Chatbot? Security?

Minimum

Experiences
- ISDA ~ 3 years
- DevOps Engineer / SRE ~ 4 years
- Software Engineer ~ 3 years
- OOBOX Group ~ 1 year
Abilities
- Python
- Container
- Cloud Services
- CI / CD / CM

Who Am I?

What environment is used to build the bot?

Where is the bot hosted?

What are the security features of technology on which the bot is built?

1. Get Started

/polly Do you like this topic today?

2. Own Your SlackBot

https://bit.ly/2Q5TJWi

https://api.slack.com/apps

https://api.sharing315.com/demo/jenkins/build

Please call the administrator to allow you to install app

Temporarily remember this pair of tokens. We will go back.

/build Hello

/build QueryEmail

Take a break

3. Analyze Slackbot

API Gateway

Jenkins

Lambda
Function

/build Hello

4. Security & Management

HTTPS

Demo also needs https
- https://api.sharing315.com (AWS providered)
- https://build.sharing315.com (Let's encrypt)

API Token

Log in to the server without the need for a password
Reject arbitrary request
Unique token is same as identity
Trace flow, event, and log

Environment Variables

Account, password, email, key, license, token, certificate, ...
- Lambda function (protected by AWS KMS)
- Jenkins job (protected by Credentials plugin)

Source Code

SCM (Source control management)
- Git, SVN
Backup

Configuration

SCM (Software Configuration Management)
- Ansible, Chef, Puppet
Secret Management
- Vault
- Keystore
- Keychain

Network

Connection
- VPC, Security Group
- VPN
- Firewall, iptables, fail2ban

Role & Permission

AWS IAM
- Group, User, Role
Jenkins Global Security + Plugin
- Group, User, Role

5. Amazon Lex

Postback URL

Postback URL

OAuth URL

Q&A

mailto