This session will describe the techniques and patterns used in a real life project where the goal was to: build a VPC on AWS, make it extremely secure on all accounts, do it automated.
I will describe how you can take Puppet and AWS and introduce all kinds of real life security measures, all managed by Puppet. These security measures include: Log collection and analysis (in combination with Graylog2), Transparent Proxy Hosts for DMZ separation, Host Based Firewalls to augment the non-logging AWS firewalls/security groups, CIS (Center for Internet Security) Benchmark enforcement on standard AWS Linux AMIs, change tracking with SVN.
This session will highlight where Puppet saved the day but also where integration was troublesome.
Tim Nolet is an infrastructure architect and continuous delivery consultant working for Xebia (www.xebia.com). Brought up on a steady diet of Java enterprise applications, he has helped his customers design, build and manage internet infrastructures in diverse areas of travel, retail, banking, energy and public services. Currently, he is on a mission to reap all the benefits of automated deployment and cloud engineering to deliver fast, safe and stable applications. Together with Amazon Web Services, Puppet plays a major role in this mission. Tim also smiles when you let him dive deep into performance, security and stability issues, or let him play guitar for a day.
- You've got enough to worry about without adding the hundreds or thousands of dynamic resources cloud applications demand. Puppet Enterprise makes it easier to provision and configure public & private clouds
- Robust orchestration is key to cloud automation. Learn how the Puppet Enterprise 3.0 orchestration engine scales admin know-how to work at the scale demanded by the cloud.
- PuppetConf 2014 will be back in San Francisco. Developer Day will be held September 22, PuppetConf will be held September 23-24. Save the date!