If you still don't have a Cloud One API Key with Full Access created yet. Go check how to create HERE!
{{% /notice %}} - **CloudOneApiKey**: **Full Access API Key** generated under your Cloud One dashboard. You can use the same one created before during this Workshop. **Remember that this API Key must have Full Access**. - **CloudOneRegion**: Your Cloud One Region - Click on **Next**  --- ### 1.2. Configure the stack options - Leave the fields as default and click **Next**, or optionally define tags to the evironment if desired.   --- ### 1.3. Review the template parameters - Click on **Create Stack** or **Submit**     --- ### 1.4. Follow up the events during creation of the stack - Select the **Events** tab - Click **Refresh**  --- ### 1.5. Ensure the stack status has reached Create_Complete - Select the **Stack info** tab  --- ### 1.6. On the Outputs tab - Click on the link to go to your Pipeline  - You will be redirect to the Pipeline --- ### 2. Follow the execution of the Pipeline  --- ### 2.1. Second Action - Scan-The-Code-With-Horusec {{% notice warning %}}Sometimes this action could fail due to the maximum number of requests to Docker Hub has been reached. You can click on the Retry button that appears when an action fails.
{{% /notice %}}   --- #### **On this action the code of the application will be scanned to find vulnerabilities.**  - Click on the **Details** button to see the log for this action and the Horusec findings.   --- ### 2.2. Third Action - Create-EKS-Cluster #### **On this action a AWS Elastic Kubernetes Service Cluster will be created.**     --- ### 2.3. Fourth Action - Scan-The-Infra-With-Conformity #### **On this action Cloud One Conformity will scan the EKS Cloud Formation Template deployed to identify security and governance risks.**  - Click on the **Details** button to see the log for this action and the Cloud One Conformity findings.   --- ### 2.4. Fifith Action - Scan-for-Secrets #### **On this action the repository will be scanned by Detect Secrets to find any secrets in the repo.**  - Click on the **Details** button to see the log for this action and the Detect Secrets findings.   --- ### 2.5. Sixth Action - ManualApprove #### **On this action you decide if the vulnerabilities found in the code and infrastructure are acceptable or not. And aprove or reject the changes. If you reject the changes the pipeline will stop the execution, accepting the changes and the pipeline will continue.** - Click on the **Review** button to approve or reject.  - Click on the **Approve** button to aprove the changes and move to the next Action.   --- ### 2.6. Seventh Action - Deploy-the-App-to-EKS {{% notice warning %}}Sometimes this action could fail due to the maximum number of requests to Docker Hub has been reached. You can click on the Retry button that appears when an action fails.
{{% /notice %}}   --- #### **On this action it will build the docker image, push to the AWS ECR trendworkshopdevcecops repository we created previous on the workshop, deploy the container with the app to EKS and create the Load Balancer.**  - Click on the **Details** button to see the logs.    --- ### 2.7. Eighth Action - CloudOne-ContainerSecurity-RunTime-Deploy #### **On this action will deploy the Cloud One Container Security Runtime to the EKS Cluster, create a Cluster on Container Security console and associate it with the policy TrendMicroDevSecOpsWorkshopPolicy that we created before.**  - Click on the **Details** button to see the logs.   --- ### 3. On the Cloud One Container Security console  - You will see that now you already have a Cluster created called **DevSec_EKS_QA_TrendMicroWorkshop** with the policy we created earlier in the step of ***Deploy Security Tools - Container Security*** on the Workshop.  - If you go to the **Events** tab there will have some events about our newly deployement through the Pipeline. Our deployment has a Privileged Container, because of this the pod has been isolated.  --- ### 3.1. Let's try access the application - On the **Deploy-the-App-to-EKS** Action click on **Details**  - On the bottom of the page will have the **Application URL**  - Copy and paste on the browser ```http://###:8000```  - You will not be able to access because the pods were isolated, because it was attempt to deploy a **Privileged Container**. ----- #### Congrats now your environment is more secure automatically!! :grin: :sunny: