Build a secure app and share its development resources.

The IBM Cloud solution tutorial on how to apply end-to-end security to a cloud application walks you through key security services and demonstrates how to use them together. The tutorial uses a sample file-sharing application to put security concepts into practice. Since we created this tutorial, we improved and added content. You may remember my blog post on how to use a delivery pipeline to rotate app credentials. Recently, we added a new section discussing how to share development resources.

Solution overview

The sample app from the solution tutorial provides an environment for securely sharing files. It uses Cloud Object Storage and a NoSQL database to manage files and related metadata. Access is controlled via IBM Cloud App ID, which provides authentication and identity services. The application is written in Node.js and deployed as a container to the IBM Cloud Kubernetes Service. It leverages several security services and features to improve the application’s security posture (e.g., encryption keys, audit logging, and scanning of app code).

Solution architecture for a secure file-sharing app.

Access management roles and groups

On IBM Cloud, Identity and Access Management (IAM) enables the authentication of users and service IDs and the access control to cloud resources. For granting access to a resource, you can assign predefined access roles to either a user, a service ID, or to an access group. An access group can be created to organize a set of users and service IDs into a single entity, making it easy for you to assign access. You can assign a single policy to the group instead of assigning the same access multiple times per individual user or service ID. Thus, you can organize groups for roles on your development project and align security and project management.

All the services that are used in the solution tutorial provide these predefined roles. Depending on the resource, they also document mappings from access roles to typical functions in a development team. You can find the relevant introduction and links in the new tutorial section on sharing resources.

Get started

You can find the updated solution tutorial on applying end-to-end security to a cloud application in the IBM Cloud docs under Solution Tutorials. You can create the app step-by-step by following the tutorial. As an alternative, deploy the app and all components at once using either a classic or Tekton-based toolchain. The app code and toolchain definitions are available on GitHub.

Want to read more? Here are related posts and tutorials:

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn


More from Cloud

Kubernetes version 1.28 now available in IBM Cloud Kubernetes Service

2 min read - We are excited to announce the availability of Kubernetes version 1.28 for your clusters that are running in IBM Cloud Kubernetes Service. This is our 23rd release of Kubernetes. With our Kubernetes service, you can easily upgrade your clusters without the need for deep Kubernetes knowledge. When you deploy new clusters, the default Kubernetes version remains 1.27 (soon to be 1.28); you can also choose to immediately deploy version 1.28. Learn more about deploying clusters here. Kubernetes version 1.28 In…

Temenos brings innovative payments capabilities to IBM Cloud to help banks transform

3 min read - The payments ecosystem is at an inflection point for transformation, and we believe now is the time for change. As banks look to modernize their payments journeys, Temenos Payments Hub has become the first dedicated payments solution to deliver innovative payments capabilities on the IBM Cloud for Financial Services®—an industry-specific platform designed to accelerate financial institutions' digital transformations with security at the forefront. This is the latest initiative in our long history together helping clients transform. With the Temenos Payments…

Foundational models at the edge

7 min read - Foundational models (FMs) are marking the beginning of a new era in machine learning (ML) and artificial intelligence (AI), which is leading to faster development of AI that can be adapted to a wide range of downstream tasks and fine-tuned for an array of applications.  With the increasing importance of processing data where work is being performed, serving AI models at the enterprise edge enables near-real-time predictions, while abiding by data sovereignty and privacy requirements. By combining the IBM watsonx data…

The next wave of payments modernization: Minimizing complexity to elevate customer experience

3 min read - The payments ecosystem is at an inflection point for transformation, especially as we see the rise of disruptive digital entrants who are introducing new payment methods, such as cryptocurrency and central bank digital currencies (CDBC). With more choices for customers, capturing share of wallet is becoming more competitive for traditional banks. This is just one of many examples that show how the payments space has evolved. At the same time, we are increasingly seeing regulators more closely monitor the industry’s…