Book Image

Implementing DevOps on AWS

By : Vaselin Kantsev
Book Image

Implementing DevOps on AWS

By: Vaselin Kantsev

Overview of this book

Knowing how to adopt DevOps in your organization is becoming an increasingly important skill for developers, whether you work for a start-up, an SMB, or an enterprise. This book will help you to drastically reduce the amount of time spent on development and increase the reliability of your software deployments on AWS using popular DevOps methods of automation. To start, you will get familiar with the concept of IaC and will learn to design, deploy, and maintain AWS infrastructure. Further on, you’ll see how to design and deploy a Continuous Integration platform on AWS using either open source or AWS provided tools/services. Following on from the delivery part of the process, you will learn how to deploy a newly created, tested, and verified artefact to the AWS infrastructure without manual intervention. You will then find out what to consider in order to make the implementation of Configuration Management easier and more effective. Toward the end of the book, you will learn some tricks and tips to optimize and secure your AWS environment. By the end of the book, you will have mastered the art of implementing DevOps practices onto AWS.
Table of Contents (17 chapters)
Implementing DevOps on AWS
About the Author
About the Reviewer
Customer Feedback
Free Chapter
What is DevOps and Should You Care?
Build, Test, and Release Faster with Continuous Integration

VPC security

If you have deployed your resources in a VPC, you are already moving in the right direction. Here we are mostly going to concern ourselves with network security and the tools or features a VPC provides for enhancing it.

Security Groups

These represent our first layer of defense as stated in the AWS documentation. Security Groups (SG) get assigned to EC2 instances (generally speaking) and provide a type of stateful firewall, which supports allow rules only.

They are very flexible and an EC instance can have multiple such groups assigned to it. The rules can be based on host IP addresses, CIDRs or even on other Security Groups, for example, allow inbound HTTP:80 from group ID sg-12345.

Usually, within a VPC we would create an SG per role, such as web server, db, cache. Instances of the same component would then be assigned the respective SG, thus regulating traffic between the different components of a platform.


It is often tempting to allow traffic based on the VPC CIDR address...