Owasp devslop how to implement an effective cloud resource tagging strategy using ia c

•

0 likes•105 views

Cloud service providers allow users to assign metadata to their cloud resources in the form of tags. Each tag is a simple label consisting of a customer-defined key and a value that can make it easier to manage, search for, and filter resources. Although there are no inherent types of tags, they enable customers to categorize resources by purpose, owner, environment, or other criteria. Tags can be used for security, cost allocation, automation, console organization, access control, and operations. On this show, we will review a new way to automate tags attribution in your CI/CD pipeline and AWS. We will also take a look at a new open-source tool to help us implement tagging best practices.

Engineering

How to Implement an Effective
Cloud Resource Tagging Strategy
Using Infrastructure As Code
A new open source project is born
@BarakSchoster

Code
Triage
The process
Pager Alert
Slack
Thread
CloudTrail
Triage
Jira
Assigned
Jira
Reassignment
Code Fix
Deploy to
Prod
MTTR IS
TOO
LONG

Tagging use cases
13 | © 2021 Palo Alto Networks, Inc. All rights reserved.
Automation
Security Risk Management
Operation Support
Console Organization
Cost Allocation
Consolidate resource groups
inventory based on tags
identify resources that require
heightened security Break down cost by tag of cost
center, business unit or project
Opt in and out infrastructure
scaling scripts using tags
Incident management
triage using tags
Access Control
IAM policies conditions
based on tags

Tagging best practices
1. Employ a Cross-Functional Team to Identify Tag Requirements
2. Use Tags Consistently
3. Assign Owners to Deﬁne Tag Value Propositions
4. Focus on Required and Conditionally Required Tags
5. Start Small; Less is More
6. Use Automation to Proactively Tag Resources
7. Remediate Untagged Resources

What is
?
Open source (Apache 2.0) tagging
framework for IaC, intended to be used
in CI/CD pipelines
1. Automated tagging
2. Built in best practices for tracing
3. Built in best practices for ownership

What is Yor Trace?
Where did this
resource come from?
How was it
conﬁgured?
Where do I ﬁx a
misconﬁg?
What runtime
resources are
provisioned from this
code?
No need to access state or sensitive
information to answer those questions

Integrating Yor into the GitOps workﬂow
IaC
commit pull
request
commit
trace tags
merge apply
trace

The ownership culture
You
Build
It
You
Run
It
Dependencies are a joint ownership...
...and Yor can help you manage that.

Recap: What can you do with Yor
Organize cloud inventory
Standardize ownership
Reduce MTTR

Yor in Operations Support
Reduce MTTR by routing issues to the right people
using event rules relaying on tag data

Recap: What can you do with Yor
Organize cloud inventory
Reduce MTTR
Standardize ownership
Enrich policy engines

Integrating Yor and Checkov
Example
Allow only the security team to
edit CloudTrail conﬁgurations
Policy as Code Enrichment engine

Checkov policy
Fail a build if the resource doesn't comply with the policy

Recap: What can you do with Yor
Organize cloud inventory
Reduce MTTR
Standardize ownership
Enrich policy engines
Access control

Tagging use cases
36 | © 2021 Palo Alto Networks, Inc. All rights reserved.
Automation
Security Risk Management
Operation Support
Console Organization
Cost Allocation
Consolidate resource groups
inventory based on tags
identify resources that require
heightened security Break down cost by tag of cost
center, business unit or project
Opt in and out infrastructure
scaling scripts using tags
Incident management
triage using tags
Access Control
IAM policies conditions
based on tags

The future of Yor
● YAML tagging rules
● Support for k8 manifests
● Drift detection
● Community invite: more extensions for SRE systems

Thank you
@BarakSchoster
https://github.com/bridgecrewio/yor
https://slack.bridgecrew.io/

What's hot

Introduction: AWS-Enabled Enterprise Storage Solutions

Amazon Web Services

AWS is hosting the first FSI Cloud Symposium in Hong Kong, which will take place on Thursday, March 23, 2017 at Grand Hyatt Hotel. The event will bring together FSI customers, industry professional and AWS experts, to explore how to turn the dream of transformation, innovation and acceleration into reality by exploiting Cloud, Voice to Text and IoT technologies. The packed agenda includes expert sessions on a host of pressing issues, such as security and compliance, as well as customer experience sharing on how cloud computing is benefiting the industry. Speakers: Myles Hosford, Security Solutions Architect APAC, AWS Anthony Hodge, Head, Cloud Engineering and Delivery, Standard Chartered Bank

Fintech Pace Security on AWS: The Customer Perspective

Amazon Web Services

Case-Study: AWS Cloud Cost Optimization with insisive cloud

insisiv Labs

Cloud Acquisition Strategies: How to Buy the Cloud

Amazon Web Services

Gartner IT Symposium 2013: Delivering IT-as-a-Service with Cloud Brokering an...

Gravitant, Inc.

As presented at the CloudBrew 2019 conference in 13.12.2019. When proper governance model is followed, your Azure application development teams are operating in a secure and compliant Azure environment during design, development and operations. In this "lessons learned" type of session, Karl will will share practical tips on how to build a comprehensive Azure governance model, based on real-life experiences from working with multi-billion dollar corporations. After this session, you should have a better understanding of Azure governance best practices and in-house team roles & responsibilities. You will also have an overview of the technical fundamentals of a comprehensive Azure Governance.

Building an Enterprise-Grade Azure Governance Model

Karl Ots

Culture Eats Strategy for Breakfast

Amazon Web Services

Aws intro to cloud_economics

jtaylor707

Anytime a user can’t access that data, there’s a cost

LabeedAhmadQamar

Cloud Computing Series - Part II: SmartSheet Case Study

Washington Technology Industry Association

Optimizing IT Procurement and Deployment for Innovation - A key success factor in most enterprises is how effective communication is between the business and IT teams. In this talk, we address how you can enable your organization to create a competitive & innovative advantage by building better ways to procure and deploy infrastructure and software solutions. Nigel Watson, Partner Business Development Manager, AWS Marketplace, APAC

Optimizing IT Procurement and Deployment for Innovation

Amazon Web Services

Cloud Innovation with Safety Rails As cloud platforms transform how IT solutions can be delivered, a watchful eye must be kept on traditional governance concerns such as accountability and compliance. In this talk, we’ll explore how enterprises can successfully balance these two seemingly opposing factors to create cloud-based environments that maximize the opportunity for innovation, whilst simultaneously providing a set of safety-rails around cloud procurement and deployment that emphasize accountability and visibility. Nigel Watson, Partner Business Development Manager, AWS Marketplace, APAC

Cloud Innovation with Safety Rails

Amazon Web Services

Search for All with Elastic Workplace Search

Elasticsearch

As your public cloud or hybrid environment starts to scale, it’s easy to lose track of all the moving parts. Reclaim time for more strategic projects by implementing cloud governance policies. In this session, we’ll show you how to proactively alert on any irregularities, such as cost spikes, tagging compliance issues, security vulnerabilities and more. We’ll share real world examples of how different organizations have successfully simplified their daily cloud operations through governance — including our experience managing our own infrastructure.

Be Proactive, Not Reactive: Cloud Governance for Fast, Accurate Decision Making

CloudHealth by VMware

Cw13 aws by tamer abdul radi-cloud9ners

TheInevitableCloud

[Webinar] When It Comes To Cloud, Great Power Brings Great Responsibility

OpsRamp

Search for All with Elastic Workplace Search

Elasticsearch

Insight to Action Visibility, Optimization & Governance for Your AWS Cloud En...

Amazon Web Services

The Cloud Journey Workshop is an experiential session that works through a representative use case of a company's cloud adoption journey. In this session, participants divide into teams, and each team makes practical recommendations for how to plan and execute their journey to the cloud so they can meet business expectations. By participating, you learn best practices on organization transformation, cloud foundations establishment, migration methodology, and application landscape optimization from AWS facilitators. You also have the opportunity to share tips with other AWS customers to make your cloud journey successful.

Creating an Effective Roadmap for Your Cloud Journey (ENT225-R1) - AWS re:Inv...

Amazon Web Services

There’s no shortage of noise about cybersecurity. Between the shear number of vendors and daily news coverage about the next big vulnerability or breach, it’s easy to start feeling directionless and reactive. However, there are ways to cut through the noise. The first step is understanding how companies are actually getting breached - not just the ones you hear about in the media. Then, you can create a strategy that’s tailored to your risk profile and attack surface. In this session, you’ll leave with an understanding of how to measure your risk, devise a realistic defense strategy, and deploy high impact security, no matter what your budget or time crunch is.

ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...

Amazon Web Services

What's hot (20)

Introduction: AWS-Enabled Enterprise Storage Solutions

Fintech Pace Security on AWS: The Customer Perspective

Case-Study: AWS Cloud Cost Optimization with insisive cloud

Cloud Acquisition Strategies: How to Buy the Cloud

Gartner IT Symposium 2013: Delivering IT-as-a-Service with Cloud Brokering an...

Building an Enterprise-Grade Azure Governance Model

Culture Eats Strategy for Breakfast

Aws intro to cloud_economics

Anytime a user can’t access that data, there’s a cost

Cloud Computing Series - Part II: SmartSheet Case Study

Optimizing IT Procurement and Deployment for Innovation

Cloud Innovation with Safety Rails

Search for All with Elastic Workplace Search

Be Proactive, Not Reactive: Cloud Governance for Fast, Accurate Decision Making

Cw13 aws by tamer abdul radi-cloud9ners

[Webinar] When It Comes To Cloud, Great Power Brings Great Responsibility

Search for All with Elastic Workplace Search

Insight to Action Visibility, Optimization & Governance for Your AWS Cloud En...

Creating an Effective Roadmap for Your Cloud Journey (ENT225-R1) - AWS re:Inv...

ThreatStack Workshop: Stop Wasting Your Time: Focus on Security Practices tha...

Similar to Owasp devslop how to implement an effective cloud resource tagging strategy using ia c

As organizations adopt the cloud, security governance is a key cornerstone to the long-term success of their transformation. Understanding the Shared Responsibility model of the cloud is important. Enforcing security policies with automation and reporting on the security status can be challenging, but necessary. 2nd Watch will share with you how we are helping our customers adopt the cloud with a security posture for sustainable Microsoft Azure cloud adoption.

Automated Security & Continuous Compliance on Microsoft Azure

2nd Watch

Novel cloud computingsecurity issues

Joo Manthar

cloudComputingSec_p3.pptx

Steven Quach

Alfresco Virtual DevCon 2020 - Security First!

Jason Jolley

July 31, 2020 - CSA LA event slides

SoCalLAAdmin

In this workshop, create guardrails to ensure governance is applied and identify when people stray. This session will deep dive into AWS Landing Zone, AWS Organizations, AWS Config, and Identity and Access Management. We will focus on the Operational Excellence and Security pillar best practices, of the AWS Well-Architected Framework, using a multi-account strategy. We address the architectural and operational decisions you need to make. In the cloud, you can start at the core and create defense in depth at the individual resource level. This session is designed for security and compliance practitioners interested in estate management, auditing of infrastructure, advanced IAM techniques, and overall governance management.

Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...

Amazon Web Services

Agile Gurugram 2023 I Metrics and Business Agility - Dinker Charak

AgileNetwork

Agile Kolkata 2023 I EEBO Metrics in the Times of GenAI - Dinker Charak

AgileNetwork

Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore

Amazon Web Services

Attackers think in graphs; defenders operate with lists. That’s why attackers win. What if we could have a graph-based, data-driven security and compliance platform that can: · intelligently analyze my environment, · automatically keep up with the constant changes, · help us understand and navigate that complexity, and · manage compliance in a data-driven, continuous way. This presentation describes how my security team built our security operations and automate compliance evidence collection using a graph database. There are also actual screenshots from the JupiterOne platform showing the discovery of thousands of assets from connected AWS accounts and other cloud providers; the configuration analysis of these resources; the query and search with graphs to visualize the relevant relationships; as well as the alerts, findings, and compliance mapping. All without the need for additional 3rd party solutions.

Build a complete security operations and compliance program using a graph dat...

Erkang Zheng

Biz Talk Demo slideshare

erios

This webinar features Shane Shelton - Sr. Director of Application Performance and Development Operations at McGraw-Hill Education, discussing how Sumo Logic helps his team gain critical operational and security insights into their AWS environment. Amazon Web Services Head of Application & Industry Vertical Technology Alliances, Scott Barneson, and Sumo Logic Senior Product Manager, Ben Newton, discuss how to: * Set up the Sumo Logic service within days with 100% automated collection * Rapidly identify and troubleshoot issues across the infrastructure stack * Leverage real-time alerts to fix issues before they impact release cycles * Foster collaboration across teams while retaining control with RBAC * Reduce MTTI e.g. converting 150 pages of logs into 5 pages of patterns * Monitor and audit critical security changes in AWS to meet security policies

How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...

Sumo Logic

Enterprise blockchain companies must be especially vigilant in ensuring their systems and databases remain secure. From using the strongest encryption algorithms to relying on robust authentication protocols, there are multiple measures that can help guarantee protection from security threats–and all should be taken seriously for maximum safety. To talk about the security concerns of blockchain and the ways to deal with these risks and compliance norms, Ghan Vashishtha, Co-founder and CTO Zeeve led a webinar on Enterprise blockchain security and compliance. This was the fourth episode as part of the 7 game changer lessons from a truly insightful webinar series pertaining to the required dimensions to consider in blockchain adoption.

Webinar- GBA Episode 4 – Enterprise Blockchain Adoption “Security & Adoption”

Zeeve

Security is often misunderstood and addressed in the last stages of a build. Operationally, it’s ignored until there is an emergency. In this talk, we review several advanced security processes and discuss how too easily automate them using common tools in the AWS Cloud. This approach helps you and your team increase the security of your build while reducing the overall operational requirement of security in your stack. Leave this dev chat with everything you need to get started with automating security.

Advanced Security Automation Made Simple

Mark Nunnikhoven

Core strategies to develop defense in depth in AWS

Shane Peden

AWS IoT Device Defender is a fully managed service that helps you secure your fleet of IoT devices. In this session, we dive into Device Defender Detect, the feature that monitors metrics collected on device and cloud-side to identify anomalous behaviors. We get into the details of how Device Defender Detect works and metrics that it supports. The session includes a demo of how best to leverage Device Defender Detect for keeping your devices secure.

Managing Security of Large IoT Fleets (IOT321-R1) - AWS re:Invent 2018

Amazon Web Services

Tagging Best Practices for Cloud Governance

RightScale

Traditionally, technology governance has required long, detailed documents and hours of work for IT managers, security or audit professionals, and administrators. Automating governance on AWS offers a better way. AWS services modernize technology governance by enshrining policy into code and embedding security guardrails at the development level, to provide reliable policy implementation and allow for continuous and real-time auditing capabilities. Leave this session with a better understanding of the benefits of automating technology governance and managing security and compliance with AWS. Presenter: John McDonald, Financial Services Compliance Specialist, AWS

Implementing Governance as Code

Amazon Web Services

PLAY TO WIN In Business, As In Chess, Forethought Wins Showcasing exemplary stories of success where channel partners have gone to great lengths to implement innovative solutions. Acclaiming those partners who have risen to the challenges of the digital era and transformed their business to a solutions offering. Inspiring channel businesses to become value-added providers and trusted allies to their customers. Stories that made a Difference.

Value Stories - 3rd issue - April 2019

Redington Value Distribution

In our last webinar with DevOps.com, we discussed how leading enterprises are transforming QA from a bottleneck to a speed enabler in DevOps environment. In this webinar, we'll take the discussion a step further by discussing a popular testing methodology for DevOps: behavior driven development (BDD). We'll discuss the history of BDD and its roots in test-driven development, its key principles and benefits for DevOps, and best practices for getting started with BDD and scaling the practice. In this webinar, you will learn: How BDD enhances collaboration to streamline DevOps workflows The key principles of BDD: Collaborate, record, automate Tips for scaling BDD to drive business value in your organization

How to Streamline Testing in DevOps With Behavior Driven Development

DevOps.com

Similar to Owasp devslop how to implement an effective cloud resource tagging strategy using ia c (20)

Automated Security & Continuous Compliance on Microsoft Azure

Novel cloud computingsecurity issues

cloudComputingSec_p3.pptx

Alfresco Virtual DevCon 2020 - Security First!

July 31, 2020 - CSA LA event slides

Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...

Agile Gurugram 2023 I Metrics and Business Agility - Dinker Charak

Agile Kolkata 2023 I EEBO Metrics in the Times of GenAI - Dinker Charak

Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore

Build a complete security operations and compliance program using a graph dat...

Biz Talk Demo slideshare

How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...

Webinar- GBA Episode 4 – Enterprise Blockchain Adoption “Security & Adoption”

Advanced Security Automation Made Simple

Core strategies to develop defense in depth in AWS

Managing Security of Large IoT Fleets (IOT321-R1) - AWS re:Invent 2018

Tagging Best Practices for Cloud Governance

Implementing Governance as Code

Value Stories - 3rd issue - April 2019

How to Streamline Testing in DevOps With Behavior Driven Development

Recently uploaded

Signal Processing and Linear System Analysis

National Chung Hsing University

Online electricity billing project report..pdf

Kamal Acharya

Computer Networks Basics of Network Devices

ChandrakantDivate1

UNIT 4 PTRP final Convergence in probability.pptx

kalpana413121

Built environment is known for its capacity, capability, role, relevance and importance to change the quality of life of the occupants and communities. Presentation focuses on options which need to be leveraged to make buildings sustainable, cost-effective, energy efficient, resource efficient, qualitative over its entire life-cycle through designing, construction, operation. It calls for making buildings green and sustainable.

COST-EFFETIVE and Energy Efficient BUILDINGS ptx

JIT KUMAR GUPTA

Path loss model, OKUMURA Model, Hata Model

DrAjayKumarYadav4

Augmented Reality (AR) with Augin Software.pptx

Mustafa Ahmed

Computer Graphics Introduction To Curves

ChandrakantDivate1

Ground Improvement Technique: Earth Reinforcement

Dr. Deepak Mudgal

HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR

KOUSTAV SARKAR

In the dynamic landscape of energy storage, choosing the right battery pack is a critical decision that significantly impacts performance, efficiency, and overall product design. This webinar aims to unravel the complexities surrounding standard and custom battery packs (primarily lithium), providing you with a comprehensive understanding to make informed decisions. We'll embark on a journey to explore the fundamental distinctions between standard off-the-shelf battery packs and their bespoke counterparts tailored to specific applications. We will delve into the nuance of what is defined as a standard battery pack along with its benefits, limitations, and how it caters to broad market needs. Simultaneously, we will dissect the world of custom battery packs, diving into the advantages they offer in terms of precise energy requirements, form factors, and unique design considerations. Whether you are a product designer, engineer, or industry professional, this webinar is designed to equip you with the knowledge necessary to navigate the intricate terrain of battery pack selection. Join us for this webinar as we navigate through the intricacies of standard and custom battery packs, empowering you to make strategic decisions that align with your project goal. For more information on our battery pack solutions, visit https://www.epectec.com/batteries/.

Standard vs Custom Battery Packs - Decoding the Power Play

Epec Engineered Technologies

Robotics is an exciting and rapidly evolving field that combines engineering, computer science, and technology. Robots are versatile machines capable of automating a wide range of tasks with precision, speed, and power. This introduction will explore the history, components, and applications of this transformative technology. A robot is an electromechanical machine designed to perform tasks autonomously or semi-autonomously. Robots are controlled by sophisticated software and can be programmed to carry out a variety of functions. Robots use sensors to gather information about their environment and actuators to interact with it. The concept of automata, or self-operating machines, dates back to ancient civilizations such as Greece and China. The development of industrial machinery in the 18th and 19th centuries paved the way for modern robotics. The advent of computers in the 20th century enabled the creation of more advanced, programmable robots Industrial robots are commonly used in manufacturing, performing tasks such as welding, painting, and assembly. Service robots are designed to assist humans in tasks like cleaning, transportation, and healthcare Humanoid robots are designed to mimic the appearance and functionality of the human body. Mechanical Structure Robots have a physical frame, joints, and linkages that allow for movement and manipulation. Power Source Robots require a power source, such as batteries or electrical connections, to operate. Control System The control system, often a computer or microcontroller, coordinates the robot's actions and movements End Effectors Robots may have specialized tools, such as grippers or tools, to interact with their environment Cameras and other vision sensors allow robots to perceive and respond to their environment. Ultrasonic and infrared sensors help robots detect and avoid obstacles. Tactile sensors enable robots to feel and interact with their surroundings. Motors, servos, and other actuators allow robots to move and manipulate objects. Robots are controlled by sophisticated software that defines their behaviors and decision-making processes. Algorithms enable robots to process sensor data, plan actions, and execute tasks autonomously. Advancements in machine learning allow robots to adapt and improve their performance over time. Applications of Robotics Robots are widely used in industrial settings for tasks such as assembly, welding, and packaging. Robotic systems are revolutionizing medicine, from surgical assistants to rehabilitation devices. Robots are essential for exploring hazardous environments, such as deep-sea and outer space

Introduction to Robotics in Mechanical Engineering.pptx

hublikarsn

"Lesotho Leaps Forward: A Chronicle of Transformative Developments"

mphochane1998

Employee leave management system project.

Kamal Acharya

Introduction to Data Visualization,Matplotlib.pdf

sumitt6_25730773

scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...

HenryBriggs2

1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf

AldoGarca30

Online Food Ordering System is proposed for simplifies the food ordering process. ThisSystem shows an user interface and update the menu with all available options so that it eases thecustomer work. Customer can choose more than one item to make an order and can view Orderdetails before logging off. The order confirmation is sent to the customer. The order is placed inthe queue and updated in the Database and returned in real time. This system assists the staff togo through the orders in real time and process it efficiently. Online food order system is mainlydesigned primarily function for use in the food delivery industry. This system will allowhotels and restaurants to increase online food ordering such type of business. The customerscan be selected food menu items just few minutes. In the modern food industries allows toquickly and easily delivery on customer place. Restaurant employees then use these ordersthrough an easy to delivery on customer place easy find out navigate graphical interface forefficient processing .

Online food ordering system project report.pdf

Kamal Acharya

Memory Interfacing of 8086 with DMA 8257

subhasishdas79

Introduction to Serverless with AWS Lambda

Omar Fathy

Recently uploaded (20)

Signal Processing and Linear System Analysis

Online electricity billing project report..pdf

Computer Networks Basics of Network Devices

UNIT 4 PTRP final Convergence in probability.pptx

COST-EFFETIVE and Energy Efficient BUILDINGS ptx

Path loss model, OKUMURA Model, Hata Model

Augmented Reality (AR) with Augin Software.pptx

Computer Graphics Introduction To Curves

Ground Improvement Technique: Earth Reinforcement

HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR

Standard vs Custom Battery Packs - Decoding the Power Play

Introduction to Robotics in Mechanical Engineering.pptx

"Lesotho Leaps Forward: A Chronicle of Transformative Developments"

Employee leave management system project.

Introduction to Data Visualization,Matplotlib.pdf

scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...

1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf

Online food ordering system project report.pdf

Memory Interfacing of 8086 with DMA 8257

Introduction to Serverless with AWS Lambda

Owasp devslop how to implement an effective cloud resource tagging strategy using ia c

1. How to Implement an Effective Cloud Resource Tagging Strategy Using Infrastructure As Code A new open source project is born @BarakSchoster

2. Our story begins with a log

3. A Slack message

4. Followed by

5. More slack messages

6. Security hub alerts

7. A solution

8. Jira tickets

9. And some Jira follow ups

10. Problem source

11. Code Triage The process Pager Alert Slack Thread CloudTrail Triage Jira Assigned Jira Reassignment Code Fix Deploy to Prod MTTR IS TOO LONG

12. There’s got to be a better way

13. Tagging use cases 13 | © 2021 Palo Alto Networks, Inc. All rights reserved. Automation Security Risk Management Operation Support Console Organization Cost Allocation Consolidate resource groups inventory based on tags identify resources that require heightened security Break down cost by tag of cost center, business unit or project Opt in and out infrastructure scaling scripts using tags Incident management triage using tags Access Control IAM policies conditions based on tags

14. Tagging best practices 1. Employ a Cross-Functional Team to Identify Tag Requirements 2. Use Tags Consistently 3. Assign Owners to Deﬁne Tag Value Propositions 4. Focus on Required and Conditionally Required Tags 5. Start Small; Less is More 6. Use Automation to Proactively Tag Resources 7. Remediate Untagged Resources

15. Make it so

16. What is ? Open source (Apache 2.0) tagging framework for IaC, intended to be used in CI/CD pipelines 1. Automated tagging 2. Built in best practices for tracing 3. Built in best practices for ownership

17. Installing Yor

18. What is Yor Trace? Where did this resource come from? How was it configured? Where do I fix a misconfig? What runtime resources are provisioned from this code? No need to access state or sensitive information to answer those questions

19. What are git tags?

20. Runtime issue

21. Build resource traces

22. Demo Time

23. Integrating Yor into the GitOps workﬂow IaC commit pull request commit trace tags merge apply trace

24. Tagging is a team play

25. The ownership culture You Build It You Run It Dependencies are a joint ownership... ...and Yor can help you manage that.

26. Recap: What can you do with Yor Organize cloud inventory Standardize ownership Reduce MTTR

27. Yor in Operations Support Reduce MTTR by routing issues to the right people using event rules relaying on tag data

28. Recap: What can you do with Yor Organize cloud inventory Reduce MTTR Standardize ownership Enrich policy engines

29. Integrating Yor and Checkov Example Allow only the security team to edit CloudTrail conﬁgurations Policy as Code Enrichment engine

30.

31. Checkov policy

32. Checkov policy Fail a build if the resource doesn't comply with the policy

33. Recap: What can you do with Yor Organize cloud inventory Reduce MTTR Standardize ownership Enrich policy engines Access control

34. Using Yor in AWS IAM

35. Tag/ Label Everything

36. Tagging use cases 36 | © 2021 Palo Alto Networks, Inc. All rights reserved. Automation Security Risk Management Operation Support Console Organization Cost Allocation Consolidate resource groups inventory based on tags identify resources that require heightened security Break down cost by tag of cost center, business unit or project Opt in and out infrastructure scaling scripts using tags Incident management triage using tags Access Control IAM policies conditions based on tags

37. The future of Yor ● YAML tagging rules ● Support for k8 manifests ● Drift detection ● Community invite: more extensions for SRE systems

38. Thank you @BarakSchoster https://github.com/bridgecrewio/yor https://slack.bridgecrew.io/

Owasp devslop how to implement an effective cloud resource tagging strategy using ia c

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Owasp devslop how to implement an effective cloud resource tagging strategy using ia c

Similar to Owasp devslop how to implement an effective cloud resource tagging strategy using ia c (20)

Recently uploaded

Recently uploaded (20)

Owasp devslop how to implement an effective cloud resource tagging strategy using ia c