https://github.com/zkfmapf123/devsecops-architecture

secure-architecture
https://github.com/zkfmapf123/devsecops-architecture

Last synced: 5 months ago
JSON representation

secure-architecture

• Host: GitHub
• URL: https://github.com/zkfmapf123/devsecops-architecture
• Owner: zkfmapf123
• Created: 2023-12-31T07:32:39.000Z (over 2 years ago)
• Default Branch: master
• Last Pushed: 2024-01-01T07:54:15.000Z (over 2 years ago)
• Last Synced: 2025-08-01T00:12:00.531Z (11 months ago)
• Language: HCL
• Size: 1010 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# DevSeOps Best Practice Architecture

## 1. VPC

```

    cd infra/networks

```

- [x] vpc

- [x] vpc-endpoint

![network](./public/vpc.png)

- 기본적인 3-tier architecture 입니다.

- S3, DynamoDB 같은 경우 Private Subnet 에서의 통신은 VPC-Endpoint (Gateway, Interface) 를 사용하여 통신합니다.

## 2. Cloud-Trail-Pipelin (계정 감사용)

```

    cd infra/cloudtrail-pipeline

```

- [x] S3

- [x] Cloud-Trail

- [x] Event Bridge (Rule)

- [x] SNS

- [x] AWS Chatbot to Slack

![cloud-trail](./public/cloud-trail.png)

## 3. EC2 접근방법

- 1. Teleport를 사용한 EC2 접근

    -  Teleport 

    ![bastion](./public/bastion.png)

- 2. Session Manager + GoSSM 을 사용한 EC2 접근 **

    -  SSM Manager 

    ![ssm](./public/ssm.png)

## Reference

- terraforming 설치 (only AWS)

```sh

    ## Install Terraforming

    gem install terraforming

    ## If Error )

    ## ERROR:  While executing gem ... (Gem::FilePermissionError)

    ## You don't have write permissions for the /Library/Ruby/Gems/2.6.0 directory.

    sudo gem install terraforming

```

- Terraform provider 운영

```sh

    ## provider.tf 는 심볼릭링크로 운용합니다.

    ln -s ../provider.tf provider.tf

```