A continuous security pipeline demo for the AWS DevSecOps Workshop.
Before you get started, there are a few things you will to need to prepare.
We recommend using a new AWS account for the workshop environment. You can also use an existing account, but make sure the account has no existing resources created. Some of the security checks executed by this workshop may discover resources that are not configured to best practices and fail your pipeline.
Install the aws-cli and use aws configure
to set your AWS Access Keys for your development environment (the account specified above).
Your development environment must have ruby 2.2.5 or better to install the dependencies of the scripts used to stand up the workshop environment. RVM is a tool that can be used for switching between multiple versions.
This repository contains some scripts to stand up a Jenkins in AWS pre-configured to execute this pipeline.
One-button launch of the workshop environment:
To launch from the AWS Console, use the following CloudFormation template:
provisioning/cloudformation/templates/workshop-jenkins.json
To launch from the CLI, see this example:
aws cloudformation create-stack \
--stack-name AWS-DEVSECOPS-WORKSHOP-JENKINS \
--template-body https://s3.amazonaws.com/aws-devsecops-workshop/workshop-jenkins.json \
--region us-east-1 \
--disable-rollback \
--capabilities="CAPABILITY_NAMED_IAM" \
--parameters ParameterKey=InstanceType,ParameterValue=t2.micro \
ParameterKey=WorldCIDR,ParameterValue=0.0.0.0/0
To launch from your terminal, see this example:
$ bundle install
$ rake jenkins:create
See docs/development.md
for more details about the ruby/rake tasks.
The initial admin user to jenkins is preconfigured, the credentials are below.
It is highly recommended that you change the password to your workshop jenkins after creation.
- User:
workshop
- Password:
Fancy$Treasury!Effective!Throw^6
You'll need to create a jenkins credential set to access private repositories in Jenkins.