Designing a DevSecOps mechanism

Ryan Griffin, Amazon Web Services (AWS)

Organizations are rapidly adopting DevOps and DevSecOps processes for deploying infrastructure. The common patterns often follow a strict binary: infrastructure as a service (IaaS) compared to integration platform as a service (iPaaS). Typically, DevOps mechanism design and implementation follow a similar set of patterns, and there is abundant strategic guidance on DevOps practices. However, tactical guidance and practical decision-making often rely on the competency of the development team responsible for implementing a DevOps or DevSecOps feature and building the deployment pipeline.

Key questions that arise include:

What tools are the team already familiar with?
What can be realistically achieved within the expected time frame?

These are important questions, but they are incomplete. This guide seeks to provide additional tactical context for these questions and others. It aims to convert the traditional IaaS and iPaaS binary into more nuanced spectrums for implementation engineers, team leads, directors, and other decision-makers.

Note

This guide provides scenarios that are based on first-hand experiences of large organizations after they implement DevOps mechanisms.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Objectives