SlideShare a Scribd company logo

Automating AWS Compliance with InSpec

Matt Ray
Matt Ray

Presentation from the Sydney AWS Security Meetup - August 10, 2017. https://www.meetup.com/Sydney-AWS-Security-User-Group/events/239370748/

Technology
1 of 64
Download to read offline
Automating Compliance with InSpec Sydney AWS Security Meetup August 10, 2017
Matt Ray Manager, Solutions Architect – APJ Chef Software matt@chef.io @mattray
SSH Control "SSH supports two different protocol versions.The original version, SSHv1, was subject to a number of security issues. Please use SSHv2 instead to avoid these."
How will I verify this?
Whip up a one-liner! grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //'
Apache Server Information Leakage • Description This Directive Controls wheather Server response field is sent back to clients includes a description of Generic OSType of the Server. This allows attackers to identify web servers details greatly and increases the efficiency of any attack,as security vulnerabilities are dependent upon specific software versions. • How toTest In order to test for ServerToken configuration, one should check the Apache configuration file. • Misconfiguration ServerTokens Full • Remediation Configure the ServerTokens directive in the Apache configuration to value of Prod or ProductOnly.This tells Apache to only return "Apache" in the Server header, returned on every page request. ServerTokens Prod or ServerTokens ProductOnly https://www.owasp.org/index.php/SCG_WS_Apache
More grep and sed! grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
C o m p l i a n c e
Two-thirds of organizations did not adequately test the security of all in-scope systems
Key Trends • While individual rule compliance is up, testing of security systems is down • Sustainability is low. Fewer than a third of companies were found to be still fully compliant less than a year after successful validation.
Shell Scripts grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //' grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
Infrastructure Code package 'httpd' do action :install end service 'httpd' do action [ :start, :enable ] end
We Have A Communications Problem
Security != Compliance
Compliance Language
One Language Linux
One Language Linux,Windows
Windows
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ...
Examples of Available Resources apache_conf apt audit_policy auditd_conf auditd_rules bond bridge command crontab directory etc_group file gem group host inetd_conf interface iptables kernel_module kernel_parameter limits_conf login_defs mount mysql_conf mysql_session npm ntp_conf oneget os os_env package parse_config parse_config_file passwd pip port postgres_conf postgres_session powershell processes registry_key security_policy service ssh_config sshd_config user windows_feature yum
What is it not? • IDS / IPS • Firewall • Antivirus • Pentesting tool
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases
DB Testing
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases,APIs
Cloud Testing
InSpec > inspec exec test.rb Test a machine remotely via SSH > inspec exec test.rb -i identity.key -t ssh://root@172.17.0.1 Test your machine locally > inspec exec test.rb -t winrm://Admin@192.168.1.2 --password super Test Docker Container > inspec exec test.rb -t docker://5cc8837bb6a8 Test a machine remotely via WinRM AGENTLESS
Operating System & Application Coverage • Microsoft Windows • Red Hat Enterprise Linux • Ubuntu Linux • SUSE Linux Enterprise Server • Oracle Enterprise Linux • AIX • HP-UX • Solaris • VMware ESXi • MySQL • Oracle • PostgreSQL • Tomcat • SQL Server • IIS • HTTP request
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases,APIs, Cloud Platforms, ...
Open Source Community •https://inspec.io •https://github.com/chef/inspec •https://supermarket.chef.io •https://learn.chef.io •#inspec in https://chefcommunity.slack.com
CONTINUOUS COMPLIANCE AUTOMATION InSpec - Part of your InfoSec toolchain FIREWALL ANTIVIRUS INTRUSION DETECTION/ PREVENTION PENETRATION TESTING
Continuous Workflow Detect Correct
The Chef Automate Platform Continuous Automation for High Velocity IT Workflow • Local development • Integration • Tooling (APIs & SDKs) COLLABORATE ▪ Package ▪ Test ▪ Approve BUILD ▪ Provision ▪ Configure ▪ Execute ▪ Update DEPLOY ▪ Secure ▪ Comply ▪ Audit ▪ Measure ▪ Log MANAGE Infrastructure Automation Compliance AutomationApplication Automation OSS AUTOMATION ENGINES Increase Speed ▪ Package infrastructure and app configuration as code ▪ Continuously automate infrastructure and app updates Improve Efficiency ▪ Define and execute standard workflows and automation ▪ Audit and measure effectiveness of automation Decrease Risk ▪ Define compliance rules as code ▪ Deliver continuous compliance as part of standard workflow
AWS OpsWorks for Chef Automate Native Amazon Service Managed Chef Server ▪ Utilizes RDS and other native services ▪ May be externally accessible AWS Native ▪ Auto Scaling in your VPC ▪ Automatic backups and upgrades OpsWorks Stacks ▪ New name for previous version of OpsWorks ● Partnership between Amazon and Chef, jointly developed and maintained ● Fully managed AWS service with frequent updates ● Fully compatible with open source Chef ● Amazon is your support and billing ● All Chef Automate features will be supported ○ Visibility and Workflow today ○ Compliance soon ○ Currently Northern Virginia, Oregon & Ireland with more planned
InSpec-AWS • https://github.com/chef/inspec-aws
aws_ec2
aws_iam_access_key
aws_iam_password_policy
aws_iam_root_user
aws_iam_user
aws_iam_users
Dig into the new way of learning about Chef, Automation, and DevOps. Self-paced training on Linux and Windows and much more! learn.chef.io
Automating AWS Compliance with InSpec

Recommended

Automating Compliance with InSpec - AWS North Sydney
Automating Compliance with InSpec - AWS North SydneyAutomating Compliance with InSpec - AWS North Sydney
Automating Compliance with InSpec - AWS North Sydney
Matt Ray
 
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as CodeDevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
Matt Ray
 
DevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat IgniteDevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat Ignite
Matt Ray
 
Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4
Chef
 
Application Automation with Habitat
Application Automation with HabitatApplication Automation with Habitat
Application Automation with Habitat
Chef
 
Chef Hack Day Denver
Chef Hack Day Denver Chef Hack Day Denver
Chef Hack Day Denver
Chef
 
Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2
Chef
 
Achieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef AutomateAchieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef Automate
Chef
 

Recommended

Automating Compliance with InSpec - AWS North Sydney
Automating Compliance with InSpec - AWS North SydneyAutomating Compliance with InSpec - AWS North Sydney
Automating Compliance with InSpec - AWS North Sydney
Matt Ray
 
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as CodeDevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
Matt Ray
 
DevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat IgniteDevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat Ignite
Matt Ray
 
Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4
Chef
 
Application Automation with Habitat
Application Automation with HabitatApplication Automation with Habitat
Application Automation with Habitat
Chef
 
Chef Hack Day Denver
Chef Hack Day Denver Chef Hack Day Denver
Chef Hack Day Denver
Chef
 
Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2
Chef
 
Achieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef AutomateAchieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef Automate
Chef
 
Chef Workflow Demo
Chef Workflow DemoChef Workflow Demo
Chef Workflow Demo
Chef
 
Chef Automate Workflow Demo
Chef Automate Workflow DemoChef Automate Workflow Demo
Chef Automate Workflow Demo
Chef
 
Chef Compliance & Workflow w/Delivery
Chef Compliance & Workflow w/Delivery Chef Compliance & Workflow w/Delivery
Chef Compliance & Workflow w/Delivery
Chef
 
London Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef StuffLondon Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef Stuff
Chef
 
Nike popup compliance workshop
Nike popup compliance workshopNike popup compliance workshop
Nike popup compliance workshop
Chef
 
Automating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore MeetupAutomating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore Meetup
Matt Ray
 
Devops journey chefpopup-2016.04.26-v2
Devops journey chefpopup-2016.04.26-v2Devops journey chefpopup-2016.04.26-v2
Devops journey chefpopup-2016.04.26-v2
Chef
 
Intermediate/Compliance training Guide
Intermediate/Compliance training GuideIntermediate/Compliance training Guide
Intermediate/Compliance training Guide
Chef
 
Compliance Automation with InSpec
Compliance Automation with InSpec Compliance Automation with InSpec
Compliance Automation with InSpec
Nathen Harvey
 
Compliance Automation with InSpec - Chef NYC Meetup - April 2017
Compliance Automation with InSpec - Chef NYC Meetup - April 2017Compliance Automation with InSpec - Chef NYC Meetup - April 2017
Compliance Automation with InSpec - Chef NYC Meetup - April 2017
adamleff
 
London Community Summit - Chef at SkyBet
London Community Summit - Chef at SkyBetLondon Community Summit - Chef at SkyBet
London Community Summit - Chef at SkyBet
Chef
 
Chef compliance - Intermediate Training
Chef compliance - Intermediate TrainingChef compliance - Intermediate Training
Chef compliance - Intermediate Training
Sarah Hynes Cheney
 
Azure handsonlab
Azure handsonlabAzure handsonlab
Azure handsonlab
Chef
 
Compliance Automation with Inspec Part 1
Compliance Automation with Inspec Part 1Compliance Automation with Inspec Part 1
Compliance Automation with Inspec Part 1
Chef
 
Adding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpecAdding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpec
Mandi Walls
 
Compliance Automation with Inspec Part 3
Compliance Automation with Inspec Part 3Compliance Automation with Inspec Part 3
Compliance Automation with Inspec Part 3
Chef
 
Nike pop up habitat
Nike pop up habitatNike pop up habitat
Nike pop up habitat
Chef
 
NGINX Plus on AWS
NGINX Plus on AWSNGINX Plus on AWS
NGINX Plus on AWS
Amazon Web Services
 
Nginx internals
Nginx internalsNginx internals
Nginx internalsliqiang xu
 
Compliance Automation Workshop
Compliance Automation WorkshopCompliance Automation Workshop
Compliance Automation Workshop
Chef
 
Melbourne Chef Meetup: Automating Azure Compliance with InSpec
Melbourne Chef Meetup: Automating Azure Compliance with InSpecMelbourne Chef Meetup: Automating Azure Compliance with InSpec
Melbourne Chef Meetup: Automating Azure Compliance with InSpec
Matt Ray
 
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
AgileNZ Conference
 

More Related Content

What's hot

Chef Workflow Demo
Chef Workflow DemoChef Workflow Demo
Chef Workflow Demo
Chef
 
Chef Automate Workflow Demo
Chef Automate Workflow DemoChef Automate Workflow Demo
Chef Automate Workflow Demo
Chef
 
Chef Compliance & Workflow w/Delivery
Chef Compliance & Workflow w/Delivery Chef Compliance & Workflow w/Delivery
Chef Compliance & Workflow w/Delivery
Chef
 
London Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef StuffLondon Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef Stuff
Chef
 
Nike popup compliance workshop
Nike popup compliance workshopNike popup compliance workshop
Nike popup compliance workshop
Chef
 
Automating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore MeetupAutomating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore Meetup
Matt Ray
 
Devops journey chefpopup-2016.04.26-v2
Devops journey chefpopup-2016.04.26-v2Devops journey chefpopup-2016.04.26-v2
Devops journey chefpopup-2016.04.26-v2
Chef
 
Intermediate/Compliance training Guide
Intermediate/Compliance training GuideIntermediate/Compliance training Guide
Intermediate/Compliance training Guide
Chef
 
Compliance Automation with InSpec
Compliance Automation with InSpec Compliance Automation with InSpec
Compliance Automation with InSpec
Nathen Harvey
 
Compliance Automation with InSpec - Chef NYC Meetup - April 2017
Compliance Automation with InSpec - Chef NYC Meetup - April 2017Compliance Automation with InSpec - Chef NYC Meetup - April 2017
Compliance Automation with InSpec - Chef NYC Meetup - April 2017
adamleff
 
London Community Summit - Chef at SkyBet
London Community Summit - Chef at SkyBetLondon Community Summit - Chef at SkyBet
London Community Summit - Chef at SkyBet
Chef
 
Chef compliance - Intermediate Training
Chef compliance - Intermediate TrainingChef compliance - Intermediate Training
Chef compliance - Intermediate Training
Sarah Hynes Cheney
 
Azure handsonlab
Azure handsonlabAzure handsonlab
Azure handsonlab
Chef
 
Compliance Automation with Inspec Part 1
Compliance Automation with Inspec Part 1Compliance Automation with Inspec Part 1
Compliance Automation with Inspec Part 1
Chef
 
Adding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpecAdding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpec
Mandi Walls
 
Compliance Automation with Inspec Part 3
Compliance Automation with Inspec Part 3Compliance Automation with Inspec Part 3
Compliance Automation with Inspec Part 3
Chef
 
Nike pop up habitat
Nike pop up habitatNike pop up habitat
Nike pop up habitat
Chef
 
NGINX Plus on AWS
NGINX Plus on AWSNGINX Plus on AWS
NGINX Plus on AWS
Amazon Web Services
 
Nginx internals
Nginx internalsNginx internals
Nginx internalsliqiang xu
 
Compliance Automation Workshop
Compliance Automation WorkshopCompliance Automation Workshop
Compliance Automation Workshop
Chef
 

What's hot (20)

Chef Workflow Demo
Chef Workflow DemoChef Workflow Demo
Chef Workflow Demo
 
Chef Automate Workflow Demo
Chef Automate Workflow DemoChef Automate Workflow Demo
Chef Automate Workflow Demo
 
Chef Compliance & Workflow w/Delivery
Chef Compliance & Workflow w/Delivery Chef Compliance & Workflow w/Delivery
Chef Compliance & Workflow w/Delivery
 
London Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef StuffLondon Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef Stuff
 
Nike popup compliance workshop
Nike popup compliance workshopNike popup compliance workshop
Nike popup compliance workshop
 
Automating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore MeetupAutomating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore Meetup
 
Devops journey chefpopup-2016.04.26-v2
Devops journey chefpopup-2016.04.26-v2Devops journey chefpopup-2016.04.26-v2
Devops journey chefpopup-2016.04.26-v2
 
Intermediate/Compliance training Guide
Intermediate/Compliance training GuideIntermediate/Compliance training Guide
Intermediate/Compliance training Guide
 
Compliance Automation with InSpec
Compliance Automation with InSpec Compliance Automation with InSpec
Compliance Automation with InSpec
 
Compliance Automation with InSpec - Chef NYC Meetup - April 2017
Compliance Automation with InSpec - Chef NYC Meetup - April 2017Compliance Automation with InSpec - Chef NYC Meetup - April 2017
Compliance Automation with InSpec - Chef NYC Meetup - April 2017
 
London Community Summit - Chef at SkyBet
London Community Summit - Chef at SkyBetLondon Community Summit - Chef at SkyBet
London Community Summit - Chef at SkyBet
 
Chef compliance - Intermediate Training
Chef compliance - Intermediate TrainingChef compliance - Intermediate Training
Chef compliance - Intermediate Training
 
Azure handsonlab
Azure handsonlabAzure handsonlab
Azure handsonlab
 
Compliance Automation with Inspec Part 1
Compliance Automation with Inspec Part 1Compliance Automation with Inspec Part 1
Compliance Automation with Inspec Part 1
 
Adding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpecAdding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpec
 
Compliance Automation with Inspec Part 3
Compliance Automation with Inspec Part 3Compliance Automation with Inspec Part 3
Compliance Automation with Inspec Part 3
 
Nike pop up habitat
Nike pop up habitatNike pop up habitat
Nike pop up habitat
 
NGINX Plus on AWS
NGINX Plus on AWSNGINX Plus on AWS
NGINX Plus on AWS
 
Nginx internals
Nginx internalsNginx internals
Nginx internals
 
Compliance Automation Workshop
Compliance Automation WorkshopCompliance Automation Workshop
Compliance Automation Workshop
 

Similar to Automating AWS Compliance with InSpec

Melbourne Chef Meetup: Automating Azure Compliance with InSpec
Melbourne Chef Meetup: Automating Azure Compliance with InSpecMelbourne Chef Meetup: Automating Azure Compliance with InSpec
Melbourne Chef Meetup: Automating Azure Compliance with InSpec
Matt Ray
 
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
AgileNZ Conference
 
Melbourne Infracoders: Compliance as Code with InSpec
Melbourne Infracoders: Compliance as Code with InSpecMelbourne Infracoders: Compliance as Code with InSpec
Melbourne Infracoders: Compliance as Code with InSpec
Matt Ray
 
Bay Area Chef Meetup February
Bay Area Chef Meetup FebruaryBay Area Chef Meetup February
Bay Area Chef Meetup February
Jessica DeVita
 
Chef Automate - Infracoders Canberra August 8, 2017
Chef Automate - Infracoders Canberra August 8, 2017Chef Automate - Infracoders Canberra August 8, 2017
Chef Automate - Infracoders Canberra August 8, 2017
Matt Ray
 
Compliance as Code with InSpec - DevOps Melbourne 2017
Compliance as Code with InSpec - DevOps Melbourne 2017Compliance as Code with InSpec - DevOps Melbourne 2017
Compliance as Code with InSpec - DevOps Melbourne 2017
Matt Ray
 
Infrastructure and Compliance Delight with Chef Automate
Infrastructure and Compliance Delight with Chef AutomateInfrastructure and Compliance Delight with Chef Automate
Infrastructure and Compliance Delight with Chef Automate
Matt Ray
 
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, ChefCompliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
Alert Logic
 
Chef Automate - Wellington DevOps August 2, 2017
Chef Automate - Wellington DevOps August 2, 2017Chef Automate - Wellington DevOps August 2, 2017
Chef Automate - Wellington DevOps August 2, 2017
Matt Ray
 
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdfNET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
Tamir Dresher
 
Integrating-Cloud-Development-Security-And-Operations.pdf
Integrating-Cloud-Development-Security-And-Operations.pdfIntegrating-Cloud-Development-Security-And-Operations.pdf
Integrating-Cloud-Development-Security-And-Operations.pdf
Amazon Web Services
 
Compliance as Code Everywhere
Compliance as Code EverywhereCompliance as Code Everywhere
Compliance as Code Everywhere
Matt Ray
 
AWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for DevelopersAWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for Developers
Amazon Web Services
 
A Bit of Everything Chef
A Bit of Everything ChefA Bit of Everything Chef
A Bit of Everything Chef
Mandi Walls
 
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...
Amazon Web Services
 
Cooking Up Windows with Chef Automate
Cooking Up Windows with Chef AutomateCooking Up Windows with Chef Automate
Cooking Up Windows with Chef Automate
Matt Ray
 
Anatomy of a Build Pipeline
Anatomy of a Build PipelineAnatomy of a Build Pipeline
Anatomy of a Build Pipeline
Samuel Brown
 
Delivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWSDelivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWS
NGINX, Inc.
 
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
Emerson Eduardo Rodrigues Von Staffen
 
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
Amazon Web Services
 

Similar to Automating AWS Compliance with InSpec (20)

Melbourne Chef Meetup: Automating Azure Compliance with InSpec
Melbourne Chef Meetup: Automating Azure Compliance with InSpecMelbourne Chef Meetup: Automating Azure Compliance with InSpec
Melbourne Chef Meetup: Automating Azure Compliance with InSpec
 
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
 
Melbourne Infracoders: Compliance as Code with InSpec
Melbourne Infracoders: Compliance as Code with InSpecMelbourne Infracoders: Compliance as Code with InSpec
Melbourne Infracoders: Compliance as Code with InSpec
 
Bay Area Chef Meetup February
Bay Area Chef Meetup FebruaryBay Area Chef Meetup February
Bay Area Chef Meetup February
 
Chef Automate - Infracoders Canberra August 8, 2017
Chef Automate - Infracoders Canberra August 8, 2017Chef Automate - Infracoders Canberra August 8, 2017
Chef Automate - Infracoders Canberra August 8, 2017
 
Compliance as Code with InSpec - DevOps Melbourne 2017
Compliance as Code with InSpec - DevOps Melbourne 2017Compliance as Code with InSpec - DevOps Melbourne 2017
Compliance as Code with InSpec - DevOps Melbourne 2017
 
Infrastructure and Compliance Delight with Chef Automate
Infrastructure and Compliance Delight with Chef AutomateInfrastructure and Compliance Delight with Chef Automate
Infrastructure and Compliance Delight with Chef Automate
 
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, ChefCompliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
 
Chef Automate - Wellington DevOps August 2, 2017
Chef Automate - Wellington DevOps August 2, 2017Chef Automate - Wellington DevOps August 2, 2017
Chef Automate - Wellington DevOps August 2, 2017
 
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdfNET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
 
Integrating-Cloud-Development-Security-And-Operations.pdf
Integrating-Cloud-Development-Security-And-Operations.pdfIntegrating-Cloud-Development-Security-And-Operations.pdf
Integrating-Cloud-Development-Security-And-Operations.pdf
 
Compliance as Code Everywhere
Compliance as Code EverywhereCompliance as Code Everywhere
Compliance as Code Everywhere
 
AWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for DevelopersAWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for Developers
 
A Bit of Everything Chef
A Bit of Everything ChefA Bit of Everything Chef
A Bit of Everything Chef
 
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...
 
Cooking Up Windows with Chef Automate
Cooking Up Windows with Chef AutomateCooking Up Windows with Chef Automate
Cooking Up Windows with Chef Automate
 
Anatomy of a Build Pipeline
Anatomy of a Build PipelineAnatomy of a Build Pipeline
Anatomy of a Build Pipeline
 
Delivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWSDelivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWS
 
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
 
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
 

More from Matt Ray

Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Matt Ray
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
Matt Ray
 
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
Matt Ray
 
HashiTalks 2020 - Chef Tools & Terraform: Better Together
HashiTalks 2020 - Chef Tools & Terraform: Better TogetherHashiTalks 2020 - Chef Tools & Terraform: Better Together
HashiTalks 2020 - Chef Tools & Terraform: Better Together
Matt Ray
 
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP ModeEmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
Matt Ray
 
Wellington DevOps: Bringing Your Applications into the Future with Habitat
Wellington DevOps: Bringing Your Applications into the Future with HabitatWellington DevOps: Bringing Your Applications into the Future with Habitat
Wellington DevOps: Bringing Your Applications into the Future with Habitat
Matt Ray
 
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
Matt Ray
 
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
Matt Ray
 
DevOpsDays Jakarta: State of DevOps 2018
DevOpsDays Jakarta: State of DevOps 2018DevOpsDays Jakarta: State of DevOps 2018
DevOpsDays Jakarta: State of DevOps 2018
Matt Ray
 
DevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
DevOps Talks Melbourne 2018: Whales, Cats and KubernetesDevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
DevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
Matt Ray
 
Chef Automate - Azure Sydney User Group
Chef Automate - Azure Sydney User GroupChef Automate - Azure Sydney User Group
Chef Automate - Azure Sydney User Group
Matt Ray
 
Automating Applications with Habitat - Sydney Cloud Native Meetup
Automating Applications with Habitat - Sydney Cloud Native MeetupAutomating Applications with Habitat - Sydney Cloud Native Meetup
Automating Applications with Habitat - Sydney Cloud Native Meetup
Matt Ray
 
OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS
Matt Ray
 
Compliance as Code: Shifting Compliance Left in Continuous Delivery
Compliance as Code: Shifting Compliance Left in Continuous DeliveryCompliance as Code: Shifting Compliance Left in Continuous Delivery
Compliance as Code: Shifting Compliance Left in Continuous Delivery
Matt Ray
 
DevOps Sydney: Chef Automate
DevOps Sydney: Chef AutomateDevOps Sydney: Chef Automate
DevOps Sydney: Chef Automate
Matt Ray
 
Brisbane AWS Meetup: OpsWorks for Chef Automate
Brisbane AWS Meetup: OpsWorks for Chef AutomateBrisbane AWS Meetup: OpsWorks for Chef Automate
Brisbane AWS Meetup: OpsWorks for Chef Automate
Matt Ray
 
Managing Complexity at Velocity
Managing Complexity at VelocityManaging Complexity at Velocity
Managing Complexity at Velocity
Matt Ray
 
Habitat & Amazon's ECS
Habitat & Amazon's ECSHabitat & Amazon's ECS
Habitat & Amazon's ECS
Matt Ray
 

More from Matt Ray (18)

Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
 
HashiTalks 2020 - Chef Tools & Terraform: Better Together
HashiTalks 2020 - Chef Tools & Terraform: Better TogetherHashiTalks 2020 - Chef Tools & Terraform: Better Together
HashiTalks 2020 - Chef Tools & Terraform: Better Together
 
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP ModeEmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
 
Wellington DevOps: Bringing Your Applications into the Future with Habitat
Wellington DevOps: Bringing Your Applications into the Future with HabitatWellington DevOps: Bringing Your Applications into the Future with Habitat
Wellington DevOps: Bringing Your Applications into the Future with Habitat
 
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
 
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
 
DevOpsDays Jakarta: State of DevOps 2018
DevOpsDays Jakarta: State of DevOps 2018DevOpsDays Jakarta: State of DevOps 2018
DevOpsDays Jakarta: State of DevOps 2018
 
DevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
DevOps Talks Melbourne 2018: Whales, Cats and KubernetesDevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
DevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
 
Chef Automate - Azure Sydney User Group
Chef Automate - Azure Sydney User GroupChef Automate - Azure Sydney User Group
Chef Automate - Azure Sydney User Group
 
Automating Applications with Habitat - Sydney Cloud Native Meetup
Automating Applications with Habitat - Sydney Cloud Native MeetupAutomating Applications with Habitat - Sydney Cloud Native Meetup
Automating Applications with Habitat - Sydney Cloud Native Meetup
 
OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS
 
Compliance as Code: Shifting Compliance Left in Continuous Delivery
Compliance as Code: Shifting Compliance Left in Continuous DeliveryCompliance as Code: Shifting Compliance Left in Continuous Delivery
Compliance as Code: Shifting Compliance Left in Continuous Delivery
 
DevOps Sydney: Chef Automate
DevOps Sydney: Chef AutomateDevOps Sydney: Chef Automate
DevOps Sydney: Chef Automate
 
Brisbane AWS Meetup: OpsWorks for Chef Automate
Brisbane AWS Meetup: OpsWorks for Chef AutomateBrisbane AWS Meetup: OpsWorks for Chef Automate
Brisbane AWS Meetup: OpsWorks for Chef Automate
 
Managing Complexity at Velocity
Managing Complexity at VelocityManaging Complexity at Velocity
Managing Complexity at Velocity
 
Habitat & Amazon's ECS
Habitat & Amazon's ECSHabitat & Amazon's ECS
Habitat & Amazon's ECS
 

Recently uploaded

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 

Automating AWS Compliance with InSpec

  • 1. Automating Compliance with InSpec Sydney AWS Security Meetup August 10, 2017
  • 2. Matt Ray Manager, Solutions Architect – APJ Chef Software matt@chef.io @mattray
  • 3.
  • 4.
  • 5.
  • 6. SSH Control "SSH supports two different protocol versions.The original version, SSHv1, was subject to a number of security issues. Please use SSHv2 instead to avoid these."
  • 7. How will I verify this?
  • 8. Whip up a one-liner! grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //'
  • 9. Apache Server Information Leakage • Description This Directive Controls wheather Server response field is sent back to clients includes a description of Generic OSType of the Server. This allows attackers to identify web servers details greatly and increases the efficiency of any attack,as security vulnerabilities are dependent upon specific software versions. • How toTest In order to test for ServerToken configuration, one should check the Apache configuration file. • Misconfiguration ServerTokens Full • Remediation Configure the ServerTokens directive in the Apache configuration to value of Prod or ProductOnly.This tells Apache to only return "Apache" in the Server header, returned on every page request. ServerTokens Prod or ServerTokens ProductOnly https://www.owasp.org/index.php/SCG_WS_Apache
  • 10. More grep and sed! grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 17.
  • 18. Two-thirds of organizations did not adequately test the security of all in-scope systems
  • 19. Key Trends • While individual rule compliance is up, testing of security systems is down • Sustainability is low. Fewer than a third of companies were found to be still fully compliant less than a year after successful validation.
  • 20.
  • 21. Shell Scripts grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //' grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
  • 22. Infrastructure Code package 'httpd' do action :install end service 'httpd' do action [ :start, :enable ] end
  • 23. We Have A Communications Problem
  • 24.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 36. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ...
  • 37. Examples of Available Resources apache_conf apt audit_policy auditd_conf auditd_rules bond bridge command crontab directory etc_group file gem group host inetd_conf interface iptables kernel_module kernel_parameter limits_conf login_defs mount mysql_conf mysql_session npm ntp_conf oneget os os_env package parse_config parse_config_file passwd pip port postgres_conf postgres_session powershell processes registry_key security_policy service ssh_config sshd_config user windows_feature yum
  • 38. What is it not? • IDS / IPS • Firewall • Antivirus • Pentesting tool
  • 39. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal
  • 40. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs
  • 41. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers
  • 42. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes
  • 43. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases
  • 45. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases,APIs
  • 47. InSpec > inspec exec test.rb Test a machine remotely via SSH > inspec exec test.rb -i identity.key -t ssh://root@172.17.0.1 Test your machine locally > inspec exec test.rb -t winrm://Admin@192.168.1.2 --password super Test Docker Container > inspec exec test.rb -t docker://5cc8837bb6a8 Test a machine remotely via WinRM AGENTLESS
  • 48. Operating System & Application Coverage • Microsoft Windows • Red Hat Enterprise Linux • Ubuntu Linux • SUSE Linux Enterprise Server • Oracle Enterprise Linux • AIX • HP-UX • Solaris • VMware ESXi • MySQL • Oracle • PostgreSQL • Tomcat • SQL Server • IIS • HTTP request
  • 49. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases,APIs, Cloud Platforms, ...
  • 51. CONTINUOUS COMPLIANCE AUTOMATION InSpec - Part of your InfoSec toolchain FIREWALL ANTIVIRUS INTRUSION DETECTION/ PREVENTION PENETRATION TESTING
  • 53. The Chef Automate Platform Continuous Automation for High Velocity IT Workflow • Local development • Integration • Tooling (APIs & SDKs) COLLABORATE ▪ Package ▪ Test ▪ Approve BUILD ▪ Provision ▪ Configure ▪ Execute ▪ Update DEPLOY ▪ Secure ▪ Comply ▪ Audit ▪ Measure ▪ Log MANAGE Infrastructure Automation Compliance AutomationApplication Automation OSS AUTOMATION ENGINES Increase Speed ▪ Package infrastructure and app configuration as code ▪ Continuously automate infrastructure and app updates Improve Efficiency ▪ Define and execute standard workflows and automation ▪ Audit and measure effectiveness of automation Decrease Risk ▪ Define compliance rules as code ▪ Deliver continuous compliance as part of standard workflow
  • 54. AWS OpsWorks for Chef Automate Native Amazon Service Managed Chef Server ▪ Utilizes RDS and other native services ▪ May be externally accessible AWS Native ▪ Auto Scaling in your VPC ▪ Automatic backups and upgrades OpsWorks Stacks ▪ New name for previous version of OpsWorks ● Partnership between Amazon and Chef, jointly developed and maintained ● Fully managed AWS service with frequent updates ● Fully compatible with open source Chef ● Amazon is your support and billing ● All Chef Automate features will be supported ○ Visibility and Workflow today ○ Compliance soon ○ Currently Northern Virginia, Oregon & Ireland with more planned
  • 55.
  • 63. Dig into the new way of learning about Chef, Automation, and DevOps. Self-paced training on Linux and Windows and much more! learn.chef.io