Interest

DevOps Security in AWS

Applying DevOps Security for an AWS application.

Implementing DevOps Security can be challenging if it has not been done previously. Thankfully, AWS has a variety of tools and services to accelerate the process. Regardless of how fast your development cycle is, releasing software with vulnerabilities will only set you back in the long run.

What is DevOps Security?

DevOps Security also known as DevSecOps is a development approach shifting security into the software development life cycle (SDLC). Having security be a shared responsibility amongst both developers and IT operations and implemented in the early stages of the cycle to reduce vulnerabilities and deliver secure and compliant application changes.

Benefits of integrating security into DevOps:

  • Early bug fixing leads to reduced costs
  • Improving software security
  • Early threat detection leads to increased recovery speed
  • Higher customer value
  • Reduced time for security checks
  • Increased delivery speed

How do we apply DevOps Security to AWS?

Identifying security vulnerabilities at various stages requires integrating a variety of tools and services into the pipeline. However, AWS has the services and tools needed to provide easy integrations with your pipelines. Some of these services listed are aimed at automating code testing and applying security checks during the code development process.

Use the following AWS Services for DevOps Security, many of which Trek10 has more in-depth interest pages on each:

Integrate security into your DevOps pipeline with these AWS services for automated code, building, deployment, and analysis.

  • AWS CodeBuild - A service that compiles source code, runs tests, and prepares software packages for deployment.
  • AWS CodeCommit - Fully-managed source control service that hosts secure git-based repositories.
  • AWS CodeDeploy - A service for automated code deployment to AWS-based, on-prem, and third-party computing services.
  • AWS CodePipeline - Fully managed continuous delivery service helping to automate your release pipelines and automate preventive and detective security controls.
  • AWS Cloudformation - A service for describing and provisioning infrastructure resources automatically and securely.
  • AWS Lambda - A serverless computing tool that automatically runs your code in response to detected triggers.
  • AWS Systems Manager Parameter Store - Securely store configurations and manage secrets.

Use these services to ensure protection against sensitive data.

  • AWS IAM - Service for managing access rights and verifying who implements changes, audit logs, etc.
  • AWS Key Management Services - Service for creating and managing the encryption keys necessary for data protection.
  • Amazon Virtual Private Cloud - Service that allows you to create private clouds within AWS public cloud, providing layer 3 isolation from the internet.

Use these services to automate incident response and remediation.

  • Amazon SNS - Fully managed messaging service for both application-to-application and application-to-person communication.
  • AWS Security Hub - Comprehensive view of your security alerts and security posture across your AWS accounts.
  • AWS CloudWatch - Allows you to monitor, store and access your log files from various sources.
  • AWS CloudTrail - Enables governance, compliance, operational auditing, and risk auditing of your account.

Integrating security into DevOps practices can be very beneficial and help you successfully overcome any security challenges along the way.