Security is usually an afterthought when organizations design microservices for cloud systems. Most companies today are exposed to potential security threats, but their responses are often more reactive than proactive. This leads to unnecessarily complicated systems that are hard to implement and even harder to manage and scale. Author Gaurav Raje shows you how to build highly secure systems on AWS without increasing overhead.

Ideal for cloud solution architects and software developers with AWS experience, this practical book starts with a high-level architecture and design discussion, then explains how to implement your solution in the cloud while ensuring that the development and operational experience isn't compromised. By leveraging the AWS Shared Responsibility Model, you'll be able to:

  • Develop a modular architecture using microservices that aims to simplify compliance with various regulations in finance, medicine, and legal services
  • Introduce various AWS-based security controls to help protect your microservices from malicious actors
  • Leverage the modularity of the architecture to independently scale security mechanisms on individual microservices
  • Improve the security posture without compromising the autonomy or efficiency of software development teams

Table of Contents

  1. Preface
    1. Goals of This Book
    2. Who Should Use This Book
    3. Conventions Used in This Book
    4. Using Code Examples
    5. O’Reilly Online Learning
    6. How to Contact Us
    7. Acknowledgments
  2. 1. Introduction to Cloud Microservices
    1. Basics of Cloud Information Security
    2. Risk and Security Controls
    3. Organizational Security Policy
    4. Security Incidents and the CIA Triad
    5. AWS Shared Responsibility Model (SRM)
    6. Cloud Architecture and Security
    7. Security Through Modularity
    8. Security Through Simplicity
    9. Security Through Fully Managed AWS Services
    10. Blast Radius, Isolation, and the Locked Rooms Analogy
    11. Defense-in-Depth and Security
    12. Security Through Perimeter Protection
    13. Security Through Zero Trust Architecture
    14. A Brief Introduction to Software Architecture
    15. Tier-Based Architecture
    16. Domain-Driven Design (DDD)
    17. Microservices
    18. Implementation of Microservices on AWS
    19. Container-Based Microservice Architecture
    20. A Very Brief Introduction to Kubernetes
    21. Function as a Service: FaaS Using AWS Lambda
    22. Overview of Cloud Microservice Implementation
    23. Amazon EKS
    24. Amazon EKS Fargate Mode
    25. Function as a Service Using AWS Lambda
    26. Microservice Implementation Summary
    27. Examples of Microservice Communication Patterns
    28. Example 1: Simple Message Passing Between Contexts
    29. Example 2: Message Queues
    30. Example 3: Event-Based Microservices
    31. Summary
  3. 2. Authorization and Authentication Basics
    1. Basics of AWS Identity and Access Management
    2. Principals on AWS
    3. IAM Policies
    4. Principle of Least Privilege (PoLP)
    5. PoLP and Blast Radius
    6. Structure of AWS IAM Policies
    7. Principal-Based Policies
    8. Resource-Based Policies
    9. The Zone of Trust
    10. Evaluation of Policies
    11. Advanced Concepts in AWS IAM Policies
    12. IAM Policy Conditions
    13. AWS Tags and Attribute-Based Access Control
    14. “Not” Policy Elements: NotPrincipal and NotResource
    15. Wrapping Up IAM Policies
    16. Role-Based Access Control (RBAC)
    17. RBAC Modeling
    18. Securing Roles
    19. Assuming Roles
    20. Assume Roles Using the AWS Command Line Interface (CLI)
    21. Switching Roles Using AWS Management Console
    22. Service-Linked Role
    23. Authentication and Identity Management
    24. Basics of Authentication
    25. Identity Federation on AWS
    26. Identity Federation Using SAML 2.0 and OpenID Connect
    27. RBAC and Microservices
    28. Execution Roles
    29. RBAC with AWS Lambda
    30. RBAC with EC2 and the Instance Metadata Service (IMDS)
    31. RBAC with Amazon EKS Using IAM Roles for Service Accounts (IRSA)
    32. Summary
  4. 3. Foundations of Encryption
    1. Brief Overview of Encryption
    2. Why Is Encryption Important on AWS?
    3. Why Is Encryption Important for Microservice Architectures?
    4. Encryption on AWS
    5. Security Challenges with Key-Based Encryption
    6. Business Problem
    7. AWS Key Management Service (KMS)
    8. Basic Encryption Using Customer Master Key (CMK)
    9. Envelope Encryption
    10. Envelope Encryption in Action
    11. Security and AWS KMS
    12. KMS Contexts and Additional Authenticated Data
    13. Key Policies
    14. Grants and ViaService
    15. CMK and Its Components and Supported Actions
    16. Regions and KMS
    17. Cost, Complexity, and Regulatory Considerations
    18. Asymmetric Encryption and KMS
    19. Encryption and Decryption
    20. Digital Signing (Sign and Verify)
    21. DDD and AWS KMS
    22. Contextual Boundaries and Encryption
    23. Accounts and Sharing CMK
    24. KMS and Network Considerations
    25. KMS Grants Revisited
    26. KMS Accounts and Topologies: Tying It All Together
    27. Option 1: Including the CMK Within Bounded Contexts
    28. Option 2: Using a Purpose-Built Account to Hold the CMK
    29. AWS Secrets Manager
    30. How Secrets Manager Works
    31. Secret Protection in AWS Secrets Manager
    32. Summary
  5. 4. Security at Rest
    1. Data Classification Basics
    2. Recap of Envelope Encryption Using KMS
    3. AWS Simple Storage Service (Amazon S3)
    4. Encryption on AWS S3
    5. Access Control on AWS S3 Through S3 Bucket Policies
    6. AWS GuardDuty
    7. Nonrepudiation Using Glacier Vault Lock
    8. Security at Rest for Compute Services
    9. Static Code Analysis Using AWS CodeGuru
    10. AWS Elastic Container Registry (AWS ECR)
    11. AWS Lambda
    12. Elastic Block Store (EBS)
    13. Tying It All Together
    14. Microservice Database Systems
    15. AWS DynamoDB
    16. Amazon Aurora Relational Data Service
    17. Media Sanitization and Data Deletion
    18. Summary
  6. 5. Networking Security
    1. Networking on AWS
    2. Controls
    3. Understanding the Monolith and Microservice Models
    4. Segmentation and Microservices
    5. Software-Defined Network Partitions
    6. Subnetting
    7. Routing in a Subnet
    8. Gateways and Subnets
    9. Public Subnet
    10. Private Subnet
    11. Subnets and Availability Zones
    12. Internet Access for Subnets
    13. Virtual Private Cloud
    14. Routing in a VPC
    15. Microsegmentation at the Network Layer
    16. Cross-VPC Communication
    17. VPC Peering
    18. AWS Transit Gateway
    19. VPC Endpoints
    20. Wrap-Up of Cross-VPC Communication
    21. Firewall Equivalents on the Cloud
    22. Security Groups
    23. Security Group Referencing (Chaining) and Designs
    24. Properties of Security Groups
    25. Network Access Control Lists
    26. Security Groups Versus NACLs
    27. Containers and Network Security
    28. Block Instance Metadata Service
    29. Try to Run Pods in a Private Subnet
    30. Block Internet Access for Pods Unless Necessary
    31. Use Encrypted Networking Between Pods
    32. Lambdas and Network Security
    33. Summary
  7. 6. Public-Facing Services
    1. API-First Design and API Gateway
    2. AWS API Gateway
    3. Types of AWS API Gateway Endpoints
    4. Securing the API Gateway
    5. API Gateway Integration
    6. Access Control on API Gateway
    7. Infrastructure Security on API Gateway
    8. Cost Considerations While Using AWS API Gateway
    9. Bastion Host
    10. Business problem
    11. Static Asset Distribution (Content Distribution Network)
    12. AWS CloudFront
    13. Signed URLs or Cookies
    14. Lambda@Edge
    15. Protecting Against Common Attacks on Edge Networks
    16. AWS Web Application Firewall (AWS WAF)
    17. AWS Shield and AWS Shield Advanced
    18. Microservices and AWS Shield Advanced
    19. Cost Considerations for Edge Protection
    20. Summary
  8. 7. Security in Transit
    1. Basics of Transport Layer Security
    2. Digital Signing
    3. Certificates, Certificate Authority, and Identity Verification
    4. Encryption Using TLS
    5. TLS Termination and Trade-offs with Microservices
    6. TLS Offloading and Termination
    7. Cost and Complexity Considerations with Encryption in Transit
    8. Application of TLS in Microservices
    9. Security in Transit While Using Message Queues (AWS SQS)
    10. gRPC and Application Load Balancer
    11. Mutual TLS
    12. A (Very Brief) Introduction to Service Meshes: A Security Perspective
    13. Proxies and Sidecars
    14. App Mesh Components and Terminology
    15. TLS and App Mesh
    16. mTLS Revisited
    17. AWS App Mesh: Wrap-Up
    18. Serverless Microservices and Encryption in Transit
    19. AWS API Gateway and AWS Lambda
    20. Caching, API Gateway, and Encryption in Transit
    21. Field-Level Encryption
    22. Summary
  9. 8. Security Design for Organizational Complexity
    1. Organizational Structure and Microservices
    2. Conway’s Law
    3. Single Team Oriented Service Architecture (STOSA)
    4. Role-Based Access Control (RBAC)
    5. Privilege Elevation
    6. Permission Boundaries
    7. Permission Boundaries to Delegate Responsibilities
    8. AWS Accounts Structure for Large Organizations
    9. AWS Accounts and Teams
    10. AWS Organization
    11. Organizational Units and Service Control Policies
    12. Purpose-Built Accounts
    13. AWS Tools for Organizations
    14. AWS Organizations Best Practices
    15. AWS Resource Access Manager (RAM)
    16. Shared Services Using AWS RAM
    17. AWS Single Sign-On (SSO)
    18. Enforcing Multifactor Authentication (MFA) in accounts
    19. Simplifying a Complex Domain-Driven Organization Using RBAC, SSO, and AWS Organizations
    20. Summary
  10. 9. Monitoring and Incident Response
    1. NIST Incident Response Framework
    2. Step 1: Design and Preparation
    3. Step 2: Detection and Analysis
    4. Step 3: Containment and Isolation
    5. Step 4: Forensic Analysis
    6. Step 5: Eradication
    7. Step 6: Post-incident Activities
    8. Securing the Security Infrastructure
    9. Securing a CloudTrail
    10. Purpose-Built Accounts
    11. Summary
  11. A. Terraform Cloud in Five Minutes
    1. Setup
    2. Creating Your Workspace
    3. Adding AWS Access and Secret Key
    4. Terraform Process
    5. Providers
    6. State
    7. Plans
    8. Apply
    9. Writing Your Terraform Infrastructure as Code
    10. Root Module and Folder Structure
    11. Input Variables
    12. Resources
    13. Running and Applying Your Plan
  12. B. Example of a SAML Identity Provider for AWS
    1. A Hands-On Example of a Federated Identity Setup
    2. Step 1: Configure Your Identity Provider
    3. Step 2: Export Metadata to Be Imported into AWS Account
    4. Step 3: Add Your SAML Identity Provider as a Trusted Identity Provider
    5. Step 4: Create a Role That Your Federated Users Can Assume to Interact with Your AWS Account
    6. Step 5: Control Access to Multiple Roles Using Custom Attributes Within the Identity Provider
    7. Summary
  13. C. Hands-On Encryption with AWS KMS
    1. Basic Encryption Using the CMK
    2. Basic Decryption Using the CMK
    3. Envelope Encryption Using the CMK
    4. Decrypting an Envelope Encrypted Message
  14. D. A Hands-On Example of Applying the Principle of Least Privilege
    1. Step 1: Create an AWS IAM Policy for Your Task
    2. Step 2: Defining the Service, Actions, and Effect Parameters of an IAM Policy
    3. Step 3: Defining the Resource
    4. Step 4: Request Conditions
    5. Step 5: Confirm the Resulting Policy
    6. Step 6: Save the Policy
    7. Step 7: Attach the Policy to a Principal
    8. Summary
  15. Index