DevSecOps Bootcamp - Week 5 - Lesson 1

Transcript

1. 1 BUILDING RUGGED SOFTWARE YEAR ONE / WEEK FIVE /

   LESSON ONE Copyright © DevSecOps Foundation 2015-2016

2. 2 Copyright © DevSecOps Foundation 2015-2016 Infrastructure as Code (IaC)

   is the process of managing and provisioning computinginfrastructure(process es, bare-metal servers, virtual servers, etc.) and their configuration through machine- processable definitionfiles, rather than physical hardware configuration or the use of interactive configuration tools. (Wikipedia, 2016) Infrastructure as Code

3. 3 Copyright © DevSecOps Foundation 2015-2016 • Automation • Rigor

   • Source Code Management • Rollback • Verification • Defect Tracking • Speed IaC Benefits CC BY-SA 3.0 NY

4. 4 Copyright © DevSecOps Foundation 2015-2016 • Allows for the

   creation and management of AWS resources • Allows for the deployment of AWS resources • Can be updated while infrastructure is running • Enables CICD (blue/green stack) AWS CloudFormation

5. 5 Copyright © DevSecOps Foundation 2015-2016 • All CloudFormationcontent needs

   to be in valid JSON • Use an IDE or JSON validator • Highest Level is an Object (JSON Object) • Objects are Associative Arrays (Think Key Value Pairs) • Require • AWSTemplateFormatVersion • Description CloudFormation Top Level Structure

6. 6 Copyright © DevSecOps Foundation 2015-2016 • JSON Object •

   Required Fields: • Type • String, Number, List • Description • Free form text • Optional Fields: • Default • AllowedValues • AllowedPattern • ConstraintDescription Parameters "InstanceType": { "Type": "String", "Description": "WebServer EC2 instance type", "AllowedValues" : [ "m1.small", "m1.medium" ] }, "StudentId": { "Type": "String", "Description": "Your student id, e.g., student1", "AllowedPattern" : "[a-z][0-9]*", }, "KeyName": { "Type": "AWS::EC2::KeyPair::KeyName", "Description": "Name of an existing EC2 KeyPair to…" }, "AppSubnetId": { "Type": "AWS::EC2::Subnet::Id", "Description": "A subnet ID where the app will run" },

7. 7 Copyright © DevSecOps Foundation 2015-2016 • JSON Object (Seeing

   a pattern yet?) • Currently supports 157 different AWS resource types • EC2 • RDS • Route 53 • Etc.. Resources (AWS, 2016)

8. 8 Copyright © DevSecOps Foundation 2015-2016 • Can execute commands

   during boot • Used for bootstrapping • Found on instance in /var/lib/cloud/instance/scripts/pa rt-001 • Only run on first boot of instance • Be careful can easily be overused • Don’t use hardcoded secrets Userdata

9. 9 Copyright © DevSecOps Foundation 2015-2016 • Optional • Allows

   you to display the output of specific values to the CloudFormation console • Helpful to show what stack is running (Blue vs Green) Outputs

10. 10 Copyright © DevSecOps Foundation 2015-2016 • https://github.com/devsecops/bootcamp/blob/master/Week- 5/labs/LAB-1.md Lab

    1 Building a CloudFormation Stack