Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Accelerating DevSecOps on AWS
  • Table Of Contents Toc
Accelerating DevSecOps on AWS

Accelerating DevSecOps on AWS

By : Nikit Swaraj
5 (11)
Buy this Book
close
close
Accelerating DevSecOps on AWS

Accelerating DevSecOps on AWS

5 (11)
By: Nikit Swaraj
Buy this Book

Overview of this book

Continuous integration and continuous delivery (CI/CD) has never been simple, but these days the landscape is more bewildering than ever; its terrain riddled with blind alleys and pitfalls that seem almost designed to trap the less-experienced developer. If you’re determined enough to keep your balance on the cutting edge, this book will help you navigate the landscape with ease. This book will guide you through the most modern ways of building CI/CD pipelines with AWS, taking you step-by-step from the basics right through to the most advanced topics in this domain. The book starts by covering the basics of CI/CD with AWS. Once you’re well-versed with tools such as AWS Codestar, Proton, CodeGuru, App Mesh, SecurityHub, and CloudFormation, you’ll focus on chaos engineering, the latest trend in testing the fault tolerance of your system. Next, you’ll explore the advanced concepts of AIOps and DevSecOps, two highly sought-after skill sets for securing and optimizing your CI/CD systems. All along, you’ll cover the full range of AWS CI/CD features, gaining real-world expertise. By the end of this AWS book, you’ll have the confidence you need to create resilient, secure, and performant CI/CD pipelines using the best techniques and technologies that AWS has to offer.
Table of Contents (15 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the example code files
Icon
Conventions used
Icon
Get in touch
Icon
Share Your Thoughts
1
Section 1:Basic CI/CD and Policy as Code
Icon
Section 1:Basic CI/CD and Policy as Code
Lock Free Chapter
2
Chapter 1: CI/CD Using AWS CodeStar
Icon
Chapter 1: CI/CD Using AWS CodeStar
Icon
Technical requirements
Icon
Introduction to CI/CD, along with a branching strategy
Icon
Creating a project in AWS CodeStar
Icon
Creating feature and development branches, as well as an environment
Icon
Validating PRs/MRs into the develop branch from the feature branch via CodeBuild and AWS Lambda
Icon
Adding a production stage and environment
Icon
Summary
3
Chapter 2: Enforcing Policy as Code on CloudFormation and Terraform
Icon
Chapter 2: Enforcing Policy as Code on CloudFormation and Terraform
Icon
Technical requirements
Icon
Implementing policy and governance as code on infrastructure code
Icon
Using CloudFormation Guard to enforce compliance rules on CloudFormation templates
Icon
Using AWS Service Catalog across teams with access controls and constraints
Icon
Integrating Terraform Cloud with GitHub
Icon
Running a Terraform template in Terraform Cloud
Icon
Writing Sentinel policies to enforce rules on Terraform templates
Icon
Summary
4
Chapter 3: CI/CD Using AWS Proton and an Introduction to AWS CodeGuru
Icon
Chapter 3: CI/CD Using AWS Proton and an Introduction to AWS CodeGuru
Icon
Technical requirements
Icon
Introduction to the AWS Proton service
Icon
Creating the environment template bundle
Icon
Creating the service template bundle
Icon
Deploying the containerized application by creating a service instance in Proton
Icon
Introduction to Amazon CodeGuru
Icon
Integrating CodeGuru with AWS CodeCommit and analyzing the pull request report
Icon
Summary
5
Section 2:Chaos Engineering and EKS Clusters
Icon
Section 2:Chaos Engineering and EKS Clusters
6
Chapter 4: Working with AWS EKS and App Mesh
Icon
Chapter 4: Working with AWS EKS and App Mesh
Icon
Technical requirements
Icon
Deep diving into AWS EKS
Icon
Deploying an EKS cluster
Icon
Introducing AWS App Mesh
Icon
Implementing traffic management
Icon
Getting observability using X-Ray
Icon
Enabling mTLS authentication between services
Icon
Summary
7
Chapter 5: Securing Private EKS Cluster for Production
Icon
Chapter 5: Securing Private EKS Cluster for Production
Icon
Technical requirements
Icon
Planning your fully private EKS cluster
Icon
Creating your EKS cluster
Icon
Deploying add-ons
Icon
Enabling the App Mesh sidecar injector
Icon
Kubernetes hardening guidance using Kubescape
Icon
Policy and governance using OPA Gatekeeper
Icon
Deploying a stateful application using Helm
Icon
Backup and restore using Velero
Icon
Summary
8
Chapter 6: Chaos Engineering with AWS Fault Injection Simulator
Icon
Chapter 6: Chaos Engineering with AWS Fault Injection Simulator
Icon
Technical requirements
Icon
The concept of, and need for, chaos engineering
Icon
Chaos engineering in CI/CD
Icon
Experimenting with AWS FIS on multiple EC2 instances with a terminate action
Icon
Experimenting with AWS FIS on EC2 instances with a CPU stress action
Icon
Experimenting with AWS FIS on RDS with a reboot and failover action
Icon
Experimenting with AWS FIS on an EKS cluster worker node
Icon
Summary
9
Section 3:DevSecOps and AIOps
Icon
Section 3:DevSecOps and AIOps
10
Chapter 7: Infrastructure Security Automation Using Security Hub and Systems Manager
Icon
Chapter 7: Infrastructure Security Automation Using Security Hub and Systems Manager
Icon
Technical requirements
Icon
Introduction to AWS Security Hub
Icon
Deny execution of non-compliant images on EKS using AWS Security Hub and ECR
Icon
Importing an AWS Config rules evaluation as a finding in Security Hub
Icon
Integrating AWS Systems Manager with Security Hub to detect issues, create an incident, and remediate automatically
Icon
Summary
11
Chapter 8: DevSecOps Using AWS Native Services
Icon
Chapter 8: DevSecOps Using AWS Native Services
Icon
Technical requirements
Icon
Strategy and planning for a CI/CD pipeline
Icon
Creating a CodeCommit repository for microservices
Icon
Creating PR CodeBuild stages with CodeGuru Reviewer
Icon
Creating a development CodePipeline project with image scanning and an EKS cluster
Icon
Creating a staging CodePipeline project with mesh deployment and chaos testing with AWS FIS
Icon
Creating a production CodePipeline project with canary deployment and its analysis using Grafana
Icon
Summary
12
Chapter 9: DevSecOps Pipeline with AWS Services and Tools Popular Industry-Wide
chevron up
Icon
Chapter 9: DevSecOps Pipeline with AWS Services and Tools Popular Industry-Wide
Icon
Technical requirements
Icon
DevSecOps in CI/CD and some terminology
Icon
Introduction to and concepts of some security tools
Icon
Planning for a DevSecOps pipeline
Icon
Using a security advisory plugin and a pre-commit hook
Icon
Prerequisites for a DevSecOps pipeline
Icon
Installation of DAST and RASP tools
Icon
Integration with DevOps Guru
Icon
Creating a CI/CD pipeline using CloudFormation
Icon
Testing and validating SAST, DAST, Chaos Simulation, Deployment, and RASP
Icon
Summary
13
Chapter 10: AIOps with Amazon DevOps Guru and Systems Manager OpsCenter
Icon
Chapter 10: AIOps with Amazon DevOps Guru and Systems Manager OpsCenter
Icon
Technical requirements
Icon
AIOps and how it helps in IT operations
Icon
AIOps using Amazon DevOps Guru
Icon
Enabling DevOps Guru on EKS cluster resources
Icon
Injecting a failure and then reviewing the insights
Icon
Deploying a serverless application and enabling DevOps Guru
Icon
Integrating DevOps Guru with Systems Manager OpsCenter
Icon
Injecting a failure and then reviewing the insights
Icon
Summary
Icon
Why subscribe?
14
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts

Installation of DAST and RASP tools

In this section, we will install OWASP ZAP in an EC2 instance, which will be used by the DevSecOps pipeline to scan the application once the new service is deployed in an eks-staging cluster. After the OWASP ZAP installation, we will install Falco in the EKS cluster.

Installing OWASP ZAP

We will be installing OWASP ZAP using the CloudFormation template. Perform the following tasks to configure OWASP ZAP to be used by CodePipeline:

  1. Make sure you have the chapter-09/owasp-zap.yaml file in your local machine.
  2. Go to the CloudFormation home page, click on Create stack, then select With new resource. In the Specify template section, select Upload a template file. Click on Choose file and select the owasp-zap.yaml file, and then click on Next.

Figure 9.15 – Uploading a CloudFormation template

  1. Enter the stack name as owasp-zap. Modify the instance type. It is recommended to choose t2.medium or above...
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Accelerating DevSecOps on AWS
End of Section 12
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon