DevSecOps Notes

1. Overview - AWS CloudTrail -Track activity across teams, accoundts and organizations in one place, in a consistent format -Explore acitivity using a single set of tools, and respond to activity in minutes. -As AWS innovates, new services and features are covered automatically. 2. With CloudTrail you can ... a) Simplify compliance workflows -Keep track of API usage in a single location, simplifying audit and compliance processes b) Enhance security analysis -Perform security analysis and  detect user behavior patterns across services, users, and accounts c) Monitor data exfiltration risks  -Stay alert to data exfiltration risk by collecting activity data on Azmaon Simple Storage Service (Amazon S3) objects through object-level API events d) Perform operational troubleshooting - Simplify root cause analysis using CloudTrail events, to reduce time to resolution 3. CloudTrails Events - integrated with over 130 AWS services -Automatically gather usage a...

1. Cloud Concepts Windows update - first microsoft cloud service 1995 key consepts -high availbility - share responsibility -scalability -elasticy - dynamic scalicbility -agility -fault tolerance - responsibility of Azure -disaster recovery -global reach -prodictive cost estimation - consumaption base -customer  ... -security (DDOS attack - free DDOS protection , on by default) -Economic of scale (less expensive, more efficient, ) -CapEx vs OpEx   Capital Expendetiture   Operational Expendetrule -consumption-based model   * no upfront costs availabilty sets avaiblity zone server level agrements share Type of Clouds: -Public cloud -Private Cloud (on prem) -Hybrid Cloud Level of responsobility -SaaS -PaaS -IaaS Geographies Regions -different machines and services beetwen regions -different cost Region Pairs - for failovers Zones and Sets -pick one of them -zones are newer and have better SLA single vm - if you choo...

 0. Why Terraform Enterprise a) Collaboration - How we collabarate -one user: Write-> Plan -> Apply -small team in TE: Write -> Plan -> Version Control -> Apply -> Safe Ops File  - many teams in TE: RBAC in Workspace - whole organisation (including people with no Terraform expiernce: Work on Registry in Consumer-Producer module =  Producers (small team publish modules) -> Consumers -Safety - policy as a code 1. Overview 2. Terraform Workspaces 3. Sentinel policies https://github.com/hashicorp/terraform-foundational-policies-library https://github.com/hashicorp/terraform-foundational-policies-library/tree/master/cis/gcp/kubernetes

1)  https://habr.com/en/company/mailru/blog/472428/ 2)  https://habr.com/en/post/437682/ 3)  https://habr.com/en/company/miro/blog/499782/ 4)  https://github.com/2gis/k8s-handle 5)  https://matthewpalmer.net/kubernetes-app-developer/ 6)  https://www.replex.io/