View Blog Post

Running Serverless Canary Deployments with AWS SAM

Many of us know that introducing large batches of changes into production is risky. However, because of complexity and many moving parts, it can also be risky when deploying changes in small batches – without the right techniques. One of the better ways of mitigating deployment risk is by gradually deploying small and frequent changes Read more…

View Blog Post

Continuous Deployment for Serverless Applications on AWS

When using serverless on AWS, you do not need to worry about load balancing, auto scaling, operating system management, managing utilization, or underlying hardware failures. All of it is abstracted from you so that you can focus on coding. What’s more, since you only pay for what you use, you can do more experimentation. It Read more…

View Blog Post

Limiting the Blast Radius of Deployment Systems

If you are following best practices, you have adopted a multi-account strategy for your cloud applications, with different workloads spread across different accounts. Users log in to one account and assume roles in other accounts as needed. Even your build system lives in a tools account separate from all the applications it deploys. This is Read more…

View Blog Post

Pushbutton AWS Diagrams

It is often very useful to share diagrams when describing a software architecture to others. It applies the old adage that a “picture is worth a thousand words”. What’s more, it also helps you – as a builder – understand what you built and to learn areas to improve as you develop your software. While Read more…

View Blog Post

Is My Container Image Secure? CI/CD Container Scanning using Trend Micro Deep Security Smart Check and AWS CodePipeline

Introduction Many enterprises attempt to drive software development and delivery towards a DevOps mindset. Likewise, organizations struggle with increasing security challenges while adopting these innovative software practices. Embedding security within the deployment lifecycle is non-negotiable. Therefore, integration of security into CI/CD workflows need to be done cautiously to meet an ever-evolving technology landscape. DevSecOps is Read more…

View Blog Post

Implementing Amazon Inspector in Automated AMI Pipelines

This is part two of a two part series on Amazon Inspector. This article is about implementing Amazon Inspector in automated AMI pipelines. The first article is an Introduction to Amazon Inspector. Automated security scanning is an essential part of DevSecOps, however setting the scanning up can be cumbersome. This quickstart incorporates Amazon Inspector and Read more…

View Blog Post

Testing AWS Config rules using potemkin-decorator

Automated integration testing of a python AWS Config rule is a challenging, but necessary undertaking to ensure that the rule provides accurate results. Creating resources, waiting for the result to show up in AWS Config, testing the results and tearing down the resources in best case circumstances takes several minutes.  And it can take many Read more…

View Blog Post

config-lint: Up and Running

config-lint: Up and Running How to leverage config-lint to validate JSON and YAML based configurations. Configuration Validation with config-lint Stelligent config-lint is an open source command line tool to lint configuration file in a variety of formats, including JSON, YAML, Terraform, and Kubernetes. Config-lint offers a lightweight method to provide custom validation for unique compliance Read more…

View Blog Post

AWS Integration Testing for boto with potemkin-decorator

Test Automation for Integrating with External Services Developing test automation code for an interface to an “external” service is always a difficult proposition.  There is a spectrum of techniques for developing reproducible tests against an external service. On one end of the spectrum are “mocking” techniques and on the other far end of the spectrum Read more…

View Blog Post

Custom Rule Distribution Enhancements for cfn_nag

Introduction The cfn_nag tool is a static analysis tool for finding obvious security weaknesses in CloudFormation templates.   The core product includes rules that apply universally across environments and enterprises.  That said, the product supports the development of custom rules to allow enterprise-specific rules for compliance and security controls. For more information on developing custom rules Read more…