Build a secure app and share its development resources.
The IBM Cloud solution tutorial on how to apply end-to-end security to a cloud application walks you through key security services and demonstrates how to use them together. The tutorial uses a sample file-sharing application to put security concepts into practice. Since we created this tutorial, we improved and added content. You may remember my blog post on how to use a delivery pipeline to rotate app credentials. Recently, we added a new section discussing how to share development resources.
Solution overview
The sample app from the solution tutorial provides an environment for securely sharing files. It uses Cloud Object Storage and a NoSQL database to manage files and related metadata. Access is controlled via IBM Cloud App ID, which provides authentication and identity services. The application is written in Node.js and deployed as a container to the IBM Cloud Kubernetes Service. It leverages several security services and features to improve the application’s security posture (e.g., encryption keys, audit logging, and scanning of app code).
Access management roles and groups
On IBM Cloud, Identity and Access Management (IAM) enables the authentication of users and service IDs and the access control to cloud resources. For granting access to a resource, you can assign predefined access roles to either a user, a service ID, or to an access group. An access group can be created to organize a set of users and service IDs into a single entity, making it easy for you to assign access. You can assign a single policy to the group instead of assigning the same access multiple times per individual user or service ID. Thus, you can organize groups for roles on your development project and align security and project management.
All the services that are used in the solution tutorial provide these predefined roles. Depending on the resource, they also document mappings from access roles to typical functions in a development team. You can find the relevant introduction and links in the new tutorial section on sharing resources.
Get started
You can find the updated solution tutorial on applying end-to-end security to a cloud application in the IBM Cloud docs under Solution Tutorials. You can create the app step-by-step by following the tutorial. As an alternative, deploy the app and all components at once using either a classic or Tekton-based toolchain. The app code and toolchain definitions are available on GitHub.
Want to read more? Here are related posts and tutorials:
- IBM Cloud solution tutorial on how to enhance security of your deployed application.
- My recent blog post “IBM Cloud Security Hands-on: Share Your Chatbot Project” gives a detailed introduction into resource sharing for a chatbot tutorial.
- My blog “Going Passwordless on IBM Cloud Thanks to FIDO2” shows how you can utilize the IBM Cloud App ID and IBM Security Verify services to implement an app that supports FIDO2 security keys for passwordless login.
If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.