DevSecOps

with
AWS

https://www.joindevops.com/devsecops-with-aws-siva-82s
 12+ Years Experience 6500+ Students Trained

Sivakumar Reddy Mettukuru

Senior Cloud Architect & Expert

Sivakumar Reddy M., Founder & CEO of Joindevops & Linuscode Technologies,
is an expert in strategic leadership with extensive experience in DevOps, cloud
computing, Java development, IoT, telecom, banking, media, and R&D. He
specializes in modern cloud-native application development, guiding businesses
through legacy-to-cloud migrations, and ensuring robust cloud security and cost
optimization. Sivakumar is a leader in integrating DevSecOps practices across
projects and excels at optimizing performance in modern architectures. With a
passion for exploring advancements in cloud technologies and modern
development practices, he is committed to driving innovation and delivering
cutting-edge solutions for his clients.

https://www.joindevops.com/devsecops-with-aws-siva-82s
 DevOps vs DevSecOps
DevOps and DevSecOps are both practices that aim to enhance the software development and
deployment process, but they have distinct focuses and approaches. Let’s break down the key
differences between them:

Why Choose DevSecOps?

As organizations become more reliant on technology and data, the security of software has become
increasingly important. DevSecOps makes security a collaborative, continuous, and automated part of
the DevOps process, leading to better, safer software.
In a world of increasing cybersecurity threats, DevSecOps represents the next step in the evolution of
DevOps, helping teams not only deliver software fast but also deliver secure software without
compromising on speed or quality.

https://www.joindevops.com/devsecops-with-aws-siva-82s
 Tools and Technologies
Covered in this course

Ready to dive in? Join us at JoinDevOps.com and take the first step
toward mastering DevSecOps with AWS!

https://www.joindevops.com/devsecops-with-aws-siva-82s
 Start Here
This is a step-by-step roadmap crafted from the perspective of a DevSecOps
professional and instructor. It outlines the most effective path for becoming a
DevSecOps expert with AWS, built on practical insights and real-world experience.

With this roadmap, I hope to guide you on this rewarding yet challenging journey
into DevSecOps.

We've designed this course to make it more personalized based on your current
background as you transition into DevOps or DevSecOps. So whether you're
coming from:

System Administrator
Software Developer
Test Automation Engineer
Network Engineer
Individuals with limited or no IT knowledge

After completing the DevSecOps roadmap, you’ll

gain insights into how to begin your DevSecOps
journey based on your unique background.

One important thing to keep in mind:

DevSecOps covers the entire software development
lifecycle, which involves working with numerous tools
and technologies. DevSecOps is constantly evolving, with
new tools being introduced regularly.

https://www.joindevops.com/devsecops-with-aws-siva-82s
 Understanding Software
Development
As a DevOps professional, you won’t necessarily be
writing code, but you’ll work closely with
development teams to improve and automate their
processes. To be effective, it’s essential to understand
the Software Development Life Cycle (SDLC) and
why DevOps has become vital in modern
development.

And generally understand what the whole software development lifecycle covers from
idea to code, all the way to releasing it to the end users!

Waterfall Method:
A traditional, linear
approach where each
stage of development
must be completed
before the next begins.

Agile Methodology:
A more dynamic, iterative
approach where
development happens in
sprints, allowing for
frequent adjustments
based on feedback.

https://www.joindevops.com/devsecops-with-aws-siva-82s
 Linux and OS Basics

In DevOps, part of your job is to set up and

look after the infrastructure where applications
run. To do this well, you need to be
comfortable with some basics of server Since most servers use Linux, being
management, especially on Linux, since that’s comfortable with the Command
the main OS used in most setups. Line Interface (CLI) will make your
life a lot easier. We mostly use
RedHat Linux throughout the
Basic concepts of Operating Systems,
course
you need to understand:

Linux Commands

Linux File System & Permissions To set up and secure your infrastructure, it
helps to have a basic understanding of
Editors networking and security. Here are a few
things you’ll learn:
Package & Network Management
Basics of IP addresses, ports, and DNS
SSH Key Management HTTP/HTTPS
Security Groups
Launching EC2 Machine
User and Service management

What is Computer?
Client - Server Architecture
Linux Advantages over windows

Quick Tip: You don’t need to be a full-on SysAdmin for DevSecOps. Just focus on
the essentials – leave the deeper server management to the pros. Your goal is to
know enough to get things up and running securely.

https://www.joindevops.com/devsecops-with-aws-siva-82s
 Manual Deployment of
3-tier Web Application
Here, we’re diving into a hands-on project that will teach you how to manually deploy a
fully functional 3-tier web application. This is a powerful learning experience because
you’ll be setting up every layer of the application by yourself, from the database to the
backend and frontend – all hosted on your own custom domain!

Understanding the “Why” Behind Manual Deployment:

Deploying everything manually might seem like extra work,

but it’s essential to understanding how your application
really works. By going through each setup step yourself,
you’ll gain a deeper knowledge of what’s happening under
the hood. This will make it much easier to automate these
processes later using DevOps tools.

Here’s What You’ll Be Doing:

Frontend Backend Database
Launching Your Server
Purchasing and Setting Up
Your Own Domain
(www.yourname.com)
Manual Deployment of the
3-Tier Application
a. Database
b. Backend
c. Frontend
Exploring Networking
Concepts
Forward & Reverse Proxy
Linux Folder structure
Soft link and Hard link

https://www.joindevops.com/devsecops-with-aws-siva-82s
 Shell Scripting
Since you are closely working with developers and system administrators to also automate
tasks for development and operations, you will need to write scripts and small applications
to automate them.

Shell scripting is like creating a list of

instructions for your server to follow, Version Control with Git
which saves you time and reduces the
chances of mistakes. You’ll also learn about Git, which is a tool
that helps you keep track of changes in
your scripts. We’ll cover:

You’ll start with the basics and work your GitHub Setup: How to set up an
way up to industry-level techniques. By account and create a repository to
the end of this section, you’ll know how store your scripts.
to automate the setup and deployment Key Commands:
git add: Add changes to be
of your own 3-tier web application.
committed
git commit: Save your changes
What You’ll Learn: with a message describing what
you did
Shell Scripting Basics and Advanced git push: Upload your changes to
Concepts GitHub
Special Variables
This will allow you to manage different
Conditions
versions of your scripts, collaborate with
Functions
others, and keep a history of your work.
Colors
Exit Status
Loops
Logs and Redirectors
Idempotency
Monitoring and Backup scripts

https://www.joindevops.com/devsecops-with-aws-siva-82s
 Automating Deployments
with Ansible

Push vs. Pull Architecture

Ansible—a powerful tool that

simplifies and automates the
management of servers and
deployments. Ansible is great for
handling complex tasks with ease, Hands-On:
making it a must-have skill for
anyone looking to streamline Writing Playbooks to Automate
operations and increase efficiency Deployments
in a DevSecOps role.
You’ll start by writing simple
playbooks that automate common
Why Move Beyond Shell Scripts? tasks.
Then, we’ll move on to writing
Shell scripting is powerful, but it playbooks that automate the
has its limits. When managing lots deployment of your 3-tier web
of servers or handling complex application. You’ll automate the setup
configurations, shell scripts can of the database, backend, and
become cumbersome, difficult to frontend, all with a few lines of YAML.
maintain, and prone to errors. Roles, Tags, Vault, Dynamic Invenory,
That’s where Ansible comes in. Handlers, etc.
By the end of this module, you’ll know
how to use Ansible to automate the setup
and deployment of your entire web
application infrastructure. You’ll also have
a deeper understanding of how automated
tools make life easier, from simplifying
repetitive tasks to ensuring consistency
across environments.

https://www.joindevops.com/devsecops-with-aws-siva-82s
 Infrastructure as Code
(IaC) with Terraform
Manually creating and maintaining
infrastructure is not only time-consuming
but also prone to errors—especially when
you need to replicate environments, like
Development, Testing, and Production. To
overcome these challenges, we use 1. Key Terraform Commands
Infrastructure as Code (IaC), where we 2. To manage infrastructure effectively, you’ll
write code to manage and configure use commands such as:
infrastructure. This approach brings terraform init
consistency, automation, and reliability. terraform plan
terraform apply
terraform destroy
3. Advanced Commands and Concepts
Upgrade & Format (upgrade, fmt)
State Management (show state, import,
Why Terraform Over Ansible for Infrastructure
taint, remote state, state locking)
Provisioning?
Variables (tfvars, locals) configurations
Ansible is a powerful tool for managing configurations, reusable and more readable.
but it has limitations when it comes to provisioning Workspaces
complex infrastructure. Terraform, on the other hand, is
Loops and Conditionals
purpose-built for provisioning infrastructure, which
makes it more efficient for tasks like setting up cloud Provisioners
resources, networking, and scaling. Here’s how they 4. Hands-On: Creating Infrastructure and
differ: Deploying the Web Application
Ansible: Great for configuration management—think
5. Once you understand the concepts, you’ll
of setting up software and managing server settings. create infrastructure for your 3-tier web
application:
Terraform: Ideal for provisioning—creating and
Set up networking components like
managing cloud infrastructure such as servers,
databases, and networking. Virtual Private Clouds (VPCs), subnets,
and security groups.
Configure elastic IPs, NAT gateways,
Learning Terraform from Basics to Advanced Concepts and load balancers to distribute traffic
We’ll start by understanding the basics of how
Terraform works, and we’ll move step-by-step into
efficiently.
more advanced topics. Here’s what you’ll learn: Deploy your backend, frontend, and
File and Folder Structure database layers with complete
Learn how Terraform’s files and folders are
automation using Terraform.
organized.
Writing Custom Modules
Modules are reusable pieces of Terraform code.

https://www.joindevops.com/devsecops-with-aws-siva-82s
 CI/CD Pipelines:
Automating Deployments
with Jenkins
CI/CD (Continuous Integration and
Continuous Deployment) is at the core of
DevOps. It helps automatically build, test,
and deploy new code changes, making the
process fast, repeatable, and reliable.
When developers make changes—like
adding a feature or fixing a bug—the Jenkins is one of the most popular
CI/CD pipeline ensures that the updated tools for setting up these
code gets tested and deployed seamlessly. pipelines. It allows you to
automate each step, from testing
Key Topics We’ll Cover: to deploying, ensuring consistency
and reducing manual errors.
Jenkins Pipeline Jobs: Learn to create jobs to Alongside Jenkins, we also use
automate testing and deployment of code.
tools like SonarQube for checking
Master-Agent Setup: Understand how Jenkins’
code quality and Veracode for
Master-Agent setup allows scalability.
SonarQube Integration: Use SonarQube to
security scans.
automatically check for code quality issues and
vulnerabilities.
Static and Dynamic Security Testing: Learn how
SAST (Static Application Security Testing) and
DAST (Dynamic Application Security Testing) help
secure your applications.

By the end of this module, you’ll be able to set up automated pipelines that take code from a developer’s push
to deployment—all with Jenkins, ensuring high quality and secure software releases.

https://www.joindevops.com/devsecops-with-aws-siva-82s
 Cloud Provider

Nowadays many companies use virtual

infrastructure on the cloud, instead of managing
their own infrastructure. These are Infrastructure
as a Service (IaaS) platforms, which offer a range Among cloud providers, AWS is the
of additional services, like backup, security, load most widely used and powerful, but
balancing etc it can also be challenging to learn.

AWS Services You'll Learn:

Other popular ones:
VPC & Subnetting: Set up secure, isolated
Microsoft Azure, Google Cloud
networks.
Routes & Peering: Manage traffic and connect
multiple VPCs.
EC2: Deploy virtual servers for hosting
applications.
Autoscaling & Load Balancing: Scale automatically
and balance traffic efficiently.
Route 53: DNS service for directing user requests.
IAM: Control access and manage permissions
securely.
CloudFront (CDN): Deliver content quickly
worldwide. These services are platform-specific. So
S3: Store and retrieve data effortlessly. you need to learn the services of that
Lambda: Run code without managing servers. specific platform and learn how to
EKS & ECR: Manage Kubernetes clusters and manage the whole deployment
container images. infrastructure on it
KMS: Encrypt and secure your data.

AWS has loads of services, but you only need to learn the services you/your company actually
needs. E.g. when the K8s cluster runs on AWS you need to learn the EKS service as well.

Once you learn one IaaS platform, it's easy to learn others

https://www.joindevops.com/devsecops-with-aws-siva-82s
 Containerization with
Docker

Docker has become the standard for

packaging and running applications as
containers. If you're building
applications today, chances are you’ll Getting Started with Docker
use Docker to deploy them efficiently.
Docker is a tool that helps you create, run, and manage
In this section, we’ll explore what
containers easily. It allows you to package your application
containers are, how Docker works, and
and all its dependencies into a single, isolated unit called a
why it's a game-changer for modern
container.
software development.
Docker Installation and Commands: You'll learn how to
install Docker and use basic commands like docker run,
From Monolithic to Microservices:
docker ps, docker stop, etc., to manage containers.
In the past, applications were developed as large,
Docker Networking: Understand how Docker manages
monolithic systems. Today, we use microservices—small,
independent components that make development faster networking, allowing multiple containers to communicate
and more flexible. with each other seamlessly.
Bare Metal vs. VMs vs. Containers: Docker Volumes: Persist your data by attaching volumes
Bare Metal: Physical servers running applications directly,
to your containers so that information isn’t lost when the
which makes scaling difficult.
Virtual Machines (VMs): Virtualize the entire operating container stops.

system, which makes them more flexible than bare metal Docker Compose: Use Docker Compose to run multiple
but still resource-heavy. containers together—essential for deploying more
Containers: Containers virtualize only the application
complex applications with databases, backends, and
layer. This makes them lightweight and faster, as they
frontends.
don’t need to run a full OS for every instance.

Building a Real Project with Docker

You will set up our 3-tier web application using Docker. This
includes:
Creating Dockerfiles: Writing Dockerfiles to define how
your application should be built into a container.
Best Practices: You'll learn some best practices to ensure
your containers are efficient, such as:
Using minimal base images to keep your containers
lightweight.
Running containers as non-root users for better
security.
Leveraging multi-stage builds to keep images clean
and small.

https://www.joindevops.com/devsecops-with-aws-siva-82s
 Container Orchestration
with Kubernetes
Why Kubernetes Over Docker Alone?
With Docker, managing a few containers is easy. But as
applications grow and we need to run multiple services,
scaling becomes a challenge. Kubernetes automates the
deployment, scaling, and management of containerized
applications, making it easier to maintain large systems. That’s Kubernetes, also known as K8s, is the
why we use Kubernetes alongside Docker for better scalability most popular tool for managing
and reliability. containers at scale. While Docker helps
us create and run individual containers,
Kubernetes comes into play when you
need to orchestrate hundreds or even
thousands of containers across multiple
We’ll use Amazon EKS (Elastic Kubernetes Service), which
servers, ensuring that everything works
helps us manage Kubernetes without worrying too much
together seamlessly.
about the underlying infrastructure.

Deploying Our 3-Tier Application with Kubernetes

In this part of the course, you’ll learn how to take your Docker images and deploy a complete 3-tier web application to an EKS cluster. We’ll use Helm
charts to simplify the deployment process.
Key Concepts You’ll Learn:
1. Namespaces
Namespaces help organize your resources within a Kubernetes cluster, making it easy to manage and separate environments (e.g., dev, test,
production).
2. Pods
Pods are the smallest unit in Kubernetes and represent one or more containers that run together.
You’ll learn about Labels (for organizing resources) and Annotations (for adding metadata).
Set environment variables (Env) and define resource limits to manage how much CPU and memory a container can use.
3. Services
Kubernetes Services help expose your application to the outside world or within the cluster:
Cluster IP for internal communication.
NodePort and Load Balancer to expose your application externally.
4. Sets and Deployments
ReplicaSets ensure that the specified number of pod replicas are running at all times.
Deployments help manage updates and changes to your application.
5. Volumes for Persistent Storage
Understand EBS Static and Dynamic Provisioning to manage persistent storage.
EFS Provisioning allows sharing data between multiple pods.
6. StatefulSets
Use StatefulSets for applications that require stable network identities and persistent storage, ensuring that each instance of your app is uniquely
identifiable.
7. Scaling Applications
Vertical vs. Horizontal Scaling: Learn the differences and when to use each.
Horizontal Pod Autoscaling (HPA): Automatically adjust the number of pods based on resource usage.
8. Helm Charts
Helm makes it easy to deploy complex applications using pre-configured templates. You’ll learn how to use Helm charts to deploy our 3-tier application
efficiently.

https://www.joindevops.com/devsecops-with-aws-siva-82s
 Version Control with
Git

Why Git Matters

With Git, you can:
Track Changes: Know exactly what changes were made, by
whom, and why.
Collaborate: Work with team members on the same project,
merge code, and resolve conflicts easily.
Store Remotely: Save your code centrally in a remote Git
repository like GitHub or GitLab.

Key Topics You’ll Learn:

1. Merge and Rebase
Merging is the process of combining changes from one branch into another. This is the default way to
bring changes together.
Rebasing is an alternative approach that helps create a linear history, making it easier to understand. You’ll
learn when to use each method and the pros and cons of both.
2. Pull Request (PR) Process
A Pull Request (PR) is a way to propose changes and discuss them with your team before merging them
into the main branch. PRs help ensure that code is reviewed, tested, and approved by other team
members, leading to higher quality code.
3. Resolving Conflicts
Sometimes, two developers make changes to the same piece of code, which can lead to merge conflicts.
You’ll learn how to identify and resolve these conflicts, ensuring your code integrates smoothly.
4. Branching Strategy
Branching strategies help teams work efficiently without stepping on each other’s toes. We’ll cover
different approaches like:
Feature Branching: Each new feature gets its own branch until it’s complete.
Git Flow: A more structured strategy with branches for features, releases, and hotfixes.
You’ll understand which strategy works best in different scenarios, keeping the project organized and
manageable.
5. Merge Strategy
You’ll also learn about different merge strategies:
Fast-Forward Merge: When there are no changes on the target branch, and your branch can be directly
added.
Three-Way Merge: Involves combining changes when there are differences in both branches, often
requiring more work but ensuring no changes are lost.

https://www.joindevops.com/devsecops-with-aws-siva-82s
 Scripting Language
Since you are closely working with developers
and system administrators to also automate tasks
for development and operations, you will need to
write scripts and small applications to automate
Python is one of the most popular
them.
programming languages and easy to
learn
For that, you will need some scripting or basic
programming skills.

Scripting Options:
OS-Specific Scripting Languages:
Bash, PowerShell: Great for automating
tasks within their respective environments.
OS-Independent Languages:
Python, Ruby, JavaScript, Go: These are
versatile, powerful, and more in demand in
DevOps.

These languages are more powerful and flexible. If you know one of these, it will make you much
more valuable as a DevOps engineer.

You don't need the same level as a software developer.

Learning how to write scripts with Python will be enough.
And the good thing is, programming concepts stay the same, so when you
learn one language well, you can easily learn new ones quite quickly.

https://www.joindevops.com/devsecops-with-aws-siva-82s
 ArgoCD

You'll start by understanding the

ArgoCD architecture and how it
seamlessly syncs your code to ArgoCD is a popular GitOps tool used for

Kubernetes environments. The managing and automating Kubernetes

course will guide you through deployments. It integrates directly with Git,

installing ArgoCD in an EKS cluster, allowing you to maintain desired application

followed by setting up and states declaratively through Git repositories.

configuring it to manage multiple

projects.

You’ll also learn to write YAML configurations for projects, set up sync policies to
keep applications up-to-date automatically, and understand the best practices for
using ArgoCD effectively to maintain consistency and automation in your
deployments.
By the end of this module, you'll be able to use ArgoCD to manage Kubernetes
clusters effortlessly with a clear GitOps workflow.

https://www.joindevops.com/devsecops-with-aws-siva-82s
 Monitoring &
Observability
Once software is in production, it is
important to monitor it to track the
performance, discover problems in your Prometheus and Grafana:
infrastructure and the application. Prometheus is a time-series database that helps
collect metrics from your systems. We’ll use Node
Exporter to gather metrics such as CPU utilization,
RAM, disk usage, and network activity.
We’ll also cover Prometheus Rules for creating
alerts and use the Alert Manager to notify you of
any critical issues.
Grafana will be used to create visual dashboards
for real-time monitoring of system health.

4 Golden Signals:
Latency: How long it takes for
requests to be processed.
Errors: The number of failed requests.
Traffic: The overall load on the
ELK Stack for Log Management:
system. Elasticsearch helps store and search log data.

Saturation (e.g., CPU usage, RAM, Kibana provides visual insights into logs.
etc.): How "full" your resources are. Filebeat collects logs, while Logstash processes
them to provide structured data for analysis.

By mastering these tools and signals, you'll be able to keep a

close eye on your infrastructure and applications, ensuring
everything runs smoothly and proactively responding to
issues before they impact users.

https://www.joindevops.com/devsecops-with-aws-siva-82s
 on your
DevOps journey!