Home Page Icon
Home Page
Table of Contents for
Accelerating DevSecOps on AWS
Close
Accelerating DevSecOps on AWS
by Nikit Swaraj
Accelerating DevSecOps on AWS
Accelerating DevSecOps on AWS
Contributors
About the author
About the reviewer
Preface
Section 1:Basic CI/CD and Policy as Code
Chapter 1: CI/CD Using AWS CodeStar
Chapter 2: Enforcing Policy as Code on CloudFormation and Terraform
Chapter 3: CI/CD Using AWS Proton and an Introduction to AWS CodeGuru
Section 2:Chaos Engineering and EKS Clusters
Chapter 4: Working with AWS EKS and App Mesh
Chapter 5: Securing Private EKS Cluster for Production
Chapter 6: Chaos Engineering with AWS Fault Injection Simulator
Section 3:DevSecOps and AIOps
Chapter 7: Infrastructure Security Automation Using Security Hub and Systems Manager
Chapter 8: DevSecOps Using AWS Native Services
Chapter 9: DevSecOps Pipeline with AWS Services and Tools Popular Industry-Wide
Chapter 10: AIOps with Amazon DevOps Guru and Systems Manager OpsCenter
Other Books You May Enjoy
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Accelerating DevSecOps on AWS
Next
Next Chapter
Preface
Table of Contents
Preface
Section 1:Basic CI/CD and Policy as Code
Chapter 1
: CI/CD Using AWS CodeStar
Technical requirements
Introduction to CI/CD, along with a branching strategy
CI
CD
Branching strategy (Gitflow)
Creating a project in AWS CodeStar
Introduction to AWS CodeStar
Getting ready
Creating feature and development branches, as well as an environment
Creating feature and develop branches
Creating a development environment and pipeline
Validating PRs/MRs into the develop branch from the feature branch via CodeBuild and AWS Lambda
Adding a production stage and environment
Modifying the pipeline
Summary
Chapter 2
: Enforcing Policy as Code on CloudFormation and Terraform
Technical requirements
Implementing policy and governance as code on infrastructure code
Policy as code
Why use policy as code?
Policy as code in CI/CD
Using CloudFormation Guard to enforce compliance rules on CloudFormation templates
CloudFormation Guard
Installation
Template validation
Writing CloudFormation Guard rules
Using AWS Service Catalog across teams with access controls and constraints
AWS Service Catalog
Integrating Terraform Cloud with GitHub
Terraform Cloud
VCS-driven workflow (GitHub)
Running a Terraform template in Terraform Cloud
Writing Sentinel policies to enforce rules on Terraform templates
HashiCorp Sentinel
Summary
Chapter 3
: CI/CD Using AWS Proton and an Introduction to AWS CodeGuru
Technical requirements
Introduction to the AWS Proton service
What is AWS Proton?
Creating the environment template bundle
Writing an environment template
Creating the service template bundle
Writing the service template
Deploying the containerized application by creating a service instance in Proton
Creating a source connection (GitHub)
Deploying the application by creating a service instance
Introduction to Amazon CodeGuru
Integrating CodeGuru with AWS CodeCommit and analyzing the pull request report
Summary
Section 2:Chaos Engineering and EKS Clusters
Chapter 4
: Working with AWS EKS and App Mesh
Technical requirements
Deep diving into AWS EKS
Kubernetes components
Deploying an EKS cluster
Introducing AWS App Mesh
Are microservices any good?
AWS App Mesh
Deploying an application (Product Catalog) on EKS
Implementing traffic management
Installing the App Mesh controller
Getting observability using X-Ray
Enabling mTLS authentication between services
Summary
Chapter 5
: Securing Private EKS Cluster for Production
Technical requirements
Planning your fully private EKS cluster
Creating your EKS cluster
VPC, subnet, and endpoint creation
Bastion server
Creating a cluster
Verifying the cluster access
Deploying add-ons
Creating copies of container images in ECR
IAM roles for service accounts
Cluster Autoscaler
The Amazon EBS CSI driver
Enabling the App Mesh sidecar injector
Kubernetes hardening guidance using Kubescape
Policy and governance using OPA Gatekeeper
Deploying a stateful application using Helm
Backup and restore using Velero
How does Velero work?
Summary
Chapter 6
: Chaos Engineering with AWS Fault Injection Simulator
Technical requirements
The concept of, and need for, chaos engineering
Principles of chaos engineering
AWS FIS
Chaos engineering in CI/CD
Experimenting with AWS FIS on multiple EC2 instances with a terminate action
Experimenting with AWS FIS on EC2 instances with a CPU stress action
Experimenting with AWS FIS on RDS with a reboot and failover action
Experimenting with AWS FIS on an EKS cluster worker node
Summary
Section 3:DevSecOps and AIOps
Chapter 7
: Infrastructure Security Automation Using Security Hub and Systems Manager
Technical requirements
Introduction to AWS Security Hub
Deny execution of non-compliant images on EKS using AWS Security Hub and ECR
Importing an AWS Config rules evaluation as a finding in Security Hub
Integrating AWS Systems Manager with Security Hub to detect issues, create an incident, and remediate automatically
Summary
Chapter 8
: DevSecOps Using AWS Native Services
Technical requirements
Strategy and planning for a CI/CD pipeline
Monorepos versus polyrepos
Feature branch
Develop branch
Staging branch
Master branch
Creating a CodeCommit repository for microservices
Creating PR CodeBuild stages with CodeGuru Reviewer
Creating a development CodePipeline project with image scanning and an EKS cluster
Creating a staging CodePipeline project with mesh deployment and chaos testing with AWS FIS
Creating a production CodePipeline project with canary deployment and its analysis using Grafana
Canary deployment using Flagger
Updating a new version of the service
Summary
Chapter 9
: DevSecOps Pipeline with AWS Services and Tools Popular Industry-Wide
Technical requirements
DevSecOps in CI/CD and some terminology
Why DevSecOps?
Introduction to and concepts of some security tools
Snyk – Security advisory for source code vulnerabilities in real time
Talisman – Pre-commit secrets check
Anchore inline scanning and ECR scanning – SCA and SAST
Open Web Application Security Project-Zed Attack Proxy (OWASP ZAP) – DAST
Falco – RASP
Planning for a DevSecOps pipeline
Using a security advisory plugin and a pre-commit hook
Prerequisites for a DevSecOps pipeline
Installation of DAST and RASP tools
Installing OWASP ZAP
Installing Falco
Integration with DevOps Guru
Creating a CI/CD pipeline using CloudFormation
Testing and validating SAST, DAST, Chaos Simulation, Deployment, and RASP
Summary
Chapter 10
: AIOps with Amazon DevOps Guru and Systems Manager OpsCenter
Technical requirements
AIOps and how it helps in IT operations
AIOps using Amazon DevOps Guru
Enabling DevOps Guru on EKS cluster resources
Injecting a failure and then reviewing the insights
Deploying a serverless application and enabling DevOps Guru
Integrating DevOps Guru with Systems Manager OpsCenter
Injecting a failure and then reviewing the insights
Summary
Other Books You May Enjoy
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset