Course Overview
The One Day Hack for Security prepares IT professionals of all flavours for identifying and resolving security issues in cloud-native development and deployment processes. This hack gives attendees the hands-on experience of working with security on Kubernetes powered by Elastic Kubernetes Service (EKS) and Amazon Web Services (AWS) in general.
The concept of this Security-focused One-Day Hack is based on attendees working in teams while completing a set of gated challenges that will boost their knowledge in the area of security that is needed now more than ever since security is a crucial topic in today’s modern, containers-based cloud-native world. They will do that by leveraging Amazon’s Cognito, AWS Secrets Manager, integration of a CSI driver with Elastic Kubernetes Service, and advanced features of AWS’s networking.
Outline: Securing Container Workloads in AWS Hackathon (SECTY-HACK-AWS)
The challenges are connected – building on the previous one. The attendees will be faced with three challenges. They will be given an Elastic Kubernetes Service cluster running a demo application consisting of several microservices developed using Node.js. The challenges are briefly described below. Challenge 1: Who is who in the zoo? Introduction to user authentication and authorization while using Amazon Cognito and Elastic Kubernetes Service will start with the team looking to improve their solution's security. They will have access to Elastic Kubernetes Service running a demo application. The team will have to define and manage users’ level of access to EKS resources, keeping the whole system secured while still enabling every engineer to do what they need to do.
Challenge 2: Hush, hush The team will be introduced to the concept of using secrets in the Kubernetes cluster. They will need a manager for handling their secrets and for that they will use Amazon Secrets Manager. Once they create Amazon Secrets Manager and their secrets, they should edit their deployment templates to consume their newly created secrets and implement a CSI driver in their cluster.
Challenge 3: It’s time to create some order here After the team has implemented a user authentication and authorization strategy and stored the secrets in a secure place, the application in the EKS cluster is much more secure. However, that is nearly not enough to call their system secure. The team should also consider communication protocols between microservices (containers) internally and externally. To achieve that, they will have to add a set of rules for the cluster to abide by.