äº‹ã§ã¯ãƒãƒ¼ãƒ«ã®è©³ç´°ã‚„ã€å¾“æ¥ã‹ã‚‰åˆ©ç”¨ã•ã‚Œã¦ããŸäº‹å‰å®šç¾©ãƒãƒ¼ãƒ«ã¨ã®é•ã„ãªã©ã‚’è§£èª¬ã—ã¾ã™ã€‚

ã¯ã˜ã‚ã«
æ–°ãŸãªäº‹å‰å®šç¾©ãƒãƒ¼ãƒ«
Cloud Run èµ·å‹•å…ƒãƒãƒ¼ãƒ«ã¨ã®æ¯”è¼ƒ
- æ¨©é™å†…å®¹ã®æ¯”è¼ƒ
- Cloud Run jobs ã®ã‚ãƒ£ãƒ³ã‚»ãƒ«ã€ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã«é–¢ã—ã¦
å‚è€ƒãƒªãƒ³ã‚¯

ã¯ã˜ã‚ã«

2024å¹´12æœˆ17æ—¥ã‚ˆã‚Šã€Cloud Run ã‚’å‘¼ã³å‡ºã™ãŸã‚ã®æ¨©é™ã‚’æŒã¤ä»¥ä¸‹ã®3ã¤ã®äº‹å‰å®šç¾©ãƒãƒ¼ãƒ«ãŒæ–°ãŸã«åˆ©ç”¨å¯èƒ½ã¨ãªã‚Šã¾ã—ãŸã€‚

Cloud Run ã‚µãƒ¼ãƒ“ã‚¹èµ·å‹•å…ƒï¼ˆroles/run.servicesInvokerï¼‰
Cloud Run ã‚¸ãƒ§ãƒ– ã‚¨ã‚°ã‚¼ã‚ãƒ¥ãƒ¼ã‚¿ï¼ˆroles/run.jobsExecutorï¼‰
ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã‚’ä½¿ç”¨ã™ã‚‹ Cloud Run ã‚¸ãƒ§ãƒ– ã‚¨ã‚°ã‚¼ã‚ãƒ¥ãƒ¼ã‚¿ï¼ˆroles/run.jobsExecutorWithOverridesï¼‰

å½“è¨˜äº‹ã§ã¯ãƒãƒ¼ãƒ«ã®è©³ç´°ã‚„ã€å¾“æ¥ã‹ã‚‰åˆ©ç”¨ã•ã‚Œã¦ããŸäº‹å‰å®šç¾©ãƒãƒ¼ãƒ«ã¨ã®é•ã„ãªã©ã‚’è§£èª¬ã—ã¾ã™ã€‚

æ–°ãŸãªäº‹å‰å®šç¾©ãƒãƒ¼ãƒ«

Cloud Run ã‚µãƒ¼ãƒ“ã‚¹èµ·å‹•å…ƒ

Cloud Run ã‚µãƒ¼ãƒ“ã‚¹èµ·å‹•å…ƒï¼ˆroles/run.servicesInvokerã€è‹±å Cloud Run Service Invokerï¼‰ãƒãƒ¼ãƒ«ã¯ä»¥ä¸‹ã®æ¨©é™ã®ã¿ãŒä»˜ä¸Žã•ã‚ŒãŸäº‹å‰å®šç¾©ãƒãƒ¼ãƒ«ã§ã€Cloud Run services ã®ã‚µãƒ¼ãƒ“ã‚¹å‘¼ã³å‡ºã—ã€ãŠã‚ˆã³ Cloud Run functions ã®é–¢æ•°å‘¼ã³å‡ºã—ã‚’å¯èƒ½ã«ã—ã¾ã™ã€‚ã“ã®ãƒãƒ¼ãƒ«ã‚’æŒã£ã¦ã„ã¦ã‚‚ Cloud Run jobs ã®ã‚¸ãƒ§ãƒ–å®Ÿè¡Œã¯ã§ãã¾ã›ã‚“ã€‚

run.routes.invoke

Cloud Run ã‚¸ãƒ§ãƒ– ã‚¨ã‚°ã‚¼ã‚ãƒ¥ãƒ¼ã‚¿

Cloud Run ã‚¸ãƒ§ãƒ– ã‚¨ã‚°ã‚¼ã‚ãƒ¥ãƒ¼ã‚¿ï¼ˆroles/run.jobsExecutorã€è‹±å Cloud Run Jobs Executorï¼‰ãƒãƒ¼ãƒ«ã¯ä»¥ä¸‹ã®2ã¤ã®æ¨©é™ãŒä»˜ä¸Žã•ã‚ŒãŸäº‹å‰å®šç¾©ãƒãƒ¼ãƒ«ã§ã€Cloud Run jobs ã®ã‚¸ãƒ§ãƒ–å®Ÿè¡Œã¨ã‚¸ãƒ§ãƒ–ã®ã‚ãƒ£ãƒ³ã‚»ãƒ«ã‚’å¯èƒ½ã«ã—ã¾ã™ã€‚ã“ã®ãƒãƒ¼ãƒ«ã‚’æŒã£ã¦ã„ã¦ã‚‚ã€Cloud Run services ã®ã‚µãƒ¼ãƒ“ã‚¹å‘¼ã³å‡ºã—ã€ãŠã‚ˆã³ Cloud Run functions ã®é–¢æ•°å‘¼ã³å‡ºã—ã¯ã§ãã¾ã›ã‚“ã€‚

run.jobs.run
run.executions.cancel

ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã‚’ä½¿ç”¨ã™ã‚‹ Cloud Run ã‚¸ãƒ§ãƒ– ã‚¨ã‚°ã‚¼ã‚ãƒ¥ãƒ¼ã‚¿

ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã‚’ä½¿ç”¨ã™ã‚‹ Cloud Run ã‚¸ãƒ§ãƒ– ã‚¨ã‚°ã‚¼ã‚ãƒ¥ãƒ¼ã‚¿ï¼ˆroles/run.jobsExecutorWithOverridesã€è‹±å Cloud Run Jobs Executor With Overridesï¼‰ãƒãƒ¼ãƒ«ã¯ä»¥ä¸‹ã®3ã¤ã®æ¨©é™ãŒä»˜ä¸Žã•ã‚ŒãŸäº‹å‰å®šç¾©ãƒãƒ¼ãƒ«ã§ã€Cloud Run jobs ã®ã‚¸ãƒ§ãƒ–å®Ÿè¡Œã€ã‚¸ãƒ§ãƒ–ã®ã‚ãƒ£ãƒ³ã‚»ãƒ«ã®ã»ã‹ã€ã‚¸ãƒ§ãƒ–æ§‹æˆã‚’ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã—ãŸã‚¸ãƒ§ãƒ–ã®å®Ÿè¡ŒãŒå¯èƒ½ã§ã™ã€‚

run.jobs.run
run.executions.cancel
run.jobs.runWithOverrides

ã‚¸ãƒ§ãƒ–æ§‹æˆã‚’ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã—ãŸå®Ÿè¡Œã®è©³ç´°ã«ã¤ã„ã¦ã¯ä»¥ä¸‹ã®è¨˜äº‹ã§è§£èª¬ã—ã¦ã„ã¾ã™ã€‚

blog.g-gen.co.jp

Cloud Run èµ·å‹•å…ƒãƒãƒ¼ãƒ«ã¨ã®æ¯”è¼ƒ

æ¨©é™å†…å®¹ã®æ¯”è¼ƒ

å¾“æ¥ã€Cloud Run ã®ã‚µãƒ¼ãƒ“ã‚¹ãƒ»é–¢æ•°ãƒ»ã‚¸ãƒ§ãƒ–ã®å®Ÿè¡Œã«ã¤ã„ã¦ã¯ã€Cloud Run èµ·å‹•å…ƒï¼ˆroles/run.invokerï¼‰ãƒãƒ¼ãƒ«ã®ä½¿ç”¨ãŒæŽ¨å¥¨ã•ã‚Œã¦ã„ã¾ã—ãŸã€‚ã“ã®äº‹å‰å®šç¾©ãƒãƒ¼ãƒ«ã«ã¯ã€ä»¥ä¸‹ã®2ã¤ã®æ¨©é™ãŒä»˜ä¸Žã•ã‚Œã¦ã„ã¾ã™ã€‚ã“ã‚Œã‚‰ã®æ¨©é™ã«ã‚ˆã‚Šã€ã‚µãƒ¼ãƒ“ã‚¹ãƒ»é–¢æ•°ãƒ»ã‚¸ãƒ§ãƒ–ã®ã„ãšã‚Œã‚‚å®Ÿè¡Œã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

run.routes.invoke
run.jobs.run

æ–°ã—ã„äº‹å‰å®šç¾©ãƒãƒ¼ãƒ«ã€ç‰¹ã«ã€ŒCloud Run ã‚µãƒ¼ãƒ“ã‚¹èµ·å‹•å…ƒã€ã¨ã€ŒCloud Run ã‚¸ãƒ§ãƒ– ã‚¨ã‚°ã‚¼ã‚ãƒ¥ãƒ¼ã‚¿ã€ã®2ã¤ã¯ã€å¾“æ¥ã‹ã‚‰ã‚ã‚‹ Cloud Run èµ·å‹•å…ƒ ãƒãƒ¼ãƒ«ã®å½¹å‰²ã‚’åˆ†å‰²ã—ãŸã‚ˆã†ãªå½¢ã«ãªã£ã¦ã„ã¾ã™ã€‚ã“ã‚Œã«ã‚ˆã‚Šã€ã€Œã‚µãƒ¼ãƒ“ã‚¹ãƒ»é–¢æ•°ã®å‘¼ã³å‡ºã—ã®ã¿ãŒã§ãã‚‹ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ã€ã¨ã€Œã‚¸ãƒ§ãƒ–ã®å®Ÿè¡Œã®ã¿ãŒã§ãã‚‹ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ã€ã¨ã„ã£ãŸæœ€å°æ¨©é™ã®åŽŸå‰‡ã‚’æ„è˜ã—ãŸæ¨©é™ç®¡ç†ãŒã§ãã‚‹ã‚ˆã†ã«ãªã‚Šã¾ã™ã€‚

Cloud Run jobs ã®ã‚ãƒ£ãƒ³ã‚»ãƒ«ã€ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã«é–¢ã—ã¦

å¾“æ¥ã® Cloud Run èµ·å‹•å…ƒãƒãƒ¼ãƒ«ã«ã¯ã€Cloud Run jobs ã®ã‚¸ãƒ§ãƒ–å®Ÿè¡Œã‚’ã‚ãƒ£ãƒ³ã‚»ãƒ«ã™ã‚‹ãŸã‚ã®æ¨©é™ï¼ˆrun.executions.cancelï¼‰ã‚„ã€ã‚¸ãƒ§ãƒ–æ§‹æˆã‚’ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã™ã‚‹ãŸã‚ã®æ¨©é™ï¼ˆrun.jobs.runWithOverridesï¼‰ãŒã‚ã‚Šã¾ã›ã‚“ã€‚ãã®ãŸã‚ã€ã‚¸ãƒ§ãƒ–ã®ã‚ãƒ£ãƒ³ã‚»ãƒ«ã‚„ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã‚’è¡Œã„ãŸã„å ´åˆã¯ Cloud Run é–‹ç™ºè€…ï¼ˆroles/run.developerï¼‰ãƒãƒ¼ãƒ«ãŒå¿…è¦ã§ã—ãŸã€‚

ã—ã‹ã—ã€Cloud Run é–‹ç™ºè€… ãƒãƒ¼ãƒ«ã¯ Cloud Run ã®ä½œæˆã€æ›´æ–°ã€å‰Šé™¤ã®æ¨©é™ã‚‚æŒã£ã¦ã„ã‚‹ãŸã‚ã€ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ã«ã‚¸ãƒ§ãƒ–ã®å®Ÿè¡Œã«é–¢ã™ã‚‹ã“ã¨ã ã‘ã‚’ã•ã›ãŸã„å ´åˆã€éŽå‰°ãªæ¨©é™ã‚’ä¸Žãˆã¦ã—ã¾ã†ã“ã¨ã«ãªã‚Šã¾ã™ã€‚

æ–°ãŸã«è¿½åŠ ã•ã‚ŒãŸã€ŒCloud Run ã‚¸ãƒ§ãƒ– ã‚¨ã‚°ã‚¼ã‚ãƒ¥ãƒ¼ã‚¿ã€ãŠã‚ˆã³ã€Œã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã‚’ä½¿ç”¨ã™ã‚‹ Cloud Run ã‚¸ãƒ§ãƒ– ã‚¨ã‚°ã‚¼ã‚ãƒ¥ãƒ¼ã‚¿ã€ãƒãƒ¼ãƒ«ã§ã¯ã€ã‚¸ãƒ§ãƒ–ã®å®Ÿè¡Œæ™‚ã«å¿…è¦ã¨ãªã‚‹æ¨©é™ã®ã¿ãŒä»˜ä¸Žã•ã‚Œã¦ã„ã¾ã™ã€‚

ãã®ãŸã‚ã€ãŸã¨ãˆã°ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼ã‹ã‚‰ç’°å¢ƒã«ã‚ˆã£ã¦æ§‹æˆã‚’ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã—ãŸã‚¸ãƒ§ãƒ–ã‚’å®Ÿè¡Œã™ã‚‹ã‚ˆã†ãªã‚±ãƒ¼ã‚¹ã§ã€ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼ãŒä½¿ç”¨ã™ã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆãªã©ã®ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ã«å¯¾ã—ã¦éŽå‰°ãªæ¨©é™ã‚’æŒãŸã›ãšã«æ¸ˆã¿ã¾ã™ã€‚

å‚è€ƒãƒªãƒ³ã‚¯

Cloud Run IAM rolesï¼ˆå…¬å¼ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆï¼‰

Google Workspaceã‚’IdPã¨ã—ã¦Slackã«SSOã™ã‚‹æ–¹æ³•

2024-12-18T09:00:00+09:00

G-gen ã®ä¸‰æµ¦ã§ã™ã€‚å½“è¨˜äº‹ã§ã¯ Google Workspaceï¼ˆCloud Identityï¼‰ã‚’ä½¿ç”¨ã—ã¦ã€Slack ã«ã‚·ãƒ³ã‚°ãƒ«ã‚µã‚¤ãƒ³ã‚ªãƒ³ï¼ˆä»¥ä¸‹ã€SSOï¼‰ã‚’è¨å®šã™ã‚‹æ–¹æ³•ã‚’ç´¹ä»‹ã—ã¾ã™ã€‚

åŸºç¤ŽçŸ¥è˜
Google Workspace ã® SSO
æ¤œè¨¼ã®æ¦‚è¦
æ¤œè¨¼ä½œæ¥

åŸºç¤ŽçŸ¥è˜

ã‚·ãƒ³ã‚°ãƒ«ã‚µã‚¤ãƒ³ã‚ªãƒ³ï¼ˆSSOï¼‰ã¨ã¯

ã‚·ãƒ³ã‚°ãƒ«ã‚µã‚¤ãƒ³ã‚ªãƒ³ï¼ˆSSOï¼‰ã¨ã¯ã€ä¸€åº¦ã®èªè¨¼ã§è¤‡æ•°ã®ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã‚„ã‚µãƒ¼ãƒ“ã‚¹ã‚’åˆ©ç”¨ã§ãã‚‹ã‚ˆã†ã«ã™ã‚‹ãŸã‚ã®ä»•çµ„ã¿ã§ã™ã€‚åˆ©ç”¨è€…ãŒè¤‡æ•°ã®ã‚µãƒ¼ãƒ“ã‚¹ã‚’åˆ©ç”¨ã™ã‚‹ã¨ãã€é€šå¸¸ã¯ã‚µãƒ¼ãƒ“ã‚¹ã”ã¨ã« ID ã¨ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚’å…¥åŠ›ã—ã¾ã™ã€‚ã“ã‚Œã‚’1åº¦ã§æ¸ˆã‚€ã‚ˆã†ã«ã™ã‚‹ä»•çµ„ã¿ãŒ SSO ã§ã™ã€‚

SSO ã‚’å®Ÿè£…ã™ã‚‹ã“ã¨ã§ã€ä»¥ä¸‹ã®åŠ¹æžœãŒå¾—ã‚‰ã‚Œã¾ã™ã€‚

åˆ©ä¾¿æ€§å‘ä¸Š
ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¯ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã”ã¨ã«ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚’å…¥åŠ›ã™ã‚‹å¿…è¦ãŒãªããªã‚Šã¾ã™ã€‚
ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£å¼·åŒ–
ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã®ç®¡ç†ãŒç°¡ç´ åŒ–ã•ã‚Œã€ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãƒªã‚¹ã‚¯ã‚’è»½æ¸›ã§ãã¾ã™ã€‚

SAML èªè¨¼ã¨ã¯

SSO ã‚’å®Ÿç¾ã™ã‚‹ãƒ—ãƒãƒˆã‚³ãƒ«ã®ä¸€ã¤ã« SAMLï¼ˆSecurity Assertion Markup Languageï¼‰ãŒã‚ã‚Šã¾ã™ã€‚SAML ã¯ã€èªè¨¼æƒ…å ±ã‚’å®‰å…¨ã«ã‚„ã‚Šå–ã‚Šã™ã‚‹ãŸã‚ã®æ¨™æº–è¦æ ¼ã§ã™ã€‚ç¾åœ¨ã§ã¯ SAML 2.0 ãŒæ¨™æº–ã¨ã•ã‚Œã¦ã„ã¾ã™ã€‚

SAML ã«ã‚ˆã‚‹èªè¨¼æƒ…å ±ã®ã‚„ã‚Šã¨ã‚Šã‚’ç†è§£ã™ã‚‹ãŸã‚ã«ã¯ã€ä»¥ä¸‹ã®2ã¤ã®å½¹å‰²ã‚’ç†è§£ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

IdPï¼ˆIdentity Providerï¼‰
ã‚¢ã‚¤ãƒ‡ãƒ³ãƒ†ã‚£ãƒ†ã‚£ï¼ˆã‚¢ã‚«ã‚¦ãƒ³ãƒˆï¼‰ã‚’ä¿å˜ã—ãŸã‚Šã€ç®¡ç†ã™ã‚‹å½¹å‰²ã€‚SSO ã§ã¯èªè¨¼ã‚’æ‹…ã†ã€‚å½“è¨˜äº‹ã§ã¯ Google Workspace ãŒè©²å½“ã€‚
SPï¼ˆService Providerï¼‰
èªè¨¼æ¸ˆã¿ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒå®Ÿéš›ã«åˆ©ç”¨ã™ã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã€‚ä»Šå›žã®ä¾‹ã§ã¯ Slack ãŒè©²å½“ã€‚

SAML èªè¨¼ã®æµã‚Œ

Slack ã‚’ä¾‹ã«å–ã‚‹ã¨ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‹ã‚‰è¦‹ãŸèªè¨¼ã®æµã‚Œã¯ä»¥ä¸‹ã®ã‚ˆã†ã«ãªã‚Šã¾ã™ã€‚

ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒ Slackï¼ˆSPï¼‰ ã«ã‚¢ã‚¯ã‚»ã‚¹
Google Workspaceï¼ˆIdPï¼‰ã«ãƒªãƒ€ã‚¤ãƒ¬ã‚¯ãƒˆã•ã‚Œã€èªè¨¼ãŒè¡Œã‚ã‚Œã‚‹
Slack ã«ãƒªãƒ€ã‚¤ãƒ¬ã‚¯ãƒˆã•ã‚Œã€ãƒã‚°ã‚¤ãƒ³ãŒå®Œäº†

Google Workspace ã® SSO

å¯¾å¿œã™ã‚‹ã‚¢ãƒ—ãƒª

Google Workspace ã‚’ IdP ã¨ã—ã¦åˆ©ç”¨ã™ã‚Œã°ã€å¤šãã®ã‚¯ãƒ©ã‚¦ãƒ‰ã‚µãƒ¼ãƒ“ã‚¹ã§ SAML èªè¨¼ã‚’ä½¿ç”¨ã—ãŸã‚·ãƒ³ã‚°ãƒ«ã‚µã‚¤ãƒ³ã‚ªãƒ³ã‚’å®Ÿç¾ã§ãã¾ã™ã€‚

ä¾‹ãˆã°ã€ä»¥ä¸‹ã®ã‚ˆã†ãªã‚µãƒ¼ãƒ“ã‚¹ãŒã€Œçµ±åˆå¯¾å¿œ SAML ã‚¢ãƒ—ãƒªã€ã¨ã—ã¦ãƒã‚¤ãƒ†ã‚£ãƒ–ã«å¯¾å¿œã—ã¦ã„ã¾ã™ã€‚

Amazon Web Services
Notion
ServiceNow
Tableau
Zendesk

ã¾ãŸãƒã‚¤ãƒ†ã‚£ãƒ–ã«å¯¾å¿œã—ã¦ã„ãªã„ã‚µãƒ¼ãƒ“ã‚¹ã§ã‚‚ã€SAML 2.0 è¦æ ¼ã«æº–æ‹ ã—ã¦ã„ã‚Œã°ã€ã€Œã‚«ã‚¹ã‚¿ãƒ SAML ã‚¢ãƒ—ãƒªã€ã¨ã—ã¦ SSO è¨å®šãŒå¯èƒ½ã§ã™ã€‚

å‚è€ƒ : çµ±åˆå¯¾å¿œ SAML ã‚¢ãƒ—ãƒªã®ä¸€è¦§
å‚è€ƒ : ã‚«ã‚¹ã‚¿ãƒ SAML ã‚¢ãƒ—ãƒªã‚’è¨å®šã™ã‚‹

Google Workspace ã‚’ IdP ã¨ã™ã‚‹ãƒ¡ãƒªãƒƒãƒˆ

Google Workspace ã‚’ IdP ã¨ã—ã¦åˆ©ç”¨ã™ã‚‹ã“ã¨ã§ã€SSO ã®åŠ¹æžœã‚’ã•ã‚‰ã«é«˜ã‚ã‚‹ä»¥ä¸‹ã®åˆ©ç‚¹ãŒã‚ã‚Šã¾ã™ã€‚

Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®çµ±ä¸€ç®¡ç†
Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’èªè¨¼åŸºç›¤ã¨ã—ã¦ä½¿ç”¨ã™ã‚‹ãŸã‚ã€è¤‡æ•°ã®ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚„ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚’ç®¡ç†ã™ã‚‹å¿…è¦ãŒãªããªã‚Šã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®åˆ©ä¾¿æ€§ãŒå‘ä¸Šã€‚
ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£å¼·åŒ–
å¤šè¦ç´ èªè¨¼ï¼ˆGoogle Authenticator ã‚„ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚ãƒ¼ã®åˆ©ç”¨ï¼‰ã‚„ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ã‚¢ã‚¯ã‚»ã‚¹ï¼ˆIP ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚„ãƒ‡ãƒã‚¤ã‚¹ã«ã‚ˆã‚‹ã‚¢ã‚¯ã‚»ã‚¹åˆ¶å¾¡ï¼‰ã‚’æ´»ç”¨ã—ã€ä¼æ¥ã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£è¦ä»¶ã‚„ãƒªã‚¹ã‚¯ç®¡ç†æ–¹é‡ã«å¿œã˜ãŸæŸ”è»Ÿãªèªè¨¼ãƒãƒªã‚·ãƒ¼ã‚’è¨å®šå¯èƒ½ã€‚
å¹…åºƒã„ã‚µãƒ¼ãƒ“ã‚¹ã¨ã®é€£æº
Google Workspace ã‚’é€šã˜ã¦ã€Slack ãªã©ã®å¤–éƒ¨ã‚µãƒ¼ãƒ“ã‚¹ã ã‘ã§ãªãã€Google Workspace å†…éƒ¨ã®ã‚µãƒ¼ãƒ“ã‚¹ï¼ˆGoogle Driveã€Google Meet ãªã©ï¼‰ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚‚ä¸€å…ƒç®¡ç†ã€‚

2æ®µéšŽèªè¨¼ã‚„ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ ã‚¢ã‚¯ã‚»ã‚¹ã«ã¤ã„ã¦ã¯ã€ä»¥ä¸‹ã®å…¬å¼ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚‚å‚è€ƒã«ã—ã¦ãã ã•ã„ã€‚

å¯¾å¿œã‚¨ãƒ‡ã‚£ã‚·ãƒ§ãƒ³

Google Workspace ã§ã¯ã€Essentials Starter ä»¥å¤–ã®å…¨ã‚¨ãƒ‡ã‚£ã‚·ãƒ§ãƒ³ã§ã€Google Workspace ã‚’ IdP ã¨ã—ãŸ SSO ã‚’æ§‹æˆã§ãã¾ã™ã€‚

Cloud Identity ã§ã‚‚åŒæ§˜ã«ã€Free ã¨ Premium ã®ä¸¡ã‚¨ãƒ‡ã‚£ã‚·ãƒ§ãƒ³ã§ã€Cloud Identity ã‚’ IdP ã¨ã—ãŸ SSO ã‚’æ§‹æˆã§ãã¾ã™ã€‚

å‚è€ƒ : Google Workspace ã®å„ã‚¨ãƒ‡ã‚£ã‚·ãƒ§ãƒ³ã®æ¯”è¼ƒ
å‚è€ƒ : Cloud Identity ã®æ©Ÿèƒ½ã¨ã‚¨ãƒ‡ã‚£ã‚·ãƒ§ãƒ³ã®æ¯”è¼ƒ

æ¤œè¨¼ã®æ¦‚è¦

ä»¥ä¸‹ã®æ‰‹é †ã§ SSO ã‚’è¨å®šã—ã€å‹•ä½œã‚’ç¢ºèªã—ã¾ã™ã€‚

é †ç•ª	ä½œæ¥å ´æ‰€	ä½œæ¥å	å†…å®¹
1	Google Workspace	ã‚«ã‚¹ã‚¿ãƒ SAML ã‚¢ãƒ—ãƒªã®ä½œæˆ	Google Workspace å´ã§ SAML èªè¨¼ã‚’è¨å®š
2	Google Workspace	ã‚«ã‚¹ã‚¿ãƒ SAML ã‚¢ãƒ—ãƒªã®ãƒ¦ãƒ¼ã‚¶ãƒ¼è¨å®š	ã‚¢ãƒ—ãƒªã‚’åˆ©ç”¨ã™ã‚‹å¯¾è±¡ï¼ˆçµ„ç¹”ã€ã‚°ãƒ«ãƒ¼ãƒ—ï¼‰ã‚’è¨å®š
3	Slack	SAML èªè¨¼è¨å®š	Slack å´ã§ SAML èªè¨¼ã‚’è¨å®š
4	Slack	Slack ã¸ã®ç›´æŽ¥ã‚¢ã‚¯ã‚»ã‚¹ç¢ºèª	Google Workspace ã«ãƒã‚°ã‚¤ãƒ³ã—ã¦ã„ãªã„çŠ¶æ…‹ã§ã€SAML èªè¨¼ãŒæ£ã—ãå‹•ä½œã™ã‚‹ã‹ã‚’ç¢ºèª
5	Google Workspace	Google Workspace ã‚¢ãƒ—ãƒªçµŒç”±ã®ç¢ºèª	Google Workspace ã®ã‚«ã‚¹ã‚¿ãƒ SAML ã‚¢ãƒ—ãƒªã‚’åˆ©ç”¨ã—ã¦ã€SSO ãŒæ£ã—ãè¨å®šã•ã‚Œã¦ã„ã‚‹ã‹ã‚’ç¢ºèª
6	Google Workspace	ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ã‚¢ã‚¯ã‚»ã‚¹ã®è¨å®šæ‰‹é †ç¢ºèª	ã‚¢ã‚¯ã‚»ã‚¹åˆ¶é™ï¼ˆIP ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚„ãƒ‡ãƒã‚¤ã‚¹åˆ¶å¾¡ï¼‰ã®è¨å®šæ‰‹é †ã‚’ç¢ºèª

å‚è€ƒ : Google Workspace ã‚·ãƒ³ã‚°ãƒ«ã‚µã‚¤ãƒ³ã‚ªãƒ³
å‚è€ƒ : Slack ã‚¯ãƒ©ã‚¦ãƒ‰ ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³

ãªãŠå‰æã¨ã—ã¦ã€Slack ã§ã¯ Business+ ã¾ãŸã¯ Enterprise Grid ãƒ—ãƒ©ãƒ³ã§ã®ã¿ã€SAML ãƒ™ãƒ¼ã‚¹ã® SSO ã‚’åˆ©ç”¨ã§ãã¾ã™ã€‚Free ãƒ—ãƒ©ãƒ³ã‚„ Pro ãƒ—ãƒ©ãƒ³ã§ã¯åˆ©ç”¨ã§ãã¾ã›ã‚“ã®ã§ã”æ³¨æ„ãã ã•ã„ã€‚

å‚è€ƒ : ãƒãƒ¼ãƒ ã«åˆã£ãŸãƒ—ãƒ©ãƒ³ã‚’é¸æŠžã—ã¾ã—ã‚‡ã†

æ¤œè¨¼ä½œæ¥

[Google Workspace] ã‚«ã‚¹ã‚¿ãƒ SAML ã‚¢ãƒ—ãƒªã®ä½œæˆ

Google Workspace ã®ç®¡ç†ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ï¼ˆhttps://admin.google.comï¼‰ã«ãƒã‚°ã‚¤ãƒ³ã—ã¾ã™ã€‚

å‚è€ƒ : ç®¡ç†ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã«ãƒã‚°ã‚¤ãƒ³ã™ã‚‹

[ã‚¢ãƒ—ãƒª] > [ã‚¦ã‚§ãƒ–ã‚¢ãƒ—ãƒªã¨ãƒ¢ãƒã‚¤ãƒ«ã‚¢ãƒ—ãƒª] > [ã‚¢ãƒ—ãƒªã‚’è¿½åŠ ] > [ã‚«ã‚¹ã‚¿ãƒ SAML ã‚¢ãƒ—ãƒªã®è¿½åŠ ] ã‚’é¸æŠžã—ã¾ã™ã€‚

ã‚«ã‚¹ã‚¿ãƒ SAML ã‚¢ãƒ—ãƒªã®è¿½åŠ

ã‚¢ãƒ—ãƒªåã‚’å…¥åŠ›ã—ã€å¿…è¦ã«å¿œã˜ã¦ã‚¢ã‚¤ã‚³ãƒ³ã‚’æ·»ä»˜ã—ã¾ã™ã€‚å…¥åŠ›ãŒçµ‚ã‚ã£ãŸã‚‰ [ç¶šè¡Œ] ã‚’é¸æŠžã—ã¾ã™ã€‚

ã‚¢ãƒ—ãƒªåã®å…¥åŠ›

ç®¡ç†è€…ã¯ã€Slack å´ã«ç™»éŒ²ã™ã‚‹ãŸã‚ã«ä»¥ä¸‹ã®3ç‚¹ã‚’æŽ§ãˆã¦ãŠãã€[ç¶šè¡Œ] ã‚’é¸æŠžã—ã¾ã™ã€‚

SSO ã® URL
ã‚¨ãƒ³ãƒ†ã‚£ãƒ†ã‚£ ID
è¨¼æ˜Žæ›¸ï¼ˆå³å´ã®ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã‚¢ã‚¤ã‚³ãƒ³ã‚’é¸æŠžã—ã¦ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã—ã¾ã™ï¼‰

IdP è¨å®šã®ç¢ºèª

ä»¥ä¸‹ã‚’å…¥åŠ›ã—ã€[ç¶šè¡Œ] ã‚’é¸æŠžã—ã¾ã™ã€‚

ACS ã® URLï¼šhttps://${{Slack URL}}/sso/saml
ã‚¨ãƒ³ãƒ†ã‚£ãƒ†ã‚£ IDï¼šhttps://slack.com
ç½²åä»˜ãå¿œç”ï¼šæœ‰åŠ¹åŒ–ï¼ˆãƒã‚§ãƒƒã‚¯ã‚’å…¥ã‚Œã‚‹ï¼‰
åå‰ IDï¼š[Basic Information] > [Primary email]

Slack URL ã¯ã€ä»¥ä¸‹ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’å‚ç…§ã—ã¦ç¢ºèªã—ã¦ãã ã•ã„ã€‚

å‚è€ƒ : Slack URL ã¾ãŸã¯ ID ã‚’ç¢ºèªã™ã‚‹

SP è¨å®š

[ãƒžãƒƒãƒ—ãƒ³ã‚°ã‚’è¿½åŠ ] ã‹ã‚‰ä»¥ä¸‹ã®é€šã‚Šã«è¨å®šã—ã€[å®Œäº†] ã‚’é¸æŠžã—ã¾ã™ã€‚

[Basic Information] > [Primary email]ï¼šUser.Email
[Basic Information] > [First name]ï¼šfirst_name
[Basic Information] > [Last Name]ï¼šlast_name

å±žæ€§ã®ãƒžãƒƒãƒ”ãƒ³ã‚°

[Google Workspace] ã‚«ã‚¹ã‚¿ãƒ SAML ã‚¢ãƒ—ãƒªã®ãƒ¦ãƒ¼ã‚¶ãƒ¼è¨å®š

ä½œæˆã—ãŸã‚¢ãƒ—ãƒªã® [ãƒ¦ãƒ¼ã‚¶ãƒ¼ ã‚¢ã‚¯ã‚»ã‚¹] ã‚’é¸æŠžã—ã¾ã™ã€‚

ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚¢ã‚¯ã‚»ã‚¹ã‚’é¸æŠž

SAML èªè¨¼ã‚’åˆ©ç”¨ã™ã‚‹å¯¾è±¡ï¼ˆçµ„ç¹”å…¨ä½“ã¾ãŸã¯ç‰¹å®šã®çµ„ç¹”éƒ¨é–€ã¾ãŸã¯ Google ã‚°ãƒ«ãƒ¼ãƒ—ï¼‰ã‚’é¸æŠžã—ã€[ã‚ªãƒ³] > [ä¿å˜ï¼ˆã¾ãŸã¯ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ï¼‰] ã‚’é¸æŠžã—ã¾ã™ã€‚

SAML ã‚¢ãƒ—ãƒªã®æœ‰åŠ¹åŒ–

[Slack] SAML èªè¨¼è¨å®š

ç®¡ç†è€…ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã«ã¦ã€[ãƒ¯ãƒ¼ã‚¯ã‚¹ãƒšãƒ¼ã‚¹å] > [ãƒ„ãƒ¼ãƒ«ã¨è¨å®š] > [ãƒ¯ãƒ¼ã‚¯ã‚¹ãƒšãƒ¼ã‚¹ã®è¨å®š] ã‚’é¸æŠžã—ã¾ã™ã€‚

ãƒ¯ãƒ¼ã‚¯ã‚¹ãƒšãƒ¼ã‚¹ã®è¨å®šã‚’é¸æŠž

[èªè¨¼] > [èªè¨¼] ã‹ã‚‰ SAML èªè¨¼ã® [è¨å®šã™ã‚‹] ã‚’é¸æŠžã—ã¾ã™ã€‚

SAML èªè¨¼è¨å®šã‚’é¸æŠž

ä»¥ä¸‹ã®é€šã‚Šã«è¨å®šã—ã€è©³ç´°è¨å®šã® [é–‹ã] ã‚’é¸æŠžã—ã¾ã™ã€‚

SAML 2.0 ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆ (HTTP)ï¼šSSO ã® URL
ID ãƒ—ãƒãƒã‚¤ãƒ€ç™ºè¡Œè€…ï¼šã‚¨ãƒ³ãƒ†ã‚£ãƒ†ã‚£ ID
å…¬é–‹è¨¼æ˜Žæ›¸ï¼šãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã—ãŸè¨¼æ˜Žæ›¸ãƒ•ã‚¡ã‚¤ãƒ«ã‚’ãƒ†ã‚ã‚¹ãƒˆã‚¨ãƒ‡ã‚£ã‚¿ã§é–‹ãã€ãã®å†…å®¹ã‚’ã‚³ãƒ”ãƒ¼ã—ã¦è²¼ã‚Šä»˜ã‘ã¾ã™ã€‚

SAML èªè¨¼è¨å®š1

ä»¥ä¸‹ã‚’é¸æŠžã—ã€[è¨å®šã‚’ä¿å˜ã™ã‚‹] ã‚’é¸æŠžã—ã¾ã™ã€‚

ã‚µãƒ¼ãƒ“ã‚¹ãƒ—ãƒãƒã‚¤ãƒ€ç™ºè¡Œè€…ï¼šã‚«ã‚¹ã‚¿ãƒ SAML ã‚¢ãƒ—ãƒªã§è¨å®šã—ãŸã‚¨ãƒ³ãƒ†ã‚£ãƒ†ã‚£ ID
ç½²åä»˜ããƒ¬ã‚¹ãƒãƒ³ã‚¹ï¼šæœ‰åŠ¹åŒ–ï¼ˆãƒã‚§ãƒƒã‚¯ã‚’å…¥ã‚Œã‚‹ï¼‰
ãƒ¯ãƒ¼ã‚¯ã‚¹ãƒšãƒ¼ã‚¹ã®èªè¨¼ãŒå¿…è¦ãªãƒ¡ãƒ³ãƒãƒ¼ï¼šSAML èªè¨¼ãŒå¿…è¦ãªå¯¾è±¡ã‚’é¸æŠžã—ã¾ã™ã€‚

SAML èªè¨¼è¨å®š2

SAML èªè¨¼è¨å®š3

SAML èªè¨¼ãŒæœ‰åŠ¹åŒ–ã•ã‚ŒãŸã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚

æœ‰åŠ¹åŒ–ç¢ºèª

[Slack] Slack ã¸ã®ç›´æŽ¥ã‚¢ã‚¯ã‚»ã‚¹ç¢ºèª

Google Workspace ã«ãƒã‚°ã‚¤ãƒ³ã—ã¦ã„ãªã„çŠ¶æ…‹ã§ã€Slack ã® URLï¼ˆä¾‹: https://${{Slack URL}}ï¼‰ã«ã‚¢ã‚¯ã‚»ã‚¹ã—ã¾ã™ã€‚

Slack URL ã¸ã‚¢ã‚¯ã‚»ã‚¹

[SAML ã§ã‚µã‚¤ãƒ³ã‚¤ãƒ³] ã‚’é¸æŠžã—ã¾ã™ã€‚

SAML ã§ã‚µã‚¤ãƒ³ã‚¤ãƒ³ã‚’é¸æŠž

Google ã®ãƒã‚°ã‚¤ãƒ³ç”»é¢ãŒè¡¨ç¤ºã•ã‚Œã‚‹ãŸã‚ã€ã‚¢ã‚«ã‚¦ãƒ³ãƒˆåŠã³ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚’å…¥åŠ›ã—ã¦ [æ¬¡ã¸] ã‚’é¸æŠžã—ã¾ã™ã€‚

Google ãƒã‚°ã‚¤ãƒ³

èªè¨¼ãŒå®Œäº†ã™ã‚‹ã¨ Slack ã«ãƒªãƒ€ã‚¤ãƒ¬ã‚¯ãƒˆã•ã‚Œã€ãƒã‚°ã‚¤ãƒ³ã§ãã‚‹ã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚

ãƒã‚°ã‚¤ãƒ³ç¢ºèªï¼ˆç›´æŽ¥ã‚¢ã‚¯ã‚»ã‚¹ï¼‰

[Google Workspace] Google Workspace ã‚¢ãƒ—ãƒªçµŒç”±ã®ç¢ºèª

Google Workspace ã«ãƒã‚°ã‚¤ãƒ³ã—ãŸçŠ¶æ…‹ã§ã€[ã‚¢ãƒ—ãƒª] > [ã‚«ã‚¹ã‚¿ãƒ SAML ã‚¢ãƒ—ãƒª] ã‚’é¸æŠžã—ã¾ã™ã€‚

ã‚«ã‚¹ã‚¿ãƒ SAML ã‚¢ãƒ—ãƒªã‚’é¸æŠž

Slack ã«ãƒã‚°ã‚¤ãƒ³ã§ãã‚‹ã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚

ãƒã‚°ã‚¤ãƒ³ç¢ºèªï¼ˆã‚«ã‚¹ã‚¿ãƒ SAML ã‚¢ãƒ—ãƒªï¼‰

Google Workspace ã®ç®¡ç†ç”»é¢ã‹ã‚‰ã€ãƒã‚°ã‚’ç¢ºèªã™ã‚‹æ–¹æ³•ã‚‚æ¤œè¨¼ã—ã¾ã™ã€‚

[ãƒ¬ãƒãƒ¼ãƒˆ] > [ç›£æŸ»ã¨èª¿æŸ»] > [SAML ãƒã‚°ã‚¤ãƒ™ãƒ³ãƒˆ] ã‹ã‚‰ SAML èªè¨¼ã«é–¢ã™ã‚‹ãƒã‚°ã‚’ç¢ºèªã§ãã¾ã™ã€‚

ãƒã‚°ç¢ºèª

[Google Workspace] ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ã‚¢ã‚¯ã‚»ã‚¹ã®è¨å®šæ‰‹é †ç¢ºèª

[ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£] > [ã‚¢ã‚¯ã‚»ã‚¹ã¨ãƒ‡ãƒ¼ã‚¿ç®¡ç†] > [ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ã‚¢ã‚¯ã‚»ã‚¹] > [ã‚¢ãƒ—ãƒªã«ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã‚’å‰²ã‚Šå½“ã¦ã‚‹] ã‚’é¸æŠžã—ã¾ã™ã€‚

ã‚¢ãƒ—ãƒªã«ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã‚’å‰²ã‚Šå½“ã¦ã‚‹

ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã‚’é©ç”¨ã™ã‚‹å¯¾è±¡ã¨ã—ã¦ ã‚«ã‚¹ã‚¿ãƒ SAML ã‚¢ãƒ—ãƒª ã‚’é¸æŠžã—ã¾ã™ã€‚[å‰²ã‚Šå½“ã¦] ã‚’é¸æŠžã™ã‚‹ã“ã¨ã§ã€ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã‚’è¨å®šã§ãã¾ã™ã€‚

ã‚«ã‚¹ã‚¿ãƒ SAML ã‚¢ãƒ—ãƒªã¸ã®å‰²ã‚Šå½“ã¦

ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ã‚¢ã‚¯ã‚»ã‚¹ã®è©³ç´°ãªè¨å®šæ‰‹é †ã‚„ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã®ä½œæˆæ–¹æ³•ã«ã¤ã„ã¦ã¯ã€ä»¥ä¸‹ã®è¨˜äº‹ã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚

blog.g-gen.co.jp

ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ã‚¢ã‚¯ã‚»ã‚¹ã§Google Workspaceã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚’å¼·åŒ–ã—ã¦ã¿ãŸ

2024-12-16T09:00:00+09:00

G-gen ã®ä¸‰æµ¦ã§ã™ã€‚å½“è¨˜äº‹ã§ã¯ã€ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ ã‚¢ã‚¯ã‚»ã‚¹ï¼ˆCAAï¼‰ã‚’ä½¿ã£ã¦ Google ãƒ‰ãƒ©ã‚¤ãƒ–ç‰ã® Google Workspace ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’åˆ¶å¾¡ã™ã‚‹æ–¹æ³•ã‚’ç´¹ä»‹ã—ã¾ã™ã€‚

ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ ã‚¢ã‚¯ã‚»ã‚¹ã¨ã¯
å‰ææ¡ä»¶
æ¤œè¨¼å†…å®¹
å‹•ä½œç¢ºèª

ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ ã‚¢ã‚¯ã‚»ã‚¹ã¨ã¯

ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ ã‚¢ã‚¯ã‚»ã‚¹ï¼ˆä»¥é™ã€CAAï¼‰ã¯ã€IP ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚„ãƒ‡ãƒã‚¤ã‚¹ã®çŠ¶æ…‹ãªã©ã®ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆï¼ˆèƒŒæ™¯æƒ…å ±ï¼‰ã«åŸºã¥ã„ã¦ã‚¢ã‚¯ã‚»ã‚¹ã‚’åˆ¶å¾¡ã™ã‚‹ã€Google Workspace ã®æ©Ÿèƒ½ã§ã™ã€‚

Google ãƒ‰ãƒ©ã‚¤ãƒ–ã€Gmailã€Google ã‚«ãƒ¬ãƒ³ãƒ€ãƒ¼ã€Looker Studio ãªã©ã«æ¡ä»¶ä»˜ãã§ã‚¢ã‚¯ã‚»ã‚¹åˆ¶å¾¡ã‚’é©ç”¨ã§ãã¾ã™ã€‚

ä½¿ç”¨ä¾‹ :

IP ã‚¢ãƒ‰ãƒ¬ã‚¹åˆ¶é™ : ç¤¾å†…ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã® IP ã‚¢ãƒ‰ãƒ¬ã‚¹ã‹ã‚‰ã®ã¿ Google ãƒ‰ãƒ©ã‚¤ãƒ–ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’è¨±å¯ã—ã€ç¤¾å¤–ï¼ˆè‡ªå®…ã‚„å…¬å…± Wi-Fiï¼‰ã‹ã‚‰ã®åˆ©ç”¨ã‚’ç¦æ¢ã™ã‚‹ã€‚
ãƒ‡ãƒã‚¤ã‚¹åˆ¶é™ : ä¼šç¤¾æ”¯çµ¦ã®ãƒ¢ãƒã‚¤ãƒ«ãƒ‡ãƒã‚¤ã‚¹ï¼ˆiPhoneã€Androidï¼‰ã‹ã‚‰ã®ã¿ Gmail ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’è¨±å¯ã—ã€ç§ç”¨ãƒ‡ãƒã‚¤ã‚¹ã‹ã‚‰ã®åˆ©ç”¨ã‚’ç¦æ¢ã™ã‚‹ã€‚

å‚è€ƒ : ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ ã‚¢ã‚¯ã‚»ã‚¹ã®æ¦‚è¦

å‰ææ¡ä»¶

CAA ã¯ã€Google Workspaceï¼ˆCloud Identityï¼‰ã®ç‰¹å®šã®ã‚¨ãƒ‡ã‚£ã‚·ãƒ§ãƒ³ï¼ˆFrontline Standardã€Enterprise Standardã€Enterprise Plusã€Cloud Identity Premium ç‰ï¼‰ã§åˆ©ç”¨ã§ãã¾ã™ã€‚

è©³ç´°ã¯ä»¥ä¸‹ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’ã”å‚ç…§ãã ã•ã„ã€‚

å‚è€ƒ : ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ ã‚¢ã‚¯ã‚»ã‚¹ã§ãƒ“ã‚¸ãƒã‚¹ã‚’ä¿è·ã™ã‚‹

æ¤œè¨¼å†…å®¹

ä»¥ä¸‹ã®æ‰‹é †ã§ CAA ã‚’è¨å®šã—ã€å‹•ä½œã‚’ç¢ºèªã—ã¾ã™ã€‚

ãƒ¢ãƒ‹ã‚¿ãƒ¼ãƒ¢ãƒ¼ãƒ‰ã®è¨å®š
ç¤¾å†… IP ã‚¢ãƒ‰ãƒ¬ã‚¹ã®ã¿ã«ã‚¢ã‚¯ã‚»ã‚¹ã‚’åˆ¶é™ã™ã‚‹ãƒ«ãƒ¼ãƒ«ã‚’ä½œæˆã—ã€ãƒ¢ãƒ‹ã‚¿ãƒ¼ãƒ¢ãƒ¼ãƒ‰ï¼ˆæ¤œçŸ¥ã®ã¿ã§ãƒ–ãƒãƒƒã‚¯ã—ãªã„ï¼‰ã§è¨å®šã—ã¾ã™ã€‚
å‹•ä½œç¢ºèªï¼ˆãƒ¢ãƒ‹ã‚¿ãƒ¼ãƒ¢ãƒ¼ãƒ‰ï¼‰
ç¤¾å†…å¤–ã®ã‚¢ã‚¯ã‚»ã‚¹çŠ¶æ³ã‚’ç¢ºèªã—ã€ãƒã‚°ã‚’ç¢ºèªã—ã¾ã™ã€‚
ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«å¤‰æ›´ï¼ˆã‚¢ã‚¯ãƒ†ã‚£ãƒ–ãƒ¢ãƒ¼ãƒ‰ï¼‰
ã‚¢ã‚¯ãƒ†ã‚£ãƒ–ãƒ¢ãƒ¼ãƒ‰ã«åˆ‡ã‚Šæ›¿ãˆã€æ¡ä»¶å¤–ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’ãƒ–ãƒãƒƒã‚¯ã™ã‚‹ã‚ˆã†ã«è¨å®šã—ã¾ã™ã€‚
å‹•ä½œç¢ºèªï¼ˆã‚¢ã‚¯ãƒ†ã‚£ãƒ–ãƒ¢ãƒ¼ãƒ‰ï¼‰
ç¤¾å†… IP ã‚¢ãƒ‰ãƒ¬ã‚¹ã‹ã‚‰ã‚¢ã‚¯ã‚»ã‚¹å¯èƒ½ã§ã€ç¤¾å¤–ã‹ã‚‰ã¯ãƒ–ãƒãƒƒã‚¯ã•ã‚Œã‚‹ã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚
è¤‡åˆæ¡ä»¶ã®è¨å®š
ç¤¾å†… IP ã‚¢ãƒ‰ãƒ¬ã‚¹ã«åŠ ãˆã€å¤šè¦ç´ èªè¨¼ï¼ˆMFAï¼‰ã‚’åˆ©ç”¨ã—ã¦ã„ã‚‹å ´åˆã®ã¿è¨±å¯ã™ã‚‹æ¡ä»¶ã‚’è¨å®šã—ã¾ã™ã€‚
è¤‡åˆæ¡ä»¶ã®å‹•ä½œç¢ºèªï¼ˆã‚¢ã‚¯ãƒ†ã‚£ãƒ–ãƒ¢ãƒ¼ãƒ‰ï¼‰
æ¡ä»¶ã«åˆè‡´ã—ãªã„ã‚¢ã‚¯ã‚»ã‚¹ãŒãƒ–ãƒãƒƒã‚¯ã•ã‚Œã‚‹ã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚

å‹•ä½œç¢ºèª

ãƒ¢ãƒ‹ã‚¿ãƒ¼ãƒ¢ãƒ¼ãƒ‰ã®è¨å®š

Google Workspace ã®ç®¡ç†ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ï¼ˆURL : https://admin.google.comï¼‰ã«ãƒã‚°ã‚¤ãƒ³ã—ã¾ã™ã€‚

å‚è€ƒ : ç®¡ç†ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã«ãƒã‚°ã‚¤ãƒ³ã™ã‚‹

[ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£] > [ã‚¢ã‚¯ã‚»ã‚¹ã¨ãƒ‡ãƒ¼ã‚¿ç®¡ç†] > [ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ ã‚¢ã‚¯ã‚»ã‚¹] ã«ç§»å‹•ã—ã¾ã™ã€‚

ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ ã‚¢ã‚¯ã‚»ã‚¹ã¸ç§»å‹•

CAA ãŒç„¡åŠ¹ãªå ´åˆã¯ã€[æœ‰åŠ¹ã«ã™ã‚‹] ã‚’é¸æŠžã—ã¦æœ‰åŠ¹åŒ–ã—ã¾ã™ã€‚ãã®å¾Œ [ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«] ã‚’é¸æŠžã—ã¾ã™ã€‚

æœ‰åŠ¹åŒ–ã¨ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã®é¸æŠž

[ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã‚’ä½œæˆ] ã‚’é¸æŠžã—ã¾ã™ã€‚

ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã‚’ä½œæˆã‚’é¸æŠž

ä»¥ä¸‹ã‚’è¨å®šã—ã€[ä½œæˆ] ã‚’é¸æŠžã—ã¾ã™ã€‚

ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«åï¼šä»»æ„ã®åå‰ã‚’å…¥åŠ›ã—ã¾ã™ã€‚
æ¡ä»¶ï¼š[åŸºæœ¬] > [IP ã‚µãƒ–ãƒãƒƒãƒˆ] ã‚’é¸æŠžã—ã€ç¤¾å†… IP ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’å…¥åŠ›ã—ã¾ã™ã€‚

1ã¤ç›®ã®ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã®ä½œæˆ

[ã‚¢ãƒ—ãƒªã«å‰²ã‚Šå½“ã¦] ã‚’é¸æŠžã—ã¾ã™ã€‚

ã‚¢ãƒ—ãƒªã«å‰²ã‚Šå½“ã¦ã‚’é¸æŠž

é©ç”¨ã™ã‚‹å¯¾è±¡ï¼ˆãƒ¦ãƒ¼ã‚¶ãƒ¼ã¾ãŸã¯ã‚°ãƒ«ãƒ¼ãƒ—ã¾ãŸã¯çµ„ç¹”éƒ¨é–€ï¼‰ã¨ã‚¢ãƒ—ãƒªã‚’é¸æŠžã—ã€[å‰²ã‚Šå½“ã¦] ã‚’é¸æŠžã—ã¾ã™ã€‚

é©ç”¨å¯¾è±¡ã®é¸æŠž

ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã‚’é¸æŠžã—ã€ã€Œç›£è¦–ã€ã«ãƒã‚§ãƒƒã‚¯ã‚’å…¥ã‚Œã¦ã€Œç¶šè¡Œã€ã‚’é¸æŠžã—ã¾ã™ã€‚ãƒ¢ãƒ‹ã‚¿ãƒ¼ãƒ¢ãƒ¼ãƒ‰ï¼ˆç›£è¦–ï¼‰ã§ã¯ã€ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã®å½±éŸ¿ç¯„å›²ã‚’ãƒã‚°ã§ç¢ºèªã§ãã€ãƒ–ãƒãƒƒã‚¯ã¯è¡Œã‚ã‚Œã¾ã›ã‚“ã€‚

ãªãŠã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã¯è¤‡æ•°é¸æŠžã§ãã¾ã™ãŒã€OR æ¡ä»¶ã§å‹•ä½œã™ã‚‹ãŸã‚ã€ã„ãšã‚Œã‹ã®ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã‚’æº€ãŸã™å ´åˆã¯æŽ¥ç¶šãŒè¨±å¯ã•ã‚Œã¾ã™ã€‚

å‚è€ƒ : ã‚¢ãƒ—ãƒªã«ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã‚’å‰²ã‚Šå½“ã¦ã‚‹
ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã¨ãƒ¢ãƒ¼ãƒ‰ã®é¸æŠž

[ç¶šè¡Œ] ã‚’é¸æŠžã—ã¾ã™ã€‚

ç¶šè¡Œã‚’é¸æŠž

å†…å®¹ã‚’ç¢ºèªã—ã€[å‰²ã‚Šå½“ã¦] ã‚’é¸æŠžã—ã¾ã™ã€‚

ãƒ¢ãƒ‹ã‚¿ãƒ¼ãƒ¢ãƒ¼ãƒ‰ã®é©ç”¨

å‹•ä½œç¢ºèªï¼ˆãƒ¢ãƒ‹ã‚¿ãƒ¼ãƒ¢ãƒ¼ãƒ‰ï¼‰

ç¤¾å†…ãŠã‚ˆã³ç¤¾å¤–ã‹ã‚‰ Google ãƒ‰ãƒ©ã‚¤ãƒ–ã€Google ã‚«ãƒ¬ãƒ³ãƒ€ãƒ¼ã€Gmail ã«ã‚¢ã‚¯ã‚»ã‚¹ã—ã¾ã™ã€‚ã“ã®æ®µéšŽã§ã¯ã€ã©ã¡ã‚‰ã‹ã‚‰ã‚‚ã‚¢ã‚¯ã‚»ã‚¹å¯èƒ½ã§ã™ã€‚

ã‚¢ã‚¯ã‚»ã‚¹ç¢ºèª

[ãƒ¬ãƒãƒ¼ãƒˆ] > [ç›£æŸ»ã¨èª¿æŸ»] > [ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ ã‚¢ã‚¯ã‚»ã‚¹ã®ãƒã‚°ã‚¤ãƒ™ãƒ³ãƒˆ] ã‚’é¸æŠžã—ã¾ã™ã€‚

ãƒã‚°ã‚¤ãƒ™ãƒ³ãƒˆã®é¸æŠž

ä»¥ä¸‹ã®æ¡ä»¶ã§æ¤œç´¢ã—ã€ãƒ¢ãƒ‹ã‚¿ãƒ¼ãƒ¢ãƒ¼ãƒ‰ã§ãƒ–ãƒãƒƒã‚¯ã•ã‚ŒãŸãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ãƒã‚°ã‚’ç¢ºèªã—ã¾ã™ã€‚æ„å›³ã—ãªã„ãƒ–ãƒãƒƒã‚¯ãŒç™ºç”Ÿã—ã¦ã„ãªã„ã‹ç¢ºèªã—ã¦ãã ã•ã„ã€‚

ã‚¤ãƒ™ãƒ³ãƒˆ æ¬¡ã«ä¸€è‡´ ã‚¢ã‚¯ã‚»ã‚¹æ‹’å¦ï¼ˆãƒ¢ãƒ‹ã‚¿ãƒ¼ãƒ¢ãƒ¼ãƒ‰ï¼‰
ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã®é©ç”¨ æ¬¡ã®æ–‡å—ã‚’å«ã‚€ ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«å

ãƒ¢ãƒ‹ã‚¿ãƒ¼ãƒ¢ãƒ¼ãƒ‰ã®ãƒã‚°ç¢ºèª

ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«å¤‰æ›´ï¼ˆã‚¢ã‚¯ãƒ†ã‚£ãƒ–ãƒ¢ãƒ¼ãƒ‰ï¼‰

[ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£] > [ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ ã‚¢ã‚¯ã‚»ã‚¹] ã¸ç§»å‹•ã—ã€ [ã‚¢ãƒ—ãƒªã«ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã‚’å‰²ã‚Šå½“ã¦ã‚‹] ã‚’é¸æŠžã—ã¾ã™ã€‚

ã‚¢ãƒ—ãƒªã«ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã‚’å‰²ã‚Šå½“ã¦ã‚‹ã‚’é¸æŠž

ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã‚’é©ç”¨ã™ã‚‹å¯¾è±¡ã¨ã‚¢ãƒ—ãƒªã‚’é¸æŠžã—ã€[å‰²ã‚Šå½“ã¦] ã‚’é¸æŠžã—ã¾ã™ã€‚

å‰²ã‚Šå½“ã¦ã‚’é¸æŠž

ç›£è¦–ã®ãƒã‚§ãƒƒã‚¯ã‚’å¤–ã—ã€ã‚¢ã‚¯ãƒ†ã‚£ãƒ–ã®ãƒã‚§ãƒƒã‚¯ã‚’å…¥ã‚Œã¦ [ç¶šè¡Œ] ã‚’é¸æŠžã—ã¾ã™ã€‚

ã‚¢ã‚¯ãƒ†ã‚£ãƒ–ãƒ¢ãƒ¼ãƒ‰ã¸ã®å¤‰æ›´

[ç¶šè¡Œ] ã‚’é¸æŠžã—ã€å†…å®¹ã‚’ç¢ºèªã—ã€[å‰²ã‚Šå½“ã¦] ã‚’é¸æŠžã—ã¾ã™ã€‚

ç¶šè¡Œã‚’é¸æŠž

ã‚¢ã‚¯ãƒ†ã‚£ãƒ–ãƒ¢ãƒ¼ãƒ‰ã®é©ç”¨

å‹•ä½œç¢ºèªï¼ˆã‚¢ã‚¯ãƒ†ã‚£ãƒ–ãƒ¢ãƒ¼ãƒ‰ï¼‰

ç¤¾å†… IP ã‚¢ãƒ‰ãƒ¬ã‚¹åŠã³ç¤¾å¤– IP ã‚¢ãƒ‰ãƒ¬ã‚¹ã‹ã‚‰ã‚¢ã‚¯ã‚»ã‚¹ã—ã¾ã™ã€‚ç¤¾å†… IP ã‚¢ãƒ‰ãƒ¬ã‚¹ã§ã¯æ£å¸¸ã«ã‚¢ã‚¯ã‚»ã‚¹ã§ãã€ç¤¾å¤– IP ã‚¢ãƒ‰ãƒ¬ã‚¹ã§ã¯ã‚¢ã‚¯ã‚»ã‚¹ãŒãƒ–ãƒãƒƒã‚¯ã•ã‚Œã‚‹ã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚

ãƒ–ãƒãƒƒã‚¯ç¢ºèªï¼ˆIP ã‚µãƒ–ãƒãƒƒãƒˆï¼‰

è¤‡åˆæ¡ä»¶ã®è¨å®š

[ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£] > [ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ ã‚¢ã‚¯ã‚»ã‚¹] ã«ç§»å‹•ã—ã€[ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«] > [ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã‚’ä½œæˆ] ã‚’é¸æŠžã—ã¾ã™ã€‚

ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã‚’é¸æŠž

ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã‚’ä½œæˆã‚’é¸æŠž

ä»¥ä¸‹ã‚’è¨å®šã— [ä½œæˆ] ã‚’é¸æŠžã—ã¾ã™ã€‚ã“ã®æ¡ä»¶ã«ã‚ˆã‚Šã€MFA èªè¨¼ãŒã•ã‚Œã¦ã„ãªã„ã¨ã‚¢ã‚¯ã‚»ã‚¹ãŒãƒ–ãƒãƒƒã‚¯ã•ã‚Œã¾ã™ã€‚æ¡ä»¶å¼ã®è©³ç´°ã«ã¤ã„ã¦ã¯ã€ä»¥ä¸‹ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚

ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«åï¼šä»»æ„ã®åå‰ã‚’å…¥åŠ›ã—ã¾ã™ã€‚
æ¡ä»¶ï¼š[è©³ç´°] > request.auth.claims.crd_str.mfa == true
å‚è€ƒ : ã‚«ã‚¹ã‚¿ãƒ ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã®ä»•æ§˜
å‚è€ƒ : è©³ç´°ãƒ¢ãƒ¼ãƒ‰ã§ã®ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ ã‚¢ã‚¯ã‚»ã‚¹ã®ä¾‹

2ã¤ç›®ã®ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã®ä½œæˆ

[çµ‚äº†] ã‚’é¸æŠžã—ã¾ã™ã€‚

çµ‚äº†ã‚’é¸æŠž

[ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã‚¢ã‚¦ã‚§ã‚¢ ã‚¢ã‚¯ã‚»ã‚¹] > [ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«] ã¸ç§»å‹•ã—ã€1ã¤ç›®ã¨2ã¤ç›®ã®ãƒ«ãƒ¼ãƒ«ã®CELåã‚’ç¢ºèªã—ã€æŽ§ãˆã¾ã™ã€‚

CELåã®ç¢ºèª

[ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã‚’ä½œæˆ] ã‚’é¸æŠžã—ã¾ã™ã€‚

[ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã‚’ä½œæˆ] ã‚’é¸æŠž

ä»¥ä¸‹ã‚’è¨å®šã— [ä½œæˆ] ã‚’é¸æŠžã—ã¾ã™ã€‚ã“ã®æ¡ä»¶ã«ã‚ˆã‚Šã€è¤‡æ•°ã®æ¡ä»¶ï¼ˆIP ã‚¢ãƒ‰ãƒ¬ã‚¹åˆ¶é™ã¨å¤šè¦ç´ èªè¨¼ï¼ˆMFAï¼‰ï¼‰ã‚’åŒæ™‚ã«æº€ãŸã™å ´åˆã®ã¿ã‚¢ã‚¯ã‚»ã‚¹ãŒè¨±å¯ã•ã‚Œã¾ã™ã€‚

ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«åï¼šä»»æ„ã®åå‰ã‚’å…¥åŠ›ã—ã¾ã™ã€‚
æ¡ä»¶ï¼š[è©³ç´°] > levels.${{1ã¤ç›®ã®ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã® CEL å}} && levels.${{2ã¤ç›®ã®ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã® CEL å}}

3ã¤ç›®ã®ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã®ä½œæˆ

ã‚¢ãƒ—ãƒªã«ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã‚’å‰²ã‚Šå½“ã¦ã‚‹ã‚’é¸æŠž

å‰²ã‚Šå½“ã¦ã‚’é¸æŠž

é©ç”¨æ¸ˆã¿ã®1ã¤ç›®ã®ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã‚’å‰Šé™¤ã—ã€3ã¤ç›®ã®ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã‚’é¸æŠžã—ã€ã‚¢ã‚¯ãƒ†ã‚£ãƒ–ã®ãƒã‚§ãƒƒã‚¯ã‚’å…¥ã‚Œã¦ã€[ç¶šè¡Œ] ã‚’é¸æŠžã—ã¾ã™ã€‚

æœ¬ç•ªç’°å¢ƒã¸é©ç”¨ã™ã‚‹å ´åˆã¯ã€ã¾ãš [ç›£è¦–] ã®ã¿ã«ãƒã‚§ãƒƒã‚¯ã‚’å…¥ã‚Œã¦ãƒ¢ãƒ‹ã‚¿ãƒ¼ãƒ¢ãƒ¼ãƒ‰ã§å½±éŸ¿ãŒãªã„ã“ã¨ã‚’ç¢ºèªã—ãŸä¸Šã§ã€ã‚¢ã‚¯ãƒ†ã‚£ãƒ–ãƒ¢ãƒ¼ãƒ‰ã«åˆ‡ã‚Šæ›¿ãˆã‚‹ã“ã¨ã‚’æŽ¨å¥¨ã—ã¾ã™ã€‚

1ã¤ç›®ã®ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã®å‰Šé™¤

3ã¤ç›®ã®ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã®é¸æŠž

[ç¶šè¡Œ] ã‚’é¸æŠžã—ã€å†…å®¹ã‚’ç¢ºèªã—ã€[å‰²ã‚Šå½“ã¦] ã‚’é¸æŠžã—ã¾ã™ã€‚

ç¶šè¡Œã‚’é¸æŠž

3ã¤ç›®ã®ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã®é©ç”¨

è¤‡åˆæ¡ä»¶ã®å‹•ä½œç¢ºèªï¼ˆã‚¢ã‚¯ãƒ†ã‚£ãƒ–ãƒ¢ãƒ¼ãƒ‰ï¼‰

ç¤¾å†…ã® IP ã‚¢ãƒ‰ãƒ¬ã‚¹ã‹ã¤ MFA ãŒç„¡åŠ¹åŒ–ã•ã‚Œã¦ã„ã‚‹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‹ã‚‰ã‚¢ã‚¯ã‚»ã‚¹ã‚’ç¢ºèªã—ã€ä»¥ä¸‹ç”»é¢ãŒè¡¨ç¤ºã•ã‚Œã‚‹ã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚

MFA ãŒç„¡åŠ¹ãªã‚¢ã‚«ã‚¦ãƒ³ãƒˆ

ãƒ–ãƒãƒƒã‚¯ç¢ºèªï¼ˆè¤‡åˆæ¡ä»¶ï¼‰

ãƒã‚°ã‚¤ãƒ™ãƒ³ãƒˆã®é¸æŠž

ä»¥ä¸‹ã®æ¡ä»¶ã§æ¤œç´¢ã—ã€ã‚¢ã‚¯ãƒ†ã‚£ãƒ–ãƒ¢ãƒ¼ãƒ‰ã§æ‹’å¦ã•ã‚ŒãŸæŽ¥ç¶šãƒã‚°ã‚’ç¢ºèªã—ã¾ã™ã€‚ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã®ä¸è¶³ã‚’ç¢ºèªã™ã‚‹ã“ã¨ã§ã€ã©ã®ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã§ãƒ–ãƒãƒƒã‚¯ã•ã‚ŒãŸã‹ã‚’ç‰¹å®šã§ãã¾ã™ã€‚

ã‚¤ãƒ™ãƒ³ãƒˆ æ¬¡ã«ä¸€è‡´ ã‚¢ã‚¯ã‚»ã‚¹ãŒæ‹’å¦ã•ã‚Œã¾ã—ãŸ
ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«ã®é©ç”¨ æ¬¡ã®æ–‡å—ã‚’å«ã‚€ ã‚¢ã‚¯ã‚»ã‚¹ãƒ¬ãƒ™ãƒ«å

ãƒã‚°ã®ç¢ºèª

ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®MFAã‚’æœ‰åŠ¹åŒ–å¾Œã€ãƒã‚°ã‚¢ã‚¦ãƒˆã—ã€MFAã‚’åˆ©ç”¨ã—ã¦å†åº¦ãƒã‚°ã‚¤ãƒ³ã—ã¾ã™ã€‚

ãƒã‚°ã‚¤ãƒ³æ™‚ã«ã“ã®ãƒ‡ãƒã‚¤ã‚¹ã§ã¯æ¬¡å›žã‹ã‚‰è¡¨ç¤ºã—ãªã„ã‚’é¸æŠžã—ãªã„ã§ãã ã•ã„ã€‚é¸æŠžã™ã‚‹ã¨ã€æ¬¡å›žä»¥é™ã®ãƒã‚°ã‚¤ãƒ³ã§ MFA èªè¨¼ãŒçœç•¥ã•ã‚Œã€CAA ã«ã‚ˆã£ã¦ã‚¢ã‚¯ã‚»ã‚¹ãŒãƒ–ãƒãƒƒã‚¯ã•ã‚Œã¾ã™ã€‚

ä¸‡ãŒä¸€é¸æŠžã—ã¦ã—ã¾ã£ãŸå ´åˆã¯ã€ä»¥ä¸‹ã®ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’å‚ç…§ã—ã¦ãƒã‚°ã‚¤ãƒ³ Cookie ã‚’ãƒªã‚»ãƒƒãƒˆã—ã¦ãã ã•ã„ã€‚

å‚è€ƒ : ç®¡ç†å¯¾è±¡ã® Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‹ã‚‰ãƒã‚°ã‚¢ã‚¦ãƒˆã™ã‚‹
MFA ã‚’åˆ©ç”¨ã—ã¦ãƒã‚°ã‚¤ãƒ³

Googleãƒ‰ãƒ©ã‚¤ãƒ–ã«ã‚¢ã‚¯ã‚»ã‚¹ã—ã€æ£å¸¸ã«è¡¨ç¤ºã•ã‚Œã‚‹ã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚

ã‚¢ã‚¯ã‚»ã‚¹ç¢ºèª

Privileged Access Manager(PAM)ã‚’Terraformã§ç®¡ç†ã™ã‚‹

2024-12-13T09:00:00+09:00

G-gen ã®æ¦äº•ã§ã™ã€‚å½“è¨˜äº‹ã§ã¯ Privileged Access Manager ã‚’ Terraform ã§ç®¡ç†ã™ã‚‹æ–¹æ³•ã«ã¤ã„ã¦ç´¹ä»‹ã—ã¾ã™ã€‚

ã¯ã˜ã‚ã«
å…¨ä½“æ§‹æˆ
é€£æºæ–¹å¼
ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰
- Direct Workload Identity ãŠã‚ˆã³ GitHub Actions ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼
- Terraform
ãƒ‡ãƒ—ãƒã‚¤
å‹•ä½œç¢ºèª

ã¯ã˜ã‚ã«

æ¦‚è¦

å½“è¨˜äº‹ã§ã¯ Google Cloud ã«ãŠã‘ã‚‹ä¸€æ™‚çš„ãª IAM æ¨©é™ä»˜ä¸Žã‚’å®Ÿç¾ã™ã‚‹ä»•çµ„ã¿ã§ã‚ã‚‹ Privileged Access Manager (ä»¥é™ã€PAM) ã‚’ã€Terraform ã¨ GitHub Actions ã«ã‚ˆã‚‹ CI/CD ã§ç®¡ç†ã™ã‚‹æ–¹æ³•ã‚’ç´¹ä»‹ã—ã¾ã™ã€‚

å½“è¨˜äº‹ã§å®Ÿç¾ã™ã‚‹ã®ã¯ã€PAM ã®ä»•çµ„ã¿ã®ãƒ‡ãƒ—ãƒã‚¤ã§ã™ã€‚API ã®æœ‰åŠ¹åŒ–ã€ã‚µãƒ¼ãƒ“ã‚¹ã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆã¸ã®æ¨©é™ä»˜ä¸Žã€åˆ©ç”¨è³‡æ ¼ (entitlements) ã®ä½œæˆãªã©ã‚’ Terraform ã§è¡Œã†ã“ã¨ã§ã€ãƒ‡ãƒ—ãƒã‚¤ä»¥é™ã¯ PAM ã‚’ä½¿ã£ãŸæ‰¿èªãƒ•ãƒãƒ¼ã«ã‚ˆã‚Šã€çµ„ç¹”ã® IAM æ¨©é™ã‚’ç®¡ç†ã™ã‚‹ã“ã¨ãŒã§ãã‚‹ã‚ˆã†ã«ãªã‚Šã¾ã™ã€‚

Privileged Access Manager (PAM)

PAM ã®è©³ç´°ã¯ä»¥ä¸‹ã®è¨˜äº‹ã§è§£èª¬ã—ã¦ã„ã¾ã™ã€‚

blog.g-gen.co.jp

PAM ã§ã®æ¨©é™ç®¡ç†ã®ä»•çµ„ã¿ã‚’ç«¯çš„ã«ã¾ã¨ã‚ã‚‹ã¨ã€åˆ©ç”¨è³‡æ ¼ (entitlements) ã¨ã„ã†è¨å®šæƒ…å ±ã«ã‚‚ã¨ã¥ãã€ä¸€æ™‚çš„ãªæ¨©é™ã®ä»˜ä¸Žã‚’è¡Œã†ã‚‚ã®ã§ã™ã€‚

åˆ©ç”¨è³‡æ ¼ï¼ˆentitlementsï¼‰ã¯ PAM ã®ã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã§ã‚ã‚Šã€æ‰¿èªãƒ•ãƒãƒ¼ã¨è¨€ã„æ›ãˆã‚‹ã“ã¨ã‚‚ã§ãã¾ã™ã€‚åˆ©ç”¨è³‡æ ¼ã«ã¯ã€Œä»˜ä¸Žã™ã‚‹ IAM ãƒãƒ¼ãƒ«ã€ã€Œæ¨©é™ã‚’ä»˜ä¸Žã™ã‚‹æœ€å¤§æ™‚é–“ã€ã€Œèª°ãŒæ¨©é™ã‚’ãƒªã‚¯ã‚¨ã‚¹ãƒˆã§ãã‚‹ã‹ã€ã€Œèª°ãŒãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚’æ‰¿èªã§ãã‚‹ã‹ã€ã€Œèª°ãŒé€šçŸ¥ã‚’å—ã‘å–ã‚‹ã‹ã€ãªã©ã‚’å®šç¾©ã§ãã¾ã™ã€‚

æ‰¿èªãƒ•ãƒãƒ¼ã¯ä»¥ä¸‹ã®ã‚ˆã†ã«ãªã‚Šã¾ã™ã€‚

ç”³è«‹è€…ã¯å¿…è¦ãªæ¨©é™ã€æœŸé–“ã€ãã®ç†ç”±ã‚’åˆ©ç”¨è³‡æ ¼ã«æ˜Žè¨˜ã—ã€æ‰¿èªè€…ã«æå‡ºã™ã‚‹
æ‰¿èªè€…ã¯ã€ãã®å¦¥å½“æ€§ã‚’ç¢ºèªã—ç”³è«‹ã‚’æ‰¿èªã‚‚ã—ãã¯å¦èªã™ã‚‹
æ‰¿èªã•ã‚ŒãŸå ´åˆã€ç”³è«‹è€…ã«å¯¾ã—ä¸€å®šæœŸé–“æ¨©é™ãŒä»˜ä¸Žã•ã‚Œã‚‹
æ‰€å®šã®æœŸé–“ãŒçµŒéŽã™ã‚‹ã¨ã€ç”³è«‹è€…ã«ä»˜ä¸Žã•ã‚Œã¦ã„ãŸæ¨©é™ã¯è‡ªå‹•çš„ã«ã¯ãå¥ªã•ã‚Œã‚‹

PAM ã«å¿…è¦ãªæ¨©é™

PAM ã«å¿…è¦ãªæ¨©é™ (IAM ãƒãƒ¼ãƒ«) ã«ã¤ã„ã¦ã¯ä»¥ä¸‹ã®é€šã‚Šã§ã™ã€‚

å‚è€ƒï¼šPrivileged Access Manager ã®æ¨©é™ã¨è¨å®š

åˆ©ç”¨è³‡æ ¼ã®ç®¡ç†

åˆ©ç”¨è³‡æ ¼ã‚’ç®¡ç†(ä½œæˆã€æ›´æ–°ã€å‰Šé™¤)ã™ã‚‹ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ã«ã¯ã€Privileged Access Manager ç®¡ç†è€… (roles/privilegedaccessmanager.admin) ãŒå¿…è¦ã§ã™ã€‚

ã¾ãŸã€åˆ©ç”¨è³‡æ ¼ã‚’çµ„ç¹”ãƒ„ãƒªãƒ¼ã®ä¸ã®ã©ã“ã§åˆ©ç”¨ã™ã‚‹ã‹ã«ã‚ˆã£ã¦ã€ä»¥ä¸‹ã®ã„ãšã‚Œã‹ã®æ¨©é™ãŒå¿…è¦ã§ã™ã€‚

çµ„ç¹”å…¨ä½“ï¼šã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ç®¡ç†è€…ï¼ˆroles/iam.securityAdminï¼‰
ãƒ•ã‚©ãƒ«ãƒ€ï¼šãƒ•ã‚©ãƒ«ãƒ€ IAM ç®¡ç†è€…ï¼ˆroles/resourcemanager.folderIamAdminï¼‰
ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆï¼šProject IAM ç®¡ç†è€…ï¼ˆroles/resourcemanager.projectIamAdminï¼‰

åˆ©ç”¨è³‡æ ¼ã®åˆ©ç”¨ (ç”³è«‹ã€æ‰¿èª)

åˆ©ç”¨è³‡æ ¼ã‚’ç”¨ã„ã¦ã€æ¨©é™ä»˜ä¸Žã‚’ç”³è«‹ã™ã‚‹ã€ã‚ã‚‹ã„ã¯ç”³è«‹ã‚’æ‰¿èªã™ã‚‹ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ã«ã¯ã€Privileged Access Manager é–²è¦§è€… (roles/privilegedaccessmanager.viewer) ãŒå¿…è¦ã§ã™ã€‚

å…¨ä½“æ§‹æˆ

å½“è¨˜äº‹ã§ã¯åˆ©ç”¨è³‡æ ¼ã‚’ Terraform ã¨ GitHub Actions ã§ç®¡ç†ã—ã¾ã™ã€‚

åˆ©ç”¨è³‡æ ¼ã¯çµ„ç¹”/ãƒ•ã‚©ãƒ«ãƒ€/ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆãƒ¬ãƒ™ãƒ«ã§è¨å®šå¯èƒ½ã§ã™ãŒã€ä»Šå›žã¯çµ„ç¹”ã¨ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆãƒ¬ãƒ™ãƒ«ã« PAM ã‚’ãƒ‡ãƒ—ãƒã‚¤ã—ã¾ã™ã€‚

é€£æºæ–¹å¼

Google Cloud ã¨ GitHub Actions ã®é€£æºã«ã¯ Direct Workload Identity ã‚’ä½¿ç”¨ã—ã¾ã™ã€‚

ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚ãƒ¼ã‚„ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®æ¨©é™ã‚’å€Ÿç”¨ã™ã‚‹å¾“æ¥æ–¹å¼ã¨ã¯ç•°ãªã‚Šã€Workload Identity ãƒ—ãƒ¼ãƒ«ã«å¿…è¦ãª IAM æ¨©é™ã‚’ç›´æŽ¥ä»˜ä¸Žã—ã¾ã™ã€‚

å‚è€ƒ : Workload Identity Federation

ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰

Direct Workload Identity ãŠã‚ˆã³ GitHub Actions ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼

ä»¥ä¸‹ã®è¨˜äº‹ã§ Direct Workload Identity ã‚’ä½œæˆã™ã‚‹ bash ã‚¹ã‚¯ãƒªãƒ—ãƒˆã¨ GitHub Actions ã®ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼ã‚’æŽ²è¼‰ã—ã¦ã„ã¾ã™ã€‚

blog.g-gen.co.jp

ãªãŠã€ä¸Šè¨˜ã®è¨˜äº‹ã«æŽ²è¼‰ã—ãŸã‚¹ã‚¯ãƒªãƒ—ãƒˆã§ä½œæˆã•ã‚Œã‚‹ Workload Identity ãƒ—ãƒ¼ãƒ«ã«å¯¾ã—ã¦ã¯ã€çµ„ç¹”ãƒ¬ãƒ™ãƒ«ã§ä»¥ä¸‹ã® IAM ãƒãƒ¼ãƒ«ã‚’ä»˜ä¸Žã—ã¦ãŠã‚Šã€åˆ©ç”¨è³‡æ ¼ã®ç®¡ç†ã«å¿…è¦ãªæ¨©é™ã‚’åŒ…å«ã—ã¦ã„ã¾ã™ã€‚

ã‚ªãƒ¼ãƒŠãƒ¼ (roles/owner)
çµ„ç¹”ç®¡ç†è€… (roles/resourcemanager.organizationAdmin)

Terraform

PAM ã®ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰ã¯ä»¥ä¸‹ã®ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªæ§‹æˆã«ã‚‚ã¨ã¥ãã¾ã™ã€‚

å‚è€ƒï¼šgoogle_privileged_access_manager_entitlement

ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªæ§‹æˆ

.
â”œâ”€â”€ env
â”‚   â”œâ”€â”€ Test_Environment
â”‚   â”‚   â””â”€â”€ yutakei
â”‚   â”‚       â”œâ”€â”€ backend.tf
â”‚   â”‚       â”œâ”€â”€ locals.tf
â”‚   â”‚       â”œâ”€â”€ main.tf
â”‚   â”‚       â””â”€â”€ versions.tf
â”‚   â””â”€â”€ organization
â”‚       â”œâ”€â”€ backend.tf
â”‚       â”œâ”€â”€ locals.tf
â”‚       â”œâ”€â”€ main.tf
â”‚       â””â”€â”€ versions.tf
â””â”€â”€ modules
    â”œâ”€â”€ apis
    â”‚   â”œâ”€â”€ main.tf
    â”‚   â”œâ”€â”€ outputs.tf
    â”‚   â””â”€â”€ variables.tf
    â””â”€â”€ pam
        â”œâ”€â”€ main.tf
        â”œâ”€â”€ outputs.tf
        â””â”€â”€ variables.tf

env é…ä¸‹ (å‘¼ã³å‡ºã—å´)

# backend.tf
terraform {
  backend "gcs" {
    bucket = "common-tfstate"
    prefix = "terraform/organization/state"
  }
}
  
# locals.tf
locals {
  organization_id = "1234567890"
  
  # åˆ©ç”¨ç”³è«‹(entitlements)ã®è¨å®š
  entitlements = {
    pam_org1 = {
      entitlement_id       = "pam-organization-acm-demo"
      max_request_duration = "3600s"
      eligible_users       = ["user:[email protected]"]
      resource_type        = "cloudresourcemanager.googleapis.com/Organization"
      resource             = "//cloudresourcemanager.googleapis.com/organizations/1234567890"
      roles = [
        "roles/accesscontextmanager.gcpAccessReader",
        "roles/accesscontextmanager.policyReader"
      ]
      require_approver_justification = true
      approvals_needed               = 1
      approvers                      = ["user:[email protected]"]
    }
  }
}
  
# main.tf
# çµ„ç¹”ãƒ¬ãƒ™ãƒ«ã§PAMã‚’æœ‰åŠ¹ã«ã™ã‚‹ã«ã¯ã€PAMã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã«PAMã‚µãƒ¼ãƒ“ã‚¹ã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆãƒãƒ¼ãƒ«ãŒå¿…è¦
resource "google_organization_iam_member" "pam_service_agent" {
  org_id = local.organization_id
  role   = "roles/privilegedaccessmanager.serviceAgent"
  member = "serviceAccount:service-org-${local.organization_id}@gcp-sa-pam.iam.gserviceaccount.com"
}
  
module "pam" {
  source       = "../../modules/pam"
  entitlements = local.entitlements
  parent       = "organizations/${local.organization_id}"
  location     = "global"
}
  
# versions.tf
terraform {
  required_version = "~> 1.9.7"

  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "~> 6.6.0"
    }
  }
}
  
provider "google" {
  user_project_override = true
}

# backend.tf
terraform {
  backend "gcs" {
    bucket = "common-tfstate"
    prefix = "terraform/yutakei/state"
  }
}
  
# locals.tf
locals {
  project_id = "yutakei"
  
  apis = [
    "privilegedaccessmanager.googleapis.com",
  ]
  
  # åˆ©ç”¨ç”³è«‹(entitlements)ã®è¨å®š
  entitlements = {
    pam1 = {
      entitlement_id                 = "pam-yutakei-bigquery-demo"
      max_request_duration           = "3600s"
      eligible_users                 = ["user:[email protected]"]
      resource_type                  = "cloudresourcemanager.googleapis.com/Project"
      resource                       = "//cloudresourcemanager.googleapis.com/projects/yutakei"
      roles                          = ["roles/bigquery.jobUser", "roles/bigquery.dataViewer"]
      require_approver_justification = true
      approvals_needed               = 1
      approvers                      = ["user:[email protected]"]
    }
    
    pam2 = {
      entitlement_id                 = "pam-yutakei-gcs-demo"
      max_request_duration           = "3600s"
      eligible_users                 = ["user:[email protected]"]
      resource_type                  = "cloudresourcemanager.googleapis.com/Project"
      resource                       = "//cloudresourcemanager.googleapis.com/projects/yutakei"
      roles                          = ["roles/storage.admin"]
      require_approver_justification = true
      approvals_needed               = 1
      approvers                      = ["user:[email protected]"]
    }
  }
}
  
# main.tf
module "apis" {
  source     = "../../../modules/apis"
  project_id = local.project_id
  apis       = local.apis
}
  
module "pam" {
  source       = "../../../modules/pam"
  entitlements = local.entitlements
  parent       = "projects/${local.project_id}"
  location     = "global"
}
  
# versions.tf
å‰²æ„›

modules é…ä¸‹ (ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«)

# main.tf
resource "google_privileged_access_manager_entitlement" "pam" {
  for_each             = var.entitlements
  entitlement_id       = each.value.entitlement_id
  location             = var.location
  max_request_duration = each.value.max_request_duration
  parent               = var.parent
  
  requester_justification_config {
    unstructured {}
  }
  
  eligible_users {
    principals = each.value.eligible_users
  }
  
  privileged_access {
    gcp_iam_access {
      resource_type = each.value.resource_type
      resource      = each.value.resource
  
      # è¤‡æ•°ã®role_bindingsã‚’ç”Ÿæˆ
      dynamic "role_bindings" {
        for_each = each.value.roles
        content {
          role = role_bindings.value
        }
      }
    }
  }
  
  approval_workflow {
    manual_approvals {
      require_approver_justification = each.value.require_approver_justification
      steps {
        approvals_needed = each.value.approvals_needed
        approvers {
          principals = each.value.approvers
        }
      }
    }
  }
}
  
# outputs.tf
output "entitlement_ids" {
  description = "List of entitlement IDs created"
  value       = [for entitlement in google_privileged_access_manager_entitlement.pam : entitlement.entitlement_id]
}
  
variable "entitlements" {
  description = "A map of entitlement configurations"
  type = map(object({
    entitlement_id                 = string
    max_request_duration           = string
    eligible_users                 = list(string)
    resource_type                  = string
    resource                       = string
    roles                          = list(string)
    require_approver_justification = bool
    approvals_needed               = number
    approvers                      = list(string)
  }))
}
  
# variables.tf
variable "parent" {
  description = "Parent resource (e.g., project, folder, or organization)"
  type        = string
}
  
variable "location" {
  description = "Location for the entitlement"
  type        = string
  default     = "global"
}

# main.tf
resource "google_project_service" "apis" {
  for_each           = toset(var.apis)
  project            = var.project_id
  service            = each.value
  disable_on_destroy = false
}
  
# APIã®æœ‰åŠ¹åŒ–ã«ã¯æ™‚é–“ãŒã‹ã‹ã‚‹ãŸã‚ã€å¾…æ©Ÿæ™‚é–“ã‚’è¨å®š
resource "null_resource" "delay" {
  provisioner "local-exec" {
    command = "sleep 180"
  }
  
  depends_on = [google_project_service.apis]
}
  
# outputs.tf
output "enabled_apis" {
  description = "List of enabled APIs for the project"
  value       = [for service in google_project_service.apis : service.id]
}
  
# variables.tf
variable "apis" {
  description = "List of APIs to enable"
  type        = list(string)
}
  
variable "project_id" {
  description = "The ID of the project to create resources in"
  type        = string
}

ãƒ‡ãƒ—ãƒã‚¤

terraform plan

GitHub Actions (terraform plan) ã®å®Ÿè¡Œçµæžœã§ã™ã€‚

# çµ„ç¹”å‘ã‘ã®ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼(terraform plan)
  
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  
Terraform will perform the following actions:
  
  # google_organization_iam_member.pam_service_agent will be created
  + resource "google_organization_iam_member" "pam_service_agent" {
      + etag   = (known after apply)
      + id     = (known after apply)
      + member = "serviceAccount:[email protected]"
      + org_id = "1234567890"
      + role   = "roles/privilegedaccessmanager.serviceAgent"
    }
  
  # module.pam.google_privileged_access_manager_entitlement.pam["pam_org1"] will be created
  + resource "google_privileged_access_manager_entitlement" "pam" {
      + create_time          = (known after apply)
      + entitlement_id       = "pam-organization-acm-demo"
      + etag                 = (known after apply)
      + id                   = (known after apply)
      + location             = "global"
      + max_request_duration = "3600s"
      + name                 = (known after apply)
      + parent               = "organizations/1234567890"
      + state                = (known after apply)
      + update_time          = (known after apply)
  
      + approval_workflow {
          + manual_approvals {
              + require_approver_justification = true
  
              + steps {
                  + approvals_needed = 1
  
                  + approvers {
                      + principals = [
                          + "user:[email protected]",
                        ]
                    }
                }
            }
        }
  
      + eligible_users {
          + principals = [
              + "user:[email protected]",
            ]
        }
  
      + privileged_access {
          + gcp_iam_access {
              + resource      = "//cloudresourcemanager.googleapis.com/organizations/1234567890"
              + resource_type = "cloudresourcemanager.googleapis.com/Organization"
  
              + role_bindings {
                  + role = "roles/accesscontextmanager.gcpAccessReader"
                }
              + role_bindings {
                  + role = "roles/accesscontextmanager.policyReader"
                }
            }
        }
  
      + requester_justification_config {
          + unstructured {}
        }
    }
  
Plan: 2 to add, 0 to change, 0 to destroy.

# ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆå‘ã‘ã®ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼(terraform plan)
  
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  
Terraform will perform the following actions:
  
  # module.apis.google_project_service.apis["privilegedaccessmanager.googleapis.com"] will be created
  + resource "google_project_service" "apis" {
      + disable_on_destroy = false
      + id                 = (known after apply)
      + project            = "yutakei"
      + service            = "privilegedaccessmanager.googleapis.com"
    }
  
  # module.apis.null_resource.delay will be created
  + resource "null_resource" "delay" {
      + id = (known after apply)
    }
  
  # module.pam.google_privileged_access_manager_entitlement.pam["pam1"] will be created
  + resource "google_privileged_access_manager_entitlement" "pam" {
      + create_time          = (known after apply)
      + entitlement_id       = "pam-yutakei-bigquery-demo"
      + etag                 = (known after apply)
      + id                   = (known after apply)
      + location             = "global"
      + max_request_duration = "3600s"
      + name                 = (known after apply)
      + parent               = "projects/yutakei"
      + state                = (known after apply)
      + update_time          = (known after apply)
  
      + approval_workflow {
          + manual_approvals {
              + require_approver_justification = true
  
              + steps {
                  + approvals_needed = 1
  
                  + approvers {
                      + principals = [
                          + "user:[email protected]",
                        ]
                    }
                }
            }
        }
  
      + eligible_users {
          + principals = [
              + "user:[email protected]",
            ]
        }
  
      + privileged_access {
          + gcp_iam_access {
              + resource      = "//cloudresourcemanager.googleapis.com/projects/yutakei"
              + resource_type = "cloudresourcemanager.googleapis.com/Project"
  
              + role_bindings {
                  + role = "roles/bigquery.jobUser"
                }
              + role_bindings {
                  + role = "roles/bigquery.dataViewer"
                }
            }
        }
  
      + requester_justification_config {
          + unstructured {}
        }
    }
  
  # module.pam.google_privileged_access_manager_entitlement.pam["pam2"] will be created
  + resource "google_privileged_access_manager_entitlement" "pam" {
      + create_time          = (known after apply)
      + entitlement_id       = "pam-yutakei-gcs-demo"
      + etag                 = (known after apply)
      + id                   = (known after apply)
      + location             = "global"
      + max_request_duration = "3600s"
      + name                 = (known after apply)
      + parent               = "projects/yutakei"
      + state                = (known after apply)
      + update_time          = (known after apply)
  
      + approval_workflow {
          + manual_approvals {
              + require_approver_justification = true
  
              + steps {
                  + approvals_needed = 1
  
                  + approvers {
                      + principals = [
                          + "user:[email protected]",
                        ]
                    }
                }
            }
        }
  
      + eligible_users {
          + principals = [
              + "user:[email protected]",
            ]
        }
  
      + privileged_access {
          + gcp_iam_access {
              + resource      = "//cloudresourcemanager.googleapis.com/projects/yutakei"
              + resource_type = "cloudresourcemanager.googleapis.com/Project"
  
              + role_bindings {
                  + role = "roles/storage.admin"
                }
            }
        }
  
      + requester_justification_config {
          + unstructured {}
        }
    }
  
Plan: 4 to add, 0 to change, 0 to destroy.

terraform apply

GitHub Actions (terraform apply) ã®å®Ÿè¡Œçµæžœã§ã™ã€‚æˆ»ã‚Šå€¤ã¯å…ˆã»ã©åŒæ§˜ã®ãŸã‚å‰²æ„›ã—ã¾ã™ã€‚

ãƒªã‚½ãƒ¼ã‚¹

çµ„ç¹”ã§ã¯ PAM ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã«å¯¾ã™ã‚‹ IAM Policyã¨åˆ©ç”¨è³‡æ ¼ãŒãƒ‡ãƒ—ãƒã‚¤ã•ã‚Œã¾ã—ãŸã€‚

ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã§ã‚‚åˆ©ç”¨è³‡æ ¼ãŒãƒ‡ãƒ—ãƒã‚¤ã•ã‚Œã¾ã—ãŸã€‚

å‹•ä½œç¢ºèª

ç”³è«‹

ç”³è«‹è€…ã®ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã§ PAM ã®ç®¡ç†ç”»é¢ã«ã‚¢ã‚¯ã‚»ã‚¹ã—ã€æ¨©é™ä»˜ä¸Žã‚’ãƒªã‚¯ã‚¨ã‚¹ãƒˆ ã‚’ã‚¯ãƒªãƒƒã‚¯ã—ã¾ã™ã€‚

ä»¥ä¸‹3é …ç›®ã‚’å…¥åŠ›ã—ã€æ¨©é™ä»˜ä¸Žã‚’ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚’ã‚¯ãƒªãƒƒã‚¯ã™ã‚‹ã¨ã€æ‰¿èªãƒ•ãƒãƒ¼ãŒæ‰¿èªè€…ã¸ã¨é€²ã¿ã¾ã™ã€‚

æ¨©é™ä»˜ä¸Žã®æœŸé–“ (å¿…é ˆã€æœ€å¤§æ™‚é–“ãŒ1æ™‚é–“ã®å ´åˆã€30åˆ†/45åˆ†/1æ™‚é–“ã‹ã‚‰é¸æŠžã§ãã‚‹)
ç†ç”± (å¿…é ˆ)
é€šçŸ¥ã®å—ä¿¡è€… (ä»»æ„ã€çœç•¥ã—ã¦ã‚‚åˆ©ç”¨è³‡æ ¼ã§è¨å®šã—ãŸæ‰¿èªè€…ã«ãƒ¡ãƒ¼ãƒ«é€šçŸ¥ãŒè¡Œã‚ã‚Œã‚‹)

æ‰¿èªã•ã‚Œã‚‹ã¾ã§ã®é–“ã€å½“è©²åˆ©ç”¨è³‡æ ¼ã®ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ã¯ Approval Awaited ã¨ãªã‚Šã¾ã™ã€‚

æ‰¿èª

æ‰¿èªè€…ã®ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã§ PAM ã®ç®¡ç†ç”»é¢ã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ã¨ã€ç”³è«‹è€…ã‹ã‚‰ã®æ‰¿èªãƒ•ãƒãƒ¼ãŒå›žã£ã¦ããŸã“ã¨ãŒã‚ã‹ã‚Šã¾ã™ã€‚

ä»¥ä¸‹ã®ãƒ¡ãƒ¼ãƒ«é€šçŸ¥ãŒå±Šãã¾ã™ã€‚

æ‰¿èª / æ‹’å¦ã‚’ã‚¯ãƒªãƒƒã‚¯ã—ç”³è«‹å†…å®¹ã‚’ç¢ºèªã—ã¾ã™ã€‚

ã‚³ãƒ¡ãƒ³ãƒˆæ¬„ (å¿…é ˆ) ã«æ‰¿èªã™ã‚‹æ—¨ã‚’å…¥åŠ›ã—ã€æ‰¿èªã‚’ã‚¯ãƒªãƒƒã‚¯ã—ã¾ã™ã€‚

æ¨©é™ä»˜ä¸Ž

æ‰¿èªè€…ã«ã¯ä»¥ä¸‹ã®ãƒ¡ãƒ¼ãƒ«é€šçŸ¥ãŒå±Šãã¾ã™ã€‚

åˆ©ç”¨è³‡æ ¼ã®ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ã‚‚ Approval Awaited > Active ã¨ãªã£ã¦ãŠã‚Šã€æ¨©é™ä»˜ä¸Žã®æ®‹ã‚Šæ™‚é–“ã‚‚è¡¨ç¤ºã•ã‚Œã¦ã„ã¾ã™ã€‚

IAM Policy ã®ç®¡ç†ç”»é¢ã‚’ç¢ºèªã™ã‚‹ã¨ã€ä»Šå›žåˆ©ç”¨è³‡æ ¼ã®ä¸ã§å®šç¾©ã—ãŸ2ã¤ã®ãƒãƒ¼ãƒ«ãŒ PAM ã«ã‚ˆã£ã¦ä»˜ä¸Žã•ã‚ŒãŸã“ã¨ãŒã‚ã‹ã‚Šã¾ã™ã€‚

æ¨©é™ã¯ãå¥ª

ç”³è«‹æ™‚ã«å¸Œæœ›ã—ãŸä»˜ä¸Žæ™‚é–“ (ä»Šå›žã¯30åˆ†) ãŒçµŒéŽã™ã‚‹ã¨ã€å…ˆã»ã©ã¾ã§ä»˜ä¸Žã•ã‚Œã¦ã„ãŸãƒãƒ¼ãƒ«ãŒ PAM ã«ã‚ˆã£ã¦ã¯ãå¥ªã•ã‚Œã¦ã„ã‚‹ã“ã¨ãŒã‚ã‹ã‚Šã¾ã™ã€‚

å†ç”³è«‹

åˆ©ç”¨è³‡æ ¼ã®ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ãŒ Available (ç”³è«‹é–‹å§‹å‰ã®çŠ¶æ…‹) ã«æˆ»ã£ã¦ãŠã‚Šã€å¿…è¦ãªéš›ã«ã¯å†åº¦åŒã˜åˆ©ç”¨è³‡æ ¼ã‚’ä½¿ã£ã¦ç”³è«‹ãŒè¡Œãˆã¾ã™ã€‚

Google Cloudã¨GitHub Actions(Terraform)ã‚’é€£æºã™ã‚‹Direct Workload Identityã‚’ä½œæˆã™ã‚‹bashã‚¹ã‚¯ãƒªãƒ—ãƒˆ

2024-12-11T09:00:00+09:00

G-gen ã®æ¦äº•ã§ã™ã€‚å½“è¨˜äº‹ã§ã¯ Google Cloud ã¨ GitHub Actions (Terraform) ã‚’é€£æºã™ã‚‹ Direct Workload Identity ã‚’ä½œæˆã™ã‚‹ bash ã‚¹ã‚¯ãƒªãƒ—ãƒˆã‚’ç´¹ä»‹ã—ã¾ã™ã€‚

ã¯ã˜ã‚ã«
ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰
ã‚¹ã‚¯ãƒªãƒ—ãƒˆã®ä½¿ã„æ–¹

ã¯ã˜ã‚ã«

æ¦‚è¦

å½“è¨˜äº‹ã§ç´¹ä»‹ã™ã‚‹ã®ã¯ã€Google Cloud ã¨ GitHub Actions (Terraform) ã¨ã®é€£æºã«å¿…è¦ãª Direct Workload Identity ãƒªã‚½ãƒ¼ã‚¹ã‚’ä½œæˆã™ã‚‹ bash ã‚¹ã‚¯ãƒªãƒ—ãƒˆã§ã™ã€‚

ä»¥å‰ã®è¨˜äº‹ã¨ã®é•ã„

ä»¥å‰åŸ·ç†ã—ãŸè¨˜äº‹ã§ç´¹ä»‹ã—ãŸã®ã¯ã€ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®æ¨©é™ã‚’å€Ÿç”¨ã™ã‚‹å½¢å¼ã® Workload Identity ãƒªã‚½ãƒ¼ã‚¹ã‚’ä½œæˆã™ã‚‹ã‚¹ã‚¯ãƒªãƒ—ãƒˆã§ã™ã€‚

blog.g-gen.co.jp

ä»Šå›žã”ç´¹ä»‹ã™ã‚‹ã®ã¯ã€Workload Identity ãƒ—ãƒ¼ãƒ«ã«å¿…è¦ãªæ¨©é™ (IAM ãƒãƒ¼ãƒ«) ã‚’ç›´æŽ¥ä»˜ä¸Žã™ã‚‹å½¢å¼ã® Workload Identity ãƒªã‚½ãƒ¼ã‚¹ã‚’ä½œæˆã™ã‚‹ã‚¹ã‚¯ãƒªãƒ—ãƒˆã§ã™ã€‚

ã“ã®æ–¹å¼ã¯ã€ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®æ‰•ã„å‡ºã—ã‚„ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’å€Ÿç”¨ã™ã‚‹ãŸã‚ã®æ¨©é™ä»˜ä¸ŽãŒå¿…è¦ãªã„ãŸã‚ã€å¾“æ¥ã‚ˆã‚Šã‚‚ã‚»ã‚ãƒ¥ã‚¢ãªé€£æºãŒå¯èƒ½ã§ã€Google Cloudã€ãªã‚‰ã³ã« GitHub ã®å…¬å¼ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆä¸Šã§ã‚‚æŽ¨å¥¨ã•ã‚Œã¦ã„ã¾ã™ã€‚

å‚è€ƒï¼šã‚¢ã‚¯ã‚»ã‚¹ç®¡ç†
å‚è€ƒï¼š(Preferred) Direct Workload Identity Federation

åˆ¶é™äº‹é …

æŽ¨å¥¨ã•ã‚Œã‚‹å½¢å¼ã§ã¯ã‚ã‚‹ã‚‚ã®ã®ã€Direct Workload Identity ã«ã¯å¯¾å¿œå¯èƒ½ãªãƒ—ãƒãƒ€ã‚¯ãƒˆã‚„æ©Ÿèƒ½ã«åˆ¶é™ãŒã‚ã‚Šã¾ã™ã€‚

å¯¾å¿œã—ã¦ã„ãªã„ãƒ—ãƒãƒ€ã‚¯ãƒˆã‚„ãã®æ©Ÿèƒ½ã‚’ç®¡ç†ã—ãŸã„å ´åˆã€å¾“æ¥å½¢å¼ (ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®æ¨©é™ã‚’å€Ÿç”¨ã™ã‚‹å½¢å¼) ã® Workload Identity ã‚’ã”åˆ©ç”¨ãã ã•ã„ã€‚

å‚è€ƒï¼šID é€£æº: ãƒ—ãƒãƒ€ã‚¯ãƒˆã¨åˆ¶é™äº‹é …

å‰ææ¡ä»¶

å½“ bash ã‚¹ã‚¯ãƒªãƒ—ãƒˆã¯ã€Debian GNU/Linux 12 (bookworm) ä¸Šã§é–‹ç™ºã•ã‚Œã€å‹•ä½œç¢ºèªã•ã‚Œã¦ã„ã¾ã™ã€‚

ã¾ãŸã€ä»¥ä¸‹ã®ã‚½ãƒ•ãƒˆã‚¦ã‚§ã‚¢ãŒã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã•ã‚Œã¦ã„ã‚‹ã“ã¨ãŒå‰æã§ã™ã€‚ã‚«ãƒƒã‚³å†…ã¯é–‹ç™ºæ™‚ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§ã™ã€‚

gcloudï¼ˆGoogle Cloud SDK 486.0.0ï¼‰

ã‚¹ã‚¯ãƒªãƒ—ãƒˆå®Ÿè¡Œæ™‚ã¯ã€å®Ÿè¡Œå…ˆã®ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã«å¯¾ã—ã¦ gcloud CLI ã‚’èªè¨¼ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

blog.g-gen.co.jp

å…è²¬äº‹é …

å½“è¨˜äº‹ã§ç´¹ä»‹ã™ã‚‹ãƒ—ãƒã‚°ãƒ©ãƒ ã®ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰ã¯ã€ã”è‡ªèº«ã®è²¬ä»»ã®ã‚‚ã¨ã€ä½¿ç”¨ã€å¼•ç”¨ã€æ”¹å¤‰ã€å†é…å¸ƒã—ã¦æ§‹ã„ã¾ã›ã‚“ã€‚

ãŸã ã—ã€åŒã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰ãŒåŽŸå› ã§ç™ºç”Ÿã—ãŸä¸åˆ©ç›Šã‚„ãƒˆãƒ©ãƒ–ãƒ«ã«ã¤ã„ã¦ã¯ã€å½“ç¤¾ã¯ä¸€åˆ‡ã®è²¬ä»»ã‚’è² ã„ã¾ã›ã‚“ã€‚

ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰

å‰è¿°ã® å…è²¬äº‹é … ã‚’ã”ç†è§£ã®ã†ãˆã€ã”åˆ©ç”¨ãã ã•ã„ã€‚

init.sh

#!/bin/bash
  
# ã‚¨ãƒ©ãƒ¼ãƒãƒ³ãƒ‰ãƒªãƒ³ã‚°: ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸã‚‰ã‚¹ã‚¯ãƒªãƒ—ãƒˆã‚’çµ‚äº†
set -e
  
# å¤‰æ•°ã®è¨å®š
PROJECT_ID="" # ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆID (ex: gha-demo-prj)   
PROJECT_NUMBER="" # ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆç•ªå· (ex: 1234567890)
ORGANIZATION_ID="" # ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã®çµ„ç¹”ID (ex: 0123456789)
WORKLOAD_IDENTITY_POOL="" # Workload Identityãƒ—ãƒ¼ãƒ«å (ex: gha-demo-pool)
WORKLOAD_IDENTITY_PROVIDER="" # Workload Identityãƒ—ãƒãƒã‚¤ãƒ€å (ex: gha-demo-provider)
GITHUB_REPO="" # GitHubãƒªãƒã‚¸ãƒˆãƒªå (ex: gha-demo-org/gha-demo-repo)
  
# ãƒã‚°å‡ºåŠ›é–¢æ•°
log() {
    echo "[INFO] $1"
}
  
log_error() {
    echo "[ERROR] $1" >&2
}
  
# 1. IAM Credential API ã‚’æœ‰åŠ¹åŒ–
if ! gcloud services list --enabled --filter="name:iamcredentials.googleapis.com" --format="value(name)" | grep "iamcredentials.googleapis.com" >/dev/null 2>&1; then
    log "IAM Credential API ã‚’æœ‰åŠ¹ã«ã—ã¦ã„ã¾ã™..."
    gcloud services enable iamcredentials.googleapis.com --project="$PROJECT_ID"
else
    log "IAM Credential API ã¯æ—¢ã«æœ‰åŠ¹åŒ–ã•ã‚Œã¦ã„ã¾ã™"
fi
  
# 2. Workload Identity ãƒ—ãƒ¼ãƒ«ã®ä½œæˆ
if ! gcloud iam workload-identity-pools describe $WORKLOAD_IDENTITY_POOL --location="global" --project="$PROJECT_ID" >/dev/null 2>&1; then
    log "Workload Identity ãƒ—ãƒ¼ãƒ«ã‚’ä½œæˆä¸: $WORKLOAD_IDENTITY_POOL"
    gcloud iam workload-identity-pools create $WORKLOAD_IDENTITY_POOL \
        --project="$PROJECT_ID" \
        --location="global" \
        --display-name="$WORKLOAD_IDENTITY_POOL"
else
    log "Workload Identity ãƒ—ãƒ¼ãƒ«ã¯æ—¢ã«å˜åœ¨ã—ã¾ã™: $WORKLOAD_IDENTITY_POOL"
fi
  
# 3. Workload Identity ãƒ—ãƒãƒã‚¤ãƒ€ã®ä½œæˆ
if ! gcloud iam workload-identity-pools providers describe $WORKLOAD_IDENTITY_PROVIDER --workload-identity-pool="$WORKLOAD_IDENTITY_POOL" --location="global" --project="$PROJECT_ID" >/dev/null 2>&1; then
    log "Workload Identity ãƒ—ãƒãƒã‚¤ãƒ€ã‚’ä½œæˆä¸: $WORKLOAD_IDENTITY_PROVIDER"
    gcloud iam workload-identity-pools providers create-oidc $WORKLOAD_IDENTITY_PROVIDER \
        --project="$PROJECT_ID" \
        --location="global" \
        --workload-identity-pool="$WORKLOAD_IDENTITY_POOL" \
        --display-name="$WORKLOAD_IDENTITY_PROVIDER" \
        --issuer-uri="https://token.actions.githubusercontent.com" \
        --attribute-mapping="google.subject=assertion.sub,attribute.actor=assertion.actor,attribute.repository=assertion.repository" \
        --attribute-condition="assertion.repository=='$GITHUB_REPO'"
else
    log "Workload Identity ãƒ—ãƒãƒã‚¤ãƒ€ã¯æ—¢ã«å˜åœ¨ã—ã¾ã™: $WORKLOAD_IDENTITY_PROVIDER"
fi
  
# 4. çµ„ç¹”ãƒ¬ãƒ™ãƒ«ã§ã®ãƒãƒ¼ãƒ«ä»˜ä¸Ž
log "çµ„ç¹”ãƒ¬ãƒ™ãƒ«ã§ã®ãƒãƒ¼ãƒ«ä»˜ä¸Žã®ç¢ºèª"
for role in "roles/resourcemanager.organizationAdmin" "roles/owner"; do
    if ! gcloud organizations get-iam-policy $ORGANIZATION_ID --flatten="bindings[].members" --filter="bindings.members:principalSet://iam.googleapis.com/projects/$PROJECT_NUMBER/locations/global/workloadIdentityPools/$WORKLOAD_IDENTITY_POOL AND bindings.role:$role" --format="value(bindings.role)" | grep "$role" >/dev/null 2>&1; then
        log "$role ã‚’Workload Identity ãƒ—ãƒ¼ãƒ«ã«ä»˜ä¸Žä¸: $WORKLOAD_IDENTITY_POOL"
        gcloud organizations add-iam-policy-binding $ORGANIZATION_ID \
            --member="principalSet://iam.googleapis.com/projects/$PROJECT_NUMBER/locations/global/workloadIdentityPools/$WORKLOAD_IDENTITY_POOL/attribute.repository/$GITHUB_REPO" \
            --role="$role"
    else
        log "$role ã¯æ—¢ã«Workload Identity ãƒ—ãƒ¼ãƒ«ã«ä»˜ä¸Žã•ã‚Œã¦ã„ã¾ã™: $WORKLOAD_IDENTITY_POOL"
    fi
done
  
log "Direct Workload Identity è¨å®šãŒå®Œäº†ã—ã¾ã—ãŸã€‚"

ã‚¹ã‚¯ãƒªãƒ—ãƒˆã®ä½¿ã„æ–¹

èªè¨¼

ã¾ãšã¯å®Ÿè¡Œå…ˆã®ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã«å¯¾ã—ã¦ gcloud CLI ã®èªè¨¼ã‚’é€šã—ã¾ã™ã€‚

# å®Ÿè¡Œå…ˆãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã®ç¢ºèª
$ gcloud config list
[core]
account = [email protected]
disable_usage_reporting = True
project = gha-demo-prj
  
Your active configuration is: [gha-demo-prj]
   
# gcloud CLI ã®èªè¨¼
$ gcloud auth login
  
~~ä¸ç•¥~~
  
You are now logged in as [[email protected]].
Your current project is [gha-demo-prj].

å¤‰æ•°è¨å®š

7~12è¡Œç›®ã®å¤‰æ•°ã«ç’°å¢ƒæƒ…å ±ã‚’å…¥åŠ›ã—ã¾ã™ã€‚

â€» å½“ã‚¹ã‚¯ãƒªãƒ—ãƒˆã§ã¯ã€ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®å¤‰æ•°å®šç¾©ã¯ã‚ã‚Šã¾ã›ã‚“ã€‚

å®Ÿè¡Œ

ã‚¹ã‚¯ãƒªãƒ—ãƒˆã«å®Ÿè¡Œæ¨©é™ã‚’ä»˜ä¸Žã—ã¦å®Ÿè¡Œã—ã¾ã™ã€‚

â€» å½“ã‚¹ã‚¯ãƒªãƒ—ãƒˆã§ã¯ã€ä»¥ä¸‹ã®ãƒªã‚½ãƒ¼ã‚¹ã¯ä½œæˆã—ã¾ã›ã‚“ã€‚

ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ
ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’å€Ÿç”¨ã™ã‚‹ãŸã‚ã® IAM Policy
Workload Identity ãƒ—ãƒ¼ãƒ«ã¨ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®ç´ã¥ã‘

# å®Ÿè¡Œæ¨©é™ä»˜ä¸Ž
$ chmod +x init.sh 
$ ls -l
-rwxr-xr-x 1 test-user test-user 3784 Nov 12 14:27 init.sh

# ã‚¹ã‚¯ãƒªãƒ—ãƒˆå®Ÿè¡Œ
$ ./init.sh 
[INFO] IAM Credential API ã¯æ—¢ã«æœ‰åŠ¹åŒ–ã•ã‚Œã¦ã„ã¾ã™
[INFO] Workload Identity ãƒ—ãƒ¼ãƒ«ã‚’ä½œæˆä¸: gha-demo-pool
Created workload identity pool [gha-demo-pool].
[INFO] Workload Identity ãƒ—ãƒãƒã‚¤ãƒ€ã‚’ä½œæˆä¸: gha-demo-provider
Created workload identity pool provider [gha-demo-provider].
[INFO] çµ„ç¹”ãƒ¬ãƒ™ãƒ«ã§ã®ãƒãƒ¼ãƒ«ä»˜ä¸Žã®ç¢ºèª
[INFO] roles/resourcemanager.organizationAdmin ã‚’Workload Identity ãƒ—ãƒ¼ãƒ«ã«ä»˜ä¸Žä¸: gha-demo-pool
Updated IAM policy for organization [0123456789].
  
~~ä¸ç•¥~~
  
[INFO] roles/owner ã‚’Workload Identity ãƒ—ãƒ¼ãƒ«ã«ä»˜ä¸Žä¸: gha-demo-pool
Updated IAM policy for organization [0123456789].
  
~~ä¸ç•¥~~
  
[INFO] Workload Identity è¨å®šãŒå®Œäº†ã—ã¾ã—ãŸã€‚

ãƒªã‚½ãƒ¼ã‚¹ã®ç¢ºèª

Workload Identity ãƒ—ãƒ¼ãƒ«ãƒ»ãƒ—ãƒãƒã‚¤ãƒ€ãƒ¼

ä»¥ä¸‹ã®ã‚ˆã†ã«ä½œæˆã•ã‚Œã¾ã™ã€‚

Workload Identity ãƒ—ãƒ¼ãƒ« (1/2)

Workload Identity ãƒ—ãƒ¼ãƒ« (2/2)ã€ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’ä½¿ç”¨ã—ã¦ã„ãªã„

Workload Identity ãƒ—ãƒãƒã‚¤ãƒ€ãƒ¼ (1/2)

Workload Identity ãƒ—ãƒãƒã‚¤ãƒ€ãƒ¼ (2/2)

ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ

å‰è¿°ã®é€šã‚Šã€Direct Workload Identity ã«ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã¯ä¸è¦ãªãŸã‚ã€å½“ã‚¹ã‚¯ãƒªãƒ—ãƒˆã§ã¯ä½œæˆã—ã¾ã›ã‚“ã€‚

Workload Identity ãƒ—ãƒ¼ãƒ«ã® IAM Policy

çµ„ç¹”ãƒ¬ãƒ™ãƒ«ã® IAM Policy

æ§‹æˆ

å½“ã‚¹ã‚¯ãƒªãƒ—ãƒˆã§ä½œæˆã•ã‚Œã‚‹ Workload Identity ã‚’ä½¿ã„ã€Google Cloud ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã«å¯¾ã™ã‚‹ terraform plan ã‚„ terraform apply ã‚’ã€GitHub Actions ã§è‡ªå‹•åŒ–ã—ã¾ã™ã€‚

ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼ã‚„ Terraform ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰ã¯æ¬¡é …ã«è¨˜è¼‰ã®ã‚‚ã®ã‚’ä½¿ç”¨ã—ã¾ã™ã€‚
ã”åˆ©ç”¨ã•ã‚Œã‚‹å ´åˆã¯ã€å‰è¿°ã® å…è²¬äº‹é … ã‚’ã”ç†è§£ã®ã†ãˆã€ã”åˆ©ç”¨ãã ã•ã„ã€‚

ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰ (Terraform)

Terraform ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªæ§‹æˆ

.
â”œâ”€â”€ .github
â”‚   â””â”€â”€ workflows
â”‚       â””â”€â”€ terraform.yaml
â”œâ”€â”€ env
â”‚   â””â”€â”€ demo
â”‚       â”œâ”€â”€ backend.tf
â”‚       â”œâ”€â”€ locals.tf
â”‚       â”œâ”€â”€ main.tf
â”‚       â””â”€â”€ versions.tf
â”œâ”€â”€ modules
â”‚   â””â”€â”€ apis
â”‚       â”œâ”€â”€ main.tf
â”‚       â”œâ”€â”€ outputs.tf
â”‚       â””â”€â”€ variables.tf
â”œâ”€â”€ .gitignore
â”œâ”€â”€ init.sh
â””â”€â”€ README.md

ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼ (terraform.yaml)

ä»¥ä¸‹ã®å€¤ã‚’ã”è‡ªèº«ã®ç’°å¢ƒã§ä½œæˆã—ãŸãƒªã‚½ãƒ¼ã‚¹ã«ç½®ãæ›ãˆã¦ãã ã•ã„ã€‚

38è¡Œç›®ï¼š Workload Identity ãƒ—ãƒãƒã‚¤ãƒ€ãƒ¼

Direct Workload Identity ã§ã¯ã€google-github-actions/auth@v2 ã§ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’å®šç¾©ã™ã‚‹å¿…è¦ã¯ã‚ã‚Šã¾ã›ã‚“ã€‚

name: terraform
  
# main ãƒ–ãƒ©ãƒ³ãƒã¸ã® Pull request ã¨ Merge
on:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main
  
# ã‚¸ãƒ§ãƒ– (GitHUb runners ã§å®Ÿè¡Œ)
jobs:
  terraform-workflow:
    runs-on: ubuntu-latest
  
    permissions:
      id-token: write
      contents: read
      pull-requests: write
  
    strategy:
      matrix:
        # tf_working_dir ã« main.tf (å‘¼ã³å‡ºã—å´) ã®ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’æŒ‡å®š
        tf_working_dir:
          - ./env/demo
  
    steps:
      - uses: actions/checkout@v4
        name: Checkout
        id: checkout

      # Workload Identity é€£æº
      # https://cloud.google.com/iam/docs/using-workload-identity-federation#generate-automatic
      - id: 'auth'
        name: 'Authenticate to Google Cloud'
        uses: 'google-github-actions/auth@v2'
        with:
          workload_identity_provider: 'projects/1234567890/locations/global/workloadIdentityPools/gha-demo-pool/providers/gha-demo-provider'
  
      # https://github.com/marketplace/actions/setup-tfcmt      
      - uses: shmokmt/actions-setup-tfcmt@v2
        name: Setup tfcmt
  
      # https://github.com/marketplace/actions/setup-github-comment
      - uses: shmokmt/actions-setup-github-comment@v2
        name: Setup github-comment
        
      # https://github.com/actions/setup-node
      # https://github.com/hashicorp/setup-terraform/issues/84
      - uses: actions/setup-node@v4
        with:
          node-version: '18'
  
      - uses: hashicorp/setup-terraform@v3
        name: Setup terraform
  
      - name: Terraform fmt
        id: fmt
        run: |
          cd ${{ matrix.tf_working_dir }}
          terraform fmt -recursive
        continue-on-error: true
      
      - name: Terraform Init
        id: init
        run: |
          cd ${{ matrix.tf_working_dir }}
          terraform init -upgrade
  
      - name: Terraform Validate
        id: validate
        run: |
          cd ${{ matrix.tf_working_dir }}
          terraform validate
  
      # main ãƒ–ãƒ©ãƒ³ãƒã¸ pull request ã—ãŸéš›ã« terraform plan ã‚’å®Ÿè¡Œ
      - name: Terraform Plan
        id: plan
        if: github.event_name == 'pull_request'
        run: |
          cd ${{ matrix.tf_working_dir }}
          export GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
          tfcmt -var target:${{ matrix.tf_working_dir }} plan -- terraform plan --parallelism=50
          github-comment hide -condition 'Comment.Body contains "No changes."'
        continue-on-error: true
  
      # terraform status ã§å¤±æ•—ã—ãŸéš›ã« workflow ã‚’åœæ¢
      - name: Terraform Plan Status
        id: status
        if: steps.plan.outcome == 'failure'
        run: exit 1
  
      # main ãƒ–ãƒ©ãƒ³ãƒã¸ push ã—ãŸéš›ã« terraform apply ã‚’å®Ÿè¡Œ
      - name: Terraform Apply
        id: apply
        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
        run: |
          cd ${{ matrix.tf_working_dir }}
          export GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
          tfcmt -var target:${{ matrix.tf_working_dir }} apply -- terraform apply -auto-approve -input=false --parallelism=50

env/demo é…ä¸‹ (å‘¼ã³å‡ºã—å´)

# backend.tf
terraform {
  backend "gcs" {
    bucket = "gha-demo-prj-tfstate"
    prefix = "terraform/state"
  }
}
  
# locals.tf
locals {
  project_id = "gha-demo-prj"
  
  apis = [
    "artifactregistry.googleapis.com",
    "cloudapis.googleapis.com",
    "cloudasset.googleapis.com",
    "cloudresourcemanager.googleapis.com",
    "iam.googleapis.com",
    "iamcredentials.googleapis.com",
    "servicemanagement.googleapis.com",
    "serviceusage.googleapis.com",
    "sts.googleapis.com",
  ]
}
  
# main.tf
module "apis" {
  source     = "../../modules/apis"
  project_id = local.project_id
  apis       = local.apis
}
  
# versions.tf
terraform {
  required_version = "~> 1.9.7"
  
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "~> 6.6.0"
    }
  }
}
  
provider "google" {
  user_project_override = true
}

modules/apis é…ä¸‹ (ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«)

# main.tf
resource "google_project_service" "apis" {
  for_each           = toset(var.apis)
  project            = var.project_id
  service            = each.value
  disable_on_destroy = false
}
  
resource "null_resource" "delay" {
  provisioner "local-exec" {
    command = "sleep 180"
  }
  
  depends_on = [google_project_service.apis]
}
  
# outputs.tf
output "enabled_apis" {
  description = "List of enabled APIs for the project"
  value       = [for service in google_project_service.apis : service.id]
}
  
# variables.tf
variable "apis" {
  description = "List of APIs to enable"
  type = list(string)
}
  
variable "project_id" {
  description = "The ID of the project to create resources in"
  type        = string
}

ãƒ—ãƒ«ãƒªã‚¯ã‚¨ã‚¹ãƒˆ (terraform plan)

Direct Workload Identity ã§ã‚‚ã€main ãƒ–ãƒ©ãƒ³ãƒã¸ã®ãƒ—ãƒ«ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚’ãƒˆãƒªã‚¬ãƒ¼ã« terraform plan ãŒå®Ÿè¡Œã•ã‚Œã¾ã—ãŸã€‚
â€» ãƒ—ãƒ«ãƒªã‚¯ã‚¨ã‚¹ãƒˆã®å ´åˆã€terraform apply ã¯ã‚¹ã‚ãƒƒãƒ—ã•ã‚Œã¾ã™ã€‚

ãƒ—ãƒ«ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚’ãƒˆãƒªã‚¬ãƒ¼ã« terraform plan ãŒè‡ªå‹•å®Ÿè¡Œ

ãƒžãƒ¼ã‚¸ (terraform apply)

Direct Workload Identity ã§ã‚‚ã€main ãƒ–ãƒ©ãƒ³ãƒã¸ã®ãƒžãƒ¼ã‚¸ã‚’ãƒˆãƒªã‚¬ãƒ¼ã« terraform apply ãŒå®Ÿè¡Œã•ã‚Œã¾ã—ãŸã€‚
â€» ãƒžãƒ¼ã‚¸ã®å ´åˆã€terraform plan ã¯ã‚¹ã‚ãƒƒãƒ—ã•ã‚Œã¾ã™ã€‚

ãƒžãƒ¼ã‚¸ã‚’ãƒˆãƒªã‚¬ãƒ¼ã« terraform apply ãŒè‡ªå‹•å®Ÿè¡Œ

Googleãƒ‰ãƒ©ã‚¤ãƒ–ã‚’ãƒ‡ãƒ¼ã‚¿ã‚½ãƒ¼ã‚¹ã¨ã™ã‚‹Vertex AI Searchã‚¢ãƒ—ãƒªã§Pythonã‹ã‚‰ã®æ¤œç´¢çµæžœãŒã‚¼ãƒã«ãªã‚‹å ´åˆã®å¯¾å‡¦æ³•

2024-12-09T09:00:00+09:00

G-gen ã®å ‚åŽŸã§ã™ã€‚å½“è¨˜äº‹ã§ã¯ã€Google ãƒ‰ãƒ©ã‚¤ãƒ–ã‚’ãƒ‡ãƒ¼ã‚¿ã‚½ãƒ¼ã‚¹ã¨ã™ã‚‹ Vertex AI Search ã‚¢ãƒ—ãƒªã«å¯¾ã—ã¦ã€Python ã‹ã‚‰æ¤œç´¢ã‚’è¡Œã†éš›ã«æ¤œç´¢çµæžœãŒ0ä»¶ã«ãªã£ã¦ã—ã¾ã†å ´åˆã®å¯¾å‡¦æ³•ã«ã¤ã„ã¦ç´¹ä»‹ã—ã¾ã™ã€‚

ã¯ã˜ã‚ã«
æ¤œç´¢ãŒå¤±æ•—ã™ã‚‹ã‚±ãƒ¼ã‚¹
- Google Cloud APIs ã®ãƒãƒ£ãƒ³ãƒãƒ«ãŒ v1alpha ä»¥å¤–ã®å ´åˆ
- ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’ç”¨ã„ã‚‹å ´åˆ
å¯¾å‡¦æ³•
Python Client

ã¯ã˜ã‚ã«

å½“è¨˜äº‹ã§ã¯ã€Google Cloudï¼ˆæ—§ç§° GCPï¼‰ãŒæä¾›ã™ã‚‹æ¤œç´¢ã‚¨ãƒ³ã‚¸ãƒ³ã‚µãƒ¼ãƒ“ã‚¹ã§ã‚ã‚‹ Vertex AI Search ã«ãŠã„ã¦ã€Google ãƒ‰ãƒ©ã‚¤ãƒ–ã‚’ãƒ‡ãƒ¼ã‚¿ã‚½ãƒ¼ã‚¹ã¨ã™ã‚‹ Vertex AI Search ã‚¢ãƒ—ãƒªã«å¯¾ã—ã¦ã€Python ã‹ã‚‰æ¤œç´¢ã‚’è¡Œã†æ–¹æ³•ã«ã¤ã„ã¦ç´¹ä»‹ã—ã¾ã™ã€‚

Vertex AI Search ã‚¢ãƒ—ãƒªã‚’ Python ã‹ã‚‰æ¤œç´¢ã™ã‚‹ã«ã¯ã€æ¬¡ã® 2 ã¤ã®æ–¹æ³•ãŒã‚ã‚Šã¾ã™ã€‚

Python Client ã‚’ç”¨ã„ã‚‹æ–¹æ³•

ã—ã‹ã—å®Ÿè£…æ–¹æ³•ã«ã‚ˆã£ã¦ã¯ã€æ¤œç´¢çµæžœãŒ0ä»¶ã«ãªã£ã¦ã—ã¾ã†å ´åˆãŒã‚ã‚Šã¾ã™ã€‚

æ¤œç´¢ãŒå¤±æ•—ã™ã‚‹ã‚±ãƒ¼ã‚¹

Google Cloud APIs ã®ãƒãƒ£ãƒ³ãƒãƒ«ãŒ v1alpha ä»¥å¤–ã®å ´åˆ

å½“è¨˜äº‹ã‚’åŸ·ç†ã—ãŸ2024å¹´12æœˆç¾åœ¨ã€Google ãƒ‰ãƒ©ã‚¤ãƒ–ã‚’ãƒ‡ãƒ¼ã‚¿ã‚½ãƒ¼ã‚¹ã¨ã™ã‚‹ Vertex AI Search ã‚¢ãƒ—ãƒªã¸ã®æ¤œç´¢ã¯ã€ã€ŒPython Client ã‚’ç”¨ã„ã‚‹æ–¹æ³•ã€ã€Œç›´æŽ¥ Google Cloud APIs ã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹æ–¹æ³•ã€ã®ä¸¡æ–¹ã¨ã‚‚ã€v1alpha ã§ã®ã¿æœŸå¾…é€šã‚Šå‹•ä½œã—ã¾ã™ã€‚ä¸€æ–¹ã§ã€v1 ã¾ãŸã¯ v1beta ã‚’ç”¨ã„ãŸå ´åˆã¯ã€æ¤œç´¢çµæžœãŒ0ä»¶ã«ãªã‚Šã¾ã™ã€‚

Google Cloud APIs ã«ãŠã„ã¦ v1alpha ã¨ã¯ã€API ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’ç¤ºã™ãƒãƒ£ãƒ³ãƒãƒ«ã®1ã¤ã§ã™ã€‚Google Cloud APIs ã¯åŸºæœ¬çš„ã«ã€v1alphaã€v1betaã€v1 ã¨ã„ã†é †ã§é–‹ç™ºãŒé€²ã¿ã¾ã™ã€‚v1alpha ã®æ©Ÿèƒ½ã¯äºˆå‘Šãªãå‰Šé™¤ã•ã‚Œã‚‹å¯èƒ½æ€§ãŒã‚ã‚‹ãŸã‚ã€æœ¬ç•ªç’°å¢ƒã§ã®åˆ©ç”¨ã¯éžæŽ¨å¥¨ã§ã™ã€‚

å‚è€ƒ : ãƒãƒ¼ã‚¸ãƒ§ãƒ‹ãƒ³ã‚°

ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’ç”¨ã„ã‚‹å ´åˆ

Google Cloud APIs ã«ã¯é€šå¸¸ã€Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã¾ãŸã¯ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®èªè¨¼æƒ…å ±ã‚’ä½¿ç”¨ã—ã¦ã‚¢ã‚¯ã‚»ã‚¹ã—ã¾ã™ã€‚

ãŸã ã—ã€2024å¹´12æœˆç¾åœ¨ã§ã¯ã€ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’ç”¨ã„ã¦ Google ãƒ‰ãƒ©ã‚¤ãƒ–ã‚’ãƒ‡ãƒ¼ã‚¿ã‚½ãƒ¼ã‚¹ã¨ã™ã‚‹ Vertex AI Search ã‚¢ãƒ—ãƒªã¸ã®æ¤œç´¢ã‚’è¡Œã£ãŸå ´åˆã€ã‚µãƒ¼ãƒå´ã®ã‚¨ãƒ©ãƒ¼ï¼ˆ500 Internal Server Errorï¼‰ãŒç™ºç”Ÿã—ã¾ã™ã€‚

å¯¾å‡¦æ³•

å½“äº‹è±¡ã«å¯¾ã™ã‚‹2024å¹´12æœˆç¾åœ¨ã®å¯¾å‡¦æ³•ã¯ã€ä»¥ä¸‹ã®ã¨ãŠã‚Šã§ã™ã€‚

ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã§ã¯ãªãã€Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®èªè¨¼æƒ…å ±ã‚’ä½¿ç”¨ã™ã‚‹

Python Client

ã‚µãƒ³ãƒ—ãƒ«ã‚³ãƒ¼ãƒ‰

Python Client ã‚’ä½¿ç”¨ã™ã‚‹å ´åˆã®ã‚µãƒ³ãƒ—ãƒ«ã‚³ãƒ¼ãƒ‰ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™ã€‚

from google.cloud.discoveryengine_v1alpha import SearchServiceClient, SearchRequest
from google.protobuf.json_format import MessageToDict
 
PROJECT_ID = "xxx" # Google Cloud ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆ ID
VERTEX_AI_APP_ID = "xxx" # Vertex AI Search ã‚¢ãƒ—ãƒªã® ID
 
client = SearchServiceClient(credentials=credentials)
 
serving_config = f"projects/{PROJECT_ID}/locations/global/collections/default_collection/engines/{VERTEX_AI_APP_ID}/servingConfigs/default_serving_config"
 
content_search_spec = SearchRequest.ContentSearchSpec(
    # ã‚¹ãƒ‹ãƒšãƒƒãƒˆã‚’å‡ºåŠ›ã•ã›ãªã„
    snippet_spec=SearchRequest.ContentSearchSpec().SnippetSpec(
        return_snippet=False
    ),
    # è¦ç´„æ–‡ã‚’å‡ºåŠ›ã•ã›ã‚‹
    summary_spec=SearchRequest.ContentSearchSpec().SummarySpec(
        summary_result_count=3,
        include_citations=False,

        # Gemini Proã‚’ç”¨ã„ã‚‹ã‚ˆã†ã«æŒ‡å®š
        model_spec=SearchRequest.ContentSearchSpec().SummarySpec().ModelSpec(
            version="gemini-1.5-flash-001/answer_gen/v1"
        )
    )
)
 
# Vertex AI Searchã«ã‚¯ã‚¨ãƒªã‚’æŠ•ã’ã‚‹
response = client.search(
    SearchRequest(
        serving_config=serving_config,
        query="G-genã¨ã¯ï¼Ÿ",
        page_size=3,
        content_search_spec=content_search_spec
    )
)
 
# è¦ç´„æ–‡ã‚’æ¨™æº–å‡ºåŠ›
print(response.summary.summary_text)
 
# æ¤œç´¢çµæžœã‚’æ¨™æº–å‡ºåŠ›
for r in response.results:
    r_dct = MessageToDict(r._pb)
    print(r_dct)

å‚è€ƒ : Class SearchServiceClient

ãƒã‚¤ãƒ³ãƒˆ

from google.cloud.discoveryengine_v1alpha import SearchServiceClient, SearchRequest

ä¸Šè¨˜ã®ã‚ˆã†ã«ã€google-cloud-discoveryengine ã‚’ã‚¤ãƒ³ãƒãƒ¼ãƒˆã™ã‚‹éš›ã®ãƒãƒ£ãƒ³ãƒãƒ«æŒ‡å®šã¯ _v1alpha ã‚’æ˜Žç¤ºçš„ã«æŒ‡å®šã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚ãƒãƒ£ãƒ³ãƒãƒ«ã‚’æŒ‡å®šã—ãªã„ä»¥ä¸‹ã®ã‚ˆã†ãªã‚¤ãƒ³ãƒãƒ¼ãƒˆæ–‡ã ã¨ã€æ¤œç´¢ãŒå¤±æ•—ã™ã‚‹ã‚±ãƒ¼ã‚¹ã«è¨˜è¼‰ã®é€šã‚Šã€æ¤œç´¢çµæžœãŒ0ä»¶ã«ãªã‚Šã¾ã™ã€‚

# æœªæŒ‡å®š
from google.cloud.discoveryengine import SearchServiceClient, SearchRequest
 
# v1 æŒ‡å®š
from google.cloud.discoveryengine_v1 import SearchServiceClient, SearchRequest
 
# v1beta æŒ‡å®š
from google.cloud.discoveryengine_v1beta import SearchServiceClient, SearchRequest

credentials

client = SearchServiceClient(credentials=credentials) ã§ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã¨ã—ã¦ä¸Žãˆã‚‹èªè¨¼æƒ…å ±ã¯ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®ã‚‚ã®ã§ã¯ãªãã€Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®ã‚‚ã®ã«ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®èªè¨¼æƒ…å ±ã®å ´åˆã¯å¤‰æ•°ã®åž‹ãŒ google.oauth2.credentials.Credentials ã«ã€ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®èªè¨¼æƒ…å ±ã®å ´åˆã¯å¤‰æ•°ã®åž‹ãŒ google.oauth2.service_account.Credentials ã«ãªã‚Šã¾ã™ã€‚

ã‚µãƒ³ãƒ—ãƒ«ã‚³ãƒ¼ãƒ‰

Requests ãƒ©ã‚¤ãƒ–ãƒ©ãƒªã‚’ä½¿ç”¨ã—ã¦ Google Cloud APIs ã«ç›´æŽ¥ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹å ´åˆã®ã‚µãƒ³ãƒ—ãƒ«ã‚³ãƒ¼ãƒ‰ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™ã€‚

import requests
 
PROJECT_NUMBER = "xxx" # Google Cloud ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆç•ªå·
VERTEX_AI_APP_ID = "xxx" # Vertex AI Search ã‚¢ãƒ—ãƒªã® ID
 
# APIã®URL
url = f"https://discoveryengine.googleapis.com/v1alpha/projects/{PROJECT_NUMBER}/locations/global/collections/default_collection/engines/{VERTEX_AI_APP_ID}/servingConfigs/default_search"
 
# ãƒªã‚¯ã‚¨ã‚¹ãƒˆãƒ˜ãƒƒãƒ€
headers = {
    "Authorization": "Bearer " + credentials.token,
    "Content-Type": "application/json",
}
 
# ãƒªã‚¯ã‚¨ã‚¹ãƒˆãƒœãƒ‡ã‚£
session = f"projects/{PROJECT_NUMBER}/locations/global/collections/default_collection/engines/{VERTEX_AI_APP_ID}/sessions/-"
data = {
    "query": "G-genã¨ã¯ï¼Ÿ",
    "pageSize": 3,
    "contentSearchSpec": {
        "snippetSpec": {
            "returnSnippet": False
        },
        "extractiveContentSpec": {
            "maxExtractiveAnswerCount": 1
        }
    },
    "session": session
}
 
# æ¤œç´¢ãƒªã‚¯ã‚¨ã‚¹ãƒˆé€ä¿¡
response = requests.post(f"{url}:search", headers=headers, json=data)
 
# æ¤œç´¢çµæžœã‚’æ¨™æº–å‡ºåŠ›
for r in response.json().get("results"):
    print(r)
 
data = {
    "query": {
        "text": "G-genã¨ã¯ï¼Ÿ",
        "queryId": response.json().get("sessionInfo").get("queryId")
    },
    "session": response.json().get("sessionInfo").get("name"),
    "answerGenerationSpec": {
        "modelSpec": {
            "modelVersion": "gemini-1.5-flash-001/answer_gen/v1"
        }
    }
}
 
# è¦ç´„ãƒªã‚¯ã‚¨ã‚¹ãƒˆé€ä¿¡
response = requests.post(f"{url}:answer", headers=headers, json=data)
 
# è¦ç´„æ–‡ã‚’æ¨™æº–å‡ºåŠ›
print(response.json().get("answer").get("answerText"))

å‚è€ƒ : Method: projects.locations.collections.dataStores.servingConfigs.search

ãƒã‚¤ãƒ³ãƒˆ

Requests ãƒ©ã‚¤ãƒ–ãƒ©ãƒªã‚’ç”¨ã„ã¦ç›´æŽ¥ Google Cloud APIs ã«ã‚¢ã‚¯ã‚»ã‚¹ãƒ‘ã‚¿ãƒ¼ãƒ³ã§ã‚‚ã€é‡è¦ãªãƒã‚¤ãƒ³ãƒˆã¯ Python Client ã‚’ç”¨ã„ã‚‹å ´åˆã¨å¤‰ã‚ã‚Šã¾ã›ã‚“ã€‚

API ã® URL ã®ãƒãƒ£ãƒ³ãƒãƒ«æŒ‡å®šã‚’ v1alpha ã«ã™ã‚‹
ãƒ˜ãƒƒãƒ€ã® Authorization ã«å«ã‚€ãƒˆãƒ¼ã‚¯ãƒ³ã¯ Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®ã‚¢ã‚¯ã‚»ã‚¹ãƒˆãƒ¼ã‚¯ãƒ³ã¨ã™ã‚‹

Cloud Run functionsã‹ã‚‰VPC Service Controlså¢ƒç•Œå†…ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’è¨±å¯ã™ã‚‹æ–¹æ³•

2024-12-06T09:00:00+09:00

G-gen ã®å ‚åŽŸã§ã™ã€‚æœ¬è¨˜äº‹ã§ã¯ Google Cloudï¼ˆæ—§ç§° GCPï¼‰ã® Cloud Run functionsï¼ˆæ—§ Cloud Functionsï¼‰ã‹ã‚‰ã€VPC Service Controls å¢ƒç•Œã®ä¸ã®ãƒªã‚½ãƒ¼ã‚¹ã¸ã‚¢ã‚¯ã‚»ã‚¹ã•ã›ã‚‹æ–¹æ³•ã«ã¤ã„ã¦ç´¹ä»‹ã—ã¾ã™ã€‚

ã¯ã˜ã‚ã«
ãƒã‚¤ãƒ³ãƒˆ
ã‚¢ã‚¯ã‚»ã‚¹ã®æˆå¦
VPC çµŒç”±ã§ã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆãŒå¿…è¦ãªç†ç”±
VPC ã®ã‚¢ã‚¯ã‚»ã‚¹å¯èƒ½ãªã‚µãƒ¼ãƒ“ã‚¹

ã¯ã˜ã‚ã«

æœ¬è¨˜äº‹ã®è¶£æ—¨

æœ¬è¨˜äº‹ã§ã¯ã€Cloud Run functions ã‹ã‚‰ã€VPC Service Controls ã§ä¿è·ã•ã‚ŒãŸ Google Cloud ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã®ãƒªã‚½ãƒ¼ã‚¹ã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹æ–¹æ³•ã‚„ã€ã©ã®ã‚ˆã†ãªè¨å®šã§ã‚¢ã‚¯ã‚»ã‚¹ãŒæˆåŠŸã¾ãŸã¯å¤±æ•—ã™ã‚‹ã®ã‹ã«ã¤ã„ã¦è§£èª¬ã—ã¾ã™ã€‚

VPC Service Controls

VPC Service Controls ã¯ Google Cloud ãŒæä¾›ã™ã‚‹ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚µãƒ¼ãƒ“ã‚¹ã§ã™ã€‚ ã€Œã‚µãƒ¼ãƒ“ã‚¹å¢ƒç•Œï¼ˆservice perimeterï¼‰ã€ã¨ã„ã†è«–ç†çš„ãªå¢ƒç•Œã‚’ä½œæˆã—ã€å¢ƒç•Œã‚’ã¾ãŸã API ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚’åˆ¶é™ã—ã¾ã™ã€‚

VPC Service Controls ã«ã¤ã„ã¦ã¯ã€ä»¥ä¸‹ã®è¨˜äº‹ã§è§£èª¬ã—ã¦ã„ã¾ã™ã®ã§ã”å‚ç…§ãã ã•ã„ã€‚

blog.g-gen.co.jp

ãªãŠæœ¬è¨˜äº‹ã¯ Ingress rulesï¼ˆå†…å‘ããƒ«ãƒ¼ãƒ«ï¼‰ãªã©ã€VPC Service Controls ã®åŸºæœ¬çš„ãªè¨å®šé …ç›®ã«ã¤ã„ã¦ã¯ç†è§£ã—ã¦ã„ã‚‹å‰æã§æ›¸ã‹ã‚Œã¦ã„ã¾ã™ã€‚

Cloud Run functions

Cloud Run functions ã¯ã€Google Cloud ãŒæä¾›ã™ã‚‹ã‚µãƒ¼ãƒãƒ¬ã‚¹ã‚³ãƒ³ãƒ”ãƒ¥ãƒ¼ãƒ†ã‚£ãƒ³ã‚°ã‚µãƒ¼ãƒ“ã‚¹ã§ã™ã€‚ã‚¤ãƒ³ãƒ•ãƒ©ã®æ§‹ç¯‰ã‚„ç®¡ç†ã‚’ã™ã‚‹ã“ã¨ãªãã€ãƒ—ãƒã‚°ãƒ©ãƒ ã‚’å®Ÿè¡Œã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

ã“ã¡ã‚‰ã‚‚ä»¥ä¸‹ã®è¨˜äº‹ã§è§£èª¬ã—ã¦ã„ã¾ã™ã®ã§ã€ã”å‚ç…§ãã ã•ã„ã€‚

blog.g-gen.co.jp

ãƒã‚¤ãƒ³ãƒˆ

æœ¬è¨˜äº‹ã§æœ€ã‚‚ä¼ãˆãŸã„ãƒã‚¤ãƒ³ãƒˆã¯ã€ä»¥ä¸‹ã®ã¨ãŠã‚Šã§ã™ã€‚

VPC Service Controls ã® Ingress ruleï¼ˆå†…å‘ããƒ«ãƒ¼ãƒ«ï¼‰ã§ã‚½ãƒ¼ã‚¹ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã‚’æŒ‡å®šã™ã‚‹å ´åˆã€Cloud Run functions ã¯ VPC çµŒç”±ã§ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚’é€ä¿¡ã™ã‚‹å¿…è¦ãŒã‚ã‚‹ã€‚

ã‚¢ã‚¯ã‚»ã‚¹ã®æˆå¦

ä»¥ä¸‹ã®ã‚ˆã†ãªæ¤œè¨¼ç’°å¢ƒã‚’ç”¨æ„ã—ã¾ã—ãŸã€‚

VPC Service Controls ã§ä¿è·ã•ã‚ŒãŸ Google Cloud ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆ
ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆå†…ã« Cloud Run functions ã¨ BigQuery ãƒ†ãƒ¼ãƒ–ãƒ«ã‚’ç”¨æ„
Cloud Run functions ã«ã¯ã€Œã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ Aã€ã‚’ç´ã¥ã‘
Cloud Run functions ã‹ã‚‰ BigQuery ãƒ†ãƒ¼ãƒ–ãƒ«ã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹çŠ¶æ³ã‚’æƒ³å®š

ã“ã®ç’°å¢ƒã§ã€VPC Service Controls ã¨ Cloud Run functions ã®å„è¨å®šå€¤ã‚’å¤‰æ›´ã—ãªãŒã‚‰ã€æ§˜ã€…ãªãƒ‘ã‚¿ãƒ¼ãƒ³ã§ã‚¢ã‚¯ã‚»ã‚¹ã®æˆå¦ã‚’æ¤œè¨¼ã—ã¾ã—ãŸã€‚æ¤œè¨¼çµæžœã¯ã€ä»¥ä¸‹ã®ã‚ˆã†ã«ãªã‚Šã¾ã—ãŸã€‚

No.	VPC Service Controls				Cloud Run functions	ã‚¢ã‚¯ã‚»ã‚¹çµæžœ
	åˆ¶é™ä»˜ãã‚µãƒ¼ãƒ“ã‚¹	VPC ã®ã‚¢ã‚¯ã‚»ã‚¹å¯èƒ½ãªã‚µãƒ¼ãƒ“ã‚¹	ã€ŒIngress rulesã€ã®ã€ŒAPI ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã® FROM å±žæ€§ã€		ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã®ä¸‹ã‚Šè¨å®š
	åˆ¶é™ä»˜ãã‚µãƒ¼ãƒ“ã‚¹	VPC ã®ã‚¢ã‚¯ã‚»ã‚¹å¯èƒ½ãªã‚µãƒ¼ãƒ“ã‚¹	ID	ã‚½ãƒ¼ã‚¹	ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã®ä¸‹ã‚Šè¨å®š
1	BigQuery API	ã™ã¹ã¦ã®åˆ¶é™ä»˜ãã‚µãƒ¼ãƒ“ã‚¹	ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ A	ã™ã¹ã¦ã®ã‚½ãƒ¼ã‚¹	ãªã—	OK
2	BigQuery API	ã™ã¹ã¦ã®åˆ¶é™ä»˜ãã‚µãƒ¼ãƒ“ã‚¹	ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ A	ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆ	ãªã—	NG
3	BigQuery API	ã™ã¹ã¦ã®åˆ¶é™ä»˜ãã‚µãƒ¼ãƒ“ã‚¹	ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ A	ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆ	ã™ã¹ã¦ã®ãƒˆãƒ©ãƒ•ã‚£ãƒƒã‚¯ã‚’ VPC ã‚³ãƒã‚¯ã‚¿çµŒç”±ã§ãƒ«ãƒ¼ãƒ†ã‚£ãƒ³ã‚°ã™ã‚‹	OK
4	BigQuery API	ã™ã¹ã¦ã®åˆ¶é™ä»˜ãã‚µãƒ¼ãƒ“ã‚¹	ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ A	ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆ	ãƒ—ãƒ©ã‚¤ãƒ™ãƒ¼ãƒˆ IP ã¸ã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆã ã‘ã‚’ VPC ã‚³ãƒã‚¯ã‚¿çµŒç”±ã§ãƒ«ãƒ¼ãƒ†ã‚£ãƒ³ã‚°ã™ã‚‹	NG
5	BigQuery API	ãªã—	ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ A	ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆ	ã™ã¹ã¦ã®ãƒˆãƒ©ãƒ•ã‚£ãƒƒã‚¯ã‚’ VPC ã‚³ãƒã‚¯ã‚¿çµŒç”±ã§ãƒ«ãƒ¼ãƒ†ã‚£ãƒ³ã‚°ã™ã‚‹	NG
6	ãªã—	ãªã—	ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ A	ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆ	ã™ã¹ã¦ã®ãƒˆãƒ©ãƒ•ã‚£ãƒƒã‚¯ã‚’ VPC ã‚³ãƒã‚¯ã‚¿çµŒç”±ã§ãƒ«ãƒ¼ãƒ†ã‚£ãƒ³ã‚°ã™ã‚‹	NG
7	ãªã—	ãªã—	ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ A	ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆ	ãªã—	OK

VPC çµŒç”±ã§ã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆãŒå¿…è¦ãªç†ç”±

VPC Service Controls ã§ã¯ã€å¢ƒç•Œã‚’è¶…ãˆã‚‹ã‚ˆã†ãªã‚¢ã‚¯ã‚»ã‚¹ã¯ã€åŽŸå‰‡çš„ã«å…¨ã¦ãƒ–ãƒãƒƒã‚¯ã•ã‚Œã¾ã™ã€‚

Ingress rulesï¼ˆå†…å‘ããƒ«ãƒ¼ãƒ«ï¼‰ã‚’ç”¨ã„ã‚‹ã¨ã€ç‰¹å®šã®ã‚½ãƒ¼ã‚¹ï¼ˆç‰¹å®šã® IP ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚„ Google Cloud ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆï¼‰ã‚’æŽ¥ç¶šå…ƒã¨ã™ã‚‹ç‰¹å®šã® IDï¼ˆGoogle ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚„ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆï¼‰ã«ã‚ˆã‚‹ã‚¢ã‚¯ã‚»ã‚¹ã‚’ä¾‹å¤–çš„ã«è¨±å¯ã™ã‚‹ã“ã¨ãŒå‡ºæ¥ã¾ã™ã€‚

ãã®ãŸã‚ã€Ingress rules ã§ ID ã‚’ Cloud Run functions ã«ç´ã¥ã‘ãŸã€Œã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ Aã€ã«ã€ã‚½ãƒ¼ã‚¹ã‚’ Cloud Run functions ãŒæ‰€å±žã™ã‚‹ Google Cloud ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã«ã™ã‚Œã°ã€å¢ƒç•Œå†…ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã¯æˆåŠŸã™ã‚‹ã‹ã®ã‚ˆã†ã«è€ƒãˆã‚‰ã‚Œã¾ã™ã€‚

ã—ã‹ã—ä¸Šè¨˜ã®å ´åˆã€Cloud Run functions ã‹ã‚‰ã®ã‚¢ã‚¯ã‚»ã‚¹ã¯å¤±æ•—ã—ã¾ã™ã€‚

ã“ã‚Œã¯ã€Google Cloud ã®å…¬å¼ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã«ã¯æ˜Žè¨€ã•ã‚Œã¦ã„ã¾ã›ã‚“ãŒã€Cloud Run functions ã®å®Ÿè¡ŒåŸºç›¤ãŒãƒ¦ãƒ¼ã‚¶ãŒç®¡ç†ã™ã‚‹ Google Cloud ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã¨ã¯åˆ¥ã ã‹ã‚‰ã ã¨æŽ¨æ¸¬ã§ãã¾ã™ã€‚

ãã®ãŸã‚ã€å½“è©²ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã‹ã‚‰ã®ã‚¢ã‚¯ã‚»ã‚¹ã¨ãªã‚‹ã‚ˆã†ã«ã€Cloud Run functions ã‚’ VPC ã«æŽ¥ç¶šã•ã›ã‚‹å¿…è¦ãŒã‚ã‚‹ã®ã§ã™ã€‚

ã“ã®ã“ã¨ã¯ä»¥ä¸‹ã®å…¬å¼ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã§ã‚‚è§¦ã‚Œã‚‰ã‚Œã¦ã„ã¾ã™ã€‚

å‚è€ƒ : å¢ƒç•Œå¤–ã®é–¢æ•°ã§ã® VPC Service Controls ã®ä½¿ç”¨

VPC ã®ã‚¢ã‚¯ã‚»ã‚¹å¯èƒ½ãªã‚µãƒ¼ãƒ“ã‚¹

ã¾ãŸ Cloud Run functions ã« VPC çµŒç”±ã§ VPC Service Controls ã®å¢ƒç•Œå†…ã¸ã‚¢ã‚¯ã‚»ã‚¹ã•ã›ã‚‹å ´åˆã¯ã€ã€ŒVPC ã®ã‚¢ã‚¯ã‚»ã‚¹å¯èƒ½ãªã‚µãƒ¼ãƒ“ã‚¹ï¼ˆVPC Accessible servicesï¼‰ã€ã¨ã„ã†è¨å®šé …ç›®ã®å€¤ã«ã‚‚æ°—ã‚’ã¤ã‘ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚ã“ã®è¨å®šé …ç›®ã¯å¢ƒç•Œå†…ã® VPC ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã‹ã‚‰ã‚¢ã‚¯ã‚»ã‚¹ã§ãã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã‚’åˆ¶å¾¡ã™ã‚‹é …ç›®ã§ã™ã€‚

ã“ã®é …ç›®ã§æ˜Žç¤ºçš„ã«ã‚¢ã‚¯ã‚»ã‚¹å…ˆã®ã‚µãƒ¼ãƒ“ã‚¹ãŒè¨±å¯ã•ã‚Œã¦ã„ãªã„å ´åˆã€Cloud Run functions ã‹ã‚‰ã®ã‚¢ã‚¯ã‚»ã‚¹ã¯å¤±æ•—ã—ã¾ã™ã€‚

å‰æŽ²ã®è¡¨ã® No. 6ã¯ã€VPC å†…éƒ¨ã‹ã‚‰ã®ã‚¢ã‚¯ã‚»ã‚¹ã ãŒã€ŒVPC ã®ã‚¢ã‚¯ã‚»ã‚¹å¯èƒ½ãªã‚µãƒ¼ãƒ“ã‚¹ã€ã§è¨±å¯ã•ã‚Œã¦ã„ãªã„ API ã«ãƒªã‚¯ã‚¨ã‚¹ãƒˆã—ã‚ˆã†ã¨ã—ã¦ã„ã‚‹ãŸã‚ã€ãƒªã‚¯ã‚¨ã‚¹ãƒˆãŒå¤±æ•—ã—ã¦ã„ã¾ã™ã€‚åå¯¾ã« No.7 ã¯ã€VPC å¤–éƒ¨ã‹ã‚‰ã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆã§ã‚ã‚Šã€ã‹ã¤ BigQuery API ã¯å¢ƒç•Œã§ä¿è·ã•ã‚Œã¦ã„ãªã„ãŸã‚ã€ãƒªã‚¯ã‚¨ã‚¹ãƒˆãŒæˆåŠŸã—ã¾ã™ã€‚

å‚è€ƒ : VPC ã®ã‚¢ã‚¯ã‚»ã‚¹å¯èƒ½ãªã‚µãƒ¼ãƒ“ã‚¹

GitHubç›£æŸ»ãƒã‚°ã‚’Workload Identityèªè¨¼ã§BigQueryã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ã¦ã¿ãŸ

2024-12-04T09:00:00+09:00

G-gen ã®ä¸‰æµ¦ã§ã™ã€‚å½“è¨˜äº‹ã§ã¯ Workload Identity ã®ä»•çµ„ã¿ã‚’ä½¿ã†ã“ã¨ã§ã€ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚ãƒ¼ã‚’ä½¿ã‚ãšã« GitHub Enterprise ã®ç›£æŸ»ãƒã‚°ã‚’ BigQuery ã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã™ã‚‹ä»•çµ„ã¿ã‚’æ§‹ç¯‰ã—ãŸã®ã§ã”ç´¹ä»‹ã—ã¾ã™ã€‚

GitHub Enterprise ã¨ã¯
ã‚¢ãƒ¼ã‚ãƒ†ã‚¯ãƒãƒ£
- æ§‹æˆå›³
- ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªæ§‹æˆ
ç’°å¢ƒæ§‹ç¯‰
å‹•ä½œç¢ºèª
- æ‰‹å‹•å®Ÿè¡Œ
- ã‚¹ã‚±ã‚¸ãƒ¥ãƒ¼ãƒ«å®Ÿè¡Œ

GitHub Enterprise ã¨ã¯

æ¦‚è¦

GitHub Enterprise ã¯ã€è¤‡æ•°çµ„ç¹”ã®ä¸€å…ƒç®¡ç†ã‚„ Microsoft Entra ID ãªã©ã® IdPï¼ˆIdentity Providerï¼‰ã‚’ä½¿ç”¨ã—ãŸ SSOï¼ˆã‚·ãƒ³ã‚°ãƒ«ã‚µã‚¤ãƒ³ã‚ªãƒ³ï¼‰ãªã©ã®æ©Ÿèƒ½ã‚’æä¾›ã™ã‚‹æœ‰å„Ÿãƒ—ãƒ©ãƒ³ã§ã™ã€‚

æœ¬ãƒ—ãƒ©ãƒ³ã§ã¯ç›£æŸ»ãƒã‚° API ã‚’ä½¿ç”¨ã—ã¦çµ„ç¹”å†…ã®æ“ä½œå±¥æ´ã‚’å–å¾—ãƒ»ç®¡ç†ã§ãã¾ã™ã€‚ç›£æŸ»ãƒã‚°ã‚’ BigQuery ã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã™ã‚‹ã¨ã€é•·æœŸä¿å˜ã‚„é«˜åº¦ãªåˆ†æžã‚’è¡Œã„ã€ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£å¯¾ç–ã‚„ã‚³ãƒ³ãƒ—ãƒ©ã‚¤ã‚¢ãƒ³ã‚¹å¼·åŒ–ã«å½¹ç«‹ã¡ã¾ã™ã€‚

ç›£æŸ»ãƒã‚°

GitHub ã®ç›£æŸ»ãƒã‚°ã«ã¯ã€çµ„ç¹”ãƒ¡ãƒ³ãƒãƒ¼ã®ãƒ¬ãƒã‚¸ãƒˆãƒªä½œæˆã€ãƒ—ãƒ«ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚„ãƒžãƒ¼ã‚¸ãªã©ã®æ“ä½œãŒè¨˜éŒ²ã•ã‚Œã€éŽåŽ»180æ—¥åˆ†ã®ãƒã‚°ã‚’ç¢ºèªã§ãã¾ã™ã€‚git.clone ãªã©ä¸€éƒ¨ã® Git ã‚¤ãƒ™ãƒ³ãƒˆã¯ 7 æ—¥é–“ã®ã¿ä¿æŒã•ã‚Œã¾ã™ã€‚

Google Cloud ã¸ã®ç›£æŸ»ãƒã‚°ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆ

GitHub ã®ç›£æŸ»ãƒã‚°ã¯ JSON å½¢å¼ã§ Cloud Storage ã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã§ãã¾ã™ãŒã€é€šå¸¸ã¯ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚ãƒ¼ãŒå¿…è¦ã§ã™ã€‚

å‚è€ƒ : Google Cloud Storage ã¸ã®ã‚¹ãƒˆãƒªãƒ¼ãƒŸãƒ³ã‚°ã®è¨å®š

ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚ãƒ¼ã¯åŽ³é‡ãªç®¡ç†ãŒå¿…è¦ã§ã™ã€‚æ¼æ´©ã—ãŸå ´åˆã€ç¬¬ä¸‰è€…ã«ã‚ˆã‚‹ä¸æ£åˆ©ç”¨ã®ãƒªã‚¹ã‚¯ãŒã‚ã‚Šã¾ã™ã€‚Google Cloud ã®ãƒ™ã‚¹ãƒˆãƒ—ãƒ©ã‚¯ãƒ†ã‚£ã‚¹ã§ã¯ã€ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚ãƒ¼ã‚’ä½¿ç”¨ã›ãšã«èªè¨¼ã™ã‚‹æ–¹æ³•ãŒæŽ¨å¥¨ã•ã‚Œã¦ã„ã¾ã™ã€‚

ä»¥ä¸Šã®ã“ã¨ã‹ã‚‰ã€å½“è¨˜äº‹ã§ã¯ Google Cloud ã® Workload Identity æ©Ÿèƒ½ã‚’ä½¿ã†ã“ã¨ã§ã€ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚ãƒ¼ã‚’ä½¿ç”¨ã›ãšã« GitHub ç›£æŸ»ãƒã‚°ã‚’å–å¾—ã™ã‚‹ä»•çµ„ã¿ã‚’å®Ÿè£…ã—ã¾ã—ãŸã€‚

ã‚¢ãƒ¼ã‚ãƒ†ã‚¯ãƒãƒ£

æ§‹æˆå›³

æ§‹æˆã¯å›³ã®ã¨ãŠã‚Šã§ã™ã€‚GitHub Actions ã‚’ä½¿ç”¨ã—ã¦ç›£æŸ»ãƒã‚°ã‚’å–å¾—ã—ã€BigQuery ã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚

æ§‹æˆå›³

ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªæ§‹æˆ

ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªæ§‹æˆã¯ä»¥ä¸‹ã®é€šã‚Šã§ã™ã€‚

.
â””â”€â”€ app
    â””â”€â”€ main.py # ç›£æŸ»ãƒã‚°ã‚’ BigQuery ã¸ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã™ã‚‹ã‚¹ã‚¯ãƒªãƒ—ãƒˆ
.github
â””â”€â”€ workflows
    â””â”€â”€ github-audit-log-to-bq.yml  # GitHub Actions ã‚’å®šç¾©

ç’°å¢ƒæ§‹ç¯‰

Workload Identity ã¨ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®ä½œæˆ

GitHub Actions ã¨ Google Cloud ã‚’é€£æºã•ã›ã‚‹ãŸã‚ã® Workload Identity ã¨ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’ä½œæˆã—ã¾ã™ã€‚ä½œæˆæ–¹æ³•ã¯ã€æ¬¡ã®è¨˜äº‹ã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚

Google Cloudã¨GitHub Actions(Terraform)ã‚’é€£æºã™ã‚‹Workload Identityã‚’ä½œæˆã™ã‚‹bashã‚¹ã‚¯ãƒªãƒ—ãƒˆ blog.g-gen.co.jp

BigQuery ã®ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆã‚’ä½œæˆã—ã¾ã™ã€‚ãƒ†ãƒ¼ãƒ–ãƒ«ã¯ GitHub Actions ã§è‡ªå‹•çš„ã«ä½œæˆã•ã‚Œã¾ã™ã€‚

# ç’°å¢ƒå¤‰æ•°ã‚’è¨å®š
PROJECT_ID="gha-demo-prj" # ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆID
SERVICE_ACCOUNT_NAME="gha-demo-sa" # ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆå
BQ_DATASET="my_dataset" # BigQueryã®ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆå
ã€€
# BigQuery ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆã‚’æ±äº¬ãƒªãƒ¼ã‚¸ãƒ§ãƒ³ã«ä½œæˆ
bq --project_id=$PROJECT_ID \
   mk --location=asia-northeast1 \
   $BQ_DATASET

# ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã¸æ¨©é™ä»˜ä¸Ž
gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member="serviceAccount:$SERVICE_ACCOUNT_NAME@$PROJECT_ID.iam.gserviceaccount.com" \
    --role="roles/bigquery.dataEditor"
ã€€
gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member="serviceAccount:$SERVICE_ACCOUNT_NAME@$PROJECT_ID.iam.gserviceaccount.com" \
    --role="roles/bigquery.jobUser"

GitHub Actions ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼ã®ä½œæˆ

ã“ã®ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼ã¯ã€GitHub ã®ç›£æŸ»ãƒã‚°ã‚’1æ—¥ã«1å›žè‡ªå‹•ã§å–å¾—ã—ã€BigQuery ã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚å‰å›žã®è‡ªå‹•å–å¾—æ™‚åˆ»ã‚’ã‚¢ãƒ¼ãƒ†ã‚£ãƒ•ã‚¡ã‚¯ãƒˆï¼ˆGitHub Actions ã®æˆæžœç‰©ä¿å˜æ©Ÿèƒ½ï¼‰ã§ç®¡ç†ã™ã‚‹ã“ã¨ã§å·®åˆ†ã®ãƒã‚°ã®ã¿ã‚’å–å¾—ã—ã¾ã™ã€‚éŽåŽ»ã®ãƒã‚°ã‚‚æ‰‹å‹•ã§å–å¾—ã§ãã¾ã™ã€‚

å‚è€ƒ : ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼ã‹ã‚‰ã®ãƒ‡ãƒ¼ã‚¿ã®æ ¼ç´ã¨å…±æœ‰

# github-audit-log-to-bq.yml

name: Fetch and Upload GitHub Audit Logs to BigQuery
ã€€
on:
  schedule:  # ã‚¹ã‚±ã‚¸ãƒ¥ãƒ¼ãƒ«å®Ÿè¡Œ
    - cron: '0 15 * * *'  # æ¯Žæ—¥ JST 0 æ™‚ã«å®Ÿè¡Œï¼ˆUTC 15 æ™‚ï¼‰

  workflow_dispatch:  # æ‰‹å‹•å®Ÿè¡Œ
    inputs:
      start_date:  # ãƒã‚°å–å¾—ã®é–‹å§‹æ—¥
        description: "Start date for fetching logs (ISO 8601 format, e.g., 2024-09-01T00:00:00Z)"
        required: true
        default: "2024-10-01T00:00:00Z"
      end_date:  # ãƒã‚°å–å¾—ã®çµ‚äº†æ—¥
        description: "End date for fetching logs (ISO 8601 format, e.g., 2024-09-30T23:59:59Z)"
        required: true
        default: "2024-10-31T23:59:59Z"
ã€€
permissions:
  id-token: write
  contents: read
  actions: read
ã€€
jobs:
  fetch-and-upload:
    runs-on: ubuntu-latest  
ã€€
    env:
      # BigQuery è¨å®š
      BQ_GCP_PROJECT_ID: gha-demo-prj  # Google Cloud ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆ ID
      BQ_DATASET: my_dataset  # BigQuery ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆå
      BQ_TABLE: my_table  # BigQuery ãƒ†ãƒ¼ãƒ–ãƒ«å

      # GitHub è¨å®š
      GITHUB_ORG: myorg  # GitHub çµ„ç¹”å
      GH_TOKEN: ${{ github.token }}  # GitHub CLI ç”¨ã®ãƒˆãƒ¼ã‚¯ãƒ³

      # Workload Identity Federation è¨å®š
      PROJECT_NUMBER: 1234567890 # ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆç•ªå· 
      WORKLOAD_IDENTITY_POOL: gha-demo-pool  # Workload Identity ãƒ—ãƒ¼ãƒ«å
      WORKLOAD_IDENTITY_POOL_PROVIDER: gha-demo-provider  # Workload Identity ãƒ—ãƒ¼ãƒ«ãƒ—ãƒãƒã‚¤ãƒ€å
      SERVICE_ACCOUNT: [email protected]  # ä½¿ç”¨ã™ã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆå

      # ã‚¢ãƒ¼ãƒ†ã‚£ãƒ•ã‚¡ã‚¯ãƒˆè¨å®š
      LAST_RUN_TIMESTAMP_NAME: "last_run_timestamp"  # å‰å›žå®Ÿè¡Œæ™‚åˆ»ã®ã‚¢ãƒ¼ãƒ†ã‚£ãƒ•ã‚¡ã‚¯ãƒˆå
ã€€
    steps:
      - uses: actions/checkout@v4
ã€€
      # Google Cloud èªè¨¼ (Workload Identity)
      - id: 'auth'
        uses: 'google-github-actions/auth@v2'
        with:
          workload_identity_provider: 'projects/${{ env.PROJECT_NUMBER }}/locations/global/workloadIdentityPools/${{ env.WORKLOAD_IDENTITY_POOL }}/providers/${{ env.WORKLOAD_IDENTITY_POOL_PROVIDER }}'
          service_account: ${{ env.SERVICE_ACCOUNT }}
ã€€
      # GitHub App ãƒˆãƒ¼ã‚¯ãƒ³ã‚’ç”Ÿæˆ
      - name: Generate GitHub App token
        id: generate_token
        uses: actions/create-github-app-token@v1
        with:
          app-id: ${{ secrets.APP_ID }}
          private-key: ${{ secrets.APP_PRIVATE_KEY }}
ã€€
      # GitHub App ãƒˆãƒ¼ã‚¯ãƒ³ã‚’ç’°å¢ƒå¤‰æ•°ã«è¨å®š
      - name: Set GitHub App Access Token
        run: echo "ACCESS_TOKEN=${{ steps.generate_token.outputs.token }}" >> $GITHUB_ENV
ã€€
      # Pythonç’°å¢ƒã‚’ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ—
      - name: Set up Python environment
        run: |
          python3 -m venv venv
          . venv/bin/activate
          pip install --upgrade pip
          pip install google-cloud-bigquery requests jq pandas
ã€€
      # åˆå›žå®Ÿè¡Œæ™‚ã®ã‚¿ã‚¤ãƒ ã‚¹ã‚¿ãƒ³ãƒ—ã‚’è¨å®š
      - name: Set Default Timestamp to Start of Today
        if: ${{ github.event_name == 'schedule' }}
        run: |
          DEFAULT_TIMESTAMP=$(date -u +"%Y-%m-%dT00:00:00Z")
          echo "DEFAULT_TIMESTAMP=$DEFAULT_TIMESTAMP" >> $GITHUB_ENV
ã€€
      # å‰å›žå®Ÿè¡Œæ™‚åˆ»ã®ã‚¢ãƒ¼ãƒ†ã‚£ãƒ•ã‚¡ã‚¯ãƒˆã‚’ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰
      - name: Download previous timestamp artifact
        if: ${{ github.event_name == 'schedule' }}
        run: |
          mkdir -p artifacts

          ARTIFACT_URL=$(gh api -X GET "repos/${{ github.repository }}/actions/artifacts" \
            | jq -r '.artifacts[] | select(.name=="'${{ env.LAST_RUN_TIMESTAMP_NAME }}'") | .archive_download_url' | head -n 1)

          if [ -n "$ARTIFACT_URL" ]; then
            curl -L -o artifacts/${{ env.LAST_RUN_TIMESTAMP_NAME }}.zip -H "Authorization: token ${{ github.token }}" "$ARTIFACT_URL"
            unzip -o artifacts/${{ env.LAST_RUN_TIMESTAMP_NAME }}.zip -d artifacts/

            if [ ! -f "artifacts/${{ env.LAST_RUN_TIMESTAMP_NAME }}.txt" ]; then
              echo "${{ env.DEFAULT_TIMESTAMP }}" > artifacts/${{ env.LAST_RUN_TIMESTAMP_NAME }}.txt
            fi
          else
            echo "${{ env.DEFAULT_TIMESTAMP }}" > artifacts/${{ env.LAST_RUN_TIMESTAMP_NAME }}.txt
          fi
ã€€
      # å‰å›žå®Ÿè¡Œæ™‚åˆ»ã‚’èªã¿è¾¼ã¿
      - name: Read previous timestamp
        if: ${{ github.event_name == 'schedule' }}
        id: read-timestamp
        run: |
          if [ ! -f "artifacts/${{ env.LAST_RUN_TIMESTAMP_NAME }}.txt" ]; then
            echo "${{ env.DEFAULT_TIMESTAMP }}" > artifacts/${{ env.LAST_RUN_TIMESTAMP_NAME }}.txt
          fi
          last_run=$(cat artifacts/${{ env.LAST_RUN_TIMESTAMP_NAME }}.txt)
          echo "last_run=$last_run" >> $GITHUB_ENV
ã€€
      # ä»Šå›žå®Ÿè¡Œæ™‚åˆ»ã‚’ç’°å¢ƒå¤‰æ•°ã«ä¿å˜
      - name: Set execution time for last_run
        if: ${{ github.event_name == 'schedule' }}
        run: |
          execution_time=$(date --utc --iso-8601=seconds)
          echo "execution_time=$execution_time" >> $GITHUB_ENV
ã€€
      # ã‚¹ã‚±ã‚¸ãƒ¥ãƒ¼ãƒ«å®Ÿè¡Œæ™‚ã®ç›£æŸ»ãƒã‚°å–å¾—
      - name: Fetch GitHub Audit Logs for Scheduled Run
        if: ${{ github.event_name == 'schedule' }}
        env:
          last_run: ${{ env.last_run }}
          ACCESS_TOKEN: ${{ env.ACCESS_TOKEN }}
        run: |
          . venv/bin/activate
          rm -rf app/audit_logs
          mkdir -p app/audit_logs

          next_url="https://api.github.com/orgs/${{ env.GITHUB_ORG }}/audit-log?phrase=created:>$last_run&per_page=100&include=all"

          while [[ ! -z "$next_url" ]]; do
            response=$(curl -s -H "Authorization: Bearer $ACCESS_TOKEN" \
                                 -H "Accept: application/vnd.github.v3+json" \
                                 "$next_url")

            if echo "$response" | jq -e 'type == "object" and has("message")' >/dev/null 2>&1; then
              exit 1
            fi

            logs_count=$(echo "$response" | jq '. | length')
            echo "$response" > "app/audit_logs/log_$logs_count.json"

            next_url=$(curl -s -I -H "Authorization: Bearer $ACCESS_TOKEN" "$next_url" | grep -i '^link:' | sed -n 's/.*<\(.*\)>; rel="next".*/\1/p')
            
            sleep 2
          done
ã€€
      # æ‰‹å‹•å®Ÿè¡Œæ™‚ã®ç›£æŸ»ãƒã‚°å–å¾—
      - name: Fetch GitHub Audit Logs for Manual Run
        if: ${{ github.event_name == 'workflow_dispatch' }}
        env:
          start_date: ${{ github.event.inputs.start_date }}
          end_date: ${{ github.event.inputs.end_date }}
          ACCESS_TOKEN: ${{ env.ACCESS_TOKEN }}
        run: |
          . venv/bin/activate
          rm -rf app/audit_logs
          mkdir -p app/audit_logs

          next_url="https://api.github.com/orgs/${{ env.GITHUB_ORG }}/audit-log?phrase=created%3A>${start_date}%20created%3A<${end_date}&per_page=100&include=all"

          while [[ ! -z "$next_url" ]]; do
            response=$(curl -s -H "Authorization: Bearer $ACCESS_TOKEN" \
                                 -H "Accept: application/vnd.github.v3+json" \
                                 "$next_url")

            if echo "$response" | jq -e 'type == "object" and has("message")' >/dev/null 2>&1; then
              exit 1
            fi

            logs_count=$(echo "$response" | jq '. | length')
            echo "$response" > "app/audit_logs/log_$logs_count.json"

            next_url=$(curl -s -I -H "Authorization: Bearer $ACCESS_TOKEN" "$next_url" | grep -i '^link:' | sed -n 's/.*<\(.*\)>; rel="next".*/\1/p')
            
            sleep 2
          done
ã€€
      # ç›£æŸ»ãƒã‚°ã‚’ BigQuery ã«ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰
      - name: Run script to upload logs to BigQuery
        run: |
          . venv/bin/activate
          python3 app/main.py
ã€€
      # ä»Šå›žå®Ÿè¡Œæ™‚åˆ»ã‚’ãƒ•ã‚¡ã‚¤ãƒ«ã«æ›¸ãè¾¼ã¿
      - name: Write new execution time to file
        if: ${{ success() && github.event_name == 'schedule' }}
        run: |
          mkdir -p artifacts
          echo "$execution_time" > artifacts/${{ env.LAST_RUN_TIMESTAMP_NAME }}.txt
ã€€
      # ä»Šå›žå®Ÿè¡Œæ™‚åˆ»ã‚’ã‚¢ãƒ¼ãƒ†ã‚£ãƒ•ã‚¡ã‚¯ãƒˆã¨ã—ã¦ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰
      - name: Upload updated timestamp artifact
        if: ${{ success() && github.event_name == 'schedule' }}
        uses: actions/upload-artifact@v4
        with:
          name: ${{ env.LAST_RUN_TIMESTAMP_NAME }}
          path: artifacts/${{ env.LAST_RUN_TIMESTAMP_NAME }}.txt

main.py ã®ä½œæˆ

ã“ã®ã‚¹ã‚¯ãƒªãƒ—ãƒˆã¯ GitHub Actions ã§å–å¾—ã—ãŸç›£æŸ»ãƒã‚°ã‚’åŠ å·¥ã—ã€BigQuery ã¸ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆå…ˆã®ãƒ†ãƒ¼ãƒ–ãƒ«ãŒå˜åœ¨ã—ãªã„å ´åˆã€æ–°è¦ã«ä½œæˆã—ã¾ã™ã€‚

import json
import logging
import os
import sys
import time
  
import pandas as pd
    
from datetime import datetime, timezone
from google.cloud import bigquery
from google.api_core.exceptions import NotFound, GoogleAPIError
import re
ã€€
# ãƒã‚°ã®è¨å®š: ãƒã‚°ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®å‡ºåŠ›å½¢å¼ã‚’æŒ‡å®šã—ã€INFOãƒ¬ãƒ™ãƒ«ä»¥ä¸Šã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’è¨˜éŒ²
logging.basicConfig(level=logging.INFO, format='%(asctime)s [%(levelname)s] %(message)s')
ã€€
def get_bigquery_client():
    """BigQueryã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‚’åˆæœŸåŒ–ã—ã¦è¿”ã™"""
    return bigquery.Client()
  
  
def flatten_json(y):
    """ãƒã‚¹ãƒˆã•ã‚ŒãŸJSONãƒ‡ãƒ¼ã‚¿ã‚’å¹³å¦åŒ–"""
    out = {}
    def flatten(x, name=''):
        if isinstance(x, dict):
            for a in x:
                flatten(x[a], name + a + '_')
        elif isinstance(x, list):
            for i, a in enumerate(x):
                flatten(a, name + str(i) + '_')
        else:
            out[name[:-1]] = x
    flatten(y)
    return out
  
  
def clean_field_name(field_name):
    """ãƒ•ã‚£ãƒ¼ãƒ«ãƒ‰åã‚’BigQueryã§è¨±å¯ã•ã‚ŒãŸå½¢å¼ã«å¤‰æ›"""
    field_name = re.sub(r'[^a-zA-Z0-9_]', '_', field_name)
    if field_name[0].isdigit():
        field_name = '_' + field_name
    return field_name
  
  
def infer_schema_from_logs(logs_df):
    """DataFrameã‹ã‚‰BigQueryç”¨ã®ã‚¹ã‚ãƒ¼ãƒžã‚’æŽ¨æ¸¬ã—ã¦ç”Ÿæˆ"""
    schema = []
    for column in logs_df.columns:
        clean_column = clean_field_name(column)
        dtype = logs_df[column].dtype
        if clean_column == "_timestamp" and pd.api.types.is_integer_dtype(dtype):
            schema.append(bigquery.SchemaField("timestamp", "TIMESTAMP"))
        elif pd.api.types.is_integer_dtype(dtype):
            schema.append(bigquery.SchemaField(clean_column, "INTEGER"))
        elif pd.api.types.is_float_dtype(dtype):
            schema.append(bigquery.SchemaField(clean_column, "FLOAT"))
        elif pd.api.types.is_bool_dtype(dtype):
            schema.append(bigquery.SchemaField(clean_column, "BOOLEAN"))
        elif pd.api.types.is_datetime64_any_dtype(dtype):
            schema.append(bigquery.SchemaField(clean_column, "TIMESTAMP"))
        else:
            schema.append(bigquery.SchemaField(clean_column, "STRING"))
    return schema
  
  
def create_table_if_not_exists(client, table_ref, logs_df):
    """ãƒ†ãƒ¼ãƒ–ãƒ«ãŒå˜åœ¨ã—ãªã„å ´åˆã€æ–°è¦ä½œæˆ"""
    try:
        table = client.get_table(table_ref)
        logging.info(f"Table {table_ref} already exists.")
        return table
    except NotFound:
        schema = infer_schema_from_logs(logs_df)
        table = bigquery.Table(table_ref, schema=schema)
        table = client.create_table(table)
        logging.info(f"Table {table_ref} created with schema.")
        return table
  
  
def load_audit_logs(logs_dir='app/audit_logs'):
    """ç›£æŸ»ãƒã‚°ã‚’JSONãƒ•ã‚¡ã‚¤ãƒ«ã‹ã‚‰èªã¿è¾¼ã¿DataFrameã«çµ±åˆ"""
    logs = []
    for filename in os.listdir(logs_dir):
        if filename.endswith(".json"):
            file_path = os.path.join(logs_dir, filename)
            try:
                with open(file_path, 'r') as f:
                    file_logs = json.load(f)
                    for log in file_logs:
                        logs.append(flatten_json(log))
            except json.JSONDecodeError as e:
                logging.error(f"Failed to load {file_path}: {e}")
    return pd.DataFrame(logs)
  
  
def transform_audit_logs(logs_df, schema):
    """ç›£æŸ»ãƒã‚°ã‚’BigQueryç”¨ã®å½¢å¼ã«å¤‰æ›"""
    transformed_logs = []
    schema_field_names = {field.name for field in schema}
    logs_df.columns = [clean_field_name(col) for col in logs_df.columns]
    if "_timestamp" in logs_df.columns:
        logs_df["_timestamp"] = pd.to_datetime(logs_df["_timestamp"], unit='ms', utc=True)
        logs_df = logs_df.rename(columns={"_timestamp": "timestamp"})
    for _, log in logs_df.iterrows():
        transformed_log = {}
        for key, value in log.items():
            if key in schema_field_names and not pd.isnull(value):
                if isinstance(value, pd.Timestamp):
                    value = value.isoformat()
                elif isinstance(value, bool):
                    value = int(value)
                transformed_log[key] = value
        if transformed_log:
            transformed_logs.append(transformed_log)
    return transformed_logs
  
  
def insert_rows_with_retry(client, table_ref, rows, retries=3, delay=10):
    """BigQueryã«ãƒ‡ãƒ¼ã‚¿ã‚’ãƒªãƒˆãƒ©ã‚¤ä»˜ãã§æŒ¿å…¥"""
    for attempt in range(retries):
        try:
            errors = client.insert_rows_json(table_ref, rows)
            if errors:
                logging.error(f"Errors occurred during insertion: {errors}")
                time.sleep(delay)
            else:
                logging.info("Data uploaded successfully.")
                return
        except GoogleAPIError as e:
            logging.error(f"Failed to upload data to BigQuery: {e}")
            time.sleep(delay)
    logging.error(f"Failed to insert rows into {table_ref} after {retries} attempts.")
    sys.exit(1)
  
  
def main():
    project_id = os.getenv('BQ_GCP_PROJECT_ID')
    dataset_id = os.getenv('BQ_DATASET')
    table_id = os.getenv('BQ_TABLE')
    table_ref = f"{project_id}.{dataset_id}.{table_id}"
    client = get_bigquery_client()
    logs_df = load_audit_logs()
    if not logs_df.empty:
        table = create_table_if_not_exists(client, table_ref, logs_df)
        rows_to_insert = transform_audit_logs(logs_df, table.schema)
        insert_rows_with_retry(client, table_ref, rows_to_insert)
    else:
        logging.error("No logs to process. Exiting.")
        sys.exit(1)
  
  
if __name__ == "__main__":
    main()

GitHub App ã®ä½œæˆ

å‚è€ƒ : Enterprise å‘ã‘ GitHub Apps ã®ä½œæˆ

GitHub App ã® Permissions ã¯ä»¥ä¸‹ã®ã¨ãŠã‚Šã«è¨å®šã—ã¾ã™ã€‚

Repository permissions
- Administrationï¼š Read-only
- Metadataï¼š Read-only
Organization permissions
- Administrationï¼š Read-only

ï¼ˆGeneralï¼‰ã‹ã‚‰ App ID ã‚’ç¢ºèªã—ã€æŽ§ãˆã¦ãŠãã¾ã™ã€‚ï¼ˆå¾Œã§ GitHub ã® secret ã«ç™»éŒ²ã—ã¾ã™ï¼‰

App ID ã®ç¢ºèª

åŒç”»é¢ã‹ã‚‰ï¼ˆPrivate keysï¼‰ã‚’ä½œæˆã—ã€ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã—ã¾ã™ã€‚ï¼ˆå¾Œã§ GitHub ã® secret ã«ç™»éŒ²ã—ã¾ã™ï¼‰

Private keys ã®ä½œæˆ

ï¼ˆInstall Appï¼‰ã‹ã‚‰å¯¾è±¡ã®çµ„ç¹”ã‚’ç¢ºèªã—ã€ï¼ˆInstallï¼‰ã‚’é¸æŠžã—ã¾ã™ã€‚

çµ„ç¹”ã¸ã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«

ï¼ˆOnly select repositoriesï¼‰ã‹ã‚‰ GitHub Actions ã‚’æ§‹ç¯‰ã™ã‚‹ãƒ¬ãƒã‚¸ãƒˆãƒªã‚’é¸æŠžã—ã€ï¼ˆInstallï¼‰ã‚’é¸æŠžã—ã¾ã™ã€‚

GitHub App ã‚’ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã™ã‚‹ãƒ¬ãƒã‚¸ãƒˆãƒªã®é¸æŠž

GitHub Actions ã®ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆç™»éŒ²

ä½œæˆã—ãŸ GitHub App ã‚’ GitHub Actions ã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã€ãƒªãƒã‚¸ãƒˆãƒªã® Secretsï¼ˆã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆï¼‰ã«ç™»éŒ²ã—ã¾ã™ã€‚ç™»éŒ²å¯¾è±¡ã¯ä»¥ä¸‹ã® 2 ã¤ã§ã™ã€‚

App ID
- åå‰: APP_ID
- å€¤: å‰æ‰‹é †ã§ç¢ºèªã—ãŸ GitHub App ã® App ID
Private keys
- åå‰: APP_PRIVATE_KEY
- å€¤: PEM ã‚ãƒ¼ã®å€¤ã‚’ã‚³ãƒ”ãƒ¼ã—ã¦è²¼ã‚Šä»˜ã‘ã‚‹

Secrets ã®ç™»éŒ²

å‚è€ƒ : ãƒªãƒã‚¸ãƒˆãƒªã®ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã®ä½œæˆ

å‹•ä½œç¢ºèª

æ‰‹å‹•å®Ÿè¡Œ

GitHub ã®ï¼ˆActionsï¼‰ã‚¿ãƒ–ã‹ã‚‰å¯¾è±¡ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼ã‚’é¸æŠžã—ã€å–å¾—æœŸé–“ã®ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ï¼ˆStart dateã€End dateï¼‰ã‚’å…¥åŠ›ã—ã¦ï¼ˆRun workflowï¼‰ã§å®Ÿè¡Œã—ã¾ã™ã€‚

æ‰‹å‹•å®Ÿè¡Œ

â€» ä¸€åº¦ã«180æ—¥åˆ†ã‚’å–å¾—å¯èƒ½ã§ã™ãŒã€ãƒã‚°æ•°ãŒå¤šã„å ´åˆã€BigQuery ã¸ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã™ã‚‹éš›ã«ä»¥ä¸‹ã‚¨ãƒ©ãƒ¼ã§å¤±æ•—ã™ã‚‹ã“ã¨ãŒã‚ã‚Šã¾ã™ã€‚ç™ºç”Ÿã—ãŸå ´åˆã€å–å¾—æœŸé–“ã‚’çŸãã—ã¦å†å®Ÿè¡Œã—ã¦ãã ã•ã„ã€‚

Error: -06 08:40:51,290 [ERROR] Failed to upload data to BigQuery: Timeout of 600.0s exceeded, last exception: HTTPSConnectionPool(host='bigquery.googleapis.com', port=443): Max retries exceeded with url: /bigquery/v2/projects/xxxxx/datasets/xxxxx/tables/xxxxx/insertAll?prettyPrint=false (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:2426)')))

ã¾ãŸã€ç›£æŸ»ãƒã‚° API ã«ã¯ãƒ¬ãƒ¼ãƒˆä¸Šé™ãŒã‚ã‚Šã€1 æ™‚é–“ã«æœ€å¤§ 1,750 ã‚¯ã‚¨ãƒªï¼ˆ1 ã‚¯ã‚¨ãƒªã§æœ€å¤§ 100 ä»¶ã®ãƒã‚°å–å¾—ãŒå¯èƒ½ï¼‰ã®åˆ¶é™ãŒã‚ã‚Šã¾ã™ã€‚ã“ã®åˆ¶é™ã‚’è¶…ãˆãŸå ´åˆã€403 ã¾ãŸã¯ 429 ã‚¨ãƒ©ãƒ¼å¿œç”ã§å¤±æ•—ã™ã‚‹ãŸã‚ã€ã”æ³¨æ„ãã ã•ã„ã€‚

å‚è€ƒ : ãƒ¬ãƒ¼ãƒˆä¸Šé™

å®Ÿè¡ŒãŒæˆåŠŸã—ãŸã‚‰ã€BigQuery ã‚’ç¢ºèªã—ã€æŒ‡å®šã—ãŸæœŸé–“ã®ç›£æŸ»ãƒã‚°ãŒæ ¼ç´ã•ã‚ŒãŸãƒ†ãƒ¼ãƒ–ãƒ«ãŒã‚ã‚‹ã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚

æ‰‹å‹•å®Ÿè¡ŒæˆåŠŸ

ç›£æŸ»ãƒã‚°ã®ç¢ºèª

ã‚¹ã‚±ã‚¸ãƒ¥ãƒ¼ãƒ«å®Ÿè¡Œ

JST 0æ™‚ã«ã‚¹ã‚±ã‚¸ãƒ¥ãƒ¼ãƒ«å®Ÿè¡Œã•ã‚Œã€ãƒã‚°ãŒ BigQuery ã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã•ã‚Œã¾ã™ã€‚GitHub å´ã®è² è·ã«ã‚ˆã‚Šå®Ÿè¡Œã¾ã§ã«é…å»¶ãŒç™ºç”Ÿã™ã‚‹å ´åˆã‚‚ã‚ã‚Šã¾ã™ã®ã§ã€ã”æ³¨æ„ãã ã•ã„ã€‚

å‚è€ƒ : schedule

GitHub ã®ï¼ˆActionsï¼‰ã‹ã‚‰å¯¾è±¡ã®ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼ãŒæˆåŠŸã—ã¦ã„ã‚‹ã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚ï¼ˆEventï¼‰ã‹ã‚‰ï¼ˆscheduleï¼‰ã‚’é¸æŠžã™ã‚‹ã“ã¨ã§ã€ã‚¹ã‚±ã‚¸ãƒ¥ãƒ¼ãƒ«å®Ÿè¡Œã•ã‚ŒãŸãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼ã®ã¿ãŒè¡¨ç¤ºã•ã‚Œã¾ã™ã€‚

ãƒ•ã‚£ãƒ«ã‚¿æ–¹æ³•

å‡¦ç†ãŒæˆåŠŸã—ã€Artifacts ã«ãƒ•ã‚¡ã‚¤ãƒ«ï¼ˆå®Ÿè¡Œæ™‚é–“ãŒè¨˜éŒ²ã•ã‚ŒãŸ txt ãƒ•ã‚¡ã‚¤ãƒ«ï¼‰ãŒã‚ã‚‹ã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚æ¬¡å›žã®å®Ÿè¡Œæ™‚ã¯ã“ã®æ™‚é–“ä»¥é™ã®ãƒã‚°ã‚’å–å¾—ã—ã€BigQuery ã¸ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚

ã‚¹ã‚±ã‚¸ãƒ¥ãƒ¼ãƒ«å®Ÿè¡ŒæˆåŠŸ

last_run_timestamp ã®ä¸èº«

BigQuery ã‚’ç¢ºèªã—ã€ç›£æŸ»ãƒã‚°ãŒå‡ºåŠ›ã•ã‚Œã¦ã„ã‚‹ã“ã¨ã‚’ç¢ºèªã—ã¾ã™ã€‚

ç›£æŸ»ãƒã‚°ã®ç¢ºèª

2024å¹´11æœˆã®ã‚¤ãƒã‚ªã‚·Google Cloudã‚¢ãƒƒãƒ—ãƒ‡ãƒ¼ãƒˆ

2024-12-02T09:00:00+09:00

G-gen ã®æ‰æ‘ã§ã™ã€‚2024å¹´11æœˆã®ã‚¤ãƒã‚ªã‚· Google Cloud ã‚¢ãƒƒãƒ—ãƒ‡ãƒ¼ãƒˆã‚’ã¾ã¨ã‚ã¦ã”ç´¹ä»‹ã—ã¾ã™ã€‚è¨˜è¼‰ã¯å…¨ã¦ã€è¨˜äº‹å…¬é–‹å½“æ™‚ã®ã‚‚ã®ã§ã™ã®ã§ã”ç•™æ„ãã ã•ã„ã€‚

ã¯ã˜ã‚ã«
Eventarc Advanced ãŒç™»å ´ï¼ˆPreviewï¼‰
Vertex AI Search ã§ streaming answer ãƒ¡ã‚½ãƒƒãƒ‰ï¼ˆGA with Allowlistï¼‰
Dataplex ã§ automatic discovery of Cloud Storage data ãŒ Preview
Application Load Balancer ã§ Service Extensions ãŒ Preview å…¬é–‹
æ–°ã‚µãƒ¼ãƒ“ã‚¹ Audit Manager ãŒå…¬é–‹ï¼ˆGAï¼‰
Vertex AI ã§ Gemini ã«ã‚ˆã‚‹ã€ŒãƒãƒƒãƒæŽ¨è«–ã€ãŒå¯èƒ½ã«ï¼ˆGAï¼‰
GKE ã®ã‚³ãƒ³ãƒˆãƒãƒ¼ãƒ«ãƒ—ãƒ¬ãƒ¼ãƒ³ã« DNS ãƒ™ãƒ¼ã‚¹ã®ã‚¢ã‚¯ã‚»ã‚¹ãŒç™»å ´
Gemini ã‚µã‚¤ãƒ‰ãƒ‘ãƒãƒ«ã®æ—¥æœ¬èªžç‰ˆãŒ Alpha ç‰ˆ â†’ GA
Cloud Run ã§ in-memory volume ãŒ Preview -> GA
Cloud Storage ã§ Bucket IP filtering ãŒ Preview å…¬é–‹
Cloud SQL Enterprise Plus edition ã§ write endpoint ãŒ Preview å…¬é–‹
Cloud SQL Studio ã§ IAM ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹èªè¨¼ãŒä½¿ãˆã‚‹ã‚ˆã†ã«
2025å¹´1æœˆ25æ—¥ã‚ˆã‚Š Cloud Run é–¢é€£ãƒãƒ¼ãƒ«ã«ä»•æ§˜å¤‰æ›´ã‚ã‚Š
Google Chat ã«éŸ³å£°ãƒŸãƒ¼ãƒ†ã‚£ãƒ³ã‚° huddles ãŒå°Žå…¥

ã¯ã˜ã‚ã«

å½“è¨˜äº‹ã§ã¯ã€æ¯Žæœˆã® Google Cloud ã‚¢ãƒƒãƒ—ãƒ‡ãƒ¼ãƒˆã®ã†ã¡ç‰¹ã«é‡è¦ãªã‚‚ã®ã‚’ã¾ã¨ã‚ã¾ã™ã€‚

blog.g-gen.co.jp

Eventarc Advanced ãŒç™»å ´ï¼ˆPreviewï¼‰

Choose Eventarc Advanced or Eventarc Standard (2024-10-31)

Eventarc AdvancedãŒç™»å ´(Preview)ã€‚

å¾“æ¥ç‰ˆï¼ˆStandardï¼‰ã¨ã®é•ã„ã¯ã€ã‚ˆã‚Šè©³ç´°ãªåˆ¶å¾¡ã€ä»–å¯¾ä»–ã®ãƒ•ã‚¡ãƒ³ã‚¤ãƒ³ãƒ»ãƒ•ã‚¡ãƒ³ã‚¢ã‚¦ãƒˆã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®å¤‰æ›ãªã©ã€‚Busã€Enrollmentã€Pipelineã®3è¦ç´ ã§æ§‹æˆã•ã‚Œã‚‹ã€‚

Vertex AI Search ã§ streaming answer ãƒ¡ã‚½ãƒƒãƒ‰ï¼ˆGA with Allowlistï¼‰

Stream answers (2024-10-31)

Vertex AI Search ã« streaming answer ãƒ¡ã‚½ãƒƒãƒ‰ãŒç™»å ´ã€‚

å›žç”ã®ä¸€éƒ¨ãŒç”Ÿæˆã•ã‚Œæ¬¡ç¬¬ã‚¹ãƒˆãƒªãƒ¼ãƒŸãƒ³ã‚°ã§è¿”å´ã•ã‚Œã‚‹ã€‚ç¾åœ¨ã®ã¨ã“ã‚è‹±èªžã®ã¿å¯¾å¿œã€‚åˆ©ç”¨ã«ã¯ç”³è«‹ãŒå¿…è¦ã€‚

Dataplex ã§ automatic discovery of Cloud Storage data ãŒ Preview

Discover and catalog Cloud Storage data (2024-11-05)

Dataplex ã§ automatic discovery of Cloud Storage data ãŒ Preview å…¬é–‹ã€‚

Cloud Storage ä¸Šã® CSVã€JSONLã€Parquetã€Avroã€ORC ã‚’è‡ªå‹•ã§æ¤œå‡ºã—ã€BigQuery ã®å¤–éƒ¨ãƒ†ãƒ¼ãƒ–ãƒ«ã‚„ã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆãƒ†ãƒ¼ãƒ–ãƒ«ã‚’ç”Ÿæˆã—ã¦ãã‚Œã‚‹ã€‚

ä»¥å‰ã‚ˆã‚Š Dataplex ã«ã¯ã€åŒæ§˜ã® Data Discovery æ©Ÿèƒ½ãŒå˜åœ¨ã—ã¦ã„ãŸãŒã€ä»Šå›žã®ã‚¢ãƒƒãƒ—ãƒ‡ãƒ¼ãƒˆã§ã¯ Dataplex ã® Lake ãŒä½œæˆã•ã‚Œãšã€ãã®ã¾ã¾ BigQuery ã‹ã‚‰ä½¿ãˆã‚‹ï¼ˆDataplex ã®ç®¡ç†æ©Ÿæ§‹ã‚’é€šã‚‰ãªã„ï¼‰ã“ã¨ãŒé•ã„ã€‚

Data classifications labels for Gmail are now available in open beta (2024-11-01)

ãƒ‡ãƒ¼ã‚¿åˆ†é¡žãƒ©ãƒ™ãƒ«ãŒ Gmail ã«ã‚‚å¯¾å¿œã€‚"Sensitive"ã€"Confidential" ã¨ã„ã£ãŸãƒ©ãƒ™ãƒ«ã‚’ã‚³ãƒ³ãƒ†ãƒ³ãƒ„å†…å®¹ã«å¿œã˜ã¦è‡ªå‹•ä»˜ä¸Žã—ã€ãƒ©ãƒ™ãƒ«ã«å¿œã˜ã¦å¤–éƒ¨é€ä¿¡ã‚’ãƒ–ãƒãƒƒã‚¯ã™ã‚‹ãªã©ãŒå¯èƒ½ã€‚ã‚¨ãƒ‡ã‚£ã‚·ãƒ§ãƒ³ã”ã¨ã«ä½¿ãˆã‚‹æ©Ÿèƒ½ãŒé•ã†ã“ã¨ã«æ³¨æ„ã€‚

Google Cloud Certification

Associate Google Workspace Administratorï¼ˆBetaï¼‰
- 2024å¹´10æœˆ22æ—¥ã€Beta ç‰ˆã¨ã—ã¦å…¬é–‹
- Google Workspace ã®ç®¡ç†æ¥å‹™ã‚„ãƒˆãƒ©ãƒ–ãƒ«ã‚·ãƒ¥ãƒ¼ãƒ†ã‚£ãƒ³ã‚°ã«é–¢ã™ã‚‹çŸ¥è˜ã‚’å•ã†
Associate Data Practionerï¼ˆBetaï¼‰
- 2024å¹´10æœˆ30æ—¥ã€Beta ç‰ˆã¨ã—ã¦å…¬é–‹
- Google Cloud ä¸Šã®ãƒ‡ãƒ¼ã‚¿ã‚„ãƒ‡ãƒ¼ã‚¿ãƒ‘ã‚¤ãƒ—ãƒ©ã‚¤ãƒ³ã®ç®¡ç†ã«é–¢ã™ã‚‹çŸ¥è˜ã‚’å•ã†
Professional Cloud Architect
- æ–°ã—ã„æ›´æ–°è©¦é¨“ã® Beta ç‰ˆãŒå—é¨“å¯èƒ½ã«
- ã“ã‚Œã¾ã§ã¯ã€æ–°è¦å—é¨“ã¨æ›´æ–°å—é¨“ã«å•é¡Œã®åŒºåˆ¥ãŒãªã‹ã£ãŸ

blog.g-gen.co.jp

Application Load Balancer ã§ Service Extensions ãŒ Preview å…¬é–‹

Now run your custom code at the edge with the Application Load Balancers (2024-10-30)

Application Load Balancer ã§ã€ã‚¨ãƒƒã‚¸å´ã§ã‚µãƒ¼ãƒãƒ¼ãƒ¬ã‚¹ãƒ—ãƒã‚°ãƒ©ãƒ ã‚’å‹•ä½œã•ã›ã‚‹ Service Extensions ãŒ Preview å…¬é–‹ã€‚

ãƒ—ãƒã‚°ãƒ©ãƒ ã®ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã¯ WebAssembly (Wasm)ã€‚ALBå´ã§ã‚³ãƒ¼ãƒ‰ãŒå‹•ãã®ã§ä½Žé…å»¶ã§ç¨¼åƒã™ã‚‹ã€‚HTTPãƒ˜ãƒƒãƒ€æ“ä½œã€ã‚«ã‚¹ã‚¿ãƒ èªè¨¼ã€ã‚«ã‚¹ã‚¿ãƒ ãƒã‚®ãƒ³ã‚°ã€HTMLæ›¸ãæ›ãˆãªã©ã«åˆ©ç”¨ã§ãã‚‹ã€‚

Create a Cloud Storage import topic (2024-11-06)

Publisher ã‚µãƒ¼ãƒ“ã‚¹ã‚’é–‹ç™ºã™ã‚‹ã“ã¨ãªã Cloud Storage ã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’ Pub/Sub ã«å–ã‚Šè¾¼ã‚“ã§å®›å…ˆã«æŒ¿å…¥ã§ãã‚‹ã€‚ã‚¤ãƒ™ãƒ³ãƒˆãƒ‰ãƒªãƒ–ãƒ³ãªã‚¢ãƒ¼ã‚ãƒ†ã‚¯ãƒãƒ£ã‚’ã‚ˆã‚Šå®¹æ˜“ã«å®Ÿè£…å¯èƒ½ã«ã€‚

ä»¥ä¸‹ã®è¨˜äº‹ã‚‚å‚ç…§ã€‚

blog.g-gen.co.jp

æ–°ã‚µãƒ¼ãƒ“ã‚¹ Audit Manager ãŒå…¬é–‹ï¼ˆGAï¼‰

Audit Manager overview (2024-11-07)

Google Cloudã§æ–°ã‚µãƒ¼ãƒ“ã‚¹Audit ManagerãŒå…¬é–‹ï¼ˆGAï¼‰ã€‚

ISO 27001 ã‚„ SOC2ã€PCI DSS ç‰ã«æº–æ‹ ã™ã‚‹ãŸã‚ã«è¨¼è·¡ã‚’è‡ªå‹•åŽé›†ã€‚æ–™é‡‘ã¯ Free ã¨ Premium ã® 2 tiersã€‚

Free tier ã§ã¯ä»¥ä¸‹ã®ç›£æŸ»å¯¾å¿œãŒå¯èƒ½ã€‚

SOC2
Google-recommended AI controls

Premium tierï¼ˆ$7,500/yrï¼‰ã§ã¯ä»¥ä¸‹ã®ç›£æŸ»å¯¾å¿œãŒå¯èƒ½ã€‚

NIST 800-53 Revision 4
CIS Controls v8
PCI DSS 4.0
Cloud Controls Matrix 4.0
NIST CSF v1
CIS Google Cloud Foundation Benchmark 2.0
ISO 27001 2022

Vertex AI ã§ Gemini ã«ã‚ˆã‚‹ã€ŒãƒãƒƒãƒæŽ¨è«–ã€ãŒå¯èƒ½ã«ï¼ˆGAï¼‰

Batch prediction (2024-11-08)

Vertex AI ã§ Gemini ã«ã‚ˆã‚‹ã€ŒãƒãƒƒãƒæŽ¨è«–ã€ãŒå¯èƒ½ã«ï¼ˆGAï¼‰ã€‚

1åº¦ã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆã§å¤šæ•°ã®ãƒ—ãƒãƒ³ãƒ—ãƒˆã‚’é€ä¿¡ã€‚åŒé‡ã®æ¨™æº–ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚ˆã‚Š50%å¼•ãã®æ–™é‡‘ã§åˆ©ç”¨ã§ãã‚‹ã€‚ãƒ¬ã‚¹ãƒãƒ³ã‚¹ã¯ BigQuery ã¾ãŸã¯ Cloud Storage ã«éžåŒæœŸå‡ºåŠ›ã€‚Gemini 1.5 Pro/Flash ç‰ã§åˆ©ç”¨å¯èƒ½ã€‚

GKE ã®ã‚³ãƒ³ãƒˆãƒãƒ¼ãƒ«ãƒ—ãƒ¬ãƒ¼ãƒ³ã« DNS ãƒ™ãƒ¼ã‚¹ã®ã‚¢ã‚¯ã‚»ã‚¹ãŒç™»å ´

About network isolation in GKE (2024-11-11)

Google Kubernetes Engineï¼ˆGKEï¼‰ã§ã€ã‚³ãƒ³ãƒˆãƒãƒ¼ãƒ«ãƒ—ãƒ¬ãƒ¼ãƒ³ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹æ–¹æ³•ã« DNS ãƒ™ãƒ¼ã‚¹ã®ã‚¢ã‚¯ã‚»ã‚¹ãŒç™»å ´ã€‚

å¾“æ¥ã® IP ãƒ™ãƒ¼ã‚¹ã ã¨ã€ã‚¯ãƒ©ã‚¹ã‚¿ã‚’ãƒ—ãƒ©ã‚¤ãƒ™ãƒ¼ãƒˆãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã«é–‰ã˜è¾¼ã‚ã€æŽ¥ç¶šå…ƒ IP ã‚¢ãƒ‰ãƒ¬ã‚¹ï¼ˆæ‰¿èªæ¸ˆã¿ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ï¼‰ã§åˆ¶å¾¡ã—ã¦ã„ãŸãŒã€DNS ãƒ™ãƒ¼ã‚¹ã®ã‚¢ã‚¯ã‚»ã‚¹ã§ã¯ IAM ã§èªè¨¼ã€‚

ä»¥ä¸‹ã®è¨˜äº‹ã‚‚å‚ç…§ã€‚

blog.g-gen.co.jp

Gemini ã‚µã‚¤ãƒ‰ãƒ‘ãƒãƒ«ã®æ—¥æœ¬èªžç‰ˆãŒ Alpha ç‰ˆ â†’ GA

Now generally available: use Gemini in the side panel of Workspace apps in seven additional languages (2024-11-07)

Gemini for Google Workspace ã‚µã‚¤ãƒ‰ãƒ‘ãƒãƒ«ã®æ—¥æœ¬èªžç‰ˆãŒ Alpha ç‰ˆ â†’ GAï¼ˆä¸€èˆ¬å…¬é–‹ï¼‰ã€‚2024-10-16 ã« Alpha ç‰ˆã¨ã—ã¦å…¬é–‹ã•ã‚Œã¦ã„ãŸã€‚

ãªãŠã€ä»–ã®è¨€èªžã‚‚åŒæ™‚ã« GAã€‚ä»Šå›žã®å…¬è¡¨ã§ GA ã•ã‚ŒãŸè¨€èªžã¯ä»¥ä¸‹ã®ã¨ãŠã‚Šã€‚

ãƒ‰ã‚¤ãƒ„èªž
ã‚¤ã‚¿ãƒªã‚¢èªž
æ—¥æœ¬èªž
éŸ“å›½èªž
ãƒãƒ«ãƒˆã‚¬ãƒ«èªž
ã‚¹ãƒšã‚¤ãƒ³èªž

Cloud Run ã§ in-memory volume ãŒ Preview -> GA

Configure in-memory volume mounts for services (2024-11-12)

Cloud Run ã§ in-memory volume ãŒ Preview -> GAã€‚

ã‚³ãƒ³ãƒ†ãƒŠã®ãƒ¡ãƒ¢ãƒªé ˜åŸŸã‚’ãƒ•ã‚¡ã‚¤ãƒ«ã‚·ã‚¹ãƒ†ãƒ ã¨ã—ã¦åˆ©ç”¨ã€‚Cloud Run service ã¨ jobs ã®ä¸¡æ–¹ã§åˆ©ç”¨å¯èƒ½ã€‚

Cloud Storage ã§ Bucket IP filtering ãŒ Preview å…¬é–‹

Bucket IP filtering (2024-11-14)

Cloud Storage ã§ Bucket IP filtering ãŒ Preview å…¬é–‹ã€‚

ãƒã‚±ãƒƒãƒˆã§æŽ¥ç¶šå…ƒ IP ã‚¢ãƒ‰ãƒ¬ã‚¹åˆ¶é™ãŒå¯èƒ½ã«ãªã£ãŸã€‚å¾“æ¥ã‚‚ VPC Service Controls ã§ IP ã‚¢ãƒ‰ãƒ¬ã‚¹ãƒ™ãƒ¼ã‚¹ã®åˆ¶é™ã¯ã§ããŸãŒã€å½“æ©Ÿèƒ½ã§ã¯ãƒã‚±ãƒƒãƒˆå˜ä½ã§ã®åˆ¶å¾¡ãŒå¯èƒ½ã«ãªã‚‹ã€‚ã¾ãŸã€æŽ¥ç¶šå…ƒ VPC ã‚‚åˆ¶é™ã§ãã‚‹ã€‚

ãŸã ã—ã€æ±äº¬ãƒ»å¤§é˜ªãƒªãƒ¼ã‚¸ãƒ§ãƒ³æœªå¯¾å¿œãªã®ã§æ³¨æ„ã€‚

Optimize with numeric predicates (2024-11-19)

Search index ã¯ãƒ†ãƒ¼ãƒ–ãƒ«ã®ç‰¹å®šåˆ—ã«ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã‚’ä½œæˆã—ã¦ãŠã‘ã° WHERE å¥ã§ã®çµžã‚Šè¾¼ã¿ï¼ˆæ¤œç´¢ï¼‰ãŒé«˜é€ŸåŒ–ã™ã‚‹ä»•çµ„ã¿ã€‚ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã¯è‡ªå‹•æ›´æ–°ã€‚

Cloud SQL Enterprise Plus edition ã§ write endpoint ãŒ Preview å…¬é–‹

Optimize with numeric predicates (2024-11-19)

Cloud SQLï¼ˆfor PostgreSQLã€MySQLï¼‰Enterprise Plus edition ã§ write endpoint ãŒ Previewã€‚

æ›¸ãè¾¼ã¿ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆï¼ˆwrite endpointï¼‰ã¨ã¯ã€å¸¸ã«ãƒ—ãƒ©ã‚¤ãƒžãƒªã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã®ãƒ—ãƒ©ã‚¤ãƒ™ãƒ¼ãƒˆ IP ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’æŒ‡ã™ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆã®ã“ã¨ã§ã€DNS åã‚’æŒã¤ã€‚

æ›¸ãè¾¼ã¿ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆã‚’ä½¿ã£ã¦æŽ¥ç¶šã™ã‚‹ã“ã¨ã§ã€åˆ¥ãƒªãƒ¼ã‚¸ãƒ§ãƒ³ã«æ§‹æˆã—ãŸãƒªãƒ¼ãƒ‰ãƒ¬ãƒ—ãƒªã‚«ã‚’ãƒ—ãƒ©ã‚¤ãƒžãƒªã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã¨ã—ã¦æ˜‡æ ¼ã—ãŸéš›ã‚‚ã€ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³å´ã§å‘ãå…ˆ IP ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’å¤‰æ›´ã™ã‚‹å¿…è¦ãŒãªã„ã€‚

Cloud SQL Auth Proxy ã‹ã‚‰ã¯æ›¸ãè¾¼ã¿ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆã‚’ä½¿ãˆãªã„ã“ã¨ã«æ³¨æ„ã€‚

Cloud SQL Studio ã§ IAM ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹èªè¨¼ãŒä½¿ãˆã‚‹ã‚ˆã†ã«

IAM database authentication (2024-11-20)

Cloud SQL Studio ã§ IAM ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹èªè¨¼ãŒä½¿ãˆã‚‹ã‚ˆã†ã«ã€‚Cloud SQL Studio ã¨ã¯ã€Google Cloud ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã‹ã‚‰ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã«ã‚¯ã‚¨ãƒªã—ãŸã‚Šç®¡ç†ã§ãã‚‹ UIã€‚ã“ã‚Œã¾ã§ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ãƒ»ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚’å…¥åŠ›ã—ã¦èªè¨¼ã™ã‚‹å¿…è¦ãŒã‚ã£ãŸã€‚

Migrate from Cloud SQL for PostgreSQL to AlloyDB for PostgreSQL (2024-11-21)

Cloud SQL ã‹ã‚‰ AlloyDB ã¸ã®ç§»è¡ŒãŒå®¹æ˜“ã«å®Ÿç¾ã§ãã‚‹ã‚ˆã†ã«ãªã£ãŸã€‚

2025å¹´1æœˆ25æ—¥ã‚ˆã‚Š Cloud Run é–¢é€£ãƒãƒ¼ãƒ«ã«ä»•æ§˜å¤‰æ›´ã‚ã‚Š

[Action Required] Ensure read access on container images deployed to Cloud Run - G-gen Tech Blog (2024-11-25)

2025å¹´1æœˆ25æ—¥ã‚ˆã‚Šã€Cloud Runã®ãƒ‡ãƒ—ãƒã‚¤ã‚’è¡Œã†ã“ã¨ãŒã§ãã‚‹äº‹å‰å®šç¾©ãƒãƒ¼ãƒ«ï¼ˆCloud Run ç®¡ç†è€… / ãƒ‡ãƒ™ãƒãƒƒãƒ‘ãƒ¼ï¼‰ã®ä»•æ§˜ã«å¤‰æ›´ã€‚

blog.g-gen.co.jp

Google Chat ã«éŸ³å£°ãƒŸãƒ¼ãƒ†ã‚£ãƒ³ã‚° huddles ãŒå°Žå…¥

Introducing huddles: instant-on, audio-first meetings in Google Chat (2024-11-27)

Google Chat ã«éŸ³å£°ãƒŸãƒ¼ãƒ†ã‚£ãƒ³ã‚° huddles ãŒå°Žå…¥ã€‚Chat ã‹ã‚‰ã‚·ãƒ¼ãƒ ãƒ¬ã‚¹ã«éŸ³å£°ãƒ»å‹•ç”»é€šè©±ã‚’ã‚¹ã‚¿ãƒ¼ãƒˆã§ãã‚‹ã€‚ãƒãƒƒã‚¯ã‚¨ãƒ³ãƒ‰ã¯ Google Meetã€‚2024-11-27ã‹ã‚‰é †æ¬¡ãƒãƒ¼ãƒ«ã‚¢ã‚¦ãƒˆã•ã‚Œã‚‹ã€‚

IAM Deny policiesï¼ˆæ‹’å¦ãƒãƒªã‚·ãƒ¼ï¼‰ã‚’ä½¿ã£ãŸäºˆé˜²çš„çµ±åˆ¶

2024-11-28T09:00:00+09:00

G-gen ã®æ¦äº•ã§ã™ã€‚å½“è¨˜äº‹ã§ã¯ IAM Deny policiesï¼ˆæ‹’å¦ãƒãƒªã‚·ãƒ¼ï¼‰ã‚’ä½¿ã£ãŸäºˆé˜²çš„çµ±åˆ¶ã«ã¤ã„ã¦è§£èª¬ã—ã¾ã™ã€‚

ã¯ã˜ã‚ã«
æ¤œè¨¼ã®æ¦‚è¦
ç’°å¢ƒæ§‹ç¯‰
- ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰
- å®Ÿè¡Œçµæžœ
å‹•ä½œç¢ºèª
- æ‹’å¦ãƒãƒªã‚·ãƒ¼è¨å®šå‰
- æ‹’å¦ãƒãƒªã‚·ãƒ¼è¨å®šå¾Œ
é–¢é€£è¨˜äº‹

ã¯ã˜ã‚ã«

å½“è¨˜äº‹ã«ã¤ã„ã¦

å½“è¨˜äº‹ã§ã¯ã€IAM Deny policiesï¼ˆä»¥ä¸‹ã€æ‹’å¦ãƒãƒªã‚·ãƒ¼ï¼‰ã§ç‰¹å®šã®æ“ä½œã‚’åˆ¶é™ã—ã€Google Cloud ç’°å¢ƒã«äºˆé˜²çš„çµ±åˆ¶ã‚’åŠ¹ã‹ã›ã‚‹æ–¹æ³•ã‚’è§£èª¬ã—ã¾ã™ã€‚

äºˆé˜²çš„çµ±åˆ¶

äºˆé˜²çš„çµ±åˆ¶ã¨ã¯ã€ãƒªã‚¹ã‚¯ï¼ˆæ„å›³ã—ãªã„æ“ä½œã€ä¸æ£ãªæ“ä½œï¼‰ã‚’æœªç„¶ã«é˜²ããŸã‚ã®çµ±åˆ¶ã‚’æ„å‘³ã—ã¾ã™ã€‚

ä»¥ä¸‹ã¯ Google Cloud ã«ãŠã‘ã‚‹äºˆé˜²çš„çµ±åˆ¶ã®ä¸€ä¾‹ã§ã™ã€‚

ä½¿ç”¨ã™ã‚‹ãƒ—ãƒãƒ€ã‚¯ãƒˆ	åŠ¹æžœ
æ‹’å¦ãƒãƒªã‚·ãƒ¼ (Cloud IAM)	ãƒªã‚½ãƒ¼ã‚¹ã«å¯¾ã™ã‚‹ç‰¹å®šã®æ“ä½œã‚’ IAM ãƒ‘ãƒ¼ãƒŸãƒƒã‚·ãƒ§ãƒ³ (æ¨©é™) ã«åŸºã¥ãåˆ¶é™ã™ã‚‹
çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ (Resource Manager)	ãƒªã‚½ãƒ¼ã‚¹ã«å¯¾ã™ã‚‹ç‰¹å®šã®æ“ä½œã‚’åˆ¶ç´„ (å®šç¾©æ¸ˆã¿ã®ã‚¢ã‚¯ã‚·ãƒ§ãƒ³) ã«åŸºã¥ãåˆ¶é™ã™ã‚‹
VPC Service Controls	API ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’ã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆãƒ™ãƒ¼ã‚¹ã®ãƒ«ãƒ¼ãƒ«ã«åŸºã¥ãåˆ¶é™ã™ã‚‹

æ‹’å¦ãƒãƒªã‚·ãƒ¼

æ‹’å¦ãƒãƒªã‚·ãƒ¼ã¯ã€é€šå¸¸ã® IAM Policy ã‚ˆã‚Šã‚‚å¼·ã„å¼·åˆ¶åŠ›ã§ Google Cloud ãƒªã‚½ãƒ¼ã‚¹ã¸ã®æ“ä½œã‚’åˆ¶é™ã—ã¾ã™ã€‚

IAM ãƒãƒªã‚·ãƒ¼ã®è©•ä¾¡ãƒ•ãƒãƒ¼ã§ã¯ã€æ‹’å¦ãƒãƒªã‚·ãƒ¼ï¼ˆæ˜Žç¤ºçš„ãª Denyï¼‰ãŒé€šå¸¸ã® IAM Policyï¼ˆæ˜Žç¤ºçš„ãª Allowï¼‰ã‚ˆã‚Šå…ˆã«è©•ä¾¡ã•ã‚Œã€å„ªå…ˆçš„ã«é©ç”¨ã•ã‚Œã¾ã™ã€‚

blog.g-gen.co.jp

æ‹’å¦ãƒãƒªã‚·ãƒ¼ã®ä½¿ã„æ‰€

ãã®ãŸã‚ã€IAM ã«ã‚ˆã‚‹æ¨©é™è¨è¨ˆã§ã¯ã€ã¾ãšã¯æ‹’å¦ãƒãƒªã‚·ãƒ¼ã‚’ä½¿ã‚ãšã« IAM Policyï¼ˆæ˜Žç¤ºçš„ãª Allowï¼‰ã§ç®¡ç†ã™ã‚‹ã“ã¨ã‚’åŽŸå‰‡ã¨ã—ã€ ã©ã†ã—ã¦ã‚‚å¼·ã„æ¨©é™ã§æ‹’å¦ã—ãŸã„ï¼ˆæ¨©é™ã«ãƒ•ã‚¿ã‚’ã—ãŸã„ï¼‰å ´åˆã«æ‹’å¦ãƒãƒªã‚·ãƒ¼ã‚’ä½¿ã† ã¨ã„ã†æ–¹é‡ãŒæœ›ã¾ã—ã„ã¨è¨€ãˆã¾ã™ã€‚

æ‹’å¦ãƒãƒªã‚·ãƒ¼ã¯çµ±åˆ¶ã®åº¦åˆã„ã¨ã—ã¦ã¯å¼·åŠ›ãªãŸã‚ã€å®‰æ˜“ã«ä½¿ã£ã¦ã—ã¾ã†ã¨å¾Œã‹ã‚‰ä¿®æ£ãŒé›£ã—ããªã‚‹å ´åˆãŒã‚ã‚‹ã®ã§ã”æ³¨æ„ãã ã•ã„ã€‚

æ‹’å¦ãƒãƒªã‚·ãƒ¼ã¨çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã®é•ã„

Google Cloud ã®äºˆé˜²çš„çµ±åˆ¶ã«ã¯ã€æ‹’å¦ãƒãƒªã‚·ãƒ¼ã«ä¼¼ãŸä»•çµ„ã¿ã¨ã—ã¦çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ï¼ˆResource Manager ã®1æ©Ÿèƒ½ï¼‰ãŒã‚ã‚Šã¾ã™ã€‚

å‰è€…ã¯ IAM ãƒ‘ãƒ¼ãƒŸãƒƒã‚·ãƒ§ãƒ³ï¼ˆæ¨©é™ï¼‰ ã€å¾Œè€…ã¯ åˆ¶ç´„ ã¨å‘¼ã°ã‚Œã‚‹å®šç¾©æ¸ˆã¿ã®ã‚¢ã‚¯ã‚·ãƒ§ãƒ³ã«ã‚‚ã¨ã¥ã„ã¦æ“ä½œã‚’åˆ¶é™ã™ã‚‹ã¨ã„ã†ç‚¹ã«é•ã„ãŒã‚ã‚Šã¾ã™ã€‚

å‚è€ƒ : çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã®åˆ¶ç´„

æ¤œè¨¼ã®æ¦‚è¦

ç›®çš„

çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ï¼ˆåˆ¶ç´„ï¼‰ã®ä½œæˆãƒ»å‰Šé™¤ãƒ»æ›´æ–° ã«ã¤ã„ã¦ã¯ã™ã¹ã¦ã®ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ã§ç¦æ¢ã«ã—ã¤ã¤ã€Terraform ãŒä½¿ç”¨ã™ã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã€ãªã‚‰ã³ã«ç®¡ç†è€…ã‚°ãƒ«ãƒ¼ãƒ—ã ã‘ã¯ä¾‹å¤–ï¼ˆæ“ä½œå¯èƒ½ï¼‰ã¨ã—ã¦ã„ã¾ã™ã€‚

#	æ‹’å¦ã—ãŸã„æ“ä½œ	æ‹’å¦å¯¾è±¡ã®ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«	ä¾‹å¤–ã®ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«
1	çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã®ä½œæˆ	ã™ã¹ã¦	ãƒ»Terraform ç”¨ ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ ãƒ»ç®¡ç†è€…ã‚°ãƒ«ãƒ¼ãƒ—
2	çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã®å‰Šé™¤	ã™ã¹ã¦	ãƒ»Terraform ç”¨ ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ ãƒ»ç®¡ç†è€…ã‚°ãƒ«ãƒ¼ãƒ—
3	çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã®æ›´æ–°	ã™ã¹ã¦	ãƒ»Terraform ç”¨ ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ ãƒ»ç®¡ç†è€…ã‚°ãƒ«ãƒ¼ãƒ—

å‰æ

ãƒ‡ãƒ¢ã‚’å®Ÿæ–½ã™ã‚‹ã«ã‚ãŸã‚Šã€ä»¥ä¸‹ã® IAM Policy ã‚’è¨å®šã—ã¦ã„ã¾ã™ã€‚

#	ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«	ä»˜ä¸Žã—ãŸ IAM ãƒãƒ¼ãƒ«	ä»˜ä¸Žã—ãŸãƒªã‚½ãƒ¼ã‚¹ (å ´æ‰€)
1	Terraform ç”¨ ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ	ãƒ»ã‚ªãƒ¼ãƒŠãƒ¼ ãƒ»çµ„ç¹”ç®¡ç†è€… ãƒ»çµ„ç¹”ãƒãƒªã‚·ãƒ¼ç®¡ç†è€… ãƒ»æ‹’å¦ç®¡ç†è€…	çµ„ç¹”ãƒªã‚½ãƒ¼ã‚¹
2	ç®¡ç†è€…ã‚°ãƒ«ãƒ¼ãƒ—	ãƒ»ã‚ªãƒ¼ãƒŠãƒ¼ ãƒ»çµ„ç¹”ç®¡ç†è€… ãƒ»çµ„ç¹”ãƒãƒªã‚·ãƒ¼ç®¡ç†è€… ãƒ»æ‹’å¦ç®¡ç†è€…	çµ„ç¹”ãƒªã‚½ãƒ¼ã‚¹
3	éžç®¡ç†è€…ã‚°ãƒ«ãƒ¼ãƒ—	ãƒ»çµ„ç¹”ãƒãƒªã‚·ãƒ¼ç®¡ç†è€…	çµ„ç¹”ãƒªã‚½ãƒ¼ã‚¹

ç’°å¢ƒ

æ‹’å¦ãƒãƒªã‚·ãƒ¼ã®è¨å®šã¯ Terraform ã§è¡Œã„ã¾ã™ã€‚

ã¾ãŸã€æ‹’å¦ãƒãƒªã‚·ãƒ¼è¨å®šå¾Œã¯ä»¥ä¸‹ã®æ¡ä»¶ã§å‹•ä½œç¢ºèªã‚’è¡Œã„ã¾ã™ã€‚

#	ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«	æ“ä½œ	æœŸå¾…ã™ã‚‹å‹•ä½œ
1	ç®¡ç†è€…ã‚°ãƒ«ãƒ¼ãƒ—	çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã‚’ä½œæˆ	æˆåŠŸ
2	éžç®¡ç†è€…ã‚°ãƒ«ãƒ¼ãƒ—	çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã‚’å‰Šé™¤	å¤±æ•—

å¿…è¦ãª IAM ãƒãƒ¼ãƒ«

æ‹’å¦ãƒãƒªã‚·ãƒ¼ã‚’ç®¡ç†ã™ã‚‹å ´åˆã€çµ„ç¹”ãƒ¬ãƒ™ãƒ«ã§ æ‹’å¦ç®¡ç†è€…ãƒãƒ¼ãƒ«ï¼ˆroles/iam.denyAdminï¼‰ ãŒå¿…è¦ã§ã™ã€‚

ä»Šå›žã®ãƒ‡ãƒ¢ã§ã¯ Terraform ãŒä½¿ç”¨ã™ã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã«å¯¾ã—ã€çµ„ç¹”ãƒ¬ãƒ™ãƒ«ã§ä¸Šè¨˜ãƒãƒ¼ãƒ«ã‚’ä»˜ä¸Žã—ã¦ã„ã¾ã™ã€‚

å‚è€ƒ : å¿…è¦ãªãƒãƒ¼ãƒ«

å‚è€ƒ : Permissions supported in deny policies

ç’°å¢ƒæ§‹ç¯‰

ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰

ä»Šå›žã®æ¤œè¨¼ã§ã¯ã€Terraform ã§ç’°å¢ƒæ§‹ç¯‰ã‚’å®Ÿæ–½ã—ã¾ã™ã€‚ä½¿ç”¨ã—ãŸ Terraform ã®ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰ã¯ä»¥ä¸‹ã®ã¨ãŠã‚Šã§ã™ã€‚

$ tree
.
â”œâ”€â”€ env
â”‚   â””â”€â”€ organization
â”‚       â”œâ”€â”€ backend.tf
â”‚       â”œâ”€â”€ locals.tf
â”‚       â”œâ”€â”€ main.tf
â”‚       â””â”€â”€ versions.tf
â””â”€â”€ modules
    â””â”€â”€ preventive_controls
        â””â”€â”€ organization_deny_policies
            â”œâ”€â”€ main.tf
            â”œâ”€â”€ outputs.tf
            â””â”€â”€ variables.tf

# main.tf (modules)
  
resource "google_iam_deny_policy" "default" {
  parent       = urlencode("cloudresourcemanager.googleapis.com/organizations/${var.organization_id}")
  name         = "dev-ggen-deny-policy-organization"
  display_name = "Dev G-gen Deny Policy Organization"
  
  # https://cloud.google.com/iam/docs/deny-permissions-support
  # çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã®ç·¨é›†ç¦æ¢
  rules {
    description = "First rule"
    deny_rule {
      denied_principals = ["principalSet://goog/public:all"]
      denied_permissions   = [
        "orgpolicy.googleapis.com/policies.create",
        "orgpolicy.googleapis.com/policies.delete",
        "orgpolicy.googleapis.com/policies.update",
      ]
      exception_principals = var.permitted_principals
    }
  }
}

# variables.tf
  
variable "permitted_principals" {
  description = "List of principals that are exempt from the deny policy"
  type        = list(string)
}
  
variable "organization_id" {
  description = "The ID of the organization to create resources in"
  type        = string
}

# main.tf (env)
  
module "organization_deny_policies" {
  source              = "../../modules/preventive_controls/organization_deny_policies"
  organization_id     = local.organization_id
  permitted_principals = local.permitted_principals
}

# locals.tf
  
locals {
  organization_id = "1234567890"
  
  # https://cloud.google.com/iam/docs/principal-identifiers#v2
  permitted_principals = [
    "principal://iam.googleapis.com/projects/-/serviceAccounts/[email protected]",
    "principalSet://goog/group/[email protected]",
  ]
}

å‚è€ƒ : google_iam_deny_policy
å‚è€ƒ : ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ID (IAM v2 API)

å®Ÿè¡Œçµæžœ

terraform apply ã®å®Ÿè¡Œçµæžœã¯ä»¥ä¸‹ã®ã¨ãŠã‚Šã§ã™ã€‚

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  
Terraform will perform the following actions:

  # module.organization_deny_policies.google_iam_deny_policy.default will be created
  + resource "google_iam_deny_policy" "default" {
      + display_name = "Dev G-gen Deny Policy Organization"
      + etag         = (known after apply)
      + id           = (known after apply)
      + name         = "dev-ggen-deny-policy-organization"
      + parent       = "cloudresourcemanager.googleapis.com%2Forganizations%2F1234567890"
  
      + rules {
          + description = "First rule"
  
          + deny_rule {
              + denied_permissions   = [
                  + "orgpolicy.googleapis.com/policies.create",
                  + "orgpolicy.googleapis.com/policies.delete",
                  + "orgpolicy.googleapis.com/policies.update",
                ]
              + denied_principals    = [
                  + "principalSet://goog/public:all",
                ]
              + exception_principals = [
                  + "principal://iam.googleapis.com/projects/-/serviceAccounts/[email protected]",
                  + "principalSet://goog/group/[email protected]",
                ]
            }
        }
    }
  
Plan: 1 to add, 0 to change, 0 to destroy.
module.organization_deny_policies.google_iam_deny_policy.default: Creating...
module.organization_deny_policies.google_iam_deny_policy.default: Still creating... [10s elapsed]
module.organization_deny_policies.google_iam_deny_policy.default: Creation complete after 11s [id=cloudresourcemanager.googleapis.com%2Forganizations%2F1234567890/dev-ggen-deny-policy-organization]
  
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

å‹•ä½œç¢ºèª

æ‹’å¦ãƒãƒªã‚·ãƒ¼è¨å®šå‰

ä¸¡ã‚°ãƒ«ãƒ¼ãƒ—ã¨ã‚‚ IAM Policy ã«ã‚ˆã£ã¦çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã®ç·¨é›†ãŒè¨±å¯ã•ã‚Œã¦ã„ã‚‹ãŸã‚ã€å½“è©²æ“ä½œãŒå®Ÿè¡Œã§ãã¾ã—ãŸã€‚

#1ã€çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ãŒç·¨é›†ï¼ˆä½œæˆï¼‰ã§ããŸ

#2ã€çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ãŒç·¨é›†ï¼ˆå‰Šé™¤ï¼‰ã§ããŸ

æ‹’å¦ãƒãƒªã‚·ãƒ¼è¨å®šå¾Œ

éžç®¡ç†è€…ã‚°ãƒ«ãƒ¼ãƒ—ã«ãŠã„ã¦ã¯ã€æ‹’å¦ãƒãƒªã‚·ãƒ¼è¨å®šå‰ã«ã¯å®Ÿè¡Œã§ããŸæ“ä½œãŒã€è¨å®šå¾Œã«ã¯åˆ¶é™ã•ã‚Œã¾ã—ãŸã€‚

#	ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«	æ“ä½œ	æœŸå¾…ã™ã‚‹å‹•ä½œ	å®Ÿéš›ã®çµæžœ
1	ç®¡ç†è€…ã‚°ãƒ«ãƒ¼ãƒ—	çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã‚’ä½œæˆ	æˆåŠŸ	æˆåŠŸ
2	éžç®¡ç†è€…ã‚°ãƒ«ãƒ¼ãƒ—	çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã‚’å‰Šé™¤	å¤±æ•—	å¤±æ•—

#1ã€æ‹’å¦ãƒãƒªã‚·ãƒ¼è¨å®šå¾Œã‚‚çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ãŒç·¨é›†ï¼ˆä½œæˆï¼‰ã§ããŸ

#2ã€æ‹’å¦ãƒãƒªã‚·ãƒ¼ã«ã‚ˆã£ã¦çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã®ç·¨é›†ï¼ˆå‰Šé™¤ï¼‰ãŒåˆ¶é™ã•ã‚ŒãŸ

é–¢é€£è¨˜äº‹

ä»Šå›žã”ç´¹ä»‹ã—ãŸä»–ã«ã‚‚ã€G-gen Tech Blog ã§ã¯äºˆé˜²çš„çµ±åˆ¶ã«é–¢ã™ã‚‹è¨˜äº‹ã‚’å¤šæ•°å…¬é–‹ã—ã¦ã„ã¾ã™ã€‚ã“ã‚Œã‚‰ã‚‚ã‚ã‚ã›ã¦ã”ç¢ºèªãã ã•ã„ã€‚

blog.g-gen.co.jp

[Action Required] Ensure read access on container images deployed to Cloud Run

2024-11-26T08:30:00+09:00

2024å¹´11æœˆ25æ—¥ã€Google Cloud ã‹ã‚‰ç®¡ç†è€…å®›ã¦ã«ã€Œ[Action Required] Ensure read access on container images deployed to Cloud Runã€ã¨ã„ã†ã‚¿ã‚¤ãƒˆãƒ«ã®ãƒ¡ãƒ¼ãƒ«é€šçŸ¥ãŒã‚ã‚Šã¾ã—ãŸã€‚å½“è¨˜äº‹ã§ã¯ã€é€šçŸ¥ã®å†…å®¹ã¨ãƒ¦ãƒ¼ã‚¶ãƒ¼å´ã§å¿…è¦ãªã‚¢ã‚¯ã‚·ãƒ§ãƒ³ã€å½±éŸ¿ç¯„å›²ã®ç¢ºèªæ–¹æ³•ãªã©ã‚’è§£èª¬ã—ã¾ã™ã€‚

ãƒ¦ãƒ¼ã‚¶ãƒ¼å´ã§å¿…è¦ãªã‚¢ã‚¯ã‚·ãƒ§ãƒ³
æƒ³å®šã•ã‚Œã‚‹å½±éŸ¿ç¯„å›²
å½±éŸ¿ç¯„å›²ã®ç¢ºèªæ–¹æ³•
Cloud Run functions ã¸ã®å½±éŸ¿

é€šçŸ¥ã®å†…å®¹

Cloud Run ã®ãƒ‡ãƒ—ãƒã‚¤ã«ä½¿ç”¨ã™ã‚‹ã“ã¨ãŒã§ãã‚‹äº‹å‰å®šç¾©ã® IAM ãƒãƒ¼ãƒ«ã€ŒCloud Run ç®¡ç†è€…ï¼ˆroles/run.adminï¼‰ã€ãŠã‚ˆã³ã€ŒCloud Run ãƒ‡ãƒ™ãƒãƒƒãƒ‘ãƒ¼ï¼ˆroles/run.developerï¼‰ã€ã«ã¯ã€æš—é»™çš„ã« Artifact Registory ã®èªã¿å–ã‚Šæ¨©é™ãŒã¤ã„ã¦ã„ã¾ã™ã€‚

Cloud Run ç®¡ç†è€…ã‚„ Cloud Run ãƒ‡ãƒ™ãƒãƒƒãƒ‘ãƒ¼ã«ã¯ Artifact Registry ã®èªã¿å–ã‚Šæ¨©é™ãŒã€Œæ˜Žç¤ºçš„ã«ã¯ã€ä»˜ä¸Žã•ã‚Œã¦ã„ãªã„

2025å¹´1æœˆ15æ—¥ï¼ˆç±³å›½æ™‚é–“ï¼‰ä»¥é™ã€ã“ã®æš—é»™çš„ãªèªã¿å–ã‚Šæ¨©é™ãŒãªããªã‚Šã€Cloud Run ç®¡ç†è€…ãƒãƒ¼ãƒ«ã¨Cloud Run ãƒ‡ãƒ™ãƒãƒƒãƒ‘ãƒ¼ãƒãƒ¼ãƒ«ã§ã¯ Artifact Registry ã«ã‚ã‚‹ã‚³ãƒ³ãƒ†ãƒŠã‚¤ãƒ¡ãƒ¼ã‚¸ã®èªã¿å–ã‚ŠãŒã§ããªããªã‚Šã¾ã™ã€‚ã—ãŸãŒã£ã¦ã€ã“ã®ãƒãƒ¼ãƒ«ã ã‘ã§ã¯ Cloud Run ã®ä½œæˆã€æ›´æ–°ãŒã§ããªããªã‚Šã¾ã™ã€‚

ä»Šå¾Œã€Cloud Run ã®ä½œæˆã€æ›´æ–°ã‚’è¡Œã†ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ï¼ˆãƒ¦ãƒ¼ã‚¶ãƒ¼ã€ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆï¼‰ã¯ã€ã‚³ãƒ³ãƒ†ãƒŠã‚¤ãƒ¡ãƒ¼ã‚¸ã«å¯¾ã™ã‚‹æ˜Žç¤ºçš„ãªèªã¿å–ã‚Šæ¨©é™ãŒå¿…è¦ã¨ãªã‚Šã¾ã™ã€‚å…·ä½“çš„ã«ã¯ã€ã‚³ãƒ³ãƒ†ãƒŠã‚¤ãƒ¡ãƒ¼ã‚¸ãŒå˜åœ¨ã™ã‚‹ Artifact Registry ãƒªãƒã‚¸ãƒˆãƒªã€ã‚‚ã—ãã¯ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã«å¯¾ã™ã‚‹ Artifact Registry èªã¿å–ã‚Šï¼ˆroles/artifactregistry.readerï¼‰ãƒãƒ¼ãƒ«ãŒå¿…è¦ã¨ãªã‚Šã¾ã™ã€‚

æš—é»™çš„ãªæ¨©é™ã«ã‚ˆã‚Šã€Cloud Run ç®¡ç†è€…ã¾ãŸã¯Cloud Run ãƒ‡ãƒ™ãƒãƒƒãƒ‘ãƒ¼ãƒãƒ¼ãƒ«ã‚’ç´ã¥ã‘ã‚‰ã‚ŒãŸãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ã¯ Artifact Registry ã«ã‚ã‚‹ã‚³ãƒ³ãƒ†ãƒŠã‚¤ãƒ¡ãƒ¼ã‚¸ã‚’èªã¿å–ã‚‹ã“ã¨ãŒã§ãã‚‹ã€‚

Cloud Run ç®¡ç†è€…ãƒãƒ¼ãƒ«ãŠã‚ˆã³Cloud Run ãƒ‡ãƒ™ãƒãƒƒãƒ‘ãƒ¼ãƒãƒ¼ãƒ«ã§ã¯ Artifact Registry ã«ã‚ã‚‹ã‚³ãƒ³ãƒ†ãƒŠã‚¤ãƒ¡ãƒ¼ã‚¸ã‚’èªã¿å–ã‚‹ã“ã¨ã¯ã§ããªã„ã€‚ãã®ãŸã‚ Cloud Run ã®ä½œæˆã€æ›´æ–°æ“ä½œãŒã§ããªã„ã€‚
ä»Šã¾ã§ Cloud Run ã®ãƒ‡ãƒ—ãƒã‚¤ã« Cloud Run ç®¡ç†è€…ã¾ãŸã¯ Cloud Run ãƒ‡ãƒ™ãƒãƒƒãƒ‘ãƒ¼ãƒãƒ¼ãƒ«ã‚’ä½¿ç”¨ã—ã¦ã„ãŸãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ã«ã¯ã€Artifact Registry èªã¿å–ã‚Šãƒãƒ¼ãƒ«ã‚‚ç´ã¥ã‘ã‚‹å¿…è¦ãŒã‚ã‚‹ã€‚
ã‚ªãƒ¼ãƒŠãƒ¼ï¼ˆroles/ownerï¼‰ãƒãƒ¼ãƒ«ã€ã¾ãŸã¯ç·¨é›†è€…ï¼ˆroles/editorï¼‰ãƒãƒ¼ãƒ«ãŒç´ã¥ã„ã¦ã„ã‚‹ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ã«ã¤ã„ã¦ã¯ã€ã“ã®å¤‰æ›´ã«ã‚ˆã‚‹å½±éŸ¿ã¯ãªã„ã€‚

ãƒ¦ãƒ¼ã‚¶ãƒ¼å´ã§å¿…è¦ãªã‚¢ã‚¯ã‚·ãƒ§ãƒ³

2025å¹´1æœˆ15æ—¥ã¾ã§ã«ã€Cloud Run ç®¡ç†è€…ã¾ãŸã¯Cloud Run ãƒ‡ãƒ™ãƒãƒƒãƒ‘ãƒ¼ãƒãƒ¼ãƒ«ãŒç´ã¥ã‘ã‚‰ã‚ŒãŸãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ã‚’æ´—ã„å‡ºã—ã€å¿…è¦ã«å¿œã˜ã¦ Artifact Registry èªã¿å–ã‚Šãƒãƒ¼ãƒ«ã‚’ä»˜ä¸Žã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

æƒ³å®šã•ã‚Œã‚‹å½±éŸ¿ç¯„å›²

Cloud Build ã‚„ GitHub Actions ç‰ã® CI/CD ãƒ‘ã‚¤ãƒ—ãƒ©ã‚¤ãƒ³ã‹ã‚‰ Cloud Run ã®ãƒ‡ãƒ—ãƒã‚¤ã‚’è¡Œã£ã¦ã„ã‚‹ã‚ˆã†ãªã‚±ãƒ¼ã‚¹ã§ã¯ã€ãƒ‘ã‚¤ãƒ—ãƒ©ã‚¤ãƒ³ãŒä½¿ç”¨ã™ã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã« Cloud Run ç®¡ç†è€…ã‚‚ã—ãã¯Cloud Run ãƒ‡ãƒ™ãƒãƒƒãƒ‘ãƒ¼ãƒãƒ¼ãƒ«ãŒä»˜ä¸Žã•ã‚Œã¦ã„ã‚‹å¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚

ä»Šå›žã®å¤‰æ›´ã¸ã®å¯¾å‡¦ãŒæ¼ã‚Œã¦ã—ã¾ã£ãŸå ´åˆã€ãƒ‘ã‚¤ãƒ—ãƒ©ã‚¤ãƒ³ãŒåœæ¢ã—ã¦ã—ã¾ã†æã‚ŒãŒã‚ã‚‹ãŸã‚ã€ç¾åœ¨ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã«ç´ã¥ã‘ã‚‰ã‚Œã¦ã„ã‚‹ãƒãƒ¼ãƒ«ã‚’ç¢ºèªã—ã€æ¨©é™ãŒä¸è¶³ã—ã¦ã„ã‚‹å ´åˆã¯ Artifact Registry èªã¿å–ã‚Šãƒãƒ¼ãƒ«ç‰ã‚’ä»˜ä¸Žã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

å½±éŸ¿ç¯„å›²ã®ç¢ºèªæ–¹æ³•

é€šçŸ¥ãƒ¡ãƒ¼ãƒ«

å¤‰æ›´ã®å½±éŸ¿ã‚’å—ã‘ã‚‹å¯èƒ½æ€§ãŒã‚ã‚‹çµ„ç¹”ã‚„ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã®ã‚ªãƒ¼ãƒŠãƒ¼ã‚„ã€ã‚¨ãƒƒã‚»ãƒ³ã‚·ãƒ£ãƒ«ã‚³ãƒ³ã‚¿ã‚¯ãƒˆã«ç™»éŒ²ã•ã‚ŒãŸé€£çµ¡å…ˆã«ã¯ã€2024å¹´11æœˆ25æ—¥ã« Google Cloud ã‹ã‚‰ [Action Required] Ensure read access on container images deployed to Cloud Run ã¨ã„ã†ã‚¿ã‚¤ãƒˆãƒ«ã®ãƒ¡ãƒ¼ãƒ«ãŒé…ä¿¡ã•ã‚Œã¦ã„ã¾ã™ã€‚

å¤‰æ›´ã®å½±éŸ¿ãŒã‚ã‚‹ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã¯ã€åŒãƒ¡ãƒ¼ãƒ«æœ€ä¸‹éƒ¨ã®ã€ŒYour affected projects are listed below:ã€ä»¥ä¸‹ã«è¨˜è¼‰ã•ã‚Œã¦ã„ã¾ã™ã€‚

å¤‰æ›´ã®å½±éŸ¿ãŒã‚ã‚‹ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã¯ãƒ¡ãƒ¼ãƒ«ã«è¨˜è¼‰ã•ã‚Œã¦ã„ã‚‹

ã‚¨ãƒƒã‚»ãƒ³ã‚·ãƒ£ãƒ«ã‚³ãƒ³ã‚¿ã‚¯ãƒˆã«ã¤ã„ã¦ã¯ä»¥ä¸‹ã®è¨˜äº‹ã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚

å‚è€ƒ : Google Cloudã®çµ„ç¹”(Organization)ã‚’å¾¹åº•è§£èª¬ - ã‚¨ãƒƒã‚»ãƒ³ã‚·ãƒ£ãƒ«ã‚³ãƒ³ã‚¿ã‚¯ãƒˆ

Cloud Asset Inventory

ã¾ãŸã€Cloud Asset Inventory ã‚’ä½¿ç”¨ã™ã‚‹ã“ã¨ã§ã€ç‰¹å®šã®ãƒãƒ¼ãƒ«ãŒç´ã¥ã„ãŸãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ã®ä¸€è¦§ã‚’ç¢ºèªã§ãã¾ã™ã€‚

Google Cloud ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã‹ã‚‰ç¢ºèªã™ã‚‹å ´åˆã€ãŸã¨ãˆã°Cloud Run ãƒ‡ãƒ™ãƒãƒƒãƒ‘ãƒ¼ãƒãƒ¼ãƒ«ã§ã‚ã‚Œã°ã€Cloud Asset Inventory ã®ç”»é¢ã® IAM ãƒãƒªã‚·ãƒ¼ã‚¿ãƒ–ã«ã¦ roles: run.developer ã§ãƒ•ã‚£ãƒ«ã‚¿ãƒªãƒ³ã‚°ã—ã¾ã™ã€‚ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã«å¯¾ã—ã¦ãƒãƒ¼ãƒ«ãŒç´ã¥ã‘ã‚‰ã‚Œã¦ã„ã‚‹ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ã¨ã€ç‰¹å®šã® Cloud Run ãƒªã‚½ãƒ¼ã‚¹ã«ãƒãƒ¼ãƒ«ãŒç´ã¥ã‘ã‚‰ã‚Œã¦ã„ã‚‹ãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ã®ä¸¡æ–¹ã‚’æ¤œç´¢ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

Cloud Run ç®¡ç†è€…ãƒãƒ¼ãƒ«ã«ã¤ã„ã¦ã¯ roles: run.admin ã§ãƒ•ã‚£ãƒ«ã‚¿ãƒªãƒ³ã‚°ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

Asset Inventory ã‚’ä½¿ç”¨ã—ã¦ã€å¯¾å‡¦ãŒå¿…è¦ãªãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ã‚’ç¢ºèªã™ã‚‹

gcloud CLI ã§ã¯ gcloud asset search-all-iam-policies ã‚³ãƒžãƒ³ãƒ‰ã§ç¢ºèªã§ãã¾ã™ã€‚

# Cloud Run ãƒ‡ãƒ™ãƒãƒƒãƒ‘ãƒ¼ãƒãƒ¼ãƒ«ãŒä»˜ä¸Žã•ã‚ŒãŸãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ã®ä¸€è¦§ã‚’è¡¨ç¤ºã™ã‚‹
$ gcloud asset search-all-iam-policies --query='roles:run.developer'

# å‡ºåŠ›ä¾‹
$ gcloud asset search-all-iam-policies --query='roles:run.developer'
---
assetType: run.googleapis.com/Service  # ãƒãƒ¼ãƒ«ãŒç‰¹å®šã® Cloud Run ã«ç´ä»˜ã„ã¦ã„ã‚‹å ´åˆ
folders:
- folders/xxxxxxxxxxxx
- folders/xxxxxxxxxxxx
organization: organizations/xxxxxxxxxxxx
policy:
  bindings:
  - members:
    - serviceAccount:[email protected]
    role: roles/run.developer
project: projects/xxxxxxxxxxxx
resource: //run.googleapis.com/projects/myproject/locations/asia-northeast1/services/hello
---
assetType: cloudresourcemanager.googleapis.com/Project  # ãƒãƒ¼ãƒ«ãŒãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã«ç´ä»˜ã„ã¦ã„ã‚‹å ´åˆ
folders:
- folders/xxxxxxxxxxxx
- folders/xxxxxxxxxxxx
organization: organizations/xxxxxxxxxxxx
policy:
  bindings:
  - members:
    - serviceAccount:[email protected]
    role: roles/run.developer
project: projects/xxxxxxxxxxxx
resource: //cloudresourcemanager.googleapis.com/projects/myproject

Cloud Asset Inventory ã«ã¤ã„ã¦ã¯ã€ä»¥ä¸‹ã®è¨˜äº‹ã‚‚å‚è€ƒã«ã—ã¦ãã ã•ã„ã€‚

å‚è€ƒ : Cloud Asset Inventoryã‚’å¾¹åº•è§£èª¬ï¼

Cloud Logging

2025å¹´1æœˆ15æ—¥ã®å¤‰æ›´ãŒé©ç”¨ã•ã‚Œã‚‹ã¾ã§ã¯ã€è©²å½“ã®ãƒãƒ¼ãƒ«ã‚’ä½¿ç”¨ã—ã¦ Cloud Run ã®ãƒ‡ãƒ—ãƒã‚¤ãŒå¯èƒ½ã§ã™ãŒã€Cloud Logging ã«ä»¥ä¸‹ã®ã‚¨ãƒ©ãƒ¼ãƒã‚°ãŒè¨˜éŒ²ã•ã‚Œã‚‹ã‚ˆã†ã«ãªã£ã¦ã„ã¾ã™ã€‚

Cloud Run API check failed. Requests will be rejected after January 2025 hard enforcement deadline. User does not have access to image {Artifact Registry å†…ã®ã‚³ãƒ³ãƒ†ãƒŠã‚¤ãƒ¡ãƒ¼ã‚¸ã® URL}

resource.type = "cloud_run_revision"
severity=ERROR
"User does not have access to image"

ãƒã‚°ãŒå‡ºã¦ã„ã‚‹å ´åˆã€å¯¾å‡¦ãŒå¿…è¦ãªãƒ—ãƒªãƒ³ã‚·ãƒ‘ãƒ«ã‚’ä½¿ç”¨ã—ã¦ãƒ‡ãƒ—ãƒã‚¤ãŒè¡Œã‚ã‚Œã¦ã„ã‚‹ã®ã§ã€Artifact Registry èªã¿å–ã‚Šãƒãƒ¼ãƒ«ç‰ã®ä»˜ä¸Žã‚’è¡Œã„ã¾ã™ã€‚

ä¸Šè¨˜ã®ã‚¯ã‚¨ãƒªã‚’ä½¿ç”¨ã—ã¦ãƒã‚°ãƒ™ãƒ¼ã‚¹ã®ã‚¢ãƒ©ãƒ¼ãƒˆã‚’è¨å®šã—ã¦ãŠãã“ã¨ã§ã€å¯¾è±¡ã®ãƒã‚°ã®ç¢ºèªæ¼ã‚Œã‚’é˜²ãã“ã¨ãŒã§ãã¾ã™ã€‚

Cloud Run functions ã¸ã®å½±éŸ¿

Cloud Run functionsï¼ˆç¬¬2ä¸–ä»£ï¼‰ã¯ã€å®Ÿè¡ŒåŸºç›¤ã¨ã—ã¦ Cloud Run ãŒãƒ™ãƒ¼ã‚¹ã«ãªã£ã¦ã„ã¾ã™ã€‚Cloud Run functions ã«ã€ä»Šå›žã®å¤‰æ›´ã¯å½±éŸ¿ãŒã‚ã‚‹ã®ã§ã—ã‚‡ã†ã‹ã€‚

ä»Šå›žã®å¤‰æ›´ã«ã¤ã„ã¦ã€Cloud Run functions ã¸ã®å½±éŸ¿ã¯ã‚ã‚Šã¾ã›ã‚“ã€‚Cloud Run functions ã®ãƒ‡ãƒ—ãƒã‚¤æ™‚ã¯ã€ã‚µãƒ¼ãƒ“ã‚¹ã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆã¨å‘¼ã°ã‚Œã‚‹ç‰¹æ®Šãªã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆãŒã€ãƒ“ãƒ«ãƒ‰ã‚„ Artifact Registry ã‹ã‚‰ã®ã‚¤ãƒ¡ãƒ¼ã‚¸å–å¾—ã‚’è¡Œã„ã¾ã™ã€‚ã“ã‚Œã‚‰ã®ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã«ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§ä»˜ä¸Žã•ã‚Œã¦ã„ã‚‹ãƒãƒ¼ãƒ«ã‚’å¤‰æ›´ã—ãªã‘ã‚Œã°ã€ä»Šå›žã®å¤‰æ›´ã§ã¯å½±éŸ¿ãŒãªã„ã‚ˆã†ã«ãªã£ã¦ã„ã¾ã™ã€‚

å‚è€ƒ : ç®¡ç†è€…ã‚µãƒ¼ãƒ“ã‚¹ ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ

2024-11-25T09:00:00+09:00

G-gen ã®åˆå‰ã§ã™ã€‚å½“è¨˜äº‹ã§ã¯ã€ç”Ÿæˆ AI ã®å‡ºåŠ›ã‚’è¿…é€Ÿã‹ã¤åŠ¹çŽ‡çš„ã«è©•ä¾¡ã§ãã‚‹ Vertex AI ä¸Šã® API ã§ã‚ã‚‹ã€Gen AI evaluation service ã‚’ç´¹ä»‹ã—ã¾ã™ã€‚

æ¦‚è¦
ãƒ¦ãƒ¼ã‚¹ã‚±ãƒ¼ã‚¹
æ–™é‡‘
ä½¿ã£ã¦ã¿ã‚‹

æ¦‚è¦

Gen AI evaluation service ã¯ã€ç”Ÿæˆ AI ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã®å‡ºåŠ›ã‚’åŠ¹çŽ‡çš„ã«è©•ä¾¡ã™ã‚‹ãŸã‚ã®æ©Ÿèƒ½ã§ã™ã€‚Vertex AI ã®1æ©Ÿèƒ½ã¨ã—ã¦ã€API ã§æä¾›ã•ã‚Œã¾ã™ã€‚ã“ã®æ©Ÿèƒ½ã‚’ä½¿ã†ã¨ã€äº‹å‰å®šç¾©ã•ã‚ŒãŸè©•ä¾¡æŒ‡æ¨™ã‚„ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒç‹¬è‡ªã«å®šç¾©ã—ãŸã‚«ã‚¹ã‚¿ãƒ è©•ä¾¡æŒ‡æ¨™ã‚’ç”¨ã„ã¦ã€ç”Ÿæˆ AI ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã®ãƒ‘ãƒ•ã‚©ãƒ¼ãƒžãƒ³ã‚¹ã‚’å®šé‡çš„ã«è©•ä¾¡ã§ãã¾ã™ã€‚

åŒæ§˜ã® LLM è©•ä¾¡ãƒ„ãƒ¼ãƒ«ã¨ã—ã¦ã¯ã€ã‚ªãƒ¼ãƒ—ãƒ³ã‚½ãƒ¼ã‚¹ã®ãƒ•ãƒ¬ãƒ¼ãƒ ãƒ¯ãƒ¼ã‚¯ã§ã‚ã‚‹ Ragas ãªã©ãŒã‚ã‚Šã¾ã™ãŒã€Gen AI evaluation service ã¯ Vertex AI ã¨ã‚·ãƒ¼ãƒ ãƒ¬ã‚¹ã«çµ±åˆã•ã‚Œã¦ã„ã‚‹ç‚¹ã¨ã€ãƒžãƒãƒ¼ã‚¸ãƒ‰ã‚µãƒ¼ãƒ“ã‚¹ã§ã‚ã‚Šã‚¤ãƒ³ãƒ•ãƒ©ã®ç®¡ç†ãŒä¸è¦ãªç‚¹ãŒãƒ¡ãƒªãƒƒãƒˆã§ã™ã€‚ä¸€æ–¹ã§ã€Ragas ã«æ¯”ã¹è©•ä¾¡æŒ‡æ¨™ãƒ†ãƒ³ãƒ—ãƒ¬ãƒ¼ãƒˆãŒå°‘ãªã„ç‚¹ã‚„ã€å°‘é¡ã§ã¯ã‚ã‚Šã¾ã™ãŒ API åˆ©ç”¨æ–™é‡‘ãŒç™ºç”Ÿã™ã‚‹ã¨ã„ã£ãŸãƒ‡ãƒ¡ãƒªãƒƒãƒˆãŒã‚ã‚Šã¾ã™ã€‚

å‚è€ƒ : Gen AI evaluation service overview

ãƒ¦ãƒ¼ã‚¹ã‚±ãƒ¼ã‚¹

Gen AI Evaluation Service ã¯ã€ä»¥ä¸‹ã®ã‚ˆã†ãªãƒ¦ãƒ¼ã‚¹ã‚±ãƒ¼ã‚¹ã§å½¹ç«‹ã¡ã¾ã™ã€‚

ç”Ÿæˆ AI ãƒ¢ãƒ‡ãƒ«ã®é¸å®š
ãƒ—ãƒãƒ³ãƒ—ãƒˆã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ãƒªãƒ³ã‚°ã®èª¿æ•´

ä»¥ä¸‹ã®å…¬å¼ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã§ã¯ã€ãƒ¦ãƒ¼ã‚¹ã‚±ãƒ¼ã‚¹åˆ¥ã®ã‚µãƒ³ãƒ—ãƒ« Notebook ãŒå…¬é–‹ã•ã‚Œã¦ãŠã‚Šã€å‚è€ƒã«ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚

å‚è€ƒ : Notebooks for evaluation use cases

Gen AI evaluation service ã«ã¯ã€è¨ˆç®—ãƒ™ãƒ¼ã‚¹ï¼ˆComputation-basedï¼‰ã¨ãƒ¢ãƒ‡ãƒ«ãƒ™ãƒ¼ã‚¹ï¼ˆModel-basedï¼‰ã® 2 ç¨®é¡žã®è©•ä¾¡ã‚¿ã‚¤ãƒ—ãŒã‚ã‚Šã¾ã™ã€‚

è¨ˆç®—ãƒ™ãƒ¼ã‚¹ã®è©•ä¾¡ã¯ã€æ£è§£ãƒ‡ãƒ¼ã‚¿ã¨ã®æ¯”è¼ƒã«åŸºã¥ã„ã¦ã‚¹ã‚³ã‚¢ã‚’ç®—å‡ºã—ã¾ã™ã€‚å‡¦ç†é€Ÿåº¦ãŒé€Ÿã„ãŸã‚ã€ãƒªã‚¢ãƒ«ã‚¿ã‚¤ãƒ è©•ä¾¡ã«ã‚‚é©ã—ã¦ã„ã¾ã™ã€‚ä»£è¡¨çš„ãªæŒ‡æ¨™ã¨ã—ã¦ã€è‡ªç„¶è¨€èªžå‡¦ç†ã§åºƒãä½¿ã‚ã‚Œã‚‹ BLEU ã‚„ ROUGE ãªã©ãŒã‚ã‚Šã¾ã™ã€‚

ã—ã‹ã—ã€LLM ã®å‡ºåŠ›è©•ä¾¡ã§ã¯ã€ãã‚‚ãã‚‚ã€Œæ£è§£ãƒ‡ãƒ¼ã‚¿ã€ã‚’æº–å‚™ã™ã‚‹ã“ã¨ãŒé›£ã—ã„å ´åˆãŒã‚ã‚Šã¾ã™ã€‚ã“ã‚Œã¯ã€LLM ã®å‡ºåŠ›ã«å¯¾ã—ã¦å˜ä¸€ã®æ£è§£ã‚’å®šã‚ã«ãã„ãŸã‚ã§ã™ã€‚ã“ã®ãŸã‚ã€å¤šãã®å ´åˆã€äººé–“ã®åˆ¤æ–ã«ã‚ˆã‚‹è©•ä¾¡ãŒè¡Œã‚ã‚Œã¾ã™ãŒã€ã‚¹ã‚±ãƒ¼ãƒ«ã™ã‚‹ã«ã¤ã‚Œã¦æ‰‹é–“ãŒå¢—åŠ ã™ã‚‹ã¨ã„ã†èª²é¡Œã‚‚ã‚ã‚Šã¾ã™ã€‚ã“ã†ã—ãŸèƒŒæ™¯ã‹ã‚‰ã€ç¾åœ¨ã§ã¯ãƒ¢ãƒ‡ãƒ«ãƒ™ãƒ¼ã‚¹ã®è©•ä¾¡ãŒæ³¨ç›®ã•ã‚Œã¦ã„ã¾ã™ã€‚

ãƒ¢ãƒ‡ãƒ«ãƒ™ãƒ¼ã‚¹ã®è©•ä¾¡ã¯ã€LLM è‡ªä½“ã‚’åˆ¤å®šãƒ¢ãƒ‡ãƒ«ã¨ã—ã¦ç”¨ã„ã€äººé–“ã«ã‚ˆã‚‹è©•ä¾¡ã«è¿‘ã„å½¢ã§è©•ä¾¡ã—ã¾ã™ã€‚æ£è§£ãƒ‡ãƒ¼ã‚¿ã‚’å¿…é ˆã¨ã›ãšã€ã€Œæµæš¢ã•ã€ã‚„ã€Œä¸€è²«æ€§ã€ã¨ã„ã£ãŸè¤‡é›‘ãªåŸºæº–ã§ã®è©•ä¾¡ãŒå¯èƒ½ã§ã€ãƒ—ãƒãƒ³ãƒ—ãƒˆã®èª¿æ•´ã«ã‚ˆã‚ŠæŸ”è»Ÿãªè©•ä¾¡åŸºæº–ã‚’è¨å®šã§ãã¾ã™ã€‚

è©•ä¾¡ã‚¿ã‚¤ãƒ—	è©•ä¾¡ã‚¢ãƒ—ãƒãƒ¼ãƒ	æ£è§£ãƒ‡ãƒ¼ã‚¿ï¼ˆGround truthï¼‰	ãƒ¬ã‚¤ãƒ†ãƒ³ã‚·
è¨ˆç®—ãƒ™ãƒ¼ã‚¹	æ•°å¼ã‚’ç”¨ã„ã¦è©•ä¾¡ã™ã‚‹	å¿…é ˆ	æ—©ã„
ãƒ¢ãƒ‡ãƒ«ãƒ™ãƒ¼ã‚¹	åˆ¤å®šãƒ¢ãƒ‡ãƒ« (LLM) ã«è©•ä¾¡ã•ã›ã‚‹	ä»»æ„	é…ã„

è¨ˆç®—ãƒ™ãƒ¼ã‚¹

è¨ˆç®—ãƒ™ãƒ¼ã‚¹ã®è©•ä¾¡æŒ‡æ¨™ã¯ã€å€™è£œãƒ¢ãƒ‡ãƒ«ï¼ˆè©•ä¾¡å¯¾è±¡ã® LLMï¼‰ã®å‡ºåŠ›ãŒæ£è§£ãƒ‡ãƒ¼ã‚¿ã«ã©ã‚Œã ã‘ä¸€è‡´ã—ã¦ã„ã‚‹ã‹ã‚’æ•°å€¤åŒ–ã—ã¾ã™ã€‚ä»¥ä¸‹ã¯ãƒ†ã‚ã‚¹ãƒˆç”Ÿæˆå‘ã‘ã®è©•ä¾¡æŒ‡æ¨™ã§ã™ã€‚

è©•ä¾¡æŒ‡æ¨™	èª¬æ˜Ž	é©ã™ã‚‹ãƒ¦ãƒ¼ã‚¹ã‚±ãƒ¼ã‚¹
Exact match	å€™è£œãƒ¢ãƒ‡ãƒ«ã®å‡ºåŠ›ãŒæ£è§£ãƒ‡ãƒ¼ã‚¿ã¨å®Œå…¨ä¸€è‡´ã™ã‚‹å ´åˆã¯ã€Œ1ã€ã€ã—ãªã„å ´åˆã¯ã€Œ0ã€ã‚’å‡ºåŠ›	QA ã‚„åˆ†é¡žã‚¿ã‚¹ã‚¯
BLEU	å€™è£œãƒ¢ãƒ‡ãƒ«ã®å‡ºåŠ›ã¨æ£è§£ãƒ‡ãƒ¼ã‚¿ã® n-gram ã®ä¸€è‡´åº¦ã‚’ç®—å‡ºã€‚å‡ºåŠ›ã¯ [0 ~ 1] ã®ç¯„å›²ã§ã€ã‚¹ã‚³ã‚¢ãŒé«˜ã„ã»ã©ç”Ÿæˆãƒ†ã‚ã‚¹ãƒˆãŒæ£è§£ã«è¿‘ã„ã“ã¨ã‚’ç¤ºã™ã€‚	ç¿»è¨³ã‚¿ã‚¹ã‚¯
ROUGE	å€™è£œãƒ¢ãƒ‡ãƒ«ã®å‡ºåŠ›ã¨æ£è§£ãƒ‡ãƒ¼ã‚¿ã® n-gram ã® F1-score ã‚’ç®—å‡ºã€‚å‡ºåŠ›ã¯ [0 ~ 1] ã®ç¯„å›²ã§ã€ã‚¹ã‚³ã‚¢ãŒé«˜ã„ã»ã©å†…å®¹ãŒé¡žä¼¼ã—ã¦ã„ã‚‹ã“ã¨ã‚’ç¤ºã™ã€‚	è¦ç´„ã‚¿ã‚¹ã‚¯

å‚è€ƒ : Computation-based metrics

ãƒ¢ãƒ‡ãƒ«ãƒ™ãƒ¼ã‚¹

ãƒ¢ãƒ‡ãƒ«ãƒ™ãƒ¼ã‚¹ã®è©•ä¾¡æŒ‡æ¨™ã§ã¯ã€LLM ãŒåˆ¤å®šãƒ¢ãƒ‡ãƒ«ã¨ã—ã¦æ©Ÿèƒ½ã—ã€å€™è£œãƒ¢ãƒ‡ãƒ«ã®å‡ºåŠ›ã‚’è©•ä¾¡ã—ã¾ã™ã€‚ã“ã®æ‰‹æ³•ã¯ä¸€èˆ¬çš„ã«ã€LLM-as-a-Judge ã¨ã‚‚å‘¼ã°ã‚Œã¾ã™ã€‚

æ–¹å¼	èª¬æ˜Ž	ãƒ¦ãƒ¼ã‚¹ã‚±ãƒ¼ã‚¹
Pointwise	å˜ä¸€ã®å€™è£œãƒ¢ãƒ‡ãƒ«ã®å‡ºåŠ›ã«ã‚¹ã‚³ã‚¢ã‚’ä»˜ä¸Ž	é‹ç”¨æ®µéšŽã§ã®ç¶™ç¶šçš„ãªãƒ¢ãƒ‹ã‚¿ãƒªãƒ³ã‚°
Pairwise	2 ã¤ã®å€™è£œãƒ¢ãƒ‡ãƒ«ã®å‡ºåŠ›ã‚’æ¯”è¼ƒã—ã€ã‚ˆã‚Šé©åˆ‡ãªæ–¹ã‚’é¸æŠž	ãƒ¢ãƒ‡ãƒ«é¸å®šã‚„ãƒ—ãƒãƒ³ãƒ—ãƒˆæ¯”è¼ƒ

ã¾ãŸã€Gen AI evaluation service ã«ã¯ã€æ§˜ã€…ãªã‚¿ã‚¹ã‚¯ã«åˆã‚ã›ãŸäº‹å‰å®šç¾©æ¸ˆã¿ã®ãƒ—ãƒãƒ³ãƒ—ãƒˆãƒ†ãƒ³ãƒ—ãƒ¬ãƒ¼ãƒˆãŒç”¨æ„ã•ã‚Œã¦ã„ã¾ã™ã€‚

	ãƒ†ã‚ã‚¹ãƒˆç”Ÿæˆ	ãƒžãƒ«ãƒã‚¿ãƒ¼ãƒ³ä¼šè©±å½¢å¼	è¦ç´„	QA å“è³ª
Pointwise	ãƒ»Fluency ãƒ»Groundedness ãªã©	ãƒ»Multi-turn Chat Quality ãƒ»Multi-turn Safety	ãƒ»Summarization Quality	ãƒ»Question Answering Quality
Pairwise	ãƒ»Fluency ãƒ»Groundedness ãªã©	ãƒ»Multi-turn Chat Quality ãƒ»Multi-turn Safety	ãƒ»Summarization Quality	ãƒ»Question Answering Quality

ã“ã‚Œã‚‰ã®ãƒ†ãƒ³ãƒ—ãƒ¬ãƒ¼ãƒˆã¯æ›´æ–°ã•ã‚Œã‚‹å¯èƒ½æ€§ãŒã‚ã‚‹ãŸã‚ã€æœ€æ–°æƒ…å ±ã¯ä»¥ä¸‹ã®å…¬å¼ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã‚’ã”å‚ç…§ãã ã•ã„ã€‚

å‚è€ƒ : Metric prompt templates for model-based evaluation

æ–™é‡‘

è©•ä¾¡ã‚¿ã‚¤ãƒ—	ä¾¡æ ¼
ãƒ¢ãƒ‡ãƒ«ãƒ™ãƒ¼ã‚¹ (Pointwise, Pairwise)	å…¥åŠ›: $0.005 per 1k characters å‡ºåŠ›: $0.015 per 1k characters
è¨ˆç®—ãƒ™ãƒ¼ã‚¹	å…¥åŠ›: $0.00003 per 1k characters å‡ºåŠ›: $0.00009 per 1k characters

å‚è€ƒ : Vertex AI Pricing - Gen AI Evaluation Service

ä½¿ã£ã¦ã¿ã‚‹

æ¦‚è¦

æ§‹æˆå›³

ã¾ãŸã€ç†è€…ã®å®Ÿè¡Œç’°å¢ƒã¨ã—ã¦ã¯ Colab Enterprise ã‚’ä½¿ç”¨ã—ã¾ã™ã€‚Colab Enterprise ã®åˆ©ç”¨æ–¹æ³•ã¯ä»¥ä¸‹ã®å…¬å¼ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã®ã‚¯ã‚¤ãƒƒã‚¯ã‚¹ã‚¿ãƒ¼ãƒˆã‚’ã”å‚è€ƒä¸‹ã•ã„ã€‚

å‚è€ƒ : Create a notebook by using the Google Cloud console

æº–å‚™

!pip install  google-cloud-aiplatform[evaluation]==1.71.0

ï¼’. Vertex AI ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã®åˆæœŸåŒ–

import vertexai
from vertexai.evaluation import EvalTask, MetricPromptTemplateExamples, PointwiseMetric
import pandas as pd
  
  
PROJECT_ID = ""  # @param {type:"string"}
LOCATION = ""  # @param {type:"string"}
EXPERIMENT = ""  # @param {type:"string"}
  
vertexai.init(
    project=PROJECT_ID, 
    location=LOCATION
)

MetricPromptTemplateExamples.list_example_metric_names()

å‡ºåŠ›ã¯ä»¥ä¸‹ã®é€šã‚Šã§ã™ã€‚

['coherence',
 'fluency',
 'safety',
 'groundedness',
 'instruction_following',
 'verbosity',
 'text_quality',
 'summarization_quality',
 'question_answering_quality',
 'multi_turn_chat_quality',
 'multi_turn_safety',
 'pairwise_coherence',
 'pairwise_fluency',
 'pairwise_safety',
 'pairwise_groundedness',
 'pairwise_instruction_following',
 'pairwise_verbosity',
 'pairwise_text_quality',
 'pairwise_summarization_quality',
 'pairwise_question_answering_quality',
 'pairwise_multi_turn_chat_quality',
 'pairwise_multi_turn_safety']

ï¼”. question_answering_quality ãƒ†ãƒ³ãƒ—ãƒ¬ãƒ¼ãƒˆã®å†…å®¹ã‚’ç¢ºèª

# ãƒ—ãƒãƒ³ãƒ—ãƒˆãƒ†ãƒ³ãƒ—ãƒ¬ãƒ¼ãƒˆã®ä¸èº«ã‚’è¡¨ç¤º
print(MetricPromptTemplateExamples.get_prompt_template("question_answering_quality"))

å‡ºåŠ›ã¯ä»¥ä¸‹ã®é€šã‚Šã§ã™ã€‚

question_answering_quality ãƒ†ãƒ³ãƒ—ãƒ¬ãƒ¼ãƒˆã®è©•ä¾¡åŸºæº–ã¯ã€RAG ã‚¢ãƒ¼ã‚ãƒ†ã‚¯ãƒãƒ£ã‚’ä½¿ã£ãŸã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã®è©•ä¾¡ã«ã‚‚ä½¿ãˆãã†ã§ã‚ã‚‹ãŸã‚ã€ä»Šå›žã¯ã“ã®ãƒ†ãƒ³ãƒ—ãƒ¬ãƒ¼ãƒˆã‚’ãã®ã¾ã¾åˆ©ç”¨ã—ã¾ã™ã€‚

# Instruction
You are an expert evaluator. Your task is to evaluate the quality of the responses generated by AI models.
We will provide you with the user input and an AI-generated response.
You should first read the user input carefully for analyzing the task, and then evaluate the quality of the responses based on the Criteria provided in the Evaluation section below.
You will assign the response a rating following the Rating Rubric and Evaluation Steps. Give step-by-step explanations for your rating, and only choose ratings from the Rating Rubric.

# Evaluation
## Metric Definition
You will be assessing question answering quality, which measures the overall quality of the answer to the question in user input. The instruction for performing a question-answering task is provided in the user prompt.

## Criteria
Instruction following: The response demonstrates a clear understanding of the question answering task instructions, satisfying all of the instruction's requirements.
Groundedness: The response contains information included only in the context if the context is present in user prompt. The response does not reference any outside information.
Completeness: The response completely answers the question with sufficient detail.
Fluent: The response is well-organized and easy to read.

## Rating Rubric
5: (Very good). The answer follows instructions, is grounded, complete, and fluent.
4: (Good). The answer follows instructions, is grounded, complete, but is not very fluent.
3: (Ok). The answer mostly follows instructions, is grounded, answers the question partially and is not very fluent.
2: (Bad). The answer does not follow the instructions very well, is incomplete or not fully grounded.
1: (Very bad). The answer does not follow the instructions, is wrong and not grounded.

## Evaluation Steps
STEP 1: Assess the response in aspects of instruction following, groundedness, completeness and fluency according to the criteria.
STEP 2: Score based on the rubric.

# User Inputs and AI-generated Response
## User Inputs
### Prompt
{prompt}

## AI-generated Response
{response}

# ã‚«ã‚¹ã‚¿ãƒ ãƒ†ãƒ³ãƒ—ãƒ¬ãƒ¼ãƒˆã‚’ä½œæˆ
helpfulness_prompt_template = """
You are a professional writing evaluator. Your job is to score writing responses according to pre-defined evaluation criteria.
  
You will be assessing helpfulness, which measures the ability to provide important details when answering a prompt.
  
You will assign the writing response a score from 5, 4, 3, 2, 1, following the rating rubric and evaluation steps.
  
## Criteria
Helpfulness: The response is comprehensive with well-defined key details. The user would feel very satisfied with the content in a good response.
  
## Rating Rubric
5 (completely helpful): Response is useful and very comprehensive with well-defined key details to address the needs in the instruction and usually beyond what explicitly asked. The user would feel very satisfied with the content in the response.
4 (mostly helpful): Response is very relevant to the instruction, providing clearly defined information that addresses the instruction's core needs.  It may include additional insights that go slightly beyond the immediate instruction.  The user would feel quite satisfied with the content in the response.
3 (somewhat helpful): Response is relevant to the instruction and provides some useful content, but could be more relevant, well-defined, comprehensive, and/or detailed. The user would feel somewhat satisfied with the content in the response.
2 (somewhat unhelpful): Response is minimally relevant to the instruction and may provide some vaguely useful information, but it lacks clarity and detail. It might contain minor inaccuracies. The user would feel only slightly satisfied with the content in the response.
1 (unhelpful): Response is useless/irrelevant, contains inaccurate/deceptive/misleading information, and/or contains harmful/offensive content. The user would feel not at all satisfied with the content in the response.
  
## Evaluation Steps
STEP 1: Assess comprehensiveness: does the response provide specific, comprehensive, and clearly defined information for the user needs expressed in the instruction?
STEP 2: Assess relevance: When appropriate for the instruction, does the response exceed the instruction by providing relevant details and related information to contextualize content and help the user better understand the response.
STEP 3: Assess accuracy: Is the response free of inaccurate, deceptive, or misleading information?
STEP 4: Assess safety: Is the response free of harmful or offensive content?
  
Give step by step explanations for your scoring, and only choose scores from 5, 4, 3, 2, 1.
  
  
# User Inputs and AI-generated Response
## User Inputs
### Prompt
{prompt}
  
## AI-generated Response
{response}
"""
  
# ã‚«ã‚¹ã‚¿ãƒ è©•ä¾¡æŒ‡æ¨™ã‚’å®šç¾© 
helpfulness = PointwiseMetric(
    metric="helpfulness",
    metric_prompt_template=helpfulness_prompt_template,
)

questions ï¼šãƒ¦ãƒ¼ã‚¶ãƒ¼ã®è³ªå•
retrieved_contexts ï¼šã‚³ãƒ³ãƒ†ã‚ã‚¹ãƒˆã¨ãªã‚‹æ¤œç´¢çµæžœ
generated_answers ï¼šLLM ã®å‡ºåŠ›
golden_answers ï¼šæ£è§£ãƒ‡ãƒ¼ã‚¿

questions = [
    "å¯Œå£«å±±ã¯ã©ã“ã®çœŒã«ä½ç½®ã—ã¦ã„ã¾ã™ã‹ï¼Ÿ",
    "æ±äº¬ã‚¿ãƒ¯ãƒ¼ã¯ã©ã®åŒºã«ä½ç½®ã—ã¦ã„ã¾ã™ã‹ï¼Ÿ",
    "æ²–ç¸„ã®ä¸»è¦ãªä¼çµ±æ–™ç†ã¯ä½•ã§ã™ã‹ï¼Ÿ",
    "æ²–ç¸„ã®ä¼çµ±èˆžè¸Šã§æœ‰åãªã‚‚ã®ã¯ä½•ã§ã™ã‹ï¼Ÿ"
]
  
retrieved_contexts = [
    "å¯Œå£«å±±ã¯ã€é™å²¡çœŒã¨å±±æ¢¨çœŒã«ã¾ãŸãŒã£ã¦ä½ç½®ã—ã¦ã„ã¾ã™ã€‚æ¨™é«˜3,776ãƒ¡ãƒ¼ãƒˆãƒ«ã®ã“ã®å±±ã¯ã€æ—¥æœ¬ã®æœ€é«˜å³°ã§ã‚ã‚Šã€è±¡å¾´çš„ãªè‡ªç„¶ã®ã‚·ãƒ³ãƒœãƒ«ã¨ã—ã¦è¦ªã—ã¾ã‚Œã¦ã„ã¾ã™ã€‚",
    "æ±äº¬ã‚¿ãƒ¯ãƒ¼ã¯ã€æ±äº¬éƒ½æ¸¯åŒºã«ä½ç½®ã—ã¦ãŠã‚Šã€1958å¹´ã«å»ºã¦ã‚‰ã‚ŒãŸé«˜ã•333ãƒ¡ãƒ¼ãƒˆãƒ«ã®é›»æ³¢å¡”ã§ã™ã€‚æ±äº¬ã®ã‚·ãƒ³ãƒœãƒ«ã¨ã—ã¦ã€è¦³å…‰åæ‰€ã¨ãªã£ã¦ã„ã¾ã™ã€‚",
    "æ—¥æœ¬ã®ä¸»è¦ãªä¼çµ±æ–™ç†ã«ã¯ã€å¯¿å¸ã‚„å¤©ã·ã‚‰ãŒã‚ã‚Šã¾ã™ã€‚ã¾ãŸã€å¤©ã·ã‚‰ã¯æ²–ç¸„ã§ã‚‚ã‚½ã‚¦ãƒ«ãƒ•ãƒ¼ãƒ‰ã¨ãªã£ã¦ã„ã¾ã™",
    "æ²–ç¸„ã®ä¼çµ±èˆžè¸Šã«ã¯ã€ã‚¨ã‚¤ã‚µãƒ¼ãŒã‚ã‚Šã€å¤ªé¼“ã®ãƒªã‚ºãƒ ã«åˆã‚ã›ã¦è¸Šã‚‰ã‚Œã‚‹ã‚‚ã®ã§ã€ç¥ã‚Šãªã©ã§åºƒãæŠ«éœ²ã•ã‚Œã¦ã„ã¾ã™ã€‚"
]
  
generated_answers = [
    "é™å²¡çœŒ",
    "æ¸¯åŒº",
    "å¤©ã·ã‚‰",
    "ã‚¨ã‚¤ã‚µãƒ¼"
]
  
golden_answers = [
    "é™å²¡çœŒã¨å±±æ¢¨çœŒ",
    "æ¸¯åŒº",
    "ã‚´ãƒ¼ãƒ¤ãƒ¼ãƒãƒ£ãƒ³ãƒ—ãƒ«ãƒ¼ã€ã‚½ãƒ¼ã‚ãã°",
    "ã‚¨ã‚¤ã‚µãƒ¼",
]

è©•ä¾¡æŒ‡æ¨™	è©•ä¾¡ã‚¿ã‚¤ãƒ—	å¿…è¦ãªã‚«ãƒ©ãƒ å
question_answering_quality	ãƒ¢ãƒ‡ãƒ«ãƒ™ãƒ¼ã‚¹ï¼ˆPontwiseï¼‰	ãƒ»prompt ãƒ»response
helpfulness	ãƒ¢ãƒ‡ãƒ«ãƒ™ãƒ¼ã‚¹ï¼ˆPontwiseï¼‰	ãƒ»prompt ãƒ»response
exact_match	è¨ˆç®—ãƒ™ãƒ¼ã‚¹	ãƒ»response ãƒ»reference

# è©•ä¾¡ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆã‚’ä½œæˆ
eval_dataset = pd.DataFrame(
    {
        "prompt": [
            "Answer the question: " + question + " Context: " + item
            for question, item in zip(questions, retrieved_contexts)
        ],
        "response": generated_answers, # å€™è£œãƒ¢ãƒ‡ãƒ«ã®å‡ºåŠ›
        "reference": golden_answers,   # æ£è§£ãƒ‡ãƒ¼ã‚¿
    }
)

å®Ÿè¡Œã¨çµæžœ

# è©•ä¾¡ã‚¿ã‚¹ã‚¯ã‚’å®šç¾©
eval_task = EvalTask(
    dataset=eval_dataset,
    metrics=[
        "question_answering_quality",  # ãƒ¢ãƒ‡ãƒ«ãƒ™ãƒ¼ã‚¹ï¼ˆäº‹å‰å®šç¾©ã®è©•ä¾¡æŒ‡æ¨™ï¼‰
        helpfulness,                   # ãƒ¢ãƒ‡ãƒ«ãƒ™ãƒ¼ã‚¹ï¼ˆãƒ¦ãƒ¼ã‚¶ãƒ¼ç‹¬è‡ªã®è©•ä¾¡æŒ‡æ¨™ï¼‰
        "exact_match"                  # è¨ˆç®—ãƒ™ãƒ¼ã‚¹
    ],
    experiment=EXPERIMENT,
)
  
# è©•ä¾¡ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚’å®Ÿè¡Œ
result = eval_task.evaluate()

å±žæ€§å	èª¬æ˜Ž
summary_metrics	å„æŒ‡æ¨™ã®å¹³å‡å€¤ã‚„æ¨™æº–åå·®ãªã©ã®ã‚µãƒžãƒªæƒ…å ±
metrics_table	è©•ä¾¡çµæžœã®è©³ç´°æƒ…å ±
metadata	è©•ä¾¡æ™‚ã®å®Ÿé¨“åãªã©ã®ãƒ¡ã‚¿ãƒ‡ãƒ¼ã‚¿æƒ…å ±

result.summary_metrics

å‡ºåŠ›ã¯ä»¥ä¸‹ã®é€šã‚Šã§ã™ã€‚

{'row_count': 4,
 'question_answering_quality/mean': 4.0,
 'question_answering_quality/std': 1.1547005383792515,
 'helpfulness/mean': 3.0,
 'helpfulness/std': 0.816496580927726,
 'exact_match/mean': 0.5,
 'exact_match/std': 0.5773502691896257}

result.metrics_table

å‡ºåŠ›ã¯ä»¥ä¸‹ã®é€šã‚Šã§ã™ã€‚

[ prompt ]
Answer the question: å¯Œå£«å±±ã¯ã©ã“ã®çœŒã«ä½ç½®ã—ã¦ã„ã¾ã™ã‹ï¼Ÿ
Context: å¯Œå£«å±±ã¯ã€é™å²¡çœŒã¨å±±æ¢¨çœŒã«ã¾ãŸãŒã£ã¦ä½ç½®ã—ã¦ã„ã¾ã™ã€‚æ¨™é«˜3,776ãƒ¡ãƒ¼ãƒˆãƒ«ã®ã“ã®å±±ã¯ã€æ—¥æœ¬ã®æœ€é«˜å³°ã§ã‚ã‚Šã€è±¡å¾´çš„ãªè‡ªç„¶ã®ã‚·ãƒ³ãƒœãƒ«ã¨ã—ã¦è¦ªã—ã¾ã‚Œã¦ã„ã¾ã™ã€‚

[ response ]
é™å²¡çœŒ

[ reference ]
é™å²¡çœŒã¨å±±æ¢¨çœŒ

[ question_answering_quality/explanation ]
The response is incomplete. Although grounded in the given context and fluent, it only mentioned one of the two prefectures where Mt. Fuji is located. The prompt asked "In which prefecture is Mt. Fuji located?" The context clearly stated it's located in both Shizuoka and Yamanashi prefectures. Therefore, the instruction following is weak.

~æ—¥æœ¬èªžã«ç¿»è¨³~
å›žç”ã¯ä¸å®Œå…¨ã§ã™ã€‚ä¸Žãˆã‚‰ã‚ŒãŸæ–‡è„ˆã«åŸºã¥ã„ã¦ãŠã‚Šæµæš¢ã§ã¯ã‚ã‚Šã¾ã™ãŒã€å¯Œå£«å±±ãŒã‚ã‚‹ 2 ã¤ã®çœŒã®ã†ã¡ã® 1 ã¤ã—ã‹è¨€åŠã•ã‚Œã¦ã„ã¾ã›ã‚“ã€‚ãƒ—ãƒãƒ³ãƒ—ãƒˆã¯ã€Œå¯Œå£«å±±ã¯ã©ã®çœŒã«ã‚ã‚Šã¾ã™ã‹?ã€ã¨å°‹ãã¦ãŠã‚Šã€æ–‡è„ˆã‹ã‚‰é™å²¡çœŒã¨å±±æ¢¨çœŒã®ä¸¡æ–¹ã«ã‚ã‚‹ã“ã¨ã¯æ˜Žã‚‰ã‹ã§ã™ã€‚ã—ãŸãŒã£ã¦ã€æŒ‡ç¤ºã«å¾“ã†ã“ã¨ãŒä¸ååˆ†ã§ã™ã€‚

[ question_answering_quality/score ]
3.0

å®šé‡çš„ãªã‚¹ã‚³ã‚¢ãŒå–å¾—ã§ãã¦ã„ã‚‹ã“ã¨ãŒç¢ºèªã§ãã¾ã—ãŸã€‚ ãªãŠã€ãƒ¢ãƒ‡ãƒ«ãƒ™ãƒ¼ã‚¹ã®è©•ä¾¡æŒ‡æ¨™ã®å‡ºåŠ›ã«ã¯ explanation åˆ—ãŒå«ã¾ã‚Œã¦ãŠã‚Šã€åˆ¤å®šãƒ¢ãƒ‡ãƒ«ãŒã‚¹ã‚³ã‚¢ã‚’ç®—å‡ºã™ã‚‹ãŸã‚ã«è¡Œã£ãŸæ€è€ƒã®éŽç¨‹ãŒè¨˜éŒ²ã•ã‚Œã¦ã„ã¾ã™ã€‚ã¤ã¾ã‚Šã€explanation åˆ—ã®å†…å®¹ãŒ åˆ¤å®šãƒ¢ãƒ‡ãƒ«ãŒå‡ºåŠ›ã—ãŸã‚¹ã‚³ã‚¢ã®æ ¹æ‹ ã¨ãªã‚Šã¾ã™ã€‚

å‚è€ƒ : View and interpret evaluation results

ãã®ä»–

ãƒ¢ãƒ‡ãƒ«ãƒ™ãƒ¼ã‚¹ã®è©•ä¾¡ã‚¿ã‚¤ãƒ—ã§ã¯ã€åˆ¤å®šãƒ¢ãƒ‡ãƒ«ã« Vertex AI Gemini API ãŒä½¿ç”¨ã•ã‚Œã‚‹ãŸã‚ã‚¯ã‚©ãƒ¼ã‚¿ã«ã¯æ³¨æ„ãŒå¿…è¦ã§ã™ã€‚ç‰¹ã«ã€1 åº¦ã«å¤§é‡ã®è©•ä¾¡ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆã‚’å«ã‚ã‚‹å ´åˆã‚„ã€è©•ä¾¡ãƒªã‚¯ã‚¨ã‚¹ãƒˆã®åŒæ™‚å®Ÿè¡Œæ•°ãŒé«˜ããªã‚‹å ´åˆã¯ã€ gemini-1.5-pro ã®ã‚¯ã‚©ãƒ¼ã‚¿ã®åˆ¶é™ç·©å’Œã‚’ã”æ¤œè¨Žãã ã•ã„ã€‚

å‚è€ƒ : Run model-based evaluation with increased rate limits and quota

é«˜å“è³ªãªè©•ä¾¡çµæžœã‚’å¾—ã‚‹ãŸã‚ã«ã¯ã€è©•ä¾¡ãƒ‡ãƒ¼ã‚¿ã‚»ãƒƒãƒˆã‚’ 100ã€œ400 ä»¶ã«ã™ã‚‹ã“ã¨ãŒæŽ¨å¥¨ã•ã‚Œã¦ã„ã¾ã™ã€‚ã“ã®ç¯„å›²ã§ã‚ã‚Œã°ã€å¤–ã‚Œå€¤ã®å½±éŸ¿ã‚’æœ€å°é™ã«æŠ‘ãˆã¤ã¤ã€ã•ã¾ã–ã¾ãªã‚·ãƒŠãƒªã‚ªã§ã®ãƒ‘ãƒ•ã‚©ãƒ¼ãƒžãƒ³ã‚¹ãŒæœŸå¾…ã§ãã¾ã™ã€‚ã¾ãŸã€400 ä»¶ã‚’è¶…ãˆã‚‹ã¨å‰è¿°ã®æ”¹å–„åŠ¹æžœãŒè–„ã‚Œã‚‹å‚¾å‘ãŒã‚ã‚‹ãŸã‚ã€ä¸€èˆ¬çš„ãªç›®å®‰ã¨ã—ã¦ 400 ä»¶ã‚’ä¸Šé™ã¨ã™ã‚‹ã“ã¨ãŒæŽ¨å¥¨ã•ã‚Œã¾ã™ã€‚

å‚è€ƒ : Best practices

ã€Œã‚µãƒ¼ãƒ“ã‚¹ ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ ã‚ãƒ¼ã®ä½œæˆãŒç„¡åŠ¹ã«ãªã£ã¦ã„ã¾ã™ã€ã¸ã®å¯¾å‡¦æ³•

2024-11-22T09:00:00+09:00

G-gen ã®æ‰æ‘ã§ã™ã€‚Google Cloudï¼ˆæ—§ç§° GCPï¼‰ã§ã€ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‹ã‚‰èªè¨¼ã‚ãƒ¼ã‚’ä½œæˆã—ã‚ˆã†ã¨ã—ãŸéš›ã« ã‚µãƒ¼ãƒ“ã‚¹ ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ ã‚ãƒ¼ã®ä½œæˆãŒç„¡åŠ¹ã«ãªã£ã¦ã„ã¾ã™ çµ„ç¹”ãƒãƒªã‚·ãƒ¼ã®åˆ¶ç´„ã€Œiam.disableServiceAccountKeyCreationã€ãŒçµ„ç¹”ã«é©ç”¨ã•ã‚Œã¦ã„ã¾ã™ã€‚ ã¨è¡¨ç¤ºã•ã‚Œã¦ã‚ãƒ¼ãŒä½œæˆã§ããªã„å ´åˆã®ã€å¯¾å‡¦æ³•ã‚’ç´¹ä»‹ã—ã¾ã™ã€‚

äº‹è±¡ã¨ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸
åŽŸå›
å¯¾å‡¦ã™ã‚‹å‰ã«
å¯¾å‡¦æ–¹æ³•
å¯¾å‡¦æ‰‹é †

äº‹è±¡ã¨ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸

Google Cloudï¼ˆæ—§ç§° GCPï¼‰ã§ã€ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‹ã‚‰èªè¨¼ã‚ãƒ¼ã‚’ä½œæˆã—ã‚ˆã†ã¨ã—ãŸéš›ã«ã€ä»¥ä¸‹ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒè¡¨ç¤ºã•ã‚Œã€ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚ãƒ¼ãŒä½œæˆã§ãã¾ã›ã‚“ã§ã—ãŸã€‚

ã‚µãƒ¼ãƒ“ã‚¹ ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ ã‚ãƒ¼ã®ä½œæˆãŒç„¡åŠ¹ã«ãªã£ã¦ã„ã¾ã™

ã‚µãƒ¼ãƒ“ã‚¹ ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ ã‚ãƒ¼ã®ä½œæˆãŒç„¡åŠ¹ã«ãªã£ã¦ã„ã¾ã™

çµ„ç¹”ãƒãƒªã‚·ãƒ¼ã®åˆ¶ç´„ã€Œiam.disableServiceAccountKeyCreationã€ãŒçµ„ç¹”ã«é©ç”¨ã•ã‚Œã¦ã„ã¾ã™ã€‚

è€ƒãˆã‚‰ã‚Œã‚‹åŽŸå› : çµ„ç¹”ãƒãƒªã‚·ãƒ¼ç®¡ç†è€…ãŒã€ã‚µãƒ¼ãƒ“ã‚¹ ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ ã‚ãƒ¼ã«é–¢é€£ã™ã‚‹ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ ã‚¤ãƒ³ã‚·ãƒ‡ãƒ³ãƒˆã‚’é˜²ããŸã‚ã«ã€ã“ã®çµ„ç¹”ãƒãƒªã‚·ãƒ¼ã‚’é©ç”¨ã—ã¾ã—ãŸã€‚ã¾ãŸã€ ã€Œãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§ä¿è·ã€ã®é©ç”¨ ã«ã‚ˆã‚Šã€çµ„ç¹”ã«ãƒãƒªã‚·ãƒ¼ãŒè‡ªå‹•çš„ã«é©ç”¨ã•ã‚ŒãŸå¯èƒ½æ€§ã‚‚ã‚ã‚Šã¾ã™ã€‚

æŽ¨å¥¨ã•ã‚Œã‚‹æ¬¡ã®ã‚¹ãƒ†ãƒƒãƒ—: ã‚µãƒ¼ãƒ“ã‚¹ ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ ã‚ãƒ¼ã¯ã€é©åˆ‡ã«ç®¡ç†ã—ãªã‹ã£ãŸå ´åˆã€ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ ãƒªã‚¹ã‚¯ã¨ãªã‚Šã¾ã™ã€‚å¯èƒ½ã§ã‚ã‚Œã°ã€ ã‚ˆã‚Šå®‰å…¨ãªä»£æ›¿æ‰‹æ®µ ã‚’é¸æŠžã—ã¦ãã ã•ã„ã€‚ã‚µãƒ¼ãƒ“ã‚¹ ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ ã‚ãƒ¼ã§èªè¨¼ã™ã‚‹å¿…è¦ãŒã‚ã‚‹å ´åˆã¯ã€ çµ„ç¹”ã®ã€Œçµ„ç¹”ãƒãƒªã‚·ãƒ¼ç®¡ç†è€…ã€ï¼ˆroles/orgpolicy.policyAdminï¼‰ã®ãƒãƒ¼ãƒ«ã‚’æŒã¤ç®¡ç†è€…ãŒ ã€Œiam.disableServiceAccountKeyCreationã€ã®åˆ¶ç´„ã‚’ ç„¡åŠ¹ã«ã™ã‚‹ å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

è¿½è·¡ç•ªå·: (è‹±æ•°å—)

ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ãŒè‹±èªžç‰ˆã®å ´åˆã€ä»¥ä¸‹ã®ã‚ˆã†ãªãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§ã™ã€‚

Service account key creation is disabled

Service account key creation is disabled

The organization policy constraint 'iam.disableServiceAccountKeyCreation' is enforced on your organization. Possible Causes: Your Organization Policy Administrator enforced the Organization Policy to prevent security incidents related to Service Account keys. Alternatively, your organization may have been automatically enforced with the policy as part of Secure by Default enforcements.

Recommended Next Steps: Service account keys are a security risk if not managed correctly. You should choose a more secure alternative whenever possible. If you must authenticate with a service account key, an administrator with the "Organization Policy Administrator" (roles/orgpolicy.policyAdmin) role on the organization needs to disable the "iam.disableServiceAccountKeyCreation" constraint.

Tracking number: (alphanumeric characters)

åŽŸå›

ã“ã®äº‹è±¡ã¯ã€çµ„ç¹”ãƒãƒªã‚·ãƒ¼ã®åˆ¶ç´„ iam.disableServiceAccountKeyCreation ãŒçµ„ç¹”ãƒ¬ãƒ™ãƒ«ã€ãƒ•ã‚©ãƒ«ãƒ€ãƒ¬ãƒ™ãƒ«ã¾ãŸã¯ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆãƒ¬ãƒ™ãƒ«ã§æœ‰åŠ¹åŒ–ã•ã‚Œã¦ã„ã‚‹ã¨ãã«ç™ºç”Ÿã—ã¾ã™ã€‚

çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã¯ã€ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚„çµ±åˆ¶ã®å‘ä¸Šã®ãŸã‚ã«ã€æ‰€å®šã®ãƒ«ãƒ¼ãƒ«ã‚’ Google Cloud ç’°å¢ƒå…¨ä½“ã«é©ç”¨ã™ã‚‹ä»•çµ„ã¿ã®ã“ã¨ã§ã™ã€‚çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã®è©³ç´°ã¯ã€ä»¥ä¸‹ã®è¨˜äº‹ã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚

blog.g-gen.co.jp

iam.disableServiceAccountKeyCreation ã¯ã€ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚ãƒ¼ã®ä½œæˆã‚’ç¦æ¢ã™ã‚‹åˆ¶ç´„ã§ã™ã€‚ã“ã®åˆ¶ç´„ã¯ã€2024å¹´åˆé ä»¥é™ã«ä½œæˆã•ã‚ŒãŸ Google Cloud çµ„ç¹”ã§ã¯ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§æœ‰åŠ¹åŒ–ã•ã‚Œã¦ã„ã¾ã™ã€‚ãã‚Œä»¥å‰ã«ä½œæˆã•ã‚ŒãŸçµ„ç¹”ã§ã‚‚ã€ç®¡ç†è€…ãŒæ˜Žç¤ºçš„ã«ã“ã®åˆ¶ç´„ã‚’æœ‰åŠ¹åŒ–ã—ã¦ã„ã‚‹å ´åˆã¯ã€ã“ã®äº‹è±¡ãŒç™ºç”Ÿã—ã¾ã™ã€‚

å‚è€ƒ : ã‚µãƒ¼ãƒ“ã‚¹ ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ ã‚ãƒ¼ä½œæˆã®ç„¡åŠ¹åŒ–

å¯¾å‡¦ã™ã‚‹å‰ã«

ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚ãƒ¼ã¯ JSON ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã®ãƒ†ã‚ã‚¹ãƒˆãƒ•ã‚¡ã‚¤ãƒ«ï¼ˆã‚‚ã—ãã¯ P12 å½¢å¼ã®ãƒ•ã‚¡ã‚¤ãƒ«ï¼‰ã§ã‚ã‚Šã€æµå‡ºã®å±é™ºãŒã‚ã‚Šã¾ã™ã€‚ãã®ãŸã‚ä¸€èˆ¬çš„ã«ã¯ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚ãƒ¼ã®ä½¿ç”¨ã¯éžæŽ¨å¥¨ã§ã‚ã‚Šã€ä»£ã‚ã‚Šã«ãƒ—ãƒã‚°ãƒ©ãƒ å‹•ä½œåŸºç›¤ï¼ˆCompute Engine VM ã‚„ Cloud Run Serviceï¼‰ã«ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’ã‚¢ã‚¿ãƒƒãƒã—ãŸã‚Šã€å‹•ä½œåŸºç›¤ãŒ Google Cloud ä»¥å¤–ãªã®ã§ã‚ã‚Œã° Workload Identity ã‚„ Workforce Identity ã®ä½¿ç”¨ãŒæŽ¨å¥¨ã•ã‚Œã¾ã™ã€‚

2024å¹´åˆé ä»¥é™ã«ä½œæˆã•ã‚ŒãŸ Google Cloud çµ„ç¹”ã§ iam.disableServiceAccountKeyCreation ãŒãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§æœ‰åŠ¹åŒ–ã•ã‚Œã¦ã„ã‚‹ã®ã¯ã€ãƒªã‚¹ã‚¯ã®é«˜ã„æ‰‹æ³•ã§ã‚ã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚ãƒ¼ã®ä½¿ç”¨ã‚’æŠ‘æ¢ã™ã‚‹ãŸã‚ã§ã™ã€‚

ã“ã®ã‚¨ãƒ©ãƒ¼ã‚’è§£æ¶ˆã™ã‚‹æœ€ã‚‚ç°¡å˜ãªæ–¹æ³•ã¯ã€iam.disableServiceAccountKeyCreation åˆ¶ç´„ã‚’ç„¡åŠ¹åŒ–ã™ã‚‹ã“ã¨ã§ã™ãŒã€ç„¡åŠ¹åŒ–ã‚’è¡Œã†å‰ã«ã€æœ¬å½“ã«ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚ãƒ¼ã‚’ç”Ÿæˆã™ã‚‹å¿…è¦ãŒã‚ã‚‹ã®ã‹ã€ä»£ã‚ã‚Šã«ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®ã‚¢ã‚¿ãƒƒãƒã‚„ Workload Identity ã§ä»£ç”¨ã§ããªã„ã‹ã‚’ã€ååˆ†ã”æ¤œè¨Žãã ã•ã„ã€‚

ãªãŠ Workload Identity ã¨ã¯ã€OIDC ã‚„ SAML 2.0 ã‚’åˆ©ç”¨ã—ã¦ã€Amazon Web Servicesï¼ˆAWSï¼‰ã‚„ Microsoft Azureã€Active Directory Federation Service ç‰ã® ID ã‚’ä½¿ã£ã¦ Google Cloud ã«èªè¨¼ã™ã‚‹ä»•çµ„ã¿ã§ã™ã€‚

å‚è€ƒ : ã‚µãƒ¼ãƒ“ã‚¹ ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ ã‚ãƒ¼ã‹ã‚‰ç§»è¡Œã™ã‚‹
å‚è€ƒ : Workload Identity é€£æº
å‚è€ƒ : Workforce Identity ã®é€£æº

å¯¾å‡¦æ–¹æ³•

çµ„ç¹”ãƒãƒªã‚·ãƒ¼ã®åˆ¶ç´„ iam.disableServiceAccountKeyCreation ã‚’ç„¡åŠ¹åŒ–ã™ã‚‹ã“ã¨ã§ã€ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚ãƒ¼ãŒä½œæˆã§ãã‚‹ã‚ˆã†ã«ãªã‚Šã¾ã™ã€‚

ã‚ˆã£ã¦ã€å–ã‚Šå¾—ã‚‹é¸æŠžè‚¢ã¨ã—ã¦ã¯ã€ä»¥ä¸‹ã®ã„ãšã‚Œã‹ã«ãªã‚Šã¾ã™ã€‚

iam.disableServiceAccountKeyCreation ã‚’çµ„ç¹”ãƒ¬ãƒ™ãƒ«ã§ç„¡åŠ¹åŒ–ã™ã‚‹

ä¸Šè¨˜ã®ã†ã¡ 1.ã€2. ã®å ´åˆã€çµ„ç¹”å…¨ä½“ã‚‚ã—ãã¯ãƒ•ã‚©ãƒ«ãƒ€å…¨ä½“ã§åˆ¶ç´„ãŒç„¡åŠ¹ã«ãªã‚Šã€å½±éŸ¿ã¯ä»–ã®ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã«ã‚‚åŠã³ã¾ã™ã€‚3. ã®å½±éŸ¿ç¯„å›²ã¯å½“è©²ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã®ã¿ã§ã™ã€‚

ã“ã‚Œä»¥é™ã€å½“è¨˜äº‹ã§ã¯å½“è©²åˆ¶ç´„ã‚’ç„¡åŠ¹åŒ–ã™ã‚‹æ‰‹é †ã‚’è§£èª¬ã—ã¾ã™ãŒã€å‰æŽ²ã®ã€Œå¯¾å‡¦ã™ã‚‹å‰ã«ã€ã‚’ãŠèªã¿ã„ãŸã ãã€ãƒªã‚¹ã‚¯ã‚’ç†è§£ã—ãŸã†ãˆã§å®Ÿæ–½ã—ã¦ãã ã•ã„ã€‚

å¯¾å‡¦æ‰‹é †

å½“æ‰‹é †ã‚’å®Ÿæ–½ã™ã‚‹ã«ã¯ã€æ“ä½œã™ã‚‹ Google ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã€ã‚‚ã—ãã¯ã‚¢ã‚«ã‚¦ãƒ³ãƒˆãŒæ‰€å±žã™ã‚‹ã‚°ãƒ«ãƒ¼ãƒ—ãŒã€çµ„ç¹”ãƒ¬ãƒ™ãƒ«ã§çµ„ç¹”ãƒãƒªã‚·ãƒ¼ç®¡ç†è€…ï¼ˆroles/orgpolicy.policyAdminï¼‰ãƒãƒ¼ãƒ«ã‚’æŒã£ã¦ã„ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

å‚è€ƒ : IAM ã‚’ä½¿ç”¨ã—ãŸçµ„ç¹”ãƒªã‚½ãƒ¼ã‚¹ã®ã‚¢ã‚¯ã‚»ã‚¹åˆ¶å¾¡

å½“è¨˜äº‹ã®ã€Œå¯¾å‡¦ã™ã‚‹å‰ã«ã€ã€Œå¯¾å‡¦æ–¹æ³•ã€ã‚’ã‚ˆããŠèªã¿ã«ãªã‚Šã€åˆ¶ç´„ã®ç·¨é›†ä½ç½®ã‚’æ±ºã‚ãŸã†ãˆã§é¸æŠžã—ã¦ãã ã•ã„ã€‚

çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ç”»é¢ã¸é·ç§»

ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ä¸Šéƒ¨ã®æ¤œç´¢ãƒœãƒƒã‚¯ã‚¹ã«ã€Œçµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã€ã‚’å…¥åŠ›ã—ã€ã‚µã‚¸ã‚§ã‚¹ãƒˆã•ã‚ŒãŸã€Œçµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã€ã‚’é¸æŠžã—ã¾ã™ã€‚

ã¾ãŸã¯ã€ã€ŒIAM ã¨ç®¡ç†ã€ç”»é¢ã‹ã‚‰ç›´æŽ¥é·ç§»ã—ã¦ã‚‚æ§‹ã„ã¾ã›ã‚“ã€‚

åˆ¶ç´„ã®ç·¨é›†ç”»é¢ã¸é·ç§»

åˆ¶ç´„ä¸€è¦§ã®ä¸Šéƒ¨ã®ãƒ•ã‚£ãƒ«ã‚¿ã« constraints/iam.disableServiceAccountKeyCreation ã‚’å…¥åŠ›ã—ã¾ã™ã€‚

ãƒ•ã‚£ãƒ«ã‚¿çµæžœã®ä¸ã‹ã‚‰ã€Disable service account key creation ã‚’ã‚¯ãƒªãƒƒã‚¯ã—ã¦ã€ç·¨é›†ç”»é¢ã¸é·ç§»ã—ã¾ã™ã€‚

åˆ¶ç´„ã‚’ç·¨é›†

ãƒœã‚¿ãƒ³ã€Œãƒãƒªã‚·ãƒ¼ã‚’ç®¡ç†ã€ã‚’æŠ¼ä¸‹ã—ã¾ã™ã€‚

ã€Œãƒãƒªã‚·ãƒ¼ã®ã‚½ãƒ¼ã‚¹ã€ãƒ–ãƒãƒƒã‚¯ã§ã€ã€Œè¦ªã®ãƒãƒªã‚·ãƒ¼ã‚’ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã™ã‚‹ã€ã‚’é¸æŠžã—ã¾ã™ã€‚ã€Œãƒ«ãƒ¼ãƒ«ã€ãƒ–ãƒãƒƒã‚¯ãŒè¡¨ç¤ºã•ã‚Œã‚‹ã®ã§ã€ã€Œãƒ«ãƒ¼ãƒ«ã®è¿½åŠ ã€ã‚’æŠ¼ä¸‹ã—ã€ã€Œé©ç”¨ã€ã‚’ã€Œã‚ªãƒ•ã€ã«ã—ã¾ã™ã€‚æœ€å¾Œã«ã€ãƒœã‚¿ãƒ³ã€Œãƒãƒªã‚·ãƒ¼ã‚’è¨å®šã€ã‚’æŠ¼ä¸‹ã—ã¾ã™ã€‚

çµæžœã®ç¢ºèª

è¨å®šãŒå®Œäº†ã™ã‚‹ã¨ã€ä»¥ä¸‹ã®ã‚ˆã†ãªè¡¨ç¤ºã«ãªã‚Šã¾ã™ã€‚

çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã‚’ã‚¿ã‚°ã§åˆ¶å¾¡ã—ã¦ã¿ãŸ

2024-11-20T09:00:00+09:00

Google Cloud ã®çµ„ç¹”ãƒãƒªã‚·ãƒ¼æ©Ÿèƒ½ã§ã€ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã«ã‚¿ã‚°ã‚’é©ç”¨ã™ã‚‹ã“ã¨ã§ä¾‹å¤–è¨å®šã‚’è¡Œã†æ–¹æ³•ã‚’æ¤œè¨¼ã—ã¾ã—ãŸã€‚

ã¯ã˜ã‚ã«
- å½“è¨˜äº‹ã«ã¤ã„ã¦
- å‰æçŸ¥è˜
æ¤œè¨¼
è£œè¶³æƒ…å ±
- æ¡ä»¶ã®æŒ‡å®šã«ã¤ã„ã¦
- Terraform

ã¯ã˜ã‚ã«

å½“è¨˜äº‹ã«ã¤ã„ã¦

Google Cloudï¼ˆæ—§ç§° GCPï¼‰ã§ã¯çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã‚’ä½¿ã£ã¦ã€çµ„ç¹”å†…ã®ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã«ä¸€å¾‹ã§ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚„çµ±åˆ¶å¼·åŒ–ã®ãŸã‚ã®è¨å®šã‚’é©ç”¨ã§ãã¾ã™ã€‚ã“ã®ã¨ãã€ç‰¹å®šã®ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã«ã®ã¿ä¾‹å¤–ã‚’è¨ã‘ãŸã„å ´åˆã‚‚ã‚ã‚Šã¾ã™ã€‚

ä¾‹ãˆã°ã€çµ„ç¹”å…¨ä½“ã«ã€Œå…¬é–‹ã‚¢ã‚¯ã‚»ã‚¹ã®é˜²æ¢ã‚’é©ç”¨ã™ã‚‹ï¼ˆconstraints/storage.publicAccessPreventionï¼‰ã€ã¨ã„ã†çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã®åˆ¶ç´„ã‚’é©ç”¨ã—ã¦ã„ã‚‹ã¨ã—ã¾ã™ã€‚ã—ã‹ã—ã€ã‚ã‚‹ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã§ã¯ Cloud Storage ã®å…¬é–‹ãƒã‚±ãƒƒãƒˆã«é™çš„ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã‚’ãƒ›ã‚¹ãƒ†ã‚£ãƒ³ã‚°ã—ã¦ã„ã‚‹ã¨ã—ã¾ã™ã€‚ã“ã®ã¨ãã¯ã€å½“è©²ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã®ã¿ã‚’åˆ¶ç´„ã®é©ç”¨å¤–ã«ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚

å½“è¨˜äº‹ã§ã¯ãã®ã‚ˆã†ãªå ´åˆã‚’æƒ³å®šã—ã¦ã€ã‚¿ã‚°ã‚’ä½¿ã£ã¦ç‰¹å®šã®ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã¯åˆ¶ç´„ã®å¯¾è±¡å¤–ã¨ã—ã¤ã¤ã€ãã®ä»–å…¨ã¦ã®çµ„ç¹”å†…ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã«åˆ¶ç´„ã‚’é©ç”¨ã™ã‚‹æ¤œè¨¼ã‚’è¡Œã„ã¾ã—ãŸã€‚

å‚è€ƒ : ã‚¿ã‚°ã‚’ä½¿ç”¨ã—ãŸçµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã®è¨å®š

å‰æçŸ¥è˜

å½“è¨˜äº‹ã§ã¯ Resource Manager ã®ã‚¿ã‚°æ©Ÿèƒ½ã‚’åˆ©ç”¨ã—ã¾ã™ã€‚ã‚¿ã‚°ã®è©³ç´°ã‚„ã€é¡žä¼¼æ©Ÿèƒ½ã§ã‚ã‚‹ãƒ©ãƒ™ãƒ«ã¨ã®å·®ç•°ã«ã¤ã„ã¦ã¯ã€ä»¥ä¸‹ã®è¨˜äº‹ã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚

blog.g-gen.co.jp

çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼æ©Ÿèƒ½ã«ã¤ã„ã¦ã¯ã€ä»¥ä¸‹ã®è¨˜äº‹ã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚ç‰¹ã«ã€ç¶™æ‰¿ã¨å‘¼ã°ã‚Œã‚‹æ€§è³ªã«ã¤ã„ã¦ã¯ç†è§£ãŒå¿…è¦ã§ã™ã€‚

blog.g-gen.co.jp

æ¤œè¨¼

ã‚¿ã‚°ã‚ãƒ¼ã¨å€¤ã®ä½œæˆ

ã¾ãšã€çµ„ç¹”ã®ãƒªã‚½ãƒ¼ã‚¹ã¨ã—ã¦ã€ã€ŒIAM ã¨ç®¡ç†ã€ç”»é¢ã‹ã‚‰ã‚¿ã‚°ã‚ãƒ¼ã‚’ä½œæˆã—ã¾ã™ã€‚ä»Šå›žã¯ apply-policy ã¨ã„ã†åç§°ã§ä½œæˆã—ã¾ã™ã€‚

ã‚¿ã‚°ã‚ãƒ¼ä½œæˆ

æ¬¡ã«ã€ã‚¿ã‚°ã‚ãƒ¼ã®å€¤ã¨ã—ã¦ã€true ã¨ false ã‚’ä½œæˆã—ã¾ã™ã€‚ä»Šå›žã®æ¤œè¨¼ã§ã¯ã“ã®å€¤ã‚’ä½¿ã£ã¦ã„ã¾ã™ãŒã€å¿…ãšã—ã‚‚ãƒ–ãƒ¼ãƒ«å€¤ã§ã‚ã‚‹å¿…è¦ã¯ãªãã€é‹ç”¨ä¸Šéƒ½åˆã®è‰¯ã„æ–‡å—åˆ—ã‚’æŒ‡å®šã—ã¦æ§‹ã„ã¾ã›ã‚“ã€‚

ã‚¿ã‚°ã®å€¤ä½œæˆ

åŒãƒ•ã‚©ãƒ«ãƒ€é…ä¸‹ã®ã€ä»¥ä¸‹ã®ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆ
- test-20241028-true-in-folder
- test-20241028-false-in-folder
- test-20241028-none-in-folder

ã‚¿ã‚° apply-policy: true ã‚’ã€ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆ test-20241028-true ã¨ test-20241028-true-in-folder ã«ä»˜ä¸Žã—ã¾ã™ã€‚

ã‚¿ã‚° apply-policy: false ã‚’ã€ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆ test-20241028-false ã¨ test-20241028-false-in-folder ã«ä»˜ä¸Žã—ã¾ã™ã€‚

ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã®ä½œæˆãƒ»ã‚¿ã‚°ã®ä»˜ä¸Ž

ãƒ•ã‚©ãƒ«ãƒ€ã«ã‚¿ã‚°ã‚’ä»˜ä¸Žã—ãŸå ´åˆã€ãã®ãƒ•ã‚©ãƒ«ãƒ€ã«å±žã™ã‚‹ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã«ã¯ã‚¿ã‚°ãŒç¶™æ‰¿ã•ã‚Œã¾ã™ã€‚ãŸã ã—ã€ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã«ã‚¿ã‚°ãŒç›´æŽ¥ä»˜ä¸Žã•ã‚Œã¦ã„ã‚‹å ´åˆã€ãã¡ã‚‰ãŒå„ªå…ˆã•ã‚Œã¾ã™ã€‚ä¸Šè¨˜ã®ã‚¹ã‚¯ãƒªãƒ¼ãƒ³ã‚·ãƒ§ãƒƒãƒˆã§ã¯ã€ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆ test-20241028-none-in-folder ã® Tags åˆ—ã«ç¶™æ‰¿ã‚’è¡¨ã™ã‚¢ã‚¤ã‚³ãƒ³ãŒè¡¨ç¤ºã•ã‚Œã¦ãŠã‚Šã€ãƒ•ã‚©ãƒ«ãƒ€ã‹ã‚‰ç¶™æ‰¿ã•ã‚ŒãŸã‚¿ã‚°ãŒé©ç”¨ã•ã‚Œã¦ã„ã‚‹ã“ã¨ãŒã‚ã‹ã‚Šã¾ã™ã€‚

ã“ã®çµ„ç¹”ã«å¯¾ã—ã¦ã€çµ„ç¹”ãƒ¬ãƒ™ãƒ«ã§åˆ¶ç´„ã‚’é©ç”¨ã—ã¾ã™ã€‚ä»Šå›žé©ç”¨ã™ã‚‹åˆ¶ç´„ã¯ã€Œå…¬é–‹ã‚¢ã‚¯ã‚»ã‚¹ã®é˜²æ¢ã‚’é©ç”¨ã™ã‚‹ï¼ˆconstraints/storage.publicAccessPreventionï¼‰ã€ã§ã™ã€‚çµ„ç¹”ãƒ¬ãƒ™ãƒ«ã«ã“ã®åˆ¶ç´„ã‚’é©ç”¨ã—ã¤ã¤ã€ã‚¿ã‚° apply-policy: false ãŒä»˜ä¸Žã•ã‚ŒãŸãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã§ã¯ã“ã®åˆ¶ç´„ã®åŠ¹æžœãŒç™ºæ®ã•ã‚Œãªã„çŠ¶æ…‹ã‚’ç›®æŒ‡ã—ã¾ã™ã€‚

çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã® Google Cloud ã‚³ãƒ³ã‚½ãƒ¼ãƒ«ç”»é¢ã§ä¸Šè¨˜ã®åˆ¶ç´„ã‚’æ¤œç´¢ã—ã€ç·¨é›†ã—ã¾ã™ã€‚ã“ã®æ™‚ã€è¨å®šå€¤ã¨ã—ã¦ã€ã€Œè¦ªã®ãƒãƒªã‚·ãƒ¼ã‚’ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã™ã‚‹ã€ã‚’é¸æŠžã—ã¾ã™ã€‚ç·¨é›†ç”»é¢ã§ã¯ã€2ã¤ã®ãƒ«ãƒ¼ãƒ«ã‚’è¿½åŠ ã—ã¾ã™ã€‚

1ã¤ç›®ã¯ã€ç‰¹å®šã®ã‚¿ã‚°ã‚ãƒ¼ã¨å€¤ã‚’æŒã£ã¦ã„ã‚‹ã“ã¨ã‚’æ¡ä»¶ã«ã€ã€Œé©ç”¨ã€ã‚’ã€Œã‚ªãƒ•ã€ã¨ã™ã‚‹ã‚‚ã®ã§ã™ã€‚è¨å®šå€¤ã€Œå€¤ã®ãƒ‘ã‚¹ã€ã¯ã€[organization_name]/apply-policy/false ã¨ã—ã¾ã™ã€‚ã‚¿ã‚°ã‚’ä½œæˆæ¸ˆã¿ã®å ´åˆã€ãƒ—ãƒ«ãƒ€ã‚¦ãƒ³ãƒ¡ãƒ‹ãƒ¥ãƒ¼ã‹ã‚‰é¸æŠžã§ãã¾ã™ã€‚

ãƒãƒªã‚·ãƒ¼ã®ç·¨é›†

å€¤ã®ãƒ‘ã‚¹

2ã¤ç›®ã¯ã€1ã¤ç›®ã®ãƒ«ãƒ¼ãƒ«ã®æ¡ä»¶ã«åˆè‡´ã—ãªã„å ´åˆã«é©ç”¨ã•ã‚Œã‚‹ã€ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã®ãƒ«ãƒ¼ãƒ«ã§ã™ã€‚ã€Œãƒ«ãƒ¼ãƒ«ã®è¿½åŠ ã€ã‚’æŠ¼ä¸‹ã—ã€ã€Œé©ç”¨ã€ã®ãƒ©ã‚¸ã‚ªãƒœã‚¿ãƒ³ã§ã€Œã‚ªãƒ³ã€ã‚’é¸æŠžã—ã¾ã™ã€‚ã“ã‚Œã‚’è¨å®šã—ãªã„å ´åˆã€A boolean policy must always include one unconditional rule. ã¨ã„ã†ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒè¡¨ç¤ºã•ã‚Œã€ãƒãƒªã‚·ãƒ¼ã®è¨å®šãŒå®Œäº†ã—ã¾ã›ã‚“ã€‚

ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆ	â—‹:é©ç”¨æ¸ˆã¿ã€Ã—:æœªé©ç”¨
test-20241028-true	â—‹
test-20241028-false	Ã—
test-20241028-none	â—‹
test-20241028-true-in-folder	â—‹
test-20241028-false-in-folder	Ã—
test-20241028-none-in-folder	Ã—

ä»¥ä¸‹ã¯ã€å„ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆãƒ¬ãƒ™ãƒ«ã§ãƒãƒªã‚·ãƒ¼ã®é©ç”¨çŠ¶æ…‹ã‚’ç¢ºèªã—ãŸéš›ã®ã‚ãƒ£ãƒ—ãƒãƒ£ã§ã™ã€‚æƒ³å®šã—ãŸã¨ãŠã‚Šã«ã€ãƒãƒªã‚·ãƒ¼ãŒé©ç”¨ã•ã‚Œã¦ã„ã‚‹ã“ã¨ãŒã‚ã‹ã‚Šã¾ã™ã€‚

test-20241028-true

test-20241028-false

test-20241028-none

test-20241028-true-in-folder

test-20241028-false-in-folder

test-20241028-none-in-folder

ä»¥ä¸Šã®æ¤œè¨¼çµæžœã‹ã‚‰ã€ä»¥ä¸‹ã®ã“ã¨ãŒç¢ºã‹ã‚ã‚‰ã‚Œã¾ã—ãŸã€‚

è£œè¶³æƒ…å ±

æ¡ä»¶ã®æŒ‡å®šã«ã¤ã„ã¦

ä»Šå›žã®æ¤œè¨¼ã§ã¯ã€ãƒãƒªã‚·ãƒ¼ã®é™¤å¤–å¯¾è±¡ã¨ã™ã‚‹ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã‚’ã‚¿ã‚°ã§æŒ‡å®šã—ã¾ã—ãŸã€‚åå¯¾ã«ã€é©ç”¨å¯¾è±¡ã‚’ã‚¿ã‚°ã§æŒ‡å®šã™ã‚‹ã“ã¨ã‚‚å¯èƒ½ã§ã™ã€‚

ã¾ãŸã€ä»Šå›žã®æ¤œè¨¼ã§ã¯ã‚¿ã‚°åã‚’ä½¿ã£ã¦æŒ‡å®šã™ã‚‹æ–¹æ³•ã‚’ç´¹ä»‹ã—ã¾ã—ãŸãŒã€ä»–ã«ã‚¿ã‚°ã®æ°¸ç¶š IDï¼ˆpermanent IDã€‚ã‚¿ã‚°ã‚ãƒ¼ã‚„å€¤ãŒæŒã¤ãƒªã‚½ãƒ¼ã‚¹ IDï¼‰ã§æŒ‡å®šã™ã‚‹ã“ã¨ã‚‚ã§ãã¾ã™ã€‚

å‚è€ƒ : æ°¸ç¶š ID ã‚’ä½¿ç”¨ã™ã‚‹æ¡ä»¶

Terraform

å½“æ¤œè¨¼ã§ä½¿ç”¨ã—ãŸçµ„ç¹”ãƒ¬ãƒ™ãƒ«ã®ãƒªã‚½ãƒ¼ã‚¹ã¯ã€ä»¥ä¸‹ã®ã‚ˆã†ã« Terraform ã§è¨˜è¿°ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ãªãŠä»¥ä¸‹ã®ã‚µãƒ³ãƒ—ãƒ«ã‚³ãƒ¼ãƒ‰å†…ã®å¤‰æ•° organization_number_id ã¯10~13æ¡ã®æ•°å—ã§è¡¨ã•ã‚Œã‚‹çµ„ç¹” ID ã§ã™ã€‚

resource "google_tags_tag_key" "apply_policy" {
  short_name  = "apply-policy"
  parent      = "organizations/${var.organization_number_id}"
  description = "The flag indicating whether to apply the policy or not."
}
  
resource "google_tags_tag_value" "apply_policy_true" {
  parent      = "tagKeys/${google_tags_tag_key.apply_policy.name}"
  short_name  = "true"
  description = "Apply organization policy to the project."
}
  
resource "google_tags_tag_value" "apply_policy_false" {
  parent      = "tagKeys/${google_tags_tag_key.apply_policy.name}"
  short_name  = "false"
  description = "Do NOT apply organization policy to the project."
}
  
resource "google_org_policy_policy" "storage_public_access_prevention" {
  name   = "organizations/${var.organization_number_id}/storage.publicAccessPrevention"
  parent = "organizations/${var.organization_number_id}"
  
  spec {
    rules {
      enforce = "FALSE"
      condition {
        title       = "Do NOT apply with the tag"
        description = "Do NOT apply storage.publicAccessPrevention on the projects tagged with apply-policy: false"
        expression  = "resource.matchTag('${var.organization_number_id}/apply-policy', 'false')"
      }
    }
    rules {
      enforce = "TRUE"
    }
  }
}

G-gen Tech Blog

Google Workspaceã®ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆç®¡ç†ã§ãƒ¢ãƒã‚¤ãƒ«ãƒ‡ãƒã‚¤ã‚¹ã‚’å®‰å…¨ã«ç®¡ç†ã™ã‚‹

æ¦‚è¦

ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆç®¡ç†ã¨ã¯

ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆç®¡ç†ã‚’ä½¿ç”¨ã™ã‚‹ãƒ¡ãƒªãƒƒãƒˆ

å‰ææ¡ä»¶

åŸºæœ¬ç®¡ç†ã¨è©³ç´°ç®¡ç†

iOS ãƒ‡ãƒã‚¤ã‚¹ã®è©³ç´°ç®¡ç†

æ¤œè¨¼æ‰‹é †

ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆè¨­å®š

ãƒ‡ãƒã‚¤ã‚¹ã®ç™»éŒ²ï¼ˆiOS/Androidï¼‰

ãƒ‡ãƒã‚¤ã‚¹ã®ç™»éŒ²ç¢ºèªï¼ˆiOS/Androidï¼‰

iOS ã®ãƒãƒªã‚·ãƒ¼è¨­å®š

Android ã®ãƒãƒªã‚·ãƒ¼è¨­å®š

å‹•ä½œç¢ºèª

iOS ã®å‹•ä½œç¢ºèªï¼ˆãƒ­ãƒ¼ã‚«ãƒ«ä¿å­˜ä¸å¯ï¼‰

Android ã®å‹•ä½œç¢ºèªï¼ˆæ¥­å‹™ç”¨ã‚¢ãƒ—ãƒªã®é…å¸ƒï¼‰

Android ã®å‹•ä½œç¢ºèªï¼ˆã‚¢ã‚«ã‚¦ãƒ³ãƒˆãƒ¯ã‚¤ãƒ—ï¼‰

BigQuery MLã‚’å¾¹åº•è§£èª¬ï¼

æ¦‚è¦

BigQuery ã¨ã¯

BigQuery ML ã¨ã¯

BigQuery ML ã®ä½¿ç”¨æ–¹æ³•

ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹

BigQuery Editions

ã‚¯ã‚¨ãƒªã®ãƒ‰ãƒ©ã‚¤ãƒ©ãƒ³

BigQuery ML ã§ã‚µãƒãƒ¼ãƒˆã•ã‚Œã‚‹ãƒ¢ãƒ‡ãƒ«

å†…éƒ¨ãƒ¢ãƒ‡ãƒ«

å¤–éƒ¨ãƒ¢ãƒ‡ãƒ«

ã‚¤ãƒ³ãƒãƒ¼ãƒˆã•ã‚ŒãŸãƒ¢ãƒ‡ãƒ«

ãƒªãƒ¢ãƒ¼ãƒˆãƒ¢ãƒ‡ãƒ«

ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒ Vertex AI ã§ãƒ‡ãƒ—ãƒ­ã‚¤ã—ãŸãƒ¢ãƒ‡ãƒ«

Google ã®ç”Ÿæˆ AI ãƒ¢ãƒ‡ãƒ«

ã‚¿ã‚¹ã‚¯å›ºæœ‰ã®ã‚½ãƒªãƒ¥ãƒ¼ã‚·ãƒ§ãƒ³

åŸºæœ¬çš„ãª SQL ã‚¹ãƒ†ãƒ¼ãƒˆãƒ¡ãƒ³ãƒˆãƒ»é–¢æ•°

CREATE MODEL ã‚¹ãƒ†ãƒ¼ãƒˆãƒ¡ãƒ³ãƒˆ

ML.EVALUATE é–¢æ•°

ML.PREDICT é–¢æ•°

ç‰¹å¾´é‡ã®å‰å‡¦ç†

è‡ªå‹•å‰å‡¦ç†

æ‰‹å‹•å‰å‡¦ç†ï¼ˆTRANSFORM ã‚¹ãƒ†ãƒ¼ãƒˆãƒ¡ãƒ³ãƒˆï¼‰

ãƒ¢ãƒ‡ãƒ«ã®ãƒ¢ãƒ‹ã‚¿ãƒªãƒ³ã‚°

BigQuery ML ã®æ–™é‡‘

ã‚ªãƒ³ãƒ‡ãƒžãƒ³ãƒ‰æ–™é‡‘

BigQuery Editions ã®æ–™é‡‘

å¤–éƒ¨ãƒ¢ãƒ‡ãƒ«ã®æ–™é‡‘

ãƒªãƒ¢ãƒ¼ãƒˆãƒ¢ãƒ‡ãƒ«ã®æ–™é‡‘

ä»–ã®æ©Ÿæ¢°å­¦ç¿’ç³»ãƒ—ãƒ­ãƒ€ã‚¯ãƒˆã¨ã®çµ±åˆ

Vertex AI

Colab Enterprise

Evantarcã¨Workflowsã§ã‚¤ãƒ™ãƒ³ãƒˆãƒ‰ãƒªãƒ–ãƒ³ã«Cloud Run jobsã‚’å®Ÿè¡Œã—ã¦ã¿ãŸ

æ¦‚è¦

Cloud Run functions ã¨ Cloud Run jobs

æ¤œè¨¼ã®æ¦‚è¦

Eventarc

Workflows

Cloud Storage ã®æº–å‚™

Cloud Storage ãƒã‚±ãƒƒãƒˆã®ä½œæˆ

Cloud Strage ã‚µãƒ¼ãƒ“ã‚¹ã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆã¸ã®æ¨©é™ä»˜ä¸Ž

BigQuery ãƒ†ãƒ¼ãƒ–ãƒ«ã®ä½œæˆ

Cloud Run jobs ã®ä½œæˆ

ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®ä½œæˆ

Docker ã‚³ãƒ³ãƒ†ãƒŠã®ä½œæˆã«å¿…è¦ãªãƒªã‚½ãƒ¼ã‚¹ã®ä½œæˆ

main.py

requirements.txt

Procfile

Artifact Registry ã®ä½œæˆ

Artifact Registry ã«ã‚¢ãƒƒãƒ—ãƒ­ãƒ¼ãƒ‰

Cloud Run jobs ã®ä½œæˆ

Workflows ã®ä½œæˆ

ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®è¨­å®š

ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒ­ãƒ¼ã®ä½œæˆ

cloud-run-job-workflow.yaml

ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒ­ãƒ¼ã®ãƒ‡ãƒ—ãƒ­ã‚¤

Eventarc ãƒˆãƒªã‚¬ãƒ¼ã®è¨­å®š

ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®è¨­å®š

Eventarc ã®ä½œæˆ

å‹•ä½œç¢ºèª

Gemini APIã¸ã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆã§ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰429ã€ŒResource exhausted, please try again later.ã€

äº‹è±¡

Google Workspaceã®ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆç®¡ç†ã§ãƒ¢ãƒã‚¤ãƒ«ãƒ‡ãƒã‚¤ã‚¹ã‚’å®‰å…¨ã«ç®¡ç†ã™ã‚‹

æ¦‚è¦

ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆç®¡ç†ã¨ã¯

ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆç®¡ç†ã‚’ä½¿ç”¨ã™ã‚‹ãƒ¡ãƒªãƒƒãƒˆ

å‰ææ¡ä»¶

åŸºæœ¬ç®¡ç†ã¨è©³ç´°ç®¡ç†

iOS ãƒ‡ãƒã‚¤ã‚¹ã®è©³ç´°ç®¡ç†

ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆè¨å®š

ãƒ‡ãƒã‚¤ã‚¹ã®ç™»éŒ²ï¼ˆiOS/Androidï¼‰

ãƒ‡ãƒã‚¤ã‚¹ã®ç™»éŒ²ç¢ºèªï¼ˆiOS/Androidï¼‰

iOS ã®ãƒãƒªã‚·ãƒ¼è¨å®š

Android ã®ãƒãƒªã‚·ãƒ¼è¨å®š

å‹•ä½œç¢ºèª

iOS ã®å‹•ä½œç¢ºèªï¼ˆãƒãƒ¼ã‚«ãƒ«ä¿å˜ä¸å¯ï¼‰

Android ã®å‹•ä½œç¢ºèªï¼ˆæ¥å‹™ç”¨ã‚¢ãƒ—ãƒªã®é…å¸ƒï¼‰

Android ã®å‹•ä½œç¢ºèªï¼ˆã‚¢ã‚«ã‚¦ãƒ³ãƒˆãƒ¯ã‚¤ãƒ—ï¼‰

BigQuery MLã‚’å¾¹åº•è§£èª¬ï¼

æ¦‚è¦

BigQuery ã¨ã¯

BigQuery ML ã¨ã¯

BigQuery ML ã®ä½¿ç”¨æ–¹æ³•

ã‚¯ã‚¨ãƒªã®ãƒ‰ãƒ©ã‚¤ãƒ©ãƒ³

BigQuery ML ã§ã‚µãƒãƒ¼ãƒˆã•ã‚Œã‚‹ãƒ¢ãƒ‡ãƒ«

ã‚¤ãƒ³ãƒãƒ¼ãƒˆã•ã‚ŒãŸãƒ¢ãƒ‡ãƒ«

ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒ Vertex AI ã§ãƒ‡ãƒ—ãƒã‚¤ã—ãŸãƒ¢ãƒ‡ãƒ«

Google ã®ç”Ÿæˆ AI ãƒ¢ãƒ‡ãƒ«

ã‚¿ã‚¹ã‚¯å›ºæœ‰ã®ã‚½ãƒªãƒ¥ãƒ¼ã‚·ãƒ§ãƒ³

åŸºæœ¬çš„ãª SQL ã‚¹ãƒ†ãƒ¼ãƒˆãƒ¡ãƒ³ãƒˆãƒ»é–¢æ•°

ç‰¹å¾´é‡ã®å‰å‡¦ç†

è‡ªå‹•å‰å‡¦ç†

æ‰‹å‹•å‰å‡¦ç†ï¼ˆTRANSFORM ã‚¹ãƒ†ãƒ¼ãƒˆãƒ¡ãƒ³ãƒˆï¼‰

ãƒ¢ãƒ‡ãƒ«ã®ãƒ¢ãƒ‹ã‚¿ãƒªãƒ³ã‚°

BigQuery ML ã®æ–™é‡‘

BigQuery Editions ã®æ–™é‡‘

å¤–éƒ¨ãƒ¢ãƒ‡ãƒ«ã®æ–™é‡‘

ãƒªãƒ¢ãƒ¼ãƒˆãƒ¢ãƒ‡ãƒ«ã®æ–™é‡‘

ä»–ã®æ©Ÿæ¢°å¦ç¿’ç³»ãƒ—ãƒãƒ€ã‚¯ãƒˆã¨ã®çµ±åˆ

Evantarcã¨Workflowsã§ã‚¤ãƒ™ãƒ³ãƒˆãƒ‰ãƒªãƒ–ãƒ³ã«Cloud Run jobsã‚’å®Ÿè¡Œã—ã¦ã¿ãŸ

æ¦‚è¦

Cloud Run functions ã¨ Cloud Run jobs

æ¤œè¨¼ã®æ¦‚è¦

Cloud Storage ã®æº–å‚™

Cloud Storage ãƒã‚±ãƒƒãƒˆã®ä½œæˆ

Cloud Strage ã‚µãƒ¼ãƒ“ã‚¹ã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆã¸ã®æ¨©é™ä»˜ä¸Ž

BigQuery ãƒ†ãƒ¼ãƒ–ãƒ«ã®ä½œæˆ

Cloud Run jobs ã®ä½œæˆ

ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®ä½œæˆ

Docker ã‚³ãƒ³ãƒ†ãƒŠã®ä½œæˆã«å¿…è¦ãªãƒªã‚½ãƒ¼ã‚¹ã®ä½œæˆ

Artifact Registry ã®ä½œæˆ

Artifact Registry ã«ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰

Cloud Run jobs ã®ä½œæˆ

Workflows ã®ä½œæˆ

ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®è¨å®š

ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼ã®ä½œæˆ

ãƒ¯ãƒ¼ã‚¯ãƒ•ãƒãƒ¼ã®ãƒ‡ãƒ—ãƒã‚¤

Eventarc ãƒˆãƒªã‚¬ãƒ¼ã®è¨å®š

ã‚µãƒ¼ãƒ“ã‚¹ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®è¨å®š

Eventarc ã®ä½œæˆ

å‹•ä½œç¢ºèª

Gemini APIã¸ã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆã§ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰429ã€ŒResource exhausted, please try again later.ã€

2ã¤ã®å¯¾å‡¦æ¡ˆ

ã‚¨ã‚¯ã‚¹ãƒãƒãƒ³ã‚·ãƒ£ãƒ«ãƒãƒƒã‚¯ã‚ªãƒ•

Provisioned Throughput ã¨ã¯

è³¼å…¥æ–¹æ³•ã¨æ–™é‡‘

çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ã€Œãƒ‰ãƒ¡ã‚¤ãƒ³ã§åˆ¶é™ã•ã‚ŒãŸå…±æœ‰ã€(constraints/iam.allowedPolicyMemberDomains)ãŒé©ç”¨ã•ã‚Œã¦ã„ã¾ã™ã€‚ã¸ã®å¯¾å‡¦æ³•

äº‹è±¡ã¨ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸

é¡§å®¢ ID ã®ç¢ºèª

IAM æ¨©é™ã®ç¢ºèª

çµ„ç¹”ã€ãƒ•ã‚©ãƒ«ãƒ€ã¾ãŸã¯ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã‚’é¸æŠž

çµ„ç¹”ã®ãƒãƒªã‚·ãƒ¼ç”»é¢ã¸é·ç§»

åˆ¶ç´„ã®ç·¨é›†ç”»é¢ã¸é·ç§»

çµæžœã®ç¢ºèª

æœ€å¾Œã«

2024å¹´12æœˆã®ã‚¤ãƒã‚ªã‚·Google Cloudã‚¢ãƒƒãƒ—ãƒ‡ãƒ¼ãƒˆ

ã¯ã˜ã‚ã«

Google ãƒ•ã‚©ãƒ¼ãƒ ã§æ–°ã—ã„æ¨©é™ã€ŒResponderï¼ˆå›žç”è€…ï¼‰ã€ãŒåˆ©ç”¨å¯èƒ½ã«

Vertex AI Search ã§ gemini-1.5-flash-002-high-fidelityï¼ˆPreviewï¼‰

Google Deepmindã€å¤§è¦æ¨¡ä¸–ç•Œãƒ¢ãƒ‡ãƒ« Genie 2 ã‚’ç™ºè¡¨

Parameter Manager ãŒ Preview å…¬é–‹

ç”»åƒç”Ÿæˆãƒ¢ãƒ‡ãƒ«ã€ŒImagen 3ã€ãŒä¸€èˆ¬å…¬é–‹