Book Image

Cloud Security Automation

By : Prashant Priyam
Book Image

Cloud Security Automation

By: Prashant Priyam

Overview of this book

Security issues are still a major concern for all IT organizations. For many enterprises, the move to cloud computing has raised concerns for security, but when applications are architected with focus on security, cloud platforms can be made just as secure as on-premises platforms. Cloud instances can be kept secure by employing security automation that helps make your data meet your organization's security policy. This book starts with the basics of why cloud security is important and how automation can be the most effective way of controlling cloud security. You will then delve deeper into the AWS cloud environment and its security services by dealing with security functions such as Identity and Access Management and will also learn how these services can be automated. Moving forward, you will come across aspects such as cloud storage and data security, automating cloud deployments, and so on. Then, you'll work with OpenStack security modules and learn how private cloud security functions can be automated for better time- and cost-effectiveness. Toward the end of the book, you will gain an understanding of the security compliance requirements for your Cloud. By the end of this book, you will have hands-on experience of automating your cloud security and governance.
Table of Contents (15 chapters)
Title Page
Packt Upsell


Security is critical for organizations when they are planning to run, or are already running, their workload on the cloud. On the cloud, security also comes under the sharing responsibility model, where the cloud provider and cloud consumer have defined boundaries for their security responsibilities based on cloud services (IaaS, PaaS, or SaaS).

On a private cloud, one has to take complete responsibility for security, from physical components to the application itself.

In addition to security, organizations also have to meet compliance requirements if they are applicable.

Although there are different sets of security tools and services available on AWS, it's always the customers'/users' responsibility to use these tools and services effectively to ensure the security of their data and applications and to meet compliance requirements.

This book is a comprehensive learning guide to securing your cloud account's structure in AWS and the OpenStack environment. It also gives you insight on how DevOps processes can help you to automate the security processes.

Who this book is for

This book is targeted at DevOps engineers, security professionals, and any stakeholders responsible for securing cloud workloads. Prior experience with AWS or OpenStack will be an advantage.

What this book covers

Chapter 1, Introduction to Cloud Security, helps you understand cloud security models for the public cloud (AWS) and OpenStack at different levels for different services.

Chapter 2, Understanding the World of Cloud Automation, introduces the basics of automation, the automation process, tools and requirements, and the benefits of cloud automation.

Chapter 3, Identity and Access Management in the Cloud, gives you an in-depth understanding of IAM and other AWS services, such as Inspector, WAF, HSM, and Certificate Manager, in order to improve security.

Chapter 4, Cloud Network Security, talks about different components, such as NACL, security groups, and VPN, that help us to ensure the security of data in transit.

Chapter 5, Cloud Storage and Data Security, gives you an in-depth understanding of how to secure storage and data accessibility using data encryption and IAM roles and policies.

Chapter 6, Cloud Platform Security, discusses how to ensure security for PaaS services, such as database and analytics services.

Chapter 7, Private Cloud Security, explains how to secure your private cloud on the compute, network, and storage and application levels.

Chapter 8, Automating Cloud Security, helps you understand automation and the role of automation in securing cloud infrastructure.

Chapter 9, Cloud Compliance, introduces you to different aspects of security compliance for the cloud and how to make a solution compliant with ISMS and PCI DSS.

To get the most out of this book

Readers should have a basic understanding of AWS, OpenStack, and CentOS.

An AWS user account is required. If you don't have a user account, ensure that you have your credit card ready in order to open a free account. (While we have taken care to use the free-tier systems in AWS, make sure that you use the appropriate instance sizes and AMI IDs if you are creating an environment in a different region.)

Download the example code files

You can download the example code files for this book from your account at If you purchased this book elsewhere, you can visit and register to have the files emailed directly to you.

You can download the code files by following these steps:

  1. Log in or register at
  2. Select the SUPPORT tab.
  3. Click on Code Downloads & Errata.
  4. Enter the name of the book in the Search box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

  • WinRAR/7-Zip for Windows
  • Zipeg/iZip/UnRarX for Mac
  • 7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub at We also have other code bundles from our rich catalog of books and videos available at Check them out!

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here:

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "We have selected the bucket called velocis-manali-trip-112017."

A block of code is set as follows:

    "Sid": "AllowCreationOfServiceLinkedRoles",
    "Effect": "Allow",
    "Action": [
    "Resource": "*"

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

    "Sid": "AllowCreationOfServiceLinkedRoles",
    "Effect": "Allow",
    "Action": [
    "Resource": "*"

Any command-line input or output is written as follows:

sudo bash install

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "On the wizard, select Choose or create role, tag your instance, and install the AWS agent."


Warnings or important notes appear like this.


Tips and tricks appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: Email [email protected] and mention the book title in the subject of your message. If you have questions about any aspect of this book, please email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit


Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit


The information within this book is intended to be used only in an ethical manner. Do not use any information from the book if you do not have written permission from the owner of the equipment. If you perform illegal actions, you are likely to be arrested and prosecuted to the full extent of the law. Packt Publishing does not take any responsibility if you misuse any of the information contained within the book. The information herein must only be used while testing environments with proper written authorizations from appropriate persons responsible.