Cloud Security Programming for Practical Use (AWS, Python, Terraform)

hello.

This is knowledge sharer Cheon Kang-min.

As previously announced , we have been reorganizing the course to improve and change the lectures that were made over time and in their raw form, and as of today, the upload of newly filmed lectures has been completed.

Let me briefly explain what has changed:

1. Added part

   1. VPC Cidr Design and AWS Network Firewall Implementation

   2. Building a Security Dashboard with Steampipe + Streamlit

   3. Terraform related Remote State, depends_on, etc.

2. Improved parts

   1. Rather than listing specific Python functions, we develop based on boto3 and gradually improve the code.

   2. Rich examples and hands-on exercises related to Terraform

   3. Excluding parts that are judged to be not used much or not directly related to the lecture

3. Removed portion (plan to leave it for 6 months to 1 year)

   1. Existing lecture section

It's as above. If you've taken all the previous lectures, you'll probably already be familiar with Python and Terraform, so I recommend you just look at the project part.

I hope you finish the rest of 2024 well and have a happy new year in 2025. Thank you.

Cheon Kangmin's dream.

hello.

This is knowledge sharer Cheon Kang-min.

It's been about 1 year and 8 months since I posted the lecture.

There are some changes, and since this is the first recorded lecture, I thought it would be good if the video, materials, and lecture content were updated. (Now that I think about it, I think I tried to tell you too many things compared to the difficulty of the lecture.)

So! I'm going to revamp the lectures!

[Maintained part]

1. Sections of the current curriculum

   1. Details are subject to change.

[Part to be deleted]

1. Python Programming

   1. MultiProcesses

      1. I think it's unnecessary for now

   2. GIL related content

      1. I feel like I tried to explain too much in a short amount of time, and it seemed unnecessary.

2. Terraform Programming

   1. Terraform Explained Using IAM

      1. Description will be replaced by other functions

   2. Test related content

[To be added]

1. VPC Design for 3-Tier Architecture

2. Network Architecture Using AWS Network Firewall

We plan to replace it with a completely revamped video by the end of this year at the latest. We are also planning to collect additional surveys for this purpose.

Survey on the reorganization of cloud security programming used in practice

Please leave your comments via the link above (you will need to log in, but we will not collect your address).

thank you

Cheon Kangmin's dream.

Hello. I am knowledge sharer Cheon Kang-min.

This time, I'm planning to release a course called "Docker and Containers for Beginners" (the opening date is not yet set).

Accordingly, we would like to hold a student registration event to express our gratitude to those who are taking the courses listed below.

1. Cloud programming in practice

2. Understanding and Security of AWS Cloud IAM in Practice

3. [DevOps] Creating a fast and secure application deployment pipeline (CI/CD)

Please check the lecture content to be released through Google Form , fill out the form and apply, and we will proceed with additional courses as time allows.
However, please note that the course will not appear on the course list until the actual course is released.

We will always strive to provide quality lectures.

thank you

hello.

This is Kangmin Cheon, a cloud programming instructor who uses it in practice.

Terraform 1.8 introduces a feature called provider-defined functions .

In simple terms, it supports functions at the provider level. Here is an example:

terraform { required_providers { aws = { source = "hashicorp/aws" } } } provider "aws" {} # result: # { # "partition": "aws", # "service": "iam", # "region": "", # "account_id": "444455556666", # "resource": "role/example", # } output "role" { value = provider::aws::arn_parse("arn:aws:iam::444455556666:role/example") } # result: # { # "partition": "aws", # "service": "elasticloadbalancing", # "region": "us-east-2", # "account_id": "123456789012", # "resource": "loadbalancer/app/my-load-balancer/1234567890123456", # } output "elb" { value = provider::aws::arn_parse("arn:aws:elasticloadbalancing:us-east-2:123456789012:loadbalancer/app/my-load-balancer/1234567890123456") }

(This is crazy...)

Since it is a feature that has been out for a long time, it is definitely lacking in many functions, but there were cases where the declarative language had to be used procedurally through various built-in functions (split, then access the index and save it to local...), and it seems that support is being provided in a more declarative way.

This is a very hot feature, so it's super simple. If you want to see it, here's the link !

Thinking about all the different functions that will be created, I feel like I've been rewarded for all the work I've done in finding and implementing built-in functions. I'm going to look into this a bit more and create a separate lecture and upload it!

thank you

hello.

This is Kangmin Cheon, a cloud programming instructor who uses it in practice.

Terraform version 1.7 has been released. You can see the related announcement here .
There has been a bigger change (and more stressful) than I thought.

1. The order in which modules are deleted after testing changes.

   1. existing

      1. Main state file

      2. Status files for each module (in reverse order)

      3. So when writing tests referencing modules, there is no dependency on resources loaded into the main state file.

   2. change

      1. Delete state files in reverse order of run blocks

      2. So don't rely on resources that get deleted early.

   3. A simple example

      1. 

      2. Previously, it was not possible to write like the above, but it is possible from 1.7.

2. Mocks (in beta)

   1. Simply put, it is a function that defines and uses specific values without creating/deleting/referencing actual providers, resources, data, or modules.

   2. After looking into it in advance, it seems that if we simply create a mock data in a distributed or generated form and put it in, testing will be possible much faster than before.

   3. Examples are given below.

    # main.tftest.hcl mock_provider "aws" { override_data { target = module.credentials.data.aws_s3_object.data_bucket values = { body = "{\"username\":\"username\",\"password\":\"password\"}" } } } run "test" { assert { condition = jsondecode(local_file.credentials_json.content).username == "username" error_message = "incorrect username" } }

   1. You can create results from data blocks and quickly test them through the run block.

3. Reviews for the 1.7 release

   1. I feel really bad that I changed such important logic in just one minor version. I apologize to those who watched my lecture and made it based on the previous deletion status...

   2. For the above reasons + since it is in beta, I plan to add more information about Mocks later when it becomes more mature and solid. However, I think it is right to share the released information anyway, so I am publishing this news.

thank you

hello.

This is Kangmin Cheon, a cloud programming instructor who uses it in practice.

I filmed and uploaded a more detailed video about Python GIL.

In fact, unless you're planning on making a huge(?) application using Python, you probably don't need to worry about this, but I added it because I thought it needed to be corrected from what I explained above (for convenience), and because knowing more about it would help you figure out which modules to select for your project and why things work that way.

Please note.
thank you

hello.

This is Kangmin Cheon, a cloud programming instructor who uses it in practice.

Added a lecture on the testing features added in Terraform 1.6.

Key additions include:

1. A brief explanation of Terraform's existing testing methods

2. Custom Conditions Description

3. Basic grammar of .tftest.hcl file

4. Test related information (success/failure tests, etc.)

5. Managing the state during test execution, execution/deletion order

6. Testing Strategy

Please note.
thank you

hello.

This is Kangmin Cheon, a cloud programming instructor who uses it in practice.

I'm publishing this update to inform you about the Python/Terraform versions used in the course.

[Python]

Python is currently released up to version 3.12. However, (in my extremely subjective opinion) I don't think there is anything to add to the current lectures regarding the newly added features, so there are no updates.
The major changes in versions 3.10 ~ 3.12 are as follows.

1. Python speedups (but no silver bullet) -> 3.11 / 3.12

   1. Still, certain tasks feel noticeably faster.

2. Added and enhanced many type-related features -> 3.10 ~ 3.12

   1. Are we going the Java(Type)Script route?

3. Introducing GIL per interpreter -> 3.12

   1. Will the day ever come when we can utilize multi-threading like other languages?

   2. Currently only available via the Python C API.

      1. Will the speed and efficiency of libraries written in pure C be improved? (If they are improved)

That's about it. Of course, there are many other things that have been deprecated, improved (or added), but it doesn't seem to be anything important enough to know right now.

Additionally, AWS Lambda currently supports up to 3.11.

Anyway, the current plan is to add related lectures when Python 3.13 is released.

[Terraform]

Terraform also had various features added between versions 1.2 and 1.5.

1. Optional can be used for variables -> 1.3

   1. In Python, you can use something like obj.get("key", "default")

2. Default terraform_data replacing null_resource -> 1.4

   1. Replaceable without additional provider downloads

3. Importable via code -> 1.5

4. Strengthened validation via check block -> 1.5

However, I felt that there was no need to introduce the above functions in detail since they all operate at runtime.

Terraform 1.6 has finally released a testing feature . Previously, testing was either 1) not separated from the runtime or 2) only possible through various open sources. However, with the release of this feature, testing is now possible without using separate open sources.

We plan to update this feature to a lecture next week. Please note.

thank you