Installing and Configuring SSM Agent

AWS Systems Manager Agent (SSM Agent) is Amazon software that runs on your Amazon EC2 instances and your hybrid instances that are configured for Systems Manager (hybrid instances). SSM Agent processes requests from the Systems Manager service in the cloud and configures your machine as specified in the request. SSM Agent sends status and execution information back to the Systems Manager service by using the EC2 Messaging service. If you monitor traffic, you will see your instances communicating with ec2messages.* endpoints. For more information, see Reference: ec2messages, ssmmessages, and Other API Calls.

Starting with version 2.3.50.0 of SSM Agent, the agent creates a local user account called ssm-user and adds it to /etc/sudoers (Linux) or to the Administrators group (Windows) every time the agent starts. This ssm-user is the default OS user when a Session Manager session is started, and the password for this user is reset on every session. You can change the permissions by moving ssm-user to a less-privileged group or by changing the sudoers file. The ssm-user account is not removed from the system when SSM Agent is uninstalled.

SSM Agent is installed, by default, on the following Amazon EC2 Amazon Machine Images (AMIs):

• Windows Server (all SKUs)
• Amazon Linux
• Amazon Linux 2
• Ubuntu Server 16.04
• Ubuntu Server 18.04

You must manually install SSM Agent on Amazon EC2 instances created from other Linux AMIs. You must also manually install SSM Agent on servers or virtual machines in your on-premises environment. For more information, see Setting Up AWS Systems Manager in Hybrid Environments.

REFERENCE:- https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html

What is DevSecOps?

What is DevSecOps?

DevSecOps is the philosophy of integrating security practices within the DevOps process. DevSecOps involves creating a ‘Security as Code’ culture with ongoing, flexible collaboration between release DevOps engineers and security teams. The DevSecOps movement, like DevOps itself, is focused on creating new solutions for application development processes within an agile framework.

Now, in the collaborative framework of DevSecOps is a shared responsibility integrated from end to end. It’s a mindset that is so important,  “DevSecOps” to emphasize the need to build a secure foundation into DevOps initiatives.

DevOps isn’t just about development and operations teams. If you want to take full advantage of the agility and responsiveness of a DevOps approach, IT security must also play an integrated role in the full life cycle of your apps.

Why DevSecOps is important?

IT infrastructure has undergone huge changes in recent years. The shift to dynamic provisioning, shared resources, and cloud computing has driven benefits around IT speed, agility, and cost, and all of this has helped to improve application development.

“DevOps has become second nature for agile, high-performing enterprises and a foundation for the success of their online business,” says Pascal Geenens, a security evangelist and researcher at Radware.

“However, application security was most important, and at times perceived as a roadblock to staying ahead of the competition,” says Geenens. “Given the reliance of applications to keep operations running, bypassing security must be considered a high-risk strategy -- a distributed or permanent denial of service attack could easily catch you out.

          KEEP READING THIS SPACE FOR LATEST DEVSECOPS UPDATE

Application Load Balancer

Your Amazon ECS service can optionally be configured to use Elastic Load Balancing to distribute traffic evenly across the tasks in your service.

Elastic Load Balancing supports the following types of load balancers: Application Load Balancers, Network Load Balancers, and Classic Load Balancers, and Amazon ECS services can use either type of load balancer. Application Load Balancers are used to route HTTP/HTTPS (or Layer 7) traffic. Network Load Balancers and Classic Load Balancers are used to route TCP (or Layer 4) traffic. For more information, see Load Balancer Types.

Application Load Balancers offer several features that make them attractive for use with Amazon ECS services:

• Application Load Balancers allow containers to use dynamic host port mapping (so that multiple tasks from the same service are allowed per container instance).
• Application Load Balancers support path-based routing and priority rules (so that multiple services can use the same listener port on a single Application Load Balancer).

We recommend that you use Application Load Balancers for your Amazon ECS services so that you can take advantage of these latest features, unless your service requires a feature that is only available with Network Load Balancers or Classic Load Balancers. For more information about Elastic Load Balancing and the differences between the load balancer types, see the Elastic Load Balancing User Guide.

Reference details : 

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-load-balancing.html

https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/