View Blog Post

DevOps on AWS Radio: Kinnaird McQuade – Policy Sentry and Cloudsplaining, Stelligent Book Club (Episode 28)

In this episode, Kinnaird McQuade, Lead Cloud Security Engineer at Salesforce, joins us to talk about his tools Cloudsplaining and Policy Sentry. Policy Sentry provides a framework for writing IAM policies to make it easier to create least privilege policies. Cloudsplaining can help find policies that may allow more access than required. Keith Monihen joins Read more…

View Blog Post

Pushbutton AWS Diagrams

It is often very useful to share diagrams when describing a software architecture to others. It applies the old adage that a “picture is worth a thousand words”. What’s more, it also helps you – as a builder – understand what you built and to learn areas to improve as you develop your software. While Read more…

View Blog Post

Development Acceleration Through VS Code Remote Containers: How We Leverage VS Code Remote Containers For Rapid Development of cfn_nag

This is the final blog post in a three-part series about the use of the Visual Studio Code Remote – Containers extension. The first post went over the benefits and general concepts of using a dev container to develop a project. The second showed some basic examples on how to get started along with introducing Read more…

View Blog Post

CloudWatch Dashboards and Dynamic Resource Tagging

This article covers one method of automatically creating CloudWatch Dashboards for several resources types, while supporting arbitrary grouping.  Working knowledge of Terraform 0.12.x is advised. Here at Stelligent, we are all about shortening and otherwise improving the feedback loop between developers and users.  We have spent a lot of time showing you how to automate Read more…

View Blog Post

Generating Least Privileged IAM Roles for CloudFormation and Service Catalog with cfn-leaprog

CloudFormation Development Process and Privilege As a developer works through the development of a CloudFormation template, they are likely working in a “sandbox” account where they have significant “power user” privileges.  This is convenient in order to allow the developer to focus on the business needs, but what happens when the same template is converged Read more…

View Blog Post

Implementing Amazon Inspector in Automated AMI Pipelines

This is part two of a two part series on Amazon Inspector. This article is about implementing Amazon Inspector in automated AMI pipelines. The first article is an Introduction to Amazon Inspector. Automated security scanning is an essential part of DevSecOps, however setting the scanning up can be cumbersome. This quickstart incorporates Amazon Inspector and Read more…

View Blog Post

Testing AWS Config rules using potemkin-decorator

Automated integration testing of a python AWS Config rule is a challenging, but necessary undertaking to ensure that the rule provides accurate results. Creating resources, waiting for the result to show up in AWS Config, testing the results and tearing down the resources in best case circumstances takes several minutes.  And it can take many Read more…

View Blog Post

config-lint: Up and Running

config-lint: Up and Running How to leverage config-lint to validate JSON and YAML based configurations. Configuration Validation with config-lint Stelligent config-lint is an open source command line tool to lint configuration file in a variety of formats, including JSON, YAML, Terraform, and Kubernetes. Config-lint offers a lightweight method to provide custom validation for unique compliance Read more…

View Blog Post

Development Acceleration Through VS Code Remote Containers: Setting Up a Foundational Configuration

This blog post is the second in a three-part series about the Visual Studio Code Remote – Containers extension. The first post went over the benefits and general concepts of using a container for development work on a project. This post will go over some instructions on how to implement this for a project, basic Read more…

View Blog Post

Development Acceleration Through VS Code Remote Containers: An Introduction

This blog post will be part one of a three-part series on Visual Studios Code Remote – Containers. Prior knowledge of Visual Studios Code editor is recommended to better understand the items discussed in this series; more information can be found here. Part one will explain the general concepts of utilizing VS Code Remote – Read more…