Automating Security Compliance on AWS with DevSecOps
•
0 likes•68 views
The document discusses automating security compliance on AWS using DevSecOps. It begins with introducing the speaker and their background. It then provides an overview of AWS DevOps practices like CI/CD. It discusses security compliance controls and how DevOps and SecOps can be isolated. It defines DevSecOps as merging DevOps with security compliance. It outlines the demonstration which will automate security compliance controls using AWS services like CodeCommit, CodeBuild, CodePipeline, Config, Lambda and CloudFormation to mitigate risks. It includes an architecture diagram and invites questions.
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Automating Security Compliance on AWS with DevSecOps
Similar to Automating Security Compliance on AWS with DevSecOps (20)
Recently uploaded
Recently uploaded (20)
Automating Security Compliance on AWS with DevSecOps
- 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automating Security Compliance on AWS with DevSecOps Tushar Gupta 21st March 2021 www.linkedin.com/tusharguptaa
- 2. A little bit about myself.. • I am Tushar Gupta, Senior Cloud Consultant @SoftwareOne • Passionate about Automation & DevOps practices and skilled in Cloud Strategy and Migration • 4x AWS certified: AWS DevOps Professional , Solution Architect-Professional & Associate, Advanced Networking Specialty • Active member of AWS DevAx::mentor program
- 3. Agenda • AWS DevOps Practices • Security Compliance Controls • DevOps and SecOps Isolation • DevSecOps – Shifting Security to left • Live Demonstration – Automation of Security Compliance on AWS with DevSecOps • Q n A
- 4. AWS DevOps Practices Continuous Integration Continuous Delivery Continuous Feedback Build and Testing Deployment Automation Release Automation Configuration Management - AWS CodeBuild Version Control - AWS CodeDeploy - AWS CodePipeline - AWS CodeCommit - AWS OpsWorks - CloudFormation
- 5. Security Operations Controls Directive Preventive Detective Responsive AWS CAF – Security Perspective Control e.g. Only approved AMIs are allowed to be used for deployment of Business Applications User Story - As a Security Operations Manager, I want only images tagged as hardened by SOC team to be permitted to deploy instances so that I am prevented from security vulnerabilities Acceptance Criteria 1. Given that I am logged into AWS Console & I have required permissions to deploy instances, When I try to start instance and AMI is not tagged as hardened, then it should be denied (Preventive) 2. Given that I am logged into AWS Console & I have required permissions to deploy instances, When I try to start instance and AMI is not tagged as hardened, then email should be sent to SOC team (Responsive)
- 6. DevOps and SecOps Isolation SecOps DevOps ▪ Process Efficiency ▪ Agility ▪ Quality Enhancement ▪ Continuous Delivery and Integration ▪ Risk Mitigation ▪ Compliance Controls ▪ Continuous Governance for Security and Compliance ▪ Monitoring and incident response ‘DO’ Culture ‘CONTROL’ Culture
- 7. DevSecOps - “DevOps merger with Security Compliance” Continuous Security Shifting security to left starting from planning phase till final release helps to embrace ‘Secure by design’ principle Increased Collaboration With integration of Security, Development & Operations, it fosters culture of transparency and openness Enhanced Compliance Automated security auditing, monitoring & remediation with security tightly coupled with DevOps mitigates security compliance risks Increased Efficiency and Quality Early detection & remediation of security vulnerabilities increases quality and reduces effort & cost for remediation
- 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demonstration Security Compliance Automation on AWS with DevSecOps
- 9. Demonstration details Objective To automate security compliance controls to mitigate risks and security vulnerabilities Demonstration Setup: AWS Services ▪ DevOps : AWS CodeCommit, CodeBuild and CodePipeline ▪ Compliance : AWS Config ▪ Serverless : Lambda functions ▪ Compute : EC2 ▪ Infrastructure as Code: CloudFormation
- 10. Architecture
- 11. Questions ??
- 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you ! For further discussions related to AWS Cloud Services & Solutions, feel free to connect with me: www.linkedin.com/tusharguptaa Tushar Gupta Join AWS User Group and be part of AWS DevAX::Mentor program : >>>>>