Book Image

Accelerating DevSecOps on AWS

By : Nikit Swaraj
Book Image

Accelerating DevSecOps on AWS

By: Nikit Swaraj

Overview of this book

Continuous integration and continuous delivery (CI/CD) has never been simple, but these days the landscape is more bewildering than ever; its terrain riddled with blind alleys and pitfalls that seem almost designed to trap the less-experienced developer. If you’re determined enough to keep your balance on the cutting edge, this book will help you navigate the landscape with ease. This book will guide you through the most modern ways of building CI/CD pipelines with AWS, taking you step-by-step from the basics right through to the most advanced topics in this domain. The book starts by covering the basics of CI/CD with AWS. Once you’re well-versed with tools such as AWS Codestar, Proton, CodeGuru, App Mesh, SecurityHub, and CloudFormation, you’ll focus on chaos engineering, the latest trend in testing the fault tolerance of your system. Next, you’ll explore the advanced concepts of AIOps and DevSecOps, two highly sought-after skill sets for securing and optimizing your CI/CD systems. All along, you’ll cover the full range of AWS CI/CD features, gaining real-world expertise. By the end of this AWS book, you’ll have the confidence you need to create resilient, secure, and performant CI/CD pipelines using the best techniques and technologies that AWS has to offer.
Table of Contents (15 chapters)
1
Section 1:Basic CI/CD and Policy as Code
5
Section 2:Chaos Engineering and EKS Clusters
9
Section 3:DevSecOps and AIOps

Chapter 7: Infrastructure Security Automation Using Security Hub and Systems Manager

In this chapter, we will explore AWS Security Hub, which is one of the security services of AWS. We will learn how to implement solutions with the integration of Security Hub and various other AWS services to achieve security automation. We will implement three solutions. The first will be related to Elastic Container Registry (ECR) compliance and how we can ensure that a non-compliant image does not run in an Elastic Container Service for Kubernetes (EKS) cluster. The second solution will be importing an AWS Config rules evaluation as a finding in Security Hub using Lambda and AWS EventBridge rule. The third solution will be about the auto-creation of an incident in Incident Manager when there is a critical finding in Security Hub, and remediation using an OpsCenter runbook. Knowing how to use Security Hub will also help in the next chapter, where we will import Static Application Security Testing...