- Ocena:
- Bądź pierwszym, który oceni tę książkę
- Stron:
- 396
- Dostępne formaty:
-
ePubMobi
Opis ebooka: Security and Microservice Architecture on AWS
Security is usually an afterthought when organizations design microservices for cloud systems. Most companies today are exposed to potential security threats, but their responses are often more reactive than proactive. This leads to unnecessarily complicated systems that are hard to implement and even harder to manage and scale. Author Gaurav Raje shows you how to build highly secure systems on AWS without increasing overhead.
Ideal for cloud solution architects and software developers with AWS experience, this practical book starts with a high-level architecture and design discussion, then explains how to implement your solution in the cloud while ensuring that the development and operational experience isn't compromised. By leveraging the AWS Shared Responsibility Model, you'll be able to:
- Develop a modular architecture using microservices that aims to simplify compliance with various regulations in finance, medicine, and legal services
- Introduce various AWS-based security controls to help protect your microservices from malicious actors
- Leverage the modularity of the architecture to independently scale security mechanisms on individual microservices
- Improve the security posture without compromising the autonomy or efficiency of software development teams
Wybrane bestsellery
-
Ta książka będzie świetnym uzupełnieniem wiedzy o Flutterze i Darcie, sprawdzi się również jako wsparcie podczas rozwiązywania konkretnych problemów. Znalazło się tu ponad sto receptur, dzięki którym poznasz tajniki pisania efektywnego kodu, korzystania z narzędzi udostępnianych przez framework F...
Flutter i Dart. Receptury. Tworzenie chmurowych aplikacji full stack Flutter i Dart. Receptury. Tworzenie chmurowych aplikacji full stack
(41.40 zł najniższa cena z 30 dni)48.30 zł
69.00 zł(-30%) -
Czy chcesz szybko i skutecznie opanować podstawy Microsoft Azure, zrozumieć jego architekturę i możliwości? W takim razie to książka dla Ciebie! Czy chcesz nauczyć się, jak wdrażać, zarządzać i skalować aplikacje w chmurze Azure, nie tracąc przy tym cennego czasu? W takim razie to książka dla C...
Azure w 1 dzień. Microsoft Azure od podstaw po zaawansowane techniki Azure w 1 dzień. Microsoft Azure od podstaw po zaawansowane techniki
-
Unlock the power of Azure data engineering with this certification guide, elevating your skills in data processing, storage, and security with the help of practical insights, hands-on exercises, and the latest advancements.
Azure Data Engineer Associate Certification Guide. Ace the DP-203 exam with advanced data engineering skills - Second Edition Azure Data Engineer Associate Certification Guide. Ace the DP-203 exam with advanced data engineering skills - Second Edition
(121.68 zł najniższa cena z 30 dni) -
Become a Prometheus master with this guide that takes you from the fundamentals to advanced deployment in no time. Equipped with practical knowledge of Prometheus and its ecosystem, you’ll learn when, why, and how to scale it to meet your needs.
Mastering Prometheus. Gain expert tips to monitoring your infrastructure, applications, and services Mastering Prometheus. Gain expert tips to monitoring your infrastructure, applications, and services
(100.08 zł najniższa cena z 30 dni) -
This Google Cloud Digital Leader Certification guide is your gateway to the latest cloud technologies as it equips toy with industry knowledge, foundational tech insights, and real-world use cases for a strong start in your learning journey.
Google Cloud Digital Leader Certification Guide. A comprehensive study guide to Google Cloud concepts and technologies Google Cloud Digital Leader Certification Guide. A comprehensive study guide to Google Cloud concepts and technologies
-
OpenTelemetry is a revolution in observability data. Instead of running multiple uncoordinated pipelines, OpenTelemetry provides users with a single integrated stream of data, providing multiple sources of high-quality telemetry data: tracing, metrics, logs, RUM, eBPF, and more. This practical gu...(143.65 zł najniższa cena z 30 dni)
152.15 zł
179.00 zł(-15%)
Ebooka "Security and Microservice Architecture on AWS" przeczytasz na:
-
czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
-
systemach Windows, MacOS i innych
-
systemach Windows, Android, iOS, HarmonyOS
-
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi
Masz pytania? Zajrzyj do zakładki Pomoc »
Audiobooka "Security and Microservice Architecture on AWS" posłuchasz:
-
w aplikacji Ebookpoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych
-
na dowolnych urządzeniach i aplikacjach obsługujących format MP3 (pliki spakowane w ZIP)
Masz pytania? Zajrzyj do zakładki Pomoc »
Kurs Video "Security and Microservice Architecture on AWS" zobaczysz:
-
w aplikacjach Ebookpoint i Videopoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych z dostępem do najnowszej wersji Twojej przeglądarki internetowej
Szczegóły ebooka
- ISBN Ebooka:
- 978-10-981-0142-8, 9781098101428
- Data wydania ebooka:
- 2021-09-08 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
- Język publikacji:
- angielski
- Rozmiar pliku ePub:
- 16.5MB
- Rozmiar pliku Mobi:
- 26.8MB
Spis treści ebooka
- Preface
- Goals of This Book
- Who Should Use This Book
- Conventions Used in This Book
- Using Code Examples
- OReilly Online Learning
- How to Contact Us
- Acknowledgments
- 1. Introduction to Cloud Microservices
- Basics of Cloud Information Security
- Risk and Security Controls
- Organizational Security Policy
- Security Incidents and the CIA Triad
- AWS Shared Responsibility Model
- Basics of Cloud Information Security
- Cloud Architecture and Security
- Security Through Modularity
- Security Through Simplicity
- Security Through Fully Managed AWS Services
- Blast Radius, Isolation, and the Locked Rooms Analogy
- Defense-in-Depth and Security
- Security Through Perimeter Protection
- Security Through Zero Trust Architecture
- A Brief Introduction to Software Architecture
- Tier-Based Architecture
- Domain-Driven Design
- Microservices
- Implementation of Microservices on AWS
- Container-Based Microservice Architecture
- A Very Brief Introduction to Kubernetes
- Function as a Service: FaaS Using AWS Lambda
- Overview of Cloud Microservice Implementation
- Amazon EKS
- Amazon EKS Fargate Mode
- Function as a Service Using AWS Lambda
- Microservice Implementation Summary
- Examples of Microservice Communication Patterns
- Example 1: Simple Message Passing Between Contexts
- Example 2: Message Queues
- Example 3: Event-Based Microservices
- Summary
- 2. Authorization and Authentication Basics
- Basics of AWS Identity and Access Management
- Principals on AWS
- IAM Policies
- Principle of Least Privilege
- PoLP and Blast Radius
- Structure of AWS IAM Policies
- Principal-Based Policies
- Resource-Based Policies
- The Zone of Trust
- Evaluation of Policies
- Basics of AWS Identity and Access Management
- Advanced Concepts in AWS IAM Policies
- IAM Policy Conditions
- AWS Tags and Attribute-Based Access Control
- Not Policy Elements: NotPrincipal and NotResource
- Wrapping Up IAM Policies
- Role-Based Access Control
- RBAC Modeling
- Securing Roles
- Assuming Roles
- Assume Roles Using the AWS Command-Line Interface (CLI)
- Switching Roles Using AWS Management Console
- Service-Linked Role
- Authentication and Identity Management
- Basics of Authentication
- Identity Federation on AWS
- Identity Federation Using SAML 2.0 and OpenID Connect
- RBAC and Microservices
- Execution Roles
- RBAC with AWS Lambda
- RBAC with EC2 and the Instance Metadata Service
- RBAC with Amazon EKS Using IAM Roles for Service Accounts
- Summary
- 3. Foundations of Encryption
- Brief Overview of Encryption
- Why Is Encryption Important on AWS?
- Why Is Encryption Important for Microservice Architectures?
- Encryption on AWS
- Security Challenges with Key-Based Encryption
- Business Problem
- Brief Overview of Encryption
- AWS Key Management Service
- Basic Encryption Using CMK
- Envelope Encryption
- Envelope Encryption in Action
- Security and AWS KMS
- KMS Contexts and Additional Authenticated Data
- Key Policies
- Grants and ViaService
- KMS grants
- KMS ViaService
- CMK and Its Components and Supported Actions
- Importing key material
- Types of CMK
- Automatic key rotation
- Manual rotation
- Deleting a CMK
- Regions and KMS
- Cost, Complexity, and Regulatory Considerations
- Asymmetric Encryption and KMS
- Encryption and Decryption
- Digital Signing (Sign and Verify)
- Domain-Driven Design and AWS KMS
- Contextual Boundaries and Encryption
- Accounts and Sharing CMK
- KMS and Network Considerations
- KMS Grants Revisited
- KMS Accounts and Topologies: Tying It All Together
- Option 1: Including the CMK Within Bounded Contexts
- Option 2: Using a Purpose-Built Account to Hold the CMK
- AWS Secrets Manager
- How Secrets Manager Works
- Secret Protection in AWS Secrets Manager
- Summary
- 4. Security at Rest
- Data Classification Basics
- Recap of Envelope Encryption Using KMS
- AWS Simple Storage Service
- Encryption on AWS S3
- AWS SSE-S3 (AWS-managed keys)
- AWS SSE-KMS
- AWS SSE-C (client-provided key)
- AWS client-side encryption
- Encryption on AWS S3
- Access Control on Amazon S3 Through S3 Bucket Policies
- Example 1: Enforce server-side encryption on all objects
- Example 2: Require users to have MFA while interacting with AWS S3
- Amazon GuardDuty
- Nonrepudiation Using Glacier Vault Lock
- Security at Rest for Compute Services
- Static Code Analysis Using AWS CodeGuru
- AWS Elastic Container Registry
- Access control
- Encryption at rest
- Image Common Vulnerability and Exposure scanning
- AWS Lambda
- Encryption using CMK
- Encryption using helpers
- AWS Elastic Block Store
- Tying It All Together
- Microservice Database Systems
- AWS DynamoDB
- Access control on AWS DynamoDB
- Encryption on DynamoDB
- AWS DynamoDB
- Amazon Aurora Relational Data Service
- IAM authentication on Amazon Aurora
- Password authentication
- Encryption on Amazon Aurora
- Media Sanitization and Data Deletion
- Summary
- 5. Networking Security
- Networking on AWS
- Controls
- Understanding the Monolith and Microservice Models
- Segmentation and Microservices
- Software-Defined Network Partitions
- Networking on AWS
- Subnetting
- Routing in a Subnet
- Gateways and Subnets
- Public Subnet
- Private Subnet
- Subnets and Availability Zones
- Internet Access for Subnets
- Virtual Private Cloud
- Routing in a VPC
- Microsegmentation at the Network Layer
- Cross-VPC Communication
- VPC Peering
- Tying it all together with VPC peering
- Cost and complexity trade-off with VPC peering
- VPC Peering
- AWS Transit Gateway
- Tying it all together using AWS Transit Gateway
- Cost and complexity trade-off with AWS Transit Gateway
- VPC Endpoints
- Gateway VPC endpoint
- Interface VPC endpoints/VPC endpoint services (using PrivateLink)
- Tying it all together using VPC endpoints
- Cost and complexity trade-off with VPC interface endpoints
- Wrap-Up of Cross-VPC Communication
- Firewall Equivalents on the Cloud
- Security Groups
- Security Group Referencing (Chaining) and Designs
- Properties of Security Groups
- Network Access Control Lists
- Security Groups Versus NACLs
- Containers and Network Security
- Block Instance Metadata Service
- Try to Run Pods in a Private Subnet
- Block Internet Access for Pods Unless Necessary
- Use Encrypted Networking Between Pods
- Lambdas and Network Security
- Summary
- 6. Public-Facing Services
- API-First Design and API Gateway
- AWS API Gateway
- Types of AWS API Gateway Endpoints
- Regional API Gateway endpoint
- Edge-optimized API Gateway endpoint
- Private API Gateway endpoint
- Types of AWS API Gateway Endpoints
- Securing the API Gateway
- API Gateway Integration
- AWS Lambda integrations
- HTTP integration
- VPC links
- Kubernetes microservices and API Gateway
- API Gateway Integration
- Access Control on API Gateway
- IAM authorizer (API-based authorizer)
- AWS Cognito authorizer
- Lambda authorizer
- Infrastructure Security on API Gateway
- Rate limiting
- Mutual TLS
- Cost Considerations While Using AWS API Gateway
- Bastion Host
- Solution
- Static Asset Distribution (Content Distribution Network)
- AWS CloudFront
- CloudFront origins
- Origin Access Identity
- AWS CloudFront
- Signed URLs or Cookies
- Business problem
- Solution
- Signed URLs versus signed cookies
- AWS CloudFront and signed URLs
- Signing a URL using AWS CloudFront
- AWS Lambda@Edge
- Protecting Against Common Attacks on Edge Networks
- AWS Web Application Firewall
- Setting up basic rules using regex and IPs
- Other rules for protecting your application
- Managed and Marketplace rule sets
- AWS Web Application Firewall
- AWS Shield and AWS Shield Advanced
- Microservices and AWS Shield Advanced
- Cost Considerations for Edge Protection
- Summary
- 7. Security in Transit
- Basics of Transport Layer Security
- Digital Signing
- Certificates, Certificate Authority, and Identity Verification
- Certificate agility and the need for certificate agility
- AWS Certificate Manager
- Publicly trusted certificate authorityAmazon Trust Services
- Inner workings of AWS ACM
- Validating domain ownership
- Email validation for domain ownership
- DNS validation
- ACM Private CA
- Basics of Transport Layer Security
- Encryption Using TLS
- TLS Handshake
- Perfect forward secrecy
- TLS Termination and Trade-offs with Microservices
- TLS Offloading and Termination
- AWS Application Load Balancer
- Network load balancers
- CloudFront TLS termination and caching
- Server Name Indication
- TLS Offloading and Termination
- Cost and Complexity Considerations with Encryption in Transit
- Application of TLS in Microservices
- Security in Transit While Using Message Queues (AWS SQS)
- gRPC and Application Load Balancer
- Mutual TLS
- A (Very Brief) Introduction to Service Meshes: A Security Perspective
- Proxies and Sidecars
- App Mesh Components and Terminology
- TLS and App Mesh
- mTLS Revisited
- Trust inside a mesh
- Trust outside a mesh
- AWS App Mesh: Wrap-Up
- Serverless Microservices and Encryption in Transit
- AWS API Gateway and AWS Lambda
- Caching, API Gateway, and Encryption in Transit
- Field-Level Encryption
- Summary
- 8. Security Design for Organizational Complexity
- Organizational Structure and Microservices
- Conways Law
- Single Team Oriented Service Architecture
- Role-Based Access Control
- Privilege Elevation
- AWS Systems Manager run command
- Break-the-Glass
- Permission Boundaries
- Permission Boundaries to Delegate Responsibilities
- Organizational Structure and Microservices
- AWS Accounts Structure for Large Organizations
- AWS Accounts and Teams
- AWS Organizations
- Organizational Units and Service Control Policies
- Organizational units
- Service control policies
- Representation of departmental hierarchy using OUs and SCPs
- Examples of control using SCP
- Example 1: Ensuring proper resource tagging
- Example 2: Ensuring that only a certain type of instance can be run by users of an account
- Purpose-Built Accounts
- AWS Tools for Organizations
- AWS Organizations Best Practices
- AWS Resource Access Manager
- Shared Services Using AWS RAM
- AWS Single Sign-On
- Enforcing Multifactor Authentication in Accounts
- Simplifying a Complex Domain-Driven Organization Using RBAC, SSO, and AWS Organizations
- Summary
- 9. Monitoring and Incident Response
- NIST Incident Response Framework
- Step 1: Design and Preparation
- Architecture for incident control and isolation of blast radius
- Activity logging
- AWS CloudTrail events
- CloudTrail logging
- VPC flow logs
- Application logging using AWS CloudWatch
- Composable monitoring
- CloudWatch namespace
- Monitoring data using CloudWatch
- Step 1: Design and Preparation
- Synthetic monitoring
- Other AWS monitoring and security services
- AWS Systems Manager
- Amazon Macie
- NIST Incident Response Framework
- Step 2: Detection and Analysis
- Precursors to an incident
- AWS EventBridge
- EventBridge event bus
- EventBridge rules
- EventBridge targets
- Step 3: Containment and Isolation
- Possibility 1: Compromised infrastructure
- Possibility 2: Compromised application
- Step 4: Forensic Analysis
- AWS Athena
- Live-box forensics
- Dead-box forensics
- Tools for performing digital forensic analysis
- Run Command
- EventBridge event replay
- Marketplace solutions
- Step 5: Eradication
- Cleanup
- Security posturing
- Step 6: Postincident Activities
- Recovery
- Simulate and iterate
- Securing the Security Infrastructure
- Securing a CloudTrail
- Encrypting a trail
- Log validation
- Securing a CloudTrail
- Purpose-Built Accounts
- Summary
- A. Terraform Cloud in Five Minutes
- Setup
- Creating Your Workspace
- Adding AWS Access and Secret Key
- Setup
- Terraform Process
- Providers
- State
- Plans
- Apply
- Writing Your Terraform Infrastructure as Code
- Root Module and Folder Structure
- Input Variables
- Resources
- Running and Applying Your Plan
- B. Example of a SAML Identity Provider for AWS
- A Hands-On Example of a Federated Identity Setup
- Step 1: Configure Your IdP
- Step 2: Export Metadata to Be Imported into AWS Account
- Step 3: Add Your SAML IdP as a Trusted IdP
- Step 4: Create a Role That Your Federated Users Can Assume to Interact with Your AWS Account
- Step 5: Control Access to Multiple Roles Using Custom Attributes Within the IdP
- A Hands-On Example of a Federated Identity Setup
- Summary
- C. Hands-On Encryption with AWS KMS
- Basic Encryption Using the CMK
- Basic Decryption Using the CMK
- Envelope Encryption Using the CMK
- Decrypting an Envelope Encrypted Message
- D. A Hands-On Example of Applying the Principle of Least Privilege
- Step 1: Create an AWS IAM Policy for Your Task
- Step 2: Define the Service, Actions, and Effect Parameters of an IAM Policy
- Step 3: Define the Resource
- Step 4: Request Conditions
- Step 5: Confirm the Resulting Policy
- Step 6: Save the Policy
- Step 7: Attach the Policy to a Principal
- Summary
- Index
O'Reilly Media - inne książki
-
JavaScript gives web developers great power to create rich interactive browser experiences, and much of that power is provided by the browser itself. Modern web APIs enable web-based applications to come to life like never before, supporting actions that once required browser plug-ins. Some are s...(177.65 zł najniższa cena z 30 dni)
186.15 zł
219.00 zł(-15%) -
How will software development and operations have to change to meet the sustainability and green needs of the planet? And what does that imply for development organizations? In this eye-opening book, sustainable software advocates Anne Currie, Sarah Hsu, and Sara Bergman provide a unique overview...(160.65 zł najniższa cena z 30 dni)
177.65 zł
209.00 zł(-15%) -
Interested in developing embedded systems? Since they don't tolerate inefficiency, these systems require a disciplined approach to programming. This easy-to-read guide helps you cultivate good development practices based on classic software design patterns and new patterns unique to embedded prog...(152.15 zł najniższa cena z 30 dni)
160.65 zł
189.00 zł(-15%) -
If you use Linux in your day-to-day work, then Linux Pocket Guide is the perfect on-the-job reference. This thoroughly updated 20th anniversary edition explains more than 200 Linux commands, including new commands for file handling, package management, version control, file format conversions, an...(92.65 zł najniższa cena z 30 dni)
101.15 zł
119.00 zł(-15%) -
Gain the valuable skills and techniques you need to accelerate the delivery of machine learning solutions. With this practical guide, data scientists, ML engineers, and their leaders will learn how to bridge the gap between data science and Lean product delivery in a practical and simple way. Dav...(245.65 zł najniższa cena z 30 dni)
254.15 zł
299.00 zł(-15%) -
This practical book provides a detailed explanation of the zero trust security model. Zero trust is a security paradigm shift that eliminates the concept of traditional perimeter-based security and requires you to "always assume breach" and "never trust but always verify." The updated edition off...(203.15 zł najniższa cena z 30 dni)
211.65 zł
249.00 zł(-15%) -
Decentralized finance (DeFi) is a rapidly growing field in fintech, having grown from $700 million to $100 billion over the past three years alone. But the lack of reliable information makes this area both risky and murky. In this practical book, experienced securities attorney Alexandra Damsker ...(203.15 zł najniższa cena z 30 dni)
211.65 zł
249.00 zł(-15%) -
Whether you're a startup founder trying to disrupt an industry or an entrepreneur trying to provoke change from within, your biggest challenge is creating a product people actually want. Lean Analytics steers you in the right direction.This book shows you how to validate your initial idea, find t...(126.65 zł najniższa cena z 30 dni)
126.65 zł
149.00 zł(-15%) -
When it comes to building user interfaces on the web, React enables web developers to unlock a new world of possibilities. This practical book helps you take a deep dive into fundamental concepts of this JavaScript library, including JSX syntax and advanced patterns, the virtual DOM, React reconc...(194.65 zł najniższa cena z 30 dni)
211.65 zł
249.00 zł(-15%) -
If programming is magic, then web scraping is surely a form of wizardry. By writing a simple automated program, you can query web servers, request data, and parse it to extract the information you need. This thoroughly updated third edition not only introduces you to web scraping but also serves ...(203.15 zł najniższa cena z 30 dni)
211.65 zł
249.00 zł(-15%)
Dzieki opcji "Druk na żądanie" do sprzedaży wracają tytuły Grupy Helion, które cieszyły sie dużym zainteresowaniem, a których nakład został wyprzedany.
Dla naszych Czytelników wydrukowaliśmy dodatkową pulę egzemplarzy w technice druku cyfrowego.
Co powinieneś wiedzieć o usłudze "Druk na żądanie":
- usługa obejmuje tylko widoczną poniżej listę tytułów, którą na bieżąco aktualizujemy;
- cena książki może być wyższa od początkowej ceny detalicznej, co jest spowodowane kosztami druku cyfrowego (wyższymi niż koszty tradycyjnego druku offsetowego). Obowiązująca cena jest zawsze podawana na stronie WWW książki;
- zawartość książki wraz z dodatkami (płyta CD, DVD) odpowiada jej pierwotnemu wydaniu i jest w pełni komplementarna;
- usługa nie obejmuje książek w kolorze.
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka, którą chcesz zamówić pochodzi z końcówki nakładu. Oznacza to, że mogą się pojawić drobne defekty (otarcia, rysy, zagięcia).
Co powinieneś wiedzieć o usłudze "Końcówka nakładu":
- usługa obejmuje tylko książki oznaczone tagiem "Końcówka nakładu";
- wady o których mowa powyżej nie podlegają reklamacji;
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka drukowana
Oceny i opinie klientów: Security and Microservice Architecture on AWS Gaurav Raje (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.