mirror of
https://github.com/MichaelCade/90DaysOfDevOps.git
synced 2025-01-03 13:30:00 +07:00
commit
8657e7f413
@ -80,3 +80,4 @@ Also please add any additional resources.
|
||||
|
||||
- [Introducing the InfoSec colour wheel — blending developers with red and blue security teams.](https://hackernoon.com/introducing-the-infosec-colour-wheel-blending-developers-with-red-and-blue-security-teams-6437c1a07700)
|
||||
|
||||
See you on [Day 5](day05.md).
|
||||
|
@ -53,3 +53,4 @@ The reason I am raising this is that security never stops, the growth of Open-So
|
||||
- [IBM - The 3 A's of Open Source Security](https://www.youtube.com/watch?v=baZH6CX6Zno)
|
||||
- [Log4j (CVE-2021-44228) RCE Vulnerability Explained](https://www.youtube.com/watch?v=0-abhd-CLwQ)
|
||||
|
||||
See you on [Day 6](day06.md).
|
||||
|
@ -129,4 +129,4 @@ By default SonarCloud comes with a default quality gate “Sonar way”. You can
|
||||
- [How to create Quality gates on SonarQube](https://www.youtube.com/watch?v=8_Xt9vchlpY)
|
||||
- [Source Code of the repo I used for SAST implementation](https://github.com/prateekjaindev/nodejs-todo-app-demo)
|
||||
|
||||
In the next part [Day 10](day10.md), we will discuss Software Composition Analysis (SCA).
|
||||
In the next part [Day 10](day10.md), we will discuss Software Composition Analysis (SCA).
|
||||
|
@ -92,3 +92,5 @@ It contains the example I used in this article + a fuzz test that triggers a fai
|
||||
- <https://en.wikipedia.org/wiki/Fuzzing>
|
||||
- [Fuzzing in Go by Valentin Deleplace, Devoxx Belgium 2022](https://www.youtube.com/watch?v=Zlf3s4EjnFU)
|
||||
- [Write applications faster and securely with Go by Cody Oss, Go Day 2022](https://www.youtube.com/watch?v=aw7lFSFGKZs)
|
||||
|
||||
See you on [Day 17](day17.md).
|
||||
|
@ -240,3 +240,5 @@ There are many tools that can help us in fuzzy testing our web applications, bot
|
||||
[Fuzzing Session: Finding Bugs and Vulnerabilities Automatically](https://youtu.be/DSJePjhBN5E)
|
||||
|
||||
[Fuzzing the CNCF Landscape](https://youtu.be/zIyIZxAZLzo)
|
||||
|
||||
See you on [Day 18](day18.md).
|
||||
|
@ -24,3 +24,5 @@ As with all other tools part of DevSecOps pipeline DAST should not be the only s
|
||||
- https://github.com/zaproxy/zaproxy
|
||||
- https://www.arachni-scanner.com/
|
||||
- https://owasp.org/www-project-devsecops-guideline/latest/02b-Dynamic-Application-Security-Testing
|
||||
|
||||
See you on [Day 19](day19.md).
|
||||
|
@ -1,26 +1,31 @@
|
||||
# IAST (Interactive Application Security Testing)
|
||||
# IAST (Interactive Application Security Testing)
|
||||
|
||||
IAST is a type of security testing tool that is designed to identify vulnerabilities in web applications and help developers fix them. It works by injecting a small agent into the application's runtime environment and monitoring its behaviour in real-time. This allows IAST tools to identify vulnerabilities as they occur, rather than relying on static analysis or simulated attacks.
|
||||
|
||||
IAST works through software instrumentation, or the use of instruments to monitor an application as it runs and gather information about what it does and how it performs. IAST solutions instrument applications by deploying agents and sensors in running applications and continuously analyzing all application interactions initiated by manual tests, automated tests, or a combination of both to identify vulnerabilities in real time Instrumentation.
|
||||
IAST agent is running inside the application and monitoring for known attack patterns. As it is part of the application, it can monitor traffic between different components (either as classic MVC deployments and in microservices deployment).
|
||||
IAST works through software instrumentation, or the use of instruments to monitor an application as it runs and gather information about what it does and how it performs. IAST solutions instrument applications by deploying agents and sensors in running applications and continuously analyzing all application interactions initiated by manual tests, automated tests, or a combination of both to identify vulnerabilities in real time Instrumentation.
|
||||
IAST agent is running inside the application and monitoring for known attack patterns. As it is part of the application, it can monitor traffic between different components (either as classic MVC deployments and in microservices deployment).
|
||||
|
||||
## For IAST to be used, there are few prerequisites.
|
||||
|
||||
## For IAST to be used, there are few prerequisites.
|
||||
- Application should be instrumented (inject the agent).
|
||||
- Traffic should be generated - via manual or automated tests. Another possible approach is via DAST tools (OWASP ZAP can be used for example).
|
||||
|
||||
## Advantages
|
||||
## Advantages
|
||||
|
||||
One of the main advantages of IAST tools is that they can provide detailed and accurate information about vulnerabilities and how to fix them. This can save developers a lot of time and effort, as they don't have to manually search for vulnerabilities or try to reproduce them in a testing environment. IAST tools can also identify vulnerabilities that might be missed by other testing methods, such as those that require user interaction or are triggered under certain conditions. Testing time depends on the tests used (as IAST is not a standalone system) and with faster tests (automated tests) can be included into CI/CD pipelines. It can be used to detect different kind of vulnerabilities and due to the nature of the tools (it looks for “real traffic only) false positives/negatives findings are relatively rear compared to other testing types.
|
||||
IAST can be used in two flavours - as a typical testing tool and as real-time protection (it is called RAST in this case). Both work at the same principles and can be used together.
|
||||
|
||||
## There are several disadvantages of the technology as well:
|
||||
|
||||
- It is relatively new technology so there is not a lot of knowledge and experience both for the security teams and for the tools builders (open-source or commercial).
|
||||
- The solution cannot be used alone - something (or someone) should generate traffic patterns. It is important that all possible endpoints are queried during the tests.
|
||||
- Findings are based on traffic. This is especially true if used for testing alone - if there is no traffic to a portion of the app / site it would not be tested so no findings are going to be generated.
|
||||
- Due to need of instrumentation of the app, it can be fairly complex, especially compared to the source scanning tools (SAST or SCA).
|
||||
|
||||
There are several different IAST tools available, each with its own features and capabilities.
|
||||
|
||||
## Some common features of IAST tools include:
|
||||
|
||||
- Real-time monitoring: IAST tools monitor the application's behaviour in real-time, allowing them to identify vulnerabilities as they occur.
|
||||
- Vulnerability identification: IAST tools can identify a wide range of vulnerabilities, including injection attacks, cross-site scripting (XSS), and cross-site request forgery (CSRF).
|
||||
- Remediation guidance: IAST tools often provide detailed information about how to fix identified vulnerabilities, including code snippets and recommendations for secure coding practices.
|
||||
@ -29,5 +34,8 @@ There are several different IAST tools available, each with its own features and
|
||||
IAST tools can be a valuable addition to a developer's toolkit, as they can help identify and fix vulnerabilities in real-time, saving time and effort. If you are a developer and are interested in using an IAST tool, there are many options available, so it is important to research and compare different tools to find the one that best fits your needs.
|
||||
|
||||
## Tool example
|
||||
|
||||
There are almost no open-source tools on the market. Example is the commercial tool: Contrast Community Edition (CE) - Fully featured version for 1 app and up to 5 users (some Enterprise features disabled). Contrast CE supports Java and .NET only.
|
||||
Can be found here - https://www.contrastsecurity.com/contrast-community-edition
|
||||
|
||||
See you on [Day 20](day20.md).
|
||||
|
@ -151,3 +151,5 @@ Container Image Scanning can help us find vulnerabilities in our application bas
|
||||
|
||||
Image Scanning and IAST/DAST are not mutually-exclusive.
|
||||
They both have their place in a Secure SDLC and can help us find different problems before the attackers do.
|
||||
|
||||
See you on [Day 21](day21.md).
|
||||
|
@ -75,3 +75,4 @@ Another place is your container registry (as seen today).
|
||||
|
||||
Both are good options, both have their pros and cons.
|
||||
It is up to the DevSecOps architect to decide which approach works better for them and their thread model.
|
||||
See you on [Day 23](day23.md).
|
||||
|
@ -159,3 +159,4 @@ A Secure SDLC would include scanning of all artifacts that end up in our product
|
||||
|
||||
Today we learned how to scan non-container artifacts like Kubernetes manifests, Helm charts and Terraform code.
|
||||
The tools we looked at are free and open-source and can be integrated into any workflow or CI pipeline.
|
||||
See you on [Day 24](day24.md).
|
||||
|
@ -145,3 +145,4 @@ However, integrating signing into your workflow adds yet another layer of defenc
|
||||
Signing artifacts prevents supply-chain and man-in-the-middle attacks, by allowing you to verify the integrity of your artifacts.
|
||||
|
||||
[Sigstore](https://sigstore.dev/) and [cosign](https://docs.sigstore.dev/cosign/overview/) are useful tools to sign your artifacts and they come with many integrations to choose from.
|
||||
See you on [Day 25](day25.md).
|
||||
|
@ -82,3 +82,4 @@ A scan can detect something that is vulnerability, but it cannot be actively exp
|
||||
This makes the vulnerability a low priority one, because why fix something that presents no danger to you.
|
||||
|
||||
If an issue comes up in penetration testing then that means that this issue is exploitable, and probably a high priority - in the penetation testers managed to exploit it, so will the hackers.
|
||||
See you on [Day 26](day26.md).
|
||||
|
@ -126,4 +126,5 @@ More on VM security:
|
||||
|
||||
<https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security.html>
|
||||
|
||||
<https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-60025A18-8FCF-42D4-8E7A-BB6E14708787.html>
|
||||
<https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-60025A18-8FCF-42D4-8E7A-BB6E14708787.html>
|
||||
See you on [Day 27](day27.md).
|
||||
|
@ -82,3 +82,5 @@ That will be done by either patching up the system, closing a hole that is not n
|
||||
<https://www.comparitech.com/net-admin/free-network-vulnerability-scanners/>
|
||||
|
||||
<https://www.rapid7.com/solutions/network-vulnerability-scanner/>
|
||||
|
||||
See you on [Day 28](day28.md).
|
||||
|
@ -1,6 +1,6 @@
|
||||
# Introduction to Runtime Defence & Monitoring
|
||||
|
||||
Welcome to all the DevOps and DevSecOps enthusiasts! 🙌
|
||||
Welcome to all the DevOps and DevSecOps enthusiasts! 🙌
|
||||
|
||||
We are here to learn about "Runtime defence". This is a huge subject, but we are not deterred by it and will learn about it together in the next 7 days.
|
||||
|
||||
@ -39,7 +39,6 @@ Elaborating on this, here are the key reasons why monitoring is important for ru
|
||||
|
||||
* Gaining visibility: Monitoring provides insight into system activity, which can be used to optimize performance, troubleshoot issues, and identify opportunities for improvement.
|
||||
|
||||
|
||||
## What to monitor and record?
|
||||
|
||||
In theory, the ideal solution would be to log everything that is happening in the system and keep the data forever.
|
||||
@ -63,6 +62,7 @@ Security configurations: Monitor security configurations, such as firewall rules
|
||||
Backup and disaster recovery systems: Monitor backup and disaster recovery systems to ensure that they are operating correctly and data can be recovered in the event of a failure or disaster.
|
||||
|
||||
## A practical implementation
|
||||
|
||||
In this part, we move from theory to practice.
|
||||
|
||||
There isn't a silver bullet here, every system has its tools. We will work on Kubernetes as infrastructure with [Microservices demo](https://github.com/GoogleCloudPlatform/microservices-demo) application.
|
||||
@ -145,3 +145,4 @@ Browse Grafana for more dashboards [here](https://grafana.com/grafana/dashboards
|
||||
# Next...
|
||||
|
||||
Tomorrow we will continue to the application level. Application logs and behavior monitoring will be in focue. We will continue to use the same setup and go deeper into the rabbit hole 😄
|
||||
See you on [Day 29](day29.md).
|
||||
|
@ -129,6 +129,5 @@ Now you should see Falco events in your Grafana! 😎
|
||||
|
||||
# Next...
|
||||
|
||||
Next day we will look into how to detect attacks in runtime. See you tomorrow 😃
|
||||
|
||||
|
||||
Next day we will look into how to detect attacks in runtime.
|
||||
See you tomorrow 😃 [Day 30](day30.md).
|
||||
|
@ -113,4 +113,4 @@ I hope this part gave you an insight into how this system works.
|
||||
# Next
|
||||
|
||||
Tomorrow we will move away from the world of applications and go to the network layer, see you then!
|
||||
|
||||
Unto [Day 31](day31.md).
|
||||
|
@ -89,3 +89,4 @@ There are several tools available to monitor network traffic in Kubernetes, each
|
||||
|
||||
These are just a few examples of the many tools available for monitoring network traffic in Kubernetes. When selecting a tool, consider the specific needs of your application and infrastructure, and choose a tool that provides the features and capabilities that best fit your requirements.
|
||||
|
||||
See you on [Day 32](day32.md).
|
@ -102,3 +102,5 @@ After the installation you can access the vulnerabilities via CRD with kubectl:
|
||||
kubectl get vulnerabilityreports --all-namespaces -o wide
|
||||
```
|
||||
![](images/day32-2.png)
|
||||
|
||||
[Day 33](day33.md).
|
||||
|
@ -295,5 +295,4 @@ status: {}
|
||||
### Summary
|
||||
These were examples of how to turn behavior to policy! Good stuff 😃
|
||||
|
||||
|
||||
|
||||
See you on [Day 34](day34.md).
|
||||
|
@ -216,4 +216,4 @@ no-privileged-containers:
|
||||
```
|
||||
|
||||
I hope this short intro gave a little taste of how admission controllers can help you to enforce runtime rules over a Kubernetes cluster!.
|
||||
|
||||
See you on [Day 35](day35.md).
|
||||
|
@ -44,4 +44,6 @@ In a DevOps and automated world, secrets management solutions must be centered a
|
||||
* AWS Secrets Manager
|
||||
* Azure Key Vault
|
||||
* GCP Secret Manager
|
||||
* Thycotic Secret Server
|
||||
* Thycotic Secret Server
|
||||
|
||||
See you on [Day 36](day36.md).
|
@ -70,4 +70,6 @@ The print argument is a string, which is one of Python's basic data types for st
|
||||
|
||||
- [Learn Python - Full course by freeCodeCamp](https://youtu.be/rfscVS0vtbw)
|
||||
- [Python tutorial for beginners by Nana](https://youtu.be/t8pPdKYpowI)
|
||||
- [Python Crash Course book](https://amzn.to/40NfY45)
|
||||
- [Python Crash Course book](https://amzn.to/40NfY45)
|
||||
|
||||
See you on [Day 43](day43.md).
|
@ -111,4 +111,4 @@ try:
|
||||
|
||||
## Conclusion
|
||||
|
||||
That is it for today, I will see you tomorrow in Day 3 of Python!
|
||||
That is it for today, I will see you tomorrow in [Day 44 | Day 3 of Python!](day44.md).
|
||||
|
@ -123,3 +123,4 @@ student = Student("John", "Canada", "Computer Science")
|
||||
person.speak() # "Hello, my name is Rishab and I am from Canada."
|
||||
student.speak() # "Hello, my name is John and I am a Computer Science major."
|
||||
```
|
||||
See you tomorrow in [Day 45](day45.md).
|
@ -122,3 +122,6 @@ Output:
|
||||
- [pdb - The Python Debugger](https://docs.python.org/3/library/pdb.html)
|
||||
- [re - Regular expressions operations](https://docs.python.org/3/library/re.html)
|
||||
- [datetime - Basic date and time types](https://docs.python.org/3/library/datetime.html)
|
||||
|
||||
See you tomorrow in [Day 46](day46.md).
|
||||
|
@ -45,3 +45,4 @@ Having a good understanding of how these web apps work, will help you with autom
|
||||
You can dive deeper into how you can build APIs using Python and serverless technologies like AWS Lambda, Azure Functions etc.
|
||||
|
||||
I have a demo on [how I built a serverless resume API](https://github.com/rishabkumar7/AzureResumeAPI).
|
||||
See you tomorrow in [Day 47](day47.md).
|
||||
|
@ -60,3 +60,5 @@ In this example, we're using the Pulumi Python SDK to define an EC2 instance on
|
||||
- [Learn more about Fabric](https://docs.fabfile.org/en/stable/index.html)
|
||||
- [PyWinRM](https://github.com/diyan/pywinrm)
|
||||
- [Pulumi - IaC Tool](https://www.pulumi.com/docs/reference/pkg/python/pulumi/)
|
||||
|
||||
See you tomorrow in [Day 48](day48.md).
|
||||
|
@ -153,3 +153,5 @@ Here is how it would look, I have 2 blog posts and have some gifs in my blog pos
|
||||
If we click on the `hello` blog post:
|
||||
|
||||
![Hello blog post](/2023/images/day48-2.png)
|
||||
|
||||
See you tomorrow in [Day 49](day49.md).
|
||||
|
@ -1,6 +1,7 @@
|
||||
# Day 49: AWS Cloud Overview
|
||||
|
||||
Welcome to the AWS section of the 90 Days of DevOps! Picking 7 items to learn about is difficult for several reasons:
|
||||
|
||||
1. At last count, there were 250+ AWS services
|
||||
2. Each service could get it's own multi-day deep dive 😅
|
||||
|
||||
@ -16,7 +17,7 @@ AWS Cloud is a cloud computing platform provided by Amazon Web Services (AWS). I
|
||||
|
||||
One of the main benefits of AWS Cloud is its flexibility. You can choose the services that best meet your needs and only pay for what you use. This makes it an ideal solution for small businesses, startups, and enterprises, as it allows them to access the resources they need without having to make a significant upfront investment in infrastructure.
|
||||
|
||||
## Security
|
||||
## Security
|
||||
|
||||
Another benefit of AWS Cloud is its security. AWS has a number of security measures in place to protect your data and resources, including encryption, identity and access management, and network security. It also has a number of compliance programs in place, including HIPAA, PCI DSS, and GDPR, to ensure that your data is secure and compliant with relevant regulations.
|
||||
|
||||
@ -28,13 +29,13 @@ One of the most popular services offered by AWS Cloud is Amazon Elastic Compute
|
||||
|
||||
![](images/day49-2.png)
|
||||
|
||||
## S3
|
||||
## S3
|
||||
|
||||
Another popular service offered by AWS Cloud is Amazon Simple Storage Service (S3). S3 is an object storage service that allows you to store and retrieve large amounts of data from anywhere on the internet. It is highly scalable, durable, and secure, making it an ideal solution for storing and managing data in the cloud.
|
||||
|
||||
![](images/day49-3.png)
|
||||
|
||||
## Databases
|
||||
## Databases
|
||||
|
||||
AWS Cloud also offers a range of other services, including Amazon Relational Database Service (RDS) for managing databases, Amazon Redshift for data warehousing and analytics, and Amazon Elasticsearch Service for search and analytics. These services make it easy to build and manage complex applications in the cloud, without having to worry about infrastructure or scaling.
|
||||
|
||||
@ -44,3 +45,4 @@ Overall, AWS Cloud is a powerful and flexible cloud computing platform that offe
|
||||
|
||||
## Resources
|
||||
|
||||
See you tomorrow in [Day 50](day50.md).
|
||||
|
@ -41,4 +41,5 @@ Once you have access to your free tier account, there are a few additional steps
|
||||
## Resources
|
||||
[Create your free AWS account](https://youtu.be/uZT8dA3G-S4)
|
||||
|
||||
[Generate credentials, budget, and billing alarms via CLI](https://youtu.be/OdUnNuKylHg)
|
||||
[Generate credentials, budget, and billing alarms via CLI](https://youtu.be/OdUnNuKylHg)
|
||||
See you in [Day 52](day52.md).
|
||||
|
@ -22,4 +22,6 @@ In addition to these benefits, CloudFormation also offers a range of other featu
|
||||
|
||||
[AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html)
|
||||
|
||||
[AWS CloudFormation Getting Started step-by-step guides](https://aws.amazon.com/cloudformation/getting-started/)
|
||||
[AWS CloudFormation Getting Started step-by-step guides](https://aws.amazon.com/cloudformation/getting-started/)
|
||||
|
||||
See you in [Day 52](day52.md).
|
@ -54,3 +54,4 @@ After you've assigned permissions to the IAM group, you can test the IAM user to
|
||||
|
||||
[IAM Tutorial: Delegate access across AWS accounts using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html)
|
||||
|
||||
See you in [Day 53](day53.md).
|
||||
|
@ -47,3 +47,4 @@ Once you have created a resource group, you can view and manage your resources f
|
||||
|
||||
[Getting started with AWS System Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-launch-managed-instance.html)
|
||||
|
||||
See you in [Day 54](day54.md).
|
||||
|
@ -2,7 +2,6 @@
|
||||
|
||||
![](images/day54-01.png)
|
||||
|
||||
|
||||
AWS CodeCommit is a fully managed source control service provided by Amazon Web Services (AWS) that makes it easy for developers to host and manage private Git repositories. Think "GitHub but with less features" 🤣 (j/k, see the resource "CodeCommit vs GitHub" for a breakdown) It allows teams to collaborate on code and keep their code securely stored in the cloud, with support for secure access control, encryption, and automatic backups.
|
||||
|
||||
With AWS CodeCommit, developers can easily create, manage, and collaborate on Git repositories with powerful code review and workflow tools. It integrates seamlessly with other AWS services like AWS CodePipeline and AWS CodeBuild, making it easier to build and deploy applications in a fully automated manner.
|
||||
@ -19,9 +18,7 @@ In order to effectively leverage CodeCommit, you of course need to know how to u
|
||||
|
||||
Overall, AWS CodeCommit is a powerful tool for teams that need to collaborate on code, manage their repositories securely, and streamline their development workflows.
|
||||
|
||||
|
||||
|
||||
## Resources:
|
||||
## Resources:
|
||||
|
||||
[AWS CodeCommit User Guide](https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html)
|
||||
|
||||
@ -30,3 +27,5 @@ Overall, AWS CodeCommit is a powerful tool for teams that need to collaborate on
|
||||
[AWS CodeCommit tutorial: your first Repo, Commit and Push](https://youtu.be/t7M8pHCh5Xs)
|
||||
|
||||
[AWS CodeCommit vs GitHub: Which will Shine in 2023?](https://appwrk.com/aws-codecommit-vs-github)
|
||||
|
||||
See you in [Day 55](day55.md).
|
||||
|
@ -8,7 +8,8 @@
|
||||
|
||||
With CodePipeline, you can create pipelines that automate your build, test, and deployment workflows, ensuring that your code changes are reliably deployed to your target environments. It enables you to achieve faster release cycles, improve collaboration among development and operations teams, and improve the overall quality and reliability of your software releases.
|
||||
|
||||
AWS CodePipeline integrates with other AWS services:
|
||||
AWS CodePipeline integrates with other AWS services:
|
||||
|
||||
- [Source Action Integrations](https://docs.aws.amazon.com/codepipeline/latest/userguide/integrations-action-type.html#integrations-source)
|
||||
- [Build Action Integrations](https://docs.aws.amazon.com/codepipeline/latest/userguide/integrations-action-type.html#integrations-build)
|
||||
- [Test Action Integrations](https://docs.aws.amazon.com/codepipeline/latest/userguide/integrations-action-type.html#integrations-test)
|
||||
@ -16,12 +17,11 @@ AWS CodePipeline integrates with other AWS services:
|
||||
- [Approval Action Integrations](https://docs.aws.amazon.com/codepipeline/latest/userguide/integrations-action-type.html#integrations-approval)
|
||||
- [Invoke Action Integrations](https://docs.aws.amazon.com/codepipeline/latest/userguide/integrations-action-type.html#integrations-invoke)
|
||||
|
||||
|
||||
It also integrates with third-party tools such as GitHub, Jenkins, and Bitbucket. You can use AWS CodePipeline to manage your application updates across multiple AWS accounts and regions.
|
||||
|
||||
## Getting started with AWS CodePipeline
|
||||
|
||||
To get started with AWS CodePipeline, there are several excellent [tutorials](https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials.html) in the [AWS User Guide](https://docs.aws.amazon.com/codepipeline/latest/userguide/welcome.html). They all basically break down into the following 3 steps:
|
||||
To get started with AWS CodePipeline, there are several excellent [tutorials](https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials.html) in the [AWS User Guide](https://docs.aws.amazon.com/codepipeline/latest/userguide/welcome.html). They all basically break down into the following 3 steps:
|
||||
|
||||
### Step 1: Create an IAM role
|
||||
|
||||
@ -36,14 +36,15 @@ To create a CodePipeline pipeline, go to the AWS CodePipeline console, click on
|
||||
Once you have created your CodePipeline pipeline, you can test and deploy your code changes. AWS CodePipeline will automatically build, test, and deploy your code changes to your target environments. You can monitor the progress of your pipeline in the AWS CodePipeline console.
|
||||
|
||||
## Capstone Project
|
||||
To tie up this AWS section of the 90 Days of DevOps, I recommend that you go through Adrian Cantrill's excellent mini-project, the [CatPipeline](https://www.youtube.com/playlist?list=PLTk5ZYSbd9MgARTJHbAaRcGSn7EMfxRHm). In it you will be exposed to CodeCommit, CodeBuild, CodeDeploy, and CodePipeline in a fun little project that will give you a taste of a day in the life of a DevOps engineer.
|
||||
|
||||
To tie up this AWS section of the 90 Days of DevOps, I recommend that you go through Adrian Cantrill's excellent mini-project, the [CatPipeline](https://www.youtube.com/playlist?list=PLTk5ZYSbd9MgARTJHbAaRcGSn7EMfxRHm). In it you will be exposed to CodeCommit, CodeBuild, CodeDeploy, and CodePipeline in a fun little project that will give you a taste of a day in the life of a DevOps engineer.
|
||||
|
||||
- [YouTube CatPipeline Playlist](https://www.youtube.com/playlist?list=PLTk5ZYSbd9MgARTJHbAaRcGSn7EMfxRHm)
|
||||
- [GitHub CatPipeline Repo](https://github.com/acantril/learn-cantrill-io-labs/tree/master/aws-codepipeline-catpipeline)
|
||||
- [GitHub CatPipeline Repo](https://github.com/acantril/learn-cantrill-io-labs/tree/master/aws-codepipeline-catpipeline)
|
||||
|
||||
## Resources (Free)
|
||||
|
||||
## Resources (Free):
|
||||
|
||||
[AWS: Real-world CodePipeline CI/CD Examples ](https://youtu.be/MNt2HGxClZ0)
|
||||
[AWS: Real-world CodePipeline CI/CD Examples](https://youtu.be/MNt2HGxClZ0)
|
||||
|
||||
[AWS CodePipeline User Guide](https://docs.aws.amazon.com/codepipeline/latest/userguide/welcome.html)
|
||||
|
||||
@ -53,10 +54,13 @@ To tie up this AWS section of the 90 Days of DevOps, I recommend that you go thr
|
||||
|
||||
[AWS CodeCommit vs GitHub: Which will Shine in 2023?](https://appwrk.com/aws-codecommit-vs-github)
|
||||
|
||||
## Resources (Paid):
|
||||
There are a number of <i>excellent</i> instructors out there and picking 2-3 is always hard, but [Adrian Cantrill](https://learn.cantrill.io/), [Andrew Brown](https://www.exampro.co/), and [Stephane Maarek](https://www.udemy.com/user/stephane-maarek/) always come to mind when discussing fantastic content out there.
|
||||
## Resources (Paid)
|
||||
|
||||
There are a number of <i>excellent</i> instructors out there and picking 2-3 is always hard, but [Adrian Cantrill](https://learn.cantrill.io/), [Andrew Brown](https://www.exampro.co/), and [Stephane Maarek](https://www.udemy.com/user/stephane-maarek/) always come to mind when discussing fantastic content out there.
|
||||
|
||||
## Final Thoughts
|
||||
I hope that this section of the 90 Days of DevOps has given you a taste of what is available in the AWS ecosystem.
|
||||
|
||||
Good luck in your studies! Up next is Red Hat OpenShift!
|
||||
I hope that this section of the 90 Days of DevOps has given you a taste of what is available in the AWS ecosystem.
|
||||
|
||||
Good luck in your studies! Up next is Red Hat OpenShift!
|
||||
See you in [Day 56](day56.md).
|
||||
|
@ -108,3 +108,4 @@ In [day 57](/day57.md) we will dive into the Architecture and components of Open
|
||||
- [OKD](https://www.okd.io/)
|
||||
- [Official Red Hat OpenShift product page](https://www.redhat.com/en/technologies/cloud-computing/openshift)
|
||||
- [Red Hat Hybrid Cloud Learning Hub](https://cloud.redhat.com/learn)
|
||||
|
||||
|
@ -14,7 +14,7 @@ Here’s what we’ll be covering: -
|
||||
- Database security
|
||||
- Monitoring and troubleshooting database issues
|
||||
|
||||
We’ll also be providing examples to accompany the concepts discussed. In order to do so you will need Docker Desktop installed. Docker can be downloaded here (https://www.docker.com/products/docker-desktop/) and is completely free.
|
||||
We’ll also be providing examples to accompany the concepts discussed. In order to do so you will need Docker Desktop installed. Docker can be downloaded here (https://www.docker.com/products/docker-desktop/) and is completely free.
|
||||
|
||||
Alternatives to Docker Desktop can be used (such as Rancher Desktop or Finch) but the examples will focus on Docker.
|
||||
|
||||
@ -131,4 +131,6 @@ The great thing about databases is that there are so many choices to choose from
|
||||
|
||||
Join us tommorrow when we'll be talking about querying databases.
|
||||
|
||||
Thanks for reading!
|
||||
Thanks for reading!
|
||||
|
||||
See you in [Day 64](day64.md).
|
||||
|
@ -288,3 +288,5 @@ So that’s how to retrieve, update, and delete data from a database. We also lo
|
||||
Join us tommorrow where we will be looking at backing up and restoring databases.
|
||||
|
||||
Thank you for reading!
|
||||
|
||||
See you in [Day 65](day65.md).
|
||||
|
@ -251,3 +251,5 @@ The data is back! We have successfully performed a point in time restore of our
|
||||
Join us tomorrow where we will be talking about high availability and disaster recovery.
|
||||
|
||||
Thanks for reading!
|
||||
|
||||
See you in [Day 66](day66.md).
|
||||
|
@ -1,6 +1,5 @@
|
||||
# High availability and disaster recovery
|
||||
|
||||
|
||||
Hello and welcome to the fourth post in the database part of the 90 Days of DevOps blog series! Today we’ll be talking about high availability and disaster recovery.
|
||||
|
||||
One of the main jobs of a database administrator is to configure and maintain disaster recovery and high availability strategies for the databases that they look after. In a nutshell they boil down to: -
|
||||
@ -207,3 +206,4 @@ Join us tomorrow where we'll be talking about performance tuning.
|
||||
|
||||
Thanks for reading!
|
||||
|
||||
See you in [Day 67](day67.md).
|
||||
|
@ -136,3 +136,5 @@ And there we have it! Our query now has a supporting index!
|
||||
Join us tommorrow where we'll be talking about database security.
|
||||
|
||||
Thanks for reading!
|
||||
|
||||
See you in [Day 68](day68.md).
|
@ -205,3 +205,4 @@ So if we have sensitive data within our database, this is one method of encrypti
|
||||
Join us tomorrow for the final post in the database series of 90DaysOfDevOps where we'll be talking about monitoring and troubleshooting.
|
||||
|
||||
Thanks for reading!
|
||||
See you in [Day 69](day69.md).
|
||||
|
@ -161,4 +161,6 @@ Caution does need to be taken with some of these tools as they can have a negati
|
||||
|
||||
So having the correct monitoring, log collection, and query tracking tools are vital when it comes to not only preventing issues from arising but allowing for quick resolution when they do occur.
|
||||
|
||||
And that’s it for the database part of the 90DaysOfDevOps blog series. We hope this has been useful…thanks for reading!
|
||||
And that’s it for the database part of the 90DaysOfDevOps blog series. We hope this has been useful…thanks for reading!
|
||||
|
||||
See you in [Day 70](day70.md).
|
||||
|
@ -15,3 +15,5 @@ I am a large proponent of serverless, and I believe these are huge benefits to a
|
||||
That being said, I hope to provide you with a strong starting point for the land of serverless. Over the next few days, we will be exploring serverless resources and services, from compute, to storage, to API design, and more. We will keep our discussions high-level, but I'll be sure to include relevant examples, resources, and further reading from other leading industry experts. No prerequisites are necessary, I just ask you approach each and every article with an open mind, continue to ask questions & provide feedback, and let's dive in!*
|
||||
|
||||
*As a quick disclaimer - as I am an AWS Serverless Hero, most of the examples and explanations I give will reference the AWS ecosystem since that is where my expertise is. Many of the AWS services and tools we will discuss have equivalents across Azure, GCP, or other tooling. I will do my best to call these out going forward. This is part of a series that will be covered here, but I also encourage you to follow along on [Medium](https://kristiperreault.medium.com/what-is-serverless-1b46a5ffa7b3) or [Dev.to](https://dev.to/aws-heroes/what-is-serverless-4d4p) for more.
|
||||
|
||||
See you in [Day 71](day71.md).
|
||||
|
@ -25,3 +25,5 @@ Fargate stands sort of in the middle as a container service that offers many of
|
||||
These two options pretty much sum up serverless compute, believe it or not. When it comes to your business logic code in AWS or other cloud provider, these two services cover most, if not all, serverless application needs. As we continue on in this series, you'll realize there are a ton of other 'supporting' serverless services for storage, APIs, orchestration, and more to dive into. I hope this has given you a good preview on serverless compute and what's to come, tune in tomorrow where we'll discuss the various serverless storage solutions available to us. See you then!
|
||||
|
||||
*This is part of a series that will be covered here, but I also encourage you to follow along with the rest of the series on [Medium](https://kristiperreault.medium.com/serverless-compute-b19df2ea0935) or [Dev.to](https://dev.to/aws-heroes/serverless-compute-3bgo).
|
||||
|
||||
See you in [Day 72](day72.md).
|
||||
|
@ -31,3 +31,5 @@ This is my serverless database catch-all section. In my opinion, S3 and DynamoDB
|
||||
Well, this about sums up the serverless storage solutions available. As always, there are definitely equivalents of these resources in your cloud provider of choice, and you can't go wrong with any service you choose, as long as you're evaluating based on your specific application needs. Join me tomorrow, as we take another step further into serverless with API design.*
|
||||
|
||||
*This is part of a series that will be covered here, but I also encourage you to follow along with the rest of the series on [Medium](https://kristiperreault.medium.com/serverless-storage-4b7974683d3d) or [Dev.to](https://dev.to/aws-heroes/serverless-storage-50i3).
|
||||
|
||||
See you in [Day 73](day73.md).
|
||||
|
@ -19,3 +19,5 @@ I'm keeping this section a bit shorter for you all, since [AppSync](https://aws.
|
||||
As with all of these short, daily articles, there is so much more that I could dive into here, but my purpose this week is to provide you with a little taste of what the serverless space has to offer, and get you started as a newbie to serverless. I'd highly encourage you to read up even more on [effective API Design](https://thenewstack.io/werner-vogels-6-rules-for-good-api-design/), and even get started with a tutorial, workshop, or even your own project (feel free to try out the travel website and let me know how it goes!) Believe it or not, there is still more to explore in the serverless space, so in my next post we will continue on with some really helpful integration & orchestration services.*
|
||||
|
||||
*This is part of a series that will be covered here, but I also encourage you to follow along with the rest of the series on [Medium](https://kristiperreault.medium.com/serverless-apis-4c852f0955ef) or [Dev.to](https://dev.to/aws-heroes/serverless-apis-5bdp).
|
||||
|
||||
See you in [Day 74](day74.md).
|
||||
|
@ -39,3 +39,5 @@ Similar to other services, you can define and configure your EventBridge instanc
|
||||
Although not what I would consider 'core' cloud services, the orchestration and communication services are key to event driven development and robust application design. If you are structuring your application to take advantage of event flow, these are tools you are going to want to be familiar with, and will be instrumental in your success by saving you time, money, complexity, and management overhead. This about wraps up what I want to cover with [serverless cloud services](https://aws.amazon.com/serverless/), though there is so much out there to explore. Tune in tomorrow as we start to put all of this together with best practices.*
|
||||
|
||||
*This is part of a series that will be covered here, but I also encourage you to follow along with the rest of the series on [Medium](https://kristiperreault.medium.com/serverless-orchestration-d012aa7cae38) or [Dev.to](https://dev.to/aws-heroes/serverless-orchestration-3879).
|
||||
|
||||
See you in [Day 75](day75.md).
|
@ -48,3 +48,5 @@ In addition to the six pillars, AWS Well Architected has this concept of [Well A
|
||||
|
||||
If you'd like to learn more about Well Architected or hear about it in practice, I have actually given a [recent talk on the subject with Build On at AWS Re:Invent](https://www.twitch.tv/videos/1674539542?collection=T1passDrLhdY6Q). This is an area of technology I have been very passionate about, and I truly believe these pillars and Well Architected Reviews are well worth the time and effort. We're coming up to end of our team together this week (I know, already?!) so for our last day tomorrow, I'm excited to summarize what we've learned so far, and present you with some next steps for going beyond the serverless basics.*
|
||||
*This is part of a series that will be covered here, but I also encourage you to follow along with the rest of the series on [Medium](https://kristiperreault.medium.com/serverless-well-architected-b379d5be10ad) or [Dev.to](https://dev.to/aws-heroes/serverless-well-architected-40jn).
|
||||
|
||||
See you in [Day 76](day76.md).
|
||||
|
@ -29,3 +29,5 @@ Thanks again for taking this serverless journey with me this week, and please en
|
||||
….and so much more out there for you to explore!
|
||||
|
||||
*This is part of a series that will be covered here, but I also encourage you to follow along with the rest of the series on [Medium](https://kristiperreault.medium.com/serverless-beyond-the-basics-22ba22733dd1) or [Dev.to](https://dev.to/aws-heroes/serverless-beyond-the-basics-kom).
|
||||
|
||||
See you in [Day 77](day77.md).
|
||||
|
@ -66,3 +66,5 @@ Cilium is a Container Networking Interface that leverages eBPF to optimize packe
|
||||
|
||||
### Conclusion
|
||||
A serivce mesh is a power application networking layer that provides traffic management, observability, and security. We will explore more in the next 6 days of #90DayofDevOps!
|
||||
|
||||
See you in [Day 78](day78.md).
|
||||
|
@ -229,4 +229,4 @@ Let's label our default namespace with the *istio-injection=enabled* label. This
|
||||
### Conclusion
|
||||
I decided to jump into getting a service mesh up and online. It's easy enough if you have the right pieces in place, like a Kubernetes cluster and a load-balancer service. Using the demo profile, you can have Istiod, and the Ingress/Egress gateway deployed. Deploy a sample app with a service definition, and you can expose it via the Ingress-Gateway and route to it using a virtual service.
|
||||
|
||||
See you on Day 79 and beyond of #90DaysofServiceMesh
|
||||
See you on [Day 79](day79.md) and beyond of #90DaysofServiceMesh
|
||||
|
@ -66,4 +66,4 @@ Governance and Oversight | Istio Community | Linkered Community | AWS | Hashicor
|
||||
### Conclusion
|
||||
Service Meshes have come a long way in terms of capabilities and the environments they support. Istio appears to be the most feature-complete service mesh, providing a balance of platform support, customizability, extensibility, and is most production ready. Linkered trails right behind with a lighter-weight approach, and is mostly complete as a service mesh. AppMesh is mostly feature-filled but specific to the AWS Ecosystem. Consul is a great contender to Istio and Linkered. The Cilium CNI is taking the approach of using eBPF and climbing up the networking stack to address Service Mesh capabilities, but it has a lot of catching up to do.
|
||||
|
||||
See you on Day 4 of #70DaysOfServiceMesh!
|
||||
See you on [Day 80](day80.md) of #70DaysOfServiceMesh!
|
@ -334,4 +334,4 @@ I briefly covered several traffic management components that allow requests to f
|
||||
|
||||
And I got to show you all of this in action!
|
||||
|
||||
See you on Day 5 and beyond! :smile:!
|
||||
See you on [Day 81](day81.md) and beyond! :smile:!
|
||||
|
@ -200,3 +200,5 @@ Go ahead and end the Kiali dashboard process with *ctrl+c*.
|
||||
|
||||
### Conclusion
|
||||
I've explored a few of the tools to be able to understand how we can observe services in our mesh and better understand how our applications are performing, or, if there are any issues.
|
||||
|
||||
See you on [Day 82](day82.md)
|
||||
|
Loading…
Reference in New Issue
Block a user