DevSecOps Notes

https://blog.agchapman.com/using-variables-in-docker-compose-files/

portal.azure.com free services region resiliency and availabity : - vm in multiple regions -availabity set - 2 or more vm which share common power source and network switch are distributed across four domains (?) - in case of hardware fail -availabity zones - few geograicly (?) separate availability sets -paired regions - using traffic manager ; multiregion (synchronic db within region, asyn across region) Subscription (account) -(def) an agreement with Microsoft to use one or more cloud platforms or services -organisations can have multiple Azure subscriptions -subscriptions integrate with Azure AD -Azure resources will reside within a subscription -trial subscritpion (what we just created) Azure Resource Manager -underlying service for deploying and managing resources in Azure -key terminology: *resources (ex. vm, db etc) *resource groups *resource providers *resource manager template (iaac in json) Compute 1) VM -Windows and Linux Virtual Machine on De...

https://medium.com/@philippholly/aws-lambda-enable-outgoing-internet-access-within-vpc-8dd250e11e12

https://bjornjohansen.no/restrict-allowed-http-methods-in-nginx https://bjornjohansen.no/redirect-to-https-with-nginx How to Use Nginx Service Mesh for Traffic Splitting ? https://docs.nginx.com/nginx-service-mesh/tutorials/trafficsplit-deployments/ - nginx-meshshell top nginx-meshshell top deployment/hello-worls how to make Kubernetes more resilient with advanced traffic management http://bit.ly/resilient-K8s-blog

https://lollyrock.com/articles/inspec-terraform/

https://www.nginx.com/blog/lets-encrypt-tls-nginx/

https://www.cloudibee.com/disabling-tls-1-0-on-nginx/

https://blog.apptension.com/2018/07/11/setup-software-deployment/

https://www.magnusdelta.com/blog/2017/9/16/thephoenixprojectsummary

https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/s3-examples.html

Content Delivery Network (CDN) : -   distribute your content to multiple geographic locations and to serve it up to your users in the most optimal way possible -  lets you reduce the number of requests your web servers need to handle CloudFront: -  There are numerous CDN services available but I find  CloudFront  is a simple and inexpensive option that can suit the needs of many sites and applications. -  Can’t I just use  S3  to host my static assets?  While it is certainly possible, this is not ideal. S3 was really designed and optimized for storage and not for distribution. You can use S3 as an origin for your CloudFront distribution but you should avoid serving your assets directly from S3. - Source: 1)  https://ryaneschinger.com/blog/using-cloudfront-to-speed-up-your-rails-application/ 2) https://aws.amazon.com/blogs/developer/caching-the-rails-asset-pipeline-with-amazon-cloudfront/ 3) https://medium.com/@tra...

https://www.howtogeek.com/168145/how-to-use-ssh-tunneling/ ssh -L 9000:db_ip:22 deploy@web_ip to odpalasz na swoim kompie nie na serwerze

a) Overview /etc/init.d/nginx restart will restart nginx as will service nginx restart b) Nginx Instance Manager sudo yum install nginx-manager sudo systemctl status nginx-manager Inventory Inventory scan  Analyzer swagger api metrics prometheus & graphana c) 

https://www.cyberciti.biz/faq/how-to-open-firewall-port-on-ubuntu-linux-12-04-14-04-lts/ https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-16-04

https://seanmcgary.com/posts/deploying-a-nodejs-application-using-docker/

Redis -manual and automatic snapshots -provides presistence storage and is a replament for DB) Memcached -purely a caching solution and uses DB as the origin of the data) Steps required to migrate the app to use ElastiCached with minimal changes -update the config file with endpoint to use Amazon ElastiCached cluster -configure a SG to allow access from the app servers Redis -> provides natve functions that simply the deveroment of leader bords Memcached -> it is to more defficule to sort and rank large dataset Redshift and S3 - are not designed for high volumes of small reades and writes, typical  to mobile .... Expanding web fleet and cache fleet multiple times over the next year to accomodate increased user traffic. How do you minimaze the amount of changes required when scaling event occures? Configure AutoDiscovery on the client side. When the clients are configured to use AutoDiscovery, they discover  new cache nodes as they a...

AWS CloudFront Characteristics: 1) Zone Apex - Route 53 Alias record mapping to CloudFront distribution 2) Wildcard CNAME - support subdomains 3) SSL  - supports wildcard SSL certificates -Dedicated IP Custom SSL -SNI Custom SSL 4) Distribution Types -Web Distributions -RTMP Distributions Distribution - This is the name given the CDN which consists of a collection of Edge Location 5) Geo Restriction: -Whitelist or blacklist countries -Blacklisted countries see 403 error -Custom error pages -Console or API 6) HTTP Methods -GET, PUT, POST, PATCH, DELETE and OPTIONS -Does not cache responses for PUT, POST, PATCH or DELETE 7) Origin This is the origin of all files that the CDN will distribute. This can be either an -S3 Bucket -EC2 Instance -Elastic Load Balancer -Route53 Origin Access Identifiers multiple origin multiple cache behaviors -> allow serve, static & dynamic contenst from the same distribution Default TTL 24h

RDS RI 1) DB engine 2) DB instance class 3) Deployment type 4) License model 5) Region