Chatbot? Security?

Minimum

  • Experiences

    • ISDA ~ 3 years

    • DevOps Engineer / SRE ~ 4 years

    • Software Engineer  ~ 3 years

    • OOBOX Group ~ 1 year

  • Abilities

    • Python

    • Container

    • Cloud Services

    • CI / CD / CM

Who Am I?

What environment is used to build the bot?

 

Where is the bot hosted?

 

What are the security features of technology on which the bot is built?

1. Get Started

/polly Do you like this topic today?

2. Own Your SlackBot

https://bit.ly/2Q5TJWi

https://api.slack.com/apps

https://api.sharing315.com/demo/jenkins/build

Please call the administrator to allow you to install app

Temporarily remember this pair of tokens. We will go back.

/build Hello

/build QueryEmail

Take a break

3. Analyze Slackbot

API Gateway

Jenkins

Lambda
Function

/build Hello

4. Security & Management

HTTPS

  • Demo also needs https
    • https://api.sharing315.com (AWS providered)
    • https://build.sharing315.com (Let's encrypt)

API Token

  • Log in to the server without the need for a password
  • Reject arbitrary request
  • Unique token is same as identity
  • Trace flow, event, and log

Environment Variables

  • Account, password, email, key, license, token, certificate, ...
    • Lambda function (protected by AWS KMS)
    • Jenkins job (protected by Credentials plugin)

Source Code

  • SCM (Source control management)
    • Git, SVN
  • Backup

Configuration

  • SCM (Software Configuration Management)
    • Ansible, Chef, Puppet
  • Secret Management
    • Vault
    • Keystore
    • Keychain

 

Network

  • Connection
    • VPC, Security Group
    • VPN
    • Firewall, iptables, fail2ban

Role & Permission

  • AWS IAM
    • Group, User, Role
  • Jenkins Global Security + Plugin
    • Group, User, Role

5. Amazon Lex

Postback URL

Postback URL

OAuth URL

Q&A
mailto

Chatbot

By Jung-Lun Hsu

Chatbot

ISDA course: https://reg.isda.org.tw/info.php?no=43

  • 85

More from Jung-Lun Hsu