June 29, 2020 By Henrik Loeser 2 min read

Build a secure app and share its development resources.

The IBM Cloud solution tutorial on how to apply end-to-end security to a cloud application walks you through key security services and demonstrates how to use them together. The tutorial uses a sample file-sharing application to put security concepts into practice. Since we created this tutorial, we improved and added content. You may remember my blog post on how to use a delivery pipeline to rotate app credentials. Recently, we added a new section discussing how to share development resources.

Solution overview

The sample app from the solution tutorial provides an environment for securely sharing files. It uses Cloud Object Storage and a NoSQL database to manage files and related metadata. Access is controlled via IBM Cloud App ID, which provides authentication and identity services. The application is written in Node.js and deployed as a container to the IBM Cloud Kubernetes Service. It leverages several security services and features to improve the application’s security posture (e.g., encryption keys, audit logging, and scanning of app code).

Solution architecture for a secure file-sharing app.

Access management roles and groups

On IBM Cloud, Identity and Access Management (IAM) enables the authentication of users and service IDs and the access control to cloud resources. For granting access to a resource, you can assign predefined access roles to either a user, a service ID, or to an access group. An access group can be created to organize a set of users and service IDs into a single entity, making it easy for you to assign access. You can assign a single policy to the group instead of assigning the same access multiple times per individual user or service ID. Thus, you can organize groups for roles on your development project and align security and project management.

All the services that are used in the solution tutorial provide these predefined roles. Depending on the resource, they also document mappings from access roles to typical functions in a development team. You can find the relevant introduction and links in the new tutorial section on sharing resources.

Get started

You can find the updated solution tutorial on applying end-to-end security to a cloud application in the IBM Cloud docs under Solution Tutorials. You can create the app step-by-step by following the tutorial. As an alternative, deploy the app and all components at once using either a classic or Tekton-based toolchain. The app code and toolchain definitions are available on GitHub.

Want to read more? Here are related posts and tutorials:

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn

Was this article helpful?
YesNo

More from Cloud

Attention new clients: exciting financial incentives for VMware Cloud Foundation on IBM Cloud

4 min read - New client specials: Get up to 50% off when you commit to a 1- or 3-year term contract on new VCF-as-a-Service offerings, plus an additional value of up to USD 200K in credits through 30 June 2025 when you migrate your VMware workloads to IBM Cloud®.1 Low starting prices: On-demand VCF-as-a-Service deployments begin under USD 200 per month.2 The IBM Cloud benefit: See the potential for a 201%3 return on investment (ROI) over 3 years with reduced downtime, cost and…

24 IBM offerings winning TrustRadius 2024 Top Rated Awards

2 min read - TrustRadius is a buyer intelligence platform for business technology. Comprehensive product information, in-depth customer insights and peer conversations enable buyers to make confident decisions. “Earning a Top Rated Award means the vendor has excellent customer satisfaction and proven credibility. It’s based entirely on reviews and customer sentiment,” said Becky Susko, TrustRadius, Marketing Program Manager of Awards. Top Rated Awards have to be earned: Gain 10+ new reviews in the past 12 months Earn a trScore of 7.5 or higher from…

IBM Tech Now: April 8, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 96 On this episode, we're covering the following topics: IBM Cloud Logs A collaboration with IBM watsonx.ai and Anaconda IBM offerings in the G2 Spring Reports Stay plugged in You can check out the…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters