Skip to content
/ aws-devsecops-workshop Public
forked from stelligent/aws-devsecops-workshop

A continuous security pipeline demo for the AWS DevSecOps Workshop.

0 stars 47 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nand0p/aws-devsecops-workshop

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

181 Commits

docs

docs

 
 

features

features

 
 

pipeline

pipeline

 
 

provisioning

provisioning

 
 

test/integration/serverspec/spec

test/integration/serverspec/spec

 
 

.gitignore

.gitignore

 
 

.rubocop.yml

.rubocop.yml

 
 

Gemfile

Gemfile

 
 

Jenkinsfile

Jenkinsfile

 
 

README.md

README.md

 
 

Rakefile

Rakefile

 
 

deploy.sh

deploy.sh

 
 

Repository files navigation

aws-devsecops-workshop

A continuous security pipeline demo for the AWS DevSecOps Workshop.

Prerequisites

Before you get started, there are a few things you will to need to prepare.

AWS Account

We recommend using a new AWS account for the workshop environment. You can also use an existing account, but make sure the account has no existing resources created. Some of the security checks executed by this workshop may discover resources that are not configured to best practices and fail your pipeline.

AWS CLI

Install the aws-cli and use aws configure to set your AWS Access Keys for your development environment (the account specified above).

Ruby 2.2.5

Your development environment must have ruby 2.2.5 or better to install the dependencies of the scripts used to stand up the workshop environment. RVM is a tool that can be used for switching between multiple versions.

Setup Jenkins

This repository contains some scripts to stand up a Jenkins in AWS pre-configured to execute this pipeline.

Create Workshop Environment

One-button launch of the workshop environment:

Launch CFN stack

To launch from the AWS Console, use the following CloudFormation template: provisioning/cloudformation/templates/workshop-jenkins.json

To launch from the CLI, see this example:

aws cloudformation create-stack \
--stack-name AWS-DEVSECOPS-WORKSHOP-JENKINS  \
--template-body https://s3.amazonaws.com/aws-devsecops-workshop/workshop-jenkins.json \
--region us-east-1 \
--disable-rollback \
--capabilities="CAPABILITY_NAMED_IAM" \
--parameters ParameterKey=InstanceType,ParameterValue=t2.small \
  ParameterKey=WorldCIDR,ParameterValue=0.0.0.0/0

To launch from your terminal, see this example:

$ bundle install
$ rake jenkins:create

See docs/development.md for more details about the ruby/rake tasks.

Jenkins Credentials

The initial admin user to jenkins is preconfigured, the credentials are below.

It is highly recommended that you change the password to your workshop jenkins after creation.

Login

  • User: workshop
  • Password: Fancy$Treasury!Effective!Throw^6

Github

You'll need to create a jenkins credential set to access private repositories in Jenkins.

Deployment script

you can optionally use deploy.sh to control stack. if you do so, these variables must be personalized at top of file:

PROFILE  # the aws profile to launch cfn with
TRUSTED_CIDR  # the source CIDR that will be connecting to jenkins.
SSH_KEY_NAME  # the ssh key to use for the jenkins server

Egress Rules

Github, RubyGems, and AWS API Endpoints only traffic allowed out (other than stateful responses).

About

A continuous security pipeline demo for the AWS DevSecOps Workshop.

Resources

Readme
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Ruby 76.3%
  • Shell 10.7%
  • Python 5.9%
  • Gherkin 4.5%
  • Groovy 2.6%