The first in a series of NGINX labs intended for educational and workshop purposes. Topics covered here include installation, load balancing, custom access logs, cache proxies, API live monitoring and dynamic configurations.

The purpose of this lab is to demo how NGINX Controller API Management Module and NGINX App Protect can secure the OAuth Authorization Code flow, which is core to Open Banking specifications. The NGINX App Protect will be deployed as an Ingress Controller for Kubernetes and will provide both negative and positive security by ingesting the OpenAPI declaration file. The NGINX API Gateway will be controlled by NGINX Controller, will publish the application API based on the same OpenAPI declaration file, will provide JWT authentication and authorization and enforce rate limiting. The deployment and configuration of these elements will be performed automatically through a CI/CD pipeline. ELK dashboards will be used for visualization purposes and, lastly, a DAST tool will also be run as part of the CI/CD pipeline. BIG-IP APM is deployed as both Authorization Server with OpenID Connect support and as OAuth Client, in separate instances.

Introducing security best practices during the early stages of software development and deployment can bring great benefits and helps improve the overall security posture of the application. Adopting agile methodologies can also improve the collaboration between teams and incorporate the DevSecOps practices within an organization, this can help an organization to achieve the GitOps principle and make their transition towards IaC. This lab focuses on the concept of declarative Adv. WAF policy lifecycle in a automated CI/CD pipeline. This pipeline uses automation tools such as Terraform and Ansible to manage the state of the devices.