投稿時間:2021-05-04 01:42:57 RSSフィード2021-05-04 01:00 分まとめ(45件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
AWS	AWS Government, Education, and Nonprofits Blog	Now available: Expanded funding for nonprofits with the 2021 AWS Imagine Grant	https://aws.amazon.com/blogs/publicsector/now-available-expanded-funding-nonprofits-2021-aws-imagine-grant/	Now available Expanded funding for nonprofits with the AWS Imagine GrantNonprofits have found themselves thrust into a digital first landscape with an increasing demand for virtual or remote services for beneficiaries donors volunteers and staff During the COVID pandemic nonprofit organizations put forth tremendous effort to fill gaps unmet by the government and private sectors for our communities Nonprofits have shown agility in their pivot to online events remote service delivery sharing of data and research and more To help nonprofits access the best in class tools provided by AWS today we are launching the AWS Imagine Grant program Guidelines and instructions on how to apply for this year s cycle are available today	2021-05-03 15:18:26
AWS	AWS	How do I set up AMS connector on my ServiceNow instance?	https://www.youtube.com/watch?v=WXzvmmWqxdg	How do I set up AMS connector on my ServiceNow instance For more information about AWS Managed Services see Or watch this video Gopinath shows you how to set up AMS connector on your ServiceNow instance	2021-05-03 15:17:42
AWS	AWS	How do I raise RFCs for cross-account Amazon S3 bucket access in different AMS accounts?	https://www.youtube.com/watch?v=F5oB_uNsn4Y	How do I raise RFCs for cross account Amazon S bucket access in different AMS accounts For more information about AWS Managed Services see Or watch this video Vishal shows you how to raise RFCs for cross account Amazon S bucket access in different AMS accounts	2021-05-03 15:16:07
js	JavaScriptタグが付けられた新着投稿 - Qiita	Node.jsでGoogle Spread Sheetsを読み取る 【Sheet API v4】	https://qiita.com/n0bisuke/items/47ee043fc6cf1b5168c2	よもやまgoogleauthtokengeneratorは自作モジュールなので公式の手順と若干異なりますが、YoutubeやGmailなどGoogle系のAPIで同じ処理を書くのが辛いのでnpmパッケージ化してみました。	2021-05-04 00:39:26
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	JavaScript+JSON 配列数	https://teratail.com/questions/336484?rss=all		2021-05-04 00:59:38
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	swift タイマーを規定回数ループさせたい	https://teratail.com/questions/336483?rss=all	swiftタイマーを規定回数ループさせたい前提・実現したいこと現在筋トレアプリを作成しております。	2021-05-04 00:47:57
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	特定のvueコンポーネント内から外部のjsファイルを読み込む際のエラーの内容の理解と読み込み自体が出来ず困っています。	https://teratail.com/questions/336482?rss=all	特定のvueコンポーネント内から外部のjsファイルを読み込む際のエラーの内容の理解と読み込み自体が出来ず困っています。	2021-05-04 00:39:49
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	VScode上のanaconda利用のエラー	https://teratail.com/questions/336481?rss=all	VScode上のanaconda利用のエラーanacondaの環境下でVScodeでコードを書いているのですが、VScodeのターミナルでプログラムの実行ができているのにも関わらず、ソースコードのエラー波線が消えません。	2021-05-04 00:36:58
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	REST APIでのデータ取得に失敗する	https://teratail.com/questions/336480?rss=all	RESTAPIでのデータ取得に失敗するAPIでデータを取得しようと、ローカルPC上で以下のようなHTMLを書き、Chromeで実行しましたがquot接続失敗quotになってしまいます。	2021-05-04 00:11:11
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	strlen関数　変換指定子%dでprintfできないのは何故でしょうか	https://teratail.com/questions/336479?rss=all	strlen関数変換指定子dでprintfできないのは何故でしょうか前提・実現したいこと書籍の復習問題にてstrlen関数をprintfで出力する際の変換指定子が書籍ではdとなっているのですが、実際コンパイルするとエラーが起きエラー文通りに変換指定子をluにすると改善されました。	2021-05-04 00:10:55
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	Windows環境で動作している任意のサーバを見つける方法はありませんか	https://teratail.com/questions/336478?rss=all	Windows環境で動作している任意のサーバを見つける方法はありませんか発生している問題Win環境で、なんのサーバもローカルで動かしているつもりはないのですが、localhostにアクセスすると、nbspServicenbspunavailableが返ってきます。	2021-05-04 00:00:56
Ruby	Rubyタグが付けられた新着投稿 - Qiita	【Rails】resoucesを使用しても、editやdestroyでActionController::RoutingErrorとエラーが発生してしまう場合について	https://qiita.com/GalaxyNeko/items/e2016abf70a0e619c5d5	【Rails】resoucesを使用しても、editやdestroyでActionControllerRoutingErrorとエラーが発生してしまう場合について症状RailsのAPIモードでeditアクションに対してアクセスしようとしたとき、下記エラーが発生しアクセスできませんでした。	2021-05-04 00:06:17
Linux	Ubuntuタグが付けられた新着投稿 - Qiita	Chuwi LarkBoxPro を弄ってみた Ubuntu編	https://qiita.com/NNNGriziMan/items/8c4e92f913857e1cd294	私は何も考えずにWindowsがプリインストールされているGBeMMCにインストールしたため多分winとUbuntuのデュアルブート環境になっていると思います。	2021-05-04 00:08:35
AWS	AWSタグが付けられた新着投稿 - Qiita	オンプレでVMwareを触ってきた人のためのAWS速習	https://qiita.com/tokkun5552/items/1d95feb0d9f722a54fdd	OSインストールすることもなくなるのかと思うと少し寂しい・・・インスタンスタイプの選択VMwareではvCPUのソケット、コア数、予約する周波数などやメモリの割り当て、予約値、予約値のロックなどを最初から細かく指定するが、AWSのECではインスタンスファミリーと呼ばれるテンプレみたいなものから選ぶ形となっている。	2021-05-04 00:05:00
AWS	AWSタグが付けられた新着投稿 - Qiita	AWS無料枠を意図せず超えてしまった話(backup storage exceeding free allocation)	https://qiita.com/NoOne/items/5482a61137b5cb8115be	xceedingfreeallocationaws	2021-05-04 00:00:40
Git	Gitタグが付けられた新着投稿 - Qiita	GITの操作	https://qiita.com/tsubasa0116/items/226505d36735eefec0a2	gitclonelt共有リポジトリ先gtltフォルダ名gt共有リポジトリの中身をltフォルダ名gtの中にコピーする。	2021-05-04 00:39:41
Ruby	Railsタグが付けられた新着投稿 - Qiita	【Rails】resoucesを使用しても、editやdestroyでActionController::RoutingErrorとエラーが発生してしまう場合について	https://qiita.com/GalaxyNeko/items/e2016abf70a0e619c5d5	【Rails】resoucesを使用しても、editやdestroyでActionControllerRoutingErrorとエラーが発生してしまう場合について症状RailsのAPIモードでeditアクションに対してアクセスしようとしたとき、下記エラーが発生しアクセスできませんでした。	2021-05-04 00:06:17
海外TECH	Ars Technica	Epic vs. Apple trial starts today—here’s what to expect	https://arstechnica.com/?p=1761959	marketplace	2021-05-03 15:15:37
Apple	AppleInsider - Frontpage News	Samsung expected to supply rigid flexible PCBs for 120Hz 'iPhone 13'	https://appleinsider.com/articles/21/05/03/samsung-expected-to-supply-rigid-flexible-pcbs-for-120hz-iphone-13?utm_medium=rss	Samsung expected to supply rigid flexible PCBs for Hz x iPhone x Samsung will be a supplier to Apple of rigid flexible printed circuit boards RFPCB for the Pro models of the iPhone a report claims which could help bring Hz ProMotion to the Pro lineupSamsung Electro Mechanics a subsidiary of the parent organization Samsung provided RFPCBs to Apple for the iPhone and will be retaining the role in the fall s iPhone refresh for some models The component is used to connect the OLED display panel to the main board of the device itself However there was a chance that Samsung wasn t going to be the supplier of the component this time around According to TheElec Samsung Electro Mechanics considered leaving the RFPCB business entirely in due to being unprofitable for a number of years Read more	2021-05-03 15:07:07
Apple	AppleInsider - Frontpage News	Apple to debut 8-inch foldable iPhone in 2023, Kuo says	https://appleinsider.com/articles/21/05/03/apple-to-debut-8-inch-foldable-iphone-in-2023-kuo-says?utm_medium=rss	Apple to debut inch foldable iPhone in Kuo saysApple is predicted to launch a foldable iPhone with inch flexible OLED display sometime in with the company planning for shipments of as many as million units that year according to analyst Ming Chi Kuo In a research note to investors Kuo forecasts Apple s first foldable iPhone to boast an inch QHD display which at by pixels is a higher effective resolution panel than Samsung Fold s inch QXGA screen QHD displays also feature a perfect aspect ratio a deviation from the current ratio seen on both iPhone and iPhone Pro Whether the upcoming iPhone will fold horizontally or vertically was left unmentioned in Monday s report Read more	2021-05-03 15:36:26
海外TECH	Engadget	The best gaming gear for graduates	https://www.engadget.com/best-gaming-gifts-for-graduates-150047802.html	engadget	2021-05-03 15:00:47
海外TECH	Network World	Extreme CEO talks AI, automation, chip shortages	https://www.networkworld.com/article/3617001/extreme-ceo-talks-ai-automation-chip-shortages.html#tk.rss_all	Extreme CEO talks AI automation chip shortages Fresh off one of the strongest quarters in the company s year history where it hit double digit year over year revenue growth and a fourth consecutive quarter of growth Extreme Networks is betting heavily on automation AI and cloud management to keep the party going Extreme NetworksExtreme CEO Ed MeyercordTo read this article in full please click here	2021-05-03 15:05:00
海外科学	NYT > Science	To Solve 3 Cold Cases, This Small County Got a DNA Crash Course	https://www.nytimes.com/2021/05/03/science/cold-cases-genetic-genealogy.html	To Solve Cold Cases This Small County Got a DNA Crash CourseForensic genealogy helped nab the Golden State Killer in Now investigators across the country are using it to revisit hundreds of unsolved crimes	2021-05-03 15:02:32
ニュース	@日本経済新聞 電子版	消えた「スー・チー氏解放」結束の演出に腐心 https://t.co/IDhZ5GpYTz	https://twitter.com/nikkei/statuses/1389242552201613313	解放	2021-05-03 15:36:49
ニュース	@日本経済新聞 電子版	銀行ATM、脱自前で合従連衡　現金離れの対応急ぐ https://t.co/IX9ywshu0f	https://twitter.com/nikkei/statuses/1389242551199092740	合従連衡	2021-05-03 15:36:49
ニュース	@日本経済新聞 電子版	入域制限緩和を提言　欧州委、ワクチン接種者対象に https://t.co/TxvUlKNPYT	https://twitter.com/nikkei/statuses/1389242331904155658	緩和	2021-05-03 15:35:57
ニュース	@日本経済新聞 電子版	米ベライゾン、ヤフーやAOLをアポロに売却　5400億円 https://t.co/4eDcF0nNy5	https://twitter.com/nikkei/statuses/1389242330834636800	売却	2021-05-03 15:35:57
海外ニュース	Japan Times latest articles	Hokkaido Shinkansen struggling amid competition from airlines and ferries	https://www.japantimes.co.jp/news/2021/05/03/business/corporate-business/hokkaido-shinkansen-struggles/	Hokkaido Shinkansen struggling amid competition from airlines and ferriesWith other operators offering discounts during the coronavirus pandemic JR Hokkaido is being urged to improve its discount system too	2021-05-04 02:00:10
海外ニュース	Japan Times latest articles	Japan-trained appraiser sifts through China’s secondhand luxury market for fakes	https://www.japantimes.co.jp/news/2021/05/03/business/china-luxury-goods-zhang-chen/	Japan trained appraiser sifts through China s secondhand luxury market for fakesZhang Chen s school in Beijing teaches students how to spot imitation goods offering a foothold in market that is only just taking off in China	2021-05-04 01:56:59
海外ニュース	Japan Times latest articles	Japan, China and South Korea vow ‘targeted’ support for pandemic recovery	https://www.japantimes.co.jp/news/2021/05/03/business/economy-business/china-south-korea-japan-coronavirus-economy/	Japan China and South Korea vow targeted support for pandemic recoveryFinance ministers from the three countries pledged to achieve inclusive recovery preserve long term fiscal sustainability and maintain financial stability	2021-05-04 01:46:42
海外ニュース	Japan Times latest articles	Myanmar residents urge Japan to recognize anti-junta body as government	https://www.japantimes.co.jp/news/2021/05/03/national/myanmar-residents-japan-nug/	taiwan	2021-05-04 00:23:10
海外ニュース	Japan Times latest articles	Japan bolsters capabilities in electronic warfare, space and cyber realms	https://www.japantimes.co.jp/news/2021/05/03/national/japan-defense-electronic-warfare-space-cyber/	Japan bolsters capabilities in electronic warfare space and cyber realmsHaving advantages in the new fields is crucially important for the SDF in the face of Chinese and Russian military buildups defense officials say	2021-05-04 00:20:01
海外ニュース	Japan Times latest articles	Morals and the COVID-19 vaccine market	https://www.japantimes.co.jp/opinion/2021/05/03/commentary/world-commentary/covid-19-vaccinations-who-poor-rich-countries/	disparities	2021-05-04 02:00:45
海外ニュース	Japan Times latest articles	The trust gap between winning and losing sides in elections	https://www.japantimes.co.jp/opinion/2021/05/03/commentary/world-commentary/2020-u-s-presidential-election-donald-trump-joe-biden-republicans-democrats-voter-fraud/	contest	2021-05-04 02:00:13
海外ニュース	Japan Times latest articles	A Beijing-born director made Oscar history. Why isn’t China celebrating?	https://www.japantimes.co.jp/opinion/2021/05/03/commentary/world-commentary/china-chloe-zhao-oscars-human-rights-hollywood-nomadland/	A Beijing born director made Oscar history Why isn t China celebrating The fallout in the wake of Zhao s win highlights the growing challenges of navigating China s fraught political landscape particularly for creators of Chinese descent	2021-05-04 02:00:05
ニュース	BBC News - Home	Covid: Some foreign travel opening on 17 May - Boris Johnson	https://www.bbc.co.uk/news/uk-56970260	johnson	2021-05-03 15:52:13
ニュース	BBC News - Home	European Super League: Premier League brings in new owners' rule to stop repeat	https://www.bbc.co.uk/sport/football/56972776	attempts	2021-05-03 15:20:03
ニュース	BBC News - Home	Child sexual abuse: Four held in German-led raid on huge network	https://www.bbc.co.uk/news/world-europe-56969414	abuse	2021-05-03 15:06:15
ニュース	BBC News - Home	Selby maintains lead over Murphy heading into final session	https://www.bbc.co.uk/sport/snooker/56972835	championship	2021-05-03 15:34:02
ニュース	BBC News - Home	World Championship Snooker: Was this Mark Selby red the shot of the tournament?	https://www.bbc.co.uk/sport/av/snooker/56973472	crucible	2021-05-03 15:40:12
ビジネス	不景気.com	アツギの21年3月期は38億円の最終赤字へ、減損で - 不景気.com	https://www.fukeiki.com/2021/05/atsugi-2021-loss.html	最終赤字	2021-05-03 15:32:38
北海道	北海道新聞	オクトーバーフェスト今年も中止　ドイツのビール祭り、２年連続	https://www.hokkaido-np.co.jp/article/540213/	首相	2021-05-04 00:02:00
Azure	Azure の更新情報	Azure Security Center: General availability updates for April 2021	https://azure.microsoft.com/ja-jp/updates/asc-april2021-1/	april	2021-05-03 15:47:39
Azure	Azure の更新情報	Azure Security Center: Public preview updates for April 2021	https://azure.microsoft.com/ja-jp/updates/asc-april2021-2/	april	2021-05-03 15:47:35
GCP	Cloud Blog	New blueprint helps secure confidential data in AI Platform Notebooks	https://cloud.google.com/blog/products/ai-machine-learning/ai-platform-notebooks-security-blueprint/	New blueprint helps secure confidential data in AI Platform NotebooksCore to Google Cloud s efforts to be the industry s most Trusted Cloud is our belief in shared fate taking an active stake to help customers achieve better security outcomes on our platforms To make it easier to build security into deployments we provide opinionated guidance for customers in the form of security blueprints We recently released our updated Google Cloud security foundations guide and deployable blueprint to help our customers build security into their starting point on Google Cloud Today we re adding to our portfolio of blueprints with the publication of our Protecting confidential data in AI Platform Notebooks blueprint guide and deployable blueprint which can help you apply data governance and security policies that protect your AI Platform Notebooks containing confidential data Security and privacy are particularly important when it comes to AI because confidential data is often at the heart of AI and ML projects This blog post focuses on securing the following high level notebook flow at all relevant security layers AI Platform Notebooks offer an integrated and secure JupyterLab environment for enterprises Data science practitioners in enterprises use AI Platform Notebooks to experiment develop code and deploy models With a few clicks you can easily get started with a Notebook running alongside popular deep learning frameworks TensorFlow Enterprise PyTorch RAPIDS and many others Today AI Platform Notebooks can be run on Deep Learning Virtual Machines or Deep Learning Containers Enterprise customers particularly those in highly regulated industries like financial services and healthcare and life sciences may want to run their JupyterLab Notebooks in a secure perimeter and control access to the notebooks and data AI Platform Notebooks were built from the ground up with such customers in mind with security and access control as the pillars of the service Recently we announced the general availability of several security features including VPC Service Controls VPC SC customer managed encryption keys CMEK and more for AI Platform Notebooks However security is more than just features practices and processes are just as important Let s walk through the blueprint which serves as a step by step guide to help secure your data and the Notebooks environment AI Platform Notebooks support popular Google Cloud Platform enterprise security architectures through VPC SC shared VPC and private IP controls You can run a Shielded VM as your compute instance for AI Platform Notebooks and encrypt your data on disk with CMEK You can choose between two predefined user access modes to AI Platform Notebooks single user or via a service account You can also customize access based on your Cloud Identity and Access Management IAM configuration Let s take a closer look at these security features in the context of AI Platform Notebooks Compute Engine securityAI Platform Notebooks with Shielded VM supports a set of security controls that help defend against rootkits and bootkits Available in Notebooks API and DLVM Debian images this functionality helps you protect enterprise workloads from threats like remote attacks privilege escalation and malicious insiders This feature leverages advanced platform security capabilities such as secure and measured boot a virtual trusted platform module vTPM UEFI firmware and integrity monitoring On a Shielded VM Notebook instance Compute Engine enables the virtual Trusted Platform Module vTPM and integrity monitoring options by default In addition to this functionality Notebooks API provides an upgrade endpoint which allows you to perform operating system updates to the latest DLVM image either manually or automatically via auto upgrade Data encryptionWhen you enable CMEK for an AI Platform Notebooks instance the key that you designate rather than a key managed by Google is used to encrypt data on the boot and data disks of the VM In general CMEK is most useful if you need full control over the keys used to encrypt your data With CMEK you can manage your keys within Cloud KMS For example you can rotate or disable a key or you can set up a rotation schedule using the Cloud KMS API Data exfiltration mitigationVPC Service Controls VPC SC improves your ability to mitigate the risk of data exfiltration from Google Cloud services such as Cloud Storage and BigQuery  AI Platform Notebooks supports VPC SC which prevents reading data from or copying data to a resource outside the perimeter using service operations such as copying to a public Cloud Storage bucket using the “gsutil cp command or to a permanent external BigQuery table using the “bq mk command Access control and audit loggingAI Platform Notebooks has a specific set of Identity and Access Management IAM roles Each predefined role contains a set of permissions When you add a new member to a project you can use an IAM policy to give that member one or more IAM roles Each IAM role contains permissions that grant the member access to specific resources AI Platform Notebooks IAM permissions are used to manage Notebook instances you can create delete and modify AI Platform Notebooks instances via Notebooks API To configure JupyterLab access please refer to this troubleshooting resource AI Platform Notebooks writes Admin Activity audit logs which record operations that modify the configuration or metadata of a resource With these security features in mind let s take a look at a few use cases where AI Platform Notebooks can be particularly useful Customers want the same security measures and controls they apply to their IT infrastructure applied to their data and notebook instances Customers want uniform security policies that can be easily applied when their data science teams access data Customers want to tune sensitive data access for specific individuals or teams and prevent broader access to that data AI Platform Notebook Security Best PracticesGoogle Cloud provides features and products that address security concerns at multiple layers including network endpoint application data and user access Although every organization is unique many of our customers have common requirements when it comes to securing their Cloud environments including notebooks deployments  The new Protecting confidential data in AI Platform Notebooks blueprint guide can help you set up security controls and mitigate data exfiltration when using AI Platform Notebooks by  Helping you implement a set of best practices based on common customer inputs Minimizing time to deployment by using a declarative configuration with Terraform Allowing for reproducibility by leveraging the Google Cloud security foundations blueprint The blueprint deploys the following architecture The above diagram illustrates an architecture for implementing security with the following approach Gather resources around common contexts as early as possible Apply least privilege principles when setting up authorization policies Create network boundaries that only allow for necessary communications Protect sensitive information at the data and software level Gather resources around common contexts as early as possibleWith Google Cloud you can gather resources that share a common theme using a resource hierarchy that you can customize The Google Cloud security foundations blueprint sets a default organization s hierarchy The blueprint adds a folder and projects related to handling sensitive production data while using AI Platform Notebooks A “trusted folder under the “production folder contains three projects organized according to its logical application “trusted kms gathers resources such as keys and secrets that protect data “trusted data gathers sensitive data “trusted analytics gathers resources such as notebooks that access data Grouping resources around a common context allows for high level resource management and provides the following advantages compared to setting rules at the resource level Helps reduce the risk of security breach You can apply security rules to a desired entity and propagate them to lower levels via policy inheritance across your data hierarchy Ensure that administrators have to actively create bridges between resources By default projects are sandboxed environments of resources Facilitate future organizational changes Setting rules at a high level helps move groups of resources closer together The blueprint does the following to facilitate the least privileged approach to security Sets specific policies at the trusted folder level Creates identities and authorization roles at the project level Reuses existing shared VPC environments and adds rules at a multiple project level Create network boundaries that only allow for necessary communications Google Cloud provides VPCs for defining networks of resources The previous sections cover the separation of functions through projects VPCs belong to projects so by default resources from a VPC can not communicate with resources in another VPC An administrator must now allow or block network communications With the internet Instances in Google can have internal and external IP addresses The blueprint sets a default policy for forbidding the use of external IP addresses at the trusted folder level With Google APIs Without external IP addresses instances cannot access the public endpoints of Cloud Storage and BigQuery The blueprint sets private connectivity to Google APIs at the VPC level to allow notebooks communication with those services Within boundaries Limits environments such as BigQuery or Cloud Storage that notebooks have access to The blueprint sets VPC Service Controls to create trusted perimeters within which only resources in certain projects can access certain services based on access policies for user device clients Between resources The blueprint creates notebooks using an existing shared VPC The shared VPC should have restrictive firewall rules to limit the protocols that instances can use to communicate with each other The blueprint uses Google Cloud s network features to set the minimum required network paths as follows Enables users to access Google Cloud endpoints through allowlisted devices Allows for the creation of SSH tunnels for users to access notebook instances Connects instances to Google services through private connections within an authorized perimeter Apply least privilege principles when setting up authorization policies Google Cloud provides a default Cloud IAM setup to make the platform onboarding easier For production environments we recommend ignoring most of those default resources Use Cloud IAM to create your custom identities and authorization rules based on your requirements  Google Cloud provides features to implement the least privileged principle while setting up a separation of duties Custom roles provide a way to group a minimum set of permissions for restricting access This ensures that a role allows identities to only perform the tasks expected of them Service accounts can represent an instance identity and act on behalf of trusted users This allows for consistent behavior and limits user actions outside of those computing resources Logical identity groups based on user persona simplifies management by limiting the number of lone and possibly forgotten identities Cloud IAM policies link roles and identities This provides users with the means to do their job while mitigating the risk of unauthorized actions For example the blueprint Creates a service account with enough roles to run jobs and act as an identity for notebook instances in the trusted analytics project Assigns roles to a pre created group of trusted scientists to allow them to use notebooks to interact with data Creates a custom role in the trusted data project with view only access to sensitive information in BigQuery without being allowed to modify or export the data Binds the custom role to relevant user groups and services accounts so they can interact with data in the trusted data project Through Terraform the blueprint creates the following flow Add users from the trusted scientists variable to the pre created trusted data scientists Google Groups Sets a policy for identities in the trusted data scientists group to use the service account sa p notebook compute Creates an individual notebook instance per trusted user and leverages the sa p notebook compute service account as an identity for the instances With this setup users can access confidential data in the trusted data project through the service account which acts as an identity for instances in the trusted analytics project  Note All trusted users can access all confidential data Setting narrower permissions is out of scope for this blueprint Narrower permissions can be set by creating multiple service accounts and limiting their data access at the required level a specific column for example then assigning each service account to the relevant group of identities Protect sensitive information at the data and software level Google Cloud provides default features to protect data at rest and additional security features for creating a notebook The blueprint encrypts data at rest using keys and shows how to Create highly available customer manager keys in your own project Limit key access to select identities Use keys to protect data from BigQuery Cloud Storage and AI Platform Notebooks in other projects within the relevant perimeter For more details see the key management section of the blueprint guide AI Platform Notebooks leverage Jupyter notebooks set up on Compute Engine instances When creating a notebook the blueprint uses AI Platform Notebooks customization features to Set additional security parameters such as preventing “sudo Limit access to external sources when calling deployment scripts Modify the Jupyter setup to mitigate the risk of file downloads from the Jupyterlab UI For more details see the AI Platform Notebooks security controls section of the blueprint guide To learn more about protecting your confidential data while better enabling your data scientists read the guide Protecting confidential data in AI Platform Notebooks We hope that this blueprint as well as our ever expanding portfolio of blueprints available on our Google Cloud security best practices center helps you build security into your Google Cloud deployments from the start and helps make you safer with Google Related ArticleBuild security into Google Cloud deployments with our updated security foundations blueprintGet step by step guidance for creating a secured environment with Google Cloud with the security foundations guide and Terraform blueprin Read Article	2021-05-03 16:00:00