Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CI/CD@Scale

92 views

Published on

CI/CD@Scale - As customers implement Goverance@Scale principles it highlights the need to develop, build and deploy applications or infrastructure while thinking about compliance and security as part of the CI/CD pipeline. This section will cover how to integrate security and compliance in application and infrastructure development, using Inspector and Config in conjunction with AWS and partner developer tools.​

  • Be the first to comment

  • Be the first to like this

CI/CD@Scale

  1. 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Yuriko Horvath Sr. Solutions Architect – FedCiv, Amazon Web Services Len Henry Sr. Solutions Architect – Edu, Amazon Web Services Continuous Integration/Continuous Delivery [CI/CD] to Scale Compliance & Security
  2. 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Key Takeaways • Benefits of automated security and compliance testing in CI/CD • Introduction to AWS, partner and industry tools choices for CI/CD, security, and compliance • Learn patterns for CI/CD within AWS accounts
  3. 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Secure Applications Secure Infrastructure Enhance Governance CI/CD goals to constantly…. Deliver Value Faster Raise Code Quality Raise Feature Quality Change Control Consistency of Environments Automate Deployments Automate Rollbacks Enhance Performance DevOps CompSecOps
  4. 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CI/CD on AWS for Infrastructure
  5. 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Secure Applications Secure Infrastructure Enhance Governance Infrastructure: CI/CD goals to constantly…. Change Control Consistency of Environments Automate Deployments Automate Rollbacks Enhance Performance CompSecOps
  6. 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prod Build Env Report CodeCommit Commit Dev Acct Prod Acct Tools Acct Coordinate Build Artifacts Elsewhere Test Test Build Env Test Acct Report 1 Deploy
  7. 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. ß Committing Code • IAM, Managed service, Price • Encryption at rest • AWS integration CodeCommit • Custom login • Issue tracking • Webhooks • Enterprise hosting • Jira integration • Mercurial version control • Price • Enterprise hosting Git version control Collaboration & pull request reviews GitHub
  8. 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prod Build Env Report CodeCommit Commit Dev Acct Prod Acct Tools Acct Coordinate Build Artifacts Elsewhere Deploy Test Test Build Env Test Acct Report 1 Lambda CodePipeline 2 3 4 CloudFormation Elastic Beanstalk OpsWorks Jenkins
  9. 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Coordinating CI/CD Pipeline • IAM, managed service, price • Setup & integration with AWS developer tools • Integration with AWS services CodePipeline • Complicated CI/CD workflow patterns needing customizations Lambda • Extensible plugin architecture • Configurable *AWS Marketplace CI/CD orchestration Jenkins
  10. 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Deploying Infrastructure • Infrastructure as code for a majority of AWS services • Simple setup • Developer friendly • Community • On-premises Deployment and lifecycle of application infrastructure CodePipeline integration IAM, managed service, price CloudFormation OpsWorks Elastic Beanstalk
  11. 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prod Build Env Report CodeCommit Commit Dev Acct Prod Acct Tools Acct Coordinate Build Artifacts Elsewhere Test Test Build Env Test Acct Report 1 Lambda CodePipeline Amazon Inspector AWS Config CodeBuild 2 3 4 5 6 7 Deploy CloudFormation Elastic Beanstalk OpsWorks Jenkins
  12. 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Testing Functionality • IAM integration • Managed service w/ auto scaling • On-demand pricing • Easy setup & CodePipeline integration • Hooks to CodeCommit, S3, GitHub [Enterprise] • Integration with unit; integration, UI, and performance-testing suites CodeBuild CodePipeline
  13. 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Testing security compliance • Security for EC2 applications • Templated vulnerability, security, and best practice rules • Compliance Amazon Inspector • Configurable AWS resource rules • Continuous monitoring • Dashboards and notifications of violations AWS Config • Configurable compliance rules • Integrates with Systems Manager
  14. 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security Testing
  15. 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Prod Build Env Report CodeCommit Commit Dev Acct Prod Acct Tools Acct Coordinate Build Artifacts Elsewhere Test Test Build Env Test Acct Report 1 Lambda CodePipeline CodeBuild 2 3 4 5 6 7 8 8 9 Deploy CloudFormation Elastic Beanstalk OpsWorks Amazon Inspector AWS Config Amazon Inspector AWS Config Jenkins
  16. 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Demo CI/CD Infrastructure & Security on AWS https://youtu.be/nH6FetJ2r2M
  17. 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  18. 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CI/CD on AWS for Applications
  19. 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Applications: CI/CD goals to constantly…. Deliver Value Faster Raise Code Quality Raise Feature Quality Change Control Consistency of Environments Automate Deployments Automate Rollbacks Enhance Performance DevOps
  20. 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CodeCommit Commit Dev Acct Prod Acct Tools Acct Coordinate Build Artifacts Elsewhere Store Artifacts Deploy Test Prod Build Env Test Build Env Test Acct Report Lambda CodePipeline CodeBuild S3 Amazon ECR AMI 2 4 3 Jenkins Jenkins 1
  21. 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Building Artifacts • IAM, managed service w/ auto- scaling, pricing • Setup & CodePipeline integration • Hooks to CodeCommit, S3, GitHub [Enterprise] • Artifact store on S3, Amazon ECR, and Docker Hub CodeBuild • Extensible plug-in architecture • Configurable *AWS Marketplace Jenkins
  22. 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CodeCommit Commit Dev Acct Prod Acct Tools Acct Coordinate Build Artifacts Elsewhere Store Artifacts Deploy Test Prod Build Env Test Build Env Test Acct Report 1 Lambda CodePipeline CodeBuild S3 Amazon ECR AMI 2 4 3 6 7 SNS 5 8 9 CodeDeploy Amazon ECS EB Amazon InspectorEC2 CodeBuild Jenkins Jenkins Report
  23. 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Deploying Code • IAM, managed service w/ auto-scaling • Pricing • Console setup & CodePipeline & auto-scaling integration • Trackable rolling deploys with rollbacks CodeDeploy • Operator-friendly configuration through JSON • Community recipes • Developer-friendly configuration through Ruby scripts Deploy to EC2, Lambda Deploy to on-premises instances
  24. 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Testing Functionality • IAM integration • Managed service w/ auto-scaling • On-demand pricing • Setup & CodePipeline integration • Hooks to CodeCommit, S3, GitHub [Enterprise] • Integration with unit; integration, UI, and performance-testing suites CodeBuild CodePipeline
  25. 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Testing Security • Application security, vulnerability and compliance testing • DevOps integration through APIs • Testing rules for CVE, CIS benchmarks, security best practices, and runtime behavior analysis Amazon Inspector
  26. 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Functionality Testing
  27. 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Performance & Load Testing
  28. 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CodeCommit Commit Dev Acct Prod Acct Tools Acct Coordinate Build Artifacts Elsewhere Store Artifacts Deploy Test Prod Build Env Test Build Env Test Acct Report 1 Lambda CodePipeline CodeBuild S3 Amazon ECR AMI 2 4 3 5 6 Amazon SNS 7 8 9 CodeDeploy Amazon ECS EB Amazon InspectorEC2 CodeBuild 10 11 12 Report Amazon ECS EB Amazon InspectorEC2 Jenkins Jenkins
  29. 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Demo CI/CD Application & Security on AWS https://youtu.be/iWTCQLtx3qc
  30. 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  31. 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Secure Applications Secure Infrastructure Enhance Governance CI/CD goals to constantly…. Deliver Value Faster Raise Code Quality Raise Feature Quality Change Control Consistency of Environments Automate Deployments Automate Rollbacks Enhance Performance DevOps CompSecOps
  32. 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you! Talk to your AWS account team to discuss implementation!

×