Security as Code: Devsecops Patterns with Aws

DevOps engineers, developers, and security engineers have ever-changing roles to play in today's cloud native world. In order to build secure and resilient applications, you have to be equipped with security knowledge. Enter security as code.

In this book, authors BK Sarthak Das and Virginia Chu demonstrate how to use this methodology to secure any application and infrastructure you want to deploy. With Security as Code, you'll learn how to create a secure containerized application with Kubernetes using CI/CD tooling from AWS and open source providers.

This practical book also provides common patterns and methods to securely develop infrastructure for resilient and highly available backups that you can restore with just minimal manual intervention.

• Learn the tools of the trade, using Kubernetes and the AWS Code Suite
• Set up infrastructure as code and run scans to detect misconfigured resources in your code
• Create secure logging patterns with CloudWatch and other tools
• Restrict system access to authorized users with role-based access control (RBAC)
• Inject faults to test the resiliency of your application with AWS Fault Injector or open source tooling
• Learn how to pull everything together into one deployment

DevOps工程師、開發人員和安全工程師在今天的雲原生世界中扮演著不斷變化的角色。為了建立安全且具彈性的應用程式，您必須具備安全知識。這就是安全即程式碼的概念。在這本書中，作者BK Sarthak Das和Virginia Chu展示了如何使用這種方法來保護您想要部署的任何應用程式和基礎架構。透過《安全即程式碼》，您將學習如何使用AWS和開源提供者的CI/CD工具，使用Kubernetes創建安全的容器化應用程式。這本實用的書還提供了常見的模式和方法，以安全地開發具有彈性和高可用性備份的基礎架構，您只需進行最少的手動干預即可還原。學習以下內容：使用Kubernetes和AWS Code Suite等工具；設置基礎架構即程式碼並運行掃描以檢測代碼中的配置錯誤；使用CloudWatch和其他工具創建安全的日誌記錄模式；使用基於角色的訪問控制（RBAC）限制系統訪問權限；使用AWS Fault Injector或開源工具注入故障以測試應用程式的彈性；學習如何將所有內容整合到一個部署中。