Submit Search
Upload
DevSecOps 的規模化實踐 (Level: 300-400)
•
0 likes
•
494 views
Amazon Web Services
Follow
"DevSecOps 的規模化實踐 講師:Rebeker Choi, Solutions Architect, AWS"
Read less
Read more
Report
Share
Report
Share
1 of 29
Download now
Download to read offline
Recommended
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
Amazon Web Services
AWS 微服務中的 Container 選項比較 (Level 400)
AWS 微服務中的 Container 選項比較 (Level 400)
Amazon Web Services
Automating DDoS and WAF Response
Automating DDoS and WAF Response
Amazon Web Services
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Amazon Web Services
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Amazon Web Services
AWS Espressif Amazon FreeRTOS
AWS Espressif Amazon FreeRTOS
Amazon Web Services
SRV315 Building Enterprise-Grade Serverless Apps
SRV315 Building Enterprise-Grade Serverless Apps
Amazon Web Services
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...
Amazon Web Services
Recommended
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
雲端原生 (Cloud-Native) 的 DDoS Attack 防禦方案 (Level: 200)
Amazon Web Services
AWS 微服務中的 Container 選項比較 (Level 400)
AWS 微服務中的 Container 選項比較 (Level 400)
Amazon Web Services
Automating DDoS and WAF Response
Automating DDoS and WAF Response
Amazon Web Services
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Amazon Web Services
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Amazon Web Services
AWS Espressif Amazon FreeRTOS
AWS Espressif Amazon FreeRTOS
Amazon Web Services
SRV315 Building Enterprise-Grade Serverless Apps
SRV315 Building Enterprise-Grade Serverless Apps
Amazon Web Services
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...
Amazon Web Services
AWS Security by Design
AWS Security by Design
Amazon Web Services
Protect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Protect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Amazon Web Services
雲端推動的人工智能革命
雲端推動的人工智能革命
Amazon Web Services
ENT202 Breaking Barriers: Move Enterprise SAP Customers to SAP HANA on AWS in...
ENT202 Breaking Barriers: Move Enterprise SAP Customers to SAP HANA on AWS in...
Amazon Web Services
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Amazon Web Services
Multi-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica Hive
Amazon Web Services
Networking for VMware Cloud on AWS (NET307-R1) - AWS re:Invent 2018
Networking for VMware Cloud on AWS (NET307-R1) - AWS re:Invent 2018
Amazon Web Services
Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...
Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...
Amazon Web Services
Using Containers and Serverless to Deploy Microservices
Using Containers and Serverless to Deploy Microservices
Amazon Web Services
AWS Certificate Management and Private Certificate Authority Deep Dive (SEC41...
AWS Certificate Management and Private Certificate Authority Deep Dive (SEC41...
Amazon Web Services
DEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
DEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
Amazon Web Services
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
Amazon Web Services
A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...
A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...
Amazon Web Services
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Amazon Web Services
Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...
Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...
Amazon Web Services
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Amazon Web Services
DEM09 [Repeat] Fearless: From Monolith to Serverless with Dynatrace
DEM09 [Repeat] Fearless: From Monolith to Serverless with Dynatrace
Amazon Web Services
Lambda Function Security
Lambda Function Security
Amazon Web Services
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...
Amazon Web Services
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Amazon Web Services
How to Build a CICD Pipeline with AWS CodeStar
How to Build a CICD Pipeline with AWS CodeStar
Amazon Web Services
Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...
Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...
Amazon Web Services
More Related Content
What's hot
AWS Security by Design
AWS Security by Design
Amazon Web Services
Protect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Protect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Amazon Web Services
雲端推動的人工智能革命
雲端推動的人工智能革命
Amazon Web Services
ENT202 Breaking Barriers: Move Enterprise SAP Customers to SAP HANA on AWS in...
ENT202 Breaking Barriers: Move Enterprise SAP Customers to SAP HANA on AWS in...
Amazon Web Services
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Amazon Web Services
Multi-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica Hive
Amazon Web Services
Networking for VMware Cloud on AWS (NET307-R1) - AWS re:Invent 2018
Networking for VMware Cloud on AWS (NET307-R1) - AWS re:Invent 2018
Amazon Web Services
Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...
Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...
Amazon Web Services
Using Containers and Serverless to Deploy Microservices
Using Containers and Serverless to Deploy Microservices
Amazon Web Services
AWS Certificate Management and Private Certificate Authority Deep Dive (SEC41...
AWS Certificate Management and Private Certificate Authority Deep Dive (SEC41...
Amazon Web Services
DEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
DEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
Amazon Web Services
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
Amazon Web Services
A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...
A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...
Amazon Web Services
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Amazon Web Services
Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...
Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...
Amazon Web Services
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Amazon Web Services
DEM09 [Repeat] Fearless: From Monolith to Serverless with Dynatrace
DEM09 [Repeat] Fearless: From Monolith to Serverless with Dynatrace
Amazon Web Services
Lambda Function Security
Lambda Function Security
Amazon Web Services
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...
Amazon Web Services
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Amazon Web Services
What's hot
(20)
AWS Security by Design
AWS Security by Design
Protect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
Protect Your Game Servers from DDoS Attacks - AWS Online Tech Talks
雲端推動的人工智能革命
雲端推動的人工智能革命
ENT202 Breaking Barriers: Move Enterprise SAP Customers to SAP HANA on AWS in...
ENT202 Breaking Barriers: Move Enterprise SAP Customers to SAP HANA on AWS in...
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Multi-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica Hive
Networking for VMware Cloud on AWS (NET307-R1) - AWS re:Invent 2018
Networking for VMware Cloud on AWS (NET307-R1) - AWS re:Invent 2018
Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...
Deep Dive into AWS X-Ray: Monitor Modern Applications (DEV324) - AWS re:Inven...
Using Containers and Serverless to Deploy Microservices
Using Containers and Serverless to Deploy Microservices
AWS Certificate Management and Private Certificate Authority Deep Dive (SEC41...
AWS Certificate Management and Private Certificate Authority Deep Dive (SEC41...
DEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
DEM14 Extending the Cisco SD-WAN Fabric to the AWS Cloud
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...
A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack (SEC313-S) ...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...
Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
DEM09 [Repeat] Fearless: From Monolith to Serverless with Dynatrace
DEM09 [Repeat] Fearless: From Monolith to Serverless with Dynatrace
Lambda Function Security
Lambda Function Security
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Hybrid Identity Management and Security for Large Enterprises (ENT307-R2) - A...
Similar to DevSecOps 的規模化實踐 (Level: 300-400)
How to Build a CICD Pipeline with AWS CodeStar
How to Build a CICD Pipeline with AWS CodeStar
Amazon Web Services
Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...
Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...
Amazon Web Services
Improve Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & Delivery
Amazon Web Services
Improve productivity with Continuous Integration & Delivery
Improve productivity with Continuous Integration & Delivery
Amazon Web Services
CI CD using AWS Developer Tools @ AWS Community Day Bengaluru 2018
CI CD using AWS Developer Tools @ AWS Community Day Bengaluru 2018
Bhuvaneswari Subramani
CI/CD@Scale
CI/CD@Scale
Amazon Web Services
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Amazon Web Services
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
Amazon Web Services
CI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and Fargate
Amazon Web Services
Community day _aws_ci_cd_v0.2
Community day _aws_ci_cd_v0.2
VijayaNirmalaGopal
CI/CD using AWS developer tools
CI/CD using AWS developer tools
AWS User Group Bengaluru
AWS DevOps Essentials: An Introductory Workshop on CI/CD Best Practices (DEV3...
AWS DevOps Essentials: An Introductory Workshop on CI/CD Best Practices (DEV3...
Amazon Web Services
Improve Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & Delivery
Amazon Web Services
Improve Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & Delivery
Amazon Web Services
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
Amazon Web Services
Build CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation Slides
Amazon Web Services
CI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day Israel
Amazon Web Services
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
Amazon Web Services
A Tale of Two Pizzas: Accelerating Software Delivery with AWS Developer Tools
A Tale of Two Pizzas: Accelerating Software Delivery with AWS Developer Tools
Amazon Web Services
Secure Configuration and Automation Overview
Secure Configuration and Automation Overview
Amazon Web Services
Similar to DevSecOps 的規模化實踐 (Level: 300-400)
(20)
How to Build a CICD Pipeline with AWS CodeStar
How to Build a CICD Pipeline with AWS CodeStar
Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...
Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...
Improve Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & Delivery
Improve productivity with Continuous Integration & Delivery
Improve productivity with Continuous Integration & Delivery
CI CD using AWS Developer Tools @ AWS Community Day Bengaluru 2018
CI CD using AWS Developer Tools @ AWS Community Day Bengaluru 2018
CI/CD@Scale
CI/CD@Scale
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
CI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and Fargate
Community day _aws_ci_cd_v0.2
Community day _aws_ci_cd_v0.2
CI/CD using AWS developer tools
CI/CD using AWS developer tools
AWS DevOps Essentials: An Introductory Workshop on CI/CD Best Practices (DEV3...
AWS DevOps Essentials: An Introductory Workshop on CI/CD Best Practices (DEV3...
Improve Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & Delivery
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
Build CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation Slides
CI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day Israel
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
A Tale of Two Pizzas: Accelerating Software Delivery with AWS Developer Tools
A Tale of Two Pizzas: Accelerating Software Delivery with AWS Developer Tools
Secure Configuration and Automation Overview
Secure Configuration and Automation Overview
More from Amazon Web Services
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Amazon Web Services
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Amazon Web Services
Open banking as a service
Open banking as a service
Amazon Web Services
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Amazon Web Services
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
Computer Vision con AWS
Computer Vision con AWS
Amazon Web Services
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
Tools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
How to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
Building a web application without servers
Building a web application without servers
Amazon Web Services
Fundraising Essentials
Fundraising Essentials
Amazon Web Services
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Amazon Web Services
More from Amazon Web Services
(20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Open banking as a service
Open banking as a service
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Computer Vision con AWS
Computer Vision con AWS
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Tools for building your MVP on AWS
Tools for building your MVP on AWS
How to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Building a web application without servers
Building a web application without servers
Fundraising Essentials
Fundraising Essentials
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
DevSecOps 的規模化實踐 (Level: 300-400)
1.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. Rebeker Choi Solutions Architect, Amazon Web Services Implementing DevSecOps at Scale
2.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. What to expect from the session What is DevSecOps? Why? Landing Zone Concept AWS CI/CD Pipeline Demo Scenario
3.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. So, what is DevSecOps?
4.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. So, what is DevOps? DevOps is a collaboration between Development and Operations to improve agility and pace of innovation.
5.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. So, what is DevSecOps? DevSecOps is expanding the Dev + Ops collaboration to include Security Automation.
6.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. Goals of DevSecOps It’s important to have security that is: • meets pace of innovation • works at scale in a scalable infrastructure • is working in less friction manner
7.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. How to win at DevSecOps – Automate! - Automation is effective - Automation is reliable - Automation is scalable….
8.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. How to win at DevSecOps – team! Operations Engineering Application Infrastructure Security Security is everyone’s responsibilities!
9.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. DevSecOps pipeline developers customers delivery pipeline feedback loop • Address security threats more effectively, in real-time • Embed security knowledge into DevOps teams so that they can secure the pipelines they design and automate. releasetestbuild plan monitor Security
10.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. DevSecOps common use cases • Enterprise AWS Landing Zone on-boarding • Centralized account creation • Centralized VPC setup • Centralized IAM setup • Centralized Logging setup • Centralized Monitoring • AWS CI/CD Pipeline • Infrastructure as code deployment • application deployment “before” application deployment “during” application deployment
11.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. Landing Zone Concept
12.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. Landing Zone What Is A Landing Zone Multi-Account AWS Environment Based on AWS Best Practices Set of Architecture Patterns For Shared Core Services Adaptable Foundation With Governance Guardrails Automation Driven Versioned Infrastructure
13.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. Multi-account approach AWS Organization Master Security Logging Shared Services Developer Sandbox Developer Accounts Core Accounts Pre-Prod ProdDev BU/Project Accounts Data Center AWS Organization: Account management Logging: Centralized logs Security: AWS Config rules, security tools Shared services: Directory, DNS, limit monitoring Sandbox: Experiments Dev: Development Pre-Prod: Staging Prod: Production Test
14.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS Landing Zone solution Multi- Account Structure User Access NotificationsSecurity Baseline AWS CloudTrail AWS Config AWS Identity and Access Management Cross-Account Access Amazon VPC https://aws.amazon.com/answers/aws-landing-zone/
15.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS CI/CD Pipeline
16.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. DevSecOps is Automated, Continuous & Visible MonitorTestDeployBuildCode Cloud Watch CloudTrail Config Rules CodeCommit CodeBuild 3rd parties testing tools for application CodeDeploy CloudFormation CodePipeline
17.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. MonitorTestDeployBuildCode Cloud Watch CloudTrail Config Rules CodeCommit CodeBuild 3rd parties testing tools for application CodeDeploy CloudFormation CodePipeline DevSecOps is Automated, Continuous & Visible Scan for secrets Static code analysis Deploy / Register security components Test security meets standards Monitor security standards
18.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. Demo Scenario: Security policy only allows SSH port open to the approved IP CIDR range (72.21.196.67/32)
19.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. Demo: DevSecOps for Infrastructure code AWS CodePipeline https://aws.amazon.com/blogs/devops/implementing-devsecops-using-aws-codepipeline/ Create Stack AWS CloudFormation DevOps Code Push Code Pull Static Code Analysis Lambda Stack Validation Lambda Create ChangeSet AWS CloudFormation Approve Test Stack Delete Stack AWS CloudFormation Execute ChangeSet AWS CloudFormation Code analysis Stage Test Deployment Stage Production Deployment Stage Amazon S3 Commit Stage 1. Commit infrastructure code changes to S3 2. Perform code analysis to identify vulnerabilities / error 3. Deploy infrastructure change to test env. 4. Deployment security validation 5. Manual approval 6. Delete change on test env. 7. Deploy infrastructure change to production environment
20.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. Create Stack AWS CloudFormation DevOps Code Push Code Pull Static Code Analysis Lambda Stack Validation Lambda Create ChangeSet AWS CloudFormation Approve Test Stack Delete Stack AWS CloudFormation Execute ChangeSet AWS CloudFormation Code analysis Stage Test Deployment Stage Production Deployment Stage Amazon S3 Commit Stage
21.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. `` Create Stack AWS CloudFormation DevOps Code Push Code Pull Static Code Analysis Lambda Stack Validation Lambda Create ChangeSet AWS CloudFormation Approve Test Stack Delete Stack AWS CloudFormation Execute ChangeSet AWS CloudFormation Code analysis Stage Test Deployment Stage Production Deployment Stage Amazon S3 Commit Stage
22.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. DevOps team goes back and update the infrastructure code to only allow SSH port open to the approved IP CIDR range (72.21.196.67/32)
23.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. `` Create Stack AWS CloudFormation DevOps Code Push Code Pull Static Code Analysis Lambda Stack Validation Lambda Create ChangeSet AWS CloudFormation Approve Test Stack Delete Stack AWS CloudFormation Execute ChangeSet AWS CloudFormation Code analysis Stage Test Deployment Stage Production Deployment Stage Amazon S3 Commit Stage
24.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. MonitorTestDeployBuildCode Cloud Watch CloudTrail Config Rules CodeCommit CodeBuild 3rd parties testing tools for application CodeDeploy CloudFormation CodePipeline DevSecOps is Automated, Continuous & Visible Monitor security standards
25.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. CloudTrail • Simplify your compliance audits by automatically recording and storing activity logs for your AWS accounts • Provide visibility into your user and resource activity WhoWhat Where from Where to When
26.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS Config Internal Controls Industry best practice • Perform configuration management of your AWS deployment against compliance policies
27.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. CloudWatch
28.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. Key Takeaways • Automated security measures • Continuous security measures as infrastructure evolves • Security events have to be visible
29.
© 2018, Amazon
Web Services, Inc. or its affiliates. All rights reserved. Thank you!
Download now