Más contenido relacionado La actualidad más candente (20) Similar a CI/CD@Scale (20) Más de Amazon Web Services (20) CI/CD@Scale1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Yuriko Horvath
Sr. Solutions Architect – FedCiv, Amazon Web Services
Len Henry
Sr. Solutions Architect – Edu, Amazon Web Services
Continuous Integration/Continuous Delivery
[CI/CD] to Scale Compliance & Security
2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Key Takeaways
• Benefits of automated security and compliance testing in CI/CD
• Introduction to AWS, partner and industry tools choices for CI/CD,
security, and compliance
• Learn patterns for CI/CD within AWS accounts
3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Secure Applications
Secure Infrastructure
Enhance Governance
CI/CD goals to constantly….
Deliver Value Faster
Raise Code Quality
Raise Feature Quality
Change Control
Consistency of
Environments
Automate Deployments
Automate Rollbacks
Enhance Performance
DevOps
CompSecOps
4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CI/CD on AWS for Infrastructure
5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Secure Applications
Secure Infrastructure
Enhance Governance
Infrastructure: CI/CD goals to constantly….
Change Control
Consistency of
Environments
Automate Deployments
Automate Rollbacks
Enhance Performance
CompSecOps
6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Prod Build Env Report
CodeCommit
Commit
Dev Acct
Prod Acct
Tools Acct
Coordinate
Build Artifacts
Elsewhere
Test
Test Build Env
Test Acct
Report
1
Deploy
7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
ß
Committing Code
• IAM, Managed service,
Price
• Encryption at rest
• AWS integration
CodeCommit
• Custom login
• Issue tracking
• Webhooks
• Enterprise hosting
• Jira integration
• Mercurial version
control
• Price
• Enterprise hosting
Git version control
Collaboration & pull request reviews
GitHub
8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Prod Build Env Report
CodeCommit
Commit
Dev Acct
Prod Acct
Tools Acct
Coordinate
Build Artifacts
Elsewhere
Deploy
Test
Test Build Env
Test Acct
Report
1
Lambda
CodePipeline
2
3
4
CloudFormation
Elastic
Beanstalk
OpsWorks
Jenkins
9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Coordinating CI/CD Pipeline
• IAM, managed
service, price
• Setup & integration
with AWS developer
tools
• Integration with AWS
services
CodePipeline
• Complicated CI/CD
workflow patterns
needing
customizations
Lambda
• Extensible plugin
architecture
• Configurable
*AWS Marketplace
CI/CD orchestration
Jenkins
10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Deploying Infrastructure
• Infrastructure as code for a
majority of AWS services
• Simple setup
• Developer friendly
• Community
• On-premises
Deployment and lifecycle of application infrastructure
CodePipeline integration
IAM, managed service, price
CloudFormation
OpsWorks
Elastic
Beanstalk
11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Prod Build Env Report
CodeCommit
Commit
Dev Acct
Prod Acct
Tools Acct
Coordinate
Build Artifacts
Elsewhere
Test
Test Build Env
Test Acct
Report
1
Lambda
CodePipeline
Amazon
Inspector
AWS Config
CodeBuild
2
3
4
5
6
7
Deploy
CloudFormation
Elastic
Beanstalk
OpsWorks
Jenkins
12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Testing Functionality
• IAM integration
• Managed service w/ auto scaling
• On-demand pricing
• Easy setup & CodePipeline integration
• Hooks to CodeCommit, S3, GitHub [Enterprise]
• Integration with unit; integration, UI, and performance-testing suites
CodeBuild CodePipeline
13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Testing security compliance
• Security for EC2
applications
• Templated
vulnerability, security,
and best practice
rules
• Compliance
Amazon Inspector
• Configurable AWS
resource rules
• Continuous
monitoring
• Dashboards and
notifications of
violations
AWS
Config
• Configurable
compliance rules
• Integrates with
Systems Manager
14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security Testing
15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Prod Build Env Report
CodeCommit
Commit
Dev Acct
Prod Acct
Tools Acct
Coordinate
Build Artifacts
Elsewhere
Test
Test Build Env
Test Acct
Report
1
Lambda
CodePipeline
CodeBuild
2
3
4
5
6
7
8
8
9
Deploy
CloudFormation
Elastic
Beanstalk
OpsWorks
Amazon
Inspector
AWS Config
Amazon
Inspector
AWS Config
Jenkins
16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Demo CI/CD Infrastructure & Security on
AWS
https://youtu.be/nH6FetJ2r2M
17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CI/CD on AWS for Applications
19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Applications: CI/CD goals to constantly….
Deliver Value Faster
Raise Code Quality
Raise Feature Quality
Change Control
Consistency of
Environments
Automate Deployments
Automate Rollbacks
Enhance Performance
DevOps
20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CodeCommit
Commit
Dev Acct
Prod Acct
Tools Acct
Coordinate
Build Artifacts
Elsewhere
Store Artifacts
Deploy
Test
Prod Build Env
Test Build Env
Test Acct
Report
Lambda
CodePipeline
CodeBuild
S3 Amazon ECR AMI
2
4
3
Jenkins
Jenkins
1
21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Building Artifacts
• IAM, managed service w/ auto-
scaling, pricing
• Setup & CodePipeline integration
• Hooks to CodeCommit, S3, GitHub
[Enterprise]
• Artifact store on S3, Amazon ECR,
and Docker Hub
CodeBuild
• Extensible plug-in architecture
• Configurable
*AWS Marketplace
Jenkins
22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CodeCommit
Commit
Dev Acct
Prod Acct
Tools Acct
Coordinate
Build Artifacts
Elsewhere
Store Artifacts
Deploy
Test
Prod Build Env
Test Build Env
Test Acct
Report
1
Lambda
CodePipeline
CodeBuild
S3 Amazon ECR AMI
2
4
3
6
7
SNS
5
8
9
CodeDeploy
Amazon ECS EB Amazon InspectorEC2
CodeBuild
Jenkins
Jenkins
Report
23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Deploying Code
• IAM, managed service w/
auto-scaling
• Pricing
• Console setup &
CodePipeline & auto-scaling
integration
• Trackable rolling deploys
with rollbacks
CodeDeploy
• Operator-friendly
configuration through
JSON
• Community recipes
• Developer-friendly
configuration through
Ruby scripts
Deploy to EC2, Lambda
Deploy to on-premises instances
24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Testing Functionality
• IAM integration
• Managed service w/ auto-scaling
• On-demand pricing
• Setup & CodePipeline integration
• Hooks to CodeCommit, S3, GitHub [Enterprise]
• Integration with unit; integration, UI, and performance-testing suites
CodeBuild CodePipeline
25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Testing Security
• Application security, vulnerability and compliance testing
• DevOps integration through APIs
• Testing rules for CVE, CIS benchmarks, security best practices, and
runtime behavior analysis
Amazon Inspector
26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Functionality Testing
27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Performance & Load Testing
28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CodeCommit
Commit
Dev Acct
Prod Acct
Tools Acct
Coordinate
Build Artifacts
Elsewhere
Store Artifacts
Deploy
Test
Prod Build Env
Test Build Env
Test Acct
Report
1
Lambda
CodePipeline
CodeBuild
S3 Amazon ECR AMI
2
4
3
5
6
Amazon SNS
7
8
9
CodeDeploy
Amazon ECS EB Amazon InspectorEC2
CodeBuild
10
11
12
Report
Amazon ECS EB Amazon InspectorEC2
Jenkins
Jenkins
29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Demo CI/CD Application & Security on AWS
https://youtu.be/iWTCQLtx3qc
30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Secure Applications
Secure Infrastructure
Enhance Governance
CI/CD goals to constantly….
Deliver Value Faster
Raise Code Quality
Raise Feature Quality
Change Control
Consistency of
Environments
Automate Deployments
Automate Rollbacks
Enhance Performance
DevOps
CompSecOps
32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!
Talk to your AWS account team to
discuss implementation!