Skip to main content

English

Access educator resources opens in a new tab

Published by Oracle Press (May 4, 2025) © 2025

Erik Benner | Ahmed Aboulnaga | Dhrumil Patel
    VitalSource eTextbook ( Lifetime access )
    €51,99

    Including VAT (as applicable)

    ISBN-13: 9780138029487

    DevSecOps in Oracle Cloud: Securing and Automating Oracle Cloud Infrastructure ,1st edition

    Published 2025

    Language: English

    Product Information

    Automate, secure, and optimize your cloud infrastructure with proven best practices and expert insights.

    Securing every stage of development and deployment is no longer a choice—it is a necessity. Adopting a proactive DevSecOps approach is crucial to safeguarding cloud applications and infrastructures. OCI experts Benner, Aboulnaga, and Patel provide comprehensive guidance on leveraging DevSecOps principles to effectively secure and automate cloud environments.

    Developers, DevOps professionals, and cloud architects will learn best practices for automating security processes and optimizing enterprise infrastructures with powerful tools such as Terraform and Ansible. This comprehensive guide provides actionable strategies for building secure, scalable, and resilient cloud applications.

    You will learn

    • Step-by-step examples of using Terraform and Ansible in OCI to automate and manage cloud infrastructure
    • DevSecOps principles and best practices for Oracle Cloud environments
    • Key OCI services and how they can be applied within a DevSecOps framework to ensure security and efficiency
    • Practical strategies for building secure, scalable, and resilient applications in Oracle Cloud
    • How to integrate DevSecOps principles throughout the development and deployment lifecycle
    • Techniques for maintaining regulatory compliance while ensuring security in Oracle Cloud
    • How to optimize cloud costs in OCI without compromising security or performance
    • Practical steps to securely deploy applications in Oracle Cloud

    Unlock the full potential of Oracle Cloud and DevSecOps and ensure that your organization stays ahead of evolving security threats and operational demands. This guide provides the hands-on tools, expert insights, and proven strategies you need to secure, automate, and scale your Oracle Cloud applications.

    Introduction xxii
    Chapter 1 Introduction to OCI and DevSecOps 1
    What Is DevSecOps? 4
    Why DevSecOps? 5
    What Makes Up a DevSecOps Team? 6
    Benefits of OCI 7
    OCI Free Services 9
    Summary 10
    Chapter 2 Oracle Cloud Infrastructure—Governance 11
    Tenancy Account Management and Governance 11
    Creating a New Tenancy 12
    Organizational Governance 15
    Cloud Advisor 20
    Cost Management 22
    Performance 24
    High Availability 25
    Billing and Budgets 26
    Dashboards 32
    Summary 36
    Chapter 3 Oracle IaaS—Security 37
    Identity and Access Management (IAM) 37
    Security Zones 39
    Bastions 44
    Threat Intelligence Service 49
    Web Application Firewall (WAF) 54
    Firewall 65
    Vault 80
    Audit 84
    Summary 87
    Chapter 4 Oracle IaaS—Cloud-Native
    Technologies 89
    Functions 90
    Setting Up the Tenancy 91
    Creating the Application 92
    Setting Up the Linux Host 95
    Creating and Running a Function 104
    Streams 107
    Events 108
    Oracle Kubernetes Engine (OKE) 112
    Docker 113
    Key Terms 113
    Summary 119
    Chapter 5 Oracle IaaS—Network 121
    Getting Started with OCI Networking 121
    Understanding Concepts and Terminology 121
    Walking Through a Basic Network Architecture Diagram 122
    Creating Your First VCN and Subnet 124
    Creating a VCN 124
    Creating a Subnet 125
    Updating the Security List 126
    Connecting VCNs Through Local Peering 127
    Creating Local Peering Gateways and Establishing Peering 128
    Adding a New Route Rule to the Route Table 129
    Creating Network Security Groups (NSGs) 130
    Attaching VNIC to the Network Security Group 131
    Creating Flow Logs 132
    Using Network Path Analyzer 133
    Understanding Gateways 136
    Securing Your Network 136
    Summary 137
    Chapter 6 Oracle IaaS—Compute 139
    Building a VM 139
    X86 and ARM, AMD vs. Intel… What’s the Scoop? 145
    A VM Is More Than a VM; There Are Options… 147
    OS Images and the Marketplace 153
    Custom OS Images 160
    Summary 163
    Chapter 7 Oracle IaaS—Storage 165
    Block Volume 166
    Creating and Attaching 166
    Configuring Performance 169
    Performing a Backup 172
    Object Storage 175
    File Storage 176
    Archive Storage 179
    How to Secure Your Storage 179
    Summary 181
    Chapter 8 Oracle DBaaS—Databases 183
    Oracle’s DBaaS Offerings 183
    Database as a Base Database Service 186
    Exadata Cloud Service and Exadata Cloud@Customer 186
    Autonomous Database Services 187
    MySQL and MySQL HeatWave 189
    NoSQL 190
    How to Provision Databases 191
    Provisioning Base Database Service 191
    Provisioning the Autonomous Database Service 196
    Provisioning MySQL Database 199
    Provisioning the NoSQL Database 204
    Summary 205
    Chapter 9 OCI DevOps Service 207
    Overview of OCI DevOps 208
    Deployment Environments 210
    Deployment Strategies 210
    DevOps Components and Resources 211
    How to Create a Working Sample Project 214
    Creating Compute Instances to Deploy To 215
    Granting Permissions to Compute Instance Run Command Plug 215
    Creating an Artifact Registry to Host Artifacts 216
    Uploading a Script to the Artifact Registry 216
    Creating a Notification Topic 218
    Creating a DevOps Project 218
    Creating an Environment in the DevOps Project 218
    Adding an Artifact from the Artifact Registry to the DevOps Project 219
    Adding an Instance Group Deployment Configuration Artifact 220
    Creating a Deployment Pipeline 222
    Running the Deployment Pipeline 222
    Summary 224
    Chapter 10 Data Safe 225
    Security Assessment 225
    User Assessment 228
    Data Discovery 230
    Data Masking 236
    Activity Auditing 241
    Alerts 243
    How to Add a Database 244
    Registering an Autonomous Database 245
    Registering an Oracle Base Database System 247
    Registering an On-Premises Database 253
    Summary 255
    Chapter 11 Identity and Access Management 257
    Compartments 257
    Users 258
    Database Passwords 258
    API Keys 263
    Groups 269
    Dynamic Groups 269
    Policies 273
    Federation 277
    Summary 292
    Chapter 12 Operating System Security 293
    Oracle Ksplice 293
    Oracle Autonomous Linux 296
    Vulnerability Scanning Service (VSS) 298
    Summary 301
    Chapter 13 Observability and Management 303
    OCI Logging Service 303
    Log Format 303
    Log Types 305
    Log Groups 307
    Exercise 1: Enabling a Service Log 307
    Exercise 2: Creating a Custom Log 311
    Oracle Cloud Logging Analytics 313
    Setting Up Logging Analytics for the First Time 313
    Downloading and Installing the Management Agent 317
    Clearing and Resetting Logging Analytics 320
    Summary 320
    Chapter 14 Cloud Guard 321
    Initial Configuration 322
    Recipe Management 331
    Using Detector Recipes 331
    Using Responder Recipes 332
    Accessing Cloud Guard Recipes 332
    Managing Detector Recipes 333
    Managing Responder Recipes 334
    Security Zones 338
    Adding a New Security Zone 340
    Summary 343
    Chapter 15 An Introduction to Ansible 345
    What Is Ansible? 345
    What Is OLAM? 346
    Sizing the Deployment 348
    OCI Authentication 350
    Getting the OCI Information 350
    Adding the OLAM Credential 353
    Collections and Modules 354
    Installing the OCI Collection on Your OCI Development System 354
    Playbooks 356
    Introduction to YAML 359
    Summary 362
    Chapter 16 Using Ansible in OCI 363
    Using Ansible 363
    Writing Playbooks 363
    Sample Playbooks 369
    Common OCI Playbooks 374
    Summary 382
    Chapter 17 Ansible—Installing and Configuring
    OLAM 383
    Installation 383
    Preparing Linux 383
    Setting Up PostgreSQL 385
    Installing OLAM 387
    OLAM Management 392
    Resource Management 394
    Templates 395
    Credentials 399
    Projects 401
    Inventory 403
    Hosts 408
    Access Management 410
    Organizations 410
    Users 412
    Teams 414
    OLAM Administrative Options 416
    Credential Types 416
    Notifications 417
    Management Jobs 418
    Instance Groups 420
    Applications 420
    Execution Environments 420
    Summary 421
    Chapter 18 Ansible Full Stack Sample 423
    Ansible in the Real World 423
    Planning a Team 423
    Creating Users 423
    Creating Teams 426
    Setting Up an Inventory 439
    Summary 451
    Chapter 19 Infrastructure as Code 453
    The Problem That IaC Solves 454
    Introducing Terraform as an IaC Tool 454
    Terraform Concepts and Terminology 455
    Declarative Approach 457
    State File 457
    Immutable Infrastructure 457
    Plug-ins 458
    Terraform and OCI 459
    Terraform Best Practices 459
    Summary 460
    Chapter 20 Terraform API with Examples 461
    Setting Up Terraform in OCI 461
    Downloading and Installing Terraform 461
    Creating RSA Keys Required for API Signing 463
    Adding a Policy for the User to Read OCI Resources 465
    Exercise 1: Running Terraform for the First Time 466
    Creating a Working Directory 466
    Creating an Initial Terraform Script 466
    Running Terraform Initialize for the First Time 467
    Running terraform plan for the First Time 468
    Running terraform apply for the First Time 469
    Exercise 2: Parameterizing Terraform Configuration 471
    Exercise 3: Understanding the Terraform OCI Documentation 473
    Updating Terraform Configuration from the Terraform OCI Documentation 474
    Running the Terraform Script to Create and List a Block Volume 478
    Updating a Resource 482
    Parameterizing from Other Output 483
    Debugging Errors 484
    Summary 485
    Chapter 21 Terraform Sample Use Case 487
    Confirming IAM Policies 489
    Setting Up Terraform 489
    Applying the Changes 490
    Creating a New Compartment 490
    Applying the Changes 491
    Rerunning Terraform Apply with No Changes 491
    Rerunning Terraform Apply After a Change in Terraform Configuration 493
    Rerunning Terraform Apply After a Change on the OCI Console 494
    Creating a Virtual Cloud Network 494
    Defining a VCN Module 494
    Defining Security Lists and Ingress/Egress Rules 495
    Defining the Private and Public Subnets 498
    Updating the Outputs File 499
    Applying the Changes 500
    Creating a Compute Instance 502
    Applying the Changes 504
    Creating an Autonomous Database 505
    Applying the Changes 506
    Replicating to a Production Environment 507
    Using Other Terraform Commands 508
    Formatting Terraform Configuration 508
    Validating Terraform Configuration 508
    Listing All Resources in the Terraform State 508
    Displaying Details of All Resources from the Terraform State 509
    Viewing the Terraform Output 510
    Destroying Resources 510
    Destroying the Entire Infrastructure 511
    Destroying a Single Terraform Resource 511
    Stopping/Starting Instances with Terraform 511
    Summary 512
    Chapter 22 Enterprise Manager Cloud Control
    Installation 515
    Installing and Configuring the Repository Database 517
    Installing and Configuring Oracle Management Service 522
    OPatch 526
    Oracle Enterprise Manager 13c
    Update 12 for OMS 526
    Oracle Enterprise Manager 13c
    Release 5 Update 12 for Oracle Management Agent 527
    Installing and Configuring Oracle Analytics Server 529
    Installing JDK 529
    Installing FMW
    Infrastructure 530
    Installing OAS 531
    Configuring OAS 532
    Integrating OAS with Oracle Enterprise Manager 534
    Configuring Security Infrastructure 534
    Configuring the Required OAS Datasource 537
    Setting OAS Support for Oracle Enterprise Manager-Provided Reports 538
    Summary 546
    Chapter 23 Using Oracle Enterprise Manager Cloud Control 547
    Setting Up Administrators and Users 551
    Monitoring OCI Environments 554
    Monitoring OCI Compute Instance 554
    Monitoring OCI Autonomous Database 558
    Integrating Oracle Enterprise Manager with OCI 564
    Setting Up Preferred Credentials 564
    Creating an Enterprise Manager Target Group 568
    Creating an Oracle Enterprise Manager Super Administrator 569
    Creating a Global Named Credential 570
    Incorporating Best Practices 578
    Monitoring Database Security 579
    Patching Oracle Enterprise Manager 579
    Sizing Oracle Enterprise Manager 580
    Summary 581


    9780138029418 TOC 4/11/2025

    !
    Top