June 29, 2020 By Henrik Loeser 2 min read

Build a secure app and share its development resources.

The IBM Cloud solution tutorial on how to apply end-to-end security to a cloud application walks you through key security services and demonstrates how to use them together. The tutorial uses a sample file-sharing application to put security concepts into practice. Since we created this tutorial, we improved and added content. You may remember my blog post on how to use a delivery pipeline to rotate app credentials. Recently, we added a new section discussing how to share development resources.

Solution overview

The sample app from the solution tutorial provides an environment for securely sharing files. It uses Cloud Object Storage and a NoSQL database to manage files and related metadata. Access is controlled via IBM Cloud App ID, which provides authentication and identity services. The application is written in Node.js and deployed as a container to the IBM Cloud Kubernetes Service. It leverages several security services and features to improve the application’s security posture (e.g., encryption keys, audit logging, and scanning of app code).

Solution architecture for a secure file-sharing app.

Access management roles and groups

On IBM Cloud, Identity and Access Management (IAM) enables the authentication of users and service IDs and the access control to cloud resources. For granting access to a resource, you can assign predefined access roles to either a user, a service ID, or to an access group. An access group can be created to organize a set of users and service IDs into a single entity, making it easy for you to assign access. You can assign a single policy to the group instead of assigning the same access multiple times per individual user or service ID. Thus, you can organize groups for roles on your development project and align security and project management.

All the services that are used in the solution tutorial provide these predefined roles. Depending on the resource, they also document mappings from access roles to typical functions in a development team. You can find the relevant introduction and links in the new tutorial section on sharing resources.

Get started

You can find the updated solution tutorial on applying end-to-end security to a cloud application in the IBM Cloud docs under Solution Tutorials. You can create the app step-by-step by following the tutorial. As an alternative, deploy the app and all components at once using either a classic or Tekton-based toolchain. The app code and toolchain definitions are available on GitHub.

Want to read more? Here are related posts and tutorials:

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn

Was this article helpful?
YesNo

More from Cloud

The history of the central processing unit (CPU)

10 min read - The central processing unit (CPU) is the computer’s brain. It handles the assignment and processing of tasks, in addition to functions that make a computer run. There’s no way to overstate the importance of the CPU to computing. Virtually all computer systems contain, at the least, some type of basic CPU. Regardless of whether they’re used in personal computers (PCs), laptops, tablets, smartphones or even in supercomputers whose output is so strong it must be measured in floating-point operations per…

A clear path to value: Overcome challenges on your FinOps journey 

3 min read - In recent years, cloud adoption services have accelerated, with companies increasingly moving from traditional on-premises hosting to public cloud solutions. However, the rise of hybrid and multi-cloud patterns has led to challenges in optimizing value and controlling cloud expenditure, resulting in a shift from capital to operational expenses.   According to a Gartner report, cloud operational expenses are expected to surpass traditional IT spending, reflecting the ongoing transformation in expenditure patterns by 2025. FinOps is an evolving cloud financial management discipline…

IBM Power8 end of service: What are my options?

3 min read - IBM Power8® generation of IBM Power Systems was introduced ten years ago and it is now time to retire that generation. The end-of-service (EoS) support for the entire IBM Power8 server line is scheduled for this year, commencing in March 2024 and concluding in October 2024. EoS dates vary by model: 31 March 2024: maintenance expires for Power Systems S812LC, S822, S822L, 822LC, 824 and 824L. 31 May 2024: maintenance expires for Power Systems S812L, S814 and 822LC. 31 October…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters