What this book covers
Chapter 1, CI/CD Using AWS CodeStar, introduces the basic concept of CI/CD and branching strategies, then you will create a basic pipeline using AWS CodeStar and enhance it by adding multiple stages, environments, and branching strategies. Doing this will cover all of the AWS developer toolchain, such as CodeCommit, CodeBuild, CloudFormation, and CodePipeline.
Chapter 2, Enforcing Policy as Code on CloudFormation and Terraform, walks through the concept of policy as code and its importance in security and compliance, and the stage of CI/CD at which infrastructure can be checked. You will use CloudFormation Guard to apply policies on an AWS CloudFormation template. After that, you will learn how to use AWS Service Catalog across multiple teams. You will also do hands-on implementation on Terraform Cloud and policy implementation using HashiCorp Sentinel.
Chapter 3, CI/CD Using AWS Proton and an Introduction to AWS CodeGuru, introduces the new AWS Proton service and how AWS Proton helps both developers and DevOps/infrastructure engineers with their work in software delivery. You will learn the basic blocks of the Proton service and create an environment template to spin up multiple infrastructure environments and service templates to deploy the service instance in the environment. This chapter will also walk you through the code review process and how to find a vulnerability or secret leak using AWS CodeGuru.
Chapter 4, Working with AWS EKS and App Mesh, guides you through the architecture and implementation of an AWS EKS cluster. It explains the importance of and need for the AWS App Mesh service mesh and implementing features such as traffic routing, mutual TLS authentication, and using the X-Ray service for tracing.
Chapter 5, Securing Private EKS Cluster for Production, contains an implementation guide to set up a production-grade secure private EKS cluster. It covers almost all the important implementations on EKS, such as IAM Role for Service Account (IRSA), Cluster Autoscaler, EBS CSI, App Mesh, hardening using Kubescape, policy and governance using OPA Gatekeeper, and the backup and restore of a stateful application using Velero.
Chapter 6, Chaos Engineering with AWS Fault Injection Simulator, covers the concept of chaos engineering and when it is needed. It walks through the principles of chaos engineering and gives insights in terms of where it fits in CI/CD. You will learn how to perform chaos simulation using AWS FIS on an EC2 instance, Relational Database Service (RDS), and an EKS node.
Chapter 7, Infrastructure Security Automation Using Security Hub and Systems Manager, includes some important solutions to automate infrastructure security using AWS Security Hub and Systems Manager. The solutions include enforcing only running compliant images from ECR on an EKS cluster, config rule evaluation as an insight into Security Hub, and integrating Systems Manager with Security Hub to detect issues, create an incident, and remediate it automatically.
Chapter 8, DevSecOps Using AWS Native Services, walks you step by step through creating a DevSecOps CI/CD pipeline with a branching strategy using AWS native security services such as CodeGuru Reviewer and ECR image scanning. It includes the powerful combination of the developer toolchain, App Mesh, and Fault Injection Simulator. It also covers the canary deployment of microservices and analysis using Prometheus and Grafana.
Chapter 9, DevSecOps Pipeline with AWS Services and Tools Popular Industry-Wide, walks you through the planning to create a pipeline. It shows how to implement security at every stage of software delivery, starting from when you write code. It also shows the usage of the Snyk Security Advisory plugin in an IDE, git-secrets to scan sensitive data such as keys and passwords, SAST using Snyk, DAST using OWASP ZAP, RASP using Falco, chaos simulation using AWS FIS, and AIOps using AWS DevOps Guru. It also includes operational activities such as showing a security posture and vulnerability findings using AWS Security Hub.
Chapter 10, AIOps with Amazon DevOps Guru and Systems Manager OpsCenter, introduces the primer artificial intelligence and machine learning concepts. It covers what AIOps is, why we need it, and how it applies to IT operations. You will learn about the AWS AIOps tool DevOps Guru and implement two use cases about identifying anomalies in CPU, memory, and networking within an EKS cluster, and analyzing failure insights and remediation in a serverless application.
