Book Image

Effective DevOps with AWS - Second Edition

By : Yogesh Raheja, Giuseppe Borgese, Nathaniel Felsen
Book Image

Effective DevOps with AWS - Second Edition

By: Yogesh Raheja, Giuseppe Borgese, Nathaniel Felsen

Overview of this book

The DevOps movement has transformed the way modern tech companies work. Amazon Web Services (AWS), which has been at the forefront of the cloud computing revolution, has also been a key contributor to the DevOps movement, creating a huge range of managed services that help you implement DevOps principles. Effective DevOps with AWS, Second Edition will help you to understand how the most successful tech start-ups launch and scale their services on AWS, and will teach you how you can do the same. This book explains how to treat infrastructure as code, meaning you can bring resources online and offline as easily as you control your software. You will also build a continuous integration and continuous deployment pipeline to keep your app up to date. Once you have gotten to grips will all this, we'll move on to how to scale your applications to offer maximum performance to users even when traffic spikes, by using the latest technologies, such as containers. In addition to this, you'll get insights into monitoring and alerting, so you can make sure your users have the best experience when using your service. In the concluding chapters, we'll cover inbuilt AWS tools such as CodeDeploy and CloudFormation, which are used by many AWS administrators to perform DevOps. By the end of this book, you'll have learned how to ensure the security of your platform and data, using the latest and most prominent AWS tools.
Table of Contents (15 chapters)
Title Page
Packt Upsell

Chapter 8: Hardening the Security of Your AWS Environment

  1. Before starting to build your infrastructure, it is strongly recommended that you lock in your root account (that is, the account bound to your registration email). Then, create IAM users and groups with the necessary privileges, and use MFA (instead of just usernames and passwords) for root and IAM users.
  2. You should enable CloudTrail for registering IAM users and role actions, and VPC Flow Logs for monitoring and logging network traffic. 
  3. No; there is also WAF, an application firewall that works at level 7 of the TPC/IP protocol. 
  4. You have to follow some best practices to configure your application, expose the least possible surface of the app to the internet and scale up and down. There are also WAF rate rules that help to limit malicious DDoS attacks.
  5. In theory, you can, but it is convenient to split them between private and public subnets, to expose only the necessary resources to the internet. Anything else should stay private. Also, it is a best practice to spread parts of your application over multiple availability zones. This means, in practice, using multiple data centers. For these reasons, and also because one subnet can be in a single AZ, you have to use multiple subnets.