- Ocena:
- Bądź pierwszym, który oceni tę książkę
- Stron:
- 396
- Dostępne formaty:
-
ePubMobi
Opis ebooka: Security and Microservice Architecture on AWS
Security is usually an afterthought when organizations design microservices for cloud systems. Most companies today are exposed to potential security threats, but their responses are often more reactive than proactive. This leads to unnecessarily complicated systems that are hard to implement and even harder to manage and scale. Author Gaurav Raje shows you how to build highly secure systems on AWS without increasing overhead.
Ideal for cloud solution architects and software developers with AWS experience, this practical book starts with a high-level architecture and design discussion, then explains how to implement your solution in the cloud while ensuring that the development and operational experience isn't compromised. By leveraging the AWS Shared Responsibility Model, you'll be able to:
- Develop a modular architecture using microservices that aims to simplify compliance with various regulations in finance, medicine, and legal services
- Introduce various AWS-based security controls to help protect your microservices from malicious actors
- Leverage the modularity of the architecture to independently scale security mechanisms on individual microservices
- Improve the security posture without compromising the autonomy or efficiency of software development teams
Wybrane bestsellery
-
Ta książka będzie świetnym uzupełnieniem wiedzy o Flutterze i Darcie, sprawdzi się również jako wsparcie podczas rozwiązywania konkretnych problemów. Znalazło się tu ponad sto receptur, dzięki którym poznasz tajniki pisania efektywnego kodu, korzystania z narzędzi udostępnianych przez framework F...
Flutter i Dart. Receptury. Tworzenie chmurowych aplikacji full stack Flutter i Dart. Receptury. Tworzenie chmurowych aplikacji full stack
(44.85 zł najniższa cena z 30 dni)48.30 zł
69.00 zł(-30%) -
Czy chcesz szybko i skutecznie opanować podstawy Microsoft Azure, zrozumieć jego architekturę i możliwości? W takim razie to książka dla Ciebie! Czy chcesz nauczyć się, jak wdrażać, zarządzać i skalować aplikacje w chmurze Azure, nie tracąc przy tym cennego czasu? W takim razie to książka dla C...
Azure w 1 dzień. Microsoft Azure od podstaw po zaawansowane techniki Azure w 1 dzień. Microsoft Azure od podstaw po zaawansowane techniki
-
Oto zaktualizowane wydanie bestsellerowego przewodnika dla architektów rozwiązań. Dzięki niemu dobrze poznasz wzorce projektowe wbudowane w chmurę, czyli model AWS Well-Architected Framework. Zaznajomisz się z sieciami w chmurze AWS z uwzględnieniem sieci brzegowych i tworzeniem hybrydowych połąc...
AWS dla architektów rozwiązań. Tworzenie, skalowanie i migracja aplikacji do chmury Amazon Web Services. Wydanie II AWS dla architektów rozwiązań. Tworzenie, skalowanie i migracja aplikacji do chmury Amazon Web Services. Wydanie II
Saurabh Shrivastava, Neelanjali Srivastav, Alberto Artasanchez, Imtiaz Sayed
(90.35 zł najniższa cena z 30 dni)97.30 zł
139.00 zł(-30%) -
Szukasz kursu, który pomoże Ci zdobyć wiele praktycznych umiejętności związanych z korzystaniem z narzędzia Terraform? Jesteś we właściwym miejscu. Terraform, określany jako oprogramowanie pozwalające zarządzać infrastrukturą komputerową w modelu „infrastruktura jako kod”, służy w pra...
Terraform w praktyce. Kurs video. Architektura serverless i usługi chmurowe AWS Terraform w praktyce. Kurs video. Architektura serverless i usługi chmurowe AWS
(67.60 zł najniższa cena z 30 dni)101.40 zł
169.00 zł(-40%) -
To trzecie wydanie przewodnika autorstwa twórców Kubernetesa. Zostało starannie zaktualizowane i wzbogacone o tak ważne zagadnienia jak bezpieczeństwo, dostęp do Kubernetesa za pomocą kodu napisanego w różnych językach programowania czy tworzenie aplikacji wieloklastrowych. Dzięki książce poznasz...
Kubernetes. Tworzenie niezawodnych systemów rozproszonych. Wydanie III Kubernetes. Tworzenie niezawodnych systemów rozproszonych. Wydanie III
(44.85 zł najniższa cena z 30 dni)48.30 zł
69.00 zł(-30%) -
To praktyczny przewodnik dla inżynierów, którzy chcą planować i wdrażać usługi Amazon Web Services. Przyda się również osobom planującym zdobycie certyfikatu AWS. Przedstawiono tu zasady pracy zgodne z najlepszymi praktykami Well-Architected Framework firmy Amazon, wprowadzono kluczowe koncepcje,...
Amazon Web Services. Podstawy korzystania z chmury AWS Amazon Web Services. Podstawy korzystania z chmury AWS
(44.50 zł najniższa cena z 30 dni)48.95 zł
89.00 zł(-45%)
Ebooka "Security and Microservice Architecture on AWS" przeczytasz na:
-
czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
-
systemach Windows, MacOS i innych
-
systemach Windows, Android, iOS, HarmonyOS
-
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi
Masz pytania? Zajrzyj do zakładki Pomoc »
Audiobooka "Security and Microservice Architecture on AWS" posłuchasz:
-
w aplikacji Ebookpoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych
-
na dowolnych urządzeniach i aplikacjach obsługujących format MP3 (pliki spakowane w ZIP)
Masz pytania? Zajrzyj do zakładki Pomoc »
Kurs Video "Security and Microservice Architecture on AWS" zobaczysz:
-
w aplikacjach Ebookpoint i Videopoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych z dostępem do najnowszej wersji Twojej przeglądarki internetowej
Szczegóły ebooka
- ISBN Ebooka:
- 978-10-981-0142-8, 9781098101428
- Data wydania ebooka:
- 2021-09-08 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
- Język publikacji:
- angielski
- Rozmiar pliku ePub:
- 16.5MB
- Rozmiar pliku Mobi:
- 26.8MB
Spis treści ebooka
- Preface
- Goals of This Book
- Who Should Use This Book
- Conventions Used in This Book
- Using Code Examples
- OReilly Online Learning
- How to Contact Us
- Acknowledgments
- 1. Introduction to Cloud Microservices
- Basics of Cloud Information Security
- Risk and Security Controls
- Organizational Security Policy
- Security Incidents and the CIA Triad
- AWS Shared Responsibility Model
- Basics of Cloud Information Security
- Cloud Architecture and Security
- Security Through Modularity
- Security Through Simplicity
- Security Through Fully Managed AWS Services
- Blast Radius, Isolation, and the Locked Rooms Analogy
- Defense-in-Depth and Security
- Security Through Perimeter Protection
- Security Through Zero Trust Architecture
- A Brief Introduction to Software Architecture
- Tier-Based Architecture
- Domain-Driven Design
- Microservices
- Implementation of Microservices on AWS
- Container-Based Microservice Architecture
- A Very Brief Introduction to Kubernetes
- Function as a Service: FaaS Using AWS Lambda
- Overview of Cloud Microservice Implementation
- Amazon EKS
- Amazon EKS Fargate Mode
- Function as a Service Using AWS Lambda
- Microservice Implementation Summary
- Examples of Microservice Communication Patterns
- Example 1: Simple Message Passing Between Contexts
- Example 2: Message Queues
- Example 3: Event-Based Microservices
- Summary
- 2. Authorization and Authentication Basics
- Basics of AWS Identity and Access Management
- Principals on AWS
- IAM Policies
- Principle of Least Privilege
- PoLP and Blast Radius
- Structure of AWS IAM Policies
- Principal-Based Policies
- Resource-Based Policies
- The Zone of Trust
- Evaluation of Policies
- Basics of AWS Identity and Access Management
- Advanced Concepts in AWS IAM Policies
- IAM Policy Conditions
- AWS Tags and Attribute-Based Access Control
- Not Policy Elements: NotPrincipal and NotResource
- Wrapping Up IAM Policies
- Role-Based Access Control
- RBAC Modeling
- Securing Roles
- Assuming Roles
- Assume Roles Using the AWS Command-Line Interface (CLI)
- Switching Roles Using AWS Management Console
- Service-Linked Role
- Authentication and Identity Management
- Basics of Authentication
- Identity Federation on AWS
- Identity Federation Using SAML 2.0 and OpenID Connect
- RBAC and Microservices
- Execution Roles
- RBAC with AWS Lambda
- RBAC with EC2 and the Instance Metadata Service
- RBAC with Amazon EKS Using IAM Roles for Service Accounts
- Summary
- 3. Foundations of Encryption
- Brief Overview of Encryption
- Why Is Encryption Important on AWS?
- Why Is Encryption Important for Microservice Architectures?
- Encryption on AWS
- Security Challenges with Key-Based Encryption
- Business Problem
- Brief Overview of Encryption
- AWS Key Management Service
- Basic Encryption Using CMK
- Envelope Encryption
- Envelope Encryption in Action
- Security and AWS KMS
- KMS Contexts and Additional Authenticated Data
- Key Policies
- Grants and ViaService
- KMS grants
- KMS ViaService
- CMK and Its Components and Supported Actions
- Importing key material
- Types of CMK
- Automatic key rotation
- Manual rotation
- Deleting a CMK
- Regions and KMS
- Cost, Complexity, and Regulatory Considerations
- Asymmetric Encryption and KMS
- Encryption and Decryption
- Digital Signing (Sign and Verify)
- Domain-Driven Design and AWS KMS
- Contextual Boundaries and Encryption
- Accounts and Sharing CMK
- KMS and Network Considerations
- KMS Grants Revisited
- KMS Accounts and Topologies: Tying It All Together
- Option 1: Including the CMK Within Bounded Contexts
- Option 2: Using a Purpose-Built Account to Hold the CMK
- AWS Secrets Manager
- How Secrets Manager Works
- Secret Protection in AWS Secrets Manager
- Summary
- 4. Security at Rest
- Data Classification Basics
- Recap of Envelope Encryption Using KMS
- AWS Simple Storage Service
- Encryption on AWS S3
- AWS SSE-S3 (AWS-managed keys)
- AWS SSE-KMS
- AWS SSE-C (client-provided key)
- AWS client-side encryption
- Encryption on AWS S3
- Access Control on Amazon S3 Through S3 Bucket Policies
- Example 1: Enforce server-side encryption on all objects
- Example 2: Require users to have MFA while interacting with AWS S3
- Amazon GuardDuty
- Nonrepudiation Using Glacier Vault Lock
- Security at Rest for Compute Services
- Static Code Analysis Using AWS CodeGuru
- AWS Elastic Container Registry
- Access control
- Encryption at rest
- Image Common Vulnerability and Exposure scanning
- AWS Lambda
- Encryption using CMK
- Encryption using helpers
- AWS Elastic Block Store
- Tying It All Together
- Microservice Database Systems
- AWS DynamoDB
- Access control on AWS DynamoDB
- Encryption on DynamoDB
- AWS DynamoDB
- Amazon Aurora Relational Data Service
- IAM authentication on Amazon Aurora
- Password authentication
- Encryption on Amazon Aurora
- Media Sanitization and Data Deletion
- Summary
- 5. Networking Security
- Networking on AWS
- Controls
- Understanding the Monolith and Microservice Models
- Segmentation and Microservices
- Software-Defined Network Partitions
- Networking on AWS
- Subnetting
- Routing in a Subnet
- Gateways and Subnets
- Public Subnet
- Private Subnet
- Subnets and Availability Zones
- Internet Access for Subnets
- Virtual Private Cloud
- Routing in a VPC
- Microsegmentation at the Network Layer
- Cross-VPC Communication
- VPC Peering
- Tying it all together with VPC peering
- Cost and complexity trade-off with VPC peering
- VPC Peering
- AWS Transit Gateway
- Tying it all together using AWS Transit Gateway
- Cost and complexity trade-off with AWS Transit Gateway
- VPC Endpoints
- Gateway VPC endpoint
- Interface VPC endpoints/VPC endpoint services (using PrivateLink)
- Tying it all together using VPC endpoints
- Cost and complexity trade-off with VPC interface endpoints
- Wrap-Up of Cross-VPC Communication
- Firewall Equivalents on the Cloud
- Security Groups
- Security Group Referencing (Chaining) and Designs
- Properties of Security Groups
- Network Access Control Lists
- Security Groups Versus NACLs
- Containers and Network Security
- Block Instance Metadata Service
- Try to Run Pods in a Private Subnet
- Block Internet Access for Pods Unless Necessary
- Use Encrypted Networking Between Pods
- Lambdas and Network Security
- Summary
- 6. Public-Facing Services
- API-First Design and API Gateway
- AWS API Gateway
- Types of AWS API Gateway Endpoints
- Regional API Gateway endpoint
- Edge-optimized API Gateway endpoint
- Private API Gateway endpoint
- Types of AWS API Gateway Endpoints
- Securing the API Gateway
- API Gateway Integration
- AWS Lambda integrations
- HTTP integration
- VPC links
- Kubernetes microservices and API Gateway
- API Gateway Integration
- Access Control on API Gateway
- IAM authorizer (API-based authorizer)
- AWS Cognito authorizer
- Lambda authorizer
- Infrastructure Security on API Gateway
- Rate limiting
- Mutual TLS
- Cost Considerations While Using AWS API Gateway
- Bastion Host
- Solution
- Static Asset Distribution (Content Distribution Network)
- AWS CloudFront
- CloudFront origins
- Origin Access Identity
- AWS CloudFront
- Signed URLs or Cookies
- Business problem
- Solution
- Signed URLs versus signed cookies
- AWS CloudFront and signed URLs
- Signing a URL using AWS CloudFront
- AWS Lambda@Edge
- Protecting Against Common Attacks on Edge Networks
- AWS Web Application Firewall
- Setting up basic rules using regex and IPs
- Other rules for protecting your application
- Managed and Marketplace rule sets
- AWS Web Application Firewall
- AWS Shield and AWS Shield Advanced
- Microservices and AWS Shield Advanced
- Cost Considerations for Edge Protection
- Summary
- 7. Security in Transit
- Basics of Transport Layer Security
- Digital Signing
- Certificates, Certificate Authority, and Identity Verification
- Certificate agility and the need for certificate agility
- AWS Certificate Manager
- Publicly trusted certificate authorityAmazon Trust Services
- Inner workings of AWS ACM
- Validating domain ownership
- Email validation for domain ownership
- DNS validation
- ACM Private CA
- Basics of Transport Layer Security
- Encryption Using TLS
- TLS Handshake
- Perfect forward secrecy
- TLS Termination and Trade-offs with Microservices
- TLS Offloading and Termination
- AWS Application Load Balancer
- Network load balancers
- CloudFront TLS termination and caching
- Server Name Indication
- TLS Offloading and Termination
- Cost and Complexity Considerations with Encryption in Transit
- Application of TLS in Microservices
- Security in Transit While Using Message Queues (AWS SQS)
- gRPC and Application Load Balancer
- Mutual TLS
- A (Very Brief) Introduction to Service Meshes: A Security Perspective
- Proxies and Sidecars
- App Mesh Components and Terminology
- TLS and App Mesh
- mTLS Revisited
- Trust inside a mesh
- Trust outside a mesh
- AWS App Mesh: Wrap-Up
- Serverless Microservices and Encryption in Transit
- AWS API Gateway and AWS Lambda
- Caching, API Gateway, and Encryption in Transit
- Field-Level Encryption
- Summary
- 8. Security Design for Organizational Complexity
- Organizational Structure and Microservices
- Conways Law
- Single Team Oriented Service Architecture
- Role-Based Access Control
- Privilege Elevation
- AWS Systems Manager run command
- Break-the-Glass
- Permission Boundaries
- Permission Boundaries to Delegate Responsibilities
- Organizational Structure and Microservices
- AWS Accounts Structure for Large Organizations
- AWS Accounts and Teams
- AWS Organizations
- Organizational Units and Service Control Policies
- Organizational units
- Service control policies
- Representation of departmental hierarchy using OUs and SCPs
- Examples of control using SCP
- Example 1: Ensuring proper resource tagging
- Example 2: Ensuring that only a certain type of instance can be run by users of an account
- Purpose-Built Accounts
- AWS Tools for Organizations
- AWS Organizations Best Practices
- AWS Resource Access Manager
- Shared Services Using AWS RAM
- AWS Single Sign-On
- Enforcing Multifactor Authentication in Accounts
- Simplifying a Complex Domain-Driven Organization Using RBAC, SSO, and AWS Organizations
- Summary
- 9. Monitoring and Incident Response
- NIST Incident Response Framework
- Step 1: Design and Preparation
- Architecture for incident control and isolation of blast radius
- Activity logging
- AWS CloudTrail events
- CloudTrail logging
- VPC flow logs
- Application logging using AWS CloudWatch
- Composable monitoring
- CloudWatch namespace
- Monitoring data using CloudWatch
- Step 1: Design and Preparation
- Synthetic monitoring
- Other AWS monitoring and security services
- AWS Systems Manager
- Amazon Macie
- NIST Incident Response Framework
- Step 2: Detection and Analysis
- Precursors to an incident
- AWS EventBridge
- EventBridge event bus
- EventBridge rules
- EventBridge targets
- Step 3: Containment and Isolation
- Possibility 1: Compromised infrastructure
- Possibility 2: Compromised application
- Step 4: Forensic Analysis
- AWS Athena
- Live-box forensics
- Dead-box forensics
- Tools for performing digital forensic analysis
- Run Command
- EventBridge event replay
- Marketplace solutions
- Step 5: Eradication
- Cleanup
- Security posturing
- Step 6: Postincident Activities
- Recovery
- Simulate and iterate
- Securing the Security Infrastructure
- Securing a CloudTrail
- Encrypting a trail
- Log validation
- Securing a CloudTrail
- Purpose-Built Accounts
- Summary
- A. Terraform Cloud in Five Minutes
- Setup
- Creating Your Workspace
- Adding AWS Access and Secret Key
- Setup
- Terraform Process
- Providers
- State
- Plans
- Apply
- Writing Your Terraform Infrastructure as Code
- Root Module and Folder Structure
- Input Variables
- Resources
- Running and Applying Your Plan
- B. Example of a SAML Identity Provider for AWS
- A Hands-On Example of a Federated Identity Setup
- Step 1: Configure Your IdP
- Step 2: Export Metadata to Be Imported into AWS Account
- Step 3: Add Your SAML IdP as a Trusted IdP
- Step 4: Create a Role That Your Federated Users Can Assume to Interact with Your AWS Account
- Step 5: Control Access to Multiple Roles Using Custom Attributes Within the IdP
- A Hands-On Example of a Federated Identity Setup
- Summary
- C. Hands-On Encryption with AWS KMS
- Basic Encryption Using the CMK
- Basic Decryption Using the CMK
- Envelope Encryption Using the CMK
- Decrypting an Envelope Encrypted Message
- D. A Hands-On Example of Applying the Principle of Least Privilege
- Step 1: Create an AWS IAM Policy for Your Task
- Step 2: Define the Service, Actions, and Effect Parameters of an IAM Policy
- Step 3: Define the Resource
- Step 4: Request Conditions
- Step 5: Confirm the Resulting Policy
- Step 6: Save the Policy
- Step 7: Attach the Policy to a Principal
- Summary
- Index
O'Reilly Media - inne książki
-
Software as a service (SaaS) is on the path to becoming the de facto model for building, delivering, and operating software solutions. Adopting a multi-tenant SaaS model requires builders to take on a broad range of new architecture, implementation, and operational challenges. How data is partiti...(237.15 zł najniższa cena z 30 dni)
245.65 zł
289.00 zł(-15%) -
Great engineers don't necessarily make great leaders—at least, not without a lot of work. Finding your path to becoming a strong leader is often fraught with challenges. It's not easy to figure out how to be strategic, successful, and considerate while also being firm. Whether you're on the...(118.15 zł najniższa cena z 30 dni)
126.65 zł
149.00 zł(-15%) -
Data science happens in code. The ability to write reproducible, robust, scaleable code is key to a data science project's success—and is absolutely essential for those working with production code. This practical book bridges the gap between data science and software engineering,and clearl...(211.65 zł najniższa cena z 30 dni)
220.15 zł
259.00 zł(-15%) -
With the massive adoption of microservices, operators and developers face far more complexity in their applications today. Service meshes can help you manage this problem by providing a unified control plane to secure, manage, and monitor your entire network. This practical guide shows you how th...(194.65 zł najniższa cena z 30 dni)
211.65 zł
249.00 zł(-15%) -
Get practical advice on how to leverage AI development tools for all stages of code creation, including requirements, planning, design, coding, debugging, testing, and documentation. With this book, beginners and experienced developers alike will learn how to use a wide range of tools, from gener...(164.25 zł najniższa cena z 30 dni)
186.15 zł
219.00 zł(-15%) -
Rust's popularity is growing, due in part to features like memory safety, type safety, and thread safety. But these same elements can also make learning Rust a challenge, even for experienced programmers. This practical guide helps you make the transition to writing idiomatic Rust—while als...(164.25 zł najniższa cena z 30 dni)
186.15 zł
219.00 zł(-15%) -
Advance your Power BI skills by adding AI to your repertoire at a practice level. With this practical book, business-oriented software engineers and developers will learn the terminologies, practices, and strategy necessary to successfully incorporate AI into your business intelligence estate. Je...(211.65 zł najniższa cena z 30 dni)
220.15 zł
259.00 zł(-15%) -
Microservices can be a very effective approach for delivering value to your organization and to your customers. If you get them right, microservices help you to move fast by making changes to small parts of your system hundreds of times a day. But if you get them wrong, microservices will just ma...(203.15 zł najniższa cena z 30 dni)
211.65 zł
249.00 zł(-15%) -
JavaScript gives web developers great power to create rich interactive browser experiences, and much of that power is provided by the browser itself. Modern web APIs enable web-based applications to come to life like never before, supporting actions that once required browser plug-ins. Some are s...(186.15 zł najniższa cena z 30 dni)
186.15 zł
219.00 zł(-15%) -
How will software development and operations have to change to meet the sustainability and green needs of the planet? And what does that imply for development organizations? In this eye-opening book, sustainable software advocates Anne Currie, Sarah Hsu, and Sara Bergman provide a unique overview...(169.14 zł najniższa cena z 30 dni)
169.14 zł
199.00 zł(-15%)
Dzieki opcji "Druk na żądanie" do sprzedaży wracają tytuły Grupy Helion, które cieszyły sie dużym zainteresowaniem, a których nakład został wyprzedany.
Dla naszych Czytelników wydrukowaliśmy dodatkową pulę egzemplarzy w technice druku cyfrowego.
Co powinieneś wiedzieć o usłudze "Druk na żądanie":
- usługa obejmuje tylko widoczną poniżej listę tytułów, którą na bieżąco aktualizujemy;
- cena książki może być wyższa od początkowej ceny detalicznej, co jest spowodowane kosztami druku cyfrowego (wyższymi niż koszty tradycyjnego druku offsetowego). Obowiązująca cena jest zawsze podawana na stronie WWW książki;
- zawartość książki wraz z dodatkami (płyta CD, DVD) odpowiada jej pierwotnemu wydaniu i jest w pełni komplementarna;
- usługa nie obejmuje książek w kolorze.
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka, którą chcesz zamówić pochodzi z końcówki nakładu. Oznacza to, że mogą się pojawić drobne defekty (otarcia, rysy, zagięcia).
Co powinieneś wiedzieć o usłudze "Końcówka nakładu":
- usługa obejmuje tylko książki oznaczone tagiem "Końcówka nakładu";
- wady o których mowa powyżej nie podlegają reklamacji;
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka drukowana
Oceny i opinie klientów: Security and Microservice Architecture on AWS Gaurav Raje (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.