Agile DevOps - architecture, technical practices, and culture

Use Cloud and DevOps to build infrastructure by rapid agile iterative development using collaborative open source tools:
-chef cookbooks, puppet modules or ansible playbooks to build servers.
-Test Kitchen to deploy and test them.
-EC2Dream a graphic user interface that provides a 'single pane of glass' to do agile devops primarily on cloud servers.
-Cloud Formation or Terraform using cfndsl Ruby or Troposphere DSL for easy orchestration.
-Amazon AWS, Azure, Google Compute Engine, IBM, Openstack, Local and Hosted servers.

Security


Security on Amazon EC2 is basically at 2 levels:
1. Amazon provides various security features.
2. Various security features need to be configured in the instance you are running.

First, the Amazon features.

Amazon have an AWS Security WhitePaper that documents EC2s security environment.

a. Amazon promise that the Xen-based hypervisor provides instance isolation.
b. Amazon force you to use certificates and keys to access your instance via ssh.
c. The Amazon firewall (via security groups) by default denys all inbound traffic.

Secondly, configuring for security in the instance

a. Select an Amazon Machine Image - only use Amazon AMIs or Community AMIs from well know suppliers e.g. Rightscale or RPath. Also follow the guidelines on Sharing AMIs Safely

b. The primary means of securing access to an Machine is security groups.
 - Currently I create a security for each instance as this helps identify them in AWS Management console.
 - Create a ssh connection but restrict it to the IP address of your client.
 - As well as specifying open ports you can specify other security groups that have access but currently cannot limit this by port number.
 - Configure the minimum number of open ports

c. Configure security in your instance.
 - Consider using the firewall of your instance as an additional firewall.
 - Some application like databases allow you to configure IP addresses for clients.


For other topics such as VPN, Encryption, Securing Resources see:

Securing your data in the Cloud
Securing your data in the Cloud Slides
20 Rules for Amazon Cloud Security
Three tools to help you configure iptables
Amazon Web Services: Overview of Security Processes
Tips for Securing Your EC2 Instance
Securing n-tier and distributed applications on EC2
Sharing AMIs Safely

0 comments:

Post a Comment