DevOps engineers, developers, and security engineers have ever-changing roles to play in today's cloud native world. In order to build secure and resilient applications, you have to be equipped with security knowledge. Enter security as code.
In this book, authors BK Sarthak Das and Virginia Chu demonstrate how to use this methodology to secure any application and infrastructure you want to deploy. With Security as Code, you'll learn how to create a secure containerized application with Kubernetes using CI/CD tooling from AWS and open source providers.
This practical book also provides common patterns and methods to securely develop infrastructure for resilient and highly available backups that you can restore with just minimal manual intervention.
- Learn the tools of the trade, using Kubernetes and the AWS Code Suite
- Set up infrastructure as code and run scans to detect misconfigured resources in your code
- Create secure logging patterns with CloudWatch and other tools
- Restrict system access to authorized users with role-based access control (RBAC)
- Inject faults to test the resiliency of your application with AWS Fault Injector or open source tooling
- Learn how to pull everything together into one deployment
Table of contents
- 1. Introduction to DevSecOps
- 2. Setting Up Your Environment
- 3. Securing Your Infrastructure
4. Logging and Monitoring
- What Are Logging and Monitoring—and Why Do They Matter?
- Attack Styles
- Log Types
- Log Storage
- Detecting Anomalies
- Remediation with AWS Config
- Correlating User Activity with CloudTrail
- Network Monitoring with an Amazon VPC
- 5. Controlling Access Through Automation
6. Fault Injection Test
- Distributed Systems
- Methods for Minimizing Downtime
- Chaos Engineering
- Chaos Engineering in AWS Environments
- Chaos Engineering at Automatoonz
- AWS Fault Injection Simulator Experiment Examples
7. People and Processes
- People: Team Structures and Roles
- Processes: Practices and Communication
- What Next?
- About the Authors
- Title: Security as Code
- Release date: January 2023
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781098127466
You might also like
Fundamentals of Data Engineering
Data engineering has grown rapidly in the past decade, leaving many software engineers, data scientists, and …
Kubernetes in Action
Kubernetes in Action teaches you to use Kubernetes to deploy container-based distributed applications. You'll start with …
Designing Data-Intensive Applications
Data is at the center of many challenges in system design today. Difficult issues need to …
HBR Guide to Critical Thinking
Tackle complex situations with critical thinking. You're facing a problem at work. There are many ways …