Securing your AWS Deployments with Spinnaker and Armory Enterprise
0 likes241 views
The document discusses securing AWS deployments using Spinnaker and Armory Enterprise, highlighting key services like Amazon ECS, Lambda, and EKS. It emphasizes the need for consistent policy enforcement and best practices during deployment to ensure operational efficiency and collaboration. The content also addresses challenges in managing visibility and compliance within deployment processes.
![Codify Your Policies
apiVersion: v1
data:
policyapp-runtime-lb22.rego: >
# The package maps to the task you want to create a policy for.
package spinnaker.deployment.tasks.before.deployManifest
deny[msg] {
msg := "LoadBalancer Services must not have port 22 open."
manifests := input.deploy.manifests
manifest := manifests[_]
manifest.kind == "Service"
manifest.spec.type == "ClusterIP"
port := manifest.spec.ports[_]
port.port == 22
}
kind: ConfigMap
metadata:
labels:
group: demo
type: runtime
name: policyapp-runtime-lb22
namespace: opa](https://image.slidesharecdn.com/securingyourawsdeployments-200917183110/85/Securing-your-AWS-Deployments-with-Spinnaker-and-Armory-Enterprise-18-320.jpg)
Securing your AWS Deployments with Spinnaker and Armory Enterprise
- 1. Securing Your AWS Deployments Paul Roberts, Principal Solutions Architect rbpa@amazon.com Lee Faus, Field CTO lee.faus@armory.com With Spinnaker and Armory Enterprise
- 2. Why Did AWS Get Involved? Go where the developers are Amazon Elastic Container Service AWS Lambda Amazon Elastic Kubernetes Service AWS Fargate Amazon EC2
- 3. Amazon Elastic Container Service AWS Lambda Amazon Elastic Kubernetes Service AWS Fargate Amazon EC2
- 7. EKS Integration Scaling EKS Apps with Spinnaker
- 10. Building a Software Factory
- 11. Shipping from the Factory
- 16. Change & Security Reviews
- 17. People, Process and Tools Rules
- 18. Codify Your Policies apiVersion: v1 data: policyapp-runtime-lb22.rego: > # The package maps to the task you want to create a policy for. package spinnaker.deployment.tasks.before.deployManifest deny[msg] { msg := "LoadBalancer Services must not have port 22 open." manifests := input.deploy.manifests manifest := manifests[_] manifest.kind == "Service" manifest.spec.type == "ClusterIP" port := manifest.spec.ports[_] port.port == 22 } kind: ConfigMap metadata: labels: group: demo type: runtime name: policyapp-runtime-lb22 namespace: opa
- 20. Policy Status in Non-Production
- 21. Training Wheels for Safe Delivery
- 23. Enabling Cloud Migration Best Practices
- 24. Nesting Doll Effect AMAZON WEB SERVICES COMPANY A PROJECT 1 APPLICATION Z NON-PRODUCTION PRODUCTION
- 26. IaaC, CI, CD, GitOps, oh my
- 27. Reasonable Defaults With Spinnaker you can define defaults at the application level allowing teams to focus on deployments, not operational best practices.
- 28. Consistent Deployments When using the cloud as a platform, it is imperative to have consistent best practices enforced at deploy time. Benefits include: • Easier transition between teams • Faster time to resolution • Higher uptime • More time focused on strategic work • Transparency on enforcement • Collaboration to manage drift
- 29. Questions?