SlideShare a Scribd company logo

Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018

Amazon Web Services
Amazon Web Services

DevSecOps is the premise that everyone in the software development lifecycle is responsible for security. DevSecOps aims to embed security in every part of the development process. In this workshop, participants explore taking a standard CI/CD pipeline and adding security stages to improve security posture. Learn how to use AWS CodeCommit and AWS CodePipeline to build and publish golden AMI images. Also, learn how to modify pipeline flow to add security test cases. You also have to opportunity to perform CVE analysis and code analysis using Amazon Inspector and perform observational container analysis using Amazon GuardDuty.

1 of 37
Download to read offline
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Adding the Sec to Your DevOps Pipelines S E C 3 3 2 Welcome to the Workshop and have a seat. Please visit http://bit.ly/2CVczI0 and follow the setup instructions to complete the pre-requisite for this workshop. If you need to create a new AWS account, visit http://bit.ly/2P45JHn
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Adding the Sec to Your DevOps Pipelines Armando Leite Sr. Manager Solutions Prototyping S E C 3 3 2 Adam McLean Solutions Developer Solutions Prototyping Aravind Kodandaramaiah Solutions Developer Solutions Prototyping
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda Dev(Sec)Ops Overview Security in the Pipeline Pipeline Build-Out Take home challenge Wrap-up Q&A
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What is DevOps? What is DevSecOps? Reliability Speed ScaleRapid Delivery Improved Collaboration Combination of Practices and tools SecDev Ops Adding Sec to Dev/__/Ops Security Securing the Pipeline Auditing Workloads Operations Security in the Pipeline
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security in the Pipeline Source Control Build Testing & Staging Production Maintain AWS CodeCommit AWS CloudFormation AWS CodeBuild AWS Step Functions AWS X-Ray AWS CodePipeline AWS Step Functions AWS CodeDeploy AWS Elastic Beanstalk AWS Systems Manager Amazon GuardDuty AWS CodeStar AWS CodePipeline AWS CodeStar AWS CodePipeline COMMIT CHANGES BUILD ARTIFACTS DEPLOY TO TEST ENVIRONMENT RUN INTEGRATION, SECURITY, LOAD AND OTHER TESTS DEPLOY TO PRODUCTION ENVIRONMENT MANAGE RUNTIME
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What you will do today? 1. Build a CI/CD Pipeline. 2. Implement security IN the Pipeline.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Pipeline Pre-requisite check http://bit.ly/2CVczI0 5 Min
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The base Pipeline Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda SSM Automation EC2 Instance Golden AMI Build source code CodeBuild
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The final Pipeline Source Source Code CodeCommit Static Code Analysis CodeBuild Launch & Install Lambda AWS CodePipeline EC2 Instance Vulnerability check Lambda Build AMI Lambda Amazon Inspector SSM Automation Golden AMI
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your turn – Build the base pipeline Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda Build source code CodeBuild Golden AMI http://bit.ly/2zlngjB 25 Min
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Is the base Pipeline working? Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda Static code analysis CodeBuild Golden AMI
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Static Code Analysis
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your turn - Add static code analysis to the Pipeline Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda SSM Automation EC2 Instance Golden AMI Static code analysis CodeBuild http://bit.ly/2D1uk8u 8 Min
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Did the Pipeline find the embedded credentials?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your Turn – Remove the embedded Credentials Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda Static code analysis CodeBuild Golden AMI http://bit.ly/2F7Wd1p 12 Min
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Vulnerability Assessment with Amazon Inspector What is Amazon Inspector? Vulnerability assessment service in the cloud. • Application / EC2 security assessment • Selectable built-in rules • Runtime Behavioral Analysis • CVE (common vulnerabilities and exposures) • AWS Security Best Practices • Weak Security Configuration(CIS Security Benchmarks) • Network Reachability • Security findings – guidance and management • Automatable via APIs
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your turn - Add Vulnerability assessment to the Pipeline Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda SSM Automation EC2 Instance Golden AMI Static code analysis CodeBuild Vulnerability Check Lambda Amazon Inspector http://bit.ly/2RwEsKB 20 Min
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Did the Pipeline catch the vulnerability?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What did Amazon Inspector find? Finding Recommendation A security flaw was found in the chap_server_compute_md5() function Use your Operating System's update feature to update package kernel- 0:4.14.62- 65.117.amzn1 The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. Use your Operating System's update feature to update package kernel- 0:4.14.62- 65.117.amzn1 Fix yum –y update kernel yum –y update kernel
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your Turn – Fix the vulnerability Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda Static code analysis CodeBuild Vulnerability Check Lambda Golden AMI http://bit.ly/2RzgvCk 20 Min
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your Turn – Launch the AMI http://bit.ly/2zxg18e 15 Min
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Threat detection and continuous monitoring with Amazon GuardDuty GuardDuty Monitors • Unusual API calls. • Potentially unauthorized deployments that indicate a possible account compromise. • Potentially compromised instances or reconnaissance by attackers.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How GuardDuty Works Threat intel, ML/AI Anomaly Detection SIEM and/or Remediate Reconnaissance Instance Compromise Account Compromise DNS Logs CloudTrail Events HIGH MEDIUM LOW FindingsData SourcesThreat Detection Types VPC Flow logs Amazon GuardDuty AWS Cloud
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your Turn - Cleanup AWS Resources http://bit.ly/2Dl7A4k
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Aravind Kodandaramaiah karavind@amazon.com Adam Mclean apmclean@amazon.com
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Recommended

Building a DevOps Pipeline on AWS (DEV326) - AWS re:Invent 2018
Building a DevOps Pipeline on AWS (DEV326) - AWS re:Invent 2018Building a DevOps Pipeline on AWS (DEV326) - AWS re:Invent 2018
Building a DevOps Pipeline on AWS (DEV326) - AWS re:Invent 2018Amazon Web Services
 
Build a Game for Echo Buttons - an Alexa Gadget! (ALX405-R2) - AWS re:Invent ...
Build a Game for Echo Buttons - an Alexa Gadget! (ALX405-R2) - AWS re:Invent ...Build a Game for Echo Buttons - an Alexa Gadget! (ALX405-R2) - AWS re:Invent ...
Build a Game for Echo Buttons - an Alexa Gadget! (ALX405-R2) - AWS re:Invent ...Amazon Web Services
 
Enterprise DevOps: Patterns of Efficiency (ENT311-R1) - AWS re:Invent 2018
Enterprise DevOps: Patterns of Efficiency (ENT311-R1) - AWS re:Invent 2018Enterprise DevOps: Patterns of Efficiency (ENT311-R1) - AWS re:Invent 2018
Enterprise DevOps: Patterns of Efficiency (ENT311-R1) - AWS re:Invent 2018Amazon Web Services
 
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018Amazon Web Services
 
Build a Vulnerability Management Program Using AWS for AWS (SEC337-R1) - AWS ...
Build a Vulnerability Management Program Using AWS for AWS (SEC337-R1) - AWS ...Build a Vulnerability Management Program Using AWS for AWS (SEC337-R1) - AWS ...
Build a Vulnerability Management Program Using AWS for AWS (SEC337-R1) - AWS ...Amazon Web Services
 
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018Amazon Web Services
 
Container Power Hour with Jess, Clare, and Abby (CON362) - AWS re:Invent 2018
Container Power Hour with Jess, Clare, and Abby (CON362) - AWS re:Invent 2018Container Power Hour with Jess, Clare, and Abby (CON362) - AWS re:Invent 2018
Container Power Hour with Jess, Clare, and Abby (CON362) - AWS re:Invent 2018Amazon Web Services
 
What’s New for Amazon DynamoDB - 2018 Q1 Update - AWS Online Tech Talks
What’s New for Amazon DynamoDB - 2018 Q1 Update - AWS Online Tech TalksWhat’s New for Amazon DynamoDB - 2018 Q1 Update - AWS Online Tech Talks
What’s New for Amazon DynamoDB - 2018 Q1 Update - AWS Online Tech TalksAmazon Web Services
 

Recommended

Building a DevOps Pipeline on AWS (DEV326) - AWS re:Invent 2018
Building a DevOps Pipeline on AWS (DEV326) - AWS re:Invent 2018Building a DevOps Pipeline on AWS (DEV326) - AWS re:Invent 2018
Building a DevOps Pipeline on AWS (DEV326) - AWS re:Invent 2018Amazon Web Services
 
Build a Game for Echo Buttons - an Alexa Gadget! (ALX405-R2) - AWS re:Invent ...
Build a Game for Echo Buttons - an Alexa Gadget! (ALX405-R2) - AWS re:Invent ...Build a Game for Echo Buttons - an Alexa Gadget! (ALX405-R2) - AWS re:Invent ...
Build a Game for Echo Buttons - an Alexa Gadget! (ALX405-R2) - AWS re:Invent ...Amazon Web Services
 
Enterprise DevOps: Patterns of Efficiency (ENT311-R1) - AWS re:Invent 2018
Enterprise DevOps: Patterns of Efficiency (ENT311-R1) - AWS re:Invent 2018Enterprise DevOps: Patterns of Efficiency (ENT311-R1) - AWS re:Invent 2018
Enterprise DevOps: Patterns of Efficiency (ENT311-R1) - AWS re:Invent 2018Amazon Web Services
 
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018Amazon Web Services
 
Build a Vulnerability Management Program Using AWS for AWS (SEC337-R1) - AWS ...
Build a Vulnerability Management Program Using AWS for AWS (SEC337-R1) - AWS ...Build a Vulnerability Management Program Using AWS for AWS (SEC337-R1) - AWS ...
Build a Vulnerability Management Program Using AWS for AWS (SEC337-R1) - AWS ...Amazon Web Services
 
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018Running Serverless at The Edge (CTD302) - AWS re:Invent 2018
Running Serverless at The Edge (CTD302) - AWS re:Invent 2018Amazon Web Services
 
Container Power Hour with Jess, Clare, and Abby (CON362) - AWS re:Invent 2018
Container Power Hour with Jess, Clare, and Abby (CON362) - AWS re:Invent 2018Container Power Hour with Jess, Clare, and Abby (CON362) - AWS re:Invent 2018
Container Power Hour with Jess, Clare, and Abby (CON362) - AWS re:Invent 2018Amazon Web Services
 
What’s New for Amazon DynamoDB - 2018 Q1 Update - AWS Online Tech Talks
What’s New for Amazon DynamoDB - 2018 Q1 Update - AWS Online Tech TalksWhat’s New for Amazon DynamoDB - 2018 Q1 Update - AWS Online Tech Talks
What’s New for Amazon DynamoDB - 2018 Q1 Update - AWS Online Tech TalksAmazon Web Services
 
Building Microservices with the Twelve Factor App Pattern on AWS
Building Microservices with the Twelve Factor App Pattern on AWSBuilding Microservices with the Twelve Factor App Pattern on AWS
Building Microservices with the Twelve Factor App Pattern on AWSAmazon Web Services
 
Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018
Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018
Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018Amazon Web Services
 
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Amazon Web Services
 
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...Amazon Web Services
 
A Serverless Journey: AWS Lambda Under the Hood (SRV409-R1) - AWS re:Invent 2018
A Serverless Journey: AWS Lambda Under the Hood (SRV409-R1) - AWS re:Invent 2018A Serverless Journey: AWS Lambda Under the Hood (SRV409-R1) - AWS re:Invent 2018
A Serverless Journey: AWS Lambda Under the Hood (SRV409-R1) - AWS re:Invent 2018Amazon Web Services
 
Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...
Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...
Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...Amazon Web Services
 
Hands-on in the AWS Java Ecosystem (DEV325-R1) - AWS re:Invent 2018
Hands-on in the AWS Java Ecosystem (DEV325-R1) - AWS re:Invent 2018Hands-on in the AWS Java Ecosystem (DEV325-R1) - AWS re:Invent 2018
Hands-on in the AWS Java Ecosystem (DEV325-R1) - AWS re:Invent 2018Amazon Web Services
 
Analyze Slide Images and Process Phenotypic Assays at Scale on AWS (CMP358) -...
Analyze Slide Images and Process Phenotypic Assays at Scale on AWS (CMP358) -...Analyze Slide Images and Process Phenotypic Assays at Scale on AWS (CMP358) -...
Analyze Slide Images and Process Phenotypic Assays at Scale on AWS (CMP358) -...Amazon Web Services
 
AWS Storage Leadership Session: What's New in Amazon S3, Amazon EFS, Amazon E...
AWS Storage Leadership Session: What's New in Amazon S3, Amazon EFS, Amazon E...AWS Storage Leadership Session: What's New in Amazon S3, Amazon EFS, Amazon E...
AWS Storage Leadership Session: What's New in Amazon S3, Amazon EFS, Amazon E...Amazon Web Services
 
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018Amazon Web Services
 
Become a Serverless Black Belt - Optimizing Your Serverless Applications - AW...
Become a Serverless Black Belt - Optimizing Your Serverless Applications - AW...Become a Serverless Black Belt - Optimizing Your Serverless Applications - AW...
Become a Serverless Black Belt - Optimizing Your Serverless Applications - AW...Amazon Web Services
 
Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018
Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018
Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018Amazon Web Services
 
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...Amazon Web Services
 
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018Amazon Web Services
 
Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...
Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...
Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...Amazon Web Services
 
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...Amazon Web Services
 
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018Amazon Web Services
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Amazon Web Services
 
Runtime Security across Kubernetes and AWS Fargate (CON317-R1) - AWS re:Inven...
Runtime Security across Kubernetes and AWS Fargate (CON317-R1) - AWS re:Inven...Runtime Security across Kubernetes and AWS Fargate (CON317-R1) - AWS re:Inven...
Runtime Security across Kubernetes and AWS Fargate (CON317-R1) - AWS re:Inven...Amazon Web Services
 
Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018
Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018
Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018Amazon Web Services
 
Adding the Sec to Your DevOps Pipelines: AWS Security Week at the SF Loft
Adding the Sec to Your DevOps Pipelines: AWS Security Week at the SF LoftAdding the Sec to Your DevOps Pipelines: AWS Security Week at the SF Loft
Adding the Sec to Your DevOps Pipelines: AWS Security Week at the SF LoftAmazon Web Services
 
CI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and FargateCI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and FargateAmazon Web Services
 

More Related Content

What's hot

Building Microservices with the Twelve Factor App Pattern on AWS
Building Microservices with the Twelve Factor App Pattern on AWSBuilding Microservices with the Twelve Factor App Pattern on AWS
Building Microservices with the Twelve Factor App Pattern on AWSAmazon Web Services
 
Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018
Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018
Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018Amazon Web Services
 
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Amazon Web Services
 
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...Amazon Web Services
 
A Serverless Journey: AWS Lambda Under the Hood (SRV409-R1) - AWS re:Invent 2018
A Serverless Journey: AWS Lambda Under the Hood (SRV409-R1) - AWS re:Invent 2018A Serverless Journey: AWS Lambda Under the Hood (SRV409-R1) - AWS re:Invent 2018
A Serverless Journey: AWS Lambda Under the Hood (SRV409-R1) - AWS re:Invent 2018Amazon Web Services
 
Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...
Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...
Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...Amazon Web Services
 
Hands-on in the AWS Java Ecosystem (DEV325-R1) - AWS re:Invent 2018
Hands-on in the AWS Java Ecosystem (DEV325-R1) - AWS re:Invent 2018Hands-on in the AWS Java Ecosystem (DEV325-R1) - AWS re:Invent 2018
Hands-on in the AWS Java Ecosystem (DEV325-R1) - AWS re:Invent 2018Amazon Web Services
 
Analyze Slide Images and Process Phenotypic Assays at Scale on AWS (CMP358) -...
Analyze Slide Images and Process Phenotypic Assays at Scale on AWS (CMP358) -...Analyze Slide Images and Process Phenotypic Assays at Scale on AWS (CMP358) -...
Analyze Slide Images and Process Phenotypic Assays at Scale on AWS (CMP358) -...Amazon Web Services
 
AWS Storage Leadership Session: What's New in Amazon S3, Amazon EFS, Amazon E...
AWS Storage Leadership Session: What's New in Amazon S3, Amazon EFS, Amazon E...AWS Storage Leadership Session: What's New in Amazon S3, Amazon EFS, Amazon E...
AWS Storage Leadership Session: What's New in Amazon S3, Amazon EFS, Amazon E...Amazon Web Services
 
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018Amazon Web Services
 
Become a Serverless Black Belt - Optimizing Your Serverless Applications - AW...
Become a Serverless Black Belt - Optimizing Your Serverless Applications - AW...Become a Serverless Black Belt - Optimizing Your Serverless Applications - AW...
Become a Serverless Black Belt - Optimizing Your Serverless Applications - AW...Amazon Web Services
 
Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018
Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018
Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018Amazon Web Services
 
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...Amazon Web Services
 
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018Amazon Web Services
 
Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...
Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...
Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...Amazon Web Services
 
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...Amazon Web Services
 
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018Amazon Web Services
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Amazon Web Services
 
Runtime Security across Kubernetes and AWS Fargate (CON317-R1) - AWS re:Inven...
Runtime Security across Kubernetes and AWS Fargate (CON317-R1) - AWS re:Inven...Runtime Security across Kubernetes and AWS Fargate (CON317-R1) - AWS re:Inven...
Runtime Security across Kubernetes and AWS Fargate (CON317-R1) - AWS re:Inven...Amazon Web Services
 
Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018
Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018
Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018Amazon Web Services
 

What's hot (20)

Building Microservices with the Twelve Factor App Pattern on AWS
Building Microservices with the Twelve Factor App Pattern on AWSBuilding Microservices with the Twelve Factor App Pattern on AWS
Building Microservices with the Twelve Factor App Pattern on AWS
 
Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018
Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018
Amazon WorkSpaces for Regulated Industries (BAP211) - AWS re:Invent 2018
 
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
 
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...
Hands-On: Automating AWS Infrastructure with PowerShell (WIN308) - AWS re:Inv...
 
A Serverless Journey: AWS Lambda Under the Hood (SRV409-R1) - AWS re:Invent 2018
A Serverless Journey: AWS Lambda Under the Hood (SRV409-R1) - AWS re:Invent 2018A Serverless Journey: AWS Lambda Under the Hood (SRV409-R1) - AWS re:Invent 2018
A Serverless Journey: AWS Lambda Under the Hood (SRV409-R1) - AWS re:Invent 2018
 
Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...
Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...
Operational Excellence with Containerized Workloads Using AWS Fargate (CON320...
 
Hands-on in the AWS Java Ecosystem (DEV325-R1) - AWS re:Invent 2018
Hands-on in the AWS Java Ecosystem (DEV325-R1) - AWS re:Invent 2018Hands-on in the AWS Java Ecosystem (DEV325-R1) - AWS re:Invent 2018
Hands-on in the AWS Java Ecosystem (DEV325-R1) - AWS re:Invent 2018
 
Analyze Slide Images and Process Phenotypic Assays at Scale on AWS (CMP358) -...
Analyze Slide Images and Process Phenotypic Assays at Scale on AWS (CMP358) -...Analyze Slide Images and Process Phenotypic Assays at Scale on AWS (CMP358) -...
Analyze Slide Images and Process Phenotypic Assays at Scale on AWS (CMP358) -...
 
AWS Storage Leadership Session: What's New in Amazon S3, Amazon EFS, Amazon E...
AWS Storage Leadership Session: What's New in Amazon S3, Amazon EFS, Amazon E...AWS Storage Leadership Session: What's New in Amazon S3, Amazon EFS, Amazon E...
AWS Storage Leadership Session: What's New in Amazon S3, Amazon EFS, Amazon E...
 
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018
 
Become a Serverless Black Belt - Optimizing Your Serverless Applications - AW...
Become a Serverless Black Belt - Optimizing Your Serverless Applications - AW...Become a Serverless Black Belt - Optimizing Your Serverless Applications - AW...
Become a Serverless Black Belt - Optimizing Your Serverless Applications - AW...
 
Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018
Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018
Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018
 
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
 
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018
 
Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...
Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...
Update Your Developer Workflow for Cloud-Enabled Mobile Apps (MOB315-R1) - AW...
 
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...
 
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
 
Runtime Security across Kubernetes and AWS Fargate (CON317-R1) - AWS re:Inven...
Runtime Security across Kubernetes and AWS Fargate (CON317-R1) - AWS re:Inven...Runtime Security across Kubernetes and AWS Fargate (CON317-R1) - AWS re:Inven...
Runtime Security across Kubernetes and AWS Fargate (CON317-R1) - AWS re:Inven...
 
Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018
Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018
Protecting Game Servers Against DDoS Attacks (SEC420-R1) - AWS re:Invent 2018
 

Similar to Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018

Adding the Sec to Your DevOps Pipelines: AWS Security Week at the SF Loft
Adding the Sec to Your DevOps Pipelines: AWS Security Week at the SF LoftAdding the Sec to Your DevOps Pipelines: AWS Security Week at the SF Loft
Adding the Sec to Your DevOps Pipelines: AWS Security Week at the SF LoftAmazon Web Services
 
CI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and FargateCI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and FargateAmazon Web Services
 
From Code to a Running Container | AWS Floor28
From Code to a Running Container | AWS Floor28From Code to a Running Container | AWS Floor28
From Code to a Running Container | AWS Floor28Amazon Web Services
 
Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams Amazon Web Services
 
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_SingaporeCI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_SingaporeAmazon Web Services
 
Ci/CD for AWS Lambda Projects - JLM CTO Club
Ci/CD for AWS Lambda Projects - JLM CTO ClubCi/CD for AWS Lambda Projects - JLM CTO Club
Ci/CD for AWS Lambda Projects - JLM CTO ClubBoaz Ziniman
 
Improve Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & DeliveryImprove Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & DeliveryAmazon Web Services
 
Improve Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & DeliveryImprove Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & DeliveryAmazon Web Services
 
DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)Amazon Web Services
 
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...Amazon Web Services
 
Amazon CI/CD Practices for Software Development Teams - SRV320 - Chicago AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Chicago AWS ...Amazon CI/CD Practices for Software Development Teams - SRV320 - Chicago AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Chicago AWS ...Amazon Web Services
 
Build CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesBuild CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesAmazon Web Services
 
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...Amazon Web Services
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...Amazon Web Services
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Amazon Web Services
 
Amazon CI/CD Practices for Software Development Teams - SRV320 - Atlanta AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Atlanta AWS ...Amazon CI/CD Practices for Software Development Teams - SRV320 - Atlanta AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Atlanta AWS ...Amazon Web Services
 
Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...
Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...
Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...Amazon Web Services
 
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...Amazon Web Services
 
CI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelCI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelAmazon Web Services
 

Similar to Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018 (20)

Adding the Sec to Your DevOps Pipelines: AWS Security Week at the SF Loft
Adding the Sec to Your DevOps Pipelines: AWS Security Week at the SF LoftAdding the Sec to Your DevOps Pipelines: AWS Security Week at the SF Loft
Adding the Sec to Your DevOps Pipelines: AWS Security Week at the SF Loft
 
CI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and FargateCI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and Fargate
 
From Code to a Running Container | AWS Floor28
From Code to a Running Container | AWS Floor28From Code to a Running Container | AWS Floor28
From Code to a Running Container | AWS Floor28
 
Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams
 
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_SingaporeCI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
 
Ci/CD for AWS Lambda Projects - JLM CTO Club
Ci/CD for AWS Lambda Projects - JLM CTO ClubCi/CD for AWS Lambda Projects - JLM CTO Club
Ci/CD for AWS Lambda Projects - JLM CTO Club
 
Improve Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & DeliveryImprove Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & Delivery
 
Improve Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & DeliveryImprove Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & Delivery
 
DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)
 
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
 
CI/CD@Scale
CI/CD@ScaleCI/CD@Scale
CI/CD@Scale
 
Amazon CI/CD Practices for Software Development Teams - SRV320 - Chicago AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Chicago AWS ...Amazon CI/CD Practices for Software Development Teams - SRV320 - Chicago AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Chicago AWS ...
 
Build CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesBuild CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation Slides
 
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
 
Amazon CI/CD Practices for Software Development Teams - SRV320 - Atlanta AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Atlanta AWS ...Amazon CI/CD Practices for Software Development Teams - SRV320 - Atlanta AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Atlanta AWS ...
 
Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...
Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...
Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...
 
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
 
CI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day IsraelCI/CD pipelines on AWS - Builders Day Israel
CI/CD pipelines on AWS - Builders Day Israel
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018

  • 1.
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Adding the Sec to Your DevOps Pipelines S E C 3 3 2 Welcome to the Workshop and have a seat. Please visit http://bit.ly/2CVczI0 and follow the setup instructions to complete the pre-requisite for this workshop. If you need to create a new AWS account, visit http://bit.ly/2P45JHn
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Adding the Sec to Your DevOps Pipelines Armando Leite Sr. Manager Solutions Prototyping S E C 3 3 2 Adam McLean Solutions Developer Solutions Prototyping Aravind Kodandaramaiah Solutions Developer Solutions Prototyping
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda Dev(Sec)Ops Overview Security in the Pipeline Pipeline Build-Out Take home challenge Wrap-up Q&A
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What is DevOps? What is DevSecOps? Reliability Speed ScaleRapid Delivery Improved Collaboration Combination of Practices and tools SecDev Ops Adding Sec to Dev/__/Ops Security Securing the Pipeline Auditing Workloads Operations Security in the Pipeline
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security in the Pipeline Source Control Build Testing & Staging Production Maintain AWS CodeCommit AWS CloudFormation AWS CodeBuild AWS Step Functions AWS X-Ray AWS CodePipeline AWS Step Functions AWS CodeDeploy AWS Elastic Beanstalk AWS Systems Manager Amazon GuardDuty AWS CodeStar AWS CodePipeline AWS CodeStar AWS CodePipeline COMMIT CHANGES BUILD ARTIFACTS DEPLOY TO TEST ENVIRONMENT RUN INTEGRATION, SECURITY, LOAD AND OTHER TESTS DEPLOY TO PRODUCTION ENVIRONMENT MANAGE RUNTIME
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What you will do today? 1. Build a CI/CD Pipeline. 2. Implement security IN the Pipeline.
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Pipeline Pre-requisite check http://bit.ly/2CVczI0 5 Min
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The base Pipeline Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda SSM Automation EC2 Instance Golden AMI Build source code CodeBuild
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The final Pipeline Source Source Code CodeCommit Static Code Analysis CodeBuild Launch & Install Lambda AWS CodePipeline EC2 Instance Vulnerability check Lambda Build AMI Lambda Amazon Inspector SSM Automation Golden AMI
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your turn – Build the base pipeline Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda Build source code CodeBuild Golden AMI http://bit.ly/2zlngjB 25 Min
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Is the base Pipeline working? Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda Static code analysis CodeBuild Golden AMI
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Static Code Analysis
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your turn - Add static code analysis to the Pipeline Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda SSM Automation EC2 Instance Golden AMI Static code analysis CodeBuild http://bit.ly/2D1uk8u 8 Min
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Did the Pipeline find the embedded credentials?
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your Turn – Remove the embedded Credentials Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda Static code analysis CodeBuild Golden AMI http://bit.ly/2F7Wd1p 12 Min
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Vulnerability Assessment with Amazon Inspector What is Amazon Inspector? Vulnerability assessment service in the cloud. • Application / EC2 security assessment • Selectable built-in rules • Runtime Behavioral Analysis • CVE (common vulnerabilities and exposures) • AWS Security Best Practices • Weak Security Configuration(CIS Security Benchmarks) • Network Reachability • Security findings – guidance and management • Automatable via APIs
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your turn - Add Vulnerability assessment to the Pipeline Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda SSM Automation EC2 Instance Golden AMI Static code analysis CodeBuild Vulnerability Check Lambda Amazon Inspector http://bit.ly/2RwEsKB 20 Min
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Did the Pipeline catch the vulnerability?
  • 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What did Amazon Inspector find? Finding Recommendation A security flaw was found in the chap_server_compute_md5() function Use your Operating System's update feature to update package kernel- 0:4.14.62- 65.117.amzn1 The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. Use your Operating System's update feature to update package kernel- 0:4.14.62- 65.117.amzn1 Fix yum –y update kernel yum –y update kernel
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your Turn – Fix the vulnerability Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda Static code analysis CodeBuild Vulnerability Check Lambda Golden AMI http://bit.ly/2RzgvCk 20 Min
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your Turn – Launch the AMI http://bit.ly/2zxg18e 15 Min
  • 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Threat detection and continuous monitoring with Amazon GuardDuty GuardDuty Monitors • Unusual API calls. • Potentially unauthorized deployments that indicate a possible account compromise. • Potentially compromised instances or reconnaissance by attackers.
  • 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How GuardDuty Works Threat intel, ML/AI Anomaly Detection SIEM and/or Remediate Reconnaissance Instance Compromise Account Compromise DNS Logs CloudTrail Events HIGH MEDIUM LOW FindingsData SourcesThreat Detection Types VPC Flow logs Amazon GuardDuty AWS Cloud
  • 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your Turn - Cleanup AWS Resources http://bit.ly/2Dl7A4k
  • 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 36. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Aravind Kodandaramaiah karavind@amazon.com Adam Mclean apmclean@amazon.com
  • 37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.