4 Security layer 2: protecting cloud infrastructures

The environment you built in chapter 2 to host the invoicer had several security issues. In chapter 3, you fixed the security of the application layer and learned how test-driven security can be used to integrate testing directly into the CI pipeline. You addressed vulnerabilities in the application itself by making use of browser security techniques like CSP, authentication protocols like OpenID Connect, and programming techniques like CSRF tokens. In chapter 4, we’ll continue our journey to secure the invoicer at the infrastructure layer and focus on controls that strengthen the network, servers, and databases of the service. We’ll continue to apply TDS principles by adding security testing into the pipeline, this time at the continuous-delivery layer.

The security audit performed at the end of chapter 2 listed issues we’re now going to fix:

4.1 Securing and testing cloud infrastructure: the deployer

4.1.1 Setting up the deployer

4.1.2 Configuration notifications between Docker Hub and the deployer

4.1.3 Running tests against the infrastructure

4.1.4 Updating the invoicer environment

4.2 Restricting network access

4.2.1 Testing security groups

4.2.2 Opening access between security groups

4.3 Building a secure entry point

4.3.1 Generating SSH keys

4.3.2 Creating a bastion host in EC2

4.3.3 Enabling two-factor authentication with SSH

4.3.4 Sending notifications on accesses

4.3.5 General security considerations

4.3.6 Opening access between security groups

4.4 Controlling access to the database

4.4.1 Analyzing the database structure

4.4.2 Roles and permissions in PostgreSQL

4.4.3 Defining fine-grained permissions for the invoicer application

4.4.4 Asserting permissions in the deployer

Summary