Op werkdagen voor 23:00 besteld, morgen in huis Gratis verzending vanaf €20

Policy as Code

Improving Cloud-Native Security

Paperback Engels 2024 1e druk 9781098139186
Verkooppositie 3625Hoogste positie: 3625
Verwachte levertijd ongeveer 16 werkdagen

Samenvatting

In today's cloud native world, where we automate as much as possible, everything is code. With this practical guide, you'll learn how Policy as Code (PaC) provides the means to manage the policies, related data, and responses to events that occur within the systems we maintain—Kubernetes, cloud security, software supply chain security, infrastructure as code, and microservices authorization, among others.

Author Jimmy Ray provides a practical approach to integrating PaC solutions into your systems, with plenty of real-world examples and important hands-on guidance. DevOps and DevSecOps engineers, Kubernetes developers, and cloud engineers will understand how to choose and then implement the most appropriate solutions.

- Understand PaC theory, best practices, and use cases for security
- Learn how to choose and use the correct PaC solution for your needs
- Explore PaC tooling and deployment options for writing and managing PaC policies
- Apply PaC to DevOps, IaC, Kubernetes, and AuthN/AuthZ
- Examine how you can use PaC to implement security controls
- Verify that your PaC solution is providing the desired result
- Create auditable artifacts to satisfy internal and external regulatory requirements

Specificaties

ISBN13:9781098139186
Taal:Engels
Bindwijze:paperback
Aantal pagina's:450
Uitgever:O'Reilly
Druk:1
Verschijningsdatum:28-6-2024
Hoofdrubriek:IT-management / ICT
ISSN:

Lezersrecensies

Wees de eerste die een lezersrecensie schrijft!

Inhoudsopgave

Preface

I Needed Policy as Code
Who Should Read This Book
Conventions Used in This Book
Using Code Examples
O’Reilly Online Learning
How to Contact Us
Acknowledgments

1. Policy as Code: A Gentle Introduction
What Is Policy?
What Is Policy as Code?
What Is a Policy?
PaC Policy Characteristics
The Role of JSON and YAML
Guardrails: Preventing the Unwanted
Plans: Reacting to the Unplanned
Adopting Open Source Software
Disadvantages of OSS
The Care and Feeding of OSS
Standards and Controls
Policy as Code for Everything as Code
Policy Engines and Languages
Choosing the Right PaC Solution
Example PaC Selection Factors
PaC Selection Scorecard
The Cloud Native Computing Foundation
Summary

2. Open Policy Agent
Hello World
OPA Installation and Modes
OPA Command-Line Interface
OPA Read-Eval-Print Loop
OPA Server
OPA eval
OPA exec
Rego Policy Language
OPA Document Model
Rego Syntax and Logic
Writing and Testing Rego
The Rego Playground
Advanced Bundling Topics
Bundle Signing
Bundles for Extension: WebAssembly
Extending and Integrating with OPA
Summary

3. Policy as Code and Access Control
Privileged Access Management
OPA Bearer Token AuthN and AuthZ
Role-Based Access Control
OPA and RBAC
Attribute-Based Access Control
OPA and ABAC
Administering Policies and Data
Bundle Server
Styra DAS and Policy-Based Access Management
Styra Run
Open Policy Administration Layer
Using OCI Images with OPA and Open Policy Containers
Summary

4. Policy as Code and Kubernetes
CNCF and Policy Management
Implementing Security Controls and Controlling Behaviors
API Server Requests
Admission Controllers
Dynamic Admission Controllers
Mutating Resources
Validating Resources
API Server Request Latency and Webhook Order
Auditing and Background Scanning Existing Resources
Generating Resources and Policies
Kubernetes Native Policy Features
Pod Security
Pod Security Admission
Validating Admission Policy
AuthZ Webhook Mode
AuthZ Decisions
AuthZ Webhook and PaC
Example Policy
Policy Reporting
Summary

5. Open Policy Agent and Kubernetes
OPA Installation
Validating Admission Webhook
Kubernetes Management Sidecar
Kubernetes Policy Management
Kubernetes Data Management
Data from Configmaps
OPA AuthZ and kube-mgmt
Kubernetes Policies
Validation Policies
OPA Policy Entry Point
Custom Helper Libraries
Mutating Configuration and Policies
Centralized OPA Management with Styra DAS
Policy Management
Uninstalling Styra DAS
Summary

6. MagTape and Kubernetes
Installing and Uninstalling MagTape
MagTape init
Proxying OPA with MagTape
Controlling Deny Volumes
The Deny Volume Knob
Slack Notifications
Summary

7. OPA/Gatekeeper and Kubernetes
Installation
Ignoring Namespaces
Config: Alpha Feature
Uninstalling Gatekeeper
Policies
OPA Constraint Framework
Validation Policies
Enforcement Actions
Mutation Policies
Use Case: Multitenancy Isolation
Audit Mode
External Data Providers
Policy Expansion
Policy Testing
Summary

8. Kyverno and Kubernetes
Installation
Ignoring Namespaces
Dynamic Webhook Configurations
Uninstalling Kyverno
Policies
Policy Lexicon
Policy Composition
Policy Types
Policy Reporting
Background Scans
Policy Testing
Summary

9. jsPolicy and Kubernetes
Installation
CRD Webhook Configuration
Policy Webhook Configurations
Uninstalling jsPolicy
Policies
Inline Policies
Bundled Policies
Summary

10. Cloud Custodian and Kubernetes
CLI Mode
Installation
Cleanup
Policies
Policies with Actions
Discovery with Policies
Controller Mode
Installation
Validating Policies
Mutating Policies
c7n-kates
Summary

11. PaC and Infrastructure as Code
Infrastructure as Code
Immutability
Baking Versus Frying
Imperative and Declarative IaC
Applying PaC to IaC
Preventive Controls
Conftest
Checkov and cfn-lint
CFN Hooks
Using PaC with Hooks
Validating Terraform
Terraform and Conftest
OPA tfplan
Summary
12. PaC and Terraform IaC

HashiCorp Sentinel
Terraform Artifacts
Mocking Data
Testing
Running Policies in TFC
Additional Terraform Validation
Checkov
tflint
Terrascan
tfsec
Snyk
Summary

13. PaC and Infrastructure as a Service
Prowler
Prowler Checks
Prowler CLI
Cloud Custodian
Installation
Cleanup
Cloud Custodian Policies
FinOps with Custodian
Summary

14. PaC and the Software Supply Chain
Attacking Normal
SSC Policy Enforcement Points
Codebase and Pipeline PEPs
PaC and Trivy with Container Images
Software Bill of Materials
Evaluating SBOMs with PaC
Detecting Vulnerabilities in SBOMs with PaC
SBOM Promises
SBOM Authenticity and Integrity
Summary

15. Retrospectives and Futures
Characteristics of Successful PaC Adoption
Momentum
Domain-Specific Languages
Usability
Project Extensibility and Ecosystem Development
Enterprise Solutions
PaC Looking Forward
Embracing Standards with OSCAL
PaC and Generative AI
Cedar
Configure, Unify, Execute
Conclusion

Index
About the Author

Managementboek Top 100

Rubrieken

Populaire producten

    Personen

      Trefwoorden

        Policy as Code