Security is one of these things that people/projects/companies only do with it, after they have build something or somewhere at the end of the project. And I believe even the author mentions something similar in this book as well, but compares it with baking a cake. Security is one of the ingredients of what you will be making, like it is a fundamental part of the thing (cake) you build (bake). And not that cherry on top of it. How many times do we see data breaches (Just follow Troy Hunt on twitter to get an idea).
The book is very well written and explains a lot of the AWS Security related services very well. Especially the IAM part if very good, clear and actually goes very deep in explaining the possibilities and what you can do with it. Also very nice to see about usecases when working with multiple AWS accounts and how IAM can work with that.
Altough other services like Cloudtrail, Config and Guardduty are explained in the book, I think it would be more interesting if it went a bit deeper as the chapters seems more high level and explaining some basic things. I would have loved to see some more in depts use cases with these services and even how it all works together with for example a Landing Zone setup where you have multiple AWS Accounts (Cross accounts). And an Landing Zone is already preferred from a security p.o.v., so unfortunately this is not part of the book. If you have a single AWS Account, then this book is definitively for you!
Even though the wanted-to-see-things, it was a very good book and helped me with my work. Happy to have bought it! An 7/10.
I am a huge supporter for automation, in any of the IT parts and I am personally focused and specialised on automation of Cloud Infrastructure (Most specifically towards AWS). So i was very eager to read the book, as I am always curious on if I could do anything better or learn something new that will make my work or project better.
The book was very nice and in some ways easy to read. The book is very well written and explains things very deeply. Like there are complete chapters about testing and branching models, where all kinds of test strategies are explained in detail. Also about the various kinds of branching models that exist and what the benefits are for these (of course with lot of information why you should choose this or not). I don’t think I have read this in any of the other automation books (yet). And actually to my suprise while reading it (of course later on I was like, yeah I could have expected such a topic) about tracking changes via the appropiate tools when you want to deploy to production. You can not make changes in production when you want to, unless you work with a CI/CD with automatic deploys to production. Mostly you need to have approvals to deploy something on production, which is also nicely described as well.
But, I do have an issue with the Python. I am all for Python, but I think the Python examples to generate the Terraform seems a bit to much and not KISS. I think writing the Terraform code itself is easier to understand and show.
It was a really nice book to read and it made sure to freshen some things that I have done before, I did not actual learn something that I could have used in my day-to-day work. Nevertheless, a decent 7/10.