{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"italic"}],"text":"Original URL:"},{"type":"text","text":" "},{"type":"link","attrs":{"href":"https:\/\/aws.amazon.com\/blogs\/opensource\/realize-policy-as-code-with-aws-cloud-development-kit-through-open-policy-agent\/","title":"","type":null},"content":[{"type":"text","marks":[{"type":"italic"}],"text":"https:\/\/aws.amazon.com\/blogs\/opensource\/realize-policy-as-code-with-aws-cloud-development-kit-through-open-policy-agent\/"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/docs.aws.amazon.com\/cdk\/latest\/guide\/home.html","title":"","type":null},"content":[{"type":"text","text":"AWS Cloud Development Kit"}]},{"type":"text","text":"(AWS CDK)是一個開源軟件框架,允許使用熟悉的編程語言來定義和配置AWS上的基礎設施。“基礎設施即代碼”通過使用CDK對基礎設施進行版本控制,能夠更有效且可靠地管理AWS上的基礎設施。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當然,在計劃部署新的AWS資源或更新時,我們必須確保這些更改沒有引入安全漏洞,勢必要建立安全合規基準,輔以流程遵循合規性要求。現在,是時候來設置和定義相應的安全基準,以確保AWS上基礎設施的更改不會引起安全問題。"},{"type":"link","attrs":{"href":"https:\/\/www.openpolicyagent.org\/","title":"","type":null},"content":[{"type":"text","text":"開放策略代理"}]},{"type":"text","text":"(OPA)是一個雲原生基金會的孵化項目,旨在針對雲上基礎設施的安全基準策略自動進行檢查。OPA提供了統一的框架和語言,用於聲明、實施和控制雲上基礎設施中各個部件的安全基準策略。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"將OPA與AWS CDK集成在一起之後,可獲得“策略即代碼”的能力,即在AWS CDK對AWS環境進行更改之前,對這些更改進行合規策略的檢查。這種新方法帶來很多好處,具體包括:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"各個團隊成員可以輕鬆在實際更改之前進行策略檢查。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過與CI \/ CD集成,可以自動執行策略檢查。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"用戶可以對“基礎設施即代碼”實施強制性檢查。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"用戶可以根據行業最佳實踐框架(例如CIS AWS Benchmark)中的安全合規要求,編寫自定義的OPA策略。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"總而言之,這將極大地縮短基礎設施安全合規的事後檢查週期。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這篇文章的其餘部分將逐步介紹如何將OPA與AWS CDK結合使用,以實現“策略即代碼”。這將涉及以下的任務:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"創建一個AWS CDK項目以部署AWS資源。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據REGO策略語言編寫簡單的OPA策略。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"利用OPA策略來檢查AWS CDK的基礎設施代碼。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"先決條件"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"1.1 在AWS Cloud9中創建EC2環境"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
使用 AWS CDK 結合 OPA 實現“策略即代碼”
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"italic"}],"text":"Original URL:"},{"type":"text","text":" "},{"type":"link","attrs":{"href":"https:\/\/aws.amazon.com\/blogs\/opensource\/realize-policy-as-code-with-aws-cloud-development-kit-through-open-policy-agent\/","title":"","type":null},"content":[{"type":"text","marks":[{"type":"italic"}],"text":"https:\/\/aws.amazon.com\/blogs\/opensource\/realize-policy-as-code-with-aws-cloud-development-kit-through-open-policy-agent\/"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/docs.aws.amazon.com\/cdk\/latest\/guide\/home.html","title":"","type":null},"content":[{"type":"text","text":"AWS Cloud Development Kit"}]},{"type":"text","text":"(AWS CDK)是一個開源軟件框架,允許使用熟悉的編程語言來定義和配置AWS上的基礎設施。“基礎設施即代碼”通過使用CDK對基礎設施進行版本控制,能夠更有效且可靠地管理AWS上的基礎設施。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當然,在計劃部署新的AWS資源或更新時,我們必須確保這些更改沒有引入安全漏洞,勢必要建立安全合規基準,輔以流程遵循合規性要求。現在,是時候來設置和定義相應的安全基準,以確保AWS上基礎設施的更改不會引起安全問題。"},{"type":"link","attrs":{"href":"https:\/\/www.openpolicyagent.org\/","title":"","type":null},"content":[{"type":"text","text":"開放策略代理"}]},{"type":"text","text":"(OPA)是一個雲原生基金會的孵化項目,旨在針對雲上基礎設施的安全基準策略自動進行檢查。OPA提供了統一的框架和語言,用於聲明、實施和控制雲上基礎設施中各個部件的安全基準策略。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"將OPA與AWS CDK集成在一起之後,可獲得“策略即代碼”的能力,即在AWS CDK對AWS環境進行更改之前,對這些更改進行合規策略的檢查。這種新方法帶來很多好處,具體包括:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"各個團隊成員可以輕鬆在實際更改之前進行策略檢查。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過與CI \/ CD集成,可以自動執行策略檢查。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"用戶可以對“基礎設施即代碼”實施強制性檢查。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"用戶可以根據行業最佳實踐框架(例如CIS AWS Benchmark)中的安全合規要求,編寫自定義的OPA策略。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"總而言之,這將極大地縮短基礎設施安全合規的事後檢查週期。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這篇文章的其餘部分將逐步介紹如何將OPA與AWS CDK結合使用,以實現“策略即代碼”。這將涉及以下的任務:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"創建一個AWS CDK項目以部署AWS資源。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據REGO策略語言編寫簡單的OPA策略。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"利用OPA策略來檢查AWS CDK的基礎設施代碼。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"先決條件"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"1.1 在AWS Cloud9中創建EC2環境"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章