Accelerating DevSecOps on AWS: Create secure CI/CD pipelines using Chaos and AIOps
- Length: 520 pages
- Edition: 1
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2022-04-28
- ISBN-10: 1803248602
- ISBN-13: 9781803248608
- Sales Rank: #0 (See Top 100 Books)
Build high-performance CI/CD pipelines that are powered by AWS and the most cutting-edge tools and techniques
Key Features
- Master the full AWS developer toolchain for building high-performance, resilient, and powerful CI/CD pipelines
- Get to grips with Chaos engineering, DevSecOps, and AIOps as applied to CI/CD
- Employ the latest tools and techniques to build a CI/CD pipeline for application and infrastructure
Book Description
Continuous integration and continuous delivery (CI/CD) has never been simple, but these days the landscape is more bewildering than ever; its terrain riddled with blind alleys and pitfalls that seem almost designed to trap the less-experienced developer. If you’re determined enough to keep your balance on the cutting edge, this book will help you navigate the landscape with ease.
This book will guide you through the most modern ways of building CI/CD pipelines with AWS, taking you step-by-step from the basics right through to the most advanced topics in this domain.
The book starts by covering the basics of CI/CD with AWS. Once you’re well-versed with tools such as AWS Codestar, Proton, CodeGuru, App Mesh, SecurityHub, and CloudFormation, you’ll focus on chaos engineering, the latest trend in testing the fault tolerance of your system. Next, you’ll explore the advanced concepts of AIOps and DevSecOps, two highly sought-after skill sets for securing and optimizing your CI/CD systems. All along, you’ll cover the full range of AWS CI/CD features, gaining real-world expertise.
By the end of this AWS book, you’ll have the confidence you need to create resilient, secure, and performant CI/CD pipelines using the best techniques and technologies that AWS has to offer.
What you will learn
- Use AWS Codestar to design and implement a full branching strategy
- Enforce Policy as Code using CloudFormation Guard and HashiCorp Sentinel
- Master app and infrastructure deployment at scale using AWS Proton and review app code using CodeGuru
- Deploy and manage production-grade clusters using AWS EKS, App Mesh, and X-Ray
- Harness AWS Fault Injection Simulator to test the resiliency of your app
- Wield the full arsenal of AWS Security Hub and Systems Manager for infrastructure security automation
- Enhance CI/CD pipelines with the AI-powered DevOps Guru service
Who this book is for
This book is for DevOps engineers, engineering managers, cloud developers, and cloud architects. Basic experience with the software development life cycle, DevOps, and AWS is all you need to get started.
Accelerating DevSecOps on AWS Contributors About the author About the reviewer Preface Who this book is for What this book covers To get the most out of this book Download the example code files Conventions used Get in touch Share Your Thoughts Section 1:Basic CI/CD and Policy as Code Chapter 1: CI/CD Using AWS CodeStar Technical requirements Introduction to CI/CD, along with a branching strategy CI CD Branching strategy (Gitflow) Creating a project in AWS CodeStar Introduction to AWS CodeStar Getting ready Creating feature and development branches, as well as an environment Creating feature and develop branches Creating a development environment and pipeline Validating PRs/MRs into the develop branch from the feature branch via CodeBuild and AWS Lambda Adding a production stage and environment Modifying the pipeline Summary Chapter 2: Enforcing Policy as Code on CloudFormation and Terraform Technical requirements Implementing policy and governance as code on infrastructure code Policy as code Why use policy as code? Policy as code in CI/CD Using CloudFormation Guard to enforce compliance rules on CloudFormation templates CloudFormation Guard Installation Template validation Writing CloudFormation Guard rules Using AWS Service Catalog across teams with access controls and constraints AWS Service Catalog Integrating Terraform Cloud with GitHub Terraform Cloud VCS-driven workflow (GitHub) Running a Terraform template in Terraform Cloud Writing Sentinel policies to enforce rules on Terraform templates HashiCorp Sentinel Summary Chapter 3: CI/CD Using AWS Proton and an Introduction to AWS CodeGuru Technical requirements Introduction to the AWS Proton service What is AWS Proton? Creating the environment template bundle Writing an environment template Creating the service template bundle Writing the service template Deploying the containerized application by creating a service instance in Proton Creating a source connection (GitHub) Deploying the application by creating a service instance Introduction to Amazon CodeGuru Integrating CodeGuru with AWS CodeCommit and analyzing the pull request report Summary Section 2:Chaos Engineering and EKS Clusters Chapter 4: Working with AWS EKS and App Mesh Technical requirements Deep diving into AWS EKS Kubernetes components Deploying an EKS cluster Introducing AWS App Mesh Are microservices any good? AWS App Mesh Deploying an application (Product Catalog) on EKS Implementing traffic management Installing the App Mesh controller Getting observability using X-Ray Enabling mTLS authentication between services Summary Chapter 5: Securing Private EKS Cluster for Production Technical requirements Planning your fully private EKS cluster Creating your EKS cluster VPC, subnet, and endpoint creation Bastion server Creating a cluster Verifying the cluster access Deploying add-ons Creating copies of container images in ECR IAM roles for service accounts Cluster Autoscaler The Amazon EBS CSI driver Enabling the App Mesh sidecar injector Kubernetes hardening guidance using Kubescape Policy and governance using OPA Gatekeeper Deploying a stateful application using Helm Backup and restore using Velero How does Velero work? Summary Chapter 6: Chaos Engineering with AWS Fault Injection Simulator Technical requirements The concept of, and need for, chaos engineering Principles of chaos engineering AWS FIS Chaos engineering in CI/CD Experimenting with AWS FIS on multiple EC2 instances with a terminate action Experimenting with AWS FIS on EC2 instances with a CPU stress action Experimenting with AWS FIS on RDS with a reboot and failover action Experimenting with AWS FIS on an EKS cluster worker node Summary Section 3:DevSecOps and AIOps Chapter 7: Infrastructure Security Automation Using Security Hub and Systems Manager Technical requirements Introduction to AWS Security Hub Deny execution of non-compliant images on EKS using AWS Security Hub and ECR Importing an AWS Config rules evaluation as a finding in Security Hub Integrating AWS Systems Manager with Security Hub to detect issues, create an incident, and remediate automatically Summary Chapter 8: DevSecOps Using AWS Native Services Technical requirements Strategy and planning for a CI/CD pipeline Monorepos versus polyrepos Feature branch Develop branch Staging branch Master branch Creating a CodeCommit repository for microservices Creating PR CodeBuild stages with CodeGuru Reviewer Creating a development CodePipeline project with image scanning and an EKS cluster Creating a staging CodePipeline project with mesh deployment and chaos testing with AWS FIS Creating a production CodePipeline project with canary deployment and its analysis using Grafana Canary deployment using Flagger Updating a new version of the service Summary Chapter 9: DevSecOps Pipeline with AWS Services and Tools Popular Industry-Wide Technical requirements DevSecOps in CI/CD and some terminology Why DevSecOps? Introduction to and concepts of some security tools Snyk – Security advisory for source code vulnerabilities in real time Talisman – Pre-commit secrets check Anchore inline scanning and ECR scanning – SCA and SAST Open Web Application Security Project-Zed Attack Proxy (OWASP ZAP) – DAST Falco – RASP Planning for a DevSecOps pipeline Using a security advisory plugin and a pre-commit hook Prerequisites for a DevSecOps pipeline Installation of DAST and RASP tools Installing OWASP ZAP Installing Falco Integration with DevOps Guru Creating a CI/CD pipeline using CloudFormation Testing and validating SAST, DAST, Chaos Simulation, Deployment, and RASP Summary Chapter 10: AIOps with Amazon DevOps Guru and Systems Manager OpsCenter Technical requirements AIOps and how it helps in IT operations AIOps using Amazon DevOps Guru Enabling DevOps Guru on EKS cluster resources Injecting a failure and then reviewing the insights Deploying a serverless application and enabling DevOps Guru Integrating DevOps Guru with Systems Manager OpsCenter Injecting a failure and then reviewing the insights Summary Why subscribe? Other Books You May Enjoy Packt is searching for authors like you Share Your Thoughts
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Accelerating DevSecOps on AWS: Create secure CI/CD pipelines using Chaos and AIOps
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.