View Blog Post

Deleting a Stuck CloudFormation Stack

One of the things I have come across many times over the years is attempting to delete an AWS CloudFormation Stack and getting an error like this: Role arn:aws:iam::123456789012:role/CloudFormationTrustRole-2CDE9F7RUUTH is invalid or cannot be assumed In this case, an IAM Role used by the stack either got deleted manually or by another stack when it Read more…

View Blog Post

Running Serverless Canary Deployments with AWS SAM

Many of us know that introducing large batches of changes into production is risky. However, because of complexity and many moving parts, it can also be risky when deploying changes in small batches – without the right techniques. One of the better ways of mitigating deployment risk is by gradually deploying small and frequent changes Read more…

View Blog Post

Continuous Deployment for Serverless Applications on AWS

When using serverless on AWS, you do not need to worry about load balancing, auto scaling, operating system management, managing utilization, or underlying hardware failures. All of it is abstracted from you so that you can focus on coding. What’s more, since you only pay for what you use, you can do more experimentation. It Read more…

View Blog Post

Pushbutton AWS Diagrams

It is often very useful to share diagrams when describing a software architecture to others. It applies the old adage that a “picture is worth a thousand words”. What’s more, it also helps you – as a builder – understand what you built and to learn areas to improve as you develop your software. While Read more…

View Blog Post

Continuous Delivery for AWS Secrets Rotation

One of the biggest challenges with managing usernames, passwords, API keys, and other secrets is balancing the need to make it simple for authorized accounts, databases, and APIs to securely access these secrets while adhering to the principle of least privilege. Simply put, most everyone knows not to store sensitive configuration information in plain text Read more…

View Blog Post

AWS re:Invent 2019 DevOps and Security re:Cap

We had over 40 people from Mphasis and Mphasis Stelligent at the AWS re:Invent 2019 conference in Las Vegas, NV. There were 77 product launches, feature releases, & services announced at the conference (and many more at “pre:Invent” in November). Of this, there were several DevOps-related features announced at re:Invent or during pre:Invent. The theme Read more…

View Blog Post

Run AWS CloudFormation tests from CodePipeline using TaskCat

The AWS QuickStart team open sourced a project they use for automated testing of CloudFormation templates called TaskCat. With TaskCat, you can run automated tests to learn of and fix any errors that arise in your CloudFormation templates. If you have been using CloudFormation for any period of time, you will learn that even if Read more…

View Blog Post

Automate Encryption in Transit with AWS Certificate Manager

Traditionally, managing transport layer security (TLS) digital certificates that are used for encrypting data in transit between clients and servers has been a very manual process. In 2016, Amazon Web Services began offering the AWS Certificate Manager (ACM) – a service for managing these digital certificates. By using AWS CloudFormation and AWS CodePipeline, you can Read more…

View Blog Post

Deploy Managed Config Rules using CloudFormation and CodePipeline

“AWS Config provides AWS managed rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resources comply with common best practices.” (Source) There are over 100 Managed Config Rules that AWS provides for all types of checks including Analytics, Compute, Database, Machine Learning, Security, Identity & Compliance, and Storage – Read more…

View Blog Post

Continuous Compliance on AWS with CodePipeline and CloudFormation

Whether it’s in or out of the cloud, most IT compliance usually comes in the form of a multitude of checklists – like the one you see below. It might be a spreadsheet, website, or other “digital” tool but, in the end, it’s still checklists that software teams must comply with by filling out forms Read more…