Book Image

Accelerating DevSecOps on AWS

By : Nikit Swaraj
Book Image

Accelerating DevSecOps on AWS

By: Nikit Swaraj

Overview of this book

Continuous integration and continuous delivery (CI/CD) has never been simple, but these days the landscape is more bewildering than ever; its terrain riddled with blind alleys and pitfalls that seem almost designed to trap the less-experienced developer. If you’re determined enough to keep your balance on the cutting edge, this book will help you navigate the landscape with ease. This book will guide you through the most modern ways of building CI/CD pipelines with AWS, taking you step-by-step from the basics right through to the most advanced topics in this domain. The book starts by covering the basics of CI/CD with AWS. Once you’re well-versed with tools such as AWS Codestar, Proton, CodeGuru, App Mesh, SecurityHub, and CloudFormation, you’ll focus on chaos engineering, the latest trend in testing the fault tolerance of your system. Next, you’ll explore the advanced concepts of AIOps and DevSecOps, two highly sought-after skill sets for securing and optimizing your CI/CD systems. All along, you’ll cover the full range of AWS CI/CD features, gaining real-world expertise. By the end of this AWS book, you’ll have the confidence you need to create resilient, secure, and performant CI/CD pipelines using the best techniques and technologies that AWS has to offer.
Table of Contents (15 chapters)
Section 1:Basic CI/CD and Policy as Code
Section 2:Chaos Engineering and EKS Clusters
Section 3:DevSecOps and AIOps

Enabling mTLS authentication between services

In this last section, we will enable TLS encryption with mutual authentication between service endpoints in App Mesh using X.509 certificates. We will be using a separate application called colorapp and deploying it on the same EKS cluster. Before we start enabling mTLS, let's understand what mTLS is and why we need it.

You must have encountered TLS almost 100 times today. Whenever you are visiting a website with HTTPS as the protocol, it uses TLS. TLS is mostly used whenever your web server is in the public domain and a client wants to request the data from the web server. Then, the client will ask the server to identify itself, and the server provides a certificate, which is signed by a Certificate Authority (CA), and the client trusts the CA. This way, a TLS handshake takes place and the client can identify the server and create a secure HTTPS transfer.

What if the server also wants to verify the identity of the client? In...