Security is critical for organizations when they are planning to run, or are already running, their workload on the cloud. On the cloud, security also comes under the sharing responsibility model, where the cloud provider and cloud consumer have defined boundaries for their security responsibilities based on cloud services (IaaS, PaaS, or SaaS).
On a private cloud, one has to take complete responsibility for security, from physical components to the application itself.
In addition to security, organizations also have to meet compliance requirements if they are applicable.
Although there are different sets of security tools and services available on AWS, it's always the customers'/users' responsibility to use these tools and services effectively to ensure the security of their data and applications and to meet compliance requirements.
This book is a comprehensive learning guide to securing your cloud account's structure in AWS and the OpenStack environment. It also gives you insight on how DevOps processes can help you to automate the security processes.
This book is targeted at DevOps engineers, security professionals, and any stakeholders responsible for securing cloud workloads. Prior experience with AWS or OpenStack will be an advantage.
Chapter 1, Introduction to Cloud Security, helps you understand cloud security models for the public cloud (AWS) and OpenStack at different levels for different services.
Chapter 2, Understanding the World of Cloud Automation, introduces the basics of automation, the automation process, tools and requirements, and the benefits of cloud automation.
Chapter 3, Identity and Access Management in the Cloud, gives you an in-depth understanding of IAM and other AWS services, such as Inspector, WAF, HSM, and Certificate Manager, in order to improve security.
Chapter 4, Cloud Network Security, talks about different components, such as NACL, security groups, and VPN, that help us to ensure the security of data in transit.
Chapter 5, Cloud Storage and Data Security, gives you an in-depth understanding of how to secure storage and data accessibility using data encryption and IAM roles and policies.
Chapter 6, Cloud Platform Security, discusses how to ensure security for PaaS services, such as database and analytics services.
Chapter 7, Private Cloud Security, explains how to secure your private cloud on the compute, network, and storage and application levels.
Chapter 8, Automating Cloud Security, helps you understand automation and the role of automation in securing cloud infrastructure.
Chapter 9, Cloud Compliance, introduces you to different aspects of security compliance for the cloud and how to make a solution compliant with ISMS and PCI DSS.
Readers should have a basic understanding of AWS, OpenStack, and CentOS.
An AWS user account is required. If you don't have a user account, ensure that you have your credit card ready in order to open a free account. (While we have taken care to use the free-tier systems in AWS, make sure that you use the appropriate instance sizes and AMI IDs if you are creating an environment in a different region.)
You can download the example code files for this book from your account at www.packtpub.com. If you purchased this book elsewhere, you can visit www.packtpub.com/support and register to have the files emailed directly to you.
You can download the code files by following these steps:
- Log in or register at www.packtpub.com.
- Select the
SUPPORTtab. - Click on
Code Downloads & Errata. - Enter the name of the book in the
Searchbox and follow the onscreen instructions.
Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:
- WinRAR/7-Zip for Windows
- Zipeg/iZip/UnRarX for Mac
- 7-Zip/PeaZip for Linux
The code bundle for the book is also hosted on GitHub athttps://github.com/PacktPublishing/Cloud-Security-Automation. We also have other code bundles from our rich catalog of books and videos available athttps://github.com/PacktPublishing/. Check them out!
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://www.packtpub.com/sites/default/files/downloads/CloudSecurityAutomation_ColorImages.pdf.
There are a number of text conventions used throughout this book.
CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "We have selected the bucket called velocis-manali-trip-112017."
A block of code is set as follows:
{
"Sid": "AllowCreationOfServiceLinkedRoles",
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": "*"
}When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:
{
"Sid": "AllowCreationOfServiceLinkedRoles",
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": "*"
}Any command-line input or output is written as follows:
wget https://d1wk0tztpsntt1.cloudfront.net/linux/latest/install sudo bash install
Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "On the wizard, select Choose or create role, tag your instance, and install the AWS agent."
Feedback from our readers is always welcome.
General feedback: Email [email protected] and mention the book title in the subject of your message. If you have questions about any aspect of this book, please email us at [email protected].
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.
Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.
If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.
Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!
For more information about Packt, please visit packtpub.com.
The information within this book is intended to be used only in an ethical manner. Do not use any information from the book if you do not have written permission from the owner of the equipment. If you perform illegal actions, you are likely to be arrested and prosecuted to the full extent of the law. Packt Publishing does not take any responsibility if you misuse any of the information contained within the book. The information herein must only be used while testing environments with proper written authorizations from appropriate persons responsible.