Accelerating DevSecOps on AWS
eBook - ePub

Accelerating DevSecOps on AWS

  1. 520 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Accelerating DevSecOps on AWS

About this book

Build high-performance CI/CD pipelines that are powered by AWS and the most cutting-edge tools and techniquesKey Featuresā€¢ Master the full AWS developer toolchain for building high-performance, resilient, and powerful CI/CD pipelinesā€¢ Get to grips with Chaos engineering, DevSecOps, and AIOps as applied to CI/CDā€¢ Employ the latest tools and techniques to build a CI/CD pipeline for application and infrastructureBook DescriptionContinuous integration and continuous delivery (CI/CD) has never been simple, but these days the landscape is more bewildering than ever; its terrain riddled with blind alleys and pitfalls that seem almost designed to trap the less-experienced developer. If you're determined enough to keep your balance on the cutting edge, this book will help you navigate the landscape with ease.This book will guide you through the most modern ways of building CI/CD pipelines with AWS, taking you step-by-step from the basics right through to the most advanced topics in this domain.The book starts by covering the basics of CI/CD with AWS. Once you're well-versed with tools such as AWS Codestar, Proton, CodeGuru, App Mesh, SecurityHub, and CloudFormation, you'll focus on chaos engineering, the latest trend in testing the fault tolerance of your system. Next, you'll explore the advanced concepts of AIOps and DevSecOps, two highly sought-after skill sets for securing and optimizing your CI/CD systems. All along, you'll cover the full range of AWS CI/CD features, gaining real-world expertise.By the end of this AWS book, you'll have the confidence you need to create resilient, secure, and performant CI/CD pipelines using the best techniques and technologies that AWS has to offer.What you will learnā€¢ Use AWS Codestar to design and implement a full branching strategyā€¢ Enforce Policy as Code using CloudFormation Guard and HashiCorp Sentinelā€¢ Master app and infrastructure deployment at scale using AWS Proton and review app code using CodeGuruā€¢ Deploy and manage production-grade clusters using AWS EKS, App Mesh, and X-Rayā€¢ Harness AWS Fault Injection Simulator to test the resiliency of your appā€¢ Wield the full arsenal of AWS Security Hub and Systems Manager for infrastructure security automationā€¢ Enhance CI/CD pipelines with the AI-powered DevOps Guru serviceWho this book is forThis book is for DevOps engineers, engineering managers, cloud developers, and cloud architects. Basic experience with the software development life cycle, DevOps, and AWS is all you need to get started.

Tools to learn more effectively

Saving Books

Saving Books

Keyword Search

Keyword Search

Annotating Text

Annotating Text

Listen to it instead

Listen to it instead

Section 1:Basic CI/CD and Policy as Code

This part includes chapters that cover how to create a CI/CD pipeline using AWS CodeStar with a branching strategy and adding multiple stages and environments. It covers how to leverage the AWS Proton service to create a CI/CD pipeline for applications and infrastructure at scale. It also covers how to avoid any secrets and vulnerabilities in code by integrating AWS CodeGuru Reviewer with CodeCommit. After that, it covers how to enforce policy on infrastructure code using CloudFormation Guard and HashiCorp Sentinel.
This section contains the following chapters:
  • Chapter 1, CI/CD Using AWS CodeStar
  • Chapter 2, Enforcing Policy as Code on CloudFormation and Terraform
  • Chapter 3, CI/CD Using AWS Proton and an Introduction to AWS CodeGuru

Chapter 1: CI/CD Using AWS CodeStar

This chapter will first introduce you to the basic concepts of Continuous Integration/Continuous Deployment (or Continuous Delivery) (CI/CD) and a branching strategy. Then, we will implement basic CI/CD for a sample Node.js application using Amazon Web Services (AWS) CodeStar, which will deploy the application in Elastic Beanstalk. We will begin by creating a CodeStar project, then we will enhance it by adding develop and feature branches in a CodeCommit repository. We will also add a manual approval process as well as a production stage in CodePipeline. We will also spin up the production environment (modifying a CloudFormation template) so that the production stage of the pipeline can deploy the application. After that, we will create two lambda functions that will validate the Pull Request (PR) raised from the feature branch to develop branch, by getting the status of the CodeBuild project. Doing this entire activity will give you an overall idea of AWS Developer Tools (CodeCommit, CodeBuild, and CodePipeline) and how to implement a cloud-native CI/CD pipeline.
In this chapter, we are going to cover the following main topics:
  • Introduction to CI/CD, along with a branching strategy
  • Creating a project in AWS CodeStar
  • Creating feature and development branches, as well as an environment
  • Validating PRs/Merge Requests (MRs) into the develop branch from the feature branch via CodeBuild and AWS Lambda
  • Adding a production stage and environment

Technical requirements

To get started, you will need an AWS account and the source code of this repository, which can be found at https://github.com/PacktPublishing/Accelerating-DevSecOps-on-AWS/tree/main/chapter-01.

Introduction to CI/CD, along with a branching strategy

In this section of the chapter, we will dig into what exactly CI/CD is and why is it so important in the software life cycle. Then, we will learn about a branching strategy, and how we use it in the source code repository to make the software delivery more efficient, collaborative, and faster.

CI

Before getting to know about CI, let's have a brief look at what happens in a software development workflow. Suppose you are working independently, and you have been asked to develop a web application that is a chat system. So, the first thing you will be doing is to create a Git repository and write your code in your local machine, build the code, and run some tests. If it works fine in your local environment, you will then push it to a remote Git repository. After that, you will build this code for different environments (where the actual application will run) and put the artifact in the artifact registry. After that, you will deploy that artifact into the application server where your application will be running.
Now, suppose the frontend of your application is not too good, and you want some help from your frontend developer. The frontend developer will clone the code repository, then contribute to the repository either by modifying the existing code or adding new code. After that, they will commit the code and push it into the repository. Then again, the same steps of build and deploy will take place, and your application will be running with the new User Interface (UI). Now, what if you and the frontend developer both want to enhance the application, whereby both of you will be writing the code, and somehow you both used the same file and did your own changes, and tried to push back to the repository? If there are no conflicts, then your Git repository will allow you to update the repository, but in case there are any conflicts then it will highligh...

Table of contents

  1. Accelerating DevSecOps on AWS
  2. Contributors
  3. Preface
  4. Section 1:Basic CI/CD and Policy as Code
  5. Chapter 1: CI/CD Using AWS CodeStar
  6. Chapter 2: Enforcing Policy as Code on CloudFormation and Terraform
  7. Chapter 3: CI/CD Using AWS Proton and an Introduction to AWS CodeGuru
  8. Section 2:Chaos Engineering and EKS Clusters
  9. Chapter 4: Working with AWS EKS and App Mesh
  10. Chapter 5: Securing Private EKS Cluster for Production
  11. Chapter 6: Chaos Engineering with AWS Fault Injection Simulator
  12. Section 3:DevSecOps and AIOps
  13. Chapter 7: Infrastructure Security Automation Using Security Hub and Systems Manager
  14. Chapter 8: DevSecOps Using AWS Native Services
  15. Chapter 9: DevSecOps Pipeline with AWS Services and Tools Popular Industry-Wide
  16. Chapter 10: AIOps with Amazon DevOps Guru and Systems Manager OpsCenter
  17. Other Books You May Enjoy

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, weā€™ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere ā€” even offline. Perfect for commutes or when youā€™re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Accelerating DevSecOps on AWS by Nikit Swaraj in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Science General. We have over one million books available in our catalogue for you to explore.