Last active
April 9, 2024 04:33
-
-
Save ugoenyioha/8f897ef0502fb307ed50230f4268a3d3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sequenceDiagram | |
participant Dev as Developer | |
participant Repo as Source Code Repository | |
participant CICD as CI/CD Pipeline | |
participant OPA as Open Policy Agent (OPA) | |
participant PS as Policy Sentry | |
participant AWS as AWS Environment | |
Dev->>Repo: Push IAM policy requirements (YAML) | |
activate Repo | |
Repo->>CICD: Trigger pipeline | |
deactivate Repo | |
activate CICD | |
CICD->>OPA: Validate YAML files against Rego rules | |
activate OPA | |
OPA->>OPA: Evaluate YAML files | |
alt YAML files pass validation | |
OPA-->>CICD: Validation passed | |
CICD->>PS: Run Policy Sentry | |
activate PS | |
PS->>PS: Generate IAM policies | |
PS-->>CICD: Return generated IAM policies | |
deactivate PS | |
CICD->>AWS: Deploy IAM policies | |
activate AWS | |
AWS-->>CICD: Deployment successful | |
deactivate AWS | |
else YAML files fail validation | |
OPA-->>CICD: Validation failed | |
CICD-->>Dev: Provide feedback on policy violations | |
end | |
deactivate OPA | |
CICD->>AWS: Continuous monitoring and auditing | |
activate AWS | |
AWS-->>CICD: Policy compliance status | |
deactivate AWS | |
deactivate CICD |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment