Security is usually an afterthought when organizations design microservices for cloud systems. Most companies today are exposed to potential security threats, but their responses are often more reactive than proactive. This leads to unnecessarily complicated systems that are hard to implement and even harder to manage and scale. Author Gaurav Raje shows you how to build highly secure systems on AWS without increasing overhead.
Ideal for cloud solution architects and software developers with AWS experience, this practical book starts with a high-level architecture and design discussion, then explains how to implement your solution in the cloud while ensuring that the development and operational experience isn't compromised. By leveraging the AWS Shared Responsibility Model, you'll be able to:
- Develop a modular architecture using microservices that aims to simplify compliance with various regulations in finance, medicine, and legal services
- Introduce various AWS-based security controls to help protect your microservices from malicious actors
- Leverage the modularity of the architecture to independently scale security mechanisms on individual microservices
- Improve the security posture without compromising the autonomy or efficiency of software development teams
- Preface
1. Introduction to Cloud Microservices
- Basics of Cloud Information Security
- Cloud Architecture and Security
- A Brief Introduction to Software Architecture
- Microservices
- Implementation of Microservices on AWS
- Overview of Cloud Microservice Implementation
- Examples of Microservice Communication Patterns
- Summary
2. Authorization and Authentication Basics
- Basics of AWS Identity and Access Management
- Advanced Concepts in AWS IAM Policies
- Role-Based Access Control
- Authentication and Identity Management
- RBAC and Microservices
- Summary
3. Foundations of Encryption
- Brief Overview of Encryption
- AWS Key Management Service
- Security and AWS KMS
- Asymmetric Encryption and KMS
- Domain-Driven Design and AWS KMS
- KMS Accounts and Topologies: Tying It All Together
- AWS Secrets Manager
- Summary
4. Security at Rest
- Data Classification Basics
- Recap of Envelope Encryption Using KMS
- AWS Simple Storage Service
- Security at Rest for Compute Services
- Microservice Database Systems
- Media Sanitization and Data Deletion
- Summary
5. Networking Security
- Networking on AWS
- Subnetting
- Virtual Private Cloud
- Cross-VPC Communication
- Firewall Equivalents on the Cloud
- Containers and Network Security
- Lambdas and Network Security
- Summary
6. Public-Facing Services
- API-First Design and API Gateway
- AWS API Gateway
- Securing the API Gateway
- Cost Considerations While Using AWS API Gateway
- Bastion Host
- Static Asset Distribution (Content Distribution Network)
- Protecting Against Common Attacks on Edge Networks
- Summary
7. Security in Transit
- Basics of Transport Layer Security
- TLS Termination and Trade-offs with Microservices
- Cost and Complexity Considerations with Encryption in Transit
- Application of TLS in Microservices
- A (Very Brief) Introduction to Service Meshes: A Security Perspective
- Serverless Microservices and Encryption in Transit
- Field-Level Encryption
- Summary
8. Security Design for Organizational Complexity
- Organizational Structure and Microservices
- AWS Accounts Structure for Large Organizations
- AWS Tools for Organizations
- Simplifying a Complex Domain-Driven Organization Using RBAC, SSO, and AWS Organizations
- Summary
- 9. Monitoring and Incident Response
- A. Terraform Cloud in Five Minutes
B. Example of a SAML Identity Provider for AWS
- A Hands-On Example of a Federated Identity Setup
- Summary
- C. Hands-On Encryption with AWS KMS
- D. A Hands-On Example of Applying the Principle of Least Privilege
- Index
- Title: Security and Microservice Architecture on AWS
- Author(s):
- Release date: September 2021
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781098101466
