Microservices Security In Action By Prabath Siriwardena and Nuwan Dias Amazon | Manning | YouTube | Slack | Notes | Supplementary Readings PART 1 OVERVIEW 1 ■ Microservices security landscape 2 ■ First steps in securing microservices PART 2 EDGE SECURITY 3 ■ Securing north/south traffic with an API gateway 4 ■ Accessing a secured microservice via a single-page application 5 ■ Engaging throttling, monitoring, and access control PART 3 SERVICE-TO-SERVICE COMMUNICATIONS 6 ■ Securing east/west traffic with certificates 7 ■ Securing east/west traffic with JWT 8 ■ Securing east/west traffic over gRPC 9 ■ Securing reactive microservices PART 4 SECURE DEPLOYMENT 10 ■ Conquering container security with Docker 11 ■ Securing microservices on Kubernetes 12 ■ Securing microservices with Istio service mesh PART 5 SECURE DEVELOPMENT 13 ■ Secure coding practices and automation APPENDICES A ■ OAuth 2.0 and OpenID Connect B ■ JSON Web Token C ■ Single-page application architecture D ■ Observability in a microservices deployment E ■ Docker fundamentals F ■ Open Policy Agent G ■ Creating a certificate authority and related keys with OpenSSL H ■ Secure Production Identity Framework for Everyone I ■ gRPC fundamentals J ■ Kubernetes fundamentals K ■ Service mesh and Istio fundamentals
