DevOps Pro Europe 2020

March 24-26

Vilnius

Biography

Andreas is an expert in Identity & Access Management and a proponent of the serverless methodology.
Because getting to a shared understanding with the business is more important than technical solutions, he’s into approaches like Domain-Driven Design and Collaborative Modeling.

Workshop

Securing Serverless Apps, APIs & Microservices – Using Infrastructure as Code

Time & Date

9:00, 24 March

Venue

Crowne Plaza Vilnius –
M. K. Čiurlionio str. 84, Vilnius, Lithuania

Language

English

When moving to the cloud, even big enterprises make mistakes by not having the needed security in place. This can lead to severe security breaches and loss of your customers’ data. Don’t let that happen to you!
You will learn how to apply current security best practices and you’ll make an important step towards public-cloud-readiness and a future-proof “Zero Trust” architecture.
After the workshop you’ll have created a production-ready, secure and GDPR-compliant setup that you can easily build upon and extend.
For that we’ll use the Identity Provider Auth0, Azure Functions and the secrets management system Azure Key Vault.

Agenda

Part 1: Auth Fundamentals Recap

  • The Big Picture (Backend/API, Frontend, IdentityProvider, Token-based Authentication)
  • Typical Auth Scenarios
  • OAuth 2, JWT (JsonWebToken), OpenID Connect
  • Towards “Zero Trust”, away from “Perimeter”
  • Client Categories: Interactive (SPA, Native) vs. Non-Interactive *(Machine-to-Machine)
  • SSO (Single Sign On)
  • Authentication (Identity)
  • Authorization (Access Control with Permissions and Roles/RBAC)
  • IaC (Infrastructure as Code) using Pulumi & Auth0 deploy CLI

Part 2: Create, Secure and Deploy a Serverless API

  • Overview & Hands-on
    • Auth0 Management Portal & Deploying IaC
    • Azure Portal & Deploying IaC

Part 3: Create and Secure an Angular Frontend Application

  • Overview & Hands-on
    • Public Welcome Page
    • Protected Page for Authenticated Users
    • Protected Admin Page

Part 4: Create, Secure and Deploy a Serverless Microservice

  • Overview & Hands-on
    • Machine-to-Machine Service Communication
    • Authorizing a Non-Interactive M2M Client
Objectives

You will learn:
– Fundamentals of modern Authentication & Authorization with OAuth 2 & OpenID Connect
– Secure a serverless API
– Access a secured API from a browser-based (Angular) web application
– Access a secured API from within a serverless microservice
– Apply RBAC (Role Based Access Control)
– Completely automated deployment of App, APIs and Identity Provider configuration using IaC (Infrastructure as Code)

Target audience

The target audience includes everyone interested in modern web application security and the modern, serverless vendor-native cloud.

Technical requirements

Installations (current versions)

  • Chrome browser or Brave browser
  • Visual Studio Code
  • Visual Studio Code Extensions
    • RESTClient
    • Azure (Functions)
  • js, npm
  • Azure Functions Core Tools
  • Auth0 deploy tool

Accounts

  • Auth0 account (free)
    • Auth0 extensions
      • Auth0 Deploy CLI
  • Azure account (free, but credit card needed)
    – you might run into deployment errors if you use your company’s restricted account/subscription
  • Pulumi (free)

Technical knowledge

  • Very basic programming in TypeScript
  • Basic concepts of the Web, HTTP, JSON, Browsers, Cookies

Never miss our news!

We love email, and you should too. Your inbox is where you'll find all the latest announcements and deals.

BONUS: Subscribe & get previous conference video archive!

Never miss our news!

Never miss our news!

We love email, and you should too. Your inbox is where you’ll find all the latest announcements and deals.

 

BONUS: Subscribe & get our previous conference video archive!

You have Successfully Subscribed!